15

In the data economy, data have become the key asset for conducting business. This explains why data are often called the ‘oil’ of the new economy.

16

Beyond the use of this buzzword, it is more important to understand why and how data are used. Different forms of use relate to different stages of the development of the Internet. At its first stage, the Internet was used as a tool for providing information. This was the time when politics started to realise that an ‘information society’ with new services was emerging that was in need of new legislation.  [20] At this first stage of development the Internet emerged as an information and selling platform (web 1.0).

17

At the second stage, new business models developed that provided consumers with other kinds of services, yet still related to information, without charging them a price. These services, such as search engines or social platforms that connect people with people (web 2.0), were often exclusively financed by advertising. Whereas, at the first stage, information was largely limited to information as an object of the service; at the second stage, personal data became a most important input for new kinds of business models that were information-related. The advertising value of a service or platform increases with its attractiveness for private users who, in turn, provide its operator with personal data as the key input for such business models.

18

In the Internet of Things, physical objects get connected with each other and with the environment. This brings about another major boost of the data that are collected and an extension of the data that enter into big data collections and business models. At this stage of Internet development, any data that is collected by somebody for a particular purpose can become a most important asset for other economic players or public entities for very different purposes. For instance, smart cars nowadays collect data for steering driverless cars and for providing better and timely—even predictive—maintenance services. But cars may also register the driving habits of the driver, in which the insurance companies are interested, the geographical location of the car at a given moment can inform providers of geographic data, such as Google Maps, about a change of the direction of a one-way road, and inform the public authorities about the volume of use and traffic conditions of roads at a given time. The social benefits of data will even increase with the inclusion of the data in larger datasets that bring together data from different sources, such as from different car manufacturers to get a more comprehensive picture of the concrete traffic conditions in a particular geographic area. The innovative character of this kind of use of data consists in linking large datasets in order to answer many different questions based on mere correlations between different kinds of data (often called ‘data mining’) in the interest of individual businesses or the public.

19

In this big data world, it also seems that the role of the state is beginning to change. At an earlier stage of the development of the Internet, states started to realise that it is becoming increasingly important to grant private businesses access to publicly held data (so-called ‘public sector information’, PSI) for commercial re-use in order to promote new commercial information services.  [21] Conversely, the modern private data economy is increasingly producing data from which big data analytics in particular can extract new knowledge that can optimise public decision-making—whether it is about increasing traffic security based on data collected by cars, protecting the environment, for instance, by relying on information that is collected by machines used in the agricultural sector, or revolutionising health care around the world by collecting and analysing the clinical, genetic, environmental, and behavioural data from myriad sources.  [22] In other words, the public sector is a major contributor, as well as a beneficiary of the data economy and big data analyses.  [23]

20

In sum, in the development of the ‘data economy’ a shift of focus can be observed. Whereas the business models of major Internet platform operators are built on the use of personal data and, accordingly, may give rise to particular concerns about effectively protecting the use of personal data, the data economy will no longer be limited to the use of personal data for advertising and marketing purposes. There are two more important innovation-driven features of the data economy that can be witnessed. On the one hand, in the era of the Internet of Things, data collection by sensors will allow consumers to be provided with innovative smart products and services that will increasingly replace traditional products. On the other hand, the data collected in this industry will be of particular utility to private actors in very different business sectors and to public entities. Hence, data collected by smart products will become an important input, both for other businesses and for the government.

21

Asking the question of who owns the data suffers from the terminological weakness of what is meant by the term ‘data’. There are two aspects to the problem. First, more precision is needed in defining the individual data. The second aspect relates to the aggregation of larger datasets and their protection.

22

The first issue relates to the question of the potential object of protection of data. Take the following example: a smart car of manufacturer A, through the sensors attached to its dampers, locates a pothole. This information is not yet noticed by any natural person; however, it is stored in the form of digital data on a server of manufacturer A. If the law recognised ownership of A in this data, the question arises whether ownership relates to the pure digital dataset in the form of bits and bytes, or to the ‘information’ the digital dataset contains. This makes a major difference from a competition-oriented perspective. The pothole can of course be registered by the smart cars of different manufacturers (A and B) that follow each other. Hence, the ‘information’ in which the public road authority is interested could be extracted from two different (competing) datasets.

23

This example shows that the concept of data is in need of additional precision. When we use the term ‘digital data’, we typically refer to ‘machine-readable encoded information’.  [24] However, the interest in ‘protecting data’ relates to the information encoded in these bits and bytes. As regards this information, in turn, a distinction can be made in terms of semiotics between the different levels of information.  [25] For data protection, the distinction between the syntactic and the semantic level is key. The syntactic level regards the representation of information in particular signs, for instance as a text, a photograph or a video. In contrast, the semantic level relates to the meaning. Take the example of a camera at a public square that produces a video. The syntactic information is the video as such, which can be stored on different carriers. In contrast, the meaning that can be extracted from that video, for instance, how many people or vehicles cross the square on a single day, is placed on the semantic level. These distinctions can be further illustrated by the example of a novel printed as a book. The book is the physical carrier of the information. The syntactic information consists in the text printed in a sequence of letters and words. The semantic information is the story told by the novel. If somebody does not speak the language in which the novel is written, to this person the information will only be accessible on the syntactic level.

24

Hence, whenever the law protects ‘data’, it has to make clear what it really protects. There is no general argument against protecting semantic information. Indeed, trade secrets protection and private data protection relates to the semantic level of information.  [26] The know-how of a firm consists in technical knowledge; it does not matter whether this knowledge arises from a drawing, a text or a combination of both, or whether this knowledge is stored in a digital format or not. Similarly, individuals are protected against unauthorised processing of information relating to them, whether this information is contained in a text, photographs, or audiovisual recordings. In contrast, in the abovementioned example on the potholes in the street, it would be better to avoid protecting the semantic information the sensors of a car collect. Hence, the question of whether the law should protect the semantic or the syntactic information, or even only the integrity of the digital file, will depend on the circumstances. This analysis would seem to argue for context-specific regulation. Even a general regime on the protection of industrial data would thus appear problematic since, in some instances, protecting semantic information such as in the case of trade secrets seems the right approach, while protection of data collected through sensors in the public sphere should probably not be extended to the meaning these data are able to convey. To draw the line between the two approaches is not an easy task. Constitutional rights can argue in favour of protecting semantic information, such as in the case of personal data. Yet in other instances constitutional rights and competition policy will argue against ownership in semantic information, if such protection has the potential of undermining the free flow of information.  [27]

25

The second problem arises from the fact that firms do not only hold individual pieces of data. Data are collected and then included in larger datasets. This raises the issue of whether there should be protection of each and every data information or whether there should be protection of the whole dataset in its particular composition.

26

This second issue directs the attention to the features of big data, the technical features of big data analytics and, ultimately, big data business models. At the outset, it should be stressed that big data analyses are only one application where data held by one person is used by another person in the data economy. The purpose of big data analyses is to optimise decision-making. The decision-maker can be any person or entity, usually a firm or a public entity. The following three features are key to the technical understanding of big data: volume, velocity and variety (the so-called ‘3 Vs’).  [28] ‘Volume’ relates to the exploding volume of data that is produced by different sources, including the Internet of Things and social media. Big data is defined by the fact that the volume of data to be analysed transcends the current capacity of storage and processing systems. ‘Velocity’ relates to the dynamic nature of big data. Indeed, big data constantly changes as new data is produced. To keep up with the speed of this process is key in big data analytics because the users of the results of such analyses will usually have to rely on real-time analyses for decision-making in a constantly changing world. ‘Variety’ relates to a wide range of different kinds and formats of data. Data may originate from very different sources, such as machine sensors, websites or social platforms; it may be structured or unstructured; and it may consist in texts, pictures, audio or video. While it would be important to combine different kinds of data in big data analyses, the large variety of data constitutes a major technological challenge to big data analytics.  [29]

27

These technical features also need to be taken into account when it comes to the policy decision of whether additional data ownership rights should be created. The general claim to be made is that data ownership should not create obstacles to big data analyses, because it is through these analyses that new insights and social benefits will be generated. The issue of volume indicates the difficulty of storing all data that needs to enter into an analysis on one server. This means that big data analyses may have to take place in a decentralised manner. Either the ‘code has to be brought to the data’ or individual datasets need to be screened first for the critical data, which is then transferred for the analysis.  [30] In both cases, it is clear that the big data analyst is in need of access to different data sources and that the different data sources cannot ex ante be considered as substitutes for each other. Creating new data rights at the upstream level of holding such datasets could therefore considerably obstruct big data analyses.

28

Velocity may be an even more important feature to be taken into account for the regulation of ownership. Velocity indicates that ‘data’ should not generally be considered as a ‘commodity’ that can be traded like other commodities. Rather, the modern data economy typically has to rely on real-time information. Hence, a concept of ownership in data, similar to copyright in a work, which would invariably be protected for a fixed period of time, would not serve the needs of such data services and big data analytics. Big data analyses that are confronted with dynamic processes and have to serve a purpose in a dynamic environment, such as steering the traffic management system of a smart city, will have to rely on permanent access to real-time data sources. Ownership in individual data will hardly be able to constitute the backbone of such a service.

29

Velocity is closely linked to another ‘V’ that is increasingly mentioned as an additional feature of big data and which is key from a legal perspective, namely, ‘veracity’.  [31] Data needs to be reliable to serve the purposes of a data economy. Where real-time data are needed, but not delivered, the service also misses the requirement of veracity. From a legal perspective, veracity indicates that the supply of data should also come with particular responsibility.

30

In this regard, it is worth noting that the EU is currently moving in the direction of fixing uniform standards of ‘quality’ of ‘digital content’ that need to be respected if digital content is supplied under a contract with a consumer.  [32] The Proposal for a Directive on the supply of digital content defines ‘digital content’ as ‘data which is produced and supplied in digital form, for example video, audio, applications, digital games and any other software’.  [33] The Directive would have the effect of creating a harmonised regime of contractual liability for both physical goods, which are also often sold over the Internet, and data. This, however, does not automatically lead to the recognition of ownership in the underlying data.  [34] Whether there is contractual liability if digital content does not meet the quality that is to be expected under the contract and whether the supplier transfers ownership in the framework of such a contract are two separate legal issues. Most importantly, ownership implies a third-party effect while the proposed Directive only creates rights and obligations between the parties to the sales contract.  [35]

31

In addition, also as regards big data analyses, the difference between the syntactic and semantic level of data is to be taken into account. Big data analytics consists in reading large datasets to discover ‘new’ meaning—in the sense of (semantic) information—that has so far not been observed. Big data analytics acts like a person who is able to read the data in a different way by identifying correlations between different data—again in the sense of information—to draw conclusions from those correlations. Hence, the information that big data analyses produce is already hidden in the pre-existing datasets. However, it is big data analytics that allows us to discover this semantic information. This explains how problematic it would be to recognise protection of all semantic information contained in the pre-existing datasets for those who control access to these sets. It is indeed the contribution of the data analyst that leads to the discovery of that information and, hence, any right in this information should be vested in the data analyst  [36] rather than the holder of the datasets that are analysed.

32

For considering whether new property rights in data are to be recognised from a functional perspective, it is crucial to understand who generates economic value and, as a follow-on question, whether this contribution depends on the recognition of a property right. In this regard, it is important to understand that in the data economy, value is generated differently than in the traditional economy.

33

In the traditional economy, the still dominant paradigm relates to vertical value chains. Manufacturers purchase input for the production of goods in upstream markets and then sell them through distribution chains—often including wholesalers and distributors—to consumers. At each level of the production and distribution chain, some economic value is added.

34

In contrast, in a world of smart goods and the Internet of Things, economic value is increased in very complex and dynamic value networks, which can be disruptive for traditional value chains,  [37] through collaboration of the different participants in the network. This paradigm shift from value chains to dynamic value networks is identified as a core feature of the current digital transformation of the industry.

35

Four sub-factors are relevant for this shift:  [38] (1) Improving decisions based on data: sensor-generated industrial data and analysis of big data help firms optimise their decisions. For instance, predictive maintenance becomes possible. (2) Full automation: Automation through digital technology, including robotics, revolutionises production and the use of products (e.g. driverless cars). Automation increases the speed of production and decreases the likelihood of defects. (3) Connectivity: Objects and machines within the factory and beyond get connected over the Internet and allow supply and production to be steered from the perspective of the need of the customer, which results in quicker production and distribution while saving resources. (4) Increasing role of Internet intermediaries: The intermediaries from the Internet sector who have the best access to and knowledge of the needs of consumers and of controlling the data interfaces between different markets gain a competitive advantage in the industrial sector where smart products are produced. This explains why Google and other firms are today trying to expand their activities into the industrial sector. Google, or Alphabet as Google’s parent company, may now already have considerable competitive power for entering the market for smart, driverless cars based on its control of geographic data, and may provide most efficient transport services to passengers who, in the future, will no longer buy their own cars but become passengers of Google transport services. At the same time, by expanding their activities to the production and operation of smart products, these Internet intermediaries will gain control over new sources of data.

36

Hence, whereas the digital transformation of the industry decreases existing entry barriers and may even force industrial incumbents out of the market, control over data enables firms originating in the Internet sector, such as Google, to enter into and gain considerable market power in a large variety of different markets for the production and operation of smart products. Recognition of data ownership may therefore have the unwanted effect of strengthening the market power of these firms even more, while, from a competition perspective, it would be wiser to promote access to data that is needed by other market players to operate in such markets.

37

The preceding analysis already provides some important insights into the interests of different stakeholders. This analysis underlines the observation in the introduction (at 1. above) that industrial players who have already started to invest in the Internet of Things are reluctant to advocate data ownership.

38

The major technological challenges of the Internet of Things relate to big data analytics. This is the area where most investment is needed for tackling the technological obstacles to handling rapidly growing dynamic datasets and solving the problem of analysing a large variety of different kinds of data. However, such innovation is more likely to be fostered through copyright protection for the software solutions employed in the framework of big data analyses rather than through ownership in the data analysed.  [39]

39

Moreover, it is to be acknowledged that the non-economic interests of natural persons in the use of their personal data deserve to be safeguarded, also in the data economy. While personal data protection needs to be taken into account, it does not argue as such against the recognition of an economic ownership right of a firm that collects data about the use of a smart product by a natural person. Both rights can coexist. This has the important consequence that rules on the protection of personal data can prevent a data owner from commercialising that data. The industrial holder of personal data can also respect data protection rules by making the data collected from individual natural persons available to third persons in an aggregated and anonymised form in larger datasets. To the extent that big data analytics manages to reproduce personal data, data protection rules may apply again as regards the re-use of that data.

40

As regards personal data, it is important to note that the fact that a natural person is and will often be the source of specific data does not automatically argue in favour of allocating data ownership as an economic right to commercially exploit that data to this person. Protection of personal data is neither vested in the natural person for economic purposes, nor is it an absolute right.  [40] Personal data protection does not allocate economic value.  [41] Hence, there is room to grant economic rights of exploitation of data originating from natural persons to other persons or firms.

41

The same applies as regards the property of the purchaser of a smart product. The property in the car as a physical object does not automatically extend to the commercial exploitation of the data that are produced by the sensors of that car. The question of whether data ownership should be recognised, and for whom and with which scope of protection, should only be decided against the backdrop of economic welfare considerations.

43

At first glance, database rights present a most obvious property regime for controlling access to data.  [42] However, this kind of protection has particular limitations that explain why it will often fail to provide protection to data for the new business models of the data industry.  [43]

44

The EU legal regime for database protection provides for a two-tier system: Copyright protection is granted to creative databases;  [44] sui generis protection is granted to databases based on ‘substantial investment’.  [45]

45

The availability of copyright protection can be excluded from the outset. Article 3(1) of the Database Directive clarifies that the character of a creative work defined as ‘the author’s own intellectual creation’ has to relate either to the selection or to the arrangement of the database’s contents. According to the CJEU this originality requirement is satisfied if ‘through the selection or arrangement of the data which it contains, its author expresses his creative ability in an original manner by making free and creative choices … and thus stamps his “personal touch”’.  [46] Already this definition explains that the individual data as such will not be copyright protected. This is also explicitly confirmed by Article 3(2) of the Directive, which states that copyright protection for databases will not extend to the contents as such. Hence, even if data were included in a copyrightable database, such copyright protection would not extend to that data.

46

Sui generis database protection may at first glance provide a better basis for protecting data generated in a world of the Internet of Things.  [47] However, this form of protection also has its limitations. They arise from both the subject-matter of protection and the scope of protection.

47

As regards the subject-matter of protection, a ‘database’ is uniformly defined as a ‘collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means’. [48] Protection will also be granted if the arrangement and storage is accomplished by ‘electronic, electromagnetic or electro-optical processes’. [49] Hence, collections of digital data can usually be considered as databases in the sense of the Directive. [50] However, a sui generis database right only subsists if ‘there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents’. [51] The CJEU has interpreted these requirements in a very restrictive way. It clarified that the investment has ‘to refer to the resources used to seek out existing independent materials and collect them in the database, and not to the resources used for the creation as such of independent material.’  [52] The CJEU explained this with the objective of the Directive to create incentives for the making of databases and not for the creation of the data that goes into the database.  [53] Hence, a distinction is to be made between the ‘creation’ of the materials contained in the database and the ‘obtaining’ of these materials.  [54] This leads to the conclusion that the creation of smart products with sensors that collect data should not be considered for the assessment of whether the investment in the database was ‘substantial’.  [55] The same applies to big data analyses. These may well require substantial investment. However, such analyses only lead to the creation of new data in the form of knowledge, which may then be included in databases. For the protection of these databases, the investment in the big data analyses is not to be taken into account.

48

As regards the scope of protection, it is important to note that the sui generis database right only protects the database as a collection of data and not the individual data. The Directive thereby aims to keep the (semantic) information that can be derived from the data in the public domain.  [56] Extraction and re-utilisation of individual data only fall within the scope of protection of the database if these data form a ‘substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database’.  [57] The concepts of ‘extraction’ and ‘re-utilisation’ further restrict the scope of protection. In particular, big data analyses, whereby the ‘code comes to the data’ in order to generate new information, will not lead to any ‘extraction’ since there will be no ‘permanent or temporary transfer of all or a substantial part of the contents of a database to another medium’.  [58]

49

In sum, it is quite obvious that the Database Directive is based on a database technology that no longer corresponds to the use of data in an era of ‘Industry 4.0’ or the Internet of Things. In particular, by protecting a collection of materials for a given period of time (15 years as of the completion of the database),  [59] the concept of a database is much too static to adequately respond to the features of constantly changing datasets and real-time data services.

50

This latter point may raise the question of whether the Database Directive is in need of a reform. However, the fact that the Directive does not respond to the needs of the modern data industry in a technologically appropriate manner cannot by itself justify reforming the Directive by introducing a right of data ownership. Rather, such reform is in need of an economic justification, which is part of the analysis further below (section 4 below).

51

Trade secrets protection is another protection regime that inevitably comes to mind as regards the protection of data.

52

The EU has recently adopted a directive for harmonising the national rules on trade secrets protection.  [60] As regards the modern data industry, this Directive may already be considered as technologically out-dated, since at the time of the preparation of the Commission Proposal, the implications of the new data economy were not yet fully perceived or understood.  [61] As a consequence, the text of the Directive is rather unclear as to what extent, for instance, data produced by smart products benefit from trade secrets protection.

53

In comparison to database protection, trade secrets protection has the obvious advantage of protecting the specific information. However, there are other shortcomings:

54

Most importantly, trade secrets protection relies on rather narrowly defined requirements for the subject-matter of protection. According to Article 2(1) of the Directive, the know-how or business information (1) needs to be ‘secret’ in the sense that it is not ‘generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question’; (2) the information must have ‘commercial value’ because of its secrecy; and (3) it has to be subject to ‘reasonable steps …, by the person lawfully in control of the information, to keep it secret’. None of these three requirements can be easily applied in the context of data produced by sensors attached to smart products. First, while the secrecy could be confirmed for data that is produced by the machines inside a factory, data collected by smart cars on freely accessible roads could be collected by the cars of many manufacturers and, hence, will not fulfil this requirement.  [62] Second, while data may nowadays have great commercial value, it is quite questionable whether it will always be possible to establish a causal link between the secrecy of the information and its commercial value. In the context of big data analyses, an individual piece of information may appear quite trivial, but particular value may arise from correlations with other data.  [63] Third, it is very unclear which steps will be required of the person in control to keep the information secret.  [64] Fourth, where data is generated in a network of different entities connected through a value network, it will be particularly difficult to allocate protection to a single person controlling the secret.  [65]

55

Yet another question is whether the subject-matter of protection needs to be interpreted narrowly in the light of the objectives of the Directive. The Directive pursues the goal of promoting the competitiveness and innovative strength of businesses through protecting secret information.  [66] However, data are nowadays largely produced as a by-product of smart machines and goods, whereas these data can be commercialised in completely different markets and for completely different purposes (not least in the public interest). Here, data is largely used by the data holder as an asset for generating additional income. In addition, protection of the data as trade secrets will not always promote innovation through the holder of that data. Rather, the challenge will often consist in promoting access to that data for other firms and public entities that may generate additional knowledge from that data through big data analyses. This argues for making a distinction between information that serves the core business of the holder of data, such as personal data held by Internet platform operators, as the backbone of the underlying business model, as well as data generated through machine sensors that are designed to be immediately used for the production process on the one hand, and other data, which are rather a by-product of the firm’s core business, on the other hand.

56

Finally, it should be noted that trade secrets protection is much narrower in scope than an exclusive data use right. It does not protect against any use of the data, but requires ‘unlawful’ conduct which, to summarise the different provisions of the Directive, can be regarded as contrary to honest commercial practices.  [67] Hence, the Trade Secrets Directive only establishes a system of liability for specific tortious conduct and not a property rights system.  [68] However, such further limited protection can be considered as better suited to serve the purposes of the data economy, by focussing on the particular way in which a third party has specifically acquired access to the data instead of granting exclusive protection against the use of data. Such exclusive property protection would easily conflict with the fundamental right of freedom of information.

57

In limited sets of cases one could even consider protection based on patent law. The reason for this is that the scope of process patents also extends to ‘products’ that are obtained through that process. For instance, in the European Union, Article 25(c) of the—yet not effective—Agreement on the Unified Patent Court stipulates that a process patent also provides the right to prevent a third party from ‘offering, placing on the market, using, or importing or storing for those purposes a product obtained directly by a process which is the subject-matter of the patent’.

58

The question in this regard is whether ‘data’ can be a ‘product’ that is obtained by using a process patent.  [69] This question would become relevant for instance where data is produced in a factory in applying a patented production method or, maybe more relevant, in the context of a process patent applied in medical diagnostics. In the latter case, the patent owner would also ‘own’ the ‘result’ of the diagnosis.

59

However, at the outset, such protection would only become relevant where the patent is used without the consent of the right-holder. Only if the patented process is used without a licence does the patent holder have a right to prohibit the commercialisation of the product as the offspring of the process.

60

The reason why the legislature extends the protection of process patents to the commercialisation of products is that process patents are much weaker than product patents. The owner of a product patent enjoys full protection against price competition from imitators in the product market. In contrast, the holder of a process patent runs the risk of having to compete with firms that offer essentially the same product manufactured with an alternative process. Extending protection to the products that are produced with the process assimilates process patents to product patents regarding the economic incentives arising from the patents. It also addresses the problem that third parties could otherwise legally serve the market with products produced abroad by applying the process if the process patent is only protected in the importing country.

61

However, already as a matter of principle, it does not seem appropriate to extend patent protection to information as the product of a process patent. Moreover, German courts seem to deny protection for information that is derived from a process patent. An interesting decision in this regard is the one by the District Court of Düsseldorf in the Hunde-Gentest case.  [70] In this case, the process patent for a genetic test for dogs was protected in Germany, but not in Slovakia. The defendant, who previously applied the test in Germany, moved the testing to Slovakia to avoid a patent infringement. Therefore, the Court was only requested to decide whether the plaintiff can rely on a process patent to prevent the defendant from communicating the test results to Germany. The Court denied such protection, arguing that the test results as pure information cannot be considered the product of the process. The Court noted that, since information is directly accessible for humans without any further technical process, information as such lacks technicity and therefore cannot be patented. Yet the Court refrained from arguing that the ‘product’ of a process needs to be patentable by itself in order to be protected within the scope of the process patent.  [71] Rather, the Court showed great sensitivity for the free flow of information. It rejected protection so as to avoid using patent law as a kind of trade secrets protection. In particular, the Court stressed that patent law should not support a claim to ban communication of the test result to anybody in Germany, which, in the last resort, would even include denying a person who knows about the test result entrance to German territory.

62

In many jurisdictions, unfair competition laws and similar protection regimes, such as the tort of misappropriation in common law countries, may provide subsidiary means of protection against free-riding where other protection mechanisms are not available.

63

However, whether such a role should be attributed to these general principles or laws as regards the holding of data, is again a policy issue which should only be answered in the affirmative if there is sufficient economic justification for protection against free-riding (see section 4 below). Free-riding as such should not be considered a violation of the law unless it undermines incentives for investment in the production of the asset that is copied.

64

Civil law countries are not unlikely to discuss nowadays whether the concept of property found in the national Civil Code, which is usually limited to the ownership of tangible items and land, should be opened, namely, in a move to ‘digitise the Civil Code’, to also include data. For instance, in 2016, the Deutsche Juristentag,  [72] which is the most important private discussion forum for legal reform in Germany, bringing together law professionals from all different sectors, considered whether German civil law is in need of a ‘digital up-date’.  [73]

65

Yet, to equate data with tangible objects as a subject-matter of property is a rather risky undertaking. The risk is that, as an expression of general enthusiasm and striving for modernisation, the legislature or courts will not give sufficient consideration to the different economic characteristics that distinguish markets for non-tangible objects from those for tangible objects.

66

Hence, the question of whether civil law is in need of being ‘updated’, should be considered carefully and within the specific context of protection. To transfer the principles of contractual liability developed for the sale of tangible goods to defects of digital goods, is one thing;  [74] to recognise a property right for holders of data with exclusionary effects on third parties is another thing. In Germany, the debate is mostly triggered by certain limitations of tort law. Under Section 823(1) German Civil Code, there is only a claim for damages if somebody injures the ‘life, body, health, freedom, property or another right’ of someone else.  [75] Courts have continuously extended the range of ‘other rights’, to include, for instance, the general personality right, but they have also limited those rights to ‘absolute rights’. This is why it is now also discussed whether courts should recognise ‘data ownership’ as another absolute right to protect the integrity of datasets against injuries committed by third parties. For instance, the need for such protection is quite evident when computer viruses delete large and valuable datasets, while the physical carrier and its functions remain intact. The downside of this is that recognition of such a right in the framework of Section 823(1) Civil Code would also provide for injunctive relief to prevent injury. For that purpose, German courts rely on an analogy to Section 1004 Civil Code, the basis for injunctive relief in case of unlawful interference with property.

67

Injunctive relief raises the more important question regarding the extent to which the scope of protection of such data ownership is to be assimilated to property in tangible objects. Property in tangibles basically provides two sub-rights, a right of integrity and a right to exclude others from any use.  [76] The debate on data ownership is inspired by the lack of protection as regards the integrity of data, whereas the recognition of a right to exclude other persons from any use of the data would amount to a very powerful intellectual property right that would have the potential of undermining the free flow of information.  [77] Also, from an economic standpoint, a right to exclude others from the use of data is less needed than in the case of tangibles. Data are not rivalrous; hence, someone else’s use of the same data does not prevent the ‘owner’ from using these data. Accordingly, from an economic perspective, it is easier to justify protection of the integrity of data than to provide full protection, including injunctive relief, as regards the use of data.

68

This debate on extending the property concept to digital data was more recently also inspired by the UsedSoft decision of the CJEU.  [78] In this case, the Court explicitly recognised ‘ownership’ of the person legally downloading a computer program from the Internet. However, this holding was limited to the application of the exhaustion rule in the Computer Programs Directive.  [79] Exhaustion of the distribution right under copyright law requires a first ‘sale’ of a copy of the work through the right-holder or with her consent. The CJEU defined a ‘sale’ as ‘an agreement by which a person, in return for payment, transfers to another person his rights of ownership in an item of tangible or intangible property’.  [80] By recognising ownership in the digital copy of the program, which is provided to a customer on a permanent basis,  [81] the Court managed to transfer the concept of exhaustion to the digital field. Hence, in UsedSoft, the CJEU did not recognise any general concept of data ownership.  [82] Rather, the Court only relied on ownership in a digital download to limit the exclusivity of the copyright as another property right. We can learn from this judgment that limited recognition of property rights can also have a liberalising effect and thereby promote the free movement of data in the digital economy. However, such recognition should not be generalised by arguing in favour of allocating ownership involving third-party effects wherever persons are legally in permanent control over the use of any data. This may well have the opposite effect of hampering the free flow of data and information in the data economy.

69

Despite the uncertainties and shortcomings of the different protection regimes, the players of the data economy do not seem to suffer from the lack of recognition of general data ownership. The reason is that markets can also develop with relatively little legal exclusivity where access can effectively be controlled by technical means.  [83] Factual exclusivity has the potential of forcing parties into negotiations and can trigger transactions in very similar ways as in the case of intellectual property.

70

Such data contracts based on the factual holding of data are therefore meant to grant access to these data.  [84] However, this does not exclude agreement on certain limitations of the use of data. Accordingly, contract law may exercise even stronger restrictions on the use of data than a new ownership agreement that could provide for mandatory exceptions and limitations.  [85]

71

A very prominent example of an area where markets for immaterial exploitation emerge with very little legal exclusivity is the marketing of sports rights. There are only few jurisdictions which provide special intellectual property rights for the audiovisual exploitation of sporting events.  [86] Other jurisdictions manage to provide the same conditions for markets for sports rights with comparable value streams without such legislation. The reason for this is that the organisers of such events can control access to the premises of the sporting events and thereby charge a price from the broadcaster that is allowed to produce the broadcast.  [87] Of course, there is a risk that third parties will use the broadcasts without authorisation. However, it suffices in this regard that the broadcasting corporation that was granted access to the event is protected by its investment by copyright, or at least its original related right, in the broadcast.

72

As regards the data economy, this example of the sports rights may explain that, even where misappropriation by third parties is a concern, there is no need to recognise ownership of the data holder as long as the investor in access to the data—such as the big data analyst—disposes of an intellectual property right that prevents third-party use, such as the copyright in the software tools for analysing big data. The data holder itself will regularly be able to exclude others from access through technical means, including technical protection measures. Rules of criminal law that make unauthorised access to data a crime, such as data or computer espionage, can further strengthen factual exclusivity without recognition of ownership in the sense of private law.

74

The standard argument in favour of recognising intellectual property rights is based on a utilitarian incentive theory. Intellectual property is designed to promote innovation. However, the subject-matter of protection of these rights, such as inventions and works of creativity, is characterised by the features of public goods. Without the recognition of legal exclusivity, everybody else would be able to free-ride by copying and, consequently, nobody would be willing to invest in the production of such public goods.  [88]

75

As demonstrated further above, the generation and collection of data allows for very new and innovative business models that lead to large gains in allocative efficiency in manufacturing and maintenance, as well as far-reaching social benefits based on big data analyses. Hence, there is a case for also fostering incentives for generating and collecting the underlying data. However, it is less clear whether, for that purpose, data ownership is required. In this regard, the incentives of different players need to be analysed.

76

There is always some human act that can be found at the very beginning of the generation of data and the commercial exploitation of these data. A manufacturer may decide to employ machines and robots that are equipped with sensors to control and steer the production process. The owner of a smart car decides where to go with this car and where the car will register data about the density of traffic or the physical conditions of the road. A patient provides the blood for a blood test, the result of which may go into datasets that are subsequently analysed. In all of these cases, the relevant person would and should certainly know about the generation of the digital data, and may even have to give her consent based on the rules on data protection. However, additional ownership in the data is not necessary as an incentive to generate such data. Hence, in principle, it is possible to conclude that there is no need to vest the person at the beginning of the value chain with exclusive rights to exploit that data as a means to create incentives for the generation of that data.

77

The same holds true for the next step of exploitation. The data produced by a smart car will be transferred to the manufacturer of that car. The car manufacturer will be sufficiently motivated to generate data that will guarantee smooth operation and maintenance of the car. Generation of that data is very much part of the firm’s business model. Furthermore, the potential of follow-on markets creates sufficient incentives for collecting the data, whether database rights are available or not, even in cases where the main business model does not require the data to be stored on a permanent basis.

78

Nor are additional incentives needed as regards the business model of Internet platform operators (e.g., search engines, social media etc.), for which the collection of personal data is the very core of the success of the underlying business model. Yet the fact that firms nowadays know that, in an emerging data economy, any data may become interesting and that they may be able to commercialise that data based on factual exclusivity, it cannot be argued that there is suboptimal generation and collection of digital data. In general, data are not a scarce resource.  [89] The sheer volume and variety of big data constitute the basis but also the particular challenge of big data analytics.

79

Hence, there is not sufficient evidence of the need of data ownership as justified by the incentive theory concerning the generation and collection of data. However, there could be a need for more incentives to invest in tools for technologically challenging big data analyses. Within the value stream of exploiting data, data analyses generate major social value by producing new knowledge and thereby optimise decision-making in many fields. However, although the evolving business models of big data analyses may still be in need of further research, it seems that data ownership will not be the appropriate mechanism for protecting the interest of big data analysts. Access to data held by others should be more of a concern to big data analysts than acquiring ownership in data. It is more important for big data analysts that the data they have access to respond to the challenges of velocity and veracity than having claims against third parties for unauthorised use of the data they produce. Since, in many instances, real-time data is key, data analysts do not have to be so much afraid of competitors’ free-riding. What counts more is getting access to the various datasets from which they can gather new knowledge. As regards the other side of the market, namely, the firms and public entities to which big data analysts provide new knowledge for optimising decision-making, data ownership will not be needed either. Such relationships will often be based on contracts for services through which customers are supplied with accurate knowledge at a given point in time. From a competition perspective, the core question is whether data analysts need to rely on data ownership in competition with other data analysts. This question has to be answered in the negative. Data analysts will not gain a competitive edge by ‘owning data’ at the expense of their competitors. Rather, they will prevail in competition if they manage to have better access to the various sources of big data, for which they will not rely on ownership but contractual business relationships with the holders of such datasets, on the one hand, and the effectiveness and accuracy of their big data analyses, on the other hand. As regards the latter, it is more important that big data analysts control the technology for big data analysis. For this, they will rely on copyright protection in the software infrastructure and possibly technical know-how rather than data ownership.  [90] The same holds true for firms that deliver—typically software-based—tools for big data analysis of other firms.

80

At the last stage, the customers to whom information is delivered based on big data analyses are not in need of data ownership either. To the extent that these data are kept secret and the data analysts are under a contractual obligation to keep that information secret, this information may enjoy trade secrets protection. Public entities as customers of big data analysis services will be less likely to have an interest in keeping the result of big data analysis secret. In the framework of emerging laws on open data, public institutions may even be under an obligation to provide access to the data both to the public and, pursuant to public-sector-information (PSI) laws, for commercial re-use by private actors.

81

Another and more modern justification for property rules is the goal of creating incentives for the commercialisation of the subject-matter of protection. In the context of patent law, this is often called the ‘prospect theory’—in contrast to the traditional incentive theory, whereby the latter is designed to reward those who invest in the generation of the subject-matter for that investment.  [91]

82

In general, innovation does not end with the generation of the subject-matter of protection and the acquisition of the IP right. Innovation will only serve society if it reaches the market. And quite often more investment will be needed for the commercialisation of the subject-matter of protection than for its generation.

83

A good example of this can be observed in the pharmaceutical sector. The major investment that goes into the development of drugs relates to the financing of the lengthy and risky clinical trials, which typically take place after the filing of patents. Indeed, in order to protect investment in the clinical trials against free-riding by others, the pharmaceutical company is in need of patent protection prior to making that investment. In most cases, the patent holder will also be the firm that conducts the clinical trials and brings the product to the market. However, the patent holder may also decide to license the patent to another company that, based on that licence and with the prospect of having a secured market later on, will make the investment in developing the drug.

84

Similarly, investment in the commercialisation of copyrighted works is not typically effectuated by the creator, but by the representatives of the copyright industries, such as publishers and producers. Only in countries that follow a work-made-for-hire doctrine will the latter be considered initial copyright owners, whereas in other countries they can rely on exclusive copyright licences or, at best, related (neighbouring) rights.

85

These examples show that the original right does not necessarily have to be vested in the person who makes the investment in the commercialisation. The licensing system, based on contract law and exclusive licences, can provide for the same incentives. Granting the original right at the stage of the creation of the content, however, may produce additional distributional effects. The copyright protected in favour of the creator may generate additional income for the creator, at least if there are additional rules in place that guarantee fair remuneration.

86

As regards the data economy, however, no case for recognising data ownership can be identified based on the goal of producing additional incentives for the commercialisation of the data. The major argument is that the holders of data do not have to be afraid that competitors will free-ride on investment in the commercialisation of their data. Likewise, there is not any particular risk that the data will be copied by competitors for the purpose of substituting the data holder’s offer, nor does the grant of access to the data to others, such as big data analysts, involve particular investment by the data holders.

87

Nor are the big data analysts unable to recoup their investment in the commercialisation of their data without data ownership. They are much more likely to rely on the control of their software solutions to protect their innovation under competitive conditions.

88

The situation is likely to be different as regards data brokers. Data brokers can play an important role in the enabling of big data analyses in particular.  [92] Data brokers may also act as aggregators of datasets. Property rights have the potential of stabilising their activities. However, these brokers can also rely on factual exclusivity regarding the control of datasets that are transferred to them. Concerning situations where real-time data is key, data brokers are less likely to act as intermediaries that buy and resell identifiable datasets. They are more likely to act as agents that bring together providers of large and dynamic datasets with customers that are interested in services that build on big data analyses. Such brokers will enable direct transactions between data providers, on the one hand, and big data analysts and their customers, on the other hand. To do this, they are not in need of property rights in the data.

89

Property rights can also stabilise and, thereby, facilitate transactions. Conversely, this is an effect which cannot be provided in the framework of trade secrets protection. Transactions on trade secrets suffer from major instability. Every sharing of trade secrets increases the risk that the information will ultimately become publicly available with no possibility for the holder of the trade secret to act against the re-use of that information.  [93] Accordingly, recognition of data ownership is advanced as a means to facilitate trading with data as a commodity. The argument is that, even where there is factual exclusivity, without ownership there are no direct remedies against unauthorised use by third persons once the data has been disclosed.  [94]

90

Yet considering the risk that business models will be undermined by unwanted free-riding in an environment in which the availability of real-time data is key, this argument of stabilising transactions will hardly ever be very convincing.

91

Another argument relates to legal certainty. Clear attribution of ownership can enhance legal certainty by informing the stakeholders about their rights and obligations.

92

This, however, is not very convincing as regards data ownership either. On the one hand, new property rights will always give rise to additional conflicts and litigation. At the same time, allocation of property rights may not be so clear at all. As regards data ownership that is recognised independently of factual control over data in an environment where individual data may constantly be integrated and arranged in different datasets, data ownership is more likely to reduce transparency and increase the risk of unintentional infringement of rights.

93

A final potential justification for data ownership may look counterintuitive at first glance, but in particular deserves closer attention.

94

As has already been explained above in the context of the discussion of the UsedSoft decision of the CJEU,  [95] property rights regimes can also be used as a means to enhance the free flow of data. In this decision, a limitation of copyright protection regarding digital downloads was used as a means to promote free circulation of digital copies of computer programs.

95

This example shows that general recognition of property rights can also make sense where factual exclusivity is already particularly strong. Adoption of a fully-fledged rights regime can include far-reaching mandatory exceptions and limitations that cannot be set aside by contractual restrictions.  [96] For instance, such exceptions and limitations can also be found in the French legislation on the exclusive right of sports associations as regards the audiovisual exploitation of sporting events.  [97] Hence, such ownership systems could provide better guarantees for access than reliance on general contract law based on the unrestricted principle of freedom of contract.

96

However, this approach is not without alternatives. Access can also be guaranteed by special legislation on access that takes precedence over contractual restrictions. As regards the commercial exploitation of sporting events, such access rules can be included in the general media law. Current EU law also enhances access to information held by public bodies. Thereby, the European rules on public sector information do not have to recognise ownership of public bodies in the information they hold in order to regulate the principles that apply to the licensing of the commercial re-use of such information.  [98]

97

An interesting case is also presented by the current proposal of the Commission to introduce an un-waivable exception to copyright protection for carrying out text and data mining for the purpose of scientific research.  [99] This proposal seems to prove the case that exceptions promoting access to data can easily be drafted within existing ownership systems. However, separate access legislation on data mining could also be drafted by building on the model of the proposal with application beyond copyright and with regard to other interests whenever the data holder has granted access to somebody in the framework of a contractual agreement. To do this there is no need to recognise data ownership up front.

98

An additional argument against adopting ownership as a means to enhance access arises from challenges regarding the form of regulation of such exceptions or limitations. There are two approaches, both of which are problematic. The first approach consists in a general clause similar to the fair use exception of US copyright law.  [100] This approach has the advantage of general applicability but the disadvantage of lack of precision. It would hence cause legal uncertainty, give rise to legal disputes and potentially favour the interests of those parties that have less of a problem to finance litigation. As regards data ownership in particular, this approach has the additional drawback that it would have to be formulated in an extremely general way in order to be adaptable to the very different sectors of the data economy. Hence, it is very doubtful whether such a ‘fair use’ clause would really be able to enhance access in practice.

99

The second approach would consist in formulating a precisely defined exhaustive catalogue of exceptions and limitations that takes care of specific countervailing interests. However, this would require the legislature to fully anticipate the interests of a large number of potential stakeholders in highly diverse sectors of a data economy that is only just emerging.  [101] There is a clear risk that legislation on exceptions and limitations would largely be postponed to the future, while the legislature would immediately adopt a strong rights system that goes beyond the restrictions data holders can implement under contract law. In sum, this approach would entail the risk of largely hampering the free flow of information without sufficient remedies for addressing problems of access.

100

In addition, balancing conflicting interests is more difficult for the legislature, where the question of who should be the owner remains a most difficult issue.  [102] Whomever the legislature singles out as the right-holder, this will produce an additional negative impact on the interests of other stakeholders and may intensify a conflict of interests. In contrast, by choosing the alternative approach of balancing factual control over data by access-only legislation, the legislature will react to the conflict as it arises from the specific context of the market without intervention.

101

In sum, it seems more advisable to prefer an approach of progressive adoption of access regimes as part of sector-specific regulation. Such an approach could still develop principles and guidelines that emerge over time and ultimately rely on general models of regulation.  [103]

102

It can be thus concluded that no reasons can be identified that would argue in favour of introducing data ownership in favour of any of the stakeholders.  [104]

104

For any intellectual property rights system, a decision has to be made on what subject-matter is to be protected, on who should own the right, and on the scope of protection, including the exceptions and limitations. As to the latter aspect, a decision is to be made regarding the terms of protection.

105

As regards the subject-matter of protection, it has already been mentioned that the law has to decide whether data should only be protected on the syntactic or also on the semantic level. The latter should rather be avoided because of the risk of obstructing the free flow of information.  [107] However, the question still remains whether data can be protected as ‘raw data’ on the syntactic level. This is questioned because data is in need of specification on the semantic level in order to qualify as subject-matter of protection beyond the encoding in the form of bits and bytes.  [108] If, however, protection was granted on the semantic level, the very practical problem is to identify whether information is ‘new’.  [109] Another issue is whether data ownership should relate to individual data or datasets in their entirety. The latter would follow the example of the Database Directive with all its shortcomings, namely, that it fails to protect the individual data. Yet, if each and every individual piece of data were protected, data ownership of individual persons in a world of big data would disappear like drops of rain in the sea. Such a system would present major challenges in terms of its governance and of the enforcement of myriad individual rights, not to mention the challenges for users in the context of rights-clearing.

106

As regards potential owners, it has been shown in this analysis that in a complex world of networks where a considerable number of different players collaborate in generating value, not least by contributing their data, the allocation of data ownership is particularly difficult.  [110] Furthermore, if everybody contributing to the generation of data in a value network is vested with ownership, this allocation could easily run the risk of creating too many property rights, which would block efficient exploitation of big data in particular.  [111] The proposition to vest consumers with the ownership of their personal data in order to enhance trading with that data as a commodity  [112] does not explain why allocating the economic value to consumers can be justified from an economic perspective.  [113]

107

Moreover, the definition of the scope of protection also remains a difficult task. It is not clear at all in which situations there is a particular risk that the need for investment will be distorted by the free-riding of third parties. The proposal to limit protection to the copying of encoded information, while allowing for the re-generation of the same data,  [114] would only confirm that data should not be protected on the semantic level of information.

108

The definition of the subject-matter of protection, the identification of the owner of the right and the scope of protection will be most relevant for finally identifying the need for exceptions and limitations. In the light of the large number of stakeholders, it would be particularly difficult to clearly identify the conflicting interests and to design rules for balancing these interests.

109

The interaction between all of these issues reaches an enormous level of complexity, which argues in favour of preferring legislation on access regimes to the implementation of a fully-fledged new ownership system.  [115]

110

In addition, legislation on data ownership would have to respond adequately to very diverse circumstances in which data is generated and used in the future. The data economy and the use of smart products are predicted to enter all different fields of modern life. However, data collection as regards the operation of smart cars is very different from the processing of data in the healthcare sector. Whether it is possible ex ante to conceive uniform rules on the subject-matter of protection, the person owning the rights and the uses that will be covered by the right, while the peculiarities of different sectors are delegated to exceptions and limitations, remains rather doubtful.  [116]

111

Several times it has been underlined in this analysis that the data economy and big data in particular, is not about stable datasets but about the ‘moving target’ of highly dynamic data. ‘Velocity’ and ‘veracity’ are a fundamental concern in this economy.

112

This however questions the very appropriateness of a property approach to regulating that economy. IP systems are largely based on the paradigm of protecting intangible assets, such as technologies in particular, that play a role as input in the production of physical goods. Such a paradigm does not seem to fit a world in which customers have to rely on real-time and accurate information as an input. This contradiction becomes most obvious if one addresses the issue of the terms of protection. In an environment where it is key to capture the moment and where being late leads to wrong decisions, asking the question of how long data should be protected will simply miss the needs of this economy. Rather, the starting point of any legislation should be a clear analysis of the emerging new business models and the question of what kind of protection firms need in order to make their business models successful in competition with other firms and in the overarching interest of society.

113

As a matter of principle, contract law seems to provide the better regime for such protection. It allows the parties to specifically design the rights and obligations as needed for making new business models work. Contract law provides the parties with the possibility to experiment with different arrangements over time and with the flexibility to adapt to different circumstances in very different sectors of the data economy.

117

The debate and literature on how and whether competition policy should react to the advent of big data has exploded within a remarkably short period of time.  [117] The discussion is mostly driven by the enormous success and expansion of firms in the digital economy such as Google or Facebook, whose business models are largely built on the control of user data. There is in fact growing awareness that control over big data should play a more prominent role in assessing market power and dominance, not least in the framework of mergers.  [118] The EU merger cases of Google/DoubleClick  [119] and Facebook/WhatsApp  [120] are among the first cases where control over user data in terms of ‘data concentration’  [121] was taken into account for assessing the effects of mergers on the online advertising market.  [122] Yet in both cases the Commission held that the emerging data concentration was not sufficient to significantly impede competition in this market.  [123] The growing role of data in the digital economy has also convinced competition law enforcers to further develop their policies as regards the impact of control over data on competition.  [124]

118

Yet this discussion on how competition law should react to the challenges of the data economy and big data is based on a particular perspective. First, control over data is considered to be a potential competition problem. This corresponds to the general role of competition law to ban anti-competitive conduct. Second, the focus is very much on market structure, market power and dominance,  [125] as well as on market entry barriers arising from the control of big data.  [126] This is explained by the fact that anti-competitive effect, especially in unilateral conduct cases, depends on the ability to behave independently of the competition.

119

Within the framework of the current ‘Free Flow of Data’ initiative of the Commission, however, the role attributed to government is a more proactive one of industrial policy. The question is not only how to protect the free market economy against anti-competitive conduct of firms. Rather, the question is what can be done in order to promote the digital economy.

120

In this regard, competition law has certain advantages but also shortcomings. On the positive side, competition law is in principle applicable to all sectors of the economy that are currently undergoing a digital transformation. Competition law can work as a platform on which legislatures can build to formulate more targeted, sector-specific rules whenever competition law does not provide sufficient remedies. In addition, competition policy and law can also prevent the legislature from excessive intervention. In instances where there is no identifiable harm to competition, policy makers will have to look for an alternative justification for adopting access rules.

121

On the negative side, competition law is likely to be too limited to provide sufficient remedies. As regards its substantive criteria, competition law only reacts to one particular kind of market failure. Intervention is only justified where there is identifiable harm to competition. While the outer boundaries of what can be considered such harm is not at all clear, there are kinds of market failures that cannot specifically be addressed by competition law. For instance, in a world of big data analytics involving techniques of data mining by searching datasets for correlations, negotiations about access to data may simply fail because of information asymmetries regarding the value of the data.  [127] From an institutional perspective, competition law enforcers are able to ban identifiable anti-competitive conduct, but they are not well equipped for regulating markets ex ante by imposing positive rules of conduct in the form of behavioural remedies that require on-going monitoring.

122

Hence, already based on these general observations, it is very likely that actions will be needed that go beyond competition law. But competition law should be placed at the beginning of the following analysis (section 6.2. below). Competition law thinking as a market-compliant approach will however also prove important for devising additional pro-competitive regimes that promote access to data (sections 6.3. and 6.4. below).

123

EU competition law has not yet developed specific case-law on access to data in the data economy that is only now about to emerge. However, as the following analysis will show, the practice on refusals to deal and, more concretely, refusals to license can produce some indications on how to assess future data-related cases. At the outset, it should be noted that it is not important whether data to which access is requested is protected by intellectual property (IP) rights or not.  [128] Even in cases in which neither IP protection nor trade secrets protection is available, but the holder of data can rely on factual exclusivity provided particularly by technological protection measures, a refusal to grant access can be captured as a refusal to deal under competition law. For the assessment of such cases, under Article 102 TFEU, the question is whether the holder of data is market dominant and whether the refusal to grant access to data constitutes an abuse. These issues will be addressed in the framework of the following review of the existing case-law.

124

The three major cases that established the foundations for assessing refusals to license, namely, Magill,  [129] IMS Health  [130] and Microsoft,  [131] are all, in one way or another, ‘information-related’. Beyond these three cases, the following analysis will also take into account the more recent Huawei case, which dealt with a refusal to license a standard-essential patent (SEP).  [132]

152

As regards access regulation, a distinction can be made as to whether the parties already entertain a contractual relationship or not. Problems of access to data may also arise within existing contracts. The typical justification for legislative intervention in contractual relations beyond the realm of competition law is unequal distribution of bargaining power.

153

Unequal bargaining power is addressed by different parts of the law. In particular, the EU has adopted such rules on consumer contract law in the form of the Directive on Unfair Contract Terms.  [160] The Directive’s scope of application is broad enough to also control standard contract terms on the treatment of data. However, there are also particular shortcomings. First, the Directive’s general clause on unfair terms does not provide any guidance on how to assess clauses that relate to the collection and use of data. The indicative list of unfair contract terms in the Annex to the Directive does not respond at all to the modern challenges of a data economy. Second, since the application of the Directive is limited to consumer contracts, it fails to create a European legal framework for addressing the regulation of access to data in B2B cases.

154

However, as regards both B2C and B2B relations, there are alternative ways to address cases of unequal distribution of bargaining power.

155

As regards consumers, there is a considerable overlap of consumer law with data protection law. The rule on data portability in Article 20 of the General Data Protection Regulation  [161] can rather be considered as one of consumer protection than of data protection. While the relevant data covered by Article 20 is personal data as protected by the Regulation in general, the purpose of the data portability provision is not to protect the individual’s moral interests. Rather, the rule is designed as an access rule that will enable the individual to switch to other suppliers where access to the data is crucial for competition to work.  [162] The German Monopolkommission, which, as a commission of competition experts, fulfils an advisory role to the German government, supported the right to data portability by stressing that it has the potential to help the individual overcome a lock-in effect  [163] and to react to the problem that businesses, without ownership regulation in place, often claim control over personal data as part of their contractual arrangements.  [164]

156

This rule was inspired by the situation of platforms, including social platforms that rely on user data. Yet it will prove particularly effective in the context of new data-driven business models built on the collection of data. For instance, car insurance companies have already begun to lower premiums of customers who accept digital registration of their driving habits.  [165] The possibility to switch to another insurance company will be considerably enhanced by the possibility to use such data to prove that the customer is indeed a careful driver.

157

Since this rule on data portability constitutes a most suitable form of pro-competitive regulation, there is no reason why the right to data portability should be limited to personal data.  [166] The lock-in effect is not necessarily restricted to such data.  [167] Beyond consumer contracts, a lock-in problem can also arise with regard to industrial data where suppliers want to take data with them concerning the quality and longevity of their parts after the termination of the supply contract with the manufacturer of the final product. Hence, data portability rules should also be considered for industrial relations.

158

Yet use of access to data as regards the relationship between suppliers and an end producer could also be addressed as part of specific competition law regulation. Regulation of supply traditionally forms part of the Block Exemption Regulation in the Motor Vehicle Sector.  [168] In times of the advent of autonomous driving, a modernised regulation could also address the treatment of data on the functioning of the vehicle between the supplier of parts and the manufacturer of the vehicle. There is a particular risk that the latter, by relying on superior purchaser power, will implement contract terms on data treatment concerning parts that disadvantage the supplier. The question will be how to implement such rules within the framework of the Regulation. While the Regulation will continue to build on the market-share approach as a basis for the block exemption, restrictions regarding the access of data to the disadvantage of the supplier, including a restriction on data portability, could be included in the black list of hard-core restrictions. However, for formulating such a rule, precision is needed in order to clearly delimit the non-exempted clauses from those that can be exempted. In particular, one could imagine a rule that a supply contract cannot be exempted if it does not include a rule on free-of-charge data-sharing with the supplier concerning the functioning of the parts delivered by the supplier. Such a rule is justified by the fact that both parties belong to the same network that contributes to the generation of economic value.  [169]

159

Of course, the issue of access to data by a supplier of parts is not specific to the motor vehicle industry. Hence, the Commission should consider creating a generally applicable access regime in favour of suppliers in the framework of its block exemption regulations.

160

Finally, the legislature is free to draft targeted rules that would ban contractual restrictions on the use of data under particular circumstances. The already mentioned Commission’s proposal for an un-waivable copyright exception for text and data mining for purposes of scientific research provides such an example, which could be extended beyond the realm of copyright and applied for other purposes.  [170] In this regard, Article 3(1) Commission Proposal for a Directive on Copyright in the Digital Single Market requires that a research organisation wanting to conduct text or data mining have legal access—typically based on a copyright licence—to the relevant subject-matter.

161

Regimes for access to data outside of existing contractual relations are more difficult to devise. In this field, a more cautious approach is needed in order to avoid excessive intervention in the market economy. In addition, the particularities of very different sectors where data is currently starting to play a major role in generating economic value from the outset seems to argue against a regime of general applicability. On the other hand, designing regimes for access to data is not an unprecedented exercise for legislatures. Existing models can be considered and discussed for cautious generalisations and potential transfer to other sets of cases.

162

In any event, devising access regimes outside of existing contractual relations depends on using certain criteria to balance the interests involved between exclusivity and access. Such criteria can be discussed as the kind of information contained in data, the identity of the data holder and the business model through which it generates data and, finally, the person or entity seeking access and the kind of use this petitioner is intending.