On 27 June 2023, the EU institutions reached an informal political agreement on a final text of the upcoming Data Act (see the press release here). The negotiations leading up to this agreement were tough, particularly on the (territorial) scope and the date of application, the handling of personal data, product safety, and the relationship between IP rights and users' data access rights. In this article, we provide a first look at the latest informal political agreement and focus on the conflict between IP rights and data access.
The Data Act is one of a series of legislative projects of the EU to cover the related phenomena of the platform economy, big data, the data economy, and artificial intelligence (AI). Following the Data Governance Act adopted by the EU legislators in 2022, the Data Act is the second main legislative component of the European strategy for data.
The proposed Regulation on harmonized rules on fair access to and use of data – better known as the Data Act – was adopted by the European Commission in February 2022. Around a year later, in March 2023, the final wording followed, upon which the European Parliament and Council delegates based their intensive negotiations. The Council and the European Parliament must now endorse the provisional agreement. After that, we will have the definitive final text. The Data Act will start to apply 20 months following its entry into force. New products must meet the design requirements to make data easily accessible following one further year. Existing contracts on Internet of Things products must change at the latest after five years.
The Data Act proposes new horizontal rules on who can access and use data generated in the EU across all economic sectors. It aims to ensure fairness in allocating value from data among actors in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation, and make data more accessible to all.
Analysis of the Conflict between IP Rights and Users’ Data Access Rights
The central subject matter of the Data Act is data access rights for the benefit of users of smart products and services. Such data access rights can primarily come into dispute with conflicting IP rights of the manufacturers (and data collectors).
This raises three main questions regarding conflicting IP rights:
- Is the user access an IP conflict under the Data Act?
- Does the manufacturer have counter rights to the data access under copyright law?
- Does the manufacturer have counter rights to the data access under trade secrets law?
The first question over the users’ legal position being governed by IP law must be answered negatively. However, the new rights to access, use, and pass on the data generated by the use of products or associated services created by the Data Act establish a certain exclusivity position, which can at least be resemble traditional IP rights.
The second question is more challenging. Art 35 Data Act (proposal) expressly excludes the application of the sui generis database right. However, the Data Act is less clear on the ancillary copyright for photographs and copyrights (such as database works) or creative photography works. For example, copyright protection for images depends largely on the creator principle. Frequently, the user – and not the manufacturer – will determine the direction in which the product's sensors are aligned, but it is even more likely that this will be performed by AI. It is doubtful whether such automatically produced images are covered by ancillary copyright, but copyright protection of database works must also be considered, which is not covered by Art 35 Data Act (proposal).
The most exciting question regarding IP law is the third question: the relationship between the Data Act and trade secret protection. Even if the European Commission, when submitting the proposal in February 2022, probably still assumed that mere raw data could not be defined as trade secret, the changes to the legal text as a result of the last draft by the Council demonstrate the practical explosiveness of this assumption.
In aggregated form, such data sets can be analyzed and give an accurate picture of how the smart device or service operates. Even data information that was not collected, although it would have been technically possible to collect it, can provide information about the manufacturer's approach. The Data Act prioritized data access rights over trade secrets in its first proposals. However, during the legislative process, the awareness grew that data access rights cannot take precedence over highly valuable trade secrets. So a balancing mechanism was added to the Data Act during the negotiations in the form of a veto right which allows the manufacturer to deny access to data related to trade secrets if they face a threat of “serious and irreparable economic loss”.
With this in mind, the last text of the Council specifies that: “In exceptional circumstances, when the data holder can demonstrate that it is highly likely to suffer serious damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the user, the data holder may refuse the request for access. Such demonstration shall be duly substantiated, provided in writing and without undue delay. When the data holder refuses to share data pursuant to this Article, it shall notify the national competent authority”, cf. Art 4 (3a) Data Act in the Council’s version of 17 March 2023.
The concept of "serious and irreparable economic loss" seems to be subject to a high threshold, as the manufacturer must prove that it may “threaten its viability or pose a serious risk of bankruptcy” (in line with Council’s version Recital 28a). According to the same Recital, the manufacturer shall provide an explanation “based on objective elements”, taking into account factors such as the lack of enforceability of trade secrets protection in the user’s country, the uniqueness and novelty of the product or a possible negative impact on cybersecurity (among others).
While a balancing mechanism would be welcome, such high requirements on the right to refuse access pose a significant obstacle. Strict sanctions for misuse of this right of veto may facilitate lower requirements for manufacturers.
It has been reported that another exception was added in the last negotiating sessions. This applies where special security requirements could be compromised by data sharing. Finally, data processed via complex "proprietary algorithms" were also excluded from the scope of the regulation.
As the Data Act takes final shape, manufacturers of smart devices can expect that copyright, will generally not hinder data access. Data access rights under the Act, however, are likely to come in conflict with manufacturers' trade secrets. In such cases, mechanisms are being finalised for manufacturers to counter data access claims with a veto right to protect their trade secrets in the case of particularly valuable or security-sensitive trade secrets. However, the application of the veto arising from the “serious damage from the disclosure of trade secrets” will likely generate different views depending on the interests of users and manufacturers. Manufacturers should keep abreast of developments as the European Court of Justice defines the requirements for a veto right in more detail over the coming months.
Authored by Jasper Siems, Michael Niehaus, Juan Ramon Robles and Joanna Rozanska