EU policy/Data Economy Consultation

Data Economy Consultation

The European Commission has launched its Public consultation on building the European data economy. This is the Wikimedia working page to draft answers to be submitted by the Free Knowledge Advocacy Group EU.

The final set of answers submitted will be linked to this page. Apart from the Free Knowledge Advocacy Group EU, individual chapters, volunteers and the Wikimedia Foundation might decide to participate. In this case we will make link their answers as well.

In its Communication on a Data economy strategy from January 2015, the Commission states that the data-driven economy stimulates research and innovation on data, increases business opportunities and availability of knowledge and capital across Europe. It regrets that data isn't shared widely enough and thus remains unused. As a solution the Commission even envisions a new right on raw data, which is supposed to solve the issue of the lock-up of data.

The consultation will remain open in the period 10 January - 26 April. 26 April is the deadline for submitting our answers.

• Copyright Consultation
• Position Paper on EU Copyright
• Platforms Consultation
• FKAGEU Statement of Intent
• Position Paper on Copyright Reform Proposal

Everyone! Please just leave a draft answer/comment underneath the questions followed by your signature. We will then try to unify the replies.

As the European Commission's new survey tool allows for online editing and the saving of drafts, everyone is invited to make changes and save them as a draft. Please do not submit the answers. For discussion purposes, the questions of the consultation are copied below. If you wish to discuss any of them, please edit underneath.

PLEASE DON'T SUBMIT, ONLY SAVE AS DRAFT

The main objective of this part of the questionnaire is to get detailed insights into the extent, nature and impacts of data localisation restrictions within the EU and what could constitute limited, justified grounds for such restrictions without unduly jeopardising the free movement of data within the EU (except for restrictions to the free movement of personal data for reasons connected with the protection of natural persons with regard to the processing of personal data. The Treaty on the Functioning of the European Union and the General Data Protection Regulation (GDPR) establish the free flow of personal data within the EU and set out the rules relating to that free movement).

Another important aspect is to find out to what extent businesses store or process data in multiple geographical locations within the EU and what are the reasons for this multiple location and, respectively, local storage or processing. The Commission also seeks respondents' views on the perceived impacts of the removal of data localisation restrictions within the EU. The Commission welcomes replies particularly from businesses, including SMEs, and public sector organisations.

Which of these statements apply to you in relation to data storage or processing?

My organisation is a data service provider

My organisation operates its own data infrastructure without using third-party services

My organisation is a user of third-party data services

My organisation is a scientific research organisation

None of the above

I don't know

Do you know about legislation or administrative rules or guidelines (including those adopted in the context of public procurement) requiring to store or process data in your or other EU countries (please see part 2 of the Staff Working Document linked to on the consultation webpage for the summary of data localisation restrictions identified so far)?

Yes

No

For your own organisation's purposes, do you store or process your data in multiple locations within the EU?

Yes

No

When providing IT-related services (e.g. cloud, applications, software, infrastructure, hosting, Over-The-Top, etc.), have your customers demanded that their data is stored or processed locally (in the same country as their relevant business establishment)?

Yes

No

I don't know

In your opinion, should data localisation restrictions be removed within the EU?

Yes

No

I don't know

In your opinion, what grounds would justify keeping data localisation restrictions within the EU?

Public security

Law enforcement needs

Public policy (such as immediate availability of data for supervisory authorities)

Public health (please note that patient data may already be covered by a free movement provision under the General Data Protection Regulation)

Other

What kind of action at EU level do you consider appropriate to address the restrictions?

The EU should not address the issue

A legislative instrument

Guidance on data storage / processing within the EU

Increasing the transparency of restrictions

Other

I don't know

This part of the questionnaire aims to understand the data trading practices of businesses, and how all businesses, in particular SMEs, and other stakeholders access and trade non-personal data, and what are the perceived barriers to such trading and re-use of such data. The Commission seeks the views of businesses and other respondents on ways to enhance access to and re-use of data and data trading in Europe today.

2.1. Accessing data

This section is addressed to businesses and organisations of any size, and especially SMEs and start-ups which are seeking access to non-personal or anonymised data for running their businesses or developing new businesses. For consumer access issues, please see section 4.1 on data portability for non-personal. The aim is to find out whether and to what extent businesses and organisations have access to the data they need to develop or conduct their tasks, and furthermore to find out what role existing legislation plays in today's data markets, and whether there is a need to revise or introduce legislation to support the European data economy.

Do you currently depend to a significant extent on data resources that you acquire from others (for products or services you offer, for your internal business processes)?

Yes

No

Have you had difficulties in acquiring data from other business actors (i.e. limited or no access to the data) or have you been exposed to business practices that you consider unfair with respect to access to such data?

Yes

No

When acquiring data from other economic operators or when negotiating such acquisition: To what extent do you consider to be in a situation of equal bargaining power when negotiating data usage licences?

To a great extent

To some extent

To a minor extent

Not at all

I don't know

When acquiring data from other economic operators or when negotiating such acquisition: How often do you consider having been exposed to a situation that in your view would amount to an abuse of dominant position (as defined in competition law)?

Never

Rarely

A number of times

Often

I don't know

Does current competition law and its enforcement mechanisms sufficiently address potentially anti-competitive behaviour of companies holding or using data?

To a great extent

To some extent

To a minor extent

No

I don't know

Have you entered contracts in which certain data was defined as a trade secret?

Yes

No

2.2. Holding and supplying data

This section is addressed mostly to businesses that hold non-personal or anonymised data not subject to significant data processing ("raw" data), in particular data collected by sensors embedded in machines, tools and/or devices and who are in a position to share them. The aim is to get more information about data licensing practices.

Do you believe existing EU legislation sufficiently protects investments made into data collection by sensors embedded in machines, tools and/or devices?

Yes

No

Only in some scenarios

I don't know

If you/your organisation hold/s raw data or data sets, do you license its usage to others?

No / to a minor extent

Only to sub-contractors that perform tasks closely related to the organisation's business processes

Only to companies within an economic group (e.g. parent and subsidiaries in a corporate group/holding; affiliate, etc.)

Only within IT innovation environments, collaborating with other companies on concrete projects

Yes, to a wider range of players based on paying licences

My company makes certain datasets accessible as open data (accessible online, e.g. through a web API), licensing conditions allow many re-use options and re-use is free of charge, at least for non-commercial re-use of the data

Other

Are you including the value of at least some of the data you hold as a business asset in your balance sheets?

Yes

No

Please explain why.

This is not required by the applicable accounting/financing reporting standards

I am not sure how to measure the value of the data I have or do consider that this would prove difficult

Considerations of commercial strategy

I have not given this a thought

Other

2.3. Possible solutions

Sections 2.3.1 and 2.3.3 are directed at all respondents, including consumers and businesses. Section 2.3.2 is directed at businesses that deal with data collected by sensors embedded in machines, tools and/or devices. The aim is to receive input on what a possible future EU framework should look like to support a thriving, diverse and innovative European data economy.

2.3.1. General objectives for a future EU framework for data access

To what extent do you agree with the following statements (1=not at all,2=to a minor extent, 3=neutral/I don't know, 4=to some extent, 5=to a great extent):

Trading of non-personal machine-generated data should be enabled to a greater extent than it is today.

The sharing of non-personal machine-generated data should be facilitated and incentivised.

Investments made into data collection capabilities and data assets should be protected.

Sensitive business and confidential data should always be safeguarded.

Lock-in effects in the data market should be minimised, especially for SMEs and start-ups.

2.3.2. Access for public sector bodies and scientific research

Could you agree to an obligation to license the use of (non-personal) data you hold for any of the following purposes (subject to conditions)?

For the establishment of statistics by public statistical offices

For government agencies for the prevention of public health or other specified risks

For government agencies in order to address other societal challenges (e.g. improving urban planning, manage supply of energy)

For scientific research that is funded from public resources

Other

I would not agree to such an obligation for any purpose Do you consider there should be action at EU level to address access to such data for the entities mentioned in the previous question (the establishment of statistics by public statistical offices, government agencies for the prevention of public health or other specified risks, government agencies in order to address other societal challenges (e.g. improving urban planning, manage supply of energy), scientific research that is funded from public resources)?

The EU should not address the issue

Yes, but only voluntary measures (e.g. industry self-regulation)

Yes, through legislative measures (for a scope to be defined)

I don't know

2.3.3. Access for other commercial entities

The following questions ask for an assessment of a number of potential measures that might help to make more data held by one commercial entity available for re-use by another commercial entity. Would you agree with the following statement: More data would become available for re-use if the Commission would issue guidance on how access, use and re-use of data should be addressed in contracts (data usage licences) – based on existing legislation (in particular the Trade Secrets Protection Directive, copyright legislation and the Database Directive)?

Yes

Sometimes

No

I don't know

What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: The optimal solution for making data collected by sensors embedded in machines, tools and/or devices available for re-use is to leave it entirely to the parties to decide (by contract) who should have the right to license the usage of these data, how and to whom.

Yes

Sometimes

No

I don't know What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if more data holders used Application Programming Interfaces (APIs) to facilitate access to the data they hold, and these APIs were designed and documented in a way easy to use by third party application developers.

Yes

Sometimes

No

I don't know What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if legislation would define a set of (cross-sector or sector-specific) non-mandatory contract rules for B2B contracts, possibly coupled with an unfairness control in B2B contractual relationships) for allocating rights to access, use and re-use data collected by sensors embedded in machines, tools and/or devices were defined.

Yes

Sometimes

No

I don't know What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if a set of recommended standard contract terms were to be drafted in close collaboration with stakeholders.

Yes

Sometimes

No

I don't know What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if a company holding data which it protects through technical means against illicit misappropriation had civil law remedies against such misappropriation (e.g. the right to seek injunctions, market exclusion, or to claim damages).

Yes

Sometimes

No

I don't know

What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data collected by sensors embedded in machines, tools and/or devices would become available for re-use if both the owner or user of the machine, tool or device and the manufacturer share the right to license the use of such data.

Yes

Sometimes

No

I don't know

What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if the companies active in the production and market commercialisation of sensor-equipped machines, tools or devices were awarded an exclusive right to license the use of the data collected by the sensors embedded in such machines, tools and/or devices (a sort of sui generis intellectual property right).

Yes

Sometimes

No

I don't know

What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

Would you agree with the following statement: More data would become available for re-use if the persons or entities that operate sensor-equipped machines, tools or devices at their own economic risk ("data producer") were awarded an exclusive right to license the use of the data collected by these machines, tools or devices (a sort of sui generis intellectual property right) to license the use of the data that the machine, tool or device collects as a result of the data producer's operation to any party it wishes (subject to legitimate data usage exceptions for e.g. manufacturers of the machines, tools or devices).

Yes

Sometimes

No

I don't know

Please explain. 1000 character(s) maximum (1000 characters left)

What impacts (if any, including economic) on competition and innovation would you expect from the solution described in the previous question? 1000 character(s) maximum (1000 characters left)

To what extent would you agree to an obligation to license for the re-use of data generated by machines, tools or devices that you have commercialised under fair, reasonable and non-discriminatory (FRAND) terms?

To a large extent

To some extent

To a minor extent

Not at all

To what extent would you agree to an obligation to license for the re-use of data generated in the context of your online platform through its users under fair, reasonable and non-discriminatory (FRAND) terms?

To a large extent

To some extent

To a minor extent

Not at all

This part of the questionnaire aims to understand the level of awareness, as well as the respondents' experiences and issues related to liability for products and services coming out of Internet of Things (IoT) technologies and autonomous systems. The questions are also meant to gather evidence for a proper assessment of the adequacy of the Product Liability Directive (85/374/CEE) to respond to IoT and robotics liability challenges. The Commission seeks the views of producers and users of IoT technologies and autonomous systems in this section.

3.1. Extra-contractual liabilities: IoT and robotics products and services

Questions for producers/suppliers/manufacturers

As a producer/supplier: please indicate which new IoT and/or robotics technological developments you deal with.

Non-embedded software/mobile apps

Advanced and new sensor equipment

Smart medical devices

Robots, e.g. for care, surgery, industrial robots, other

Automated cars

Smart objects, i.e. thermostats, fridges, watches, cars

Drones

Other

As producer of IoT/robotics devices, did you ever experience problems in not knowing in which category (product/service) to classify the device in order to comply with a specific liability regime on provision of services or manufacturing of products?

Yes, to a significant extent

Yes, to a moderate extent

No, I never experienced this problem

I don't know

Do you, as a producer, take into account the possibility of being held liable for potential damages when pricing IoT/robotics devices?

Yes

No

Have you ever been held liable for damage caused by your IoT/robotics defective device?

Yes

No

I don't know

As a producer, do you have a specific insurance for IoT/robotics products to cover your liability in case of compensation?

Yes

No

I don't know

Questions for consumers/end-users

As a consumer, have you suffered damage due to a defective IoT/robotics device?

Yes

No

As a consumer/user have you ever experienced a software security problem (e.g. failure of the software, cyber-attack) when using your IoT/robotics product?

Yes

Yes, but I do not know the exactly problem or cause.

No

As a consumer/user of an IoT/robotics device, how easy it is to update the software of your device?

Easy

I can manage

It is too inconvenient, complex, difficult

My device is automatically updated/patched by the manufacturer or developer

I do not have to update it

Other

As a consumer, what (if anything) makes you reluctant to buy IoT/robotics products or services?

They are technologically too complicated to use

Price

I am not interested

Privacy risks

Software security problems, Cyber security risks

Legal uncertainty: I didn't know whether I would receive a compensation in case of damage

In case of damage, it is difficult to understand where the cause of damage lies

No reluctance at all

Other

Do you think IoT/robotics products and services should be equipped with an event data recorder to track what the device was doing when the damage occurred?

Yes

No

I don't know

In the EU country where you live, are there specific rules on liability for damage caused by the new technological developments, such as IoT/robotics products? If you are aware of such rules, please indicate them. 1500 character(s) maximum (1500 characters left)

In your opinion, who should bear the liability in case of damages caused by defects or malfunctioning of a smart device which combines tangible goods (a car), digital goods (an app) and services (e.g data services)?

The producer of the physical device

The provider of the digital good (software and/or app)

The producer of the physical device jointly with the provider of the digital good (software and/or app)

The attribution of liability is better dealt through contracts on a case-by-case basis

To be established on a case-by-case basis based on the best positioned to avoid risks

To be established on a case-by-case basis based on the entity generating the highest risks

Other

As end-user (consumer/company) active in the data economy, have you directly experienced/entered into agreements, or are you aware of contracts that reduce substantially the liability of providers of IoT products/services/robots? 1000 character(s) maximum (1000 characters left)

What type of contractual liability limitations have you faced (e.g. on errors, accuracy and reliability of data, defects, functionality and availability of service, risk of interception of information, cyber-attacks)? 1000 character(s) maximum (1000 characters left)

Which exclusions (damage to property, financial loss) or limitations of damages (e.g. caps) connected in any way with the use of IoT products/services/robots have you experienced or are you aware of? 1000 character(s) maximum (1000 characters left)

Do you think the attribution of liability in the context of IoT/Autonomous systems products and services can adequately be dealt with through contracts?

Yes

Partially

No

3.2. Possible options and a way forward (both for consumers/end users and producers of IoT/Robotics devices)

Do you think a risk management approach in which the party that is best placed to minimise or avoid the realisation of the risk (e.g. the manufacturer of the IoT device, or the software designer) could be a way forward?

Yes

No

I don't have information about what a risk management approach would entail and would thus prefer not to answer

I don't know

In your opinion, who should bear the liability in case of damages caused by defects or malfunctioning of a smart device which combines tangible products, digital products and services? 1000 character(s) maximum (1000 characters left)

What type of liability, contractual or extra-contractual, is, in your opinion, the most consumer-friendly way to deal with damages caused by defects or malfunctioning in smart devices, which combine tangible products, digital products and services?

Contractual

Extra-contractual

None of them

I do not know

Do you think that the liability in relation to smart devices combining products and services require an ad hoc approach at EU level? 1000 character(s) maximum (1000 characters left)

Independently of who is considered liable, should there be a liability cap, i.e. an upper bound to the compensation of damages?

Yes, for all IoT products

Yes, but only for specific products in the experimentation/testing phase

Yes, but only for specific products abiding by strict safety standards

No

I do not know

What is your opinion on the idea of best practices guidelines and/or expected care and safety standards that, if fulfilled, would automatically exclude/limit liability?

I agree, for all IoT products

I agree, but only for specific products in the experimentation/testing phase

I agree, but only for product performing automated actions or taking independent decisions

I do not agree

I do not know

Is there a need for mandatory cyber insurance?

Yes, for all IoT products

Yes, but only for specific products in the experimentation/testing phase

Yes, but only for product performing automated actions or taking independent decisions

No

I do not know

Do you feel protected by the current legal framework (both Business-to-Business and Business-to-Consumer) for algorithms, e.g. in case it can be proven that an accident has been caused by a bug in the algorithm?

Yes

No

I don't know

Should some sorts of standard certification or testbedding be envisaged for algorithm based services?

Yes

No

I don't know

Who should be liable for defects or accidents caused by products embedding open algorithms, i.e. algorithms developed through cooperative platforms?

The producer

The user

The participants to the cooperative platform jointly

Nobody

Other

4.1. Portability of non-personal data

This section is directed towards all respondents, including consumers, organisations and businesses. The objective of this section is to explore business situations where portability of non-personal data can unlock opportunities and/or eliminate blockages in the data economy, as well as the effects of such conditions on all the concerned actors.

Are you using or have you used services which allow you to port or retrieve non-personal data that you had previously provided?

Yes

No

I don't know

What advantages does/would portability of non-personal data bring to you/your business?

Build value deriving from these data

Trade data on data trading platforms

Give access to third parties to the data

Switch easily service provider without losing these data

Other

Is your business offering portability of non-personal data to its business or individual clients?

Yes

No

Are you aware of other good examples of services offering data portability? Please specify. 1000 character(s) maximum (1000 characters left)

If you are a business user of cloud services or online platforms: Have you experienced difficulties in switching providers?

Yes

No

I was not interested in switching providers

Do you see a specific need for businesses to receive non-personal data in a machine-readable format, as well as the right to licence the use of such data to any third party (i.e. the right of data portability under article 20 GDPR extended to any user and to non-personal data)?

Yes

No

I don't know

If you have further comments on portability rights, please insert them below. 1000 character(s) maximum (1000 characters left)

What are the possible effects of introducing a portability right for non-personal data regarding cloud services? Please consider positive and possible adverse effects, and consequences for your business and, more generally, for the user of the cloud service as well as the service provider and other concerned actors. 1500 character(s) maximum (1500 characters left)

What are the possible effects of introducing a portability right regarding non-personal data generated by sensor-equipped machines, tools and/or devices? Please consider positive and possible adverse effects, and consequences for your business and, more generally, for the user of the services as well as manufactures, service providers and other concerned actors. 1500 character(s) maximum (1500 characters left)

What are the possible effects of introducing a portability right for non-personal data regarding online platforms? Please consider positive and possible adverse effects, and consequences for your business and, more generally, for the business user of the platform, consumers, intermediary (data) services, the online platform and other concerned actors. 1500 character(s) maximum (1500 characters left)

4.2. Interoperability and standards

This section is primarily directed towards businesses and organisations. The objective of this section is to get the stakeholders' opinions on the best approaches to technically support data portability and access to data.

As a provider of cloud services, do you provide “standard-compliant” solutions?

Yes

No

As a user of cloud services, do you give preference to “standard-compliant” solutions?

Yes

No

For which reasons would/do you use a “standard-compliant” cloud solution

Data portability of non-personal data

Service interoperability

Privacy, data protection compliance & Security

Cloud management

Service Level Agreement

Other

What do you consider as a priority for facilitating access to data and to improve its technical and semantic discoverability and interoperability?

Common metadata schemes (including differentiated access, data provenance, quality)

Data catalogues

Use of controlled (multilingual) vocabularies

Common identifiers

Other

What technical instruments should be used for promoting/implementing your priorities suggested in the previous question?

Definition of new standards

Improvement of existing standards

Recommendations

What legal instruments should be used for promoting/implementing your priorities suggested in the same question?

EU regulation

Guidelines

Support actions

Other

Do you see the need for the definition of a reference architecture recommending a standardised high-level framework identifying interoperability interfaces and specific technical standards for facilitating seamless exchanges across data platforms?

Yes

No

Additional contribution

Please feel free to upload a concise document, such as a position paper. The maximal file size is 1MB.

Please note that the uploaded document will be published alongside your response to the questionnaire which is the essential input to this open public consultation. The document is an optional complement and serves as additional background reading to better understand your position.