The European Commission recently announced its five-year strategy for an open, fair, diverse, democratic and confident digital Europe. At the core of this vision is the idea that the EU can become a role model for a society empowered by data to make better decisions and benefit every aspect of its citizens' lives, from ensuring more conscious energy consumption to better healthcare services.
According to the International Data Corporation, the volume of data produced globally is expected to grow from 33 zettabytes in 2018 to an astounding 175 zettabytes in 2025 with a significant increase in edge computing over centralised computing facilities.
Each new wave of data creates opportunities for the EU to become a single market for data and compete with key global players such as China and the US.
To release this potential, the EC wants to ensure better access to data and more effective data-sharing tools while preserving high privacy, security, safety and ethical standards – not an easy balancing exercise. A key part of this will be the development of common European data spaces in strategic economic sectors and domains of public interest.
The Commission's Strategy centres around four main pillars:
A priority for realising this vision is to put in place an enabling legislative framework for the governance of common European data spaces. This framework will support decisions on what data can be used in which situations, facilitate cross-border data use, and prioritise interoperability requirements and standards within and across sectors.
The Commission also intends to make key public sector data sets available across the EU for free, in machine-readable format and through standardised APIs, taking into account the particular needs of SMEs.
Finally, the Commission aims to provide incentives for horizontal data sharing across sectors and foster business-to-government and business-to-business data sharing. It will address any undue barriers to data sharing, in particular around usage rights for co-generated data (such as IoT data in industrial settings), typically seen in private contracts.
The first legislative proposal to emerge as part of the Strategy is the Data Governance Act which was published at the end of 2020.
The Commission recognises that its strategy requires investment, from both the private and public sector, of some €4-6 billion, of which the Commission aims to finance €2 billion.
An interesting development will be a coherent framework around the different applicable rules for cloud services, in the form of a 'cloud rulebook'. The Commission, with the support of the relevant Member State authorities, will pay particular attention to the adherence of cloud service providers operating in the EU market to EU rules (eg GDPR, Free Flow of non-personal Data Regulation and the Cybersecurity Act) and, where relevant, their envisaged implementation through self- and co-regulatory mechanisms to increase trust and automated compliance.
A key part of the Strategy is the focus on individual rights in respect of personal data already established under the GDPR. The Commission has announced it will enhance the right of data portability (Article 20), giving individuals more control over who can access and use machine-generated data, for example through stricter requirements on interfaces for real-time data access and making machine-readable formats compulsory for data from certain products and services eg smart home appliances and wearables.
The Commission will support the establishment of common European data spaces in the following strategic sectors and domains: industrial (manufacturing), Green Deal, mobility, health, financial, energy, agriculture, public administration and skills.
The investment in these data spaces will, in theory, lead to the availability of large pools of data combined with the technical tools and infrastructure necessary to use and exchange data, as well as appropriate governance mechanisms. The data spaces will naturally need to respect all applicable data protection rules and be developed according to the highest available cybersecurity standards.
There are several issues that could hinder the EU's efforts to create a true single market for data.
Governments could do more in opening up public sector information to businesses and there is currently not enough private sector data available for use by the public sector to improve policy-making and public services. Similarly, data sharing between companies has not taken off at sufficient scale in spite of the economic potential.
While the Data Governance Act aims to address these issues, it remains to be seen whether its efforts to provide a trusted framework for sharing data will be successful.
Currently, a small number of Big Tech firms hold a large part of the world's data, which could reduce the incentives for data-driven businesses to emerge, grow and innovate in the EU.
The high degree of market power resulting from this huge 'data advantage' enables large players to unilaterally impose conditions for access and use of data which can be further leveraged when developing new services and expanding towards new markets.
Again, the EU is seeking to address this through its Digital Markets Act.
As well as its structure, authenticity and integrity are seen as potential issues especially in the context of AI deployment. Similarly, a new data economy where less data is stored in data centres, and more data is spread in a pervasive way closer to the user 'at the edge' naturally brings new challenges for cybersecurity.
It will be essential to preserve the highest standards of data security to foster data sharing and ensure trust among the different actors of these European data ecosystems, hence the plans to update the NIS Directive.
The European Data Strategy is more of a strategic outlook and an announcement defining the framework for future activities of the European Commission, than a technological state of the art description.
The Strategy is laudably ambitious, but the stakes are high. Like other countries and trading blocs, the EU's technological future depends in large part on whether it manages to harness the strengths and seize the opportunities offered by the ever-increasing production and use of data.
Mary Rendle looks at the UK's plans to unlock and leverage the benefits of data.
1 of 5 Insights
Paul Voigt looks at the latest on the evolution of the draft ePrivacy Regulation.
3 of 5 Insights
Debbie Heywood looks at the EC's proposals to facilitate public-sector data sharing and data altruism.
4 of 5 Insights
Our experts look at EU and UK plans to refresh rules on network and information systems cybersecurity.
5 of 5 Insights