If data is the oil of the digital economy, data pools are a means of avoiding the emergence of 'Standard Data Inc.' and/or other monopolies. Although there is no legal definition of a data pool, the term typically describes settings where a multitude of market participants combine their digitised information relating to a specific topic via a centralised IT infrastructure. If a data marketplace allows its participants to share data they keep and control with other participants on a peer-to-peer basis, this will not necessarily constitute data pooling.
Combining and sharing data can help participating companies to develop innovative products and services or gain far-reaching insights for the improvement of existing products or services. With more and more products incorporating digital or connected elements, manufacturers and suppliers of these products need to understand incoming legislation which governs the sharing of non-personal as well as personal data. The European Commission has focused on competition and privacy issues, as well as on facilitating innovation and freeing up data for altruistic uses.
Nevertheless, data pooling raises various legal issues, including in contract and antitrust law, and, if personal data is affected, privacy concerns. When the European Union shaped its current strategy for data, it was aiming to create Common European data spaces to ensure that more data becomes available for use in the economy and society, while keeping the companies and individuals who generate the data in control. Alongside legislation to enact Common European Data Spaces, two pieces of legislation critical to protecting the rights and interests of citizens while simultaneously fostering industrial and technological development have been passed: the Data Governance Act of 30 May 2022 (DGA) which has applied since 24 September 2023, and the Data Act of 13 December 2023 (DA), which will generally apply from 12 September 2025.
The DGA aims to promote the re-use of public sector or protected data across various sectors. It also encourages data sharing in the private sector by providing rules for data intermediaries, and promotes data sharing for altruistic reasons. The DA (among other things) regulates the access to, use and making available of product data and related service data, ie data generated by the use of a connected product and/or representing the digitisation of user actions or of events related to the connected product, while protecting trade secrets and intellectual property rights.
So, what’s new and in here that facilitates data pooling?
The DGA and data intermediaries
The DGA also sets up a framework to encourage private sector data sharing and data sharing for altruistic purposes. Private organisations and individuals can benefit from the data sharing. As such, the DGA’s rules on data intermediaries are of particular importance as they act as conduits for trusted data sharing. As defined in Article 2(11) DGA, data intermediaries serve to establish commercial relationships for the purposes of data sharing between data subjects, data holders and data users. Pursuant to Recital 27 DGA, they are expected to become key to voluntary data sharing practices as they might link the various actors, fostering efficient data pooling and bilateral data sharing.
The substantive requirements for providing data intermediation services are, in particular, set out in Article12 DGA in a catalogue of fifteen dos and don’ts. Overall, they aim to establish and ensure fair market conditions. None of these duties is explicitly referring to data pooling but some are regulating key issues: product manufacturers are likely to be interested in the provisions on data formats and interoperability and the requirement that access procedures must be fair, transparent and non-discriminatory. Other rules are less specific to data pooling scenarios but pursue more general goals such as trust and security, including duties to provide information, on adequate measures to prevent unlawful access to or transfer of data, and on the maintenance of a log record.
The DGA refrains from providing further explicit rules on competition aspects which might be relevant for data pooling settings, in particular, if such pools are not accessible for anyone being interested. Article 1(4) DGA clearly states that the application of competition law remains unaffected.
The DGA increases the possibility that data held by public sector bodies can be made available for re-use for commercial and non-commercial purposes (Articles 3-9 DGA). The Regulation does not require such re-use but aims to establish general standards to encourage it e.g. by largely prohibiting exclusive arrangements to ensure a broad availability of public sector data generated at the tax payers' expense. Furthermore, the DGA includes a special chapter to facilitate data altruism for entities collecting data for the greater good, ie data altruism organisations operating on a not-for-profit basis. As a result, the degree of regulatory intervention is lower while picking up the more general requirements on transparency, information and/or security requirements.
The Data Act
The DA regulates non-personal data from a different angle. Its main focus is on ensuring businesses and individuals are able to benefit from the data they contribute to generating, particularly data being generated by the use of a connected product and/or embodying the digitisation of user actions or of events related to the connected product. Legally, non-personal data is not subject to an ownership-like right. While there are related protections for trade secrets and databases, the reality is that the ability to exploit non-personal data is usually down to who controls it. The DA provides for duties on the design of connected products and related services to enable users to access usage data directly (Article 3).
Alternatively, where data cannot be directly accessed by the user from the connected product or related service, data holders are required to make readily available data and relevant metadata necessary to interpret and use those data accessible to the user (Article 4). The user is entitled to share such data with third parties and/or ask the data holder to make it directly available to a third party (Article 5). An exception to accessibility by third parties is any undertaking designated as a gatekeeper under Article 3 of Digital Markets Act, so big tech companies including Apple, Meta, and Microsoft cannot benefit.
There are complex provisions on the handling of included trade secrets, including a right for the data holder to make access to data conditional on the user’s agreement to measures to preserve their confidentiality. Only in very exceptional scenarios can the data holder deny a request for access on the basis of trade secrets. Neither the user nor the data recipient can use supplied data to develop a competing connected product (Articles 4(10) and 6(2)(e)), but using the data to develop a competing service or a new innovative product is actively encouraged (Recitals 32 and 39).
The right to make such data available to third parties enables and promotes data sharing on the basis of bilateral agreements. Article 6 DA provides guardrails for the terms under which data holders make data available to data recipients. It includes FRAND and transparency obligations for B2B contracts, general non-discrimination duties and ties terms on access and use of data to specific rules on unfair contractual terms. The list in Article 13 regulates unfairness scenarios at different intervention levels without tackling issues particularly specific for data pooling settings. In B2B transactions, the data holder may request compensation from the data recipient for the making available (Article 9(1)).
A data recipient may conclude a multitude of corresponding agreements, and may, unless the agreement with the user explicitly provides otherwise, pool such usage data. As there is no ownership right in data, the DA does not have to explicitly permit pooling. Subject to the limitations resulting from the protection of trade secrets and/or terms agreed with the user, the data recipient may also make the pooled data available to other third parties.
Data pooling and the making available of such data still have to respect the boundaries of the competition law as explicitly stated in Recital 116 of the DA. While the DA does not create new legal rules around data pooling, its provision for access, use and sharing rights is a precondition for their emergence.
Key takeaways
Data sharing and data pooling represent a significant leap forward in the collaborative use of data and thus the development of manufacturing 4.0. They offer a way to harness the power of collective data assets, which can lead to innovation and more informed decision making. However, the success of these pools depends on robust governance, a clear understanding of their business model, and adherence to legal and ethical standards. As the data landscape continues to evolve, data sharing and data pools stand out as an example of the power of collaboration in the digital age. Those involved in the connected products supply chain will need to be aware of the new rules governing the use of non-personal as well as personal data.