On 23 February 2022, the European Commission (EC) published a Proposal for a ‘Regulation on harmonised rules on fair access to and use of data (Data Act)’. This legal instrument will horizontally set rules applicable to the relationship between manufacturers and users of Internet of Things (IoT) devices. The Data Act Proposal assigns users of IoT products and related services a new right to access and share the data generated by their use, with the aim to ‘ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data available for all’, as the EC stated in the accompanying press release.
The Max Planck Institute for Innovation and Competition (the Institute) has published a Position Statement that welcomes this initiative and provides a comprehensive analysis of the proposed rules. The Institute acknowledges that the Data Act Proposal seeks to strike a balance between promoting access to and sharing of IoT data and protecting other conflicting rights. However, the tension between the new rules introduced by the Data Act Proposal and potential intellectual property protection, including copyright protection, will require further coordination efforts. This post focuses on selected copyright and related rights matters that the Institute details in its Position Statement.
1. Key coordination issues
The Data Act Proposal explicitly addresses the relationship between the new right to access and share IoT data and the sui generis database right provided for in Article 7 of Directive 96/9/EC. Article 35 Data Act Proposal stipulates that the sui generis right ‘does not apply’ to databases containing data obtained from or generated by the use of IoT devices. While the Institute ‘agrees that there is a need for excluding the applicability of the sui generis right where it conflicts with the exercise of the IoT data access and use right’ (para 257) , it highlights that ‘there is still room for optimising the text concerning Article 35’ (para 258). The Institute explains in detail how this provision should be interpreted and how it could be improved.
Surprisingly, the Data Act Proposal does not address at all potential conflicts between the new set of rules on the one side, and copyright and related rights on the other. There are however a number of reasons why the issue should have been considered. First, some IoT data could qualify for copyright or, more likely, related rights protection: e.g. photographs made automatically by cameras attached to planes or satellites (para 274). Second, some creative databases could at least in principle qualify for copyright protection, thus bringing about coordination problems with the new right of access and use, especially in light of the very definition of ‘data’ under Article 2 Data Act Proposal, which includes ‘any compilation’ of ‘acts, facts or information, including in the form of sound, visual or audio-visual recording’. This means that even an entire database may constitute the subject of the data access and use right under Article 4 of the Data Act Proposal. If such database were protected by copyright, the two regimes would enter into direct conflict, just as in the case of a sui generis protected database (para 271). Third, Article 11 Data Act Proposal allows the data holder to make use of technical protection measures (TPMs), which are additional means to enable and safeguard de facto data control. The rule ‘seems in general appropriate’ (para 118). However, it should be clarified that TPMs should not be used as a means to prevent [not only access to data, but also] interoperability of the data which the data holder is under an obligation to make available’ (para 118). Fourth, ‘[a]nother fundamental issue is potential copyright protection for software elements that may hinder interoperability.’ (paras 223-225). This is a crucial problem, which is analysed in the MPI Position Statement, and also reported in more detail below.
2. Infrastructural perspective
One of the Proposal’s objectives is to foster data availability, facilitating the uptake of data-driven markets. To achieve this, the Commission envisages in the Data Act Proposal the creation of interoperable Common European Data Spaces. In Chapter VIII, Article 28(1), the Proposal includes technical requirements directed at data space operators to facilitate access to data. In this regard, it references application programming interfaces (APIs) as one example of the technical means to achieve data access as per Article 28(1)(c). However, the Data Act Proposal does not provide any guidance regarding the applicability of APIs and the possible conflict that might exist if intellectual property (IP) rights such as copyright and patents protect these APIs (on copyright protection for APIs in the EU, see Case C-406/10 SAS Institute (paras 29-46)). The Institute considers that the existence of these IP rights might put at risk the whole interoperability concept of the Common European Data Spaces. The Institute, therefore, recommends that Article 28 of the Data Act Proposal should anticipate solutions to this tension between potential IP protection of APIs and the need to provide access to data (para 223). Furthermore, ‘Article 28(1)(c) is not the only place where the legislature could address this tension. Future intellectual property legislation could clarify, narrow or even exclude the availability of IP protection of APIs to favour dynamic competition’ (para 224).
3. Final considerations and the way forward to facilitate data-driven innovation
Besides the problems of coordinating the new right to access and share IoT data with existing IP rights, the Position Statement also poses a fundamental question: whether ‘the proposed IoT data access and data sharing regime can be used as an efficient means to make IoT data more broadly available to enhance data-driven innovation in any given context’ (para 333). The Data Act Proposal overlooks the existence of two different types of innovation. On the one hand is innovation which offers an added value to existing products or services, e.g. repairing. This type of innovation might foster competition in aftermarkets and could benefit in principle from the new right as designed in the Data Act Proposal. On the other hand, there is a broader type of data-based innovation concerning new services and products in areas unrelated to the IoT products initially purchased by the user (para 333). This type includes, for example, ‘AI analytics and advanced data-driven services’ (Impact Assessment Report, at 23). In this area, the Data Act Proposal would not be truly effective since the IoT access right is based only on a user-centred approach and thus does not provide access to aggregated data (para 333). The Institute considers that promoting data accessibility and availability at an individual user level is not enough for AI data-driven innovation, which requires access to aggregated data for the purpose of machine learning (ML) training (para 335). In this perspective, likely ‘the Data Act will not be the last piece of the puzzle that the EU legislature will add to the legal framework for the digital economy’ (para 5).
For more details on these aspects and many others, have a look at the full Position Statement, here.