How to build the data economy: creating a legal and policy framework that sets the right safeguards while allowing us to reap the rewards of data
Author: Javier Fernández-Lasquetty, Professor at IE Law School, IE University
Looking at the world around us, which has been shaped by the exponential growth of information and communications technology, one thing is clear: data is the oil of the 21st century. But for oil to be useful, it has to be extracted, refined and distributed. We already know how to extract value from a barrel of oil, but how does this work with data?
Activities related to artificial intelligence—and Industry 4.0 in particular—cannot operate without data. This data must meet certain intrinsic requirements: it must be varied, be available in sufficiently large volumes, and it must be capable of being processed at an appropriate speed. It must also be recent, although historical data is also relevant in certain contexts.
In addition, due to the nature of data, managing it as a raw material for artificial intelligence still raises many concerns. As a result, business models must be based on a clear legal and economic policy framework.
A data protection framework: Europe Develops Its Own Legal Space
In 2015, the European Union launched its Digital Single Market strategy. One of its most important actions was creating a European data economy.
In October 2016, Professor Josef Drexl—Managing Director of the Max Planck Institute for Innovation and Competition—put an issue on the agenda that would become a constant of European policy: finding a balance between data ownership and allowing data to be shared between stakeholders in the new economy.
The European Commission embarked on this path in 2017 in a communication entitled, “Building a European Data Economy”. Here, it established its policy as seeking “to create a clear and adapted policy and legal framework for the data economy, by removing remaining barriers to the movement of data and addressing legal uncertainties created by new data technologies.”
Some of the noteworthy actions mentioned in this document include the free circulation of data, access to and the transfer of machine-generated data, and the portability of non-personal data. The document also raised questions around liability and the security of these technologies, putting special emphasis on experimentation and testing.
Due to the nature of data, managing it as a raw material still raises many concerns. As a result, business models must be based on a clear legal and economic policy framework.
Just a few weeks ago, the commission released a white paper on artificial intelligence and a communication on the European data strategy. These documents discuss different regulatory initiatives based on three key legislative components: data protection, consumer protection and competition. By 2021, a data law to revise and adjust the European legal framework is planned.
The model, therefore, is to share. Data is dumped into large repositories that can be used by a wide variety of organizations. While Europe does not have GAFA (Google, Apple, Facebook, and Amazon), which accumulate and filter massive amounts of data, it does have large industrial and utility companies which use data and require it to continue developing Industry 4.0. It also has a sizable network of small and, above all, medium-sized businesses with great capacity for technological development.
This is a sensible approach, but it has to take into account the distinct nature of each participant. It’s like the savanna, where animals go to the Zambezi River to drink. Each animal needs water and they all gather at the same place, but even while sharing this common space, they must never let their guard down. So some kind of data protection law is a given.
Issues surrounding personal data use
The second issue we must address is how to manage personal data. Our starting point is the established data protection framework known as the General Data Protection Regulation (GDPR), which sets limits on data use. Compared with other parts of the globe where regulations are much more lax, it remains to be seen if this European model of data protection law will ultimately prevail considering that it is becoming increasingly influential—even if it undoubtedly places constraints on the development of the data-driven economy. Once again, we have to find a balance.
Alongside personal data use, it is true that there is a large volume of non-personal data generated by machines or nature, such as weather data, ground composition, etc., that can be used without these limitations.
However, personal data is also necessary—although in a different way and depending on the particular objective. While platforms need personal data to profile consumers and offer them products, the Industry 4.0 approach to personal data use places importance on data aggregation rather than each specific user’s individual data. While sufficient guarantees for anonymity are a must, aggregated data use is necessary in the data-driven economy.
Finally, there is also data that is produced by both machines and users. This issue is already starting to be seen with fully monitored vehicles that are able to transmit high volumes of information. Who does this data belong to? To the vehicle manufacturer, the manufacturer of the unit that measures the car’s performance, or the driver
Similarly, in the case of user-generated data, debates on ownership also arise—and will continue for some time yet. The GDPR data protection framework does not establish data ownership rights, but solutions from a consumer rights or data portability perspective have been proposed. In any event, these data protection law dilemmas need to be resolved and a balance must be achieved—this time between individual and collective interests.
Patents and Trade Secrets
Another field of study is the role that intellectual property rights—specifically patents and trade secrets—play, and will continue to play in the future. In 2019, the World Intellectual Property Organization (WIPO) published a report on artificial intelligence. It noted there are more than 130,000 related patents in different fields, not only in the industrial and manufacturing sphere but also financial services (relating to fintech, blockchain, etc.), predicting an increase in litigation in this field.
This situation is already a reality in telecommunications, where the creation of the 5G standard has driven many companies—including many Chinese companies—to obtain new patents, combining these with patents already in existence for previous standards which are still in force.
While “essential patents” and a system for obtaining licenses under fair conditions (fair, reasonable and non-discriminatory or FRAND) do exist, we’re living in a highly litigious environment. The application of the FRAND system could be a solution for the data-driven economy, but a supranational system eliminating the need to litigate in different jurisdictions is yet to be established.
In November 2015, the WIPO published an economic research report on disruptive technologies, including robotics and artificial intelligence. After analyzing this market and the activities taking place in it, the report concludes that, while patents do exist, algorithms are continuously generated and modified. These rapid changes make trade secrets a very important alternative for protection.
Europe took a significant step forward by publishing the directive on trade secrets in 2016, which has now been incorporated into the legislation of all EU countries. We have yet to see how it will be applied by the courts, if it will have a positive impact on the intra-European transfer of trade secrets, and whether we will need a directive 2.0 or a new regulation.
While patents do exist, algorithms are continuously generated and modified. These rapid changes make trade secrets a very important alternative for protection.
Opponents of Trade Secrets
Naturally, there are those who oppose trade secrets. Much has been said elsewhere on the need for algorithm transparency and how trade secret legislation—in the United States especially—can create black boxes that make it difficult to control biases and other distortions.
In the data economy, trade secrets must be shared and fair access standards must be established. The European Union has published a guide on data sharing in the private sector, and more initiatives in this direction will be necessary.
To conclude this exploration of data protection framework issues, we are progressing towards a European data economy with a model that is clear and distinctive to other parts of the world. Multiple tasks and challenges lie ahead of us, but we are on the path to finding a suitable legal framework that will allow us to properly develop the data economy.
Javier Fernández-Lasquetty is Partner at ELZABURU, specialising in Intellectual Property and Information Technology. He was Legal Counsel and General Legal Counsel in several IT and consultancy companies and IP/IT partner at a multinational law firm. He is panelist of WIPO Arbitration and Mediation Center and Professor of the WIPO Academy. He also is an active member of professional associations as AIPPI, ALAI and INTA and member of the Board in LES Spain & Portugal and DENAE (Spanish Entertainment Law Association).
Note: The views expressed by the author of this paper are completely personal and do not represent the position of any affiliated institution.