Governing Data Intermediaries – The Data Governance Act: Principles, Frictions, and Perspectives
The paper ”Governing Data Intermediaries – The Data Governance Act: Principles, Frictions, and Perspectives” (von Ditfurth, L., Hennemann, M., Lienemann, G.) will be presented at the 11th FSR Annual Conference “From Data Spaces to Data Governance” (9-10 June, 2022).
With parliamentary deliberations set for March 2022, the Data Governance Act (DGA) will likely mark the first legislative instrument to become operational under the European Commission’s Data Strategy. Along with other rules aimed at incentivising the fruitful re-use and sharing of data in and between the private and public sectors, the DGA introduces regulation for a newly emerging type of business entity – so-called “providers of data intermediation services” (or “data intermediaries” for short). In order offer their services on the market, businesses will have to submit to a prior notification procedure, as well as showing compliance with several conditions placed on their economic activities.
Considering parallel EU ventures in the field of large-scale platform regulation that are bound to affect key actors of the digital economy (most prominently, gatekeepers under the proposed Digital Markets Act), the role of data intermediaries as envisioned by the DGA needs to be carefully delineated and scrutinised. In particular, the question arises whether the exalted ideal of competitive and trustworthy data sharing through registered third parties is in fact achieved by and reflected in the DGA’s normative substance. Critics within the industry argue that the obligations imposed upon providers will drive up compliance costs and will therefore stifle existing and emerging business models based on data intermediation. Uncertainties as to the precise scope of the term “data intermediary” and regarding the obligations’ enforcement further obscure the regulatory impact of the DGA.
Our research intends to shed light on these and other legal issues by examining in-depth the provisions dedicated to data intermediaries in the DGA, including from a policy and a comparative angle. In essence, we aim to contribute towards a better understanding of the DGA as a basis for informed discussion on the legal framework and possible alternatives.
Research Design and Expected Results:
Our analysis of data intermediaries under the proposed DGA departs from key economic implications and developments found in data-centric sectors. After outlining the core principles of value creation with data in today’s economy, consideration is given to the status quo of b2b data sharing and data transactions (through structures such as data marketplaces, data pools, and data brokers).
Turning to EU law, we then carry out a comprehensive survey of the current legal landscape on data intermediaries in the areas of data protection, competition, and data contract law – including applicable laws from other jurisdictions. This enables a policy discussion not only situated in the European Commission’s strategic agenda, but also featuring model laws drafted internationally (e.g., the ALI-ELI Principles for a Data Economy).
For the main part of our research, we provide the first article-by-article commentary on Chapter III of the DGA (Articles 9-14) as agreed upon in the trilogue negotiations. On a conceptual level, it will be imperative clearly to frame the peculiar notion of ‘data intermediaries’ and, conversely, determine which services are meant to be excluded from regulation. In doing so, both the aforementioned economic players and popular approaches circulated in academic writing (most notably, data trusts) will need to be squared with the legal definitions. Having carved out its scope, we proceed to discuss the far-reaching bureaucratic, technical, and fairness requirements that data intermediaries under the DGA have to observe in offering their services. The provisions are particularly pinned against the Commission’s vision of common European data spaces. We investigate how data intermediaries can contribute to the emergence of standardised data spaces and whether the DGA will streamline or thwart these efforts. In a similar vein, the DGA’s failure to create exemptions from data protection law and associated quandaries such as anonymisation and purpose-specificity merits discussion.