Consolidation of Data-Sharing Rules in the Digital Omnibus
The business community has called for the new digital regulatory framework to be clarified, simplified, and made more consistent. Companies should not face sanctions when it is unclear what compliance entails, writes Carola Ekblad, digital policy expert.
The European Commission has proposed a digital omnibus package, incorporating some recommendations from the Confederation of Swedish Enterprise.
Key proposals include making the Data Act the central framework for data sharing, while repealing the Data Governance Act, the Open Data Directive, and the Platform-to-Business Regulation, integrating relevant provisions into the Data Act.
For companies applying the regulation, this consolidation will involve short-term transition costs, such as updating systems, training staff, and revising procedures. In the long term, however, a more uniform and simpler regulatory structure will reduce administrative burdens and improve harmonisation of legal terminology.
Integrating the Data Governance Act and the Open Data Directive into the Data Act could also reduce administrative burdens by cutting down on parallel reporting requirements and supervisory processes.
Simplifications in the Data Act
The Data Act began to be partially applied in September this year. It constitutes a very complex regulatory framework, making it difficult to gain an overview or predict its application or interpretation.
Codification of Case Law
The Data Act regulates how data from connected products and services should be shared between users, third parties, and manufacturers. If personal data is included in this data, sharing must comply with the GDPR.
The business community has requested clarifications on how the Data Act and GDPR should be applied in parallel. This has partly been addressed through the codification of case law regarding pseudonymised data. This means that information should not be considered personal data for an actor who does not have a reasonable possibility of identifying the individual.
The European Commission will take certain measures aimed at ensuring harmonisation and compliance with the Data Act. Alongside this work, there will be a dedicated legal helpdesk for the Data Act, providing companies with direct support on specific questions regarding the application of the new rules.
Common Specifications When Standards Are Missing
The European Commission’s work to ensure harmonisation and compliance with the Data Act has not proceeded in the time or scope the market requires. A reasonable omnibus proposal would therefore be to postpone the application of the Data Act. Instead, it is proposed that the European Commission be granted the authority to develop common specifications when harmonised standards are missing or delayed.
The proposal may partly contribute to clarifications and thereby serve as a sort of “safety valve” when standards have not been developed in the time or scope the market needs. However, allowing the European Commission to determine common specifications without an inclusive process could, at worst, result in documents that do not meet the quality required by companies. The proposal could also risk reducing the global relevance of EU standards if the industry is not sufficiently involved.
Measures Against Data Leakage Outside the EU
The European Commission recognises that the rules in the Data Act are not geopolitically secure and therefore proposes that data holders may refuse to share data with users or third parties if the sharing would pose a high risk of unlawful acquisition, use, or disclosure to a third country.
Strengthening the protection of trade secrets is important. But for a company, it is equally harmful from a competitive standpoint if information ends up with competitors on the domestic market or elsewhere.
In the rapidly changing geopolitical landscape, protecting trade secrets is increasingly important for companies. Trade secrets underpinning data-driven products and services play a crucial role in ensuring economic security, resilience, and maintaining our competitive edge on the global stage. The Confederation of Swedish Enterprise maintains that the revision of the Trade Secrets Directive, announced in the 2020 data strategy, should be implemented to improve trade secret protection.
Next Steps
The above outlines some proposals in the digital omnibus. The input from the Confederation of Swedish Enterprise has been partially, but not fully, addressed by the European Commission. An important piece of the puzzle, alongside negotiations on the omnibus proposals, is therefore the announced digital “fitness check.”
A welcome pause on EU rules for high-risk AI – but companies still have work to do
