Brrring! “Gee, this iPhone alarm is the worst—I should really change that sometime. Let’s see what’s in my calendar for today…”

Read the full piece here.

Early Morning

I wake up grudgingly to the loud ring of my phone’s preset alarm sound (I swear I gave third-party alarms a fair shot). I slide my feet into the bedroom slippers and mechanically chaperone my body to the coffee machine in the living room.

Read the full piece here.

Having earlier passed through subcommittee, the American Data Privacy and Protection Act (ADPPA) has now been cleared for floor consideration by the U.S. House Energy and Commerce Committee. Before the markup, we noted that the ADPPA mimics some of the worst flaws found in the European Union’s General Data Protection Regulation (GDPR), while creating new problems that the GDPR had avoided. Alas, the amended version of the legislation approved by the committee not only failed to correct those flaws, but in some cases it actually undid some of the welcome corrections that had been made to made to the original discussion draft.

Read the full piece here.

May 2007, Palo Alto

The California sun shone warmly on Eric Schmidt’s face as he stepped out of his car and made his way to have dinner at Madera, a chic Palo Alto restaurant.

Read the full piece here.

Earlier this month, Professors Fiona Scott Morton, Steve Salop, and David Dinielli penned a letter expressing their “strong support” for the proposed American Innovation and Choice Online Act (AICOA). In the letter, the professors address criticisms of AICOA and urge its approval, despite possible imperfections.

Read the full piece here.

Much ink has been spilled regarding the potential harm to the economy and to the rule of law that could stem from enactment of the primary federal antitrust legislative proposal, the American Innovation and Choice Online Act (AICOA) (see here). AICOA proponents, of course, would beg to differ, emphasizing the purported procompetitive benefits of limiting the business freedom of “Big Tech monopolists.”

Read the full piece here.

If S.2992—the American Innovation and Choice Online Act or AICOA—were to become law, it would be, at the very least, an incomplete law. By design—and not for good reason, but for political expediency—AICOA is riddled with intentional uncertainty. In theory, the law’s glaring definitional deficiencies are meant to be rectified by “expert” agencies (i.e., the DOJ and FTC) after passage. But in actuality, no such certainty would ever emerge, and the law would stand as a testament to the crass political machinations and absence of rigor that undergird it. Among many other troubling outcomes, this is what the future under AICOA would hold.

Read the full piece here.

We appear to be reaching an end stage in negotiations between the European Parliament and the Council of the European Union on a plan to extend the EU’s financial-surveillance regime over the cryptocurrency industry. Alas, lawmakers were in such a rush that they appear not to have noticed that the hastily crafted legislative package violates fundamental tenets of the EU’s founding treaties.

Read the full piece here.

INTRODUCTION AND BACKGROUND

On 23 February 2022, the European Commission unveiled its proposal for a Data Act (DA).[1] As declared in the Impact Assessment,[2] the DA complements two other major instruments shaping the European single market for data, such as the Data Governance Act[3] and the Digital Markets Act (DMA),[4] and is a key pillar of the European Strategy for Data in which the Commission announced the establishment of EU-wide common, interoperable data spaces in strategic sectors to overcome legal and technical barriers to data sharing.[5] The DA also represents the latest effort of European policy makers to ensure free flows of data through a broad array of initiatives which differ among themselves in terms of scope and approach: some interventions are horizontal, others are sector-specific; some mandate data sharing, others envisage measures to facilitate the voluntary sharing; some introduce general data rights, others allow asymmetric data access rights.

Notably, the General Data Protection Regulation (GDPR) enshrined a general personal data portability right for individuals,[6] the Regulation on the free flow of non-personal data facilitated business-to- business data sharing practices,[7] the Open Data Directive aimed to put government data to good use for private players,[8] and the Data Governance Act attempted to harmonising conditions for the use of certain public sector data and further promoting the voluntary sharing of data by increasing trust in neutral data intermediaries that will help match data demand and supply in the data spaces.[9] Sector- specific legislations on data access have also been adopted or proposed to address identified market failures, such as in the automotive,[10] payment service providers,[11] smart metering information,[12] electricity network data,[13] intelligent transport systems,[14] renewables,[15] and energy performance of buildings.[16]

Against this background, given that the DA is a horizontal legislative initiative fostering data sharing by unlocking machine-generated data and overcoming vendor lock-in, an issue of coherence with existing and forthcoming EU data-related legislations emerges.

The premise of such regulatory intervention is provided by the fact that an ever-increasing amount of data is generated by machines or processes based on emerging technologies, such as the Internet of Things (IoT), and is used as a key component for innovative services and products, in particular for developing artificial intelligence (AI) applications.[17] The ability to gather and access different data sources is crucial in order for IoT innovation to thrive. IoT environments are possible as long as all sorts of devices can be interconnected and can exchange data in real-time. Therefore, access to data and data sharing practices are pivotal factors for unlocking competition and incentivising innovation.

From this perspective, the proposal for a DA represents the last episode of a long thread of European Commission interventions. Since the 2015 Digital Single Market Communication, the Commission has indeed emphasised the central role played by big data, cloud services, and the IoT for the EU’s competitiveness, also pointing out that the lack of open and interoperable systems and services and of data portability between services represents a barrier for the development of new services.[18] The issue of (limited) access to machine-generated data has been raised in the 2017 Communication on the European Data Economy,[19] where the Commission envisaged some potential interventions which are now advanced by the DA, as well as in more recent Commission’ Communications on a common European data space and a European strategy for data.[20] In particular, the latter indicated the “issues related to usage rights for co-generated data (such as IoT data in industrial settings)” as a priority area for a legislative intervention.[21]

Moreover, the IoT economy has been the subject of a recent sector inquiry which offered a comprehensive insight into the current structure of IoT environments and the competitive dynamics that are shaping their development.[22] In particular, the Commission underlined the role of digital ecosystems within which a huge number of IoT interactions take place and identified the most widespread operating systems and general voice assistants as the key technological platforms that connect different hardware and software components of an IoT business environment, increase their complementarity as well as provide a single access point to diverse categories of users.[23] Against this backdrop, interoperability is deemed to play a crucial role in improving consumer choice and preventing lock-in into providers’ products.

To contribute to the current policy debate, this paper will provide a first assessment of the tabled DA and will suggest possible improvements for the ongoing legislative negotiations. The paper is structured as follows. Section 2 deals with the problems addressed and the objectives pursued by the legislative initiative. Section 3 analyses the scope of the new data access and sharing right for connected devices. Then, Section 4 investigates the provisions aimed at favouring business-to- government data sharing for the public interest. Section 5 deals with the rules which tackle the vendor lock-in problem in data processing services by facilitating switching between cloud and edge services. Section 6 analyses the requirements set forth regarding interoperability. Finally, Section 7 concludes by addressing the governance structure. Each section briefly summarises the DA proposal and then makes a first assessment with suggestions for improvements.

[1] European Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on harmonised rules on fair access and use of data (Data Act)’ COM(2022) 68 final.

[2] Commission Staff Working Document, Impact Assessment Report accompanying the Proposal for a Regulation on harmonised rules on fair access to and use of data (Data Act) SWD(2022) 34 final, 1.

[3] Regulation (EU) 2022/868 on European data governance (Data Governance Act) [2022] OJ L 152/1.

[4] Regulation (EU) on contestable and fair markets in the digital sector (Digital Markets Act).

[5] European Commission, ‘A European strategy for data’ COM(2020) 66 final.

[6] Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, [2016] OJ L 119/1, Article 20.

[7] Regulation (EU) 2018/1807 on a framework for the free flow of non-personal data in the European Union, [2018] OJ L 303/59.

[8] Directive (EU) 2019/1024 on open data and the re-use of public sector information, [2019] OJ L 172/56.

[9] Data Governance Act, supra note 3.

[10] Regulation (EU) 2018/858 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC, [2017] OJ L 151/1.

[11] Directive (EU) 2015/2366 on payment services in the internal market, [2015] OJ L 337/35, Article 67.

[12] Directive (EU) 2019/944 on common rules for the internal market for electricity and amending Directive 2012/27/EU, [2019] OJ L 158/125; and Directive 2009/73/EC concerning common rules for the internal market in natural gas and repealing Directive 2003/55/EC, [2009] OJ L 211/94.

[13] Regulation (EU) 2017/1485 establishing a guideline on electricity transmission system operation, [2017] OJ L 220/1; and Regulation (EU) 2015/703 establishing a network code on interoperability and data exchange rules, [2015] OJ L 113/13.

[14] Directive 2010/40/EU on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport Text with EEA relevance, [2010] OJ L 207/1.

[15] Proposal for a Directive amending Directive (EU) 2018/2001, Regulation (EU) 2018/1999 and Directive 98/70/EC as regards the promotion of energy from renewable sources, and repealing Council Directive (EU) 2015/652, COM(2021) 557 final.

[16] Proposal for a Directive on the energy performance of buildings (recast), COM(2021) 802 final.

[17] On the economic value of data, see Jan Krämer, Daniel Schnurr, and Sally Broughton Micova (2020), ‘The role of data for digital markets contestability’, CERRE Report https://cerre.eu/wp-content/uploads/2020/08/cerre- the_role_of_data_for_digital_markets_contestability_case_studies_and_data_access_remedies-september2020.pdf.

[18] European Commission, ‘A Digital Single Market Strategy for Europe’, COM(2015) 192 final, 14.

[19] European Commission, ‘Building a European Data Economy’, COM(2017) 9 final, 12-13.

[20] European Commission, ‘A European strategy for data’, supra note 5, 10; and European Commission, ‘Towards a common European data space’, COM(2018) 232 final, 10.

[21] European Commission, ‘A European strategy for data’, supra note 5, 13, and 26.

[22] European Commission, ‘Final Report – Sector inquiry into consumer Internet of Things’ COM(2022) 19 final.

[23] Commission Staff Working Document accompanying the ‘Final Report – Sector inquiry into consumer Internet of Things’ COM(2022) 10 final.