News & Views

Summer Reading: Accelerating Data Regulation

5 July 2018

Authors: Jesper Nevalainen and Oskari Paasikivi

The post-GDPR era offers us a chance for reflection. Where do we stand in the on-going processes of data legislation in the EU and, more importantly, what is the big picture? While data protection and privacy have been the trending topics of spring 2018, it must be borne in mind that the GDPR is but one sector in the EU’s digital single market strategy.

The digital single market is a vast project aiming at providing individuals and businesses with greater possibilities and freedom to access and engage in online activities irrespective of nationality and place of residence. Data protection, along with fair competition, consumer protection, and copyright requirements, acts as a necessary safeguard within this project to secure the interests that may be threatened where the transfer, re-use, and accessibility of data is facilitated. At the same time, the reinforced trust and security gained through these safeguards will further enhance the use of digital services and free flow of data.

Since its implementation, the strategy has entailed many legislative initiatives and acts in the EU as well as subsequent national measures. Even a brief overlook of future developments convinces one of the fact that the field of digital activities and data legislation is facing an extensive transformation.

In autumn 2018, the first European municipalities will be able to apply for vouchers for the financing of public free-of-charge Wi-Fi hotspots in local communities all over the EU. This scheme, created by the so-called WiFi4EU Regulation, will benefit residents and visitors in the EU, especially where Wi-Fi connections have not been previously available. Connectivity in the EU will also improve with the introduction of 5G infrastructures and services by the year 2020. The successful deployment of 5G, as envisaged by the European Commission action plan and the proposed directive establishing the European Electronic Communications Code, will provide unprecedented data connections, make way for new business opportunities, and boost the introduction and development of technological innovations such as the Internet of Things. Furthermore, it seems that Finland will be the forefront of the testing and deployment of the new mobile network technology.

New rules against unjustified geo-blocking in online shopping will certainly be a welcome improvement for European consumers. The Geo-Blocking Regulation becomes applicable 3 December 2018 and will mark the end for unjustified restrictions on buying from websites which are based in other member states. Examples of such restrictions have been the re-routing of customers to country-specific websites and requirements to pay with credit or debit cards from a certain country. The regulation will also prohibit other discriminating practices towards consumers from other member states.

The list of efforts goes on with significant initiatives regarding emerging technologies. On 10 April this year, 23 European countries, including Finland, established the European Blockchain Partnership by signing a declaration. The partnership entails national and European-level investments, legal framework, and projects to promote the deployment of the blockchain technology in digital services in the single market.

Legislative proposals regarding sharing, accessibility, and the free flow of data in turn aim especially at boosting the benefits and development of the continuously emerging new artificial intelligence (AI) technology – after all, data is the raw material in most cases of AI. The Regulation on the Free Flow of Non-Personal Data (said data falls out of the scope of the GDPR, which governs personal data), the rules of which were agreed upon 19 June 2018, will ensure that data may be stored and processed anywhere in the EU and prohibit unjustified data localisation restrictions accordingly. The prohibition will only apply to restrictions set in laws, regulations, or administrative orders of member states. However, private restrictions on data localisation also have the potential to hinder data mobility and the functioning and development of the data economy in the EU. Accordingly, the proposed regulation explicitly states that the Commission will encourage and facilitate the development of self-regulatory codes of conduct at EU level in order to define guidelines on the best practices in facilitating data portability. Therefore, market players will have a role under the regulation in determining codes of conduct, which may include model contract terms. The Commission will review the situation if such codes are not put in place within a reasonable time period.

Building on this framework, the European Commission has on 25 April 2018 also proposed a revision to the Public Sector Information Directive to improve the re-use and dissemination of information held by the public sector. The target is to remove barriers to AI innovations. For instance, an innovative transport application will not reach its potential without access to dynamic data held by public bodies. Restrictions on and high charges for data restrict research and set barriers especially for smaller enterprises. A Commission communication has also been issued with respect to data sharing in the B2B context and the business-to-governments context.

As with all new technologies and higher flow of data, the current developments raise new ethical and legal questions of liability or possibly biased decision-making. Implications on data protection are prominent and dealt with under the GDPR. The new e-Privacy Regulation governing the privacy of electronic communications is still under legislative procedure. The regulation is considered the next step in privacy legislation after the GDPR, and it will impose significant requirements on the use of cookies and direct marketing.  The original draft of the regulation was published in January 2017 but, despite original plans for the regulation to enter into force at the same time with the GDPR, it is likely that the regulation text will not be agreed on until 2019 with entry into force in 2019 or 2020.

Questions of liability have become imminent and increasingly complex in the context of AI technologies operating autonomous systems (e.g. robots) and the Internet of Things technology contributing to emerging sophisticated data-based products. We are relying more and more on autonomously operating interconnected technologies to take care of various tasks in business and private use, but when something goes wrong, existing rules could attribute liability to various possible directions. It can be extremely difficult to establish whether liability should lie with the party responsible for the data, for the software, for the applications, or for the network connectivity, as all these layers are so interdependent. Accordingly, the EU has launched surveys and research relating to plans for appropriate amendments to the legal framework of liability in the EU. Determinations must be made, in particular with respect to emphasising contractual and/or extra-contractual liability. Extra-contractual liability, particularly product liability, will especially be reviewed with possible amendments to the Product Liability Directive. The Commission aims to issue guidance on the interpretation of said directive in light of technological developments by mid-2019.

Further safeguards in the digital single market strategy include the Regulation on Fairness and Transparency in Online Platform Trading. The regulation was proposed on 26 April, and it would protect companies from the unfair trading practices of search engines and online platforms when intermediating business-customer relationships with new transparency requirements on terms and conditions and new redress procedures. The Commission has also adopted new guidelines on market analysis and the assessment of significant market power. These are to guide national regulatory authorities when analysing telecoms markets, and, in Finland, they will guide the analyses conducted by the Finnish Communications Regulatory Authority under the Act on Electronic Communications Services. The aim is to improve competitive conditions among online service providers to benefit consumers and small businesses.

Our Nordic IP & Tech team is closely following the aforementioned and other data economy related regulatory developments and will keep you posted as things develop. For any data-related legal questions or issues, please do not hesitate to contact us.