Sharing is Caring: Data Governance Act Meets DG COMP
As we welcome 2022 and set New Year's resolutions that we will never keep, it is out with the old and in with another piece of Commission legislation concerning the digital sector. Please welcome the Data Governance Act (DGA).
According to the Commission's calculations, between 2018 and 2025, the amount of data generated by public bodies, businesses and citizens is expected to multiply by five. As a result, the Commission came with the DGA legislative proposal to allow these data to be harnessed and pave the way for sector-specific European data spaces to benefit society, citizens and companies. After a brief overview of the current draft, we will discuss whether it facilitates cartels, and if the DGA will impact EU merger control.
New Kid on the Block
The DGA aims to increase trust in data sharing, creates new EU rules on the neutrality of data marketplaces and facilitates the reuse of certain data held by the public sector. It sets up common European data spaces in strategic domains, such as health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and professional services. Also, according to the Commission, the potential of artificial intelligence cannot be unlocked without data sharing, which helps start-ups and businesses develop an ecosystem based on EU standards.
In a nutshell, the DGA seeks to achieve the following goals:
- Making public sector data available for reuse,
- Sharing of data among businesses,
- Allowing personal data to be used with the help of a "personal data-sharing intermediary" (designed to help individuals exercise their rights under the General Data Protection Regulation),
- Allowing data use on altruistic grounds.
The initial draft was published on 19 February 2020, while the current draft dates back to 25 November 2021. On 30 November 2021, the European Parliament ITRE committee reached an agreement on the draft DGA. Going forward, the informal agreement will have to be formally endorsed by the European Parliament and Council to come into force.
"Carte blanche" for Cartels?
Although the wording "sharing of data among businesses" sounds like a perfect cartel storm, that is clearly not the case – the Commission painstakingly weaved into the DGA a number of firewalls, in order to prevent any loopholes. For instance, the draft specifies that it does not interfere with the application of EU competition rules, in particular rules on the exchange of competitively sensitive information between actual or potential competitors through data sharing services.
The DGA provisions arrive just in time for certain industries which are based on data-pooling, such as the financial sector or the insurance sector. In relation to the latter, for example, the Italian competition authority was recently confronted with a number of cases. In October 2021, the Associazione Nazionale fra le Imprese Assicuratrici (ANIA) managed to avoid a fine by offering commitments on its anti-fraud project for the life and non-life sectors, which include the creation of databases and common algorithms to determine fraud risk indicators. The commitments by ANIA include limiting the possible uses of the databases, providing safeguards to guarantee their correct use, and allowing the widest possible adherence to the project. As recently as January 2022, insurers in Italy (i.e. Allianz Direct, Zurich Insurance, Compagnia Italiana di Previdenza, 6Sicuro, CercAssicurazioni.it and Daina Finance) offered a series of commitments, seeking to close an investigation over whether they exchanged sensitive information on the conditions for the direct sale of car insurance.
However, the DGA might actually have some skeletons in its shiny new closet, in the shape of data intermediaries. Put in the spotlight, the data intermediaries – which, according to the DGA, should be neutral and independent – are meant to "facilitate the aggregation and exchange of substantial amounts of relevant data". Even more, the data intermediaries are due to offer services that connect the different actors having the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. We don't know about you, but it seems to us that the provisions give out some serious AG Treuhand / Article 101 vibes. However, the DGA draft is still in its early days and before we jump to cartel facilitation conclusions, we should keep the faith in the Commission's always-vigilant eye.
Going forward (and according to the crystal ball we got for Christmas), the DGA provisions are expected to complement the Commission's revised guidance on information sharing, scheduled for 2022, and which is expected to generally provide more clarity on pro-competitive information sharing and will allow companies to seek guidance from the Commission.
A Million Euro Question
As already mentioned, the DGA is part of the Commission's digital package deal, together with the Digital Markets Act, which directly targets merger control proceedings. The DGA draft itself already includes a clin d'oeil to gatekeepers and the discussions sparked by "data mergers", when it states that public sector bodies, when establishing the principles for reuse of data they hold, should avoid the conclusion of agreements which might have as their objective or effect the creation of exclusive rights for the reuse of certain data.
However, going forward, we could not help but wonder whether and to what extent, since the DGA facilitates the sharing of data, that will impact concepts like: theories of harm, efficiency defenses or remedies. For that, we peered again into our crystal ball and asked a few questions:
For example, since the DGA seeks to increase data portability, could that help to reduce or lower barriers to entry in industries where access to data is crucial? Quite likely, since the whole point of the DGA is to make data more easily available and accessible to the private sector, the direct consequence of which is the lowering of such barriers to entry.
Could the DGA make it easier to implement, and for the EC to accept, data access remedies (in Google/Fitbit type of cases)? The discussion about behavioral remedies in data mergers is all the rage now, particularly in the aftermath of Google/Fitbit, and following in the footsteps of Intel/McAffee and DriveNow/Car2Go (admit it, you read the best comparative assessment in our July 2020 newsletter). The Commission has been toying with the idea and the switch in its practice and the DGA might just be the push it needs. Of course, that comes with a host of changes, the most important of which is the delicate question of the monitoring of remedies – the main reason for which the Commission usually shies away from behavioral remedies.
Could the DGA help turn rivalrous into non-rivalrous data? That is possible, especially since the DGA expressly prohibits the conclusion of exclusive agreements related to the reuse of data, for example. Will that bring about a change in the competitive environment in certain data-intensive sectors? Crystal ball says "follow us on LinkedIn and we will keep you updated on that, and many more of your favorite EU competition law topics".