The Data Act is, after the Digital Markets Act, the second major regulation that proposes significant interoperability measures. We approach interoperability in the context of Europe’s data strategy – while acknowledging, that it is also an important market competition measure. This research note provides a closer look at interoperability provisions proposed across several legislative interventions: the Digital Markets Act (DMA), the Data Governance Act (DGA), and the Data Act (DA).
With the European strategy for data, the Commission proposed a blueprint for the data economy based on society-wide access to and reuse of data in full compliance with EU values. To achieve this vision, one central element is the ‘right to data interoperability,’ first proposed in 2016 with the General Data Protection Regulation (GDPR) as a right to data portability. Article 20 of the GDPR stipulates a right for data subjects to receive personal data concerning them, which they provide to a controller in a structured, commonly used and machine-readable format. Data interoperability was initially conceived as an instrument for data subjects to increase agency on personal data. Since then, many observers have also recognized that data interoperability could play an important role in attempts to decentralize the online ecosystem and limit the market power of dominant platforms.
However, the right is largely described as underdeveloped in the European strategy for data; and this can be ascribed to two main reasons. First, article 20 of GDPR indicates that data portability can be exercised only “where it is technically feasible” by data controllers. Second, it lacks important technical specifications, such as application programming interfaces (APIs), to ensure consistent application.
For this reason, the European data strategy has as a key objective the extension of the right to situations that not only involve personal data, but also non-personal data. In addition, it positions interoperability as a key instrument to provide more competitive fairness across online platforms, but also as an underlying principle of common European data spaces. As such, the strategy aims at crystallizing data interoperability as a key design principle of the European data economy.
First, with the DMA, the Commission aims to leverage interoperability to ensure competitive fairness in digital markets. The proposal is already well underway and currently in trilogue negotiations with the French presidency aiming to have the final green light from both institutions before the end of its presidency at the end of June.
The key provision for interoperability in the DMA is article 6, which obliges gatekeepers in respect of each of its core platform services to allow business users and providers of ancillary services access to and interoperability with the same operating system, hardware or software features. In addition, the Commission proposal envisages an obligation to provide effective portability of data generated through the activity of a business or end-user as well as providing the tools for end-users to facilitate the execution of this right.
Compared to the initial text, the Parliament has suggested important amendments to the scope of article 6 by making sure that gatekeepers allow for interoperation for free and that they cannot shortcut obligations. In addition, the Parliament has proposed amendments to extend the scope of the right to data interoperability to providers of services and hardware to the same hardware and software features accessed or controlled via an operating system. Likewise, it foresees a possibility for third parties to access data produced by end-users free of charge, based on end-users consent. Finally, the Parliament included two amendments for interconnection, which would allow any interpersonal communication services and social network services to interconnect with the concerned gatekeeper.
In comparison, the Council’s negotiating position does not substantially differ from the Parliament’s amendments, save for the two interconnection amendments for interpersonal communication services and social network services.
Second, with the DGA, the Commission aims at providing the underlying architecture of the European data economy to facilitate data sharing amongst a variety of actors. And this is done by extending the right to interoperability for cross-switching situations between a variety of public, private and not-for-profit organizations. However, the DGA does not specifically tackle the lack of technical specifications for the right of data interoperability to take place. Rather, it repositions the right in the context of developing common European data spaces, a crucial element of the European data strategy. Nonetheless, this concept still remains undefined in EU initiatives in the field. Not even the Commission Staff Working Document on common European data spaces provides a conceptual definition.
In the DGA, the repositioning occurs across two main lines: at the level of obligations and of institutions. At the level of obligations, the Commission stipulates interoperability requirements for two main actors introduced by the DGA. First, data intermediation services – being intermediaries which aim to facilitate data sharing between data subjects and data holders, on the one hand, and data users, on the other hand – will be obliged under article 11 to facilitate the exchange of data between data users, data subjects, and holders in a manner that enhances interoperability within and across sectors[1]However, this new business model might not necessarily lead to decentralization, but actually to potential recentralization and concentration of market power.. Second, data altruism organizations – being not-for-profit repositories of data voluntarily donated by data subjects or data holders for purposes of general interest – will be subject to delegated acts by the Commission where it will be able to recommend specific interoperability standards between various organizations.
At the institutional level, the repositioning occurs as the DGA creates a new European body in the form of an expert group to monitor the emergence of common data spaces in the market: the European Data Innovation Board (EDIB). Chapter VI, wholly dedicated to the governance of the board, clearly assigns a strong interoperability function to EDIB by mandating it to assist the Commission “in addressing the fragmentation of the internal market and the data economy (…) by enhancing cross-border and cross-sector interoperability of data” (article 27).
Finally, the Commission recently proposed a new initiative: the DA, which aims to harmonize rules on fair access to and use of data in the European data economy. And it does so by strongly enhancing the remit of the right of interoperability from personal data to all user data produced by connected devices, thus going beyond the initial GDPR approach. Antti Poikola from MyData, in this blogpost, even argues that “the Data Act is like the GDPR article 20 on steroids.”
This change of paradigm is closely linked to the building of common European data spaces where the Commission intends to introduce two main interventions.
First, in Chapter VIII, the Commission is empowered to adopt common specifications through a combination of delegated and implementing acts in areas “where no harmonized standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces.” And the object of such standards is the so-called ‘operators of data spaces – a new actor of the European data economy tasked with enabling cross-sectoral interoperability. As such, they will have to be compliant with a variety of technical requirements specified by the Commission and European standardization bodies. However, the initial proposal does not provide an actual definition of ‘operators of data spaces.’ Not even the Digital Europe Working Programme for 2021-2022, despite laying the groundwork for the funding of common data spaces, provides more clarity on this.
Second, the Commission is also tasked with specifying open interoperability specifications for cloud computing services. According to article 29, these refer to a combination of transport, syntactic, semantic, behavioral and policy portability to allow users to port their data and digital assets across various data processing services through a gradual withdrawal of switching charges. As clarified in recital 76, the underlying goal is to “enable a seamless multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy.”
As outlined above, data interoperability is becoming a key design principle for the European data economy. EU lawmakers are resolute in leveraging the right both in light of platforms’ regulation and for facilitating data exchanges across common data spaces. However, there seems to be a main threat looming in the background of these initiatives, which might ultimately hinder the real efficiency of portability provisions: a lack of connection between the files.
Andrea Renda – Senior Research Fellow and Head of Global Governance, Regulation, Innovation & Digital Economy at the Center of European Policy Studies (CEPS) – argues that;
…to be effective, the Data Act will have to reverse another trend that has reigned in cyberspace since the earliest days of the World Wide Web: the lack of effective enforcement, and the ability of tech giants to dodge regulation, or even use it to pursue their own interests.
For this to happen, it is necessary to ensure consistency and legal certainty across policy files, therefore avoiding potentially overlapping provisions and inconsistencies between the DMA, DGA, and DA.
In this light, a clear lack of connection emerges between the DGA and DA, despite the two measures being so closely intertwined in advancing the goals set out by the European strategy for data. This is evident in the lack of definitional clarity as the recurrent terminology – such as for data holders, data users, operators of data spaces, and common European data spaces – is left undefined, ill-defined, or even misdefined across the two measures.
Likewise, in terms of data spaces’ governance, it is striking to notice that the DA does not reference EDIB’s role with regard to securing data interoperability, though the DGA dedicates a whole chapter to its mandate. As we have argued in this policy brief on the DA, this lack of precision might lead to competing obligations between the two measures, ultimately hindering the development of common data spaces in Europe.