According to an internal memo seen by EURACTIV, the European Commission is willing to introduce a trade secret protection mechanism in the Data Regulation (Data Act), insofar as it constitutes an exception rather than a rule.
The Data Regulation is a legislative proposal that regulates how to access, share and transfer data. In particular, this regulation would oblige manufacturers of connected devices to allow users to access the data they help generate and to share it with a third party.
Part of the industry, some of which European heavyweights like Siemens and SAP, vehemently opposed the proposed settlement. In particular, it argues that without appropriate safeguards, data sharing obligations would inevitably harm competitiveness and force companies to disclose commercially sensitive information.
Within the Council of the EU, member states have introduced the principle that an organization can refuse the disclosure of data if it can demonstrate that such disclosure is likely to cause serious economic harm.
For the European Parliament, this measure gives a right of veto to data holders and allows them to reject requests for access to them, which goes against the very purpose of the regulation.
“The Commission may be prepared to consider such safeguards, as proposed by the Council, as long as such a mechanism remains an exception to the rule [et] remains compliant with the Trade Secrets Directive (including its underlying purpose and principles) and that legislative texts prevent its extensive interpretation or extensive use and that a disproportionate burden on SMEs is avoided”can we read in the internal note.
In order to reconcile the views of the EU co-legislators on this point, the Commission seems receptive to the concerns of manufacturers as to how best to protect their trade secrets, in particular against unfair competition and the unlawful disclosure of commercially confidential data.
According to a source familiar with the matter, the EU executive actively participated in the interinstitutional negotiations, known as trialogue negotiations, by defending its points of view and providing technical explanations. This activism partly compensates for the lack of dynamism of the Swedish presidency, the source said.
While the initial plan was to conclude the trilogues before the end of June, under the Swedish Presidency of the Council, observers are increasingly convinced that the file will end up in the hands of the Spanish Presidency, which will take over in July.
B2G data sharing
The next trilogue is scheduled for next Tuesday (23 May). In addition to discussions on business secrets, EU policymakers are expected to close the chapter of the data regulation that would allow public bodies to request access to data held by the private sector in specific circumstances.
A crucial aspect of this chapter concerns the type of data, as the European Parliament is pushing to exclude personal data from the scope of these provisions.
In contrast, the Council of the EU retained personal data, but introduced several safeguards, such as notification to the data protection authority, justification and safeguards for requests relating to situations of public emergency as well as the requirement of a determined legal basis for the requests.
The Commission also wants personal data to be included in the scope and considers that the Council text offers sufficient safeguards. However, one of the compromises envisaged is to limit personal data to requests relating to the most serious situations.
In this regard, MEPs want to remove the principle that public bodies can request data not only to respond to a public emergency, but also to remedy it and mitigate its effects.
For the Commission, “the nature of certain emergencies […] may require obtaining data before an event occurs (e.g. an earthquake) or to aid in repair efforts. At the same time, the Commission must remain flexible”.
Another outstanding issue concerns the inclusion of small and micro enterprises in the scope of business-to-government (B2G) obligations, as the Council of the EU wishes to include them in specific situations. This extension could be decided at the same time as a right to compensation.
Member States for their part have proposed to limit the ability to access data to the Commission and the European Central Bank (ECB), in order to limit this chapter only to the public bodies that will use it in practice.
In the note from the EU executive, it is also stated that, even if the scope of these provisions is restricted, the institutions could still share the data with other EU institutions in case of exceptional need.
Other items to approve
The next political meeting should also make it possible to approve certain less controversial points which have already been the subject of technical agreement.
The initial text prohibited data holders from unilaterally imposing unfair contractual conditions on data recipients who are SMEs. The co-legislators have now decided to extend this protection to any company, regardless of its size.
Public sector bodies that access data held by the private sector could pass it on to research organizations and statistical agencies for activities of public interest. The co-legislators agreed to give the data holder the right to complain about the onward transmission of data to the competent authority.
When data is shared between companies, the data holder can request compensation for making the data available, which may include a margin if the recipient is not an SME. The European executive will be responsible for drawing up guidelines to determine the criteria for calculating this compensation.
[Édité par Anne-Sophie Gayet]
2023-05-16 15:23:11
#Data #Act #protection #trade #secrets #exception #rule #Commission