The EU Data Act: A Misguided Policy
In February 2022, the European Commission proposed new rules on “who can use and access data generated in the EU across all economic sectors,” via its draft Data Act. In doing so, it continues a misguided approach to digital regulation.
The Data Act, if adopted without significant changes, will penalize competition and chill investment and innovation; act as a government expropriation forcing companies to share trade secrets and other sensitive information with competitors and EU government entities. It further subjects American companies to massive fines by European regulatory authorities; and threatens companies’ ability to transfer their industrial data out of Europe.
The Chamber drafted this report to draw awareness to the shortcomings of the EU Data Act’s approach and to highlight the need for European policymakers to course correct to avoid unintentional, but significant, economic consequences.
The U.S. business community supports a connected and competitive digital economy in Europe. However, requirements to share data, potential new restrictions on cross-border data flows, and other elements of the EU Data Act will not accomplish this goal.
Instead, it will have broad consequences across numerous sectors of the economy, including transportation, agriculture, oil and gas, healthcare, technology, pharmaceuticals, and aerospace. Indeed, these impacts will be felt both by U.S. companies with significant investments and operations in Europe as well as by European companies with significant trade and investment links to the U.S. economy. We outline specific impacts across various sectors in the paper.
Concerning Data Act proposals
Forced data sharing: Provisions that require companies to share proprietary data with their competitors and with governments, without sufficient privacy safeguards on trade secrets and other business sensitive data, would be an unprecedented step by a major democratic economy. Once such data has been shared—whether with other private actors or public entities—there are significant risks of leaks and cybercrimes, since governments and competitors will have no fiduciary responsibility to protect this sensitive information. Of particular concern: Much of this data may fall into the hands of state-owned enterprises from China and other non-market economies.
Innovation undermined: The Data Act’s mandates to share data with competitors and governments are likely to dissuade companies from investing in Europe. Forcing companies to share their hard-won intellectual property with rivals will endanger future investments in developing state-of-the-art technologies. Moreover, the Data Act’s requirements for companies to provide “functionally equivalent” services to clients seeking to switch service providers undermines any differentiation in the market.
Cross-border data flows restricted: New restrictions on industrial data transfers out of the EU will have serious implications for U.S. companies operating in Europe as well as for European companies with major investments in the United States. Preventing companies from sharing data between their factories or other operations will limit their ability to innovate and learn from their own experiences. Perversely, such restrictions would create a situation where personal data is easier to transfer across the Atlantic via the new EU-U.S. Data Privacy Framework than industrial data—despite industrial data having no inherent right to privacy.
Discriminatory treatment for U.S. companies: The Data Act would expressly limit companies’ ability to do business with or share data with companies deemed “gatekeepers,” pursuant to the EU’s Digital Markets Act—while simultaneously requiring these same companies to share their own data. Designated gatekeepers should not be required to bear the burden of the Data Act while being denied its purported benefits, not least because it doubles down on an already discriminatory approach that singles out predominantly American companies for special treatment.
Recommended changes and clarifications
Support a voluntary framework for data sharing: The EU should abandon efforts to mandate data sharing, whether between companies or between companies and governments. Frameworks facilitating data sharing should be encouraged, but only when they are in market participants’ mutual interests and such sharing occurs on a voluntary basis. Greater sharing of government data with companies that can better analyze and use vast data sets should also continue to be encouraged.
Remove restrictions on cross-border data flows: The EU should avoid a policy course that invites EU and member state policymakers to develop restrictions on cross-border flows of non-personal data. As drafted, the Data Act will have a chilling effect on international trade, investment, and innovation by making industrial data harder to transfer than personal data. This approach makes no sense.
Bolster support for trade secrets: Member-state governments and other European policymakers should enshrine additional protections for companies seeking to protect their hard-won trade secrets and intellectual property.
Assurances on non-discrimination: The EU should abandon efforts that would impose additional restrictions on companies targeted by the Digital Markets Act, which are overwhelmingly U.S.-based companies, whether as part of the Data Act or otherwise.
Even as it moves forward with its digital transformation agenda in Europe, Brussels is expected to encourage other markets to adopt similar rules. They may see advantage in a first-mover approach to digital regulation, but there are real risks—in terms of cybersecurity, privacy, and data transfers—that must be considered.
EU policymakers are likely to finalize the Data Act in the near term, meaning there is a narrow window of opportunity for action. Policymakers should seize this opportunity to improve the legislation and help ensure it achieves the benefits of fostering increased data sharing without undermining the case for innovating and investing in Europe.