EU Data Package Highlights Connections between Data Protection and the Digital Single Market
On January 10, 2017, the EU Commission published a package of documents on the EU's data economy strategy, including e-privacy, data protection and the "European Data Economy." The Commission documents, published in the context of the Commission's digital single market ("DSM") initiative announced in May 2015, illustrate again the strong links between the EU's digital regulatory strategy, data protection, intellectual property and antitrust policy, notably including the Commission's preliminary report on its sector inquiry on e-commerce, also launched in May 2015.
The e-privacy and data protection documents include a proposal for a new regulation on privacy and electronic communications (the "E-Privacy Regulation") and a communication on exchanging and protecting personal data in a globalized world (the "Data Transfer Communication"). The European data economy documents include a Communication on Building a European Data Economy (the "Data Economy Communication"), accompanied by two consultations, one consultation on the European data economy (the "Data Economy Consultation") and another on the EU directive on liability for defective products (the "Defective Product Consultation").
The Commission's proposals are wide-ranging and ambitious, including (for example) potential EU enforcement actions to invalidate national data localization requirements; a new EU legal framework to promote access to data, potentially including a requirement for companies to provide access to data generated on their own products and services through the Internet of Things ("IoT"); default contract rules that would invalidate data access and usage provisions in other contracts that are deemed unfair, including in a B2B context; and a mandatory portability right for non-personal data based on the EU portability right for personal data.
These initiatives are of critical importance for all companies doing business in the EU, not only technology companies. The Commission hopes that the E-Privacy Regulation will be adopted by May 2018, in time for the GDPR's entry into force. The Commission's consultations are open until April 26, 2017. The Commission sets out a number of specific actions it plans to take in 2017 and 2018, following the consultations. In addition, the Commission plans to conduct bilateral discussions with individual stakeholders.