My car, whose data?

In February 2022 it was reported that the automotive company Tesla completed all requirements to join the German car insurance market. A new business model that provides consumers with premiums calculated from their actual driving behaviour is intended to facilitate their market entry. The huge amount of data created by connected cars would thus enable the manufacturer to join and compete in a completely different market.

At the same time, this example poses questions policy makers and academia have been debating for decades: should data be considered as property of a specific stakeholder? Should consumers have the right to “take their data” in order to conclude a contract with a different company? Are competitors entitled to access that data or should Tesla have the prerogative to shield it from them in order to maintain its competitive advantage and protect protentially valuable information? Is it possible to create a competitive data economy where both fundamental rights from individuals and economic rights from companies are protected?

Property Rights in Data – A Viable Solution for the Data Economy?

Whether or not the introduction of new property rights in data would constitute an adequate means to provide for an equilibrium between the sometimes diverging interests of data holders and exploiters has been subject to a long-lasting scholarly debate on both sides of the Atlantic. Both national[1] and European[2] lawmakers considered the introduction of property rights in data as a possible solution to create a competitive data economy.

The idea was to link the protection of data with incentives of the market by using the laws of property as a control mechanism.[3] If data could only be transferred with the owner’s consent, individuals would be put in the position of valuing their privacy according to their personal preferences. Initial justifications for data as property were thus typically grounded in utilitarian theory that focuses on economic efficiency via mutually agreed exchanges. If actions from individuals constitute a measure for what they want, overall utility should be enhanced.[4] Furthermore, the status quo devoid of well-defined property rights in data would result in a de-facto assignment of economic property rights to the information industry, eroding data subject’s autonomy, privacy, and informational self-determination.[5] Property rights in data might thus simply be a necessity to protect and ultimately to empower data subjects.

Such a property rights approach, however, was confronted with severe criticism. In particular in Europe where information privacy is seen as a non-commodifiable fundamental right. Critics argued that recognizing property rights in data might ultimately erode existing levels of privacy if individuals simply increasingly traded away their personal data. Information asymmetries and inherent uncertainties regarding the future uses of data would prevent individuals from correctly estimating the value of their data. Market solutions based on a property rights model would therefore not cure any of the problems related to control, but only legitimize them.[6] In several instances, such as genetic data, the same information could “belong” to several individuals. It would thus make little sense to grant individualized property rights in data if it can be used to make inferences about other data subjects.

Debates on data property culminated when the European Commission proposed the creation of a ‘data producer’s right’ in non-personal machine generated data. Legislative intervention should facilitate the creation of markets for data by protecting economic interests from businesses and by creating legal certainty for data entitlements. Criticisms on the creation of a new property right in data, however, prevailed. In the case of networked cars it would, for instance, already be too difficult to decide to whom a new right in data should be allocated to: the producer of the software or data collection device, the manufacturer of the car, the owner of the car or the driver?[7] Adding a new layer of rights in data in addition to already existing intellectual property rights would result in multiple competing claims of ownership over the same content.[8] Such a “tragedy of the anticommons” would thus risk resulting in an underuse of data due to the high number and complex interrelations of overlapping property rights.[9]

Commodification without Propertization

A full-blown ownership approach to data now seems to have been abandoned by the European legislator. Neither the European Strategy for Data[10] nor two of its key actions, the Data Governance Act[11] and the Data Act[12], contain any references to data ownership or any new sui generis rights in data. Instead, the focus has shifted towards facilitating data access and data sharing – but without propertizing it. The Data Act, for instance, would grant consumers access rights to data generated from connected devices and it would enable them to share it with other companies that provide different services.

Despite the abandonment of a property approach to data, however, data protection authorities fear that the current proposals would extensively push towards a development of “commodification” of personal data.[13] Conflicts and diverging interests by different stakeholders are therefore not expected to automatically disappear. The example of the connected car exemplifies to what extent the interests from stakeholders, such as the owner of the car, the car manufacturer, insurance companies and even public authorities can differ. Instead, conflicts between stakeholders that defend their claims in data might rather intensify. In several instances economic interests by companies to protect their intellectual property rights or their trade secrets might clash with rights and interests from data subjects.

The rationale for the introduction of property rights in data, i. e. for example to protect and empower data subjects in light of de facto data ownership by technology companies, therefore still remains valid today and has even become more pressing. It has however been shown that it constitutes an inadequate means to achieve these goals. One of the many challenges of the data economy will thus be to find alternative solutions. Propositions to have a more integrated policy approach on a ‘data consumer law‘ seem to offer promising alternatives to find ways of solving conflicts between data holders and exploiters and will be investigated further throughout the LeADS project.

 

[1] Cf. e. g. Press Release, Merkel A. (2017): Regulate Ownership of Data. https://www.bundesregierung.de/breg-
de/aktuelles/merkel-eigentum-an-datenregeln-745810

[2] Building a European Data Economy COM (2017).

[3] Lawrence Lessig, ‘The Architecture of Privacy: Remaking Privacy in Cyberspace’ (1999) 1 Vanderbilt Journal of Entertainment & Technology Law 11.

[4] Julie E Cohen, ‘Examined Lives: Informational Privacy and the Subject as Object’ (2000) 52 Stanford Law Review 66.

[5] Nadezhda Purtova, ‘The Illusion of Personal Data as No One’s Property’ (2015) 7 Law, Innovation and Technology 83.

[6] Jessica Litman, ‘Information Privacy/Information Property’ (2000) 52 STANFORD LAW REVIEW 31.

[7] Andreas Wiebe, ‘Protection of Industrial Data – a New Property Right for the Digital Economy?’ (2017) 12 Journal of Intellectual Property Law & Practice 62.

[8] P Bernt Hugenholtz, ‘Against “Data Property”’ in Hanns Ullrich, Peter Drahos and Gustavo Ghidini, Kritika: Essays on Intellectual Property (Edward Elgar Publishing 2018).

[9] Ivan Stepanov, ‘Introducing a Property Right over Data in the EU: The Data Producer’s Right – an Evaluation’ (2020) 34 International Review of Law, Computers & Technology 65.

[10] A European Strategy for Data COM(2020) 66 final.

[11] Proposal for a Data Governance Act COM/2020/767 final.

[12] Proposal for a Data Act COM (2022) 68 final.

[13] EDPB-EDPS Joint Opinion 2/2022 on the Data Act Proposal’ (European Data Protection Board 2022).