#AFS

Startups’ joint statement on the Data Act

March 15, 2023
Data Act

The Data Act is built on ambitions that startup associations share and has the potential to bring a key resource -data- to more startups. Startup-friendly data policies should, however, balance the incentives and costs involved in the value-chain of dataset creation and maintenance. In this context, we have concerns that several provisions of the Data Act, in their current form, present significant technical and legal challenges for startups. They will also create legal uncertainty in how data should be handled, which will potentially have a negative impact on the quantity and quality of the data that startups can gather and process, as well as to the extent that they can use this data to bolster innovation and growth. 

Our specific recommendations are: 

  • Clarity and proportionality on product definition;
  • Data sharing obligations in line with the technical and financial realities of startups; 
  • Data portability & interoperability provisions for cloud-switching designed to bolster startups’ innovation potential; 
  • Data transfers rules that encourage taking benefit of the global data economy;

Key improvements can be made and we, startup communities, encourage legislators to use the following litmus test for the Data Act: Will the Data Act make more entrepreneurs want to launch and build their data-intensive startups in the EU? 

The following paragraphs contain a more detailed overview of our recommendations.

Product definition

The proliferation of products connected to the internet (Internet of Things or IoT) has increased the volume and potential value of data for consumers, businesses and society at large. The Commission’s proposal on Recital 15 explicitly excluded certain products from the scope of the Data Act. 

However, certain amendments have been proposed recently advocating for the deletion of these exclusions and thus expanding the definition of “product” in a disproportionate manner compared to the objectives of the Data Act. The new wording would bring into the scope of the Data Act any product that processes data and can connect to the internet, a scope well beyond the main objective of the Data Act to unlock the value of industrial data of the IoT sector. 

The startup community and the co-signing organisations believe that the Data Act should not apply to products which are primarily designed to display, play, record or transmit content, such as personal computers, servers, tablets, smart phones, cameras, webcams, sound recording systems and text scanners. These require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Keeping the status quo on the Commission’s proposal will provide startups and investors with legal clarity and boost innovation in the EU. 

Data sharing 

Opening up datasets through mandatory sharing could send adverse signals to those who are looking to or have invested limited resources in developing datasets. There is room for improvement when it comes to sharing best-practices, creating better incentives for data access & re-sharing, storytelling and startup digitisation. Specifically, to ensure the data sharing chapters in the Data Act empower startups, we recommend: 

  • Clarify key concepts to limit the legal burden for startups.
    • Articles 2 & 4 of the Data Act. The vast majority of datasets are mixed, containing personal and non-personal data. Policymakers should take into account the complexity of designating what is personal or non-personal, and applying the respective legal requirements accordingly. If there is a political move to increase data sharing, there should be clarity regarding what datasets this would include. There should not be contradictions (or opposing incentives for entrepreneurs) to share or not share. 
    • Articles 5 & 6 of the Data Act. It is unclear what has justified the addition of the gatekeeper definition in this file and what the added value of this clause is. To avoid overcomplication, legal uncertainty and extensive compliance difficulties that the inclusion of this definition could entail for startups’ as consumers, competitors and complimentary services of gatekeepers (and potential gatekeepers themselves), a thorough impact assessment on using these thresholds across digital files is needed.
    • Reconsider B2G data sharing scope & reach to avoid setting an open-ended precedent leading to legal uncertainty. First, the scope of “exceptional circumstances” in B2G data sharing should be narrowed down as much as possible, for instance to established definitions of ‘force majeure’ including natural disasters, public health emergencies and man-made disasters of great magnitude. Second, the scope should clarify which public entities are to be recipients in B2G data sharing arrangements. Semi-public actors who might be incumbent competitors that startups are trying to disrupt should not gain an advantage through data-sharing obligations in the Data Act.
  • Articles 3 & 4 of the Data Act. “Incentivise Data sharing by design” should focus on enabling entrepreneurs to share or provide access to non-personal data generated by the use of their products, via incentives and not by mandatory provisions. The latter would, especially for small startups, pose big design challenges and distract early-stage entrepreneurs from understanding if their business model is even feasible.
  • Articles 4, 5, 8, 17 & 19 of the Data Act. “Design clear protections for trade secrets” A data holder is not able to retain control over how data will be used by a potential competitor once shared. The Data Act needs to specify how the rights and commercial interests of data holders are safeguarded in the case when a data recipient (government or business) misuses non-personal data containing trade secrets. A clearer definition of what a competing service is would also strengthen this section. 
  • Moreover, as access to data and sharing provisions have been included in recent legislation such as the Digital Services Act (DSA), the Digital Markets Act (DMA) and the Platform to Business (P2B) Regulation, it would be advisable to conduct a thorough evaluation of these instruments before adding more rules on top. This would be simpler and help avoid duplication.

Data Portability & interoperability 

Developing new cross-sectoral innovative products and services, startups support portability and interoperability principles. To promote the rollout of new technologies, these principles can encourage takeup and mass-adoption of new products and services. Startups support more portable non-personal data sets and generally welcome more interoperability between different services and platforms. However, to avoid unintended effects on smaller players, interoperability obligations should be proportionate to the technical capacities of the provider at hand. More specifically, startups that are cloud service providers would benefit from:

  • “functional equivalence” obligations that are technically feasible and proportionate to their actual processing capacities; this means that functional equivalence can only apply to those functionalities that both the source and destination providers independently offer;
  • a longer mandatory transition period for completing the switching to other cloud service providers, which is currently set at 30 days, as these can be intensely time consuming, specially for smaller actors with inherently less resources.

Lastly, startups and their representative organisations are willing and needed to contribute to the standardisation process.

Data transfers 

Startup communities are particularly concerned about recent discussions on the extension of the scope of Article 27 from “data processing services” to “data holders”. International data transfers are a key element of a thriving global startup ecosystem. 

We understand that international data transfers themselves are not the main concern in Article 27 of the Data Act. Rather, the focus is on unlawful governmental access in third countries. This is supported by the wording in the Data Act’s Recitals and EDPB and the EDPS Joint Opinion, and should be clarified throughout the text of Article 27 of the Data Act. 

Furthermore, we are concerned that extending the scope of Article 27 of the Data Act to data holders, would mandate startups acting as data holders to perform complex impact assessments for transferring or granting access to non-personal/industrial data, similar to the ones that they have to apply to personal data under the GDPR and the Schrems II decision. This could result in further complexity and extensive compliance burden for startups and would have a significant impact on innovation. 

Instead of putting the legal onus on startups to undertake complex legal assessments, policy makers should create a framework that encourages taking benefit of the global data economy. For instance, by following the example set by the Free Flow of non-personal data Regulation or facilitating the adoption of Mutual Legal Assistance Treaties with third countries the EU can be a pioneer for a globally interconnected digital economy while respecting the financial and technical realities of startups

Conclusion 

The Data Act is built on the idea that the more misallocated or underutilised non-personal data is being shared, the more virtuous cycles in the data economy can be triggered. Allied for Startups and its Members fully support this ambition. Safe transfer of data is a vital asset, especially in startup ecosystems. Startups can make the most out of simplified data access and seamless data transfers. Policy makers should ask themselves if the Data Act is on track to delivering this as it will horizontally impact all non-personal data holders with numerous provisions and obligations. Effectively, compulsory data sharing, mandatory rules on interoperability and restrictions on international non-personal data transfers will work contrary to the intended target. 

For the Data Act to achieve its goal to stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all, policy makers should focus on fine-tuning the data-sharing environment rather than a wholesale reconfiguration of the EU’s digital economy. By narrowing the scope of the text and providing clear definitions, the Data Act can give startups legal certainty and limit broad mandatory obligations or unnecessary restrictions. 

In alphabetical order: 

  1. Allied for Startups 
  2. Asociación Española de Startups 
  3. Beta-i 
  4. BESCO 
  5. Cluj Startups 
  6. Danish Entrepreneurs 
  7. France Digitale 
  8. Italian Tech Alliance 
  9. Roma Startup
  10. Silicon Allee
  11. Startup.be
  12. Startup Hungary 
  13. Startup Poland
  14. SUP46.org
  15. Startup Verband 

You can find the PDF here