Fuzzy Anonymity Rules Could Stymie EU’s Big Data Sharing Ideas
The EU wants to see more non-personal data shared between businesses, but that could prove easier said than done. On 19 February, the European Commission presented a three-part package to boost Europe’s digital economy, including a European strategy for data.
Buried beneath the headlines about artificial intelligence is a set of policy options that Internal Market Commissioner Thierry Breton believes could herald a new age of European data success.
As former CEO of Atos, Breton is well aware of the value of business data and wanting to leverage that for the European economy seems like a “no brainer.” But lurking among the proposals are some ideas that have given the tech sector cause for consideration.
One of the suggestions to encourage data sharing across the bloc is to give public subsidies to a so-called “European cloud,” prompting cries of “protectionism” from outside the EU.
Breton is clearly worried that Europe is lagging behind the U.S. and is at the mercy of much-demonized “Big Tech”. He admitted that Europe has lost the race to monetize personal data through B2C platforms, but he sees an opportunity to pivot to B2B or industrial data-driven services.
“Many decisions that strongly affect the lives of citizens and businesses are taken by private gatekeepers, based on their exclusive access to all data generated within their ecosystems,” says the Commission Communication.
“Europe has everything it takes to lead the ‘big data’ race, and preserve its technological sovereignty, industrial leadership and economic competitiveness to the benefit of European consumers,” added Breton.
Although this data trove is supposed to be non-personal data only, Matthew Lowell from the Malta Council for Science and Technology speculated that “the concept of data spaces is particularly relevant, where the government will amalgamate private and public data to provide readily available information on specific sectors.”
Quite apart from the obvious competition problems with data sharing between companies, there are a lot of issues of privacy and data protection concerns in connection with sharing data. The line between personal and non-personal may be clear in theory, but separating personal and non-personal data for the purpose of practical application is loaded with great legal uncertainty and comes with the risk of massive sanctions.
Margareta Chesaru, Public Affairs Manager at UiPath said: “When it comes to the EU plans on data sharing, it’s crucial to ensure that no commercial confidential or personal data is exchanged without the consent of the rightful owners of such data. To make it practicable, any framework for B2B data sharing would need to consider the scope of use of such data and the corresponding usage rights, without affecting the contractual clauses.”
But there are other problems. Clear, legally approved, methods of anonymization have not yet been established. Although Europe’s data protection laws are the most advanced in the world, they do not explain in technical detail the route to achieving “anonymized” data.
Some sources are even concerned that anonymization of data is a category of data processing in itself and therefore needs the consent of the data subject. All this leads to massive restrictions for processing data in companies for training AI for example and even more for sharing data. Purpose limitation could prove a stumbling block.
Although Breton’s proposals to boost the European big data economy were welcomed in principle by most of the tech sector, all the problems listed above mean that what is sound in theory may not work in practice.
“There is enormous potential around building up a data economy. It is essential for shifting value chains into the digital age, since value creation is moving increasingly from mere product manufacturing to offering services and providing for possibilities,” explained Benjamin Ledwon, head of Bitkom’s Brussels office. “But forcing data access by law is no help in promoting a data economy. On the contrary, it will prevent enterprises from investing in data mining. Moreover it is not perceptible how a data access right can be adequately balanced with existing rights of the data-holder derived from intellectual property or know-how-protection for example.”
The value of data depends on the analytical purpose, the analyzing abilities of an enterprise, and last, but not least, on the market, pointed out Ledwon. “As an economic principle, no one is willing to share data for free. So for example the remuneration for sharing data on social networks consists in the access to this network and in using its services. It is not evident why a single user should be entitled to further remuneration.”
How many times have we heard that “data is the new oil”? Would the EU expect oil companies to give away their product by the barrel load – recent market upheaval notwithstanding?
The Commission has worked hard to free up big data from governments and other public bodies so that it can be put to use by researchers and entrepreneurs, but asking businesses whose USP relies on their “secret sauce” to do the same was always going to be a tougher ask. Until difficult, technical questions about anonymity are answered many will simply not be able to share data even if – and it remains a big IF – they wanted to.