We've previously commented in some depth on the EU's Digital Single Market proposals, most of which are currently out to consultation. Last week (19th April 2016), the European Commission presented the first industry –related package under the DSM, with the release of its Communication on "Digitising European Industry – Reaping the full benefits of a Digital Single Market" and three additional related Communications.

Digitisation of European Industry

The Commission's Communication and its accompanying documentation contain a comprehensive set of proposals and initiatives which are principally designed to:

  • Create a more harmonized framework to coordinate existing national and regional "digitisation" initiatives across the EU. Countries such as Germany and Italy already have national initiatives for promoting “Industry 4.0,” (as policymakers like to call it). The plan moving forward is to coordinate these on an EU level, building a network of “digital innovation hubs” and setting up large-scale pilots to strengthen the internet of things (IoT) and other technologies. 
  • Boost investment in strategic public-private partnerships and networks as the main vehicles for R&D in digital technologies in industry across all sectors through. 
  • Prioritise and speed up the development of common ICT standards to boost digital innovation with a particular focus on 5 priority areas: 5G communication networks, cybersecurity, cloud computing, IoT and data technologies 
  • An E-Government action plan to modernise and transform digital public services, which includes measures to set up a digital single gateway for more efficient cross border information sharing and assistance, as well as a cross-border e-justice portal to interconnect all existing business and insolvency registries. 
  • Create a new world class European Open Science Cloud that will offer Europe’s 1.7 million researchers and 70 million science and technology professionals a virtual environment to store, share and re-use their scientific research data across disciplines and borders.

Providing the right regulatory conditions

The Communication also indicates that the Commission's will, with the support of industry and Member States, "propose in 2016 a legislative initiative on the free flow of data within the EU", to tackle "unjustified" rules that require data to be stored locally within an EU country.

Related to this, the Commission will "examine in greater detail the emerging issues of data ownership, access and re-use rules, including as regards data in an industrial context and especially data generated by sensors and other collecting devices" and "explore the legal frameworks for autonomous systems and internet of things applications".

Looking at these initiatives in more detail:

Free flow of data initiative

The Commission believes that the large amounts of data generated by modern technologies (like sensors, satellites and digital images, purchase transactions and GPS signals etc.) "represent a goldmine for research, innovation and new business opportunities". It is therefore committed to removing unnecessary restrictions and national borders that mean data ends up being stuck in expensive data centres. The Commission will also assess the different legal and technical obstacles and define measures to address them. Plans to pool research data and data storage and processing power from across the EU were also unveiled. In short – the Commission's goal seems to be nothing short of an EU big data gold rush.

Such goals are ambitious and on paper at least, business friendly. But it's not immediately clear how the initiative will work in the context of the wider EU data protection regulatory landscape. Personal data is already heavily regulated by the European Data Protection Directive, and will soon be subject to even greater regulation under the new EU General Data Protection Regulation (GDPR) (which will replace the Directive in 2018).

The GDPR will put in place one data protection law for the whole of Europe thereby replacing the current patchwork of national laws and regulation – something that will on the face of it, support the Commission's goal to break down national regulatory barriers as part of the free flow of data initiative.

However, in many respects, far from facilitating big data initiatives, the GDPR places a greater emphasis on data minimisation, privacy by design and privacy by default, and includes an expanded definition of "personal data" so that it captures an even wider set of data (e.g., IP addresses and device identifiers). Biometric and genetic data will also be considered "sensitive personal data" and therefore subject to greater regulation.

These new requirements are on top of existing restrictions on EU data exports, an area in which the options available to organisations seem to be reducing every other month. If one adds to this mix recent EU regulatory guidance which, typically, sets very high standards of compliance (see e.g., the recent Article 29 Working Party Opinion on the Internet of things), and it is easy to see how the ambitious goals of the free flow data initiative may not be that easy to reconcile with legal requirements and regulatory expectations. No doubt, the industry will await developments in this area with great interest.

Common standards for the Internet of things

The Communication outlines proposals to address a number of issues with the IoT, which seems to be a clear political effort to try and ensure that the EU remains an attractive place to invest in the research, development and commercialisation of current as well as future connected technologies (particularly the driverless car) and to ensure that the EU remains competitive with the China and US in this space.

In particular, the Commission has unveiled plans for:

  • A single market for IoT basedon the development of common standards and interoperable solutions to facilitate the seamless connectively of devices (on a plug-and play basis) anywhere in the EU. The Commission also calls for an overhaul of the current legal framework in relation to data protection, safety and liability to make it "fit for purpose". 
  • Open IoT ecosystems should be developed through open environments working across silos to support developer communities to innovate. 
  • A human centred IoT, based on high standards for the protection of personal data and security. In particular, the Commission calls for businesses to develop and adopt a "Trusted IoT label" to give transparent information to consumers about the different levels of privacy and security, and where relevant, to demonstrate compliance with the EU's Network and Information Security Directive (see our earlier article on this as well as our previous blogs on the IoT here and here).

The Commission's plans are nothing short of ambitious but we will have to wait to see what standards are defined, how they will be reconciled with the forthcoming GDPR and current EU regulatory guidance and importantly, how they will be received by industry.