Step Forward Toward Open Data: The Revision of the Public Sector Information Directive

Based on the huge economic growth potential of the digital technology sector, and on the development of new high added-value services and job creation induced by the reuse1 of information generated or collected from the public sector, Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the reuse of public sector information (Public Sector Information Directive) (PSI) aimed to establish the fi rst basis of the reuse, by economic actors, of such public information.

Public sector information is very diverse. It may be meteorological, environmental, social, cultural, geographical or legal. It may also be data on tourism, companies or education. These data are collected through public utility missions performed by public sector bodies. They offer an extremely rich and diverse primary material that may be used in innovative applications for the benefi t of digital competitiveness and employment. Public sector information resources are rightly referred to as “key resources” (recital 6 of the directive). Indeed, it is objectively impossible to duplicate these data for which public sector bodies have a de facto monopoly on their provision, and access to these data in reasonable conditions is necessary for the development of innovative activities.

Reuse consists in commercial or non-commercial exploitation of public sector information to pursue goals other than those of the public utility mission for which they have been initially produced or collected.

Very dimly normative, the PSI Directive did not oblige the Member States to allow the reuse of their public sector information and let them free to open or not their data to reuse. However, if a Member State had chosen the free reuse, the directive regulated conditions for reuse to harmonise Member States practices and to ensure that they would be fair, proportionate and non-discriminatory.

The PSI Directive held that the Member States might allow for reuse without conditions, especially without fi nancial conditions (open data), or might regulate through a license which provisions would have to be proportionate and nondiscriminatory to prevent the reuse from becoming impossible or to prevent the conditions from restricting competition (especially when a public sector body competes with reusers on the market). That is why the PSI Directive sets principles guiding the Member States for the calculation of the charges in accordance with the principle of marginal cost-oriented charges without excluding a reasonable return on investment. Complying with the principle of transparency, it imposes a pre-publication of any applicable conditions and standard charges.

The public sector body in question had also to indicate which factors would be taken into account in the calculation of charges when it was requested to do so. Finally, it prohibited any exclusive arrangement that was not justified by a provision of a service in the public interest.

Otherwise, the PSI Directive did not apply to data held by educational and research establishments and by cultural establishments (in particular museums, libraries, archives). It preserved intellectual property rights held by third parties and did not affect the protection of individuals with regard to the processing of personal data.

Despite the positive effects of the PSI Directive, the lack of a right to reuse genuinely opposable to the Member States, the low degree of control of financial conditions for reuse and the exclusion of cultural data from the scope of the directive although they are considered to be a particularly rich primary material to incite the development of innovative products, put a curb on the policy of the widest possible opening of public sector data for their valorisation. For example, little mindful of the economic potential in question (the EU market for reuse is estimated at 140 billion euros each year), some public sector entities impose very high charges for reuse to obtain quick maximum recovery of costs and thus erect real barriers to entry into the market.

That is why the current review of the PSI Directive was undertaken. Despite a tense debate between the supporters of open data, i.e. free reuse of public sector information to serve digital revolutions, and the advocates of a gradual regulated opening to shield this collective wealth from what some people see as an uncontrolled mercantile appropriation in favor of a minority, Directive 2013/37/EC of the European Parliament and of the Council amending Directive 2003/98/ EC on the reuse of public sector information was issued on 26 June 2013.

Directive 2013/37 creates a general obligation for Member States to allow reuse for commercial or noncommercial purposes of their freely accessible public sector information, unless they are protected by an intellectual property right held by a third party. In addition, this requirement shall apply to public sector data held by libraries, museums and archives, which were until then out of the scope of the PSI Directive. The right of reuse may be granted without any conditions (open data licenses). When conditions are imposed, they must comply with competition law.

In this respect, in order to ensure the effectiveness of the right to reuse, Directive 2013/37 provides that the total amount charged by public sector bodies be limited to the marginal costs incurred for their reproduction, provision and dissemination. Nevertheless, this rule shall not apply to three cases including the case where the revenue generated by the reuse shall cover “a substantial part of [the] costs relating to the performance of (…) public tasks” and, without any justification, the case of “libraries (…), museums and archives” (6.2). In those cases, the total income “shall not exceed the cost of collection, production, reproduction and dissemination, together with a reasonable return on investment.” Strangely, the Directive makes a distinction between the first case for which charges will have to be established according to objective, transparent and verifiable criteria and the last case for which the compliance to those principles is not required.

Pursuant to article 9 of PSI Directive amended by Directive 2013/37, the data should be provided in a commonly used machine-readable format to ensure they can effectively be read.

Directive 2013/37 provides that negative decisions must indicate the reasons of the refusal and the means of review. In this respect, the case should be heard by an impartial body in charge of supervising the proper application of these rules, such as the national competition authority, the national access to documents authority or a national judicial authority. Contrary to the Commission proposal, the creation of an independent administrative authority is not required anymore.

Directive 2013/37 allows a genuine enforcement of the right to reuse public data while ensuring the protection of third-party intellectual property rights and personal data. However, the availability of cultural data still remains an issue, given the exceptional rules applicable to their reuse, on the one hand, and the dispensatory possibility to maintain exclusive arrangements during a period of ten years when exclusivity is granted in compensation of digitisation of cultural resources, on the other hand. To ensure transparency and loyal competition, it would be necessary that this kind of agreement be awarded after a transparent and non-discriminatory procedure, in so far as they grant to the private party a major economic advantage.

New Year Signals a New Wave of IPOs on AIM

Equity capital markets have been uncertain over

the last few years. Very few companies have been willing to take a chance on raising finance on either the senior or junior equity markets without some kind of compelling external imperative. The typical life cycle of markets during a recession and recovery period has been broken and companies and their investors have felt vulnerable and unable to predict likely outcomes. The result has been a jumpy market with participants playing “chicken” to see who will make the first major move.

There is a sense that this may be beginning to change. Improved economic indicators are giving the markets a flush of confidence. The FTSE All-Share Index has hit a recent series of highs and is 16.09% up on last year (as of 10 Sept 2013). The announcement that Foxtons (the high street estate agency) and Royal Mail intend to float on the London Stock Exchange, indicates that companies and their advisers, are more confident that they will achieve a respectable price and that liquidity is increasing.

Such news and the improving economic outlook are also buoying the UK’s junior market: AIM (Alternative Investment Market). Recent AIM IPO (Initial Public Offering) data indicates an improvement in market sentiments. The second quarter of 2013 witnessed a substantial improvement for Asian based AIM constituents. A total of £473.3m was raised on the AIM market in the month of July 2013 and a total of 15 companies joined AIM. This was the highest total raise on London’s junior market since June 2011, being 243% more than that raised last July, and a 111% increase on June 2013’s total raise. £1.96bn has been raised on AIM year to date, an increase of 23% on the same period in 2012.

Liquidity is being improved by a change in the rules on 5 August 2013 that permits ISA holders to invest in AIM shares for the first time. Following the change, stockbroker, Hargreaves Lansdown, reported a 51% rise in share purchases in AIM listed companies compared with the previous month, and in August, 14% of all money put into shares was invested on AIM, compared with 9.7% in the previous two months – a rise of 44%.

AIM could very soon reclaim its position as a highly liquid and accessible market for capital and start to attract companies from other markets that are unable to raise capital in their home markets.

A reinvigorated junior market will be of crucial importance to the continued growth of UK and international companies. As the economy continues to improve, companies will need to fund growth. To meet demand and take advantage of opportunities they will need capital. The flow of cash from banks to SMEs remains poor. A Federation of Small Businesses survey of 2000 companies published on 9 September found that almost half of those that had applied for a loan in the past three months had been rejected.

With banks not a reliable option, an IPO may be an attractive option, now that the signs are pointing towards increased market liquidity.

Those looking to take early advantage of AIM’s improved fortunes should start work now.

It takes a good six to eight months for a company to prepare for an IPO.

The key stages in an IPO process are: identifying and engaging key advisers; undertaking legal and financial due diligence on the group and its business affairs and preparing legal, regulatory and marketing documentation. Some businesses will also need to consider restructuring their group and share capital prior to an IPO to cater for regulatory and tax issues. Such restructuring may require detailed planning and shareholder approvals. The timetable will be dictated by the outcome of due diligence, clarity on proposed structure of the business and share capital and regulatory requirements.

When embarking on an IPO, management will need to allocate time and management and financial resources to engage credible and experienced advisers. Failing to manage day to day business affairs and the demands of an IPO project properly can jeopardise the IPO and have a detrimental effect on the business.

One of the first steps management should consider is appointing an internal team consisting of senior executives and other key personnel to manage the IPO process and identify areas which will take significant management resources. This should then be complemented by an experienced external advisory team. The advisory team will consist of a nominated adviser/sponsor, brokers/investment banks, reporting accountants, legal advisers (for each relevant jurisdiction) and a PR agency.

The due diligence stage will involve intensive work requiring the management to locate and provide extensive information to advisers, and may result in modification work where documents are found to be incomplete. Management should not underestimate the quantity and detail of documentation required. The due diligence process will also involve the nominated adviser/sponsor and reporting accountants visiting the relevant business sites and interviewing key management.

While the due diligence process is in progress, the relevant advisers with the assistance of the management will commence drafting the key IPO documentation, including a prospectus/ admission document, investor presentations, placing agreement, working capital report and long form and short form financial reports. Prospectuses in the UK and the EU require regulatory approval, and time and resources will need to be allocated for the approval process.

As part of the IPO process, investors will expect management to put in place appropriate corporate governance and share capital structures, which will inspire the confidence and trust required by all shareholders.

The success of any IPO is dependent on the company’s ability to raise the required funds. Marketing the IPO will involve meeting prospective investors during marketing roadshows, which can be highly demanding of management time. The successful completion of an IPO is not the end of the process as life post IPO will present its own challenges. 

This article is a brief version of the original article that was first published in Finance Monthly, September 2013.

Personal Data Risks Prevention A New International Framework

There are signifi cant developments

these days on the subject of data protection. There are two circumstances infl uencing each other at an international level: on the one hand, spying scandals related to the Prism program, and on the other hand, the expected reforms of the main international instruments of data protection. Indeed, the Convention 108 of the Council of Europe and the EU Directive 98/45 are about to be modernised and, our issue at hand, the OECD’s Guidelines from the early 80’s has been updated this past July.

The fact that those Guidelines remain a non-binding instrument does not lead us to underestimate policies which could mutually infl uence the OECD States “and judges” decisions on data protection issues. Those provisions represent a political commitment and a global consensus, prefi guring a ground for a future international custom on data protection laws. The 34 Members States (including the USA) are therefore strongly expected to implement the Guidelines and put them into effect.

We can actually say that the basic rules of data protection, maintained in the new OECD’s text (fairness of the processing, purposes limitation, rights to access and rectifi cation ...), receive a broad consensus. However, since personal data is now dispersed in multiple countries, recombined instantaneously and moved by individuals, risks have considerably increased. Therefore, the actual key point of data protection, and the aim of the Guidelines modernisation, is to prevent damages resulting from security breaches.

Indeed, as a part of the wide “privacy management programs” that all data controllers should now have in place, those controllers should notify signifi cant security breaches to competent authorities and to data subjects. This program, similar to the “privacy impact assessment” of the draft EU Regulation, includes assessment of the risks, plans for responding to incidents and periodic update procedures.

Regarding trans-border fl ows, the new criterion of contractual prevention is recognised (enforcement mechanism), allowing transfers with third parties under the OECD’s Guidelines. The EU “Binding Corporate Rules” could be relevant to implement suffi cient contractual and security safeguards.

The new Guidelines also make the need for “privacy enforcement authorities” with more technical expertise more explicit. National privacy strategies should be effectively coordinated at the highest levels of government, and authorities’ powers are extended to existing public regulators with, for example, a consumer protection mission.

Finally, on the model of the EU-US Safe Harbor framework, the Guidelines call for cross-border enforcement cooperation mechanisms. According to the explanatory memorandum, it should take concrete forms, such as breach notifi cations to multiple jurisdictions, since data breaches affect individuals living in different countries.

All those contributions refl ect a more interoperable approach of risk prevention that both national and international data protection instruments are implementing.