In this eleventh article in our series on "Big Data & Issues & Opportunities" (see our previous article here, we will focus on legal instruments imposing data sharing obligations on private undertakings.
The previous (and upcoming) articles in this series offer a good overview of the most common legal challenges encountered by private companies trying to share data with or access and use data from other companies. Barriers to private sector data sharing are however not only of a legal nature. Many commercial and technical barriers also come into play. The EU legislators have therefore adopted instruments that impose data sharing and which may impact a company's control of, access to, or use of data. Such legislations are usually sector-focused and provide for an array of rights and obligations in relation to specific types of data in particular circumstances. While this article in no way provides an exhaustive list, it attempts to offer a succinct examination of those pieces of legislation imposing data sharing obligations that are most relevant to the transport sector.
Intelligent Transport Systems
The advent of Intelligent Transport Systems has shown a proliferation of legislative instruments imposing data sharing obligations on private actors, among others for safety purposes and to provide transparent information to end-users. In 2010, a legal framework was adopted to foster the coordinated deployment of Intelligent Transport Systems in Europe. Directive 2010/40/EU aimed to establish interoperable and seamless ITS systems across the EU, while leaving it up to the Member States to decide which systems to invest in. The Directive moreover empowered the European Commission to lay down a range of specifications for ITS systems, in the form of delegated acts. Many of these contain data sharing obligations, as will be addressed briefly below.
While the delegated regulations adopted pursuant to the ITS Directive focus on road transport, Intelligent Transport Systems are not limited to that mode of transport alone. We may therefore expect future regulation in this respect for rail, air, and maritime and inland waterways transportation as well. Another notable evolution is the increased adoption of technical specifications and standards for information sharing in the various modes of transport. Technical specifications have for instance been adopted for information exchange both in the domain of passenger rail services and in the domain of rail freight services. This is in part due to the fact that Intelligent Transport Systems entail pressing interoperability issues, which increase the need to adopt such technical specifications. We can therefore expect more technical specifications to be adopted in the future, which might in turn entail additional data sharing obligations.
Overview of data sharing obligations in the transport sector
This section offers a very succinct overview of the most relevant legislative instruments imposing data sharing obligations in the transport sector.
- Commission Delegated Regulation with regard to the provision of EU-wide multimodal travel information services: In order to achieve its goal of providing seamless Union-wide multimodal travel information services, the Delegated Regulation introduces a number of obligations to facilitate the exchange and reuse of data. Notably, all transport operators, infrastructure managers and on-demand service providers – both private and public – will have to provide travel and traffic data about the relevant mode of transport to a centralised national access point for such data. The data cannot simply be supplied as is, but certain conditions will have to be fulfilled.
- e-Call Delegated Regulation: This lays down specifications for the location – operated either by a public authority or by a private organisation recognised by the Member State – where ITS systems emergency calls are first received, the so-called public safety answering point (PSAP). It is determined that this point must have access to an appropriate geographical information system, allowing it to identify position and heading of the vehicle. This information must in turn enable the PSAP operator to provide the location and certain other data to the appropriate emergency service or service partner.
- e-Call Regulation: This instrument requires vehicle manufacturers to ensure that a vehicle's precise location, its identification, the time of incident and the direction of travel are transmitted to emergency services in case of a serious accident.
- Delegated Regulation on road safety-related minimum universal traffic information: This imposes on both public and private road operators and/or service providers an obligation to detect and identify events and conditions and to collect the relevant road safety-related traffic data. The latter must then be shared and exchanged through a national access point, where it will be accessible for reuse.
- Commission Delegated Regulation with regard to the provision of information services for safe and secure parking places for trucks and commercial vehicles: The objective of this Delegated Regulation is to optimise the use of parking places and to facilitate drivers’ or transport companies’ decisions about when and where to park through the deployment of information services. To this end, both static and dynamic data on safe and secure parking areas must be collected by all public and private parking operators and service providers and be supplied in standardised machine-readable formats to a national access point.
- Delegated Regulation with regard to the provision of EU-wide real-time traffic information services: This instrument seeks to provide appropriate framework conditions enabling the co-operation of road authorities, road operators and any other ITS service providers involved in the traffic information value chain, and to support the interoperability, compatibility, and continuity of real-time traffic information services across Europe. Road authorities and road operators collecting certain road data must provide this in a standardised format, if available, or in any other machine-readable format to a national access point
- Directive establishing an Infrastructure for Spatial Information in the European Community (the “INSPIRE Directive”): The INSPIRE Directive lays down rules to set up an infrastructure for spatial information, which is information directly or indirectly referencing a specific location or geographical area and includes information related to transport networks, for the purpose of EU environmental policies. While the Directive is mainly aimed at public authorities, it recognises that certain relevant spatial datasets and services are held and operated by third parties. Therefore, private parties should also have the possibility of contributing to the national infrastructures, but this is made subject to certain conditions.
- Advance Passenger Information Directive: Air carriers must communicate information concerning passengers, and thus "personal data" to certain authorities for the purpose of combating illegal immigration. This legislation has little to no impact from a commercial perspective, as the data is not made publicly available and competitors thus have no access to the collected and transmitted data.
- Regulation on rail passengers’ rights and obligations: This is primarily an instrument of consumer protection. Pursuant to this Regulation, railway undertakings must provide passengers with specific information related to their journeys, including time schedules and conditions for the fastest trip as well as the lowest fares, information on accessibility and access conditions for bicycles and disabled persons and any activities that are expected to disrupt or delay the services. Ticket vendors offering transport contracts on behalf of railway undertakings are under the same obligation. Railway undertakings must additionally provide a limited amount of information during the journey.
- Vehicle Emissions Regulation: This Regulation not only regulates vehicle emissions for small passenger and commercial motor vehicles, but also lays down rules on accessibility of vehicle repair and maintenance information ("RMI"). It imposes an obligation on EU car manufacturers to provide unrestricted and standardised access to vehicle RMI. Access must be given through websites using a standardised format in a readily accessible and prompt manner. Manufacturers are not allowed to discriminate against independent operators involved in the repair and maintenance of motor vehicles, which are often SMEs. Therefore, when a consumer buys a certain vehicle, the manufacturer cannot lock out independent repair workshops and make that person visit an approved workshop to get repair and maintenance. Notwithstanding the obligation to grant access to RMI, manufacturers are entitled to charge "reasonable fees" for this service.
- Car Labelling Directive: This aims to help consumers choose vehicles with low fuel consumption by requiring dealers in new passenger cars to provide potential buyers with useful information on these vehicles' fuel consumption and CO2 emissions. This information must be displayed on the car's label, on posters and other promotion material, and in specific guides.
- Vessel Traffic Monitoring Directive: This Directive was adopted to help prevent accidents and pollution at sea and to increase the efficiency of maritime traffic. It introduces a number of information sharing obligations on certain categories of ships, which must, among others, be fitted with an automatic identification system ("AIS"). The Directive also requires any operator, agent or master of a ship bound for an EU port to inform the relevant port authority within a certain time scale of certain information items, including ship identification, port of destination, estimated time of arrival and total number of persons on board. Certain mandatory ship reporting systems are also addressed.
Illustration in the transport sector: The European Union Location Framework ("EULF") Transportation Pilot was designed to improve the dissemination of updated road safety information between road authorities and private sector map providers across borders. One of the pilot's aims was moreover to test the feasibility of reusing spatial data collected and disseminated on the basis of the INSPIRE Directive within the ITS community. To this end they created a pan-European platform and web service to provide up-to-date, authoritative, interoperable, cross-border, reference geo-information for use by EU public and private sectors and compliant with the INSPIRE Directive. It was found that the INSPIRE transport network data was an important source of data when national road databases are not available.
The data sharing obligations that follow from the above legal instruments vary based on a number of factors, including reasons of public interest that have led to the adoption of the legislative instrument, such as for instance enhancing road safety or facilitating Union-wide interoperability for particular services. Furthermore, while creating increased consumer transparency is an objective of many of the examined data sharing obligations in the transport sector, some also include mechanisms to protect and limit the disclosure of certain types of data, such as commercially confidential information.
In terms of remuneration, a distinction can be observed between situations where data must be provided to public authorities only and those where the data is to be shared to a wider community including private stakeholders. When the legislation only imposes data sharing to authorities, it should usually be provided free of charge. Where such data sharing must however be extended to include private actors, undertakings are typically allowed to demand some kind of remuneration. A similar distinction applies depending on the nature of the purpose pursued. If an instrument mainly concerns data sharing for public safety purposes or other purposes of public interest, no remuneration for the mandatory data sharing is included. However, where data sharing obligations are imposed in order for innovative and competitive services to be developed on the basis thereof, the data provider may usually request at least a reasonable remuneration.
Interestingly, some of the more recent legislative instruments refer to the conditions for access and reuse imposed on public sector bodies in the PSI Directive. It would be useful to monitor future developments to know whether this is an approach that will be increasingly adopted with regard to private sector data sharing obligations. Another emerging trend is the requirement for information sharing to be done through a centralised access point.
Other data sharing obligations
Unfair Contract Terms and Unfair Commercial Practices
To a limited extent, data sharing obligations may also arise under the legislation relating to unfair contract terms and unfair commercial practices when a data-holding company is preventing access to data in a particularly unfair manner.
The Unfair Commercial Practices Directive protects consumers against misleading acts or omissions from a trader. The latter is for instance under an obligation to inform consumers if any data supplied by them to access the trader’s service will be used for commercial purposes. Not providing such information may be considered a misleading omission of material information, prohibited under the directive.
The Unfair Contract Terms Directive seeks to protect consumers from unfair standard terms in consumer agreements by stipulating minimum rules in this respect. Its scope is broad enough to cover standard terms on the treatment and analysis of data. The Directive’s main principle is that standard contract terms are considered unfair if, to the consumer’s detriment and against good faith principles, they cause a significant imbalance in the respective rights and obligations of the contracting parties. While this legislation is in principle applicable only to contracts in a business-to-consumer relationship, some Member States apply it (or its principles) to business-to-business relations as well. A drawback however is the fact that the indicative list of unfair contract terms annexed to the Directive does not reflect any of the challenges of a modern data economy.
On 26 April 2018, the European Commission published a proposal for a Regulation on promoting fairness and transparency for business users of online intermediation services (the "Platform-to-Business Regulation"). Inter-institutional agreement was reached on the proposed Regulation on 13 February 2019. The Regulation aims to create a fair, transparent and predictable business environment for smaller businesses and traders when using online platforms.
The Regulation will apply to online platform intermediaries and online search engines providing services to businesses that are established in the EU and that offer goods or services to consumers located in the EU.
Online platform intermediaries include:
- Third-party e-commerce market places (e.g. Amazon, eBay, etc.);
- App stores (Google Play, Microsoft Store, etc.);
- Social media for business (e.g. Facebook pages, etc.); and
- Price comparison tools (e.g. Skyscanner, etc.)
Online search engines in scope of the Regulation are those services that allow users to perform web searches on the basis of a query on a subject and return links corresponding with that search request.
The Platform-to-Business Regulation may have an impact in respect of data sharing obligations, as it would inter alia require online intermediation services providers to:
- ensure that their terms and conditions aimed at professional users are both easily understandable and available; and
- include in their terms and conditions a description of what data provided for or generated through their services can be accessed, by whom, and under which conditions.
In addition, both online platform intermediaries and online search engines would be required to list the main parameters (such as characteristics of the goods and services, relevance of those characteristics for consumers, and website design characteristics) determining how goods and services are ranked in search results. The Regulation however provides that such obligation should not require online intermediation services or online search engines to disclose any of their trade secrets.
When businesses wish to access and use a particular dataset generated and/or held by another economic operator, they usually attempt to enter into negotiations with the aim of concluding an agreement. Such negotiations will not always succeed however, particularly if the data-holding company does not see sufficient economic interest in granting the other party access. That party could then, under certain circumstances, invoke general competition law to gain wider access to the data. It should be stressed however that a refusal to grant access does not of itself sufficiently justify intervention through competition law. Refusal is not illegitimate where a company’s exclusive control over and access to data provides it with a competitive advantage and thereby creates the necessary incentive to invest in data-driven business models.
Striking the right balance between access to and legitimate control of data is thus a delicate task. The Court of Justice of the EU in its case law developed four conditions that must be fulfilled before an obligation to license the use of privately-held commercial information is imposed. These include the requirements that: (i) the data is absolutely necessary for the downstream product; (ii) there would be no actual competition between the upstream and the downstream product; (iii) refusal would prevent the second product from being developed at all; and (iv) the refusal cannot be justified by objective reasons.
It should moreover be noted that, while competition law allows enforcers to ban existing and identifiable anti-competitive conduct of data-rich businesses, they are not well equipped for regulating markets ex ante. It often takes years to achieve results from actions based on competition law. This is a major drawback for private companies seeking to gain access to datasets for their business today.
For a further analysis of the impact on competition rules on (big) data, we refer to our upcoming article on the topic, which will be the fourteenth article in our series.
An entirely different way of imposing data sharing obligations is by including them as conditions in public tenders. This possibility was suggested by the SPICE (Support Procurements for Innovative transport and mobility solutions in City Environment) Project in the context of public authorities contemplating procurement of Mobility as a Service ("MaaS") schemes. Recognising the fact that open data is essential to MaaS development, they entertained the possibility of using public procurement to encourage open data (from private actors) by setting data sharing obligations in public tenders. The creation of an open interface (API) and open platform by the private company chosen for the tender could encourage start-ups and SMEs to develop innovative services.
While private companies often generate huge amounts of data, they are not always prepared to voluntarily share this data outside the company. This is due to the large number of legal, commercial and technical challenges associated with private sector data sharing. In certain circumstances, private companies are therefore legally required to share their data.
Our analysis of the body of legislation specific to the transport sector shows that data sharing obligations are increasingly adopted in the context of Intelligent Transport Systems. In the framework of the ITS Directive, numerous data sharing obligations were established, mostly in the domain of road transportation. In general, data sharing obligations appear to vary based on a number of factors, including the reasons of public interest that have led to the adoption of the instrument, such as for instance enhancing road safety or facilitating Union-wide interoperability for particular service.
Overall, a clear increase can be observed in legislation imposing data sharing obligations, which can be linked to the development of Intelligent Transport Systems. In this respect, the European Commission should carefully consider whether the imposition of such general data sharing obligations is in each case equally necessary. An alternative that may be less burdensome but that could perhaps generate useful results could be to stimulate data sharing by including data sharing obligations in public tenders.