First of all, I’d like to thank you for inviting the French Digital Council to this discussion. I’d like to start by addressing this key question:
What is the free flow of data?
Last April, the French Digital Council (CNNum) issued its first opinion on the European Commission’s consultation on Building a European Data Economy. This could only be a work in progress because there are still many uncertainties on the various uses of data and on the markets that could still emerge in the future.
These uncertainties lead us to one first impression. Maybe what is necessary now is to focus on the specific needs of European industries and consumers. The question should be: What are the concrete measures that can make Europe benefit more from this data economy? And then, what should be the new European digital strategy?
A very strong feeling has emerged from the discussion we’ve had at the CNNum and with different stakeholders. Today, it's not so much national boundaries that create roadblocks to the free flow of data than lock-in and data retention strategies between economic stakeholders. That’s why we promote a CROSS-PLATFORM FREE DATA FLOW.
The obstacles to the reuse and sharing of data lower the benefits that can be reaped from data. Because, more and more often, value doesn’t come from data itself but from its “re-contextualisation” and its crossing with other datasets, especially in the age of artificial intelligence.
So, what we need now, is to identify the situations in which value creation and development of new uses rely on data sharing, and then to propose tools to encourage these data flows.
In short, two scenarios can be identified where data circulation should be better organized:
- First, lock-in strategies by one actor, requiring a principle of portability (1)
- Second, situations where data need to be shared, requiring data sharing tools (2)
1° A portability right could prevent the risk of lock-in strategy by one actor. It could reduce the asymmetries in power between users and providers of cloud computing services and, more generally, data-driven services. This could empower users by reducing switching costs and could have an impact on the negotiation process in contract relationship. Then, it could foster competition between controllers and benefit to new European innovating services supported by this new data flow.
In France, the “Digital Republic Act” introduced a new provision in Consumer Law, which grants consumers a right to the recovery and portability of their data. This right goes beyond the GDPR: it enables consumers to recover, free of charge, all data associated with the user's online account, so not only personal data.
We think that the portability right should concern, tomorrow, both private and professional users for the data they have generated while using a service.
Nevertheless, there are still many questions about the implementation of this potential portability right: What kind of data should be covered? Who should hold this prerogative? How to distinguish personal data from non-personal data? How to resolve conflicts of data portability?
Furthermore, we believe that other access rights should be granted when DATA can be analyzed AS AN INFRASTRUCTURE. This means, when the access to data is essential to enter a market or to develop innovative services for reasons of public interest, for example to develop new services around transport or energy in the age of ecological transition.
2° The second scenario is about data sharing between different economic stakeholders in the context of machine generated data.
We think that, what we need, is to overcome obstacles to the reuse and sharing of data, especially when sectors depend on such organizations in order to develop their services (for example smart building or smart cities). Or to propose new services for customers, for example elderly people home care, with project of cooperation between sensors industries, IoT platforms and ISPs. This shows the potential of COOPETITION in which each actor could benefit sharing data with this “win win approach”.
In certain cases, data sharing could be encouraged by public authorities. For example, the pooled data could be collected by a public body and be aggregated before being reused or redistributed. That’s what the US Bureau of Transportations has put in practice by opening US airline data on air navigation.
More generally, we could promote open standards in application programming interfaces (APIs) and data formats.
We believe that these first steps are crucial in order to build a framework to ensure that data can be used by every actor of the value chain, to ensure that the data economy benefits everyone. The goal of the European Commission should be to foster the emergence of the new data environment encouraging competition and coopetition and the dissemination of innovation capabilities. That is essential to build a European data economy.
DATA LOCALISATION RESTRICTIONS
Now, what about data localization restrictions? Here, the question should be: what is the objective that we are following? We understand that what we need is a less fragmented cloud market, which can enable big European players to emerge.
1° It appeared to us that the fragmentation of the cloud market very much depends on factors outside the legislative sphere. As a study published last year has shown, “perceptions are as powerful as hard restrictions in deterring cross-border data transfers.” Some consumers indeed believe – perhaps for wrong reasons – that the localization of data within their country still provides better security.
The Digital Single Market should therefore focus on information campaigns and efforts to build trust in the sector, such as the "European Secure Cloud" label.
2° If the Commission and member states are to push a legislative initiative, we need, however, to regulate with extreme caution. Indeed, we need to prevent the harmonization of national localization provisions from becoming a race to the bottom.
Three prerequisites should be a condition to any legislative initiative concerning the lifting of data localization restrictions:
- the definition of exacting standards with respect to data security,
- a convergence on strict guarantees concerning storage of sensitive data,
- and increased European cooperation with respect to access by the authorities to certain data, particularly as part of court cases. Special caution should be exercised concerning the free flow of social and tax data, in the context of efforts to combat tax evasion.
FREE FLOW OF DATA IN INTERNATIONAL TRADE AGREEMENTS
To conclude, the members of the Council wanted to remind the Commission that defining a European framework for the free flow of data should not preclude the inclusion of such a principle at international level. We must avoid a domino effect.
Such an inclusion would raise major issues regarding competitiveness, consumer protection and respect of basic rights. On the one hand, the strong imbalance between the European digital industries and the non-European digital giants calls for an essentially defensive strategy. On the other hand, the inclusion of this concept could undermine the sovereignty of European countries in terms of regulation, taxation, security and public policies. In this respect, it is essential not to play down the economic, social and political value of data; its flows shape value transfers in the 21st century and we are still struggling to evaluate its significance.
(Célia Zolynski's intervention : 1:30:00 -> 1:37:00)