Insights on Data Sharing in the Industrial and Manufacturing Sector

Increased, voluntary data sharing within the Industrial and Manufacturing sector is expected to enable companies to optimise existing processes and to develop new products, data intensive applications as well as artificial intelligence systems and create new businesses. According to the EC, the workshops with stakeholders have, however, shown that in order to be able to talk about an efficient industrial data space, “a critical mass” of manufacturing companies should join the space and start sharing data among themselves, within shared infrastructures. This could also motivate technology providers to adapt their technology solutions to meet the requirements for data sharing.² The EC is funding a coordination and support action through Digital Europe Programme to create governance models and identify common principles of data sharing in the Industrial and Manufacturing sector.

The draft Data Act has raised several questions and concerns within the Industrial & Manufacturing sector, with one of the most compelling questions being the actual scope of the industrial data subject to the mandatory data sharing obligation.

The proposed Data Act, on the other hand, will impose concrete, mandatory obligations on, among others, manufacturers of IoT (the Internet of Things) devices, to share (without delay, for free and in real-time!) data generated by the use of such IoT devices and/or related services in the industrial context, excluding, however, any information derived or inferred from this data. The Data Act targets industrial ‘non-personal’ data and will apply also in the industrial setting to data generated by the use of industrial IoT machinery. The draft Data Act has raised several questions and concerns within the Industrial & Manufacturing sector, with one of the most compelling questions being the actual scope of the industrial data subject to the mandatory data sharing obligation. The reason for this is that many IoT machinery makers are concerned of leakage of their trade secrets within the data despite the safety mechanisms introduced by the Data Act, as well as the impact on monetising their existing data-driven services.

Both the recently published position of the European Parliament³ and the fifth presidency compromise text⁴ by the Council of the EU, have modified the original EC proposal text regarding the scope of data subject to the sharing obligation. In both versions, the scope of data to be shared would extend, in addition to the data generated by the use of such IoT devices and/or related services, to metadata as well as data, that has been pre-processed or modified into an understandable form in order to be further used by a third party. The Parliament would apply the obligation to share to data “in the form in which they have been collected, obtained or generated by the connected product, along with only the minimal adaptations necessary to make them useable by a third party”. The Council has noted that the data should include data that is “pre-processed for the purpose of making it understandable and useable”. Both exclude from the scope further results of processing or information derived from the data.

The device manufacturers appear to call for a carefully framed and narrow definition of data including only raw data generated by or during the use of the product, excluding any processed, derivative data. In order to preserve the service earning logic around value-added services as part of an industrial IoT offering, many device manufacturers would wish to explicitly exclude downstream data together with any other derivative data from the scope of mandatory sharing obligation.

We note, first of all, that at the time of writing this article, the Council has not yet adopted its final amendments on the Data Act proposal, and more importantly the exact scope will be defined through the trilogies between the Council, Parliament and the EC. The different views and wordings highlight, however, the fact that the nuances in the final text may have an important effect on the device manufacturers’ obligations to share data. The device manufacturers appear to call for a carefully framed and narrow definition of data including only raw data generated by or during the use of the product, excluding any processed, derivative data. In order to preserve the service earning logic around value-added services as part of an industrial IoT offering, many device manufacturers would wish to explicitly exclude downstream data together with any other derivative data from the scope of mandatory sharing obligation.

Another important question relates to trade secrets. The draft Data Act includes protection mechanisms such as contract-based confidentiality undertakings, but they do not appear to be effective in all situations. In an industrial environment, service provider markets are often rather limited and operators are regularly very knowledgeable and specialised in their field. Trade secrets included in a competitor’s data could potentially be quite easily readable “in between the lines”. Both the Council of the EU in its compromise proposal and the Parliament in its final report have attempted to further clarify how trade secrets would be protected under the Data Act and the trade secrets directive. The Council’s latest compromise proposal includes a possibility for the data holder not to disclose certain data if it is able to demonstrate that it would highly likely lead to serious economic damage. Such an element has sparked discussion as there is a fear that the change would give manufacturers too much control. Ultimately, while trust (invoked by confidentiality undertakings) is good, control (secured by non-disclosure) might be better, at least according to the device manufacturers. Therefore, the final form of the scope of the data sharing obligation is eagerly awaited.

Further, some industrial players might also be wondering whether the Data Act will obligate manufacturers to make their devices “smart” and turn on any connectivity features within a device if that is possible even if not agreed with the users. This question boils down to the definitions too. In the Commission’s proposal for the Data Act, a ‘data holder’, on which the data sharing obligations are imposed, would include the party that through control of the technical design of the product and related services has the ability to make certain data available. In the draft legislation adopted by the Parliament only the technical ability would not yet make anyone a data holder, but rather the actual access to the data, which makes more sense in our opinion.

In line with the objectives of the EU Data Strategy a vast amount data should be opened up to the users and all in a form that they will eventually be able to make further use of. However, the Data Act, if and when it enters into force, should not lead to a situation where the highest performing innovators are afraid of offering new data intensive technologies in an attempt to retain their competitive edge. It will be interesting to monitor how the text of the Data Act shapes up towards its final version. In the meantime, we look forward to continuing the impact assessment and gradual implementation step plans within all strategic economic sectors subject to the Data Act, including also Industrial and Manufacturing companies.

¹Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A European strategy for data, COM(2020), 19.2.2020.
² Commission Staff Working Document on Common European Data Spaces, SWD(2022) 45 final, 23.2.2022.
³ Amendments adopted by the European Parliament on 14 March 2023 on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) (COM(2022)0068 – C9-0051/2022 – 2022/0047(COD)).
⁴ Proposal for a Regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data. (Data Act) – Fifth Presidency compromise text by the Council of the European Union 6360/23, 21.2.2023

Article Series: Common European Data Spaces Being Developed in Strategic Economic Sectors