BRUSSELS – Today, in a submission to the European Commission public consultation on the Data Act, global tech trade association ITI underscored the importance of preserving an environment for data-driven innovation in the EU by incentivising data sharing, safeguarding international data flows, and relying on industry driven standards.

“Incentives rather than mandates are the most effective tool to encourage data sharing for companies while safeguarding companies’ investments in data innovation,” said Guido Lobrano, ITI’s Vice President and Director General for Europe. “The Data Act should encourage and support the flow of data across borders. Any measure potentially restricting international data flows should be avoided as much as possible to enable businesses in the EU to grow and compete internationally.”

ITI’s key recommendations include:

  • Business-to-Government (B2G) data sharing should remain voluntary in all cases incentivized by encouraging investments, for instance in privacy enhancing techniques.

  • Voluntary agreements between companies should remain the basis for Business-to-Business (B2B) data sharing. Model contractual clauses could be an innovative tool to incentivize data sharing, so long as they remain voluntary.

  • More clarity is needed on how a “B2B fairness test” would work in practice. Any measure should consider potential risks of introducing uncertainty in certain business models or of slowing down commercial contracting.

  • Legal requirements on cloud portability are premature before the evaluation of the SWIPO codes of conduct. Should the evaluation show no impact, any action on data portability must be targeted and avoid a one-size-fits-all approach.

  • Real time portability is not necessary nor a condition to move data between services. Instead of imposing technical specifications to complement article 20 of GDPR, the European Commission should look at an approach based on providing transparent information to users.

  • The European Commission should be cautious about introducing any new measure potentially restricting international data flows. Data localisation is not a solution to perceived risk around exposure to foreign jurisdictions.

  • Work on third country access to data should build on existing workstreams, such as on the e-evidence proposal, the OECD work on law enforcement access to data held by private companies, the Budapest Convention, and ongoing international negotiations.

  • An obligation to report all law enforcement access requests to users of Cloud Service Providers would not always be possible in practice, even within the EU. In addition, any transparency obligations for Cloud Service Providers should be relevant, proportionate, non-discriminatory must ensure a level-playing field.

Read the full submission here.