25 May 2023

First, pause and re-think the Data Act. Next, ensure subsequent data-sharing frameworks align

The European Commission’s upcoming Digital Finance package expected in mid-2023 comes at a time when the EU institutions are still negotiating the problematic Data Act. This package may define important provisions for the future of finance and payments. An Open Finance Framework (OFF) may introduce new sectorial data-sharing provisions. The review of the PSD2 could lead to regulatory changes including on mechanisms through which payment data is accessed and shared, and how Europeans pay for goods and services online in an easy and secure manner.

The OFF and the PSD3 will likely build on the still to be defined Data Act as the horizontal data-sharing framework. Therefore, it is crucial to get the Data Act right as a baseline to ensure upcoming sectorial legislation will help the financial sector reap benefits from data sharing. The Data Act should be paused and rethought, to ensure proper consideration is given to sufficiently safeguard trade secrets, cybersecurity, and health and safety in business-to-business data-sharing provisions. In any case, regardless of the final form the Data Act takes, regulatory coherence must be ensured between the three pieces of law.

If poorly designed, the upcoming digital finance package could lead to legal uncertainty and slow down the digitalisation of payments and financial services more broadly in Europe. This digital transformation of financial services is key as it has the potential to deliver a more inclusive, green, prosperous, and secure Europe. For the average citizen, a successful and well-functioning digital finance ecosystem could include recognising financial scams, paying for goods instantly and safely, seamlessly paying and splitting bills, building transaction histories, obtaining loans, and ensured cybersecurity. Amid these opportunities, all market players should be allowed to compete to provide innovative solutions and users enabled to share data with any third party of their choice.

DIGITALEUROPE has identified three specific areas where regulatory alignment is critical.

 

Compensation

Building the infrastructure to enable data sharing requires innovation and significant continuous long-term investment. A key incentive for firms to do so will be reasonable returns on their investment. To this end, it is essential that the Data Act and the OFF align in providing consistent compensation provisions for data holders of all sizes. In this light, the Data Act’s Article 9(3) is problematic and unjustified. Allowing other EU law to reduce or eliminate compensation in sectoral frameworks risks creating significant inconsistencies and leading to market asymmetries. While Europe is still working to grow its bourgeoning data sharing ecosystem, any compensation scheme should be based on market value to incentivise, and not stifle, innovation. Furthermore, compensation should be allowed to extend beyond setting up and maintaining the infrastructure to make data available, recognising the many different legal, organisational, technological, and physical steps needed to make this happen.

 

Standardisation

A lack of alignment of standards will reduce the benefits that stem from data sharing and therefore, the benefits for citizens. A more standardised approach, notably through a common standard for APIs (in the case of the OFF) or at the very least common minimal requirements, is required to foster security and interoperability over existing methods such as screen scraping. Market-driven standardisation must be promoted to address well-documented technical obstacles to data reuse. Chapter VIII of the Data Act should be based on existing work at the level of international and European standardisation organisations. It should acknowledge the work done in the context of PSD2 as the EU’s first data sharing framework. Non-mandatory guidelines from the European Commission could help reach a market-led standard that takes such previous regulatory frameworks into account.

 

Liability

There should be clarity and consistency when regulating on liability across the Data Act, the OFF and the PSD3. It will be key to communicate liability provisions clearly to customers so as to protect their data. In addition, they should take into account the existing liability framework concerning data misuse in the GDPR.

Liability frameworks, fairly allocating liability, should be aligned and homogenous across legislations – e.g. to ensure the same legal criteria are applied to determine third party data misuse. To the extent possible, they should be alike. Furthermore, such liability frameworks should be accompanied by dispute resolution frameworks.

For further information, please contact
Ray Pinto
Senior Director for Vertical Strategy and Business Development
Vincenzo Renda
Director for Single Market & Digital Competitiveness
Laura Chaney
Manager for Executive Outreach
Back to Digital Health
View the complete Policy Paper
PDF
Our resources on Digital Health
16 Dec 2024 The Download
The Download: Targeted adjustments for a future-ready EU product framework
13 Dec 2024 Policy Paper
Strengthening healthcare cybersecurity: Focus on implementation, not new legislation
11 Dec 2024 Policy Paper
Shaping DPP service providers: Building a secure and flexible framework
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept