The European Data Act has recently entered into force. Its objective is to give businesses, citizens and public authorities more opportunities to use and share data that has until now largely remained in the hands of data serviceproviders and manufacturers that generate such data. The Data Act aims to reduce this so-called ‘data asymmetry’ and to increase data accessibility, notably by granting users greater access to the data generated by their own devices and services. Users of Internet of Things (IoT) products and related services, often referred to as smart devices, are therefore given, among other things, a right to access the data generated by their devices, as well as the right to share that data with third parties.
An example of an IoT product and related service covered by the Data Act is a smart thermostat that collects monthly data on household energy consumption and is linked to an energy managementservice. This service uses the data to provide advice on saving energy. Under the Data Act, users of smart thermostats will have the right to access their own energy consumption data. They can also share this data with third parties, for example: energy comparison services that can use it to provide advice on switching to another service.
The idea that data should be accessible and freely usable is, however, often difficult to reconcile with database law. After all, database law grants the producer of a database an exclusive right over a collection of data. Article 43 of the Data Act seeks to resolve this tension. This blog aims to discuss the implications of the Data Act for database law, with a particular focus on the impact of Article 43 of the Data Act.
First, a brief recap of database law.
Database Law
In the Netherlands, database law is laid down in the Database Act, which implements the European Database Directive. The Act defines a database as a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible. A database qualifies for protection under database law if the producer has made a substantial investment in acquiring, controlling and/or presenting its contents. Such a substantial investment is usually understood in terms of financial resources and/or labour.
Once database rights are obtained, the producer obtains the exclusive right to object to the extraction, unauthorised consultation and re-use of the data contained in the database. Third parties therefore require permission to use this data, for example by entering into a licence agreement.
Returning to the earlier example of the smart thermostat, the manufacturer collects monthly energy consumption data from users and stores it in a centrally managed database. This database underpins the associated energy managementservice, as the database is used to generate consumption analyses and advice for energy saving. Under the Database Act, the manufacturer could contend that it holds database rights in relation to this data collection. After all, investments have been made in collecting the data via the thermostat, setting up the database, maintaining the infrastructure, and ensuring data quality.
What does Article 43 of the Data Act entail?
As noted above, the Data Act grants users and businesses the right to access the data generated by their own IoT products and related services (Article 4 of the Data Act). In addition, they have the right to share this data with third parties (Article 5 of the Data Act).
However, to prevent database holders from using their database rights to block access to IoT data, Article 43 of the Data Act was introduced. This provision clarifies that database rights do not apply to databases that consist of data generated by IoT devices or related services that fall within the scope of the Data Act.
For the manufacturer of the smart thermostat, this means that it can no longer rely on any database rights to refuse requests made by users for access to their consumption data.
What are the consequences of Article 43 of the Data Act for database law?
The introduction of Article 43 of the Data Act raises an interesting question: can databases consisting exclusively of IoT data qualify for protection under database law at all? Such data is generated automatically, which usually means that no substantial investment has been made in acquiring, controlling or presenting it. Moreover, such databases often arise as a spin-off, where the primary investment is directed at other activities and the database merely results as a by-product.
Shortly after the introduction of the Data Act, Article 8a of the Dutch Database Act also entered into force. This provision stipulates that databases consisting of IoT data cannot qualify for protection under database law at all. It clarifies that, even where the substantive requirements for database protection would otherwise be met, Article 43 is intended to ensure that the objectives of the Data Act are not undermined. By entirely excluding database protection for databases composed of IoT data, Article 43 seeks to provide legal certainty for users and third parties.
Conclusion
Ultimately, the purpose of Article 43 is to create legal certainty for users and third parties. It also reflects the broader idea that making data more freely available can foster innovation by enabling the development of new services and applications. It is noteworthy that exclusive rights (such as database rights), which were originally intended to stimulate innovation, may in this context operate as a potential barrier instead. Have exclusive rights as an incentive for innovation simply become outdated?
If you have any questions regarding this topic, please feel free to contact us.
Contact us
