Shaping Europe’s Digital Future: The European Commission’s Digital Package

The European Commission has just published three important policy documents that outline its ideas and vision for Europe's digital future. A key aim is to create a single European data space, “a genuine single market for data, open to data from across the world where personal as well as non-personal data, including sensitive business data,” are secure and accessible to businesses. Our IT and Digitalisation team give an overview of the highlights from this digital package.

The three policy documents in the digital package comprise a communication on Shaping Europe's Digital Future, a communication on A European Strategy for Data, and a White Paper on AI which is accompanied by a "Commission Report on safety and liability implications of AI, the Internet of Things and Robotics".

The objective of the Commission is to create an attractive policy environment so that, by 2030 – the target date of the UN’s sustainable development goals – the EU’s share of the “data stored, processed and put to valuable use in Europe at least corresponds to its economic weight, not by fiat but by choice”. The goal behind the creation of a single European data space is ambitious. This space should be one where EU law can be enforced effectively and where all data-driven products and services comply with the relevant single market norms.

To achieve this end, the digital package proposes several measures. These include:

  • legislative measures such as a Digital Services Act by the end of 2020 and a Data Act in 2021;
  • a governance framework for data use and access; and
  • investment in infrastructures, research and skills.

Highlights from the digital package, in particular, the proposed legislative measures, are discussed below.

Shaping Europe's Digital Future

This document outlines a five-year policy roadmap for Europe's digital future. It recognises that some platforms have acquired significant scale that has effectively allowed them to act as private gatekeepers to markets, customers and information. The Commission will further explore ex ante rules to ensure that markets characterised by large platforms with significant network effects acting as gatekeepers, remain fair and contestable for innovators, businesses and new market entrants. The content of any such rules will only be known towards the end of this year when the Commission is expected to publish its Digital Services Act package.

The document also calls for a universally accepted public electronic identity that will enable consumers to control their online identity when authentication is needed to access certain online services. A key action announced in this document is the revision of the eIDAS Regulation to improve its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans.

A European Strategy for Data

A key proposal in this policy document is the creation of nine common EU data spaces across the following sectors: industrial (manufacturing), mobility (transport), health, finance, energy agriculture, public administration, skills and the European Green Deal priority action on climate change. The Commission will explore the need for legislative action on issues that affect relations between actors to provide incentives for horizontal data sharing across sectors, to complement data sharing within each of the aforementioned sectors. Among the issues that the Commission could also look at, and that may be taken forward in a Data Act are: fostering business-to-government data sharing for the public interest, usage rights for co-generated data between private actors (which are currently laid down in private contracts), as well as compulsory access to data under specific circumstances.

Another issue mentioned in this document is “enhancing” the portability right for individuals under Article 20 of the GDPR to give individuals more control over who can access and use machine-generated data. This could be done through stricter requirements on interfaces for real-time data access or by making machine-readable formats compulsory for data from certain products and services, such as from smart home appliances or wearables.

The objective of the European data space is that businesses in the EU will have the possibility of building on the scale of the single market in that common European rules and efficient enforcement mechanisms will ensure that:

  • data can flow within the EU and across sectors;
  • European rules and values, in particular data protection, consumer protection and competition law, are respected, and
  • the rules for access to and use of data are fair, practical and clear, with clear and trustworthy data governance mechanisms in place, together with an “assertive approach to international data flows, based on European values”.

White Paper on AI

Regarding the deployment of AI, the Commission recommends a risk-based approach in its white paper. This means that clear rules need to address high-risk AI systems without putting too much burden on less risky ones. To determine if an AI application is high-risk, it is proposed that one should assess two factors. A given AI application should be considered high-risk where both the sector (e.g. healthcare, transport, energy) and the intended use of the AI application involve significant risks, in particular from the viewpoint of protection of safety, consumer rights and fundamental rights. However, in certain exceptional instances, due to the risks at stake, the use of AI applications should per se be considered as high-risk, e.g. the use of AI applications for recruitment processes, and situations impacting workers' rights.

For all types of systems, whether high or low risk, the strict EU rules that ensure consumer protection, address unfair commercial practices and protect privacy and data protection already exist and shall continue to apply. For high-risk AI applications, certain legal requirements, that may be further specified through standards, may become necessary to ensure that AI systems are transparent, traceable, have human oversight, are robust and accurate and provide information as to the AI system's capabilities and limitations. Regarding lower-risk AI applications, an option considered by the Commission is a voluntary labelling scheme if such applications apply higher standards.

Final remarks

The goals identified in this digital package are ambitious. It remains to be seen how, and to what extent, these lofty goals will be translated into effective regulatory tools and measures. It is hoped that any such measures foster increased innovation in Europe and, at the same time, safeguard European values and rights. Businesses and organisations should therefor follow developments and be aware of opportunities and, perhaps, challenges that may come in the forthcoming months.