BDI statement on the EU Data Act Proposal
It also remains unclear how far-reaching the obligation to provide "the data generated by the use of a product or related service" mentioned in Art. 4 (1) DA-E is to be understood. For example, in cases where AI algorithms are trained with the user's data, must the results also be released to the user? This would devalue the performance of the algorithm developer under copyright or possibly patent law. It is still unclear whether the obligation to provide the data leads to an obligation to collect corresponding data, even if this is not collected in the standard configuration. 2.3.
Trade secret protection
Trust between different actors is the basis for achieving data-based value creation. Industrial data sharing in the B2B context is very sensitive with regard to the protection of trade secrets, as well as the business aspects, which is why a specific approach should be sought to avoid legal uncertainties. A central interest for the "data holder" lies in the protection of their trade secrets. However, in contrast to the relationship with the GDPR, Chapter II addresses the relationship with the applicable trade secret protection by removing such data from the data holder's sphere of influence via the data access claims. In order to counteract the negative consequences to be feared for the willingness to innovate and invest in the generation and processing of data, the BDI calls for the protection of sensitive information, including trade secrets, to be generally exempted from the obligation to exchange data or at least to be accompanied by the right of the disclosing party, which is limited to trade secrets, to demand significantly more extensive security measures (e.g. of a technical nature), which may, however, prevent the free use of the data by the user. Such an exception would also eliminate the threatening inconsistencies with regard to Chapter III (Article 8(6) DA-E). While Art. 8 (6) DA-E generally exempts the disclosure of trade secrets from the principle of the right to access data, Chapter II deviates from this. Particularly in view of possible further sectoral data access regulations, a uniform definition of the principle of trade secret protection and its concrete scope is needed here. According to the conception of Art. 4 (3) and Art. 5 (8) DA-E, "data holder" will in future be obliged to pass on such data to the "user" or third parties commissioned by the user. In this respect, the trade secret leaves the sphere of influence of the data holder and the latter must agree on appropriate protective measures with the "user" or "data recipient". In order to prevent misuse, the draft Data Act does provide for numerous restrictions on use for re-users, such as the ban on using the data for other purposes or for the development of competing products. However, how compliance is to be monitored, proven and enforced remains completely open, as the manufacturers lack sufficient control options. The distribution of the burden of proof also remains unclear. It is completely far-fetched that SMEs, for example, could even begin to exercise any agreed audit rights within the framework of the customer relationship. This is especially true if the data
www.bdi.eu
Page 13 from 21
