Alexander Wehde is a research assistant at the Chair of Civil Law, Information and Data Law (Prof. Dr. Louisa Specht-Riemenschneider) at the Rhenish Friedrich-Wilhelm-University of Bonn and board member of “Forschungsstelle für Rechtsfragen neuer Technologien sowie Datenrecht (ForTech) e.V.“.
A. Introduction
The blog post deals with the question of what different conceptual design options exist for establishing data trusts in the mobility sector. For this purpose and on the basis of an introduction to the key idea of data trusts, the influences of specific regulatory approaches – such as the Data Governance Act (DGA) in the EU – on the nature of data trusts are discussed in a first step. Thereafter, existing initiatives already acting as data trusts are spotlighted in order to show and classify different existing data trust design options in the mobility sector. The post concludes with some closing remarks and a brief summary.
B. Data sharing in the mobility sector
With ongoing technological progress towards cars, trains, and aeroplanes becoming increasingly autonomous as well as connected, non-personal vehicle and mobility data is becoming more and more important. This gets particularly visible in the development of (partly-) autonomous vehicle systems, where large amounts of high-quality training data are needed (Tiedemann/Nagel). Moreover, products and services in downstream markets such as maintenance or traffic management services are highly dependent on at least access to certain vehicle or mobility data in order to offer their services and stay innovative. In terms of access, however, the de facto data holder as a gatekeeper has a strategic competitive advantage in the primary and secondary data markets (Kerber/Gill). In this context, a study by the German Economic Institute (IW Köln) commissioned by the Federation of German Industries showed that 74.1% of over 500 companies surveyed consider data access or transfer to other companies to be undesirable, while the figure among the large companies surveyed is as high as 77% (Röhl/Bolwin/Hüttl). The main reasons behind this kind of data handling are concerns about unauthorised access to data by third parties (91 %) and legal uncertainties in data protection law (85 %) as well as regarding the rights to use the data (84 %). These little enlivened data-sharing practices often result in the emergence of data silos and the creation of data monopolies among the de facto data holders (regarding data monopolies in the railway sector see Bundeskartellamt). In order to change this status quo calls for data intermediaries such as data trusts are increasingly being heard (Data Strategy of the Federal German Government; Non-Personal Data Governance Framework of the Government of India; European strategy for data). These neutral third parties – to which data are to be transferred immediately after collection – could, so the theory goes, provide fair and non-discriminatory access to data for all interested market participants (Kerber) and by this could promote new innovations in the mobility sector.
C. Data trust: Definition, characteristics and interplay with the Data Governance Act (DGA)
The term “data trust” (sometimes also referred to as “data steward”) is still understood very heterogeneously and currently stands for a variety of models and concepts (Kerber/Gill). According to Specht-Riemenschneider/Blankertz, a data trust is at least an intermediary that has a function of data management, transmission and/or processing of data for the benefit of at least one other party. Moreover, the data trust is bound to the existing legal framework as well as (possible) specific contractual agreements between the parties involved in the data-sharing. The main sources of law to be considered around data trust (and especially in regards to possible exclusive data rights) are thereby the respective data protection regulations, as well as regulations on the protection of trade secrets, competition and intellectual property (specifically addressing this issues for the railway freight transport sector Specht-Riemenschneider/Wehde). To create trustworthiness between the parties involved, it is furthermore inherent to a data trust to establish mechanisms that to a certain degree enable a distribution of the value gained from the shared data.
Within the European Union, it can be assumed that the development of data trust concepts will be further and strongly determined by the Data Governance Act (DGA), which was adopted by the European Parliament on 6th April 2022. Its one-size-fits-all approach aims to subject all so called data-sharing services to one uniform regulation (criticising this, Delacroix/Lawrence). Data-sharing services – whose broad definition would also include different forms of data trusts under Art. 9 DGA (for a differentiated analysis, see Specht-Riemenschneider/Blankertz et al.) – are therefore firstly bound to a neutrality obligation (Art. 11 (1-3) DGA). This states that the provision, transmission, and use of data must be institutionally separated from each other to prevent conflicts of interest in the sphere of the same legal entity. Therefore, providers of intermediary services may only transmit the data and not use it for their own purposes (Art. 11 (1) DGA). This prohibits further services by data trusts within the same legal entity, e.g. for the analysis of certain data sets. The same applies to the use of metadata, which may also only be used for the (further) development of the service (Art. 11 No. 2 DGA). Data processing processes to establish data interoperability, however, seem to be explicitly excluded from Art. 11 (1) DGA (Art. 11 (4) DGA). Another specification of the envisaged neutrality obligation addresses the design of the data access granted through the data-sharing service, which has to be non-discriminatory, fair and transparent (Art. 11 (3) DGA).
According to Art. 11 (5) DGA, data-sharing services would, furthermore, also be required to provide measures to prevent the abuse of data access provided via the service. Art. 11 (8) DGA makes this even more clear by stating that the efforts regarding service security must be even higher in the case of services that store and transmit non-personal data. Data trusts that only broker non-personal data – like those in the mobility sector – would therefore have to ensure a high level of (data) security and probably invest in it on an ongoing basis. The extent to which data trusts are also subject to the best-interest obligation under Art. 11 (10) DGA mainly depends on the type of data which is exchanged via the data trust.
D. Data trusts in the mobility sector
Not least due to unresolved questions concerning their concrete design, data trusts have not yet been established on a broad scale (Kerber/Gill). This becomes particularly visible when looking at what is probably the most industry-preferred way of sharing mobility data in Germany, the Mobility Data Space. It is organised as a data marketplace powered by neutral operators and lets de facto data holders make mobility data available to third parties on their own terms and conditions (Pretzsch/Drees/Rittershaus). Standards for interoperability or data quality are not set. This also applies to similar data pooling initiatives such as the “Open Data Hub” in New South Wales (Australia) or “MobiData BW” in Baden-Württemberg (Germany), which also offer a wide range of mobility data collected by private or public entities. Both cases allow third parties to use the shared data for commercial and non-commercial purposes. To what extent data silos can be broken up by such data-pooling or data-marketplace solutions, nevertheless, largely depends on the willingness of the de facto data holders to share interoperable data on the platform and to explicitly allow further use by third parties.
The research data centre based at the German Kraftfahrt-Bundesamt (German Federal Motor Transport Authority) takes a different approach. It is based on Section 1g (1) and Section 63a (5) German Road Traffic Act, which obliges the vehicle holder of a car (the person who has the power of disposal over a motor vehicle and uses it for his own account) with autonomous driving functions to store certain data when operating the vehicle and potentially transmit this data to the Kraftfahrt-Bundesamt (cf. Act on Autonomous Driving). This may involve position data, data about the activation and deactivation of the autonomous driving functions, as well as commands and information sent externally to the motor vehicle. Provided that this data does not relate to a person, the Kraftfahrt-Bundesamt is entitled to make the data accessible to certain bodies such as independent research institutions and universities for traffic-related public good research, e.g. accident research. In this respect, the Kraftfahrt-Bundesamt could serve as a model for other mobility sectors such as rail freight transport (Specht-Riemenschneider/Wehde) as it already functions as a data trust under state oversight. Even if the governance structures differ throughout the mobility sectors such as rail transport or aviation (see here especially Skywise), a state-established data trust could also be introduced here. A data trust in these sectors would not necessarily have to store the data centrally, but could also transmit access to decentrally-held data, i.e. by taking on a broker function. However, the prerequisite for this is that metadata about at least the location and format of each data item is collected through an appropriate data registration process. On the part of legislators, it seems essential to define the access conditions sufficiently to avoid increasing the existing legal uncertainty in the sharing of data.
Another example of a state-established data sharing initiative in Germany is the National Access Point for Transport and Mobility Data (NAP). It was created through the Intelligent Transport Systems Act and, today, provides a wide range of mobility data to third parties via a platform named “MobilitätsDatenMarktplatz“. The NAP, therefore, is provided with data by third parties on a voluntary basis, as well as with data that is required by law via data provision obligations. This makes the NAP an exclusive provider for certain data sets, e.g. from passenger transport companies (Section 3a Passenger Transport Act). A major advantage of this way of data collection arises through the possibility to directly set up data standardisation specifications through the data provision obligation (Mobility Data Ordinance). The collection, processing, transmission and storage of the data received by the NAP is based on Section 3b PBefG and Section 5 MDV. Under the name “Mobilithek“, the NAP in the future will offer companies, authorities and researchers further opportunities to share data with each other via standardised interfaces. The Mobilithek is scheduled to start in 2023 and it will gradually replace the “MobilitätsDatenMarktplatz” and mCloud as another mobility data platform of the German Federal Ministry of Digital Affairs and Transport. On an European level, especially Catena-X as a sub-project of Gaia-X seems to have high potential to support the exchange of data within the automotive industry in the future.
E. Summary
Data intermediaries in the form of data trusts can function as a (private) market solution or as a state-established institution. Latter seems particularly appropriate if voluntary data sharing does not take place despite the legal possibility of data sharing, at the same time as disadvantages arise from this lack of data sharing for third parties (negative external effects). In this case, it seems advisable to compensate this market failure by using a state-established and mandatory data intermediary, which transmits voluntarily and via data access obligations gained data between the different market participants and third parties. Data trusts that function as data-sharing services between data holders, represent legal entities and – as is to be assumed in the mobility sector – exchange data between several different actors (cf. Art. 9 (1) (a) DGA) are regularly also subject to the DGA and in particular Art. 11 DGA.
The targeted regulatory depth of the DGA regarding data trusts, however, gives rise to the concern that data trusts could be overly restricted in their design options, which in turn could make them inflexible institutions for data-sharing. Instead, regulation should be oriented towards the risk of data sharing for the actors involved, in order to do justice to the heterogeneity of the mobility sector and the sensitivity of the data shared. In addition, the purposes (maintenance, accident research, road safety, promotion of mobility innovations, transport planning and management, etc.) can be further starting points for the regulation of data trusts.