Opinion of the European Central Bank

of 5 september 2022

on a proposal for a regulation on harmonised rules on fair access to and use of data (Data Act)

(CON/2022/30)

(2022/C 402/05)

Introduction and legal basis

On 23 February 2022 the European Commission adopted a proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) (1) (hereinafter the ‘proposed regulation’). The European Central Bank (ECB) considers that the proposed regulation falls within its scope of competence, and has therefore decided to exercise its right, as provided for in the second sentence of Article 127(4) and in Article 282(5) of the Treaty on the Functioning of the European Union, to submit its opinion.

The ECB’s competence to deliver an opinion is based on Articles 127(4) and 282(5) of the Treaty since the proposed regulation contains provisions affecting the ECB’s tasks concerning the definition and implementation of monetary policy and the promotion of the smooth operation of payment systems pursuant to the first and fourth indents of Article 127(2) and Article 282(1) of the Treaty, and the collection of statistical information pursuant to Article 5 of the Statute of the European System of Central Banks and of the European Central Bank (hereinafter the ‘Statute of the ESCB’). In accordance with the first sentence of Article 17.5 of the Rules of Procedure of the European Central Bank, the Governing Council has adopted this opinion.

1.   General observations

1.1

The proposed regulation is an important element in operationalising the European strategy for data (2). Creating a strong legal framework will facilitate the development of the European data economy. The ECB therefore welcomes the proposed regulation and the introduction of a framework for access to and use of data derived from private sector sources that includes requirements on data sharing, transparency and the protection of confidentiality.

1.2

The ECB welcomes that the Commission intends to conduct an evaluation of the proposed regulation two years after its date of application (3). The evaluation should cover the effectiveness and efficiency of the technical framework and procedures put into place to comply with the proposed regulation.

1.3

The proposed regulation is a horizontal regulation which lays down basic rules that will apply to all sectors, and with which future sector-specific legislation should, in principle, align, including legislation that falls within the ECB’s fields of competence, such as Directive (EU) 2015/2366 of the European Parliament and of the Council (4) (hereinafter the ‘PSD2’). It is important to consider the ECB’s opinion on this horizontal regulation, as it is likely to have implications for sector-specific legislation on which the ECB may adopt further opinions when such legislation is being amended.

1.4

Further legislation may be needed to lay down more detailed rules than those contained in the proposed regulation to allow the ECB to have access to data that are necessary to undertake its tasks. The ECB may need to adopt further opinions on any such legislation.

1.5

It is for the European Commission and the Union legislators to assess the proposed regulation’s compliance with Union data protection rules.

2.   Specific observations

2.1

Scope of the proposed regulation

2.1.1

The proposed regulation aims to regulate and facilitate the access to and use of data obtained from or generated by the use of products or related services. The term ‘product’ is defined as a tangible, movable item, including where incorporated in an immovable item, that obtains, generates or collects data concerning its use or environment, and that is able to communicate data via a publicly available electronic communications service, and whose primary function is not the storing and processing of data (5). While this broad definition seems to be in line with the aim of the proposed regulation of increasing the value of data for consumers, businesses and society (6), certain types of data, such as data produced by the public sector, might fall within its scope. The scope of the proposed regulation should be clarified so as to exclude certain types of data, such as data produced by the public sector.

2.1.2

In the context of financial services, the ECB would recommend clarifying which products could be covered by the definition contained in the proposed regulation. Financial services or related products, such as payment accounts, payment cards and apps on a user’s smartphone, could potentially be covered by the definitions of ‘product’ and ‘related service’ contained in the proposed regulation. Moreover, the explanatory memorandum accompanying the proposed regulation refers to the PSD2 as an example of sector-specific legislation dealing with access to data. The PSD2 deals with access to payment accounts that are electronically reachable. It is unclear whether such payment accounts are considered to be products as defined in the proposed regulation. The ECB wishes to highlight the complexity and diversity of real-world situations in the field of payment services and instruments, and that the proposed regulation should not create unforeseeable constraints and complications in this field. Only products that are in the possession of the user should fall within the scope of the proposed regulation.

2.2

Standardisation

2.2.1

The proposed regulation does not deal with the technical implementation of the legal framework for the access to and use of data. The analysis of the contributions to the public consultation on the proposed regulation showed that in the business-to-business context 69 % of respondents who had experienced difficulties identified obstacles of a technical nature (formats, lack of standards). One of the lessons learned from the implementation of the PSD2, which also opens access to some types of payment transactional and account information under certain conditions, is that technical implementation causes delay in the achievement of the PSD2’s objectives. To remove obstacles to switching between data processing services, the proposed regulation should require European standardisation bodies to develop the necessary standards and open interoperability specifications. Moreover, the proposed regulation requires the Commission to adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces (‘APIs’), data processing service providers, cloud switching as well as smart contracts. The difficulty of the work ahead and the number of years needed to complete it should not be underestimated.

2.2.2

If the standardisation of data is not achieved with the proposed regulation, the usefulness of data in cases of exceptional need may be difficult to assess. Also, non-standardised data may be unusable for decision-making purposes.

2.3

Access to and use of data by the ECB

2.3.1

There are considerable benefits to allowing the public sector to access and use privately held data for a number of defined public interest purposes. In particular, when conducting its monetary policy tasks, the Eurosystem makes extensive use of official statistics produced by the ECB, the members of the European System of Central Banks (ESCB) and the European Statistical System (ESS), as well as of non-official and non-traditional data sources. Non-traditional data sources may include high frequency population mobility indicators based on mobile network operators’ data, which can, for example, be used to verify the effects of: mobility restrictions in the context of a pandemic or war; consumer price indices based on scanner data from major retailers; and statistics on household consumption or national accounts supported by financial transactions data like purchase orders, invoices, card charges and journal entries. Moreover, in the past few years, digitalisation and crisis management have increased the need for the ECB decision-making bodies to use non-standard data in decision-making, in particular: (1) in emergency and crisis situations when undertaking its monetary policy tasks; and (2) for statistical purposes, to test the quality of non-standard data before enacting or amending legal acts concerning the collection of statistical information or its usability before emergency or crisis situations.

2.3.2

For these reasons, the ECB considers that the access granted to the ECB and the NCBs should be broader than envisaged in the proposed regulation. The members of the ESCB should be allowed to access and use data that fall within the scope of the proposed regulation, not only when an exceptional need to use the data to undertake the ESCB’s tasks arises, but also for statistical purposes, where this would help the ECB to collect official statistics with the assistance of the NCBs. This would in turn help the ECB when it contributes to the harmonisation of rules and practices governing the collection, compilation and distribution of statistics in the areas within its fields of competence. Allowing requests for data to be made for statistical purposes would be very beneficial for end users since this would allow for the data to be analysed to identify trends/patterns and save time before the adoption of regulations as well as help to analyse the ESCB’s data needs for emergency and crisis situations. That being said, it is paramount that broader access be accompanied by safeguards to ensure that data is accessed and used only to the extent and at the level of detail necessary for the fulfilment of statutory tasks, such as the development, production and dissemination of official statistics, and that the Union institutions and public sector bodies put in place all the necessary regulatory, administrative, technical and organisational measures to ensure the protection of the data.

2.3.3

In addition, while data made available to respond to a public emergency are to be provided free of charge, data made available to Union institutions, agencies or bodies and public sector bodies in other cases may be subject to compensation by the data holders. Compensation should not exceed the technical and organisational costs incurred in providing the data, that is to say, the costs of anonymisation and technical adaptation without applying any reasonable margin. When they are granted access to privately held data, Union institutions should not incur unreasonable costs. In recognition of the fact that each request for information serves the public interest, data should be made available at cost and without the imposition of a ‘reasonable margin’, in particular in cases where the reasonable margin is charged more than once for the same data or when, due to limited resources, the imposition of a reasonable margin may in practice render the obtention of data impossible.

2.4

Use of data obtained by Union institutions for statistical purposes

2.4.1

The proposed regulation (7) allows public sector bodies or Union institutions, agencies or bodies to share data received with individuals or organisations for the purpose of carrying out scientific research or analytics compatible with the purpose for which the data was requested, and with national statistical institutes and Eurostat for the purposes of the compilation of official statistics. The recitals of the proposed regulation (8) expand this right by clarifying that an exceptional need may also arise in relation to the timely compilation of official statistics if data is not otherwise available or if the burden on statistical respondents is considerably reduced.

2.4.2

The proposed regulation should be amended to allow the ECB and other members of the ESCB to specifically use data that they may receive in accordance with the proposed regulation for the compilation of official statistics in the same way as is allowed for Eurostat and other members of the ESS. The ESCB and the ESS form the two pillars of European statistics as, together, they develop, produce, and disseminate European statistics within their respective spheres of competence; and, in the production of European statistics, they cooperate closely with each other in order to minimise the reporting burden and guarantee the necessary coherence (9) in line with statistical principles, including the principle of high output quality. To the extent that Eurostat and other members of the ESS are entitled to use the data received in accordance with the proposed regulation in the compilation of official statistics, such an entitlement should, mutatis mutandis, be given to the ESCB. Moreover, the proposed regulation should allow the ECB and other members of the ESCB to receive the information available to Eurostat, where necessary to undertake ECB tasks in the event that Eurostat receives this data for statistical purposes. In this context, there would be merit in amending the proposed regulation by defining the term ‘official statistics’, which is mentioned, but not defined, in the proposed regulation.

2.5

Public emergency

2.5.1

The proposed regulation (10) provides that there is an exceptional need for a public sector body or a Union institution, agency or body to use data falling within the scope of the proposed regulation where, inter alia, the requested data are: (a) necessary to respond to a public emergency; or (b) limited in time and scope, and necessary to prevent a public emergency or to assist the recovery from a public emergency. A ‘public emergency’ is defined as an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s). The recitals of the proposed regulation (11) explain that this can cover public health emergencies, emergencies resulting from environmental degradation and major natural disasters, including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents.

2.5.2

There may also be exceptional situations negatively affecting the population of the Union or of a Member State with a risk of serious and lasting repercussions not only for the economy, but also for financial stability. These may include emergencies in the banking system and in the financial markets and financial system more generally, as evidenced recently by the COVID-19 pandemic and the war in Ukraine. Consequently, the ECB recommends expanding the definition of ‘public emergency’ to cover situations that may have an impact on the stability of the financial system in the Union or the relevant Member State(s).

2.6

Interoperability

2.6.1

The ECB welcomes the emphasis placed on and importance of interoperability in the proposed regulation (12) and that the proposed regulation confers on the Commission powers to adopt interoperability specifications to ensure the interoperability of common European data spaces (13). Bodies that currently set European standards could, alongside or as an alternative to the Commission, draft or provide harmonised standards pertaining to the essential requirements on data access, portability and interoperability, to the extent possible.

2.6.2

Moreover, while the proposed regulation defines the term ‘interoperability’ (14), it does not define ‘data space’, which is referred to in the definition of ‘interoperability’. Similarly, the proposed regulation does not specify what ‘operators of data spaces’ (15) are. Both terms should be clearly defined for the sake of legal certainty.

2.7

Additional observations

The proposed regulation defines ‘user’ as a natural or legal person that owns, rents or leases a product or receives a service (16). The ECB understands that the term ‘service’ in the definition of ‘user’ is intended to capture the receipt of a related service as well, given that it is otherwise unclear what the service mentioned in the definition refers to. The ECB notes that there is inconsistency between the definition and the description found in recital 20 of the proposed regulation (17), which imply that users are allowed to access the data that they themselves generate. While this can be straightforward where there is a single user, it is not clear what happens where several persons or entities own a product or are party to a lease or rental agreement, as acknowledged in the same recital. In such cases, the persons or entities owning the product may not be the persons or entities generating data through its use. The proposed regulation should specify that, in such cases, the persons or entities that own a product may access data generated through its use.

Where the ECB recommends that the proposed regulation is amended, specific drafting proposals are set out in a separate technical working document accompanied by an explanatory text to this effect. The technical working document is available in English on EUR-Lex.

---

(1)  COM(2022) 68 final.

(2)  COM(2020) 66 final.

(3)  See Article 41 of the proposed regulation.

(4)  Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

(5)  See Article 5(2) of the proposed regulation.

(6)  See recital 1 of the proposed regulation.

(7)  See Article 21 of the proposed regulation.

(8)  See recital 58 of the proposed regulation.

(9)  Article 2a of Council Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank (OJ L 318, 27.11.1998, p. 8) and Article 9 of Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164).

(10)  See Article 15 of the proposed regulation.

(11)  See recital 57 of the proposed regulation.

(12)  See Chapter VIII of the proposed regulation.

(13)  See Article 28(6) of the proposed regulation.

(14)  See Article 2, point (19), of the proposed regulation.

(15)  See Article 28 of the proposed regulation.

(16)  See Article 2, point (5), of the proposed regulation.

(17)  See recital 20 of the proposed regulation.