Article 20 November 2023

Datasymposium 2023 focused on the effects of EU's Data Act and AI Act from companies' perspective

We held Datasymposium 2023 – one of Finland's largest events focusing on data regulation and data utilisation – on 25 October at Bio Rex Lasipalatsi. The popular event, organised in partnership with Technology Industries of Finland, gathered hundreds of experts to discuss the effects of EU's new data regulation and its application from the perspective of trade secrets and data privacy. We would like to thank all our amazing speakers and guests for a great event!

Datasymposium's programme included speeches from several data experts both from the private and public sector, a panel discussion on trade secrets and competitive advantage, and Krogerus' own experts' updates regarding the latest regulatory developments. The speeches included for example Business Finland's Program Manager Kari Klossner's presentation on value creation from data, Silo AI's founder and CEO Peter Sarlin's speech on AI as a creator of added value and Data Protection Ombudsman of Finland and Chair of the European Data Protection Board Anu Talus' speech regarding the interfaces of data regulation and data privacy. You can find the full program and recordings of the speeches on Datasymposium's website.

"This year, our aim was to help companies prepare for the EU's data regulation by organising an event that highlights some of the most impactful changes from the flood of new data regulation and to concretise their effect on companies' operations", summarises Partner Kalle Hynönen.

The European data strategy and data regulation

The EU's new data regulation is a part of the European data strategy which main objective is to make the EU a leader in a data-driven society and to create a single market for data with collective data rules in all EU countries. The data strategy's main components include five acts: Data Act, Digital Governance Act, Digital Markets Act, Digital Services Act and AI Act.

This year, Datasymposium focused on Data Act and AI Act since they are estimated to become applicable during 2025. These regulatory changes will have a radical impact on how companies can utilise data generated by their operations, how they must share the data and how AI can be utilised.

Data Act, trade secrets and securing competitive advantage

The Data Act regulates connected products and related services. The scope of affected products is broad: due to the horizontal applicability of the Data Act, the act will affect a wide range of connected products ranging from refrigerators and other consumer products to large industrial machines such as paper mills, ships or aeroplanes. One of the key principles of the act is that product data and related service data should be easily, securely, and free of charge accessible to the user, which may directly or indirectly lead to challenging situations regarding the protection of trade secrets and competitive advantage. The Data Act further requires data holders to disclose certain data to third parties of the user's choice even when such data qualifies for protection as trade secrets. In the future, companies' ability to distinguish trade secrets from other data and to take protective measures will be crucial in securing competitive advantage.

Due to these substantial changes, we organised a panel discussion during Datasymposium on the Data Act's effects on trade secrets and securing competitive advantage. The panel discussion was moderated by Joonas Mikkilä from Technology Industries of Finland and the panelists included Sinikka Ilveskoski from Wärtsilä, Airbus Group's Pascal Belmin, Anna-Sofia Kivi from KONE Corporation and Jussi Leppälä from Valmet.

The panelists raised several questions regarding the challenges of pinpointing single data items that constitute trade secrets. Companies' challenge will be to identify trade secrets from massive amounts of data and to protect them in a new regulatory landscape. One panelist also pointed out that in some industries, trade secrets can be seen as a holistic understanding of the business rather than single data items, which causes further challenges to identifying trade secrets from the data.

The panelists also raised the question of whether the regulation includes the necessary safeguards to protect the incentive to innovate and if they are stated in a clear enough manner in the act. There are existing safeguards such as intellectual property rights and trade secret legislation that can protect the data to some extent. The Data Act also includes some safeguards that allow data holders to withhold, suspend or refuse access to data under some circumstances. The panelists' consensus was however that these safeguards need further clarification.

The Data Act will especially change the market of services related to connected products, where so far parties have been able to agree freely how and when to share product data and what are the related rights and obligations. The Data Act will change the situation as it will require manufacturers and other data holders to share certain data with the users of connected products and if requested by the user, also with third parties that may compete with the manufacturer's own services. At the same time, the user may grant manufacturers and providers of related services the role of a data recipient and thereby they could get access to their competitors’ product data. Some panelists expressed concerns related to, for example, the shared data being given to non-European competitors or being used for competitive purposes. One panelist pointed out that in some industries, the shared data may not only raise concerns related to competition, but also related to safety and cybersecurity, if the data reveals too much of the company's product.

The sharing of data will create a big shift that brings pressure to some business models, but also may create innovation around data. Many smaller or midsize companies will get the opportunity to enhance their services without the need to make an initial investment on the generation of data. Some of the panelists pointed out that it will no longer be enough to be the best in generating data, but companies need to be best in interpreting data and drawing insights from it, which may make the company's ability to interpret data a new competitive advantage.

The panelists were also asked their initial thoughts regarding the implementation of the Data Act and what aspects companies should tackle first. One panelist said that their company has focused on understanding the data in scope, the products that are impacted, the changes that are needed in the business models as well as on the strategic level. Companies could also consider creating a multifunctional team of different expertise to be able to pinpoint extra sensitive data that they want to protect. Another aspect to consider is how to draft data-related contracts in the new regulatory environment and how other operators in the industry interpret these regulatory changes. Some of the panelists also called for further discussions related to the complexity and special characteristics of different industrial sectors since the proposed regulation is very broad and horizontal.

There is still some lack of clarity in the Data Act and its practical implementation, but the consensus of the panelists was that it will bring significant changes to companies' operating environments. It is crucial for companies in different data sectors to start preparing for the new regulation as soon as possible.

If you have any questions related to EU's data regulation package, please contact Krogerus' Techology, Data and IP team. We would be delighted to continue the discussion with you.

Similar articles