Strategic Legal Guidance and Data Configuration

“Regulations are legal acts that apply automatically and uniformly to all EU countries as soon as they enter into force,” explains the European Commission. As such, regulations don’t need to be transposed into national law to be binding on all organizations and individuals throughout the Union. 

But regulations aren’t the only consideration. The EU also publishes Directives, which impose minimum standards or requirements on member states, but leaves it up to the state legislature to determine the means of achieving the objective. Although each nation must inform the European Commission of the steps it intends to take, the process can vary from country to country. 

Thus, when an organisation is active within Europe, it must ensure that the expertise of any legal advisors it engages covers not only national regulations, but those originating within Europe. As European regulations are being debated, passed, and revised constantly – in particular with respect to data use – specialist knowledge is essential. 

Strategic expertise 

Whether this advice comes from retained council or in-house experts, it must be relevant to the market within which the organisation operates, not just the territory in which it trades, since special consideration must be given in certain areas. 

The European Commission is prioritizing the creation of a European Data Space for health in the years running up to 2025, to improve both care-giving and medical research. Of the three pillars on which it is built, interoperability and clearly defined rules for data exchange loom large.  

This is unsurprising given the sensitive nature of the data involved. Advice should therefore be sought for the appropriate methods and tools for gathering, processing, and storing relevant metrics, and for configuring the systems and infrastructure used, since while the precepts of GDPR still apply, enhancements may be required. 

Data Configuration and AI 

Particular use cases, including artificial intelligence, will require that data be stored and processed in particular formats and, increasingly, that it be in a state which encourages easy sharing.  

The European Commission “seeks to support wider availability of relevant data [and] encourage disclosure of the availability of relevant data by companies as a pre-condition for other companies to enter into contractual negotiations on its use. It also seeks to ensure fair competition with respect to data holdings.” 

Again, this may require legal guidance on how such data can be safely shared without contravening existing EU regulations and directives, and how its configuration can best facilitate sharing.  

It is important that organisations can comply in a manner that would be beneficial for themselves, recognizing the value of the data they hold, while increasing the value of the market through greater participation. 

Implications for monopoly players 

This is just one area in which the European Union is keen to promote competition and, in doing so, improve consumer choice and reduce prices. Its forthcoming Digital Markets Act will help it achieve this, placing increased regulatory obligations on any organisation that has captured more than 10% of its market within the Union.  The Act considers such organisations to be ‘gatekeepers’ on account of their dominance of a significant market entry point. 

The European Commission warns that it intends to ‘update dynamically the obligations for gatekeepers where necessary’, and the penalties for non-compliance will be significant, extending to 10% of a company’s annual turnover (not just profit or turnover within the EU) and, ‘in the case of systematic infringements… additional remedies may be imposed on the gatekeepers after a market investigation’. 

Although the most obvious gatekeepers are the likes of Facebook in social media, Google in search and web browsers, and Microsoft in desktop operating systems, the category could include any player that enjoys a dominant position in just one or two territories. The EU population currently stands at a little under 450m, of which Germany and France alone comprise 18.7% and 14.6% respectively. 

Compliance and data sharing 

Many of the gatekeeper’s obligations can only be met by working closely with external organisations. For example, they will need to: 

• Ensure they cooperate with third parties, even if those third parties are competitors, to ensure their services work well together; 
• When working with organisations results in data being generated within the gatekeeper’s ecosystem, allow those external organisations to access the data themselves; 
• Not give their own services and products preferential treatment on their own platform when this could be detrimental to third parties using the same platform. 

Complying with these obligations will require careful handling of data to ensure organisations don’t share metrics when not permitted to do so (which could fall foul of other European regulations, including GDPR). They will likely benefit from professional advice so that they can strike a balance between compliance, and minimising the loss of any existing competitive advantage that may have taken time and resources to build over several years.