Data Governance Regimes in the Digital Economy: The Example of Connected Cars

Transcription

1 Data Governance Regimes in the Digital Economy: The Example of Connected Cars Wolfgang Kerber and Severin Frank (Philipps University Marburg) TILEC GovReg Workshop Economic Governance of Data-Driven Markets Tilburg, 12 October 2017

2 1. Introduction: Internet of Things and governance of data - Internet of Things as next step of digital revolution + smart home, smart energy, smart health + smart / connected cars (driving assistance systems, services, increasing safety and improving traffic regulation etc.) - Characteristics of IoT: + data-producing smart devices connected to the internet + offline-world is integrated into online-world + huge collection of personal and non-personal data - Question: How do we deal with these data? Governance of these data? + ownership / access / use / benefits of the data + privacy protection => institutional / governance dimension of data Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 2

3 1. Introduction: Internet of Things and governance of data Two objectives of this article: - Theoretical framework for analyzing data governance questions - Example: data governance in connected cars Structure of the presentation 1. Introduction: Internet of Things and governance of data 2. Current discussion about (property/access) rights on data 3. Tailoring sector-specific data governance regimes: A theoretical framework 4. Data Governance in Connected Cars: Overview 5. Market for connected cars: car manufacturers and owners 6. Independent repair and maintenance service providers 7. Other service providers and public authorities 8. Market failures regarding data governance in connected cars: Brief summary 9. Data governance in IoT contexts: Some perspectives Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 3

4 2. Current discussion about (property/access) rights on data (1) Personal data (EU data protection law: privacy as fundamental value) - Strong set of rights for persons: consent principle in regard to collecting, storing, processing, and using personal data - Legal discussion about data as counterperformance in contracts Non-personal data: - machine-generated / sensor data and anonymised personal data - Not protected by property rights (but trade secret law) - Policy discussion: new exclusive IP-like right on non-personal data? EU Communication Building a European data economy (Jan. 2017) - concern: not enough sharing / use / access to data - proposals: + data producer right for owner/user of an IoT device + mandatory access rights to privately held data + measures for facilitating data sharing and data trading Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 4

5 2. Current discussion about (property/access) rights on data (2) Economic analysis about new exclusive right on data (Kerber 2016, 2017) - Economic characteristics:non-rivalry in use and (de facto) excludability - Do we need exclusive property rights on data? + No incentive problem for producing data (no copying problem) + No evidence that lacking property rights impede trading of data + EU Commission: unfair remuneration of data through unequal bargaining power in markets => but: property right cannot solve this! + property rights on data can endanger innovation in digital economy => new exclusive property right on data (data producer right) cannot be recommended (no comparable discussion in the US!) Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 5

6 2. Current discussion about (property/access) rights on data (3) - Do we need access rights to privately held data? + de facto exclusivity of data can lead to lot of problems + data hold up-situations, esp. in multi-stakeholder situations (several parties need the same data) + lacking access to data can impede competition / innovation => under certain conditions: granting access rights can be optimal, but so far no clear criteria - Costs and benefits of exclusive rights / access rights to data can be very different in different contexts => optimal data governance can be very different for different sectors! => search for sector-specific data governance solutions! Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 6

7 3. Tailoring sector-specific data governance regimes: A theoretical framework (1) Data governance regimes: - Level 1: legal framework for data / rules of the game + all mandatory legal rules that are relevant for data (producing/collecting, storing, processing, analyzing, using, and protecting data) + set of rights (e.g. data protection, property/access rights) + but also: competition law, consumer law, trade secret law etc. + legal framework shapes scope for market / remedies market failure - Level 2: private data governance (based upon contracts in markets) + B2C-contracts: data as counterperformance for free services / money + B2B-contracts: trading/licensing of data; data governance in value chains/networks with many firms (e.g., smart manufacturing ) (who is de facto holder, has access, can use, get revenues etc.) => importance of freedom of contract for optimal data governance Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 7

8 3. Tailoring sector-specific data governance regimes: A theoretical framework (2) Normative objectives of data governance regimes: - Economic welfare (total/consumer welfare) - Privacy as a fundamental value / (distributional effects) Potential market failure problems in regard to data in specific sectors: (1) Lacking/ill-defined rights on data: (optimal bundle of rights on data) - Incentive (copying) problem / not enough use of data - complex multi-stakeholder problems with data hold-up problems - data aggregation / fragmentation (2) Competition problems - platform competition problems (network effects) - collusion/cartels (also technical solutions), mergers etc. - foreclosing competition/innovation by refusal to access data Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 8

9 3. Tailoring sector-specific data governance regimes: A theoretical framework (3) (3) Information/behavioral problems - Individual choice about privacy/data (esp. data as counterperformance) might not work well ( privacy paradox ) - information problem: lack of transparency about extent of data collection and use of collected data ( privacy policies ) - behavioral problems in privacy/data decisions (empirical studies) - critical discussion about informed consent / notice and consent (4) Transaction (cost) problems - Transaction problems in regard to data trading (data marketplaces)? - e.g., data provenance / quality, interop/standardization Important: a) several market failures and their interaction? b) balancing market failure vs. state/regulatory failure c) regulation should not impede further innovation Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 9

10 4. Data Governance in Connected Cars: Overview (1) Data in connected driving and its stakeholders Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 10

11 4. Data Governance in Connected Cars: Overview (2) C-ITS platform report (2016) - C-ITS (Cooperative Intelligent Transport Systems) was launched by EU Commission with all relevant stakeholders for addressing technical and legal issues of connected driving - Agreement on 5 principles for access to in-vehicle data (a) Data provision conditions: Consent (b) Fair and undistorted competition (c) Data privacy and data protection (d) Tamper-proof access and liability (e) Data economy - Open conflicts between car manufacturers and independent (aftermarket) service providers about access to in-vehicle data -(Most recently: EC report (2017): access to in-vehicle data and resources) Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 11

12 4. Data Governance in Connected Cars: Overview (3) Three basic technical solutions (working group 6 of C-ITS platform) 1) Data server platform: Data are transferred to external server that can provide access 1a) Extended vehicle: car manuf. have exclusive control of access to data on server 1b) neutral shared server: consortium of stakeholders have control 1c) [B2B-market place: similar to b] 2) In-Vehicle interface: upgraded On-Board-Diagnostic (OBD) interface; app using data would run outside of vehicle 3) On-Board Application Platform - allows access to vehicle data and hosts applications inside vehicle - perhaps the most interesting long-term solution (EC report, 2017) => Technical solutions influence de facto data governance! Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 12

13 5. Market for connected cars: car manufacturers and owners (1) Price-data/privacy-combinations in contracts betw. CM and car owners - No simple sale contract but de facto (long-term) bundle of contracts about car and services/updates for connected driving and consent to use personal data and who has de facto rights on non-personal (and anonymised personal) data (data as counterperformance) - Research questions: + How does the extent of data as counterperformance influence the price of connected cars, i.e. do car owners pay higher/lower prices if they provide fewer/more data? + To what extent are the car owners participating in the value of these data they are providing to CM for their exclusive commercialisation? + How well can car owners protect their privacy and make informed decisions about data provision (due to info/behav. problems, lack of transparency, not enough options for granular privacy decisions)? Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 13

14 5. Market for connected cars: car manufacturers and owners (2) Possible market failure problems: - Competition problems: + Is competition betw. CM strong enough for offering enough privacy options for different privacy preferences and share in value of data? + how to deal with increased lock-in problems of car owners - Information / behavioral problems: + Are car owners capable of making rational informed choices about privacy and data provision? + Support by personal information mgmt systems (PIMS) who might help car owners to manage their privacy/data decisions? - Economic background question: + What is the optimal allocation of the (de facto) rights to sell access to data? CM or car owners or other intermediaries? + Have car owners technically / de facto the choice to whom to sell? Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 14

15 6. Independent repair and maintenance service providers (1) Competition problem in regard to aftermarket services: - printer/toner problem: attempts of printer manufact. to foreclose selling of toner by independent toner firms (unclear whether competition problem if effective competition betw. printer firms) - same problem: car repair and maintenance services by independ. firms Regulation in motor vehicle industry (type approval regulation, BER for vertical agreements in automotive industry in competition law) - Independent firms have right to technical information / diagnostic data for ensuring competition in regard to repair / maintenance services (immediate access, reasonable fees etc.) - Important: this is an already existing mandatory access right to info / data (without requirement of market power) - EC evaluation study (2014): works well (only minor problems) - Discussion: model for access rights to data in broader IoT contexts? Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 15

16 6. Independent repair and maintenance service providers (2) Data access in connected cars: - C-ITS platform: broad consensus that this regulated data access should also be applied for in-vehicle data for repair/maintenance providers - But controversial discussion about extent of regulated data access: + CM: they would like to define the regulated data very narrowly in regard to those data that are needed for repair/mainten. services (beyond that only via (free) B2B negotiation) + indep. serv. providers: would like to have broad access, also for realtime data for offering also new innovative (aftermarket) services - Competition problem: + the broader the scope of regulated data access, the more competition /innovation that cannot be controlled by CM as de facto data holders + for data where CM are free to negotiate: high prices, can discriminate (e.g., exclusive agreements) or block access at all (due to offering this service themselves and foreclose all other competitors) Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 16

17 7. Other service providers and public authorities (1) - Many other service providers can use in-vehicle data and/or need access to the connected car for offering services to car owners (and passengers), which might lead to more competition and innovation - Car component suppliers (not much discussed) + data governance in value chain with CM (smart manufacturing), but: buying power of CM? + in-vehicle data perhaps important for suppliers for innovation - Insurance companies + data about behavior of drivers (for more risk-equivalent car insurance contracts) and pay-as-use insurance schemes (=> increases efficiency on car insurance markets) + danger that CM could distort competition on insurance markets if they refuse access to these data and offer insurance themselves - Providers of infotainment, navigation / parking apps etc. - Use of data in other sectors (data analytics) / trading data Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 17

18 7. Other service providers and public authorities (2) Competition problems for other service providers: - Problem: exclusive de facto control of data/access to connected car can lead to hold-up situations, high access prices, discrimination, less competition/innovation for products/services offered in connected car - But: How well can competition betw. CM limit these problems, i.e. car owners might not accept too closed systems? - Also here access rights or regulation of contracts about access to data (e.g., non-discrimination, FRAND conditions etc.)? Access rights for public authorities - public interests, e.g., traffic regulation/safety, environment etc. - Access rights might be justified, but to what kinds of data and under what conditions (with or w/o remuneration etc.) - But: incentive problems for production of data? Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 18

19 8. Market failures regarding data governance in connected cars: A brief summary - Competition problems - Information/behavioral problems / privacy problems - Security and safety: (cyber security, safe driving) => very important + Is exclusive de facto control (as in extended vehicle ) necessary? + exclusive control of access to IT-system of car might be necessary but this does not imply that CM must have simultaneously the exclusive rights to commercialise access to in-vehicle data and resources + separability of technical security/safety and economic control! + EC (2017): security/safety possible with all three technical models - Lack of (property/access) rights on data? + no specific reason why here need for exclusive rights or a new data producer right + real policy issue: access rights for certain stakeholders? Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 19

20 9. Data governance in IoT contexts: Some perspectives (1) What did we do? - only exploratory analysis about potential market failure problems, i.e. structuring data governance problem in connected cars - using the general theoretical framework but so far only partly - identifying important research questions - interdisciplinary approach (including legal issues/discussion) - so far no discussion / analysis of policy options (but see EC 2017) + perspective: complex data governance regime for connected cars combination of privacy protection, regulated access rights (also for public interests), commercialisation of (access to) data + many open questions - linking the narrow discussion about 3 technical models about access to in-vehicle data with the broader discussion about data ownership and privacy (data as counterperformance, privacy paradox etc.) Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 20

21 9. Data governance in IoT contexts: Some perspectives (2) Important: Data governance in connected cars as example for IoT - IoT applications are very different => different data governance solutions - For policy discussion three basic perspectives on data governance in IoT (but: protection of personal data as well as IP/business secrets have to be respected in any case) (1) manufacturer of IoT devices (here: CM) have primarily control about data and decide about access and commercialisation (2) users of IoT devices (here: car owners) have primarily control about the data and decide about access and commercialisation (3) or: most of the data are offered as open data, i.e. everybody can use them as data infrastructure (OECD 2015) for new innovation (or some sophisticated combination of all three basic solutions) Kerber / Frank: Data Governance Regimes in the Digital Economy: The Example of Connected Cars 21