Data-Sharing Regulations Heat Up in 2020

Our data is collected by almost every service we use. Many companies, from social media platforms to content platforms, e-marketplaces and search engines, rely on an advertising-driven, data-tracking business model to sustain themselves. Traditional industries, such as telecommunications, hardware and aviation also collect customer data to personalize services and improve efficiency. However, the introduction of the EU’s GDPR and recent high-profile personal data breaches have put the collection and use of data under increased regulatory scrutiny.

2020 will be the year of regulation on data sharing. In Europe, the EU Commission had indicated they will work on the ePrivacy Regulation that aims to regulate how companies share data. Regulators in Asia are also deliberating this topic. Australia’s Consumer Data Right rules for the banking sector will be implemented in July 2020 and will extend to the energy and telecommunications industries. Japan introduced “information banks” to encourage data sharing while Singapore launched the “Trusted Data Sharing Framework” in 2019 and is striving for higher adoption in 2020. As more countries prepare to launch 5G networks, further collaboration among ecosystem partners will be encouraged. In this context, we anticipate several policy trends surrounding data sharing to emerge in 2020.

Prescriptive Regulation

With the aim of minimizing risks for stakeholders, regulators may introduce prescriptive and burdensome data-sharing laws. They could require data to be stored locally, mandate a local trust certification, require companies to conform to standards set by incumbents and instruct companies to categorize shared data to the point that it is no longer useful. Such regulation does not consider the different ways companies operate. It raises compliance costs and heightens security risks if data sharing is forced without every player having the appropriate levels of protection.

Protecting the Consumer but Impeding Innovation

Although policymakers naturally aim to protect consumers from data monetization practices, this can impede innovation – as the EU’s GDPR has shown. Technologies such as artificial intelligence and IoT need large amounts of high-quality data, and when data is difficult to access, firms may choose to relocate to countries with less inhibitive laws. A common view among industry players is that excessive regulation does not stop innovation, it just moves it elsewhere. Stakeholders must work together to ensure that this does not happen and develop tools to build trust in data sharing.

Favoring Local Players

Competition regulators are wary of big international companies that hold large amounts of data. They are concerned that these companies reinforce their dominant market position by processing data to tailor their services – making it difficult for consumers to switch providers.

Additionally, regulators suspect that they use their position to force smaller players to share data with them. The Japan Fair Trade Commission has completed studies in this area. In October 2019, it released its report on trade practices on digital platforms and indicated that, moving forward, they will examine if digital platform operators use data from companies using their platforms for their own sales. Policymakers’ desire to promote local industry may motivate them to create barriers for international companies by inhibiting data-sharing practices and imposing broad provisions that include the sharing of proprietary data. As the public-private discourse risks being dominated by a small number of domestic companies, it is important for all segments of industry to be involved in discussions of data sharing in the local and regional policy environment.

No Differentiation Between Consumer and Non-Consumer Data

Data-sharing discussions tend to be disproportionately focused on personal data and to disregard other forms of data collected about environment and equipment. This non-consumer data is very valuable. For example, sensors in a factory collect data about the life cycle of equipment for companies to conduct predictive maintenance. It is also useful in determining when cracks may appear at mining sites, saving workers’ lives. There are always ways for those with malicious intent to misuse data; however, policymakers must be aware of the different types of data, such as consumer and non-consumer data, and tailor their approach appropriately so as to encourage data sharing while ensuring adequate protection.

Unsymmetrical Regional Regulations

Although governments understand the importance of accessing data to develop artificial intelligence and fintech, governments have different national priorities and appetites for risk. This could result in differing national data-sharing regulations with varying requirements and processes. Unsymmetrical regulations across regions will inhibit data-sharing activities and raise compliance costs, as tailored approaches will be needed for each market. Companies could choose to work through regional groupings and multilateral organizations to identify a common baseline that could then be adopted across different markets.

Penalties That Inhibit Data Sharing

Penalties exist to motivate stakeholders to comply with regulations and should encourage companies to collaborate, share data and be held accountable. Most importantly, penalties should correspond with the objectives of data-sharing regulation. Introducing harsh penalties like jail time for employees or very high fines could critically affect the profitability of a company and, in turn, create a culture that opposes collaboration and data sharing.

What Does This Mean for You?

Businesses must track new developments in data-sharing regulation as they evolve, especially in Asia, where the regulatory environment is more volatile and unpredictable. Companies can no longer collect and use data without facing consequences, and they need a flexible approach to gain the trust of consumers and regulators. Companies that can quickly adapt to these trends will have a competitive advantage and still be able to leverage the benefits of data sharing. In Asia, the lack of homogeneity – from culture to levels of readiness – means companies need to adopt a nuanced approach to be successful.

The pieces in this series have been extracted from a larger report by Access Partnership on the trajectory of tech policy in 2020. The next and final installment will discuss the internet of things, providing a primer on past and future regulatory motions.