data economy - legal aspects of new technologies

EU regulations banning certain AI practices go into effect on 2 February 2025. Some institutions may assume that the bans only apply to extreme practices, which they would never be involved in. But the ban on using AI systems to assess the risk of that someone has committed a crime, or will commit a crime, shows that this is not the correct approach. A more in-depth analysis reveals that some market practices now considered standard, especially in financial services, may prove questionable once the bans enter into force. This is particularly true for monitoring of money-laundering risk and more broadly the risk of fraud.

The Digital Markets Act or DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector), which entered into force on 1 November 2022, creates many new obligations for businesses operating in the digital sector, particularly so-called “gatekeepers.”

The DMA will impact the functioning of the entire digital ecosystem—not only gatekeepers, but also other participants in digital markets, including business users and end users of core platform services, competing providers of core platform services, and providers of other digital services.

This is because the obligations and prohibitions imposed on gatekeepers will either directly or indirectly vest other groups with rights they can pursue before national courts.

Sharing, exchanging or jointly collecting data may be valuable for the businesses involved and for the development of a given industry sector, technological innovation, and, as a result, consumers. Indeed, data are of fundamental importance for the development of the digital economy, either alone or as a basis for functioning of artificial intelligence. Hence, the competitiveness of companies on the market depends on access to relevant data.

Issues related to access to data have been addressed, among other places, in the “Competition policy for the digital era” adopted by the European Commission. This policy notes that discussions between undertakings on data sharing cannot be conducted in isolation from the nature and type of data, how it is used, and the specifics of the market in question.

Businesses holding certain data may find it risky or not economically justifiable to share it at all. They may fear the loss of competitive advantage, wrongful appropriation of the data, or use of the data in breach of contract. There may also be concerns about possibly violating competition law. The latter concern is also recognised in a Commission document, the “European data strategy.” It highlights the need to update the Commission guidelines on horizontal cooperation, so that the Commission provides additional guidance on the compliance of data-sharing and -merging arrangements with EU competition law.

The activity of public sector entities often involves generation and use of extensive sets of data. These datasets serve to perform public tasks, but often have measurable economic value. Here we will examine the rules under which entities from outside the public sector can gain access to data of this type and use them to create new products and services.

In previous articles in our series we discussed whether data can be subject to property rights or can be protected within known categories of intangibles. Today we will consider if and when data can be protected as a trade secret.

First we should clarify what a trade secret is and what protection this classification provides.

Trade secrets: When is protection provided?

Under Polish law, issues relating to the protection of trade secrets are mainly regulated by the Unfair Competition Act of 16 April 1993. At the European level, the Trade Secrets Directive (2016/943) has harmonised the protection of trade secrets to some extent.

The subject of the discussion below will be “trade secrets” (tajemnica przedsiębiorstwa), and not “business confidentiality” (tajemnica przedsiębiorcy) as referred to in Art. 5(2) of the Act on Access to Public Information of 6 September 2001. Judgments issued under that act indicate that in certain situations “business confidentiality” may be understood more broadly than “trade secrets” within the meaning of the Unfair Competition Act, and also includes information which has no economic value as such but the disclosure of which could have a significant impact on the undertaking’s economic situation and competitiveness (Supreme Administrative Court judgments of 17 January 2020, case no. I OSK 3514/18, and 5 July 2013, case no. I OSK 511/13).

To complement our previous considerations about the civil-law status of data, we should analyse the possibility of using data to create security interests in business transactions. The increasing economic value of data inspires a search for effective ways to collateralise these assets.

To better illustrate this point, let us use a visual example. Imagine a server owned by company X. Various data are stored on the server, including data collected by X for the purpose of training an advanced algorithm used for medical diagnostics. The market value of the data stored on the server exceeds many times over the value of the server itself.

X provided its creditor, company Y, with security in the form of a registered pledge on the movables of X. X did not fulfil its obligations towards Y, and therefore Y enforced its security and took ownership of the server storing the data. The value of the server alone is insufficient to satisfy all of Y’s claims against X, while the value of the data stored on the server exceeds X’s debt to Y. What is the effect of Y’s taking ownership of the server?