The Regulation of Access to Personal and Non-personal Data in the EU: From Bits and Pieces to a System?

Forthcoming as a book chapter in Bart van der Sloot & Sascha van Schendel, The boundaries of data: technical, practical and regulatory perspectives, Amsterdam University Press 2023.

TILEC Discussion Paper No. 2022-019

Tilburg Law School Research Paper

26 Pages Posted: 15 Dec 2022 Last revised: 26 May 2024

See all articles by Thomas Tombal

Thomas Tombal

Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT); University of Namur

Inge Graef

Tilburg Law School; Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT); Tilburg Law and Economics Center (TILEC)

Date Written: December 15, 2022

Abstract

As early as 2014, the European Commission started to consider the adoption of legislative and non-legislative measures to stimulate the European data economy by promoting access and reuse of data. For many years, the nature of the data has influenced the rhetoric used and the priorities set in the debates about access to data. While the need for restrictions to create trust and control for individuals has been emphasised in the context of personal data, there has been a much stronger focus on openness and reuse as mechanisms to promote data-driven growth for non-personal data. Interestingly, the European Commission seems to have departed from this dichotomy in its Data Act proposal published earlier this year. Indeed, the scope of this legislative initiative no longer depends on whether data qualifies as personal or not, although the distinction between personal and non-personal data still impacts the extent of data access.

The paper discusses how different types of data and different policy objectives in the area become intertwined and how different regimes regulating access to data can be aligned – despite the current piecemeal regulatory approach. As we will show, overlap between different data access regimes is common, so several regimes can apply in parallel to the same situation. On the one hand, we discuss the relationship between the GDPR’s right to data portability and the IoT data access right created by the Data Act proposal. On the other hand, we discusses how forms of data access beyond the initiative and control of individuals can be brought in line with the GDPR. Before diving into these issues, we provide a background of the policy and academic debate regarding the distinction between personal and non-personal data.

Keywords: Data Access, Data Economy, Data Regulation, Data Sharing, Data Act, Legislative coherence, Personal Data

JEL Classification: K20, K30

Suggested Citation

Tombal, Thomas and Graef, Inge, The Regulation of Access to Personal and Non-personal Data in the EU: From Bits and Pieces to a System? (December 15, 2022). Forthcoming as a book chapter in Bart van der Sloot & Sascha van Schendel, The boundaries of data: technical, practical and regulatory perspectives, Amsterdam University Press 2023., TILEC Discussion Paper No. 2022-019, Tilburg Law School Research Paper, Available at SSRN: https://ssrn.com/abstract=4304148 or http://dx.doi.org/10.2139/ssrn.4304148

Thomas Tombal (Contact Author)

Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT) ( email )

P.O.Box 90153
Prof. Cobbenhagenlaan 221
Tilburg, 5037
Netherlands

University of Namur ( email )

8 rempart de la vierge
Namur, 5000
Belgium
+3281724768 (Phone)

Inge Graef

Tilburg Law School ( email )

Tilburg, 5000 LE
Netherlands

Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT) ( email )

P.O.Box 90153
Prof. Cobbenhagenlaan 221
Tilburg, 5037
Netherlands

Tilburg Law and Economics Center (TILEC) ( email )

Warandelaan 2
Tilburg, 5000 LE
Netherlands

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
390
Abstract Views
962
Rank
147,034
PlumX Metrics