The Data Act represents an important contribution to the European regulation on data protection, which mainly deals with the creation of value resulting from the use of data.
The Data Act joins the Data Governance Act, which entered into force on September 24th 2023. Together, they pursue the goal of facilitating and accelerating the circulation of data and ensuring that their use occurs in protected and secure environments, in compliance with the European and national laws of each member State.
To this day, these texts represent globally the maximum regulatory effort on the matter, which involves also the issue of the reuse and reprocessing of data through artificial intelligence (AI).
Provisions of the Data Act
The Data Act, together with the Data Governance Act, operates mainly by setting subjective and objective conditions in order to determine the legitimacy of the activities creating value by reusing data, such as the case of Artificial Intelligence.
In this regard, the regulation tried to regulate the issue relating to the protection of protected data on account of the intellectual property rights of third parties, and the reuse conditions, inside the European Union, of similar data detained by public entities, besides offering a framework for the voluntary registration of entities that collect and process data made available for altruistic purposes.
Nevertheless, in order to safeguard the protected nature of data, in compliance with the European Union and national laws – which must be guaranteed – there have been provided a number of measures aimed at reaching such goal.
With regards to trade secrets, including content protected by intellectual property rights, the hypothesized solutions involve their modification, aggregation or processing through any other method of disclosure control.
In light of the above, it is clear that the theme of intellectual property rights protection has an important role in the current community regulation and it must be counterbalanced with the need to facilitate the reuse of data, even through Artificial Intelligence.
Reuse of data and artificial intelligence: main difficulties
Among the main issues found or expected in relation to the reuse of data by AI there is the legitimacy of the so-called input activities, that is those activities of data accessing, reading, analyzing, exporting and AI training, in case these activities have as object copyright protected works. This concern arises because, to this day, there is not a regulation that has precisely specified the criteria to adopt in order to balance the protection granted to copyright with the interest to access protected data.
Moreover, regardless of the regulation efforts made, one can note a clear discrepancy between the postulated protection tools and its actuation since the effective relating regulation seems to be missing, determining thus a certain degree of implementation uncertainty.
This uncertainty increases also as a consequence that in the Data Act text there is no connection to the exception of data reuse provided for in the Directive (EU) 2019/790, that is the Copyright Directive. Such specification could turn out to be crucial in order to eliminate, or in any case limit, the risk of possible disputes for copyright infringement in the context of AI systems training, already quite a bit abroad.
Conclusions
We should look favorably at the strong interest and sensibility put by the European Union in the themes relating to the use of data also by AI through its regulation efforts. The slowness and the ways acted by the institutional organisms at intervening remains questionable, given the urgent need for an updated and flexible regulation able to be adapted to a fragmented and ever-evolving reality.
Elena Bandinelli