Shaping success for data-driven business models
Published on 14th Jun 2022
As data and digital technology transform businesses, an opportunity is emerging for in-house legal teams to embed themselves at the heart of the business. The increasing complexity and scope of data and digital regulation mean they will need new skills and a 'hands-on' mentality. The proposed new and reworked regulatory frameworks aim to reshape the data ecosystem. Data-driven business models will need to be designed with this new legal environment in mind.
This is chapter 2.1 of Data-driven business models: The role of legal teams in delivering success
It is not difficult to find examples of businesses that have harnessed data in order to create business models that have profoundly changed their markets, or created entirely new ones.
But equally, data-driven business models can be complex to implement – not least where they are part of a digital transformation strategy. The survey results show that although the adoption of data-driven business models is widespread across sectors, many in-house legal teams find supporting their implementation to be complex and confusing. Digitalisation often completely changes the legal skillset needed to support a business initiative: for example, a bridge operator that collects tolls in the form of cash from motorists will need completely different legal advice if it launches an app for digital payment. Digitalisation and data-driven business models often rest on a foundation of tech procurement contracts, with an associated digital supply chain.
Not only can the legal relationships in any particular data-driven business model be complex, but the regulation of digital products, services and processes – and of data itself – is ever expanding. There are a number of radical legislative changes to digital regulation on the table, particularly from the European Commission, both overhauling existing legislation and introducing completely new regulatory frameworks in a number of areas. This matters because the legal and regulatory context for data-driven business models is fundamental to their viability. In this introduction to Part 2 of this report, we offer an overview of the issues that are explored in more detail in the following chapters.
The variety of data-driven business models
Digital transformation means that every sector is embracing digital tools, boosted by technologies such as the Internet of Things (IoT) and artificial intelligence (AI). Data is critical, whether as a raw material, an output, or even as a means of payment. Data is increasingly referred to as an 'asset' in its own right, reflecting the value that it can generate. Data-driven business models seek to harness that value, in some cases in the form of separate revenue streams.
Data as an enabler
Sometimes a dataset itself carries financial worth, but the value in data can also flow from its power as an enabler: reducing costs, boosting productivity or facilitating innovation. The transformation that has been enabled by the open banking and wider open finance initiatives in financial services markets is a prime example (see Chapter 2.3).
Business processes can be improved by tracking performance and/or the conditions in which they are operating. Data about past breakdowns and repairs can be fed into AI systems to generate predictions about when a machine will next break down. Data about customer behaviour and decisions can both feed into personalised offers and marketing, and inform design decisions to hone a product or service to address customer demand and preferences.
Data from different sources can be pooled to enhance these applications further (see Chapter 2.5).
Data-driven business models are often built around a digital platform to hold data and generate insights from it. For some markets, the platform is the interface with consumers, hosting the digital services that they wish to acquire or use. Such platforms often amass data about their users, which can then be used to power advertising sales, to boost personalisation of marketing, product design and development, or to power other enhancements to the core services.
Other platforms support digitally connected products, enabling data flows to and/or from them, potentially powering analysis of the collected data.
Accordingly, data-driven business models tend to have a strong digital aspect, and data regulation has to be considered alongside the wider field of digital regulation.
Connected devices and IoT systems are growing in every sector, from wearable health devices to wind turbines, to vehicles, to building management systems, to smart home systems, to children's toys, to infrastructure such as bridges (see Chapter 2.4).
Where data flowing from a connected product or service has competitive value – perhaps offering insight into demand levels in neighbouring markets such as repairs and maintenance or spare parts – access to that data can become a competition law or intellectual property (IP) issue. And new laws, like the recently proposed EU Data Act, are likely. This will mean a new regulatory landscape for the fight for data flowing from connected devices (see further Chapter 2.2).
Data-driven business models
The role of legal teams in delivering success
Digital twins are a particularly advanced example of data powering insight and efficiency. IoT systems and data flows can turn a digital model of the shape of something into a digital twin that also mirrors its functionality, physical properties and performance and integrates data flows so that the digital twin becomes a virtual replica of the physical thing.
Such digital twins are an integral part of digital industry systems (see further Chapter 2.6), but can also be created to support collaborative projects with many stakeholders (see Chapter 2.8). These twins, often modelling the built environment, can for example boost the understanding, operation and optimisation of smart cities.
Data-driven business models depend on a constant flow of data. But each digital connection is a new cybersecurity access point into the connected business or home. This is an operational risk for IT professionals, but also generates legal risk that can be managed through contractual frameworks, proper IT security management systems and supply chain terms of procurement (see further Chapters 2.9 and 2.9.1).
The interface of data-driven business models with decarbonisation
The overarching imperative of decarbonisation is also driving a new regulatory approach (discussed in Chapter 2.11). The easy availability and scalability of cloud-based processing services can make energy conservation a low priority in designing technology. Some jurisdictions are starting to address this with requirements to minimise the environmental impact of technology. France is taking a lead, with requirements and enforcement structures for the eco-design of digital services.
An emerging new legal framework
The dynamic environment for technological development is accompanied by equally dynamic regulatory developments. Case law around data continues to evolve but entirely new frameworks for data regulation are being enacted and existing digital regulation is being overhauled. The European Commission, in particular, is seeking to expand the scope of data regulation far beyond privacy, with the objective of ensuring consumer trust and engagement and also the availability of data as a resource for new business models. Businesses that are delivering data-driven business models in Europe or for EU customers need to be aware of how the regulatory landscape for data and digital products and services is changing. We are on the cusp of a major reset.
Europe is at the forefront of this development but it is not limited to Europe (see further Chapter 2.14). And although the focus for this report is Europe, data flows and digital products and services are often global in nature, with regulation from other jurisdictions impacting directly on exports from European businesses and their processing activities. Digital regulation and local compliance around the world can shape export priorities or even determine certain aspects of a business model.
The EU Digital and Data Strategies
Data and digital regulation in the EU is being driven by the European Commission's European Digital Strategy of February 2020. Its objective is to maximise the potential benefits to the economy and society from data and digital technology, noting in particular the role of data as a "key factor of production", or a raw material, for digital products and services.
Alongside its digital strategy, the Commission has also published the European Data Strategy. The latter also emphasises the role of data at the centre of digital transformation and states
… data should be available to all – whether public or private, big or small, start-up or giant. This will help society to get the most out of innovation and competition and ensure that everyone benefits from a digital dividend. This digital Europe should reflect the best of Europe – open, fair, diverse, democratic, and confident".
The data strategy goes on to identify various issues that need to be tackled, including the availability of data, particularly for innovative re-use. It notes that business-to-business sharing can be hampered by a lack of economic incentives, including the fear of losing a competitive edge. It notes that there are imbalances in market power as regards data holdings. It also cites the need to empower individuals to exercise their rights as regards data portability, noting that an absence of technical tools and standards can make such rights burdensome and not simple to use.
There is a data-centric logic across the raft of new regulation coming out of the EU. If the Digital Services Act (DSA) and Digital Markets Act (DMA) are seeking to remould aspects of established digital markets, the proposed Data Act and Data Governance Act seek to influence the characteristics of the data ecosystem that should start to thrive as data becomes more accessible. The overarching digital and data strategies set the tone and direction for the regulatory approach as a whole. In the EU, the themes of consumer trust, data accessibility and respect for fundamental rights are now set at the heart of digital regulation.
Although the EU cannot boast many major global tech players, the Commission is seizing the opportunity to set the global gold standard for digital regulation. Moreover, there are signs of a new trend for centralising enforcement to Brussels. Currently, regulatory enforcement in all fields except competition law is devolved to national Member State authorities. However, the Commission will itself take responsibility for enforcement of the reformed legislative framework for the largest digital platforms (see Chapter 2.13). This change in approach can be seen not only as a move to ensure consistent and coherent enforcement, but also as an indication of the strength of the EU's intention to influence how global data and digital markets develop in the future.
The ambitions of the EU digital and data strategies are being progressed on various fronts.
Growing the data ecosystem
New legislative frameworks have been proposed by the Commission to shape the data ecosystem, open up the availability of data held by public and private entities, and boost consumer trust in data sharing, including the proposed Data Act (see Chapter 2.2) and the proposed Data Governance Act (see Chapter 2.12).
The Data Governance Act envisages a strong ethical framework, limiting the ability of profit-making data intermediaries to use the data that they collect and sell for their own purposes, and imposing a fiduciary duty to act in the best interests of the data subjects. The proposals also envisage new structures for "data altruism", enabling individuals to donate their data to not-for- profit organisations to be used in pursuance of defined objectives (see further Chapter 2.12).
The Data Act will create a new right of access to data for businesses using digital tools that collect data about their activities (see Chapter 2.2). For example, tenants might be able to obtain data collected about their premises by systems run by building management, or the users of smart devices might have the right to access the data that their use generates (see further Chapter 2.4). The interface between these proposals to open up access to data and the protections under intellectual property that may, for some data and datasets, protect their value is an important one (explored in Chapter 2.10).
Rethinking regulation of digital platforms
In addition, the Commission has undertaken reviews of existing regulation of digital services markets to ensure that these frameworks are as effective as possible in light of developments since they were first issued. These reviews have resulted in the European Commission's proposals for the Digital Markets Act and the Digital Services Act (discussed in Chapter 2.13), both of which involve significant changes for the regulation of digital platforms, with specific obligations being imposed on specified platform market "gatekeepers" and very large digital platforms.
Ensuring trustworthy artificial intelligence
AI is another field of data-rich technology receiving close regulatory attention to ensure that the technology is developed in alignment with the values that the EU wishes to embed across data-driven products and services. The European Commission's proposals for their entirely new field of regulation are currently making their way through the legislative process. The AI Act proposes burdensome obligations in relation to data used in AI systems, as well as the AI technology itself and its implementation (see Chapter 2.7).
Artificial intelligence is built in a fundamentally different way to other software and systems, and the interface with intellectual property rights is not yet settled (as is explored in Chapter 2.10).
The regulatory landscape around data-driven business models is set to become fundamental to how they are built and operated. As noted, keeping on top of both the current position and the known changes is important because the legal and regulatory context for data-driven business models is fundamental to their viability. As such, compliance increasingly needs to be designed into products and services from the outset.
Although the extent of change can be daunting, in-house counsel need to embrace this opportunity to put themselves at the heart of innovation in their businesses, delivering the advice needed to shape the success of their organisation's data-driven products and services.
Data-Driven Business Models: The role of legal teams in delivering success
Explore the full report
Data-Driven Business Models: The role of legal teams in delivering success
We have partnered with European Company Lawyers Association (ECLA) to produce a report exploring the challenges and opportunities associated with new data-driven business models.
2.1 Shaping success for data-driven business models
2.2 Access to Data (and how to enforce it)
2.3 How open banking has facilitated data-driven business models, and what's next
2.4 Our new products are connected – what implications does that have?
2.5 Data Pooling and Data Integration in Groups of Companies
2.6 Digital twins: enabling sale of a service, not an asset
2.7 Regulating data-powered artificial intelligence
2.8 Digital twins in the built environment
2.9 How to respond to a ransomware attack – an illustrative example
2.10 Cyber security – Are you prepared? Some thoughts on cyber security governance
2.11 Future IP issues relating to data-driven business models
2.12 Challenging the environmental impact of data-driven business models
2.13 Trust and Legal Certainty for the Data-driven Economy? A look into the EU Data Governance Act
2.14 Rethinking regulation of data-driven digital platforms
2.15 Data Law Landscapes Beyond Europe