Data Symposium 2024 discussed practical effects of AI and data sharing
by Pessi Honkasalo
The Krogerus Data Symposium 2024 brought together hundreds of data and AI experts on 23 October at Lasipalatsi to discuss the upcoming changes brought by the Data Act and the AI Act. This year, the programme highlighted both the practical challenges and opportunities that technological advancements and the EU legislator's responses to them will present to companies' operations. This article dives deeper into the day's topics by discussing the model contractual terms for data sharing under the Data Act as well as IP rights in the new world of AI.
The Krogerus Data Symposium is one of Finland's largest events focusing on data and AI regulation and utilisation. The event was organised in partnership with the Technology Industries of Finland. "With the Data Symposium, we have wanted to create a platform where attendees can learn from one another, share their experiences and discover new opportunities for collaboration around data and AI", say Krogerus' Technology, Data & IP practice's Partners Kalle Hynönen and Pessi Honkasalo.
Data Symposium's programme included speeches from, for example, Silo AI's Co-Founder Tero Ojanperä, who talked about the strategic implications of the AI revolution; Anu Bradford, Henry L. Moses Professor of Law, who discussed competing digital governance models in the US, China and the EU, reflecting on her book Digital Empires: The Global Battle to Regulate Technology; and Anna Aurora Wennäkoski from the Finnish Ministry of Transport and Communications, who shared where we stand regarding the national implementation of the Data Act. In this article, we will take a closer look at two of the Data Symposium's presentations from Univ-Prof Dr Christiane Wendehorst (Co-Head of the Department of Innovation and Digitalisation in Law at the University of Vienna) and Ingrid Viitanen (VP, General Counsel Strategy & Technology at Nokia).
Reaching significant levels of data sharing requires companies to identify the commercial benefits it offers
Ingrid Viitanen's speech focused on navigating uncharted territory regarding IP and data rights in the new world of AI. With the rise of AI technologies, there has also been a rise in new IP-related issues, such as: Can copyrighted content be used for training large language models (LLMs) without the right holder's consent? What happens to your data when you import it into an AI tool; who will have access to the data and how will it be used? Who holds rights in the outputs created by AI tools?
These questions pose new IP-related challenges and concerns regarding confidentiality and security. At the same time, in order to keep up with the market, it is a commercial imperative to use AI tools that help companies work more efficiently and creatively. "We can only consider using an AI tool if our inputs will be secure and our ownership and rights in those inputs will not change", says Ingrid Viitanen. According to her, legal developments that could help use AI tools more confidently and efficiently could include legislative guidance on how to treat outputs of an LLM, clearer rules for allocating accountability for infringement, and providers taking technical measures to prevent replication of training data.
With the rise of AI, it has become evident that we need to make the same strategic effort with data as we've made with intellectual property. "Data and IP are quite similar in many ways: data – unlike other economic resources – is intangible, something that humans can create infinitely, and something that can be replicated at low cost. We need to think more consciously about what data we have available, how to capture, protect it and catalogue it, and how we consider its value to ourselves and others", says Ingrid Viitanen.
Humans will generate an astonishing amount of 175 zettabytes of data in 2025. "We can't hope to make sense of this amount of data using only human resources. We need to augment our skills with non-human tools like AI and machine learning. But first every organisation has to decide strategically what it wants from its data", says Ingrid Viitanen. This can be achieved, for example, by creating a data strategy that covers data governance (roles, responsibilities and processes), data management (data collection, categorisation, accessibility and reliability) and data analytics (leveraging the data to solve specific business needs).
Currently companies are sharing data only when it is required by law, but we are not seeing broader sharing initiatives yet. "Companies are in unfamiliar territory, and they are worried about giving away more than they gain. Ultimately any new direction will need to come from the market itself. We will only see significant levels of sharing data when companies identify concrete commercial benefits in reciprocal data sharing in their ecosystems and find smart models to do that", concludes Ingrid Viitanen.
Are workable model contractual terms for the Data Act a mission impossible?
In her speech, Univ-Prof Dr Christiane Wendehorst shared insights on the model contractual terms that a separate expert group has been tasked to develop regarding data sharing under the Data Act. The group's task is to develop non-binding model contractual terms on data access and use that include terms on reasonable compensation and the protection of trade secrets. "The mandate is extremely broad: data sharing scenarios are extremely diverse and many of the statutory data sharing obligations governed by Chapter III of the act do not even exist yet", comments Christiane Wendehorst and continues: "The mission of the expert group is in general a mission impossible, which is why the group needs to focus only on a few key scenarios, such as, contracts falling under Chapter II of the act".
The expert group needs to consider, for example, the following key scenarios under the Data Act:
- According to Article 4, a data holder may only use non-personal product and related services data on the basis of a contract with the user. The article even restricts sharing of product data with third parties to cases where this is in "fulfilment" of the contract.
- Article 5 sets the framework for sharing data with third parties (data recipients) upon the user's request for purposes and conditions agreed between the third party and the user. Data can thus be shared upon the user's request with third parties. This poses challenges regarding how to determine reasonable compensation and how to ensure the protection of trade secrets.
- Under Article 4, the user also has the right to make a request to the data holder to share the data directly with the user. There is no strict requirement to make a contract, but there will almost always be a contract between the data holder and the user, where the parties may be well advised to include details of the user's access right. This poses challenges regarding party autonomy and the extent companies are free to add clauses to the contract.
An important question that Christiane Wendehorst raised was if the model contractual terms could ensure that Article 5 is not undermined by Article 4. Technically the user can request the data under Article 4 and then pass the data on to a third party. This could undermine the whole arrangement, since the data recipient could get the data free of charge and with fewer restrictions compared to Article 5. Could the model contractual terms provide for a waiver of user's right to share data with third parties? If the right under Article 4 cannot be waived against compensation, the data holder must assume that the user will make maximum use of that right and share the data with a maximum number of third parties. "Prices can therefore be expected to rise significantly and low-income groups will be forced to monetise their data. It would therefore be very important to have the waiver option, but it is very difficult to find a solution that will not, undermine the user's Article 4 right to access data", says Christiane Wendehorst.
"From politicians and the industry side, there is pressure to produce model contractual terms that are absolutely correct, comprehensive, safe, and easily digestible – however, this may not be possible. The most difficult problem for drafting the model contractual terms is the lack of certainty as to the correct interpretation of the Data Act. The terms will thus indirectly serve as a tool for reversing mistakes, with unclear prospects of withstanding scrutiny by the ECJ", concludes Christiane Wendehorst.
Additional information and next year's event
We are already looking forward to organising the Krogerus Data Symposium 2025 and will release more information later on. In the meantime, please feel free to contact our Technology, Data & IP team with any questions. We would be delighted to continue the Symposium's discussions with you!