3rd ICAI 2024

International Conference on Automotive Industry 2024

Mladá Boleslav, Czech Republic

market operators, for public budgets and for end consumers, as well as implications for the EU’s competitiveness in international comparison (Šmejkal, 2023) . The second part of the explanation for why, after several years of discussion, a legislative proposal is not on the table, is the fact that the EU directly addresses access to car data in the Regulation 2018/858 on the approval and market surveillance of motor vehicles effective from September 2020 and in general terms also in the Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (so-called Data Act), which will become effective from September 2025. According to the car manufacturers, the issue of car-generated data sharing is sufficiently covered by them until it is tangibly proven otherwise (ACEA, 2023). Here, however, the organisations representing the independent aftermarket fundamentally disagree (ADPA et al., 2023, 2024). This paper aims to analytically explain how the sharing of data generated by cars is regulated in the current EU and, on this basis, to determine whether and what deficits the current legislation has. In addition to EU legislation, the main sources of research will be the judgments of the CJEU, the opinions of stakeholders (in particular car manufacturers’ organisations and organisations representing the aftermarket) and, of course, secondary literature on the issue under study. Using these sources, the author will try to define the part of the question of access to car-generated data that is already substantially answered by EU law and to identify more precisely the part that lacks satisfactory legislation at the beginning of 2024. 2. EU rules on data access and sharing There is no doubt that the EU has long understood the importance of data to the modern economy and considers access to data as a prerequisite for the healthy competitive functioning of a data-driven economy (Mňuk, 2023). This assessment is underpinned by cross-cutting legislation such as Regulation 2018/1807 on the free flow of non personal data in the European Union, and in particular the new EU’s Data Act, as well as by legislation impacting exclusively the online sector (the Digital Markets Act – Regulation 2022/1925) and those specifically addressing data in the automotive sector (Regulation 2018/585 mentioned above, as well as Commission Regulations 2022/720 and 461/2010 as well as the Communication which regulate the exemption of vertical restraints in agreements on the sale and repair of motor vehicles from the prohibition of cartel agreements 2023/C 133 I/01). On the other hand, the EU is aware of the risks to privacy and cybersecurity, as well as to IPR protection, that the release of data flows may entail. Thus, the EU also has the Cybersecurity Act (Regulation 881/2019), the Data Protection Regulation – GDPR (Regulation 2016/679, which also mandates data portability in Article 20), and a number of protections against IPR in almost all of the above-mentioned regulations. EU measures can take the form of regulations binding their addressees ex-ante with cross-cutting or sector-specific catalogues of permitted or commanded conduct, which is often criticised as a bureaucratic straitjacket on business. In addition, they may consist in a more liberal-looking ex-post enforcement of prohibitions of certain defective conduct, both from the position of protection of the public interest (protection of competition and the activities of the authorities charged with their protection) and the

149