3rd ICAI 2024

International Conference on Automotive Industry 2024

Mladá Boleslav, Czech Republic

4. Applicability of the EU Data Act to access to valuable automotive data Regulation 2023/2854, the Data Act, is a general horizontal regulation applicable to all data generated by smart devices across the expanding Internet of Things (IoT) (Gill, 2022; Chiarella and Borgese, 2024). Therefore, according to the principle Lex specialis derogat legi generali , the new regulation should only be applied to data generated by connected cars where the special regulation for the automotive sector does not reach, i.e. the given Regulation 2018/858 explained in the previous section. The Data Act can fill in the gaps left by this regulation or help interpret its non-specific provisions. As it is not the aim of this paper to capture the entirety of the rather extensive Data Act, its analysis will focus only on the question of what regime it establishes beyond Regulation 2018/858 for access to in-vehicle data, functions and resources. In light of the shortcomings of Regulation 2018/858 identified above, the first sub question is how broad a category of data or “sources” the Data Act covers. Already from Article 2 defining the terms used by the regulation it can be seen that “data” means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording. This definition covers both personal data (for which the Data Act does not override the GDPR’s processing regime) and non-personal data. From the definition of “connected product”, contained in the same article of the Regulation, it can be inferred that it is data produced in such a way that the smart product, which may be a car, obtains, generates or collects and that it is data concerning its use or environment. Thus, in the abbreviation used in the preamble to the regulation (recital 5), the Data Act covers “data generated by the use of that connected product or related service”, while we know from Article 4 of the Act that it also covers “the relevant metadata necessary to interpret and use that data”. On the face of it, the definition is broader than Annex X of Regulation 2018/858, because the Data Act covers all data generated by smart cars (including external data from their surroundings) and related services, whether it is needed for repair and maintenance or anything else, e.g. to develop new services for drivers or to personalise vehicle insurance terms. The Data Act, however, contains no refining analogue to Annex X; recital 15 of its Preamble at least offers the following refining breakdown: • The Data Act regulates the regime of data which are not substantially modified, meaning data in raw form, also known as source or primary data which refer to data points that are automatically generated without any further form of processing, as well as data which have been pre-processed for the purpose of making them understandable and useable prior to subsequent processing and analysis. • By contrast, Data Act does not cover information inferred or derived from such data, which is the outcome of additional investments into assigning values or insights from the data, in particular by means of proprietary, complex algorithms, including those that are a part of proprietary software. Such non covered data could include, in particular, information derived by means of sensor fusion, which infers or derives data from multiple sensors, collected

154