Legislating on Data Commons: What It Should (Not) Be

Commons and cooperatives have recently gained traction in discussions around the governance of digitized societies, including with European Union (EU) legislature that now recognizes ‘data cooperatives’ within its new data legislation (Data Governance Act or ‘DGA’). Data commons and cooperatives are indeed often presented as ‘democratic’ and ‘sustainable’ alternatives to the currently Big Tech-dominated economy. In light of this momentum, there is a need to critically evaluate the intersection of such forms of collective governance and the law. This begs two questions. First, to what extent does recent law recognize and support the development of data commons? We hereby focus on the new EU data legislation that explicitly aims to structure the ‘European way for data governance’ (DGA, recital 32). Second, what should legislating for data commons look like? Here, we define data commons, in a non tech-oriented way, as a group of people, a community, or a collective that sustainably govern data and the related relationships they have as a group. Software or knowledge-oriented initiatives like Open Source and Wikipedia, are outside of this definition’s scope.

Assessing EU Data Legislation’s Recognition and Support of Data Commons Development

Data cooperatives are often expected to constitute promising forms for democratic data governance mechanisms such as data commons to flourish as an alternative to the Big Tech-dominated economy. With the new DGA, the EU now explicitly recognizes ‘data cooperatives’. This begs the question of whether, by doing so, EU law now also recognizes the seemingly related notion of data commons, and whether it endorses them as a governance model and supports their development.

In line with the steady market-oriented approach of the European Commission concerning cooperatives, the DGA regards data cooperatives as transactional intermediaries supporting data transactions. Such data cooperatives shall ‘empower’ weaker parties by strengthening their bargaining position. Actually, data cooperatives under the DGA do not have data as the object of the jointly conducted activities – they notably exclude data pooling endeavors. They rather share knowledge and leverage the collective as a bargaining tool in data transactions. Therefore, they rather resemble data unions. Neither do they cover the joint production of data, nor the joint management of the use of data. Both the original and secondary use of data lie outside of the activities of such data cooperatives. It is striking that the coming into existence (‘production’) of data remains entirely unaddressed because it constitutes the prime locus for disempowerment of weaker parties in the digital environment, and is one of the often-invoked arguments in data commons theories.

That the DGA does not recognize data commons, however, does not mean that it hinders their coming into existence or development. On the contrary, it could be argued that it preserves them from the stringency of the legal regime laid down by the DGA. This raises the question to what extent other sites of EU data legislation relating to data and data governance law have the potential to support the development of data commons.

As stated by the European Commission in its European Data Strategy, its greater goals are to establish data markets while in check with ‘European values’ – such as data protection and fair competition. This translates, first, into the allocation of subjective rights in data – such as data access, data portability, etc. under the Data Act and the proposed Health Data Space Regulation. Such rights then form the basis upon which data can be exchanged through various types of data transactions However, such legislation does not recognize the possibility for community rights to data, however relevant when considering collective forms of data governance like data commons.

The EU data strategy also requires the strong involvement of public authorities. This is for example visible with the proposed framework for ‘digital product passports’ (DPPs) under the proposed Ecodesign Regulation. At the crossroads of the data and the circular economy, DPPs are expected to feed the demand from both private and public players for product-related data and information that are needed for circular strategies. The Commission aspires to require product manufacturers to make a broad array of such data and information available to the relevant players through a unique electronic passport. On the one hand, private players will store and manage data and information intended for other private entities in a decentralized manner. On the other, will the Commission run a centralized ‘registry’ concerning the use of such data and information that are intended for public authorities. The Health Data Space Regulation, which seeks to harmonize the conditions and stimulate the reuse of health data, also relies on the role and tasks of public authorities. Especially, national ‘health data access bodies’ will be entrusted to decide upon the access to and reuse of health data, based on the issuance of ‘data permits’. Once more, forms of collective or community-based data governance like data commons are not even discussed and thus recognized as a viable form of data governance. Public authorities, in other words, are expected to become the gatekeepers of an increasingly commercialized digital market.

The expected cumulative result is the reinforcement of old patterns of data production and the simultaneous disempowerment of collectives and communities with an interest in governing their data more independently and sustainably.

How Laws Should Support Data Commons
There thus seems to be little support reserved for the development of data commons in recent EU legislation. But how could (and perhaps should) legislation be of help when supporting data commons initiatives? While EU data legislation starts with ‘data’ and then proceeds with governance ‘solutions’, it is interesting to proceed the other way around. In line with the Ostromian tradition to analyze commons albeit often missing in much data commons research, we analyzed the (hypothetical) roles legislation could and sometimes should have for the support of data commons with the help of three case-studies that illustrate in different ways the various roles data could play in collective governance arrangements.

First, the ‘shared server model’ is one of the options envisaged to empower weaker actors – including independent car repairers – against the data-driven dominance that car manufacturers have acquired on car industrial ecosystems. The model intends to empower actors by instantiating collective governance procedures over both the generation and processing of data that is needed to build and repair modern cars. This attempt to collectively govern the data and tech-related sides of car manufacturing makes this model qualify as a data commons.

Our second case-study involves the many interrelated ‘Indigenous Data Sovereignty’ (IDS) movements that fight for rights to control, access, and analyze their data. In general, IDS movements are initiated by specific Indigenous communities with an interest in the governance of datasets by or about themselves, and see their efforts as part of more encompassing effort to counter (data-related) harms inflicted to them by settler States (For instance concerning the health of Maori peoples). Rights to data, for IDS movements, are only a small element of the rights they fight for in their decolonial struggles.

A third example concerns the attempt of a neighborhood in Detroit to deal with a structural problem affecting them. Multiple black children were killed by white drivers in a short period of time on the same street corner. To be able to make a case that these casualties were not incidents but a structural problem, the community started to gather and produce data about these deaths themselves, transform these into a map, and by doing so, engaged in a form of collective data governance as a means to visualize oppression and challenge governmental power.

Beyond Data Governance?
Now, what can we learn from these case studies concerning the role that laws could play to support data commons? ‘Data’ does not stand as the sole focal point or the economic resource that is collectively governed. Data look to other purposes, they are functional to fulfilling other objectives, with the community or collective potentially varying in its level of involvement in pursuing these. Being incorporated into such a broader ecosystem, data are governed to help strengthen or empower the concerned community vis-à-vis other actors or to equalize members within a community. A crucial component is the generation of data, including the technological design and the agenda setting for deciding about what – and whose – data should be generated in the first place, and for which purpose. Enabling communities (and members thereof) to make such decisions in connection to – but not necessarily centered on – data, empowers them. In contrast, EU data legislation, that starts with existing data, is not centered on the empowerment of communities and collectives.

The law is often anticipated to recognize communities, putting their role, legitimacy, interests and prerogatives front and center to pursue specific actions and practices. In light of existing significant power imbalances, which data commons aim to overcome to some extent, data governance lawmaking may well prove useful to navigate the transition towards more established renditions of data commons, for example by requiring participation in the data commons or by contributing to their governance in case of power unbalance between the members.

At this point, it is clear that ‘data commons law’ does not – and arguably, should not – exist. Various legislations may be called upon to intervene, depending on local needs, that need not be ‘data-related’ ones. They may range from municipal decrees to allow for and recognize road safety data collection on public roads, to technical harmonization and certification of vehicles, evidentiary law, the legal status of indigenous peoples or of civil society organizations to engage into certain activities. Not only is EU data legislation not conducive to data commons, but it could undermine their development by endorsing data as the primary regulatory subject-matter, and thus also the legitimacy of the (until then) de facto control of data by powerful actors such as car manufacturers. This makes it more difficult both materially and discursively for data commons to flourish sustainably and autonomously. Finally, data commons can be considered as an avenue to address certain issues such as those found in the case studies. However, they should not be construed as the cure-all-tool for all tech or data-related problems. For example, data-driven predictive policing raises not only – and maybe not mainly – the question of who governs and how, but also and primarily whether we, as a society, want the associated permanent surveillance of (innocent) citizens or not.

Reimagining EU Data Legislation: Advocating for Data Commons Over Market Dominance
In this blog post, we have investigated the relationship between data commons and EU law. In its attempt to structure an EU way of data governance, EU data legislation generally sidelines data commons as a suitable approach, while giving prominence to data markets to which states may lean a hand in case of ‘market failures’. The notion of ‘data cooperative’ recognized in the DGA does not refer to data commons as defined above, but rather to a market-conducive form of data unionism. In that light, we enquired about how the law could and sometimes should support data commons, through the analysis of three case studies. Very much in contrast with the established course of action of the EU, we found that data commons initiatives do not necessarily put ‘data’ front and center. Data are instrumental to broader societal goals which, in our case studies, pertain to various forms of empowerment of communities or collectives (and their members). The local nature of data commons implies that the role expected to be played by the law differs from one to the other and does not necessarily have to do with data. We do not argue in favor of a ‘data commons law’ – a new ‘law of the horse’! The data commons perspective serves as an analytical tool and helps to emphasize the local conditions of data. The adequate regulatory level should be that of the purpose of data commons. Concerns about local situations does not prevent any further generalization of the law’s potential for supporting data commons. Instead, we advocate for thorough empirical research that identifies shared principles for legal frameworks that help data commons burgeon.

About the authors: Charlotte Ducuing, Gijs Van Maanen, Tommaso Fia

Parts of Gijs van Maanen’s and Charlotte Ducuing’s contributions to the writing of this blog post were part of the project ‘Understanding Information for Legal Protection of People Against Information-Induced Harms’ (‘INFO-LEG’). This project received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement No. 716971). The blog essay reflects only the authors’ views, and the ERC is not responsible for any use that may be made of the information it contains.