Prospects of ‘Business to Government’ data sharing in Europe: Insights from Covid-19 and political philosophy
Data collected from mobile phones, social media, digital transactions, GPS devices and other sensors has huge potential social value that could serve the public interest. However, most remains privately held and untapped, and Business to Government’(B2G) data sharing practices are poorly developed.
Covid-19 crisis management has acted as a booster of data sharing practices between commercial companies, businesses and governments. But is has also made evident the existence of gaps and barriers to establish a sustainable and systematic B2G data sharing policy in the current data governance environment.
In the EU area, the main governance-related barriers to a B2G data sharing policy are issues in the definition of the policy scope, the lack of a harmonising horizontal legal framework, and specific economic barriers. The European Data Strategy 2025 might offer some solutions and is considering giving state legislative mandate to demand access to privately held data.
The discourse on B2G data sharing practices in the EU is inevitably addressing the problem of power balance between the state and the private sphere. Classic concepts from political philosophy, such as the notion of ‘justification of the state’ and ‘consent’ might direct such a discourse towards the creation of a data sharing environment which is more inclusive, participatory and democratic.
Context and reasons for B2G data sharing
The technological advancements of the last decade have enhanced the societal ability to collect, process and use data in a way that is often referred to as the ‘data revolution’ (Kitchin 2015; Alemanno 2018). In fact, as the amount of data produced grows every day, the value of data as a resource for economic growth and innovation also increases. If the economic value of data is estimated to rise in five years up to €829 billion (5.8% of EU GDP) only in the EU area (European Commission 2020a), it comes as no surprise that data is considered to be to the 21st century what oil was to the 20th (Lovelace, 2016).
But besides its strictly economic value in the production of commercial services, data has a huge potential social value that might accrue the public wellbeing. In fact, real-time behavioural information collected from mobile phones, social media, digital transactions, global positioning system (GPS) devices and other sensors can serve the public general interest by informing decision making in targeting complex social challenges, such as climate change, natural disasters, urban planning and, notably, pandemics (European Commission 2020b; Richter 2020).
However, most of such social value remains untapped, as the majority of behavioural data (e.g. mobile phone records, GPS location or social media data) that might serve the public interest are held by – often few big – private companies rather than public authorities (European Union, 2020). Hence the urgency of ‘Business to Government’ (B2G) data sharing practices: in order to realise the full economic and social value of data, there should be a systematic exchange of data between the private sector and the public authorities responsible for decision making and the provision of public services.
While there is an emerging consensus in Europe on creating an environment that facilitates such an exchange of data, there is still much unclarity on the modalities to realise that (Richter, 2020). The current Covid-19 crisis offers interesting insights on both the potential social value of B2G data sharing and the existing barriers to its systematic implementation.
Covid-19 crisis management and B2G data sharing
The Covid-19 pandemic is making even more evident the social value of data beyond the typical commercial value extracted by the firms responsible for its collection. In fact, pooling contact and location data though private-public partnerships can be useful in managing the response to the health crisis to reduce the social costs of the pandemic. However, the pandemic is also magnifying some of the barriers that obstruct the complete realisation of such social value.
At first sight, Covid-19 seems to have acted as a booster of data sharing practices between commercial companies, businesses and governments (EU Science Hub, 2020a). In particular, unprecedented examples of private-public partnerships have arisen, in order to accomplish two types of task. First, about 20 Mobile Network Operators (MNOs) across Europe have decided to cooperate with respective EU Member States to provide access to analysed and aggregated mobility data. This initiative should help fight Covid-19 by providing an input to the epidemiological and economic models that inform de-escalation strategies and potential re-escalation policies (EU Science Hub, 2020a). In so far, the EU Joint Research Centre has used this data to conduct a systematic analysis of the relationship between human mobility and virus spread within and across countries. They have found evidence that mobility alone can explain up to 92% of the initial spread of the virus in Italy, France and Spain (EU Science Hub, 2020b), while its effect decreases in later stages due to the increased use of protective measures and physical distancing (EU Science Hub, 2020c). On this evidence, they recommend targeted re-escalation policy responses in the event of future waves, based on the identification of geographic zones with high degree of intra-mobility exchange (Mobility Functional Areas) (EU Science Hub, 2020d). Second, a public-private dialogue between app developers and health authorities is ongoing in many EU countries about launching contact tracing apps. The purpose of these apps is to complement the manual contact tracing efforts by health authorities by recording location data or Bluetooth communication data that allows automatic detection of exposure to the virus. Although mobile apps can never replace regular contract tracing efforts, as not everyone has a smartphone or is willing to download the tracing app, the European Centre for Disease Prevention and Control (ECDC, 2020) recognises their significance, especially after containment measures have been lifted. In fact, differently from manual tracing, these apps can quickly trace contacts without relying on the memory or awareness of the infected case, and facilitate cross-border contact tracing (ECDC, 2020). Moreover, the development of these apps features an unprecedented involvement of public health authorities in all stages – from design to piloting and evaluation – that might be exemplary for future B2G initiatives (EU Science Hub, 2020a). Also, the timely attempt by the European Commission to produce guidelines on Covid-related apps and data protection can establish a model for harmonisation of future B2G practices at EU level.
However, both types of collaborations have revealed the limits of current data sharing practices in the EU. Regarding the collaboration between governments and Mobile Network Operators (MNOs), the process has no legal basis that could be reproduced in less extraordinary situations. In fact, MNOs have voluntarily agreed to provide access to their data on the basis of a letter sent by the European Commission in April 2020, without committing to any formal agreement (EU Science Hub, 2020a). Therefore, in such collaboration, governments are entirely dependent on the contingent willingness – and interest – of private companies in sharing their data, and does not offer an example of scalable, sustainable and systematic data sharing practice for the public interest. As for the contract tracing apps, many countries have already launched them, but questions are open on their accuracy, security, safety, privacy and effectiveness. Despite the European Commission’s guidelines, there is no clear approach for sharing data collected by the apps yet.
At first, the Pan-European Privacy Preserving Proximity Policy (PEEP-PT) offered a centralised mechanism of data collection and processing by governments, which would have received constant streams of data from mobile phones; then a Decentralised Privacy Preserving Proximity Tracing system proposed an approach where data are stored on the mobile devices and not saved on a central server; finally Google and Apple came up with Exposure Notification System, an alternative decentralised framework for data collection (EU Science Hub, 2020a). While most countries are shifting to the Apple-Google joint system – revealing again how much governments would be dependent in potential B2G data sharing initiatives given the current data governance – there is still debate between allowing public authorities to have a more comprehensive picture through the centralised approach, and avoiding invasive forms of state surveillance through decentralised ones. Moreover, early survey results on EU citizens’ willingness to use these apps show that privacy and security concerns are diffused when personal data handling by private and public bodies is at stakes (EU Science Hub, 2020a). Therefore, a lesson from Covid-19 crisis management is that governments still need to earn trust from citizens in implementing data-related solutions and reduce their dependency on the contingent willingness of the commercial sector to engage in B2G data sharing.
Towards a systematic and sustainable B2G data sharing policy
As manifested by the efforts to manage the Covid-19 pandemic, the potential social value of the huge amount of data collected every day remains hardly extracted and redistributed because of existing gaps and barriers to establish Business to Government data sharing initiatives in the current management of data. Some of those barriers are beyond the scope of this article, such as techno-operational problems – the need of trusted cybersecurity mechanisms that prevent sensitive data leaks and inappropriate uses – or cultural barriers – the diffused incognizance in both the private and public sectors of the potential social value of data and the lack of appropriate digital skills to extract that value (European Union, 2020). This article rather focuses on three governance-related barriers which can be more easily addressed by European policymakers: issues of policy scope, essential guiding principles and political remedies to economic barriers. In fact, an effective B2G data exchange requires coordinated efforts by Member States at the EU level, as a crucial component of the European Data Strategy 2025 (European Commission 2020b).
First, policymakers should solve the lack of clarity on the very meaning of B2G data sharing, in order to define the specific scope of a potential B2G data sharing policy, with particular emphasis on which ‘Businesses’ are the supplying parties, which beneficiaries count as ‘Government’ and which relevant ‘data’ should be shared (Richter, 2020). Regarding the supplying parties, there is already an EU directive (PSI Directive, 2003, amended in 2013 and recast in 2019) recommending private companies involved in the fulfilling of public tasks to make the data generated in the course of this activity available to public authorities (Richter, 2020). Therefore, in order for the new B2G policy to avoid legislative overlapping, it should be specifically addressed to all public undertakings that are not at all linked to a public person (Richter, 2020). As for the beneficiaries, the scope of a B2G data sharing policy should be limited to the state conceived as public sector bodies only. It should not include public or participated undertakings which would otherwise illegitimately enjoy additional market advantages over fully private competitors (Richter 2020). Regarding the relevant data, B2G data sharing policy should apply to all types of data collected by private companies and civil-societies organisations, provided that each type complies with the respective existing legal framework (Richter 2020). For example, personal data should be always be shared anonymised and processed, in compliance with the European data protection law (GDPR).
Second, there should be an effort to resolve governance incoherence across policy sectors and Member States by establishing a harmonised horizontal framework at the EU level. In fact, so far private-public data sharing initiatives have been too sector-dependent and managed very heterogeneously depending on the different country-context (European Union, 2020). For example, existing public-private partnerships are mainly limited to cases of ‘data philanthropy’ in the humanitarian sector and ‘data collaboratives’ in the transport, utility and telecommunications sectors, which have been accomplished in the form of voluntary sharing regulated by contingent contractual agreements (European Union, 2020). Depending on the country context, the national legislative framework for public-private data exchange might be more or less restrictive: in France, since 2016 the Loi Lemaire gives mandate to the state to access any kind of private data and to make it available for wide re-use, while in Germany the Data Ethics Commission allows private data access only to specific public bodies for narrowly defined public uses. While preserving some degree of national and sectoral flexibility in compliance with the EU law principle of subsidiarity, a minimum level of horizontal harmonisation on essential principles is required to avoid disproportionate violation of private property, intellectual property and competition. The High-level expert group on B2G data sharing established by the European Commission recommends policymakers to draw inspiration from certain recurring principles in the acquis communitaire (European Union, 2020):
– Proportionality between the request posed to the supplying party and the intended public interest purpose
– Purpose limitation, that prevents the state to extend the use of private data beyond the specific contractual provisions of the business to government collaboration
– The ‘No harm’ principle, that requires consideration of the legitimate interests of all parties involved in the collaboration, with special attention to protection of trade secrets and other commercially sensitive information
– Non-discrimination, which requires governments to treat private undertakings that control similar datasets in a non-discriminatory way
– Transparency, requiring the supplying parties involved in the data sharing to be transparent about the quality of data in their possession and the beneficiaries to be clear about the objectives thy want to accomplish with that data
– Accountability, meaning that all parties involved should be held accountable for their practices to appropriate institutions, such as dedicated ‘data stewards’, that have a specific mandate to ensure data sharing complies with the relevant law
– Fair and ethical data use, demanding public bodies to ensure that acquired data is processed avoiding possible biases and used in an ethical, legitimate and inclusive manner, in full respect of individuals’ choice about how their data can be used.
Finally, policymakers should find coordinated solutions to redress the economic barriers that so far have halted voluntary B2G data sharing. In fact, despite the inherent nature of data as a non-rivalrous, non-excludable good that might appear costless without quality and quantity loss despite unlimited use, B2G data sharing involves some costs, on both private and public sides (European Union, 2020). On the side of data suppliers, costs are mainly represented by the uncertainty on the possible adverse effects of data sharing to the market and the impossibility to directly monetise the benefits of B2G data sharing (EU Science Hub, 2020e). Indeed, some data providers might fear that in sharing data they will lose their competitive position in the market or become subject to new regulations on their activities (EU Science Hub, 2020e). As data is an ‘experience good’ – meaning that its social value depends on the overall benefits produced for the society by the services that use the data – it is difficult for governments to establish ex ante a proper compensation for private data suppliers. On the side of data beneficiaries, there are ex ante transaction costs, such as finding suitable data suppliers and negotiating contractual arrangements, and ex post risks, such as uncertainty about the quality, usefulness and lawfulness of the acquired data.
Since data is often held by few big private companies, there is high probability of monopolistic data pricing from the data supplier, that governments cannot afford (EU Science Hub, 2020e). However, the European Commission JRC technical report on the economics of B2G data sharing suggests three political means to redress those economic barriers (EU Science Hub, 2020e). First, creating non-monetary incentives – such as tax incentives, or investment of public funds for R&D – for private companies to voluntary engage in B2G data sharing (EU Science Hub, 2020e). Second, creating dedicated intermediary figures, such as ‘data stewards’ that help reducing the transaction costs of B2G data sharing by facilitating the contract agreement and keeping all parts accountable (EU Science Hub, 2020e). Third, creating a carefully limited legislative mandate for states to demand data access when voluntary agreements are inapplicable – i.e. in monopolistic markets (EU Science Hub, 2020e).
Rethinking the role of state through classic Political Philosophy
To conclude, as a political science student I cannot help but reflect on the deeper theoretical implications of creating a B2G data sharing governance that redresses some power asymmetry on behalf of the states over the private sector. In fact, despite the High-level expert group on B2G data sharing established by the European Commission (2020) recommending precedence be given to voluntary partnerships, the dominant position in the EU seems to be creating a framework for bounded yet mandatory state access to private data for the public interest. Certain crucial Member States, such as France and Germany have already adopted such mandatory approach to B2G data sharing, even if providing for different degrees of state ‘invasiveness’. This means that the ongoing debate on B2G data sharing in Europe is implicitly questioning the role of the state in a data-based society. However, I think that some classic concepts of political philosophy might help to explicitly define this question and suggest some valuable insights.
In fact, an important strand of classic political philosophy has focused on the ‘justification of the state’, which from the Latin etymology means ‘how to do justice to the state’. The main intuition is that the state – and a particular institution or norm within the state, such as mandatory B2G data sharing – should be ‘just’ in order to legitimately exist. The most famous ‘justification’ of the state is the Hobbesian one, that actually mixes two methods of justification: the notion of common good, and the social contract (Schmidtz, 1990). Common good provides a teleological justification, as it justifies an institution in terms of what they accomplish, while the social contract gives a deontological justification, in terms of the process by which the institution itself is created. Crucial in the process of creation are the existence of constraints, such as moral principles and rights, and the role of citizens, who typically should express consent. For example, the Hobbesian state – the Leviathan – is teleologically justified because it prevents the war in the state of nature, and deontologically justified because its citizens consent to alienate their rights to it (Schmidtz, 1990).
How does this relate to mandatory B2G data sharing policy? I think that the creation of a state mandate to access private data demands some ‘justification’, and that the strongest justification for it should be a deontological one. In fact, a teleological justification would rely on the definition of ‘the public interest’ in question, which is too much a context-specific and extensible concept. A deontological justification would rather rely on two more easily identifiable components: the moral boundaries, and role of the citizens in mandatory B2G data sharing. My view is that while there has been sufficient reflection on the moral boundaries of B2G data sharing, such as the ‘essential principles’ recommended by the EU expert group, there has not been enough discussion on the role of citizens and what would count as their consent in such a governance framework. Whose consent should be looked for in order to establish a ‘just’ B2G mandatory data sharing policy? Data collectors’ consent, or data subjects’ consent? And is consent enough, or should there be more active forms of citizen involvement, such as participation in the definition of the public interests to be served by data, or incentives to data donations that bypass the Businesses, in a Citizens to Government (“C2G”?) data sharing? These questions as of yet have no answers and probably will remain unanswered in any foreseeable European B2G data sharing policy, but they hold value as they can help focus attention on the creation of a data sharing environment which is more inclusive, participatory and democratic.
Alemanno, A. (2018) Big Data for Good: Unlocking Privately-Held Data to the Benefit of the Many. European Journal of Risk Regulation, 9(2), pp.183–191.
ECDC – European Centre for Disease Prevention and Control (2020) Mobile applications in support of contact tracing for COVID-19 – A guidance for EU/EEA Member States, ECDC Europa, 10 June. Available at: https://www.ecdc.europa.eu/sites/default/files/documents/covid-19-mobile-applications-contact-tracing.pdf [Accessed on 07/09/2020].
EU Science Hub. (2020a) JRC Science for Policy Report: Artificial Intelligence and Digital Transformation: early lessons from the COVID-19 crisis. European Commission, Available at: https://publications.jrc.ec.europa.eu/repository/handle/JRC121305 [Accessed on 07/09/2020].
EU Science Hub. (2020b) JRC Technical Reports. Measuring the Impact of COVID-19 Confinement Measures on Human Mobility using Mobile Positioning Data. European Commission, Available at: https://ec.europa.eu/jrc [Accessed on 07/09/2020].
EU Science Hub. (2020c) JRC Technical Reports. How human mobility explains the initial spread of COVID-19. European Commission. Available at: https://ec.europa.eu/jrc [Accessed on 07/09/2020].
EU Science Hub. (2020d) JRC Technical Reports. Mapping Mobility Functional Areas (MFA) by using Mobile Positioning Data to Inform COVID-19 Policies. European Commission. Available at: https://ec.europa.eu/jrc [Accessed on 07/09/2020].
EU Science Hub. (2020e) JRC Technical Report. JRC Digital Economy Working Paper 2020-04. The economics of Business-to-Government data sharing. European Commission. Available at: https://ec.europa.eu/jrc [Accessed on 07/09/2020].
European Commission. (2020a) Factsheet: The European Data Strategy. European Commission, 19 February. Available at: https://ec.europa.eu/commission/presscorner/detail/en/fs_20_283 [Accessed on 07/09/2020].
European Commission. (2020b) A European Strategy for Data. Communication from the Commission to the European parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. European Commission, 19 February. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1593073685620&uri=CELEX%3A52020DC0066 [Accessed on 07/09/2020].
European Union. (2020) Towards a European strategy on business-to-government data sharing for the public interest. Final report prepared by the High-Level Expert Group on Business-to-Government Data Sharing. Brussels: European Commission.
Kitchin, R. (2014) The Data Revolution: Big Data, Open Data, Data Infrastructures and Their Consequences. Thousand Oaks, California: Sage Publications.
Lovelace, R. (2016) Review of “The Data Revolution: Big Data, Open Data, Data Infrastructures and Their Consequences”, Rob Kitchin. Journal of Regional Science, 56(4), pp. 722-723.
Richter, H. (2020) The Law and Policy of Government Access to Private Sector Data (‘B2G Data Sharing’). Max Planck Institute for Innovation and Competition, Research Paper No. 20-06.
Schmidtz, D. (1990) Justifying the State. Ethics – The University of Chicago Press Stable, 101(1), pp. 89-102.
IDRN does not take an institutional position and we encourage a diversity of opinions and perspectives in order to maximise the public good.
Ramazzotti, G. (2020) Prospects of ‘Business to Government’ data sharing in Europe: Insights from Covid-19 and political philosophy, IDRN, 24 September. Available at: https://idrn.eu/international-security/prospects-of-business-to-government-data-sharing-in-europe-insights-from-covid-19-and-political-philosophy [Accessed dd/mm/yyyy].