The Data Governance Act: – Promoting or Restricting Data Intermediaries?

Economic Benefits of Data Sharing

Data can generate economic value by carrying vast amounts of (hidden) information which can be analysed to generate insights that are useful for many business ventures (OECD, 2015, 150). In particular, Big Data analyses can uncover great amounts of new information from data which would be otherwise inaccessible. Said information can then be used to improve decision-making in order to innovate (Niebel et al., 2019) or to increase productivity (Brynjolfsson et al., 2021).

What sets data apart from many other resources is their re-usability. The great social value of data lies in their nature as non-rivalrous goods. Multiple businesses (or other organisations) can use the same data simultaneously or subsequently for their individual purposes without its value diminishing (OECD, 2015, 179; Custers & Bachlechner, 2017, 3–4). Moreover, data are considered multi-purpose inputs, i.e. useable for a multitude of different purposes, many of which cannot be anticipated ex-ante (OECD, 2015, 181). A specific dataset will often be of value not only to the business that collected the dataset but to a number of other businesses, too. Since the economic value of data can be multiplied by sharing it, data sharing is an essential prerequisite for fully realising the economic and societal value of data.

Data Sharing and the European Data Strategy

Because of its economic and societal promise, the European Commission has declared the free flow of data a priority in its Data Strategy, released in 2020 (European Commission, 2020, 4). Data availability is regarded as a prerequisite for the emergence of a competitive European data economy on par with its American and Asian rivals. In order to increase data availability for all European actors, especially businesses, the data resources that already exist in the hands of consumers, private businesses and the public sector must be put to broader use. Thus, the seamless exchange within a “genuine single market for data” is a necessary condition for boosting the European data economy and providing European businesses with access to an almost infinite amount of high-quality data (further, see Veil & Weindauer, 2022, 4 et seq).

Relying on estimates from the OECD, the European Commission assumes that an increased exchange of data between European businesses can lead to macro-economic benefits amounting from 1% to 2.5% of the European GDP (Commission, Impact Assessment Report, 9; OECD, 2019, 62–64). Moreover, the European Commission regards data sharing as a means for spreading the benefits of data and for re-shaping the competitive balance of the international data economy. Instead of having a few powerful tech-companies controlling and walling off large amounts of data, the European vision is to create an interconnected ecosystem of companies of different sizes that use their data assets collaboratively. This is all the more important given that the overwhelming majority of European companies specialising in the usage of data are start-ups and SMEs (Commission, Impact Assessment Report, 2). Improving data availability through the promotion of C2B and B2B data sharing in line with European values is vital for their ability to compete with larger and more established international competitors.

The Status Quo of Data Sharing

Although huge amounts of data are generated daily on websites and on the Internet of Things (IoT), many innovative European companies struggle to get access to sufficient levels of high-quality data. Markets for C2B and B2B data sharing are each afflicted by serious, albeit different shortcomings.

Many smaller businesses face difficulties in accessing large amounts of consumer data required for innovative purposes. Essentially, the limited availability of such data to smaller market participants boils down to two overarching developments: data concentration and data fragmentation (Schnurr, 2022, 19 et seq.). Data concentration describes the accumulation of large amounts of data by data-rich firms through their own platforms or by way of ancillary data services, thus creating data silos inaccessible to (potential) competitors and even to non-competing businesses from other sectors. Fragmentation refers to the opposite trend, i.e. the inability of smaller entities to locate and agglomerate the amounts of sufficiently detailed data from disparate sources (Id., 22)). From a consumer perspective, data concentration exacerbates information asymmetries between data subjects and (big tech) data users and is therefore considered a reason for consumers’ perceived lack of control over the disclosure of personal data (D’Amico, 2021, 27 et seq.).

B2B data markets have barely emerged so far and have played a minor role in policy debates. However, in light of its potential for the European economy and the increasing importance of the collection of IoT data by businesses from the industrial and manufacturing sectors, the European Commission has stressed the importance of B2B data sharing in its Data Strategy (European Commission, 2020, 3). Since the EU is traditionally strong in industrial sectors, this development will enlarge the data reservoirs of European companies immensely. Sharing that IoT data with innovative European businesses could offset data-related competitive advantages currently enjoyed by the leading digital platforms.

Yet, the amount of raw data currently being shared among businesses is relatively low. This seems to be due to a lack of incentives for businesses to share their data with other businesses as well as high transaction costs. In theory, sharing data can allow businesses to monetize their data in additional ways (Hartl & Ludin, 2021, 536). Yet, many companies fear that they could lose competitive advantages by sharing their data (Commission, Impact Assessment Report, 11). Moreover, the incentive of receiving monetary remuneration for sharing data rests on the assumption that functioning markets for B2B-data sharing exist. At the moment, such markets seem to be afflicted by severe information asymmetries and high transaction costs which are likely causing market failure (Commission, SWD, 11–16; Martens et al., 2020, 25–27). For example, the search costs incurred for initiating data transactions can be very high due to ex-ante information asymmetries (Commission, SWD, 15–16; Martens et al., 2020, 29). Furthermore, the legal and technical implementation of data transactions typically require considerable effort and resources (Hennemann & Von Ditfurth, 2022, 1906).

The Facilitating Role of Intermediaries on Markets

Intermediaries are generally defined as third parties which mediate between two parties and support them during the initiation and subsequent execution of transactions. One important type of intermediaries are two- or more-sided platforms (Hagiu, 2007). As their primary task, two-sided platforms enable interactions between two different user groups, e.g. suppliers and buyers, to allow them to conclude transactions with each other (matchmaking) (Evans and Schmalensee, 2011, 5). As matchmakers they can reduce the search costs for both parties to a transaction considerably. Furthermore, intermediaries are well placed to build up trust among different actors by reducing information asymmetries and governing interactions between sellers and buyers (Bailey & Bakos, 1997, 9; Richter & Slowinski, 2019, 14). Hence, their economic value lies in their ability to reduce transaction costs and to facilitate mutually beneficial and efficient transactions (Evans and Schmalensee, 2011, 10). In recent years, the enormous potential of intermediaries to facilitate markets has been demonstrated by the emergence of digital platforms such as Ebay, Uber, or Airbnb, which have been able to greatly improve existing markets or to allow new markets to emerge in the first place (Martens, 2021, 93; Montero & Finger, 2021, 138–48).

It is possible that newly emerging intermediaries could take on similarly important and successful roles on B2B data markets and help these markets take off. As two-sided digital platforms, they could serve as matchmakers by bringing together data providers and data users. Additionally, data intermediaries could address existing trust issues on data markets by screening their potential users and supervising data transactions. As providers of specialised data-services, such intermediaries could gain a high level of expertise for successfully conducting data transactions, from which their users could benefit. For example, data intermediaries could assist in simplifying and standardizing data transactions by providing legal or technical assistance (Richter & Slowinski, 2019, 15).

Types of B2B Data Intermediaries

Since the development of B2B data intermediaries has only begun and is likely to continue along a path of dynamic evolution, classifications and descriptions of data intermediaries have to be approached with some caution at this point. Nevertheless, some preliminary distinctions can be made between different types of B2B data intermediaries. In this section, the focus is placed on the two most important types of B2B data intermediaries potentially covered by the DGA: data marketplaces and industrial data platforms.

Data marketplaces correspond to the classic model of a two-sided matching platform (Koutroumpis et al., 2020, 647). On data marketplaces, data holders can offer their data to potential data users, while users can browse different data offerings to find the purpose-specific data they require. Hence, the data marketplace “Dawex Global Data Marketplace” describes itself “as a mixture of Ebay, Amazon and AirBnB for data” (European Commission, 2017, 9). Data marketplaces are typically open to an unlimited number of companies from different sectors and industries and are intended for the commercial sharing of data. In addition, most data marketplaces do not limit themselves to matchmaking services, but also assist with the legal and technical execution of data transactions. For example, Dawex helps its users anonymize data sets and supplies templates for license agreements (Id., 9).

The other important type of data intermediaries targeted by the DGA are so-called industrial data platforms (European Commission, Free flow of data, 18). Here industrial data platforms are understood as an un umbrella term including both data pools and data spaces. However, in order to avoid any confusions, it is important to note that there are currently no uniformly agreed upon definitions of these terms. Unlike with data marketplaces, the main purpose of industrial data platforms is not to function as matchmakers between data holders and users. Rather, they primarily aim at providing the technical infrastructure for companies to share data with each other as part of their broader collaboration (European Commission, 2018, 62). Data pools function in such a way that participants enter certain data into the data pool and in return receive access to the data fed into the pool by the other participants, thereby increasing the amount of data available for all of the participants (Wernick et al., 2020, 74). In contrast, data spaces (not to be confused with the Common European Data Spaces) are not primarily intended for the pooling of data. Instead, they serve as the fast and secure infrastructure for individual data exchanges among their users (European Commission, 2018, 62). Industrial data platforms exist as open or closed models. In the case of open platforms, participation is open to all companies that meet certain criteria. Closed platforms, on the other hand, restrict participation to certain companies, e.g. to suppliers and customers of the platform operator. Since industrial data platforms usually serve as infrastructures for project-specific collaboration, their participants typically come from the same sector or industry. One example is Airbus’ Skywise platform, which enables the exchange of data between airlines, Airbus and its suppliers in order to improve aircraft maintenance – among other things (Mitty, 2020).

Other forms of B2B-data intermediaries are so-called data cooperatives and data brokers. Data cooperatives store and aggregate data for their users, which tend to be small businesses from specific sectors, and enable them to manage their data in a self-determined and informed manner (Jouanjean et al., 2020, 15–17). Data brokers are the most established and commercially successful type of data intermediary. Unlike data marketplaces or industrial data platforms, they do not assist businesses in sharing their data directly with other businesses. Instead, they collect and aggregate data from a wide range of sources (including businesses) and then sell the aggregated data to third parties. (OECD, 2019, 37).

C2B Data Intermediaries (Data Trusts)

In line with the goals of the EU Data Strategy, data trusts promise to empower individuals on a granular level with control over what happens to “their” data (Commission, Data Strategy, 20). By offering a safeguarded environment, these intermediaries have the potential to bridge the gap between realizing individual privacy preferences and enjoying the benefits in using data-driven services (Specht et al., 2021, 26). In other words, their role can be framed as strengthening or even re-capturing information self-determination where unwieldy processing operations along complex data value chains have further entrenched information overload and decision fatigue (Kühling et al., 2020, 11; World Economic Forum, 2022, 24). Moreover, data trusts are supposed to help make more consumer data accessible to businesses by increasing trust in C2B data sharing arrangements (Richter, 2021, 642; Godel & Natraj, 2019, 8–9). While this section only considers Personal Information Management Systems (PIMS) and data escrow arrangements, further variations of C2B data trusts do exist.

Just like other types of trusts, data trusts owe certain fiduciary duties to their users. Specifically, the trustee has to act in the best interest of beneficiaries when exercising rights and making decisions on their behalf (Ada Lovelace Institute and UK AI Council, 2021, 19–23). From a data protection angle, declaring consent and invoking the rights of access, erasure, rectification, and portability (Art. 15 et seq. GDPR) on behalf of data subjects fall within this notion. It should be noted however that the crucial question, i.e., whether it is permissible under the GDPR for data subjects to delegate these decisions to third-party fiduciaries is far from being a settled one (on consent, cf. the requirements under Art. Seven GDPR; Kühling et al., 2020, 14–18). And yet, PIMS are starting to live up to the task, an example being the Solid Project with its decentralised personal data stores and the provision of compatible applications (Id.; World Economic Forum, 2022, 32). In addition to the management of rights under the GDPR, other objectives set for PIMS, which translate to corresponding fiduciary duties of loyalty, can involve negotiation and dispute resolution with data controllers or supplying anonymization and pseudonymization layers for personal data (World Economic Forum, 2022, 10). Rather than realising rights and privacy preferences, data trusts may also assist in managing access to sensible datasets. Data escrow contracts to that end rely on data trusts as neutral and independent intermediaries who do not have to submit to directions by either party and thereby ensure the disclosure of personal data only for the agreed-upon purposes (ALI-ELI Principles, Principle 14).

Risks of Relying on Intermediaries

Although the value of intermediaries for facilitating markets can be enormous, intermediaries can also pose certain risks for their users and competition at large. Due to their roles as dual agents working for both parties to a transaction, intermediaries are often afflicted by structural conflicts of interest (Montero & Finger, 2021, 216–8). In some cases, intermediaries have incentives to initiate transactions that are more favourable to themselves than to their clients. Because of their informational and positional advantages over the parties to a transaction, intermediaries are then able to pursue their own advantages to the detriment of their clients (Judge, 2015).

While the risks presented by intermediaries are not new, they have become more serious with the arrival of digital platforms. The nature of two-sided digital markets as well as the central roles taken on by platforms in organising markets have contributed to the emergence of dominant market positions for some digital platforms. Given their tendencies to vertical and even horizontal integration, conflicts of interest are even more prevalent for digital platforms than for traditional intermediaries. Moreover, their control of important market institutions has given the operators of such platforms the ability to shape markets to a degree unimaginable for traditional intermediaries. At the moment, no data intermediary is close to achieving the market power enjoyed by the largest digital platforms such as Amazon, Google or Facebook. Nevertheless, because the DGA is clearly inspired by the experiences made by competition authorities with these powerful platforms (Baloup et al., 2021, 26), it is useful to briefly examine the risks posed by them.

Platform markets tend to be characterised by market concentration and the emergence of market power. These developments are mainly caused by strong positive network effects and large economies of scale which incentivise and enable digital platforms to grow at an enormous speed (Crémer et al., 2019, 19–24; Stigler Center, 2019, 34–40). Due to positive network effects, a platform’s attractiveness to users increases as its user base grows, which in turn further drives platform growth. As self-reinforcing network effects keep increasing the attractiveness of the largest platform, smaller competitors struggle to keep up. Furthermore, digital platforms benefit from data-related economies of scope (Stigler Center, 2019, 37). Most digital platforms are constantly expanding into new areas, which allows them to collect large amounts of data from different domains and provides them with competitive advantages based on the analysis of data. This is one reason why digital platforms tend to form conglomerates by expanding both horizontally and vertically into new markets (Parker et al., 2020, 6).

Additionally, creating an interconnected ecosystem of products and services offered in different markets allows conglomerates to entrench their positions in the different markets they serve (Crémer et al., 2019, 34). Most importantly, they do so by creating lock-in effects: platform users will refrain from switching to another provider for one service if it involves forgoing the benefits of a variety of complementary services. The power enjoyed by digital platforms is further increased by their informational superiority vis-à-vis their users and their ability to set the rules governing user interactions (Crémer et al., 2019, 60; Dolata, 2019). As operators of market infrastructures, platforms collect extensive information on the functioning of the underlying markets and are then able to shape the rules for market organization to suit their own interests.

Digital platforms can abuse their power to the detriment of their users and competitors by foreclosing markets, aggressively expanding their market power and competing with their own users. Foreclosure practices can be targeted both at inter-platform and intra-platform competition. Strategies aimed at foreclosing platform markets include the conclusion of exclusive contracts with business users as well as the creation of lock-in effects for their users by artificially raising their users’ costs for switching to or multi-homing on other platforms (Stigler Center, 2019, 72). Vertically integrated digital platforms may have incentives to harm intra-platform competition by denying access to or discriminating against third-party companies operating on the platform. If the platform operator competes with third-party providers on its own platform and wishes to retain particularly lucrative sales opportunities for itself, it may have an incentive to do so (Khan, 2017, 780–3). A more nuanced variant of this type of behaviour can be seen in the ‘self-preferencing’ utilised by platform operators (Crémer et al., 2019, 66): as operators of central market infrastructures, platform operators can use their rule-setting ability to direct search queries to their own offers or to place their offers in a particularly prominent position. In some cases, self-preferencing is also used by platform operators to expand into new business fields by competing with their own users. In these instances, self-preferencing serves the purpose of leveraging the platform’s market power onto another market (Id.). Another prevalent strategy towards the same end involves the bundling or tying of different (complementary) services (Bourreau & de Streel, 2019, 14–18).

Goals of Introducing Regulation for Data Intermediaries

Although data intermediaries are expected to play a key role in the data economy by facilitating data sharing, they have not been able to do so due to a lack of user uptake. According to the European Commission, the inability of data intermediaries to scale up is caused by a lack of trust (Commission, Impact Assessment Report, 12). By promoting trust in data intermediaries (cf. Recitals 5, 32 DGA), the DGA is supposed to help these services acquire larger user bases, thus supporting their development. This, in turn, will enable them to realize their potential for the data economy by lowering transaction costs, improving the availability of data for businesses and other organizations in the EU, and empowering consumers.

The attempt to regulate intermediaries in order to support the viability of their business models by increasing their trustworthiness is not without precedent, one prominent example being the regulation of stock exchanges. ¹ Since trust issues stemming from their potential conflicts of interest are common for all types of intermediaries (Montero & Finger, 2021, 216–8), regulation can be necessary to create the required level of trust among users. For vertically integrated intermediaries, these issues are even more pressing as there are additional conflicts of interest arising out of their dual position of being both service providers and direct competitors for their users. Regulation can establish user trust towards the intermediary by prohibiting certain forms of behaviour that result from conflicts of interest and that are to the detriment of users.

The European Commission assumes that a lack of user trust is the main reason for the difficulties encountered by data intermediation services when attempting to build a sufficient user base. This assumption is based on the widely acknowledged importance of trust for successful data sharing in general and trust issues surrounding digital platforms (Commission, Impact Assessment Report, 10, 12, 25; Richter, 2021, 644). While the assumption is not implausible, there is currently no actual empirical evidence that the low uptake of data intermediation services is specifically caused by a lack of trust towards them. It seems equally likely that the technical, legal and other obstacles that slow down data sharing in general also explain the inability of data intermediaries to scale up (Koutroumpis et al., 2020, 654).

Building and strengthening trust in data intermediaries is a key concern of the DGA in order to promote such services. According to the European legislator, the provision of data intermediation services is a desirable economic activity that should therefore be encouraged (cf. Recital 27; Commission, SWD, 20, 25). Given data intermediaries’ current lack of commercial success, it is somewhat surprising that the DGA contains no provisions to directly incentivize the provision of such services (Hartl & Ludin, 2021, 537). Thus, the potential success of the DGA crucially rests on two factors: the veracity of the claim that a lack of trust has been the main reason stifling the development of data intermediaries, and the regulation’s ability to promote the required levels of trust in data intermediaries.

Although the promotion of trust is put forth as the main reason for regulating data intermediaries, the DGA is to simultaneously ensure that the provision of data intermediation services will take place in a competitive environment (Recital 33). To this end, certain anti-competitive practices employed by major digital platforms shall be prohibited ex-ante on data intermediation markets (Commission, SWD, 26). One reason for banning these practices is to strengthen trust in data intermediaries by prohibiting behaviour that potentially harms users. However, some obligations go beyond this objective and are designed to protect competition at large. Specifically, the limitations imposed by Art. 12 (a) and (e) DGA on the scope of services, that can be offered by data intermediation services to their users, cannot be explained by the rationale of strengthening user-trust. Rather, they are designed to limit vertical and horizontal integration by data intermediation services, as firms operating in multiple markets could use such forms of integration to raise entry barriers for potential competitors (see below).

Given the novelty of data intermediaries and the small size of their markets, it is surprising that the European legislator considers it necessary to intervene in these markets already. Yet, the early regulation of data intermediaries is likely motivated by experience with large digital platforms and the expectation that data intermediaries will occupy an important position within the European data economy. In that regard, the Commission appears to be especially worried by large digital platforms such as Google or Amazon (AWS Data Exchange) entering into the markets for data intermediation services (Commission, SWD, 16–7). Similarly, the Commission recognizes the potential competition issues that could arise from the operation of data platforms by powerful industry players like Siemens, MAN, or Airbus (Id., 10). The swift implementation of ex-ante regulation could prevent competitive risks from materialising on these newly emerging markets in the future. Ensuring competitive markets is especially important if data intermediaries will eventually evolve into central infrastructures for data markets.

For these reasons, the DGA appears to be designed to protect competition along three different but related dimensions: first, the DGA is designed to protect data holders and data users from certain vertical abuses that could be imposed on them by data intermediaries, if the latter hold significant market power. Most importantly, data intermediation services providers are banned from using data provided by data holders for their own commercial purposes (Art. 12 (a) DGA) and are required to offer access to their services under fair, transparent and non-discriminatory conditions (Art. 12 (f) DGA). The obligations targeting vertical forms of behaviour are crucial for ensuring user trust in data intermediaries. In addition, the European legislator appears to be worried by threats to competition on markets for data intermediation services posed by the entrance of powerful digital conglomerates on those markets, such as Alphabet (Google) or Amazon. By expanding both vertically and horizontally, digital conglomerates can profit from economies of scope, build powerful ecosystems and mutually strengthen their positions on all markets served by them (Parker et al., 2020, 6; Stigler Center, 2019, 71). The DGA targets conglomerate effects by legally unbundling data intermediation services from other corporate entities and by restricting vertical and horizontal integration with other (data-related) services, such as cloud services or data analytics (Art. 12 (a), (b) and (e)).

Finally, horizontal competition between different data intermediation services provides shall be protected by ensuring users’ ability to switch services, thereby preventing the emergence of entry barriers on the market for these services. This objective is primarily pursued by rules limiting the vertical or horizontal integration of data intermediaries with other data-related services (Art. 12 (a) and (e) DGA), prohibiting the bundling of services (Art. 12 (b) DGA), prescribing multi-homing (Art. 12 (f) DGA) and requiring providers to implement the necessary measures for ensuring interoperability of their data intermediation services with those of other providers (Art. 12 (i) DGA).

It is important to clarify the way in which these rules could promote horizontal competition on emerging markets for data intermediation services. Since the value of platforms as intermediaries is highly dependent on the network effects and economies of scale they can generate, and these effects in turn require a very large platform scale, concentration is a prevalent feature of evolved platform markets (Montero & Finger, 2021, 207). Consequently, it is likely that mature markets for data intermediaries will also be highly concentrated. Given the importance of network effects for the scaling up of data intermediaries, it is not to be expected that the ex-ante regulation imposed by the DGA can prevent market concentration in the long-term. This is not necessarily a bad thing. Large platforms benefiting from strong network effects and large economies of scale can provide the most value to their users. Yet, at the same time, their size and market position can enable them to foreclose markets for competitors. By restricting the integration of data intermediation services as well as the use of leveraging practices and by ensuring switching and multi-homing on markets for these services, the DGA can protect dynamic competition in two important ways: initially, the DGA can limit first mover advantages, thereby strengthening competition for the emerging market. Once the market has evolved, the DGA can contribute to the contestability of the market by reducing entry barriers. ²

Applicability: The Scope of the DGA

Determining the scope of application of the DGA is of great practical importance. Only data intermediaries covered by Art. 10 DGA are subject to the numerous obligations imposed by the DGA (Richter, 2021, 649). Art. 10 DGA generally covers data intermediaries that facilitate B2B (a) or C2B (b) data sharing as well as data cooperatives (c). However, as will be seen, Art. 10 DGA only targets certain types of such data intermediaries and leaves some leeway to avoid the applicability of the regulation. Furthermore, it is important to note that providers of data intermediation services already in operation on 23 June 2022 are given a 2-year grace period under Art. 37 DGA. They will have to comply with the DGA only by 24 September 2025.

According to Art. 10 (a) DGA, intermediation services between data holders (Art. 2 (8) DGA) and potential data users (Art. 2 (9) DGA) shall comply with the rules set out in Art. 11, 12 DGA. Under the definition in Art. 2 (11) DGA, a data intermediation service is a “a service which aims to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means (…)”.

In order to be classified as a provider of data intermediation services, providers must therefore play an active role in establishing direct commercial relationships between businesses. As Recital 28 DGA clarifies, it is not sufficient to merely provide the technical tools for data sharing without the aim to establish or gather information on commercial relationships between data holders and users. For example, providing an Application Programming Interface (API) for sharing data with businesses does not in itself amount to providing a data intermediation service, nor does the provision of cloud storage, web browsing or email services. Rather, data intermediaries must actively assist in the establishment of (direct) commercial relationships for the purposes of data sharing through technical, legal or other means. In other words, data intermediaries must act as matchmakers by connecting data holders and data users with each other, thereby initiating data transactions. Thus, data marketplaces are typically covered by the definition of Art. 2 (11) DGA (cf. Recital 28 DGA). Open industrial data platforms can fall under the definition of Art. 2 (11) DGA, if they assist in the establishment of commercial relationships and do not merely assist with the technical aspects of data sharing. Data intermediaries that do not establish direct relations between data holders and data users – which prominently includes data brokers – are in any case excluded from the scope of the DGA (Art. 2 (11) (a) DGA with Recital 28).

In addition, it is necessary for a data intermediary to aim at establishing relations between an undetermined number of data holders and users. Hence, the DGA does not cover closed services which are only available to a single data holder or to a pre-selected group of businesses (Art. 2 (11) (c) DGA with Recital 28). Closed industrial data platforms that are only open to a pre-selected group of companies are also excluded. However, data intermediaries that require their users to fulfil certain conditions for accessing their services should also be included, provided that those conditions can be met by an indeterminate number of businesses. For example, a data marketplace targeted only at sharing mobility data should still be covered by the definition, because they are open to any business interested in offering or acquiring such data. Art. 2 (11) (b) and (d) DGA set out further exceptions to the applicability of the DGA. While the former exempts intermediaries that focus on the intermediation of copyright-protected content, the latter applies to public-sector bodies that do not seek to establish commercial relationships (cf. Recital 29 DGA). Finally, Art. 15 DGA deems the regime non-applicable to recognised data altruism organisations which do not establish commercial relationships.

Despite a formal definition and important clarifications regarding the concept of data intermediation services having been added to the DGA in the legislative process, the notion remains somewhat vague and open-ended. To a certain degree, this is probably intended by the legislator in order to accommodate possible future developments on the novel market for data intermediaries. However, as data is nowadays shared between businesses in the course of many types of commercial relationships, Art. 2 (11) DGA could be read to include the intermediation of such commercial relationships which, among other more important purposes, coincidentally also aim at the exchange of data. In order to avoid an overinclusive application of the DGA, it should be construed to apply only to the establishment of those commercial relationships, whose main purpose is – as originally highlighted in the Commission Proposal – the sharing of data (Hennemann & Von Ditfurth, 2022, 1908).

Pursuant to Art. 10 (a) DGA, providers of technical or other means for enabling data intermediation services are themselves considered data intermediaries under the DGA. Evidently, Art. 10 (a) DGA targets technical enablers which specialise in supplying the technical infrastructures for the operation of data marketplaces and industrial data platforms. One example could be Nallian, whose cloud-based platform for data exchange is used for the BruCloud data space operated by Brussels Airport. Importantly, according to Recital 28 DGA, such technical enablers only fall within the scope of the regulation if the provision of such tools is either aimed at establishing a commercial relationship or allows them to acquire information on the establishment of commercial relationships. Thus, ordinary cloud services, data sharing software, web browsers or email services are not covered by the regulation.

By referencing the GDPR, Art. 10 (b) explicitly addresses C2B intermediaries concerned with the management of data subjects’ rights, thus covering PIMS and related services. In this regard, Recital 30 singles out the management of declarations of consent under the GDPR and touches upon selected functions of personal data spaces, namely the storing of verified identity information and their assistance in preventing fraud and misuse of personal data. Relatedly, Art. 10 (c) DGA integrates services of data cooperatives (as defined in Art. 2 (15) DGA) into the realm of data intermediation services covered by the regulation. On this point, the legislator appears to have chosen a peculiar definition of data cooperatives, transplanting the concept of rights management from data subjects to commercial undertakings. Only time will tell if this barely established type of data intermediary will evolve accordingly in the future.

Notification and Ex-post Monitoring

The enforcement of the DGA follows a decentral approach. Each Member State is required pursuant to Art. 13 (1) DGA to designate one or more authorities responsible for carrying out the notification procedure and enforcing the DGA’s rules within their jurisdiction.

Providers of data intermediation services are required by Art. 11 (1)–(2) DGA to submit a notification to the competent authority of the member state in which they have their (main) establishment. This requirement also applies to data intermediaries which are not established in the EU as long as they offer their services within the EU. Pursuant to Art. 11 (3) DGA, international data intermediaries are required to designate a legal representative in one of the Member States where they intend to offer their services, thus emulating the criterion of targeting users within the Union as introduced by Art. 3 (2) (a) GDPR (Hennemann & Von Ditfurth, 2022, 1907; cf. Recital 42). Furthermore, the notification system is designed as a one-stop-shop: pursuant to Art. 11 (5) DGA, providers are entitled to offer their data intermediation services in all member states once they have notified the competent authority under Art. 11 (1)–(3) DGA. Importantly, it is neither required nor intended that the providers of data intermediation services are to be approved by the competent authority before taking up their services. According to Art. 11 (4) DGA, they can begin offering their services as soon as they have submitted a notification to the competent authority. If they want to, providers of data intermediation services can request, pursuant to Art. 11 (9) DGA, that the competent authority shall confirm their compliance with the conditions set out in Art. 11 and 12 DGA. This option can provide them with a high level of certainty that their respective business models are in line with the DGA.

Once they have taken up their services, providers of data intermediation services are required to follow the conditions for offering such services imposed on them by Art. 12 DGA. According to Art. 14 (1) DGA, the competent authorities of the member states monitor the providers’ compliance with the notification procedures and the conditions for providing data intermediation services after they have taken up their services. Hence, the DGA relies on ex-post monitoring (Richter, 2021, 648). The approach of combining a notification procedure with ex-post monitoring and enforcement was chosen as a compromise combining the virtues of low-intensity and the high-intensity alternatives originally considered for regulating data intermediaries (cf. Recital 38; Commission, Proposal, 5). However, the approach finally chosen by the Commission could be less effective in building user trust than a system of ex-ante authorisation because the legality of data intermediation services is not checked by the competent authorities before they are allowed to take up their services. Potential users of such services have to rely on the threat of sanctions to provide sufficient incentives for providers to comply with the rules of DGA.

Neutrality

The neutrality of data intermediation services is a key concept underlying the regulatory approach chosen by the EU. The principle of neutrality can be found in a number of obligations, most importantly in Art. 12 (a) DGA. It reflects the DGA’s goal of setting up a “European way of data governance” (Recital 32 DGA) envisioning a separation in the data economy between data provision, intermediation and use. Ensuring the neutrality of data intermediation services providers shall increase trust in their services (cf. Recital 33 DGA). As will be seen, the requirement of neutrality follows the objective of avoiding conflicts of interests for providers of data intermediation services. Such issues have arisen for vertically integrated platforms which simultaneously provide services to their users and compete with them on other markets (Graef & Gellert, 2021, 12; Baloup et al., 2021, 31). Furthermore, the requirement of neutrality shall prevent user lock-in in order to safeguard a competitive environment for data intermediation services.

A number of obligations regulate in what way and for what purposes data intermediation services may handle and use the data provided to them by data holders or data subjects. First and foremost, Art. 12 (a) DGA requires data intermediaries to refrain from using the data for which they provide data intermediation services for purposes other than to put them at the disposal of data users. This has far-reaching implications for the provision of such services. For one, providers of data intermediation services are prohibited from analysing and using the data shared by data holders for their own (or any other) purposes (cf. Recital 33). As data holders often do not share their data for fear of later misappropriation, this provision is intended to increase their trust in sharing their data via intermediaries by forbidding these intermediaries to use the data themselves or to share it with third parties.

Art. 12 (a) is further supplemented by Art. 12 (c) DGA, which holds that data collected in connection with any activity of a natural or legal person for the purpose of providing data intermediation service shall be used only for the development of that data intermediation service. Art. 12 (c) DGA effectively prohibits the use of certain kinds of meta-data for other purposes than improving intermediation services. Both Art. 12 (a) and (c) DGA are aimed at increasing trust and ensuring fair competition by addressing the use of data, which has been an issue with regards to the leading digital platforms. The purpose limitation imposed on data intermediaries in relation to the data and meta-data acquired by data holders and data subjects is clearly influenced by experiences with vertically integrated platforms. Such platforms gather huge amounts of data about the activities of their users (Crémer et al., 2019, 68; Dolata, 2019) and use that data in some instances to start competing with their own users (Khan, 2017, 780–3). Art. 12 (a) and (c) DGA ensure that the providers of data information services can use neither the data obtained from their users nor the data collected by themselves to their users’ disadvantage, thus avoiding conflicts of interest.

Furthermore, Art. 12 (a) DGA limits the scope of services that providers of data intermediation services can offer to their users. Service providers may not use the data for other purposes than putting them at the disposal of their users. This implies that they are generally not allowed to offer any additional data-related services to their users. This prohibition cannot be explained by the objective of promoting user trust. Rather, it seems to be motivated by competition concerns. More specifically, the separation of data intermediation services and other data-related services is designed to prevent the integration of data intermediation services with other services such as cloud services or data analysis services. Although vertical or horizontal integration driven by economies of scope can allow platforms to offer more attractive services users, it can also raise entry barriers for potential competitors. Integrated Platforms can more effectively bind users to their ecosystem, thus making it harder for them to switch to competing services. By isolating data intermediation services from other services, the DGA attempts to keep their market positions contestable and avoid user lock-in.

However, an exception to this strict purpose limitation can be found in Art. 12 (e) DGA. Under this provision, data intermediaries may offer such data-related services, whose purpose it is to facilitate the exchange of data. For example, data intermediation service providers can assist their users with the anonymisation of data (cf. Recital 32 DGA). This exception is sensible, as an important part of the value that data intermediaries provide to their users could lie in their ability to facilitate the technical implementation of data transactions by making available their superior expertise to their users (Hennemann & Von Ditfurth, 2022, 1908).

In addition to Art. 12 (a), Art. 12 (d) DGA holds that a provider of data intermediation services shall principally facilitate the exchange of the data in the format in which it is received from a data subject or a data holder. The data intermediary is not allowed to change the data format used by the data holder themselves, thus ensuring its neutrality (Richter, 2021, 654). The rationale behind Art. 12 (d) DGA is to prevent service providers from imposing their own data standards on their users. Introducing their own data formats could result in a lock-in for their users by complicating their switching to other data intermediation service providers that do not use the same data format. In this way, Art. 12 (d) DGA is intended to protect both data holders and users as well as competition at large. As an exception to this rule, data format conversion is permitted in some instances where it is necessary to promote interoperability (see below).

Legal Unbundling

It is important to note that the conditions set out in Art. 12 DGA only apply to the data intermediation services offered by a company and not to any other of its data-related services (cf. Recital 28; Hennemann & Von Ditfurth, 2022, 1909). This implies that such services may still be provided by entities belonging to the same corporate group as the data intermediation service. It is only the data for which a company or any of its subsidiaries provides data intermediation services that falls under the purpose limitations imposed by Art. 12 (a), (b) and (d) DGA. In order to make sure that data, for which intermediation services are provided, is not used for other purposes, the neutrality obligations regarding the handling and use of data by data intermediaries are supported by a requirement for the structural separation of data intermediation services from other units of the same company.

Pursuant to Art. 12 (a) DGA, providers of data intermediation services shall provide these services through a separate legal person. This provision effectively requires the legal unbundling of data intermediation services from other entities of the company, as known from the regulation of traditional network industries. The structural separation shall ensure that data or other insights gained from the provision of data intermediation services cannot be used for other activities pursued by the parent company or other affiliated companies. Like the obligations limiting the purposes for which data can be used by services providers, the requirement of structural obligation is meant to prevent the use of data and information by the services providers against the interests of their users (cf. Recital 33; Graef & Gellert, 2021, 10).

Structurally separating data intermediation services from other entities belonging to the same corporate group shall reduce information exchange between the different entities and shall provide data information services with a certain degree of independence towards their affiliates. However, Art. 12 (a) DGA requires no functional unbundling. Thus, the parent company can still exert a decisive influence on the data intermediation service. Besides, companies offering a range of data-related services, including data intermediation services, can continue to do so. However, the data for which data intermediation services are provided may not be used for any of the other data-related services by affiliated entities. Furthermore, other (data-related) services may not be provided through the legal entity of the data intermediation service.

Ban on Tying and Bundling Practices

Art. 12 (b) DGA further contributes to the separation of data intermediation services from other services provided by the same corporate group. It does so by prohibiting providers from making the commercial terms, including pricing, for the provision of data intermediation services dependent on whether the data holder or data user uses other services provided by the same data intermediation services provider or by a related entity. Thus, the user of a data intermediation service may not receive more favourable conditions than other users simply because they also use other services of that same corporate group. Essentially, providers of data intermediation services are hereby prohibited from bundling or tying these services with other services provided by them or their affiliates. This ban on tying and bundling is likely motivated by the anti-competitive uses of such practices by large digital platforms. Although bundling and tying practices are not considered problematic in all cases from an economic efficiency point of view, there is a growing concern about the way digital conglomerates use these practices to foreclose competition on new markets (Bourreau & de Streel, 2019, 14–8). In particular, bundling or tying practices can be used by companies to leverage their market power from the market for one service to the market for another service by weakening competition on the latter market (Elhauge, 2009, 413). It is widely assumed that the characteristics of digital markets, such as the presence of network effects and economies of scale and scope, lend themselves especially well to the employment of such leveraging strategies (Bourreau & de Streel, 2019, 15).

Reacting to the novelty of markets for data intermediation services, Art. 12 (b) DGA is designed to prevent the leveraging of market power from a market for other services onto the market for data intermediation services. For example, a provider of cloud services cannot tie the provision of its cloud services to the use of its data intermediation services. Thus, Art. 12 (b) DGA can contribute to keeping the market for data intermediation services contestable by preventing established providers of other data-related services, such as Amazon or Google, from leveraging their existing market power onto the market for data intermediation services. As envisioned by the DGA, positions on the market for such services shall be solely determined by the quality of the services provided on that market. Established (international) players shall not profit from competitive advantages based on their ecosystems. This gives European start-ups a chance to enter this niche of the data economy successfully. In addition, Art. 12 (b) can help prevent user lock-in caused by the bundling of services by ensuring that switching remains attractive for data holders and data users because they cannot be nudged or forced to use complementary data-related services from the same provider. However, imposing a blanket ban on bundling and tying practices risks preventing economically desirable behaviour in some instances (Hennemann & Von Ditfurth, 2022, 1909). Given the fact that even data intermediation services with little or no market power are bound by Art. 12 (b) DGA, the necessity of a general prohibition of bundling and tying practices can be questioned.

Interoperability and Standardisation

The DGA contains provisions aimed at promoting interoperability and common standards with regard to data formats and with regard to the data intermediation services themselves. The promotion of interoperability and common standards pursues two objectives: interoperability and standardisation are necessary to facilitate data sharing within and across sectors and they can protect competition by preventing user lock-in.

As already seen, Art. 12 (d) DGA requires providers of data intermediation services to conduct the exchange of the data in the format in which they receive it from a data subject or a data holder. This shall prevent service providers from imposing their own data standards on their users which could lead to user lock-in. However, as an exception to this rule, the conversion of data formats is permitted if it improves interoperability, is requested by the parties to the data transaction, or is necessary to comply with international or European standards. In these instances, data holders and data subjects have the right to refuse conversion. Alternatively, format conversion can be mandated by Union law. In those cases, data holders and data subjects cannot refuse conversion. Overall, Art. 12 (d) DGA supports the conversion and standardisation of data formats where they improve the re-usability of the data and thus facilitate the sharing of data by data holders and data subjects.

Relatedly, Art. 12 (i) DGA’s objective is to improve the interoperability between data intermediation services. According to this provision, the services providers shall take appropriate measures to ensure interoperability with other data intermediation services, i.e. by using common and open standards. A high level of interoperability shall ensure “the proper functioning of the internal market” (Recital 34). Users shall be put in a position to switch effortlessly between competing data intermediaries. This should ensure that providers of data intermediation services compete on the merits of their services. In the future, the necessary measures for ensuring interoperability shall be devised by the European Data Innovation Board (cf. Recital 34, Art. 30 DGA).

Conditions for Fair and Transparent Access

Building on the requirements for neutrality, data intermediaries are required under Art. 12 (f) DGA to adhere to procedures for access to their services that are fair, transparent and non-discriminatory to users, including with regards to prices and terms of service. Similar obligations have a long tradition in the regulation of traditional network industries (Montero & Finger, 2021, 247). Providers of data intermediation services are prohibited from treating their users disparately without justification. In terms of access to their service, the prohibition on discrimination can prevent possible distortions of competition and market foreclosures, for example where access to an industry-specific data platform is indispensable for market entrants to compete effectively on a specific market. Thus, Art. 12 (f) DGA addresses the ‘gatekeeper’ position of data intermediation services. In their role as gatekeepers operating important market structures, powerful platforms, such as app-stores or online marketplaces, have control over important sales channels. In the past, this has led to conflicts of interest for platform operators competing with some of their own users for the provision of products or services. In these cases, platform operators have both the incentive and ability to exclude third party providers from their platforms or to otherwise disadvantage them (Stigler Center, 2019, 74). The fairness requirement of Art. 12 (f) DGA prevents these potential abuses of gatekeeper positions by forbidding data intermediaries to exclude their users from their services without objective justification. Moreover, Art. 12 (f) DGA should be understood to protect the ability of users to use multiple data intermediation services offered by different providers simultaneously (multi-homing), because exclusivity clauses imposed by providers on their users should be considered as unfair.

Importantly, the prohibition of disparate treatments regarding user conditions limits the ability of services providers to employ certain forms of self-preferencing. Since Art. 12 (f) DGA only extends to access conditions, including terms of service, it cannot be understood to impose an obligation of search neutrality on services providers, according to which all data offers must be treated equally in user searches. Thus, preferred product placements or other paid prioritisations do not appear to be forbidden per se. However, Art. 12 (f) DGA does require providers to treat users equally with regards to the commercial terms of their services. If paid prioritisations are in principle offered by a provider, they must be offered to all users under the same conditions. It is not permissible for a data intermediary to offer such advantages only to affiliates or other companies to which it has close economic ties. Consequently, self-preferencing by favouring data offerings of affiliated data holders to the detriment of other data holders is prohibited. However, data intermediation services providers can still implement forms of ‘pure secondary line differentiation’ (Graef, 2019, 453), whereby they engage in differentiated treatment among non-affiliated data holders, as long as preferential treatments are offered transparently to all data holders.

Additionally, the prohibition on setting discriminatory prices and conditions can protect smaller companies such as start-ups and SME (cf. Recital 2, 27 DGA), which are in relatively weak bargaining positions and more likely to receive unfavourable conditions. This is crucial because it is precisely for these smaller businesses that data intermediation services could become important gateways for accessing the data required for their innovative business models. To achieve the necessary transparency of their procedures for access to their services, Art. 12 (f) DGA is to be read so that providers have to disclose their prices and other conditions to prospective users, who are then empowered to select the provider with the most appealing conditions for their purposes. The resulting market transparency is intended to promote competition on prices and conditions between data intermediaries (Richter, 2021, 656).

Enforcement Responsibilities of Data Intermediaries?

An issue surrounding digital platforms that has ultimately resulted in the adoption of Directive (EU) 2019/790 and the proposal of the Digital Services Act is the question whether and to what extent platform operators are responsible for illegal activities of their users. For a long time, platform operators have profited from legal exemptions for illegal user behaviour of the eCommerce Directive. According to Art. 12–15 of that Directive, liability for user content is placed on online service providers only in certain cases, e.g. if they have knowledge of illegal content or have failed to remove such content in a timely manner. New legislation is beginning to adapt this rather lenient approach for digital platforms with the introduction of more stringent obligations. For data intermediation services, the DGA introduces a potentially far-reaching responsibility for user activities. Pursuant to Art. 12 (j) DGA, services providers are required to put in place adequate technical, legal and organisational measures in order to prevent unlawful transfers of non-personal data. Essentially, they are obligated to monitor data transactions of their users for violations of applicable laws and regulations and to prevent illegal data transactions. Providers are to assume responsibilities as “first-line enforcers” of the law (Graef & Gellert, 2021, 12). This could potentially place a heavy regulatory burden on data intermediaries. In the absence of guidance on the matter, providers might have to check every data transaction for, inter alia, violations of trade secrets, competition law and criminal law. If interpreted more leniently by focusing on the ‘adequacy’ of measures, it could be sufficient to implement mechanisms for reporting legal violations by third parties and procedures for the exclusion of users. Helpful insights might be gained from methods of implementing similar rules on digital platforms (e.g. the implementation of Art. 17 Directive (EU) 2019/790). Pursuant to Art. 12 (g) DGA, providers of data intermediation services are also required to have in place procedures for preventing fraudulent or abusive practices. Thus, they will have to screen potential users of their services for reliability to at least some degree, thereby promoting trust among the userbase.

Obligations under Competition Law and Data Protection Law

As is evident from Art. 1 (3)–(4) DGA and Recitals 35, 37, and 60, the DGA is without prejudice to the application of competition law and the GDPR which apply alongside it. Data intermediaries are therefore required to comply with existing rules on competition and data protection set at the Union level and in the Member States. Due to the legal uncertainties in these areas of law with regard to the exchange of data, the resulting regulatory burden is considerable (Graef & Gellert, 2021, 15). In particular, the GDPR has proven a major obstacle for the sharing of data.

Critical Evaluation

In light of the regulatory framework imposed on data intermediaries, the DGA can be characterised as regulation which, just like the Digital Markets Act or the Digital Services Act, is shaped by the risks posed by intermediaries and especially dominant digital platforms. Thus, it is not surprising that there are certain similarities between the approaches chosen for the DGA and the Digital Markets Act. Furthermore, it appears that some of the provisions implemented in the DGA, such as those regarding neutrality, interoperability, structural separation as well as fair and transparent access conditions, are inspired by typical approaches known from the regulation of traditional network industries. In this final section, the DGA’s suitability for ensuring that the provision of data intermediation services takes place in a competitive environment will be evaluated. Subsequently, some critical questions will be raised regarding the appropriateness of the DGA at this point in time.

The DGA as Platform Regulation

Many of the behavioural obligations introduced by the DGA are targeted at preventing certain types of practices detrimental to competition which have previously been observed in relation to large digital platforms. Therefore, it is not surprising that the DGA shows some structural similarities to the Digital Markets Act.

Like the Digital Markets Act (cf. (Schweitzer, 2021, 530–8), the DGA is departing from some of the key principles of traditional competition law and is taking on elements known from the regulation of network industries: instead of relying on an ex-post review of conduct based on general and flexible standards (Art. 102 TFEU), data intermediaries are regulated ex-ante (but monitored ex-post) by way of specific behavioural obligations. Because of the inflexible nature of these pre-imposed obligations, the peculiarities of individual cases, such as pro-competitive effects of a specific practice, cannot be accommodated by the DGA. Furthermore, the legislator is pursuing a “one size fits all” approach in its regulation of data intermediation services. All providers of such services are captured by the DGA regardless of their size and market power. Unlike the Digital Markets Act, the application of the DGA does not require the meeting of certain turnover and user thresholds. Thus, even very small providers of data sharing services are covered by the DGA. Consequently, the regulatory approach chosen for the DGA is both strict and far-reaching (Baloup et al., 2021, 36; Hennemann & Von Ditfurth, 2022, 1910).

The departure from key principles of competition law in itself is not necessarily objectionable. In fact, there are convincing arguments for complementing traditional competition law with an ex-ante regulatory framework in order to effectively and appropriately manage the competitive risks posed by (powerful) digital platforms (Parker et al., 2020, 17; Montero & Finger, 2021, 203–64). According to Parker et al., regulatory intervention into platform markets should be aimed at achieving three objectives: firstly, it should not decrease the value created by a platform. In particular, network effects should not be reduced. Secondly, fair and transparent values should govern the platform in order to distribute the value created fairly among market participants. As a result, innovation incentives shall apply not only to the platform operator himself, but shall be ‘diffused’ between all platform participants (see also Ezrachi & Stucke, 2022, 38). Lastly, regulation should ensure dynamic efficiency by preventing platform operators to implement anticompetitive strategies against market entrants and other (potential) competitors (Parker et al., 2020, 17).

The DGA appears to be reasonably well-suited to further the latter two objectives to some extent. First of all, the DGA contains provisions to ensure the transparent and non-discriminatory treatment of their users by data intermediation services. Both transparency and the principle of non-discrimination are important for creating a level playing field on a platform (Parker et al., 2020, 20). To that aim, Art. 12 (f) DGA addresses the potential gatekeeper position of data intermediaries by requiring them to implement fair, transparent and non-discriminatory conditions regarding both access to their services and the commercial conditions of their services. Consequently, certain forms of vertical abuses typical for digital platforms are prohibited ex-ante: data intermediaries cannot discriminate among users unless they are objectively justified to do so. Specifically, they are not allowed to treat affiliated users more favourably than other users. Because access conditions have to be fair with regards to prices, it is not permissible for data intermediation services to impose excessive prices on their users. Fair access procedures further imply that providers can only exclude users from their data intermediation services, if they have objective reasons for doing so. Overall, these rules should enable all data holders and users to participate in the economic value created by data intermediation services. As a result, they should also contribute to strengthen users' trust in data service providers.

Furthermore, the DGA includes a number of provisions targeted at ensuring dynamic efficiency and competition between data intermediaries. In this regard, Parker et al. stress the importance of enabling multi-homing and switching by users (Parker et al., 2020, 20). The goal of avoiding user lock-in and facilitating multi-homing is most evidently reflected in Art. 12 (i) DGA, according to which providers of data intermediation services are required to ensure interoperability with other data intermediation services by using common and open standards. Moreover, by prohibiting exclusivity clauses Art. 12 (f) DGA protects the ability of users to engage in multihoming. In order to prevent user lock-in, data intermediation services are also restricted in the scope of additional services they can offer to their users (Art. 12 (a) and (e) DGA) and are prohibited from introducing their own standards for data formats (Art. 12 (d) DGA). These measures are further complemented by Art. 12 (b) DGA, which is intended to keep providers of data intermediation services from bundling or tying their services with other services provided by them or their affiliates. This provision ensures that switching remains easy for data holders and data users, because they cannot be forced or nudged to enter the ecosystem of data-related services offered by the data intermediary and its affiliates. In effect, the DGA isolates data intermediation services from other services offered by the same corporate group in order to mitigate conflicts of interests, ensure uninhibited switching of users and keep markets for the provision of data intermediation services open.

However, the strict measures imposed on data intermediation services in order to protect competition could turn out to severely limit the potential value that could be created by data intermediation services. By vertically unbundling data intermediation services from other (data-related) services and restricting the use of data generated by data intermediaries (Art. 12 (a) and (c) DGA), the DGA restrains their ability to capture economies of scope. Data intermediaries are prohibited from combining data generated by different services in order to gain valuable insights that could raise the quality of their (data intermediation) services. The resulting reduction in quality will lower their value to users. Moreover, by preventing the integration of data intermediation services with other related services, such as data analytics, the DGA could prevent the emergence of integrated services that may provide a lot of additional value to their users. Due to its stringency and rigidity, the framework of the DGA prohibits practices without exceptions, even if they are pro-competitive and efficient in many cases. This will likely reduce the value data intermediation services can provide to their users. Another concern relates to the DGA’s likely impact on data intermediaries’ opportunities to differentiate their services from one another. The requirement to use common standards (Art. 12 (i) DGA) and the prohibition on integrating multiple data-related services (Art. 12 (a) DGA) could limit the scope and variety of services offered, thereby restricting users’ choice to a relatively homogeneous range of services. Overall, the DGA limits the possible business forms and market structures that could emerge in the market for data intermediation services at a time when relatively little is known about the needs of market participants.

In conclusion, the regulatory approach chosen for the DGA may be able to prevent many of the vertical and horizontal risks to competition associated with digital platforms. Yet, at the same time it could keep data intermediation services from fully unlocking their potential as much-needed matchmakers on markets for data sharing. Thus, there appears to be a certain tension between the DGA’s approach to protecting horizontal and vertical competition and its objective of promoting the scaling up of data intermediaries. By focusing on the potential risks rather than the potential benefits of data intermediation services, the DGA takes on a cautious approach. In this vein, it is noteworthy that the DGA imposes very stringent obligations on organisations that are both young and lack significant (or any) market power. The scope and the intensity of the regulatory framework can be compared to that of the Digital Markets Act (Baloup et al., 2021, 32–6). However, unlike the DGA, the Digital Markets Act targets very powerful digital gatekeepers, which are influential on many markets. Ultimately, the decision to implement an ex-ante regulatory framework for data intermediaries at this juncture demonstrates a certain pessimism of the legislator regarding the future development of the markets for data intermediation services. In light of recent experiences with powerful digital platforms, the reluctance to let markets for data intermediation services develop organically is understandable to some degree. Proactive regulation could prevent the emergence of dominant data intermediaries and other undesirable market developments at an early stage. Nevertheless, it is likely that lawmakers overshot their mark, thereby limiting the potential of data intermediaries too severely.

Unintended Consequences of the DGA

Regulating barely emerging markets at a very early stage can prevent unwanted developments ex-ante, but it also comes with significant drawbacks. In particular, the legislator faces an information problem. Neither are the current technological and economical barriers facing data intermediaries well understood, nor is it apparent which types of data intermediaries will eventually succeed on the market (Richter, 2021, 546). The lack of information on future market developments increases the risk of introducing provisions that will later turn out to be ill-suited to promote their goals. For these and other reasons, the DGA poses a certain risk of stifling rather than promoting markets for data intermediation services in Europe. In particular, the DGA could increase the regulatory burden for data intermediaries and restrict innovation and experimentation.

It is easy to see how the DGA can increase compliance costs for data intermediaries, thereby decreasing the incentives for providing such services (Hartl & Ludin, 2021, 537). Compliance with the obligations set out in Art. 11–12 DGA will tie up financial and human resources. Providers may also be required to reorganise their corporate structure. Furthermore, the DGA will likely increase legal uncertainties already faced by data intermediaries as it adds to an already highly complex legal framework for data-related activities (Graef & Gellert, 2021, 15). It will be up to practitioners to find ways to reconcile different pieces of legislation with each other. From a legal point of view, it is unfortunate that many of the DGA’s rules lack clarity and fail to provide clear guidance on how to comply with the regulation. For example, it is left open which concrete measures have to be taken according to Art. 12 (j) DGA in order to prevent unlawful data transfers. Art. 12 (h) DGA presents an even more striking example of this issue: how are data intermediaries supposed to ensure the continuity of their services in the event of insolvency, when according to the insolvency laws of most member states the legal authority to decide about the continuation of a business is transferred to a liquidator or insolvency administrator once insolvency proceedings have begun? These issues are further complicated by the fact that services providers will be monitored simultaneously – and potentially assessed differently – by data protection authorities, competition authorities and the competent authorities under Art. 13 DGA. Ensuring compliance with a highly demanding and difficult legal framework will place a disproportionate burden on SME and start-ups – the very types of businesses the DGA is supposed to promote.

It is also to be feared that the DGA will stifle innovation on the market for data intermediation. By imposing a narrow framework, the DGA limits the options for permissible business models and activities that can be pursued by data intermediaries. This may prevent new and dynamic business models from emerging and force existing ones to change their individualised services. Most importantly, the DGA prohibits the integrated provision of data sharing with many other data-related services, such as data analytics. Whether a combination of different services will meet the needs of users better than the separation of services as envisioned by the DGA cannot be predicted at this time. The business restrictions imposed on data intermediaries are unfortunate considering the fact that markets for data intermediation services are still at an early stage, where a high level of business experimentation should be encouraged. Consequently, the DGA could supress not only negative but also positive developments in the markets for data intermediation.

While the DGA undoubtedly places substantial burdens on data intermediaries, it is highly uncertain whether the DGA’s ability to create user trust can outweigh these burdens and achieve the regulation’s goal of promoting data intermediaries. In light of these issues, it is possible that the alternative of a voluntary certification framework for data intermediation services, as it was chosen for data altruism organisations (Art. 16–25 DGA), would have presented a more fitting and less intrusive option for regulating such services (Specht et al., 2021, 32). In that scenario, data intermediaries could voluntarily obtain a certificate showing that their business model is in line with pre-specified requirements. The competition between certified and non-certified services providers could have shown whether the (self-imposed) requirements are suited to significantly increase the trustworthiness of certified providers compared with non-certified providers (Hennemann & Von Ditfurth, 2022, 1910). Although this low-intensity alternative for regulating data intermediation markets is not suitable to prevent undesirable market developments, it could have presented the legislator with the opportunity to gather further insights into markets for data intermediaries during a transitional period before introducing more intrusive regulation.