LeMO Researchers have published in-depth insights on legal issues that are relevant to the production of, access to, linking of and re-use of big data in the transport sector.

A new report published by LeMO project throws light on various legal issues that are currently relevant to big data in transport. This report identifies and examines various legal issues that are relevant to the production of, access to, linking of and re-use of big data in the transport sector. The report further sets the scene and introduces the concept of big data, its particular characteristics, its possible use in the transport sector, the existing policy framework, and the identified legal issues.
Moreover, the LeMO researchers examine the various identified legal issues and discuss the challenges and opportunities that may arise in this respect, coming up with notably the following findings:

  • Privacy and data protection: Some concepts, principles and obligations under data protection law appear to be problematic for the uptake of big data. In particular, the broad definition of "personal data" and "processing", the qualification of the various actors involved as (joint-)controllers or processors, the core data protection principles, the need to identify a ground for processing, the requirement to conduct data protection impact assessments, the implementation of privacy by design and by default measures, the rights of data subjects, and the requirement to put in place adequate data transfer mechanisms seem difficult to reconcile with the concept of big data.

  • (Cyber-)Security: The requirement to put in place security measures is imposed in various legislations at EU and national level, including key instruments like the GDPR and the NIS Directive. However, such legislative framework remains rather general and vague as to which specific measures are deemed appropriate. In order to comply with this requirement, organisations involved in big data analytics generally need to rely on security experts and take into account the evolving guiding documents published by authorities such as ENISA. Relying on certification mechanisms, seals, marks, and codes of conduct will enable companies complying with their legal obligations and demonstrate their compliance.

  • Breach-related obligations: The various actors of the (big) data value chain need to implement measures, procedures and policies to abide by the strict notification requirements and be prepared to provide the necessary information to the authorities, within the imposed deadlines. Such requirements will also need to be adequately reflected in the various contracts between the stakeholders involved in the chain in order to adequately address any incident that may occur.

  • Anonymisation / pseudonymisation: Anonymisation and pseudonymisation techniques generally provide fertile ground for opportunities with respect to big data applications, including in the transport sector. Nevertheless, a balance will need to be struck between, on the one hand, the aspired level of anonymisation (and its legal consequences) and, on the other hand, the desired level of predictability and utility of the big data analytics.

  • Supply of digital content and services (personal data as counter-performance): Personal data as a form of payment for the supply of digital content is an emerging reality. In this respect, the proposed EU legal framework on the supply of digital content and services will ensure an adequate level of protection for the consumer. Nevertheless, the obligations concerning data may make some current digital services inoperable. Some companies may also start to charge for digital content services that are currently free. On a wider scale the ecosystem of innovative services in the field of transport could be jeopardised.

  • Free flow of data: The free flow of data presents a scenario in which no legal barriers hinder the cross-border flow of data. Such cross-border data flows may be restricted by data localisation requirements, which come in many shapes and forms. The new EU Free Flow Regulation should ensure the free flow of data across EU Member States, ensure data availability for regulatory control by EU authorities, and encourage the creation of codes of conduct for cloud services. The elimination of data localisation requirements is expected to create more innovation, which will positively impact big data analytics in the transport sector.

  • Intellectual property in big data environment: All intellectual property rights examined may have, to some extent, an impact on the use of big data, including in the transport sector. Depending on the manner in which and the extent with which a right holder may exercise its exclusive rights attached to the intellectual property right concerned, intellectual property rights may pose a barrier to data access, interoperability, and exploitation.

  • Open data: The EU institutions have taken both legislative and non-legislative measures to encourage the uptake of open data, most notably through the PSI Directive which attempts to remove barriers to the re-use of public sector information throughout the EU. Open data is a key component of most big data applications. A proposal for a revision of the PSI Directive intends to extend the scope of application to public undertakings, including actors in the transport sector such as ports and airports, public passenger transport services by rail and by road, and air carriers and EU ship owners fulfilling public service obligations.

  • Sharing obligations: While private companies often generate huge amounts of data, they are not always prepared to voluntarily share this data outside the company. This is due to the large number of legal, commercial and technical challenges associated with private sector data sharing. In certain circumstances, private companies are therefore legally required to share their data. This Deliverable succinctly examines the body of legislation specific to the transport sector that could impact a company's control of, the access to, or the rights in data. The analysis has shown that data sharing obligations are increasingly adopted in the context of Intelligent Transport Systems.

  • Data ownership: In a big data context, different third-party entities may try to claim ownership in (parts of) a dataset, which may hinder the production of, access to, linking and re-use of big data, including in the transport sector. This Deliverable demonstrates however that the current legal framework relating to data ownership is not satisfactory. No specific ownership right subsists in data and the existing data-related rights do not respond sufficiently or adequately to the needs of the actors in the data value cycle. Up until today, the only imaginable solution is capturing the possible relationships between the various actors in contractual arrangements, i.e. data sharing agreements.

  • Data sharing agreements: It is unclear whether the common practice to use data sharing agreements to govern the access to and/or exchange of data between stakeholders in a big data analytics lifecycle enables covering all possible situations with the necessary and satisfactory legal certainty. Data sharing agreements entail numerous limitations in the absence of a comprehensive legal framework regulating numerous rights (e.g. ownership, access or exploitation rights) attached to data, the way in which such rights can be exercised, and by whom.

  • Liability: The EU institutions have looked into and continue to examine issues related to extra-contractual liability, statutory liability, and safety requirements in the context of disruptive technologies, including in the transport sector. Based on their continued efforts, it will be possible to determine whether any regulatory intervention is required. The contractual liability legal framework, which differs across the EU, may however limit the uptake of new technologies, including big data in the transport sector. The present Deliverable further looks into the relevance for big data in the transport sector of the exemption of liability for intermediaries (the so-called safe harbour regime), and the proposed liability regime for suppliers of digital content and services under the Draft Directive on the Supply of Digital Content.

  • Competition: Assessing the market conduct of companies with access to large volumes of data raises complex issues under competition law. The difficulty of the exercise is compounded by the fact that the analysis also needs to take into account data privacy and consumer protection issues that are intimately linked to the questions under competition law. The present Deliverable considers three main areas in which competition law may have an impact on the use of big data. In view of the important role of big data in the transport sector, the Deliverable discusses the competition law issues that could arise with respect to organisations belonging to the broadly-defined "transport sector".

Finally, the report proposes possible ways of moving forward to encourage the production of, access to, linking of and re-use of big data in the transport sector, with a particular focus on the EU. The several improvements suggested by this Deliverable vary between the different legal issues and range from avoiding restrictive interpretations by the relevant authorities or courts, over soft law measures (such as guidelines and codes of conduct), to regulatory intervention at EU level.

For detailed report, please see:

Deliverable D2.2 Report on Legal Issues

This Deliverable identifies and examines various legal issues that are relevant to the production of, access to, linking of and re-use of big data in the transport sector.

Chapter 2 sets the scene and introduces the concept of big data, its particular characteristics, its possible use in the transport sector, the existing policy framework, and the identified legal issues.

In Chapter 3, the authors examine the various identified legal issues and discuss the challenges and opportunities that may arise in this respect.

Finally, this deliverable introduces possible ways of moving forward to encourage the production of, access to, linking of and re-use of big data in the transport sector, with a particular focus on the EU. The several improvements suggested by this Deliverable vary between the different legal issues and range from avoiding restrictive interpretations by the relevant authorities or courts, over soft law measures (such as guidelines and codes of conduct), to regulatory intervention at EU level.

Deliverable D2.3 Report on Ethical and Social Issues

This Deliverable identifies and examines various societal and ethical issues that are relevant to the production of, access to, linking of and re-use of big data in the transport sector.
Chapter 2, on the one hand, discusses the concept of big data, its particular characteristics, and its possible use in the transport sector. On the other hand, it delves into the interaction between ethical and social issues and the ways to integrate these into the existing policy framework. In Chapter 3, the authors examine the various identified ethical and social issues and discuss the challenges and opportunities that may arise in this respect, coming up with notably the following findings:

  • Trust: Although the research in trust has already become relatively mature, the huge amount and diversity of data and data sources provides lots of new opportunities but at the same time poses many challenges for online trust, notably in the context of transportation.
  • Surveillance: Considering the role of government agencies and their increasing requests of information to the private sector for public security purposes, it appears necessary to adopt specific rules to regulate the information flow, to define the rights over data and to ensure adequate enforcement.
  • Privacy (including transparency, consent and control): The advent of the GDPR has had a considerable impact in the domains of privacy, transparency, consent and control. This strengthened legal framework is likely to respond to several ethical issues and thus improve end users' trust in the use of personal data in a big data context.
  • Free will: Although big data-driven profiling practices can limit free will, a huge part of what we know about the world comes from data analysis. Careful and appropriate information analysis can open up plenty of chances and might reduce the limitations and problems for free will.
  • Personal data ownership: This Deliverable concludes that a claim of ownership by a data subject in its personal data would be hard to sustain. Nevertheless, in a big data context, different third-party entities may try to claim ownership in (parts of) a dataset, which may hinder the use of big data, including in the transport sector.
  • Discrimination: Using big data analytics to improve business processes or provide personalised services may lead to discrimination of certain groups of people. Also, the "Digital Divide", i.e. the social differences in access to technology and education or skills to use it, may lead to data-driven discrimination.
  • Environmental: There are trade-off or rebound effects from the use of big data in transport, which limits the effect of big data exploitation or creates unintended consequences. Such trade-off or rebound effects will be further assessed in Deliverable D2.4.

Finally, the last Chapter serves as a conclusion and introduces possible ways of moving forward to encourage the production of, access to, linking of and re-use of big data in the transport sector, with a particular focus on the EU. Particularly, Chapter 4 examines whether regulatory intervention or ethics-by-design are appropriate solutions to the challenges caused by ethical and social issues in relation to big data. The conclusion is that regulatory intervention is not desirable. Instead, the authors advocate an approach whereby ethics-by-design is recognised as an EU legal principle, similarly to privacy-by-design, and is supplemented by self-regulation and soft law. Section 4.3.1 aims to provide inspiration for ethics-by-design core implementation principles to be developed further in working groups at EU level.