A Short Commentary on Business-to-Business Data Sharing Aspects of the Communication from the Commission, 'Data Union Strategy: Unlocking Data for Artificial Intelligence'

Recently, the European Commission (EC) unveiled its data strategy to unlock data for artificial intelligence (AI)[1] and the Digital Omnibus Package[2], sparking interesting debates. Over the past few years, I have been evaluating the EU's data strategy in detail, as well as how various regulations such as intellectual property (IP) law, contract law, competition law, the Digital Markets Act (DMA)[3], the Data Act[4] and the Data Governance Act (DGA)[5] could be leveraged to promote business-to-business (B2B) data sharing for the specific purpose of AI development. Indeed, there is currently a lot of hype around AI technology, and the EU is falling behind in the race to develop it. I am not going to delve into the definition of AI (a topic that also lends itself to much discussion), but rather mention that there are various techniques for developing it. The technique that is currently in the spotlight is machine learning (ML), which uses examples of inputs to identify patterns and apply the gained knowledge to new data. Therefore, large and high-quality datasets are needed for training, testing, evaluating and deploying ML models (although I would invite you to take a look at the debate surrounding the model vs. data-centric approach).[6] In this post, I will briefly present a few of the issues that have been reported to hinder B2B data sharing in the European Union (EU), some of the conclusions I drew during my doctoral studies, and I will briefly comment on the strategy presented by the EC relating to the B2B data sharing scenario.

Barriers to business-to-business data sharing and the current legal framework

Let's start with a brief overview of the economic characteristics of data. Data are heterogeneous and non-rivalrous. There are discussions about whether they are non-excludable or partially excludable, as well as whether they are public goods, quasi-public goods, or neither. Furthermore, if a large amount of data is required for ML projects, and different complementary datasets need to be processed, economies of scale and scope become relevant. While wide access to data seems desirable, it is worth bearing in mind that collecting data, creating high-quality datasets and sharing them is expensive, so companies may be reluctant and need a trigger.[7]

According to some studies, some B2B data sharing is already taking place. Companies are said to only share a small part of the data they hold, mainly within the industry in which they operate, so the potential of data remains untapped.[8] The barriers that have been identified in B2B data sharing are legal, organisational and technological. In terms of legal barriers, data holders face challenges regarding compliance with data privacy legislation, uncertainty about the rights that companies hold over data and how to enforce them, and how to create data pools in compliance with competition law. Meanwhile, companies that seek data access complain that data holders deny it to them, that the contractual conditions that regulate access and re-use are restrictive, that bargaining power is unequal, that there are doubts about the liability regime in certain use cases and that legal advice costs are high. In terms of organisational barriers, data holders claim that they do not share data due to a lack of awareness of how to do so legally, the benefits and business strategies, and a lack of trust, which leads to a fear of losing control over data and a competitive advantage. Some companies do not reuse data from third parties because of the high cost of the process, or because the relevant datasets are unavailable or are produced internally. Lastly, technical barriers include a lack of infrastructure, data interoperability, and measures related to storage and cybersecurity.[9]

As a jurist, my thesis focused primarily on the legal aspects. Data sharing requires a clear legal framework in which companies can operate, and once the legal issues have been resolved, some of the organisational and technical barriers may be alleviated. The EC has been working on building a European data space since 2014.[10] It has claimed that its main objective is to promote voluntary data sharing.[11] One of the EC's priorities has been to create appropriate infrastructure and data governance frameworks for developing European data spaces in strategic economic sectors and domains of public interest that are meant to be interconnected, and in which participation is voluntary.[12] Furthermore, since 2018, the EC has issued non-binding guidance for B2B data sharing, setting out principles to which the parties must adhere to ensure fairness in contractual relations, and establishing the Support Center for Data Sharing.[13] The EC has stated that it “deliberately abstains from overly detailed, heavy-handed ex-ante regulation and will prefer an agile approach to governance that favours experimentation, interaction and differentiation”.[14] Nonetheless, it has also warned that it “will continue to assess whether principles and possible codes of conduct are sufficient to maintain fair and open markets, address the situation and, if necessary, take appropriate action”.[15]

The EU legislator has passed sectoral legislation in certain fields where market failures have been identified.[16] It has also issued the DMA, which aims to ensure competitive and fair markets in the digital sector[17], and the Data Act, which seeks to stimulate the development of IoT-related products and services, innovation in aftermarkets, and the development of novel services.[18] Additionally, it has imposed new obligations on data intermediation services in the DGA.

Some of my conclusions

The European legal framework is complex, so it's no surprise that different parties are voicing their concerns. It's like a puzzle whose pieces are difficult to fit together. Furthermore, the puzzle itself could be improved. Let's look at why.[19]

Data holders have sufficient rights to protect their interests. While there is no property right over data, many data points and datasets are protected by copyright or the sui generis database right. I believe that the EU's copyright framework is overly complex and poses significant challenges, but I will refer you to my posts on this topic in the “Intellectual Property Rights” section for further discussion. Regarding the sui generis right of databases, the eternal debate continues over whether data are created and therefore not protected, or obtained, verified and presented. The EU legislator has attempted to 'clarify' this issue with regard to raw, machine-generated data in Art. 43 Data Act. Nevertheless, this 'clarification' raises more questions. It is also unclear whether training datasets are eligible for protection (although I would argue that they are), and what constitutes an infringement under the Court of Justice of the European Union (CJEU)'s CV-Latvia test.[20] Under certain conditions, datasets can also be protected by Trade Secrets (TSs). Still, some of the concepts in the TS Directive[21] remain obscure in the absence of rulings from the CJEU. Furthermore, when none of these rights apply, companies can resort to contracts and Technical Protection Measures (TPMs), although the scope of protection and available remedies differ. To mitigate the aforementioned fear of losing control over data held by data controllers — especially when their exclusivity over the data is based on contractual rights — some propose waiving the principle of privity of contract under certain circumstances.[22] I disagree with this approach. To promote B2B data sharing, I would argue that a more efficient course of action would be to rethink the copyright framework, adopt guidelines to clarify certain aspects of the Database[23] and TS Directives, regulate the interaction of these with other sectoral or horizontal legal frameworks that foresee the adoption of data access/sharing obligations, and establish a robust procedural framework. Additionally, the adoption of various model contractual clauses or comprehensive data-sharing agreements, as well as the introduction of rules by Art. 13 Data Act, which control the unfairness of unilaterally imposed contractual terms regarding access to and use of data, are welcomed. However, Art. 13 Data Act must be applied with caution, and currently, there is no clear benchmark to assess the unfairness of diverse clauses. That said, the EC has already published the final version of its standard contractual clauses and non-binding contract templates for data access, use, and cloud services.[24] The ALI-ELI principles could also be helpful in this respect. All of these measures could help reduce information asymmetries and unequal bargaining power. Despite this, if data holders do not want to share their data, little can be done. This is where competition law, the DMA and the Data Act come into play.

Much has been debated lately about whether large companies that accumulate huge amounts of data and refuse to share them can be compelled to do so as a remedy for abusing a dominant position, in accordance with the essential facilities doctrine (EFD). My answer is that this is unlikely. Claiming the indispensable nature of data is tricky. Furthermore, the data holder must be active in the downstream market for the EFD to apply. Still, the EFD could be invoked when individual-level data or a combination of individual-level and aggregated data are required to provide complementary services or compete in primary or secondary markets in which the data holder operates. However, when datasets are sought to train algorithms for purposes unrelated to the data holder's business, the EFD test would not be met. Caution should be exercised to avoid relaxing the test too much in order to encompass this last scenario, given the costs involved in collecting, pre-processing and sharing data. Moreover, competition law processes are lengthy and monitoring data sharing obligations can be challenging. This is why it may be necessary to introduce data sharing/access obligations in ex-ante regulation in the event of market failures. I am not going to discuss whether there was sufficient economic justification for implementing the data sharing obligations set out in the DMA and the Data Act. What I do want to emphasise is that Art. 6(9) DMA covers individual-level end user data, while Art. 6(10) DMA covers individual-level data of business users and bundles of individual-level user data. Therefore, these obligations are not extensive enough to encourage widespread access to the various types of data that other companies need to develop AI systems. Art. 6(11) DMA could encourage this type of access in the search engine market. However, there are still some questions regarding how the implementation of such obligations aligns with the GDPR.[25] I also see many controversial points regarding the Data Act, such as the scope of its data-sharing obligations, rights allocation, and the non-compete clause. In any case, in relation to AI, again, the DA only encompasses obligations concerning individual-level data. The aggregated data required for AI development is controlled by data holders, but under the Data Act, users can limit how these data are used and shared. It is theoretically possible under Art. 6(9)(10) DMA and the Data Act for multiple users to grant third parties access to data for further monetisation in an aggregated form. Despite this, transaction costs remain high. Notwithstanding, in my thesis, I argued that imposing more extensive obligations on gatekeepers and data holders is not the way forward. A significant economic analysis is necessary before taking this step. Furthermore, some issues need to be clarified, such as the definition of personal data, the legal basis under the GDPR for sharing and receiving data, and how to strike the right balance between IP and TS protection and data-sharing obligations. To promote access to aggregated datasets, the EC and competent authorities could also issue informal guidance on setting up data pools in accordance with Art. 101 TFEU and the GDPR. Furthermore, the role of data intermediaries should be supported, which is something that the DGA unfortunately does not do. This is because its material scope leaves room for interpretation and contemplates one-size-fits-all obligations in terms of, for instance, neutrality that are overly strict and do not necessarily lead to greater trust among stakeholders. In fact, they could lead to greater market concentration in the DIS sector, which is precisely what the DGA aims to avoid.

Data Union Strategy: Unlocking Data for Artificial Intelligence

In its communication, the EC indicates that the goal is to move “from rules to results”.[26] It recognises that, although the EU had laid strong foundations for the creation of a secure, interoperable single market for data via pivotal legislation such as the Data Act, and had invested in the Common European Data Spaces, it is currently struggling with data scarcity for AI development and mounting geopolitical competition, where data is rapidly becoming viewed as a strategic asset.[27] The EC acknowledges that the value of data remains unleashed in the EU, “also due to a complex patchwork of data rules, while global competitors move faster to exploit it for technological and industrial advantage”.[28] Indeed, as we mentioned earlier, the regulatory puzzle in the field of data in the EU is hard to navigate. Against this background and building upon the 2020 European data strategy[29], the EC proposes a new strategy based on three pillars to address three main challenges: data scarcity, regulatory complexity, and rising global competition.[30] These pillars are:

• Scaling up access to quality data for AI and innovation.

The CE emphasises the importance of infrastructure for sharing and utilising data. It recognises that the EU already has a solid basis in the form of the European data spaces, the governance frameworks it has developed and its investments in cloud and computing technologies. The challenge now is to “move from pilot projects and fragmented initiatives to seamless, interoperable and sustainable data ecosystems”.[31] As mentioned at the beginning of this post, the ultimate goal is to create an interconnected digital ecosystem, although this will take time. To this end, the plan is to expand the existing European data spaces and link them to AI infrastructure. This will be achieved through data labs and AI factories.[32] Data labs are described as “specialised facilities linking data holders, common European data spaces, domain-specific data ecosystems, and the EU AI ecosystem”.[33] They will support different stakeholders in safely sharing and using data. Moreover, they are expected to provide services such as data pooling, curation, labelling and pseudonymisation, as well as to facilitate the development of various governance and licensing models. This will all rely on decentralised and privacy-preserving techniques while ensuring the confidentiality of information. Initially, data labs will be established in certain areas under the AI Factories Initiative, although more are expected to be set up in other domains, powered by the introduction of AI Gigafactories.[34] The EC indicates that the data labs will assist businesses in ensuring compliance with EU competition law when sharing and pooling data. Drawing on the 2023 Horizontal Guidelines on cooperation agreements, the EC will issue best practice guidance and tailored guidance for individual data labs following a request under the Informal Guidance Notice.[35] This is certainly a positive development and is in line with the findings expressed in the previous section. It is also expected that the data labs will support businesses by providing tailored regulatory advice on EU law, training for AI developers on their legal obligations and practical assistance with pseudonymisation, anonymisation, synthetic data generation, labelling and vectorisation.[36] As well as providing technical infrastructure and tools, the data labs are also expected to connect SMEs with the relevant datasets they need.[37]

The EC also plans to provide further funding for common European data spaces, prioritising sectors of public interest, and to promote standardisation, interoperability, and co-investment frameworks.[38] It should be noted in this regard that interoperability across initiatives relies on Simpl cloud middleware.[39] Furthermore, the EC will propose a cloud and AI development plan for 2026.[40] The EC will also develop guidance and standards for the use of synthetic data, evaluate related legal issues, and assess the possibility of creating a “synthetic data factory”.[41] Furthermore, it will promote standardisation for “European data quality” and practices such as the annotation and labelling of data.[42]

• Streaming data rules.

The EC maintains that the EU's data framework must remain “clear, practical and innovation-friendly”.[43] To this end, it is presenting the Digital Omnibus, which aims to “modernise and consolidate the EU's horizontal data acquis”, among other things.[44] The EC itself recognises that the legal framework in this area is complex and fragmented, and that simplification is needed.[45] Regulations such as the Data Act, the DGA and the AI Act are fairly recent. Given this, wouldn't it have been better to wait a little longer before issuing some obligations? I'll just throw that thought out there. I am not going to conduct a detailed analysis of the Digital Omnibus, although the topic is promising. For now, I will just touch on some of its main points.

The Digital Omnibus first aims to delete outdated rules, such as those set out in the Free Flow of Non-Personal Data Regulation, which is already covered by the Data Act. However, the prohibition of localisation requirements and the principle of the free movement of non-personal data both remain.[46]

It also seeks to streamline data-sharing rules by repealing the DGA and incorporating its key provisions into the Data Act. In this regard, the EC recognises the need to clarify the definition of data intermediation service (DIS) providers and proposes replacing the current compulsory registration regime with a voluntary one.[47] This is consistent with the conclusions I defended in my doctoral thesis. It remains to be seen how other rules, such as those concerning the European Data Innovation Board or data altruism organisations, will be integrated into the Data Act, the initial scope of which differs considerably from that which is now being proposed. It is also unclear whether this move will truly resolve the problems identified with the rigid architecture of the DGA's institutional framework.[48]

The Digital Omnibus also envisages developing an “innovation-friendly privacy framework” and modernising rules for cookies and similar technologies.[49] This involves clarifying the notion of personal data, harmonising the circumstances and methods of data protection impact assessments, simplifying information obligations and data breach notifications, and clarifying the provisions on automated individual decision-making. It also establishes that legitimate interest can, under certain circumstances, be a legal basis for training AI.[50] Some believe that these measures could undermine the protection of personal data in the EU. As stated above, clarifying the concept of personal data and taking a risk-based approach is positive, as these are issues that cause significant concern when sharing data. But if the Digital Omnibus's proposed definition is too lax and goes beyond the test elucidated by the CJEU in EDPS v. SRB, that is a topic for discussion — I will leave it for another post. Regarding legitimate interest, the clarification is pertinent. For an analysis of this topic, I recommend reading the post “Legitimate interest as a legal basis for processing personal data when developing and deploying artificial intelligence”.

Proposed changes to the Data Act include providing greater protection against TSs leaking to third countries when complying with data sharing obligations, making the rules for customised cloud services more flexible, eliminating unnecessary provisions (such as those relating to smart contracts for exercising data rights) and creating the category of 'mid-caps', which would be granted certain exceptions originally designed for SMEs.[51] The EC also plans to launch a package of support measures to facilitate implementation of the Data Act. These measures include model contractual terms for data sharing, guidelines on reasonable compensation, guidance on certain definitions and the establishment of a Data Act legal helpdesk. Standard contractual clauses for cloud services are also planned.[52] On top of this, the EC will unveil a one-click compliance initiative. This initiative involves investing in technologies to automate compliance checks, enabled by the European Business Wallet Regulation.[53] In theory, this sounds good. Let's see what it means in practice.

• Safeguarding the EU´s data sovereignty through a strategic international data policy.

The EC states that the EU “must retain control over how data is accessed, used and protected within its territory and abroad”.[54] While third-country actors have access to European data, European companies face barriers when trying to access data in those countries. Therefore, the EC is seeking to protect sensitive non-personal datasets and promote cooperation with trusted partners. The most imminent measures in this respect are the issuance of guidance to assess the fair treatment of EU data abroad and the creation of a toolbox to address unjustified localisation, exclusion, weak safeguards, and data leakage, in addition to specifying measures to protect the aforementioned datasets.[55]

If I have sparked your interest in this topic and you would like to find out more, here are some references:

• Aplin, Tanya / Radauer, Alfred / Bader, Martin A. / Searle, Nicola: `The Role of EU Trade Secrets Law in the Data Economy: An Empirical Analysis´ (2023) 54 IIC 826,858.

• Bruzzone, Ginevra / Debackere, Koenraad: `As Open as Possible, as Closed as Needed: Challenges of the EU Strategy for Data´ (2021) LVI (1) les Nouvelles - Journal of the Licensing Executives Society 41,49.

• Carovano, Gabriele / Finck, Michéle: `Regulating data intermediaries: the impact of the Data Governance Act on the EU´s data economy´ (2023) 50 Computer Law and Security Review 1, 18.

• Colangelo, Giuseppe/ Maggiolino, Mariateresa: ‘Big Data as Misleading Facilities’ (2017) <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2978465>.

• Drexl, Josef: `Designing Competitive Markets for Industrial Data – Between Propertisation and Access´ (2017) 8 JIPITEC 257, 292.

• González Otero, Begoña: ‘Evaluating the EC Private Data Sharing Principles Setting a Mantra for Artificial Intelligence Nirvana?’ (2019) 10 JIPITEC 66,84.

• Hennemann, Moritz / Ebner, Gordian / Karsten, Benedikt / Lienemann, Gregor / Wienroeder, Marie: Data Act – An Introduction (Nomos, 2024).

• Hillmer, Katharina: Daten als Rohstoffe und Entwicklungstreiber für selbstlernende Systeme. Zum Regulierungsbedürfnis von Innovationshemmnissen durch Datennetzwerkeffekte (Nomos, 2021).

• Kerber, Wolfgang: `Governance of IoT Data: Why the EU Data Act Will not Fulfill Its Objectives´(2023) 72(2) GRUR International 120, 135.

• Leistner, Matthias / Antoine, Lucie / Sagstetter, Thomas: Big Data (Mohr Siebeck, 2021).

• López-Tarruella Martínez, Aurelio: Propiedad Intelectual e Innovación Basada en los Datos (Dykinson, 2021).

• Minero Alejandre, Gemma: `Data mining, sui generis right and aggregators. Some reflections after the judgment of the Court of Justice of the European Union in case CV-Online Latvia v Melons´ (2022) 39 Anuales de la Facultad de Derecho 63,72.

• Otto, Boris / ten Hompel, Michael / Wrobel, Stefan (eds.): Designing Data Spaces. The Ecosystem Approach to Competitive Advantage ( 2022, Springer).

• Schweitzer, Heike / Metzger, Axel / Blind, Knut / Richter, Heiko / Niebel, Crispin / Gutmann, Frederik: `Data access and sharing in Germany and in the EU: Towards a coherent legal framework for the emerging data economy. A legal, economic and competition policy angle´ (2022) <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4270272>.

• Tombal, Thomas: Imposing Data Sharing Obligations among Private Actors, A Tale of Evolving Balances (Wolters Kluwer, 2022).

• von Ditfurth, Lukas: Datenmärkte, Datenintermediäre und der Data Governance Act, Eine Analyse der europäischen Regulierung von B2B-Datenvermittlungsdiensten (De Gruyter, 2024).
  

[1] Communication from the Commission to the European Parliament and the Council `Data Union Strategy Unlocking Data for AI´ COM(2025) 835 final.

[2] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679, (EU) 2018/1724, (EU) 2018/1725, (EU) 2023/2854 and Directives 2002/58/EC, (EU) 2022/2555 and (EU) 2022/2557 as regards the simplification of the digital legislative framework, and repealing Regulations (EU) 2018/1807, (EU) 2019/1150, (EU) 2022/868, and Directive (EU) 2019/1024 (Digital Omnibus) {SWD(2025) 836 final}.

[3] Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828.

[4] Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828.

[5] Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724.

[6] Andrew Ng, `A Chat with Andrew on MLOps: `From Model-centric to Data-centric AI´ (Youtube, 2021)<https://www.youtube.com/watch?v=06-AZXmwHjo>.

[7] See Ginevra Bruzzone and Koenraad Debackere, `As Open as Possible, as Closed as Needed: Challenges of the EU Strategy for Data´ (2021) LVI (1) les Nouvelles; Bertin Martens, `The impact of data access regimes on artificial intelligence and machine learning´ (2018) <https://ec.europa.eu/jrc/sites/jrcsh/files/jrc114990.pdf>; Christian Reimsbach-Kounatze,`Enhancing access to and sharing of data: Striking the balance between openness and control over data´, in German Federal Ministry of Justice and Consumer Protection and Max Planck Institute for Innovation and Competition (eds.) Data Access, Consumer Interests and Public Welfare (Nomos, 2021).

[8] Catarina Arnaut, Marta Pont et al. (n. 180) 35, 36; EC, `Outcome of the online consultation of the Data Act´ (2022)<https://digital-strategy.ec.europa.eu/en/library/public-consultation-data-act-summary-report>

[9] See Sebastiaan van der Peijl, Emily Denny et al., `Study to support an Impact Assessment on enhancing the use of data in Europe´ (2022) <https://www.researchgate.net/publication/358802003_Study_to_support_an_Impact_Assessment_on_enhancing_the_use_of_data_in_Europe>; European Round Table for Industry (ERT), `Expert Paper B2BData Sharing´(2021) <https://ert.eu/documents/ert-expert-paper-b2b-data-sharing/> Guido Lobrano, Patrick Grant, Heiko Willems and Peter Bräutigam, `Legal Issues of Digitalisation in Europe´ (2017) <https://www.businesseurope.eu/sites/buseur/files/media/reports_and_studies/2017-09-29_legal_issues_of_digitalisation_in_europe.pdf>; Catarina Arnaut, Marta Pont et.al., `Study on data sharing between companies in Europe´ (2018) <https://op.europa.eu/en/publication-detail/-/publication/8b8776ff-4834-11e8-be1d-01aa75ed71a1/language-en>.

[10] Communication from the Commission, `Towards a thriving data-driven economy´, COM/2014/0442 final; Communication from the Commission, `A Digital Single Market Strategy for Europe´, COM (2015)192final,14, 15.

[11] Communication from The Commission, ‘Towards A Common European Data Space’, COM (2018) 232 final 6, 10.

[12] Communication from The Commission (n. 11); Commission Staff Working Document on Common European Data Spaces, SWD (2022) 45 final.

[13] See the Support Centre for Data Sharing website: <https://eudatasharing.eu/>.

[14] Commission Staff Working Document, Impact Assessment Report Accompanying the document Proposal for a Regulation of the European Parliament and the Council on European data governance (Data Governance Act) SWD (2020) 295 final, 11, 12.

[15] Communication from The Commission (n. 11).

[16] Art. 13(10) Regulation (EU) 2018/858 of 30 May 2018on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicle; Art. 40 Commission Regulation (EU) 2017/1485 of 2 August 2017 establishing a guideline on electricity transmission system operation; Art. 23 Directive 2019/944 of 5 June 2019 on common rules for the internal market for electricity; and Arts. 66 and 67 Directive (EU) 2015/2366 of 25 November 2015 on payment services in the internal market.

[17] Art.1 DMA.

[18] Recital 28 Data Act.

[19] For a deep analysis, see Marta Duque Lizarralde, Business-to-Business Data Sharing for Artificial Intelligence Development (Nomos, 2025).

[20] C‑762/19, ‘CV-Online Latvia’ SIA v ‘Melons’ SIA, [2021] ECLI:EU:C:2021:434.

[21] Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure.

[22] See Part IV, Chapter B of the ALI-ELI Principles <https://www.europeanlawinstitute.eu/projects-instruments/instruments/ali-eli-principles-for-a-data-economy-data-transactions-and-data-rights/>.

[23] Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases.

[24] See <https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding>.

[25] See Joint Guidelines on the Interplay between the Digital Markets Act and the General Data Protection Regulation <https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2025/joint-guidelines-interplay-between-digital_en>.

[26] Communication from The Commission (n. 1) 1.

[27] Ibid.

[28] Ibid.

[29] Communication from the Commission `A European Strategy for Data´ COM (66 final).

[30] Communication from The Commission (n. 1) 2.

[31] Communication from The Commission (n. 1) 4.

[32] Communication from The Commission (n. 1) 5.

[33] Communication from The Commission (n. 1) 6, 7.

[34] Communication from The Commission (n. 1) 7.

[35] Communication from The Commission (n. 1) 12.

[36] Communication from The Commission (n. 1) 8, 9.

[37] Ibid.

[38] Communication from The Commission (n. 1) 5.

[39] Ibid.

[40] See <https://www.europarl.europa.eu/RegData/etudes/BRIE/2025/779251/EPRS_BRI(2025)779251_EN.pdf>

[41] Communication from The Commission (n. 1) 11.

[42] Communication from The Commission (n. 1) 12, 13.

[43] Communication from The Commission (n. 1) 13.

[44] Ibid.

[45] Ibid.

[46] Communication from The Commission (n. 1) 13; Proposal for a Regulation (n. 1) Chapter VIIb,

[47] Communication from The Commission (n. 1) 13; Proposal for a Regulation (n. 1) Chapter VIIa.

[48] See Begoña González Otero, `The Digital Omnibus Package: Simplification at the expense of protection? Initial Thoughts on the Data Act's Consolidation Effort´ (November 22, 2025) <https://penguinsanddigitallaw.substack.com/p/the-digital-omnibus-package-simplification>.

[49] Communication from The Commission (n. 1) 14, 15; Proposal for a Regulation (n. 1) Art. 2.

[50] Ibid.

[51] Communication from The Commission (n. 1) 14; Proposal for a Regulation (n. 1) Art. 1.

[52] Communication from The Commission (n. 1) 15, 16.

[53] Communication from The Commission (n. 1) 16, 17.

[54] Communication from The Commission (n. 1) 18.

[55] Communication from The Commission (n. 1) 18, 20.