In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. (from https://en.wikipedia.org/wiki/Regulatory_compliance)
The current regulatory framework places emphasis on the protection of personal data and privacy leaving a gap still to be covered related to non-personal data in the realm of industrial activities. The interaction of humans (i.e., personel) with equipment, machines and systems creates a complicated scenario of potential personalisation of non-personal data generated in industry. This is an issue that could result in liabilities for companies operating and exploiting data in digital platforms.
In general data liabilities refer to potential damages in relation to data characteristics (reliability and veracity promised, periodicity and velocity) and the stage in the process of data exploitation. for example in relation to quality of data, data, security breaches, delivery, data analytics misuse or misrepresentation, loss of stored data, access or retrieval of data, etc. In addition, the failure to follow and fulfill contractual obligations outlined in a given contract might lead to liabilities (see next section on industrial contract types for an outline).
Example of Liability Clause: Except in respect of death or personal injury caused by the Supplier’s negligence, the Supplier shall not be liable to the Customer by reason of any representation (unless fraudulent), or any implied warranty, condition or other Term, for any loss of profit or any indirect, special or consequential loss or damage (whether caused by the negligence of the Supplier, its servants or agents or otherwise) in relation to the supply of the Goods (or any failure to supply them) or their resale by the Customer, or otherwise arising out of or in connection with the agreement.
At the core of all potential industrial use case scenarios of platforms are data. When formerly isolated data are shared, suddenly a new set of factors arises, both in terms of new external factors, but also in terms of business/microeconomic implications. Therefore, at the core of every digital platform must be a legally, organizationally and commercially viable concept for data sharing/trading/exchange.
When shaping this model, the following questions must be answered:
What is the legal arrangement for data “ownership”? Can users classify their data, is staggered approach possible (closed, traded or open data)? What are legal means that the platform uses to ensure the confidentiality of data ? (Trade Secrets, data base directive)
Transparency: Can users monitor/control the sharing of data with third parties? Are there “expiration dates” for data use?
Is the legal setting a fixed standards (“general conditions”) or is it a flexible, individual approach? Are model contracts available?
Are there sectorial regulatory requirements concerning data?
How far is portability and change of platform possible?
Who is responsible in the case of breaches of confidentiality?
How is fairness/ a level playing field between the platform and smaller players ensured ?