Skip to main content

A brief picture of data boundaries, thinking of AI

by Rubén Cano Pérez

Artificial Intelligence is the here and now, as may be inferred from the roadmap drawn by the European Commission.[1] However, as the reader could easily check, AI is not a new phenomenon. AI ‘hidden’ potential existed since was firstly coined by John McCarty, Alan Turing, Marvin Minsky, Allen Newell, and Herbert A. Simon. Therefore, one may easily conclude that AI is not a disruptive technology, but -as Marco Iansiti and Karim R. Lakhani describe Blockchain technology- a foundational technology, which paves the path for unlimited applications and uses.[2] Just by way of an example, Sanofi has concluded an agreement with Google in order to create a ‘Virtual Innovation Lab’, where big data and AI will merge aiming at, in words of Ameet Nathwani, MD, chief digital officer, chief medical officer, and executive vice-president of Medical at Sanofi, ‘transform how future medicines and health service are delivered by tapping into the power of emerging data technologies‘.[3]

The worldwide development and mass implementation of AI is taking place right now. In this global picture, AI would be the cooking recipe while data would be ingredients. The cooking recipe may be extraordinary, but without ingredients of quality, it may be difficult to prepare a good dish, and vice versa. This is how the AI – data dichotomy works.

At the risk of being redundant, the reason why AI has an endless potential is not only due to the technology characteristics, but also to the new forms of collection, processing and use of data, which, under certain circumstances, entail the possibility to process high amounts of data. These functionalities modify the manner business was conceived so far, creating new data driven business models consisting of, inter alia, sharing of goods and services, marketplaces, matching of needs and re-distribution. Moreover, different digital transformation processes that, unbelievably, are taking place nowadays have also influenced the advent of AI and data driven business, jumping from the analogue world to the exponential reality of the Industry 4.0.

In this sense, there are different fields of law touching upon AI and the protection of data driven businesses. While regulating applicability, ethics and use of AI is extremely important, debates regarding data access and promotion have to be fostered in order to create a level playing field for the European Union digital economy to flourish, incentivising technological and innovative companies. In this context, the Internet of Things turns to be extremely important, in particular considering the implementation of new technological improvements such as the 5G standard, fog computing and edge computing.[4][5]

The present is marked by the interaction between IoT, Big Data, Small Data and AI. As such, greater attention must be paid to the regulation of data promotion and access. This said, data access and promotion, as the second part of the AI-data dichotomy, represents an extraordinary challenge for both regulators and stakeholders. This challenge is not exempt from legal issues, considering the constraints and concerns raised by the GDPR and the legislative framework regarding non-personal data.

Regarding non-personal data, its regulation takes place both at a horizontal and a vertical level with, for instance, Regulation (EU) 2018/1807, on a framework for the free flow of non-personal data in the European Union; Directive 2003/98 (as amended by Directive 2013/37/EU and Directive (EU) 2019/1024) on open data and the re-use of public sector information; or Directive (EU) 2015/2366 on payment services in the internal market (PSD2). Complementarily, other fields of law are stepping into the ‘data arena’, either as a mechanism for protecting data or for the protection of consumers’ well-being, market integration, freedom of competition and economic efficiency.

In this ecosystem, companies have used tools provided in the current legal framework in order to protect their businesses, where data is the most valuable asset. Since protecting assets containing personal data is relatively complex considering the control by data subjects over data granted by the GDPR, companies rather focus on the protection of non-personal data.

Therefore, when it comes to non-personal data, Intellectual Property (‘IP’) has been one of the favourite fields to protect such competitive advantage, mainly through: (i) trade secrets; and (ii) sui generis database right.[6] Together with previous IP related legal tools, other protection as ‘business to business contracts’ and de facto protection are used by the industry to enhance the control and availability of non-personal data.

Speaking of competitive advantage, data availability may modify the context and competition of a particular industry, which triggers the application of competition law provisions. As already stated by the European Union Court of Justice, where data availability is of crucial importance to operate in a given sector, it may be deemed as essential.[7] Considering data as an essential facility may entail outstanding competition law implications, in particular regarding the regime of Article 102 TFEU and a potential abuse of dominant position. In the same vein, different stakeholders in sectors as the automotive industry have argued for a legal presumption that considers car connectivity data as an essential facility, with the corresponding compulsory license, where regimes as the Fair Reasonable and Non-Discriminatory (FRAND) have been explored.[8]

This transversal view of the AI-data ecosystem, far from describing in an exhaustive manner the legal framework of such interaction, wanted to present the complexity of mentioned heterogeneous legal framework that, as the other side of the AI coin, has an outstanding impact on its implementation.

[1] See European Commission Policy site regarding Artificial Intelligence. Available at

[2] See Iansiti M. and Lakhani K. R., ‘The Truth About Blockchain’, Harvard Business Review, January-February 2017 Issue, 2017. Available at

[3] See Sanofi’s Press Release from June 18 2019. Available here .

[4] See ETSI and 5G standard technology. Available at


[6] For more information about protection of trade secrets in the European Union, see Niebel R., de Martinis L. and Clark B., ‘The EU Trade Secrets Directive: all change for trade secret protection in Europe?’ Journal of Intellectual Property Law & Practice, Volume 13, Issue 6, June 2018, Pages 445–457 (2018). Available at

[7] See, for instance, Judgement of the European Union Court of Justice, of 29 April 2004, Case C-418/01. Available here:

[8] See JRC Digital Economy Working Paper 2018-06, ‘Access to digital car data and competition in aftersales services’ (2008). Available at