"Europe needs a data revolution" – The role of competition law in access to data

In mid-July, during her re-election as President of the European Commission, Ursula von der Leyen emphasized a revamp of competition policy as central to her priorities. One of the key focus areas: "Boosting productivity with digital tech diffusion". In her Political Guidelines for the next European Commission, von der Leyen underscores that “access to data is not only a major driver for competitiveness, accounting for almost 4% of EU GDP, but also essential for productivity and societal innovations, from personalised medicine to energy savings”. However, still too many companies in Europe struggle to get access to the data they need. To address this, the European Commission plans to introduce a European Data Union Strategy, aiming to unify existing rules into a coherent legal framework. This article examines the role that competition law currently plays in data access and the potential it holds within the European Data Union Strategy.

The increasing importance of data access

As data generation accelerates and data-driven strategies excel, numerous companies become increasingly dependent on data. For the development of numerous products and services, data must be widely available, easily accessible, sufficiently portable and simple to use and process. Data has become a crucial factor not only for digital business models or the development of artificial intelligence offerings, but also for the “old economy”. Access to data is essential for the success of businesses and will become even more critical in the future. However, data – such as that generated by IoT products and services – is often not readily accessible, hindering businesses from launching innovative and efficient services.

Very recently, a key pillar of the EU data strategy came into force and will apply from September 2025: the EU Data Act. The Data Act aims to create a regulatory framework for a flourishing data economy in the European Union by reducing barriers to data access, imposing data-sharing obligations, removing obstacles to switching data processing services, and facilitating interoperability of data from different domains. The importance of data as a resource has also beyond been a legislative priority, both at national and EU level. There have been key competition law initiatives such as the EU's Digital Markets Act (DMA) and the 10th amendment of the German Act Against Restraints of Competition (ARC) that address the significance of data and the potential competitive harm of foreclosing access to data.

The current role of competition law in data access

In the EU, unlike in the US, the debate on data access rights – underlined by Ursula von der Leyen's European Data Union Strategy – is gaining momentum, driven by policymakers. The constraints of rights of access to data have led commentators to look toward competition law as a potential solution: Competition law, particularly Article 102 of the Treaty on the Functioning of the European Union (TFEU) and its national counterparts, offers a well-established framework. It is in addition not only enforced privately, but also publicly by competition authorities.

However, despite the theoretical potential of competition law to address data access issues, practical applications are so far limited. Why is that? There are only few cases specifically invoking competition law to mandate data access, as for example the recent case of the German Federal Cartel Office against Deutsche Bahn (appeal pending before courts). Surprisingly, there are (so far) no specific Article 102 TFEU decisions requiring (dominant) firms to provide competitors with access to behavioural, product, or machine usage data.

The legal framework

Competition law provides two primary legal grounds for companies seeking access to another company's data: Article 101 TFEU and Article 102 TFEU

• Article 101 TFEU: A company can invoke Article 101 TFEU if it can demonstrate that a data controller's refusal to share data is based on an anticompetitive agreement with other companies. For example, if multiple companies agree not to share specific types of data with certain third parties, this could constitute a violation of Article 101 TFEU.
• Article 102 TFEU: In the absence of an anticompetitive agreement, a company can rely on the prohibition of the abuse of a dominant position. This prohibition may be violated if a dominant company refuses access to data without objective reasons or offers access only under discriminatory or unfair conditions.

In addition, sector-specific legislation on data access has been adopted in some areas to address identified market failures, such as in the automotive sector, payment service providers, smart metering information, electricity network data or intelligent transport systems. In the absence of sector-specific data access legislation, data access may however by mandated under the general rules of competition law as well as under specific German competition law rules.

Access to data under Article 102 TFEU - an access option with hurdles

In the following, we will focus on the requirements of Article 102 TFEU for access to data cases. Generally, data – like any other resource – can be an input factor; access to which can be essential in order to compete or to provide downstream or upstream services. But due to the restrictive requirements of the “essential facilities doctrine”, obtaining access to data on the basis of Article 102 TFEU can be challenging.

1. Relevant market and market dominance: First, Article 102 TFEU applies only to companies that are dominant on a relevant market. A claimant needs to establish the data controller's dominant position and persuade a court or competition authority from its view on the relevant market. Defining the relevant (data?) market is an untested and challenging task due to the evolving data economy and lack of specific guidance on data markets. A precise and context-specific analysis will be necessary in this regard. Specifics can be derived from the German ARC, where exclusionary abuse of market power not only applies to dominant firms, but also where a small or medium-sized undertaking is dependent on accessing data controlled by another undertaking in order to carry out its own activities (so called "relative market power"). In essence, and according to Section 20(1a) ARC, establishing the required degree of dependency can be very challenging.
2. Essential facility: Second, the claimant has to show that the data constitutes an "essential facility", i.e. the data is indispensable for its business activities and there is no other reasonable means of obtaining the data. The data must not be replicable or substitutable. Particularly in the case of consumer data, data controllers might be able to argue that any company with a comparable online offering is able to collect comparable data. In particular, it will be difficult to demonstrate that the data is indispensable to the claimant. Here, the academic antitrust debate is still in flux and revolves mainly around the applicability and interpretation of the indispensability criterion and the "new product rule", which are particularly controversial and leave room for argument. We expect to have different set of rules and case law for different types of data.
3. Refusal eliminates effective competition: Third, the claimant needs to demonstrate that the refusal of access to the data would foreclose all or most competitors from the market. This means that access to this data must be crucial for independent market participants to operate in upstream or downstream markets. Based on "essential facility" case law some argue that this means that the dominant data holder must itself already be active in the related market. In other words, this would mean that if the data holder does not serve a particular market (e.g. analysis services of a particular data set) and an innovator wants to enter that market, access to the data cannot be forced. This is insufficient for a data economy. It should not be decisive for an access to data claim whether the data owner itself is active on the respective market. Rather, assessing a hypothetical market that is actually relevant for entrepreneurial activity should be addressed. Where the data is indispensable for such market activity, it can be indispensable – irrespective of whether the data owner is active on such market.
4. No objective justification: Fourth, a successful data access claim requires that the refusal of access is not justified by objective reasons. This requires a comprehensive balancing of interests involved and will depend on the circumstances of each individual case. The immediate improvement of competition on a downstream market must be balanced against the negative incentive effects on the dominant firm that may result from the requirement to grant access. Possible justifications can be of a legal or factual nature. They include – of course – the return on investment for the data controller in his efforts to collect the data, safety/cyber security risks, trade secrets or data protection requirements. In addition, Article 101 TFEU has to be taken into account, which may limit the possibility of sharing data with competitors due to antitrust restrictions on information exchange.
5. Willingness to pay a reasonable fee – FRAND reloaded: Finally, refusal of access will only be considered an abusive and unreasonable obstacle if the claimant is willing to pay an appropriate fee. The need for remuneration for the provision of data already arises from the fact that the provision of data to an access petitioner involves costs. However, at the same time, access must be granted under fair, reasonable, and non-discriminatory conditions. It is therefore necessary to determine an appropriate fee. Established FRAND-principles could be used here.

Reliance on existing competition law, in particular the case law regarding the interpretation of Article 102 TFEU with respect to the so-called "essential facility", is thus at the moment an uphill battle to address some potentially data abusive cases. Leaving aside the complexity of identifying data markets and assessing dominance, the requirements of the essential facility doctrine are quite strict. Alternative data often exists but could be less accessible, less perfect, or more expensive. Is this sufficient to meet the test? At the moment, applying the strict requirements of the "essential facility" doctrine, if there is an alternative, a claimant is thrown off the track. New case law will need to show that the “new product rule” is insufficient to protect entrepreneurs and business in evolving upstream and downstream markets.

The intense academic debate on the role and scope of the essential facilities doctrine as applied to data has not been followed up by relevant cases, leaving room for argument but also lack of legal certainty. And even if the strict requirements are met, the question of 'how' to grant access to data remains, which requires the precise specifications of access conditions, GDPR-thinking, the level of access and renumeration issues.

The adoption of the Data Act as a potential game changer?

The recent adoption of the Data Act has been heralded as a "game changer" in the realm of data access. One of its goals is to facilitate the access to and use of data (both personal and non-personal) generated by consumers and businesses through connected devices, such as IoT, and their related services. Following a “user-centric” approach, the Data Act specifically aims to grant users with access to individual-level data produced by their use of these products and related services, enabling users or authorized third parties to access this data on their behalf. Unlike the competition law approach, which is based on identifying market failures, the Data Act strives to promote access to data more generally. The Data Act creates a cross-sectoral governance framework for data access and provides incentives for horizontal data sharing, and reduces related barriers. For an overview of the new rules see our Deep Dive on the new EU Data Act.

The Data Act introduced the following data access provisions:

• Article 3 Data Act – Access by design: According to Article 3 Data Act manufacturers of connected products and providers of related services are obliged to ensure that any data generated by the use of a connected product that the manufacturer designed to be retrievable and any data recorded intentionally by the user or generated as a by-product of the user’s action during the provision of a related service are, "by design", directly accessible to the user, where relevant and technically feasible. The Data Act further stipulates access to such data, including relevant metadata, must be "easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format". However, the Data Act leaves it open as to what exactly is meant by "by design", what types of data will ultimately be covered, in what specific way access is to be granted technically and under what circumstances relevance or technical feasibility exist.
• Article 4 Data Act – Access to data: Whenever product data or related service data are not directly accessible by design, the user has a right to request the data holder to make such data accessible – but only "readily available data, as well as the relevant metadata necessary to interpret and use those data". This covers all product data and related service data that the data holder can lawfully obtain from the connected product or related service without disproportionate effort going beyond a simple operation.
• Article 5 Data Act – Data sharing obligations: Beyond mere access, Article 5 Data Act provides the user with the right to request the data holder to share “readily available data” with a third party (data recipient). In this context, it is worth noting that Article 5(2) Data Act excludes undertakings that provide platform services which have been designated as gatekeeper under the DMA, as an eligible third party within the meaning of Article 5(1) Data Act. Accordingly, such undertaking may not receive data that a user has obtained pursuant to a data sharing request under the Data Act. In addition, the data recipient may only use the data for purposes and under the conditions contractually agreed with the user. The data recipient must further enter into an agreement with the data holder about "reasonable compensation" for the use of the shared data according to FRAND conditions but also about technical protection measures, preservation of trade secrets and other conditions.

Overall, the Data Act is an important building block of the Commission's regulatory scheme for the digital economy. However, it will remain to be seen what types of business models will evolve in the future and to what extent third parties will be able to incentivize users of connected products or related services to request data holders to share their data with those data recipients. Further, the Data Act only applies to particular sets of data in connection with the use of connected products or related services and does not extend to information inferred or derived from product data and related service data. When it comes to access to data by third parties who had no part in the generation of the data and request access to large sets of bundled individual-level or aggregated data (in particular, going beyond the narrowly defined types of data available under the Data Act) to develop and improve complementary services within the framework of data-driven value creation, the solution is traditional competition law.

Outlook: Potential role of antitrust in the European Data Union Strategy

Given the broad variety of data and data access scenarios, there cannot be a "one size fits all" approach to data access. Specifically, in situations where access to bundled individual-level data and aggregated data is crucial for innovation and competition, competition law is the appropriate regime. Its case-by-case approach and context sensitivity are strengths, not shortcomings. In cases of frequent and repeated market failures, a sector-specific approach might be more suitable. With regard to access to individual-level data generated by connected products and related services, it will be interesting to see whether the Data Act will meet expectations and fundamentally reshape the regulatory landscape for data handling in practice.

The EU legislator's intention to address data access from multiple perspectives is well comprehensible. However, it is crucial to prevent legal users from becoming entangled in the web of EU data legislation due to possible friction between various legislative acts such as the DMA, the GDPR, the Data Act, and the Data Governance Act. Therefore, data access should be made more coherent and legally certain to maximize the synergies and potential of the European Data Strategy. The European Commission's plan to introduce a European Data Union Strategy, which aims to combine existing rules into a coherent and clear legal framework, is a welcome and necessary initiative.

Authored by Elena Wiese, Martin Pflüger, and Kyra Harmes.