The legal implications of AV data: commercialisation and access

LinkedIn +

What are the legal ramifications of commercializing AV data with regard to the forthcoming EU Data Act, ask Osborne Clarke’s Becky Crawford, Tamara Quinn and Elisabeth Macher:

The successful development of AVs depends on data. However, the volume of data that is both required and generated by high levels of automation presents a number of challenges for the industry. One of those challenges is how best to facilitate data sharing while incentivising investment.

The European Commission is currently considering this question, as it consults on a new regulatory framework to establish a single market for data.  The application of this proposed legislation will have a significant impact on all AV stakeholders. Here, we consider how to commercialize your valuable AV data and the impact of the forthcoming EU Data Act.

Data as the driving force

Collecting large data sets of different driving scenarios and environments is not only necessary for the safe and efficient rollout of AVs, but it is also laborious and expensive.

It has previously been estimated that a single test vehicle can generate up to 4 terabytes of data per hour [1]. In order to utilize this data effectively, manufacturers need to undertake a costly review process to decide which data should be deleted and which should be kept to improve safety, enhance the user’s experience and ultimately increase profitability.

Once the key data has been identified, the data holder is then faced with the challenge of finding a storage solution for a significant quantity of valuable information.  This information needs to be kept secure, with the ability to search through the data and rapidly employ it across a range of applications. A variety of data storage options have been discussed and utilized across the industry.  For example, Mark Pastor, product marketing director for archive products at Quantum, has recommended that manufacturers “follow tiered storage principles“, which allow data to be managed by moving it to the most appropriate access solution, considering cost and performance [2].

This cursory glance at the issues clearly demonstrates that vast resources are required to collect, review and store AV data appropriately.  Against this background, it is perhaps unsurprising that those who invest in the process expect to be rewarded with a competitive market advantage.

However, not every AV stakeholder will have the ability to engage in data collection and analysis directly. Some even argue that independent, siloed attempts to harness data could lead to safety and regulatory issues, which are likely to delay the arrival of AVs on our roads.

Several organizations are now sharing and learning from combined data sets. These collaborations range from private joint ventures through to public initiatives.  One example is the global driving scenario database launched by Deepen AI and WMG, University of Warwick, which aims to help inform policy and regulation of AVs [3]. The manner in which data is held between different partners must also be considered, with data trusts gaining momentum as a structure that allows independent stewardship of information.

Within the industry, there are clearly competing interests between those who wish to lockdown or commercialize their valuable AV data (which in turn incentivizes further investment in its collection) and those who are calling for enhanced access rights.

Protecting investment in data and its commercialization

It is often said that there is no ownership of data, and that there are no rights in data, but in practice much can be done to protect data and control its use. Intellectual property (IP) rights vary internationally, but from a UK/EU law perspective, there are three main IP rights that are most relevant: database rights, copyright, and confidential information/trade secrets.

Database rights can be important to protect data, but their scope is surprisingly limited: they don’t usually protect databases produced automatically as a by-product of a process, such as sets of vehicle performance data generated automatically from sensors embedded in a vehicle. However, in some situations, subsequent treatment of the data may give rise to a database right in it where effort is put into the selection, validation or presentation of the data elements used, for example if value can be added to the raw data by curating it and correlating against other data sets.

The position on copyright in this type of database is unclear (and currently being considered by the UK government), but generally speaking it is unlikely to be a reliable type of IP protection for AV data in the UK.  Protection is even less likely in other parts of Europe, many of which give no copyright protection at all for computer-generated content.

Useful protection for databases comes from the law on confidential information and trade secrets which will protect these databases in many cases, provided that it can be shown that AV data has commercial value because it is not generally known, and if steps are taken to protect confidentiality in it.

Given that IP rights for data are patchy and uncertain, it is crucial to ensure that contracts deal effectively with rights to access, use and exploitation of AV data. Contracts need to be clear about what data will be created, which party will collect it initially, and whether they will be contractually obliged to store it. The contract then needs to deal with who will own the IP in it, who will have rights to copies (and in what format), for what purposes it can be used, for how long, and in what territories. For especially valuable data sets, more detail may be important, setting out matters such as whether the parties can grant licences to others to use the data, and who can enforce IP rights against third parties. Finally, don’t forget to include provisions to take account of possible future changes in the law, both the known (such as the proposed EU Data Act, Data Governance Act, and AI Act) and the unknown (possible changes to elements of UK law e.g., around ownership and subsistence of computer-generated work).

Many contracts deal poorly with data, leaving lawyers to try to piece together protection from various standard form clauses on confidentiality, ‘foreground’ IP and ‘background’ IP, and personal data.  This is no longer adequate. Where data is a valuable asset, lawyers need to carefully consider how it will be used in practice, so that contracts can deal with it in a way which is explicit but nuanced and tailored to the particular situation of the various stakeholders.

Access to data: the implications of the EU Data Act

In February 2022, the European Commission proposed a new EU Data Act [4]. The goal of the legislation is to unlock the potential for data-driven innovation by facilitating data sharing and data access. The EU Commission put forward the proposal “with the aim of ensuring fairness in the allocation of value from data among actors in the data economy and to foster access to and use of data” [5]. The draft legislation focuses on products and services that generate data when used, and vehicles are specifically identified as relevant products [6].  It also has extra-territorial reach and will apply to organizations based outside of the EU in certain circumstances, for example, where relevant AV products and services have been placed on the EU market.

The draft EU Data Act contains obligations for data holders (for example, manufacturers of connected products) to provide users of their products or services with access to the data that is generated by their use. For autonomous vehicles, this means access to enormous volumes of data on a constant, “live” basis. Access must be granted where possible by design, meaning that the product (the vehicle or related service) has to be built in a way that allows the user direct, immediate access. Where that is not possible, the data holder must make the data available to the user upon request.

Perhaps more significantly, the data holder must also make the data available to third parties chosen by the user. This will have a profound impact on competition and innovation in the automotive market. Data holders could be forced to make real-time data from their vehicles available to their competitors.

However, the current draft of the Data Act leaves the potential for data holders to avoid certain data sharing obligations. For example, the draft Data Act states that IP rights and trade secrets protection should remain unaffected by the new regulatory framework. At least in theory, vehicle manufacturers could therefore try to block attempts to access data by invoking IP or trade secrets protection. However it remains unclear whether such attempts would be successful. Patents or copyright will seldom, if at all, be affected by the disclosure of data generated by the use of the vehicle. Database rights explicitly do not apply to data generated by the use of a product or service under the draft Data Act. For trade secrets, access rights under the draft Data Act already include obligations to preserve their confidentiality.

Given the importance of data in the automotive sector (and the fast-paced developments across the industry), the European Commission plans to adopt specific legislation addressing the unique issues presented within the automotive ecosystem. The Explanatory Memorandum to the proposal sets out the need for new rules in the automotive sector to ensure that legislation in this sector “is fit for the digital age and promotes the development of clean, connected and automated vehicles” [7]. To this end, the Commission has launched a consultation among stakeholders asking for their input on the current state of play of access to vehicle data as well as their views on necessary improvements. The questionnaire refers specifically to “latest technical developments (e.g. on automated vehicles…)” [8] that must be taken into account when updating existing vehicle approval legislation.

The competing interests of those acting as data holders (in particular vehicle manufacturers) and those acting as potential data recipients (including independent aftermarket, service providers etc.) are sure to be included in the consultation. However the big question remains: what will the sector-specific legislation cover?

The scope and application of the new legal landscape has the potential to be onerous, but for others it presents opportunities to access data that would previously have been kept under lock and key. Once the EU Data Act enters into force, it is anticipated that there will only be a period of 12 months before it applies to relevant organizations. Interested parties are therefore advised to monitor its progress and be ready to adapt.


[1] DSC Technology ––


[3] and

[4] Proposal for a regulation on harmonised rules on fair access to and use of data

[5] European Commission, 2022. Proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act), p. 2.

[6] Recital 14 of the Draft Eu Data Act

[7] European Commission, 2022. Proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act), p. 6.

[8] Access to vehicle data, functions and resources (

Share this story:

About Author

Osborne Clarke is an international legal practice with over 300 Partners and more than 1,080 lawyers in 26 locations. We help clients tackle the issues they’re facing today, and prepare for the ones they will face tomorrow. Our broad industry experience combined with our tech pedigree makes us the firm of choice for clients at the cutting edge of automotive developments.

Comments are closed.