A Call for a European “Civil Code” of Digital Data


Amid the rush to be GDPR-ready, the former European Commissioner for Digital Economy and Society was campaigning for a comprehensive European “Civil Code” compiling EU rules on digital data. This call is as relevant today as ever.

During his visit to Frankfurt (Germany) on 16 October 2016, the then-current EU Commissioner for Digital Economy and Society Günther H. Oettinger launched a call for European action to regulate all information and data collected by the vast number of machines surrounding us.

All the legislative actions under way concern personal data, that is data that can be used to directly or indirectly identify individuals. Among those initiatives, the most important one is the GDPR, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016, which will apply in 2018. The GDPR is the fruit of several years of work and reflection; it will enable not only all European citizens to better control their personal data, but also businesses to benefit from a one-stop shop mechanism and a common set of European rules for operating in the digital market.

But despite this progress, the former Commissioner pointed out that the processing of personal data was only one facet of the digital challenges. Indeed, the protection of personal data does not take into account the development towards a data economy (1). 

Machine-generated data are the ‘New Oil’ or the ‘New Gold’

Not all the data collected on a daily basis by machines are personal data. However, the processing of non-personal data also carries risks. Those data, which include data collected by all kinds of machines, are called the “new oil” or “new gold”. This phenomenon is only in its early stages and is set to develop exponentially.

Let’s take an example: today a modern car is equipped with forty or so microprocessors and dozens of sensors that collect a host of data that are not personal data, but which have a very high economic value because of the use it can be made of them.

A lack of regulation

There are currently no comprehensive regulations for those data. The companies owning machines take advantage of this situation to have users agree to terms and conditions of sale in which they are waiving their rights to such data.

For the former EU Commissioner, this represents a real loss of revenue, both politically and economically. He further underlined that a real social benefit could be gained by combining a broadening access to these data and the use of Big Data.

For example, an expanded and enriched access to the data collected by modern vehicles could improve road traffic management.

The need for unified regulation at European level

While calling for a clarification of the rights attached to those data, Günther H. Oettinger stressed that a national fragmentation of laws would render any initiative ineffective in the Single Market.

For this reason, he believed that action had to be taken at the European level.

One of the tasks of the new EU Commissioner for Digital Economy and Society, Mariya Gabriel, is precisely to develop “legislative and non-legislative initiatives to allow the non-personal data economy to thrive” (2).

It therefore seems that after the protection of personal data, Europe’s next big challenge is to achieve a uniform scheme for protection and exploitation of non-personal, machine-generated data that will make it possible to unleash EU’s data economy and increase the attractiveness of the European continent (3).


  1. “General data protection regulation: Texts, commentaries and practical guidelines” (Editions Wolters Kluwer, 2017), directed by Alain Bensoussan, (Lexing France), with the participation of Jean-François Henrotte (Lexing Belgium), Marc Gallardo (Lexing Spain) and Sébastien Fanti (Lexing Switzerland), and prefaced by Isabelle Falque-Pierrotin, Chair of the Article 29 Data Protection Working Party (WP29).
  2. Mission Letter sent by President Juncker to Mariya Gabriel detailing her main tasks and responsibilities as Commissioner in charge of the Digital Economy and Society, 16 May 2017, http://europa.eu/rapid/press-release_IP-17-1328_en.htm. See also “Digital Single Market: Commission calls for swift adoption of key proposals and maps out challenges ahead”, European Commission press release, 10 May 2017: http://europa.eu/rapid/press-release_IP-17-1232_en.htm
  3. “Building a European Data Economy”, https://ec.europa.eu/digital-single-market/en/policies/building-european-data-economy 

Article provided by: Eric Le Quellenec,  Attorney-at-law, Member of the Paris Bar


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.at


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.