‘Data is the new oil’ has been a popular phrase in recent years, but perhaps a more apt comparison would be solar power: a renewable natural resource that can benefit everyone at once, without diminishing. Data is created everywhere in our society. Networking and digitalisation are increasing across industries, and Bengt Holmström, among others, has called for the EU to recognise the value of data. At the same time, as Vili Lehdonvirta notes, data is a highly heterogeneous good with a content-specific value.
7.12.2023
Agreements define data sharing and re-use
Related services
Tags
The Commission aims for a single market for data
In its 2020 data strategy, the European Commission deemed that data is insufficiently available for re-use and that data sharing is hampered, in part, by companies’ fear of losing their competitive edge. According to the Commission, the strategy aims to make the EU a leader in a data-driven society by creating a single market for data that will allow data ‘to flow freely within the EU and across sectors for the benefit of businesses, researchers and public administrations.’
In February 2022, the Commission published its proposal for the new Data Act (DA). This Act aims to increase data availability and create a regulatory framework for sharing data between different actors in the EU, including rules on who can use and access what data and for which purposes. The Data Act is part of the Commission’s larger proposal package, the so-called Big Five, that also includes the Data Governance Act (DGA), the Digital Markets Act (DMA), the Digital Services Act (DSA) and the Artificial Intelligence Act (AIA). As for the Data Act, the legislative process is well underway, and its goals include rules on who can access and control what data, among other things.
Data protection through agreements
In this connection, it should be noted that data itself is not protected under any special IP rights. Instead, the protection is largely based on agreements between companies and, in some cases, on the protection of trade secrets. Data can also form a database that is protected. In practice, the underlying data set must always be identified so that the related rights and restrictions can be evaluated. Agreeing on how the data can be used is key when data is shared and re-used.
The important thing is to understand the nature of the data and, consequently, what rights may be attached to it. It is equally important to know what the data will be used for, i.e. what rights the user needs to have. This allows for the data user to control the risks associated with third-party rights through agreements. For the party sharing the data, a formal agreement on data sharing provides an opportunity to protect data such as trade secrets, for example by restricting the use of the data to a specific purpose.
Progressing protection procedures
In Finland, the business and industry organisations recognised the need to develop the practices for data sharing agreements early on. The Technology Industries of Finland drafted the model terms for data sharing in 2019. In addition, the IT2022 terms, drafted in cooperation by IT supplier and client organisations, include new special terms and conditions for data use.
Efficient use of data always requires that industry-specific characteristics are taken into account in data sharing agreements so that reaching commercial goals is supported. We have assisted clients in various fields in matters related to data use and data agreements. If you would like to discuss the protection of your company’s data or any of the other topics covered in this blog in more detail, please do not hesitate to contact the authors.
Latest insights
Article published 10.10.2024 – Data & Technology
New act on dual-use items entered into force in September – what companies need to know
Article published 5.9.2024 – Data & Technology
Technology acquisitions can boost companies’ growth – or cause them to fail
Article published 6.5.2024 – Employment
Outsourcing company functions – four key points for success
Article published 29.11.2023 – Employment
Whistleblowing and data protection – frequently asked questions
Kim Parviainen & Lauri Laatunen
Topi Lusenius, Anders Forss & Kim Parviainen
Tomi Kemppainen, Kim Parviainen & Eija Warma-Lehtinen
Eija Warma-Lehtinen & Ville Kukkonen
Latest references
Lantmännen – Acquisition of Leipurin from Aspo
We advised Lantmännen ek för in its contemplated acquisition of Leipurin from Aspo Plc. Lantmännen is an agricultural cooperative and Northern Europe’s leader in agriculture, machinery, bioenergy and food products. Lantmännen is owned by 17,000 Swedish farmers and has 12,000 employees in over 20 countries. Leipurin is a leading Nordic supplier of bakery ingredients, equipment, and expert services to professional bakeries, confectioneries, and food manufacturers. The company operates across Finland, Sweden, and the Baltic countries with subsidiaries located in the aforementioned countries, providing comprehensive solutions to the baking industry. The closing of the transaction remains subject to regulatory approvals.
Case published 25.8.2025
Oomi – Expansion into mobile telecommunications
We assisted Oomi Oy in its expansion into the mobile telecommunications market with the launch of Oomi Mobiili, a new MVNO brand. Our work covered the preceding due diligence process as well as structuring and negotiating key partner agreements, laying a solid foundation for Oomi’s entry into the new market. Oomi Mobiili will operate as a virtual mobile network operator, offering customers the option to purchase a mobile subscription together with their electricity contract. The phased launch is set to begin in autumn 2025, with nationwide availability targeted for early 2026.
Case published 15.8.2025
Nevel – Acquisition of Labio’s business
We advised Nevel Oy in its acquisition of the business of Labio Oy. Lahti Aqua Oy and Salpakierto Oy sold their entire shareholdings in Labio to Nevel, expanding Nevel’s already significant biogas portfolio. The transaction will have no impact on Lahti Aqua’s water utility operations or Salpakierto’s municipal waste management responsibilities. Labio’s operations and customer relationships will continue as before. ‘This partnership is a natural next step for us as we continue investing in sustainable material efficiency and renewable energy solutions. By integrating Labio’s comprehensive offerings and expertise, we can provide customers with a strong platform for material circularity. We are also strengthening our market position as one of Finland’s leading material efficiency solution providers,’ says Ville Koikkalainen, Director of Industrial and Biogas Business at Nevel. Nevel is an energy infrastructure company offering advanced, climate-positive solutions for industry and real estate. It operates more than 130 energy production plants and manages over 40 district heating networks. Nevel’s annual turnover is EUR 150 million, and it employs 190 experts in Finland, Sweden and Estonia.
Case published 16.7.2025
Finnish Motor Insurers’ Centre – Precedent concerning patient data processing and repeal of administrative fine
The Supreme Administrative Court (SAC) issued a significant precedent (decision KHO:2025:23) in a case in which it found that the Finnish Motor Insurers’ Centre (Liikennevakuutuskeskus, LVK) processed patient data in accordance with the requirements concerning fairness, data minimisation, and privacy by design and by default when deciding on compensation claims. We represented LVK in this case in which the SAC upheld the Administrative Court’s decision to repeal the EUR 52,000 administrative fine imposed on LVK by the Sanctions Board of the Office of the Data Protection Ombudsman. The SAC also confirmed the Administrative Court’s decision, which, as far as we know, was the first of its kind in Finland, ordering the Office of the Data Protection Ombudsman to reimburse some of our client’s legal costs. The decision bears great significance for the insurance industry as a whole. The crux of the matter were LVK’s information requests under the Motor Liability Insurance Act for patient data that were essential in determining insurance or compensation claims. In certain cases, making a decision may require extensive patient data. The Office of the Data Protection Ombudsman had found that LVK had systematically made overly broad information requests infringing Articles 5 and 25 of the GDPR and that the information should have been provided in the form of separate medical opinions. The Administrative Court repealed the Data Protection Ombudsman’s decision and found that patient records from medical appointments are, as a general rule, essential in establishing causality in compensation matters. It also stated that the tasks related to the consideration of compensation matters are specifically the core tasks of the insurance company and not of the controller of patient data. Furthermore, the Administrative Court found no evidence indicating that LVK would have systematically made overly broad information requests. ‘Once again, our collaboration with C&S was seamless throughout this extensive process, and we could trust that our case was in expert hands’, says Visa Kronbäck, Chief Legal Officer of the Insurance Centre. The full decision is available on the SAC website (in Finnish): KHO:2025:23.
Case published 18.6.2025