Restitution EOLE 2019 - Panel 1 : Digital commons for everyone

EOLE is an annual conference cycle with an international reach, and aims to encourage the pooling and dissemination of legal knowledge related to open licenses as well as the development and promotion of good practices. Initiative born in 2008 out of the needs of practitioners in the field, EOLE aims to develop a legal doctrine dedicated to open source, with particular attention to the delivery of neutral and quality information. This year, EOLE took place in Marseille (France) on October 16th.

Necessary for some, alternative for others, "digital commons" are becoming the new Eldorado in a society that is sometimes too technological and not human enough. This growing phenomenon is profoundly transforming the practices and uses of many fields: health, mobility, space, etc.

PANEL 1 - Digital commons for everyone : citizens, administrations and companies

The financing of "commons" is a key factor for the success and sustainability of these projects. If multiple funding mechanisms for innovation exist today, it must be noted that they were not conceived in the specific context of digital communities. A re-reading of existing mechanisms is thus required at the very least, in order to define in a second stage new mechanisms to be considered and to draw inspiration from the experiments already carried out.

This first panel, rich in speakers with diverse experiences (public and private actors, or researchers), allowed to present some existing devices, to illustrate by experiences and to build an in-depth reflection on the modes of management of the communities.

1/ The financing of Digital Commons by public authorities

Speech by Olivier Jaspart, Legal Counsellor for the municipality of Livry Gargan

Several kinds of administrative contracts are able to participate in the financing of commons within communities. Thus, some traditional channels, such as the public market or the partnership market, can be used to participate in the creation or perpetuation of administrative digital commons. The partnership contract is particularly interesting insofar as it makes it possible to create a global mission without having to divide the roles between the project owner and the project manager.

However, public contracts - including partnership contracts - must also be accompanied by General Administrative Clause Books (Cahiers des Clauses Administratives Générales - CCAG) that can be adapted to the objective of producing a digital common.

To this end, the CCLS - Intellectual Property and CCLS - ICT models are the most suitable for this type of order. In particular, the CCLS - Intellectual Property models are to be preferred, as they allow to choose which entity will be the assignee of the intellectual property rights. Once the rights have been acquired, the public community that initiated the contract is then free to pool them on a pro bono basis (e.g. under an open source software license).

In this context, it is also recommended to invest in training and support rather than in the acquisition of the software solution itself. As an example, the municipality of Nancy has recently set up an ordinary market at a global and fixed price for the installation, hosting, maintenance and support (for the entire duration of the market) of the citizen and digital participation solution : DECIDIM.

The financing can then take the form of the participation or even the financing of the entity which ensures its maintenance: whether it is for example a SCIC (Société Collaborative d'Intérêt Collectif) or an association. These two ways allow local authorities to invest financially and materially in a administrative common project, while taking part in a shared governance within the project.

Finally, the financing of a data-driven administrative common is possible through the sharing of public information, or Open Data. Indeed, the Code of Relations between the Public and the Administration provides that any person has the right to re-use the information contained in administrative documents. The State may therefore fully finance the sharing of public information, or in some cases impose a fee for the re-use of such information. At this time, a recurrent legal problem concerns the exchange of datasets between administrations, particularly in the case of fees that still exist.

Key points :

• The partnership contract is a relevant and adaptable administrative framework for the financing of a digital common
• The CCAG – Intellectual property ensures that the public community is able to pool the resource acquired through public contracting
• Key articles of the CCAG-IP can be incorporated into other CCAG if required
• The association or the SCIC are two structures adapted to the creation, financing and evolution of a digital common

2/ Digital commons: from software to personal data, licensing and other legal Techniques

Marco Ciurcina, Lawyer Studiolegale.it

Starting from the definition of the common good proposed by Elinor Ostrom (Nobel Prize for Economics 2009, for her development of the theory on commons), the flagship and inspiring projects of digital commons (Wikipedia, Libre Office, Open Street Map, etc.) can be compared to Aqueducts. As opposed to bottled water that "privatizes" a natural resource -- we can speak of "proprietary" projects -- these structures have a strong potential for mutualization, sharing and interoperability. However, and the metaphor stops here, the mere fact of opening a project's code does not automatically make it common in the literal sense. Thus the rules of code sharing, framed by free licenses such as the GNU GPL or the Apache license, are essential to the establishment and perpetuation of a digital common.

However, free licenses are generally created to respond to a specific need of the community, and are thus shaped by the context, the need of the community, and laws applicable to a given object. This explains why some licenses are both transversal, by including specificities to copyright or patent law, but may not be appropriate if applied to non-software objects. For example, issues of personal data protection are generally absent within open source licenses.

Finally, open source licenses have played a decisive role in the success of digital commons projects: these licenses have thus made it possible to create trust between stakeholders by eliminating uncertainties, reducing transaction costs and enabling actors to understand the legal risk inherent in the conduct of a common project.

Key points :

• "Opening" the code of a software program does not automatically make it a numerical common
• Open Data licenses are legally cross-cutting (copyright, patent law, etc.) and may not be appropriate if they are applied to objects other than the one for which they were designed (in this respect, personal data still do not fit well with existing Open Data licenses)
• Free licenses have helped to build trust and legal certainty around projects of creating commons

3/ Reconciling entrepreneurship and general interest to support the development of digital commons: a look back at the creation of the collective interest cooperative society #APTIC

Pierre-Louis Rolle, Deputy Director Agence du Numérique & Gérald Elbaze, Director APTIC

The APTIC project has chosen to structure itself around a Co-operative Company of Collective Interest (SCIC - Société Coopérative d'Intérêt Collectif) in order to develop and maintain its common project: a digital inclusion pass based on the restaurant voucher model.

One of the first obstacles linked to the creation of a SCIC is first of all legal, since a Collective Interest Cooperative such as APTIC brings together necessarily heterogeneous actors: natural persons, legal entities under public law, and legal entities under private law. This variety of actors requires juggling between different applicable laws, which implies to train advisers (legal, economic and fiscal) in this interdisciplinarity. This lack of skills is a constraint to the creation of commons because it currently represents a significant cost even before the project is actually launched.

In addition to this lack of skills, there is also a lack of vision and overall information on the relevance of creating a SCIC, one of the only legal structures currently allowing a digital community to flourish. Today, many public authorities lack information on the nature, added value and means to be implemented in order to build these cooperatives. The solution shared by the two speakers would therefore be to create a real reference doctrine for public and private actors in order to overcome this problem.

Beyond the lack of information, a change of approach in the way the State invests in common projects is necessary: the production of common is too much perceived as an injunction from the State, whereas the latter would benefit from acting as a "prudent investor" in a project with clear governance and integrating social and solidarity economy aspects.

Key points :

• SCIC are still relatively unknown structures, making their creation complex and costly
• A "reference doctrine" on the creation of a SCIC would enable public authorities to become familiar with this legal form and to analyze its relevance to their respective projects
• The method of financing of cooperative societies by the State should be better adapted to the specificities of joint projects

4/ The opening of the property by the play of personal data right

Jonathan Keller, Research Engineer - Telecom ParisTech

On the basis of the Digital Internal Market and under the aegis of Article 8 of the Charter of Fundamental Rights of the European Union, the General Data Protection Regulation (GDPR) has changed the law on personal data. This new standard improves the repression of unlawful uses of personal data by defaulting data controllers by providing appropriate tools to National Supervisory Authorities (ANC).

However, the European legislator has particularly fulfilled the pragmatic wish of the Article 29 Working Party by replacing the "a priori control" by a "compliance control". Thus, subject to the control by an ANC, the controller is deemed to comply with the personal data right legislation. The latter is required to document its acts of compliance. Among its acts, the data protection impact assessment denotes. Indeed, this data protection impact assessment is based on an internal control process prior to the deployment of a technology that could potentially infringe on the "rights and freedoms" of the data subject. The methodology model provided by the European Data Protection Committee is flexible - not to say incomplete - offering mandatory criteria whose formatting is adaptable by ANCs and data controllers.

The methodologies often follow the same path, i.e. consultation and awareness of the various internal services on the issue of the process and management of personal data. This is followed by the definition of the plausibility and seriousness of the risk potentially caused by the processing of these data. In other words, the different approaches are based more on a mistaken vision of risk as generally defined in cybersecurity risk analyses. This data protection impact assessment is made arbitrarily by the data controller and joins the evidence of the compliance of the data controller..

The issue of the data protection impact assessment is nevertheless critical in the deployment of the Smart City for various legal issues. First of all, there is of course the extent of the information obligation that the provider of legal solutions has to transmit to the information. A corollary to this question is also the communicability of such information and, of course, whether business secrecy is likely to constitute an obstacle to such communicability. Indeed, and the topicality with the question of the "experimentation" of facial recognition raises this issue again, the consent of the concerned person is problematic. The latter has this quality, but also the quality of an information system user generating this data, and also sometimes of the status of administered. This plurality of quality is therefore likely to lead to competition between different rights offering the data subject the necessary means to request access to the data protection impact assessment.

In practice, the advisability of private-public consortia regulating individual or joint responsibilities, but also limitations on the use/exploitation of the personal data collected, is being developed. The various avenues of research explore both the contractual path through intellectual property, and more precisely that of Open Source and open data of non-personal data, and the governance that the GDPR attempts to establish by a division of labour based on the processing of personal data. In any case, the question of citizen involvement must be raised so that political and industrial powers do not have an exclusive monopoly on defining the rights of the persons concerned, i.e. concretely the citizens, in the connected city.

Key points :

• Intellectual property law is used by some players in the smart city to justify a lack of transparency on personal data rights
• A more precise definition of the relevant data to be analyzed in an impact assessment (in the framework of the GDPR) would provide concrete answers to this problem

-------------------------

The other articles of this day :

Following this first panel discussion, discover also the other interventions of this day focused on Legal issues of digital commons.

• Consult Panel 2 - Open licenses and digital commons
• Consult Panel 3 - Organization and governance of a digital commons
• Consult the Open discussion - Free competition and digital commons