German industry overview keynote given at the Transatlantic Dialogue Initiative's Big Data & CyberSecurity conference in Ottawa, Ontario, Feb 22. 2018.
2. €131B
(2020)
Based on 20.6% CAGR
The European Data Market at a Glance
02.03.2018 Page 2
€62B
(2016)€52B
(2014)
€56B
(2015)
The European Data Market has seen steady year-on-year growth, with the CAGR
forecast to reach up to 20.6% by 2020, with the GDPR acting as a market catalyst.
Total value of EU Data Companies’ Revenues, Year-on-Year:
CAGR
8.4%
CAGR
10.3%
€92B
(2020)
Based on 10.4%
CAGR
CAGR
20.6%
GDPR
introduced
in 2018
3. Ranking of Member States by number of Data Companies
02.03.2018 Page 3
4. Data Users and Companies across the EU
02.03.2018 Page 4
• Ratio of Data Users to Data
Companies - 1,28:1 (UK),
4,24:1 (DE)
• UK very close to achieving
parity between
Providers/Consumers -
Germany very much one-sided.
5. European Data Economy by Sector
• Biggest Sectors: Mining and Manufacturing,
Financial Services, Professional Services, Retail,
and ICT.
• SMEs capture 72.4% of revenues in the
European Data Market.
• Medium sized companies (50 to 249 employees) make
up only 10% of data companies, but capture 21% of
the total revenues.
• While smaller companies (< 50 employees) are driving
innovation, it is the more established Mittelstand that is
seeing a higher rate of conversion between adoption
and revenue generation, making it best positioned to
capitalize on data-driven innovation – placing Germany
in a strong position for future growth.
02.03.2018 Page 5
21%
20%
14%
11%
10%
Mining and Manufacturing
Financial Services
Professional Services
Retail
ICT
Public Administration
Transport
Utilities
Home
Health
Other
Share of Data Market by Industry (EU, 2016)
6. Position of German SMEs
• First-mover advantage:
• Many SMEs are facing data protection and regulatory requirements for data processing for the first time
• Little product legacy, low risk, and high organizational agility means that most of the first movers are SMEs.
• However, as a whole, many SMEs remain unaware of what is coming, or how it impacts them.
• We have not yet seen the peak of disruption or knock on effects across the industry as a whole.
• While larger industry players scramble to comply and limit their own risks, SMEs are charging
ahead: SMEs capture 72.4% of revenues in the European Data Market.
• Medium sized companies (50 to 249 employees) make up only 10% of data companies, but capture 21% of
the total revenues.
• While smaller companies (< 50 employees) are driving innovation, it is the more established Mittelstand that
is seeing a higher rate of conversion between adoption and revenue generation, making it best positioned to
capitalize on data-driven innovation – placing Germany in a strong position for future growth.
02.03.2018 Page 6
7. Government Support – R&D Funding and Trust Assurance
• Strong R&D funding for established and growing businesses / SMEs.
• Nationally (BMBF, BMWi - ZIM), co-funded with the European Commission (EUREKA
EUROSTARS), and directly at the EU-level through the European Commission's Horizon 2020
research framework programme.
• IT Security Trust label "ITSMIG" ("IT Security made in Germany"):
• Established 2005 by the German Federal Ministries of the Interior and of Economics and Technology
as well as by representatives of the German IT security industry.
• Connected to TeleTrusT in 2011.
• Aims to present IT security products, solutions and services "made in Germany" at national and
international level towards industry partners, politics, authorities, organizations and science, by
emphasizing trustworthiness.
02.03.2018 Page 7
8. German Startup Hubs
02.03.2018 Page 8
• Big start-up hubs with unique characteristics:
• Berlin (#1 start-up hub)
• Hamburg (B2B focus)
• Online Marketing
• Social Marketing
• Gaming
• Munich (strongest ecosystem)
• Venture Capital
• Access to industry
• High-tech focus
• Rhine-Ruhr Area (most diverse region)
• Industry events
• Academic support
• B2B and B2C
9. Competence Clusters Supporting Strategic Growth
• Good coverage of networking/trade associations and competence clusters at all levels.
• Excellent support mechanisms and opportunities for partnerships to speed time to
market across all stages of organizational growth.
02.03.2018 Page 9
Local National EU-wideRegional
10. Legislation and New Developments in Germany
• German Federal Network Agency (Bundesnetzagentur) has already
banned several mass-market IoT devices over privacy concerns,
categorized as "misuse of transmitting equipment" (pursuant to TKG § 90)
• In the absence of IoT-specific legislation, Federal telecoms regulation is
being applied to insecure smart products to ban them from the
marketplace.
• While being an effective tool to combat the first generation of devices, this
brings us no closer to bringing trustworthy/privacy-preserving IoT devices
to market, and instead pushes the conversation elsewhere:
• ENISA recommendation for a "trusted IoT" label at EU-level
• Standards bodies (ISO 27030 "Guidelines for security and privacy in Internet of
Things" draft)
• Vertical-specific guidelines (GSMA - telecoms, FIA - automotive, VDMA -
manufacturing/Industrie 4.0, …)
• IoT Security and Privacy-preservation key requirements for
successful entry into the German market.
02.03.2018 Page 10
11. New Developments at the EU-level
• Certification / Trust Labels under consideration:
• GDPR compliance
• Trustworthy/secure IoT devices
• Data Economy Challenges:
• Product liability directive reform to reflect changes in e.g. the IoT data value chain.
• Restrictions on monetization of personal data and similar business models that focus on
incentivization to give up ones individual (and constitutional) rights.
• The role of Personal Information Management Systems (PIMS) in facilitating GDPR compliance and
increasing end-user engagement in data management.
• Health record interoperability across member states.
02.03.2018 Page 11
12. Germany as an Innovator
• Informational self-determination and much of the basis for the GDPR originated from
Germany's view of privacy and data protection - while a continued culture of risk
aversion and fragmentation places German industry at a distinct disadvantage to
capitalize on its own innovations.
• Further, the situation for tech startups is a challenge
• While the environment is reasonably conducive to software companies with low initial capex, there
are few examples of successful startups in areas where startup costs and risks are high - excluding
those that are spun out from their corporate parents (intrapreneuring).
• While Germany leads the way in industrie 4.0, we can expect less innovation on the hardware side -
meaning that the big players will either need to diversify, or accept public procurement from out of
the country to keep pace with technological progress.
• Long supplier onboarding periods (some automotive OEMs take up to 5 years!) also make it difficult
for startups to engage with large industry, pushing towards an intrapreneuring model /accelerators as
a means of getting new ideas in instead.
02.03.2018 Page 12
13. Facing disruption - do we need a new global framework to face the disruptive
changes big data will bring with it?
• Countries that have a degree of compatibility underpinning their data processing and
protection would benefit from the free flow of data and increased collaboration on
common societal challenges
• Many of the big data and Societal problems being faced globally are not unique, yet many countries
are ramping up their own investments to increase spending in this area, often duplicating efforts in
the process.
02.03.2018 Page 13
14. Towards a Common Data Framework?
• Citizen-focus:
• Citizen-centred, underpinned by privacy-
preservation (privacy-by-design - Canada)
and the right to informational self-
determination (Germany).
• Fundamental right to privacy as a key pillar
• Restore trust in data use by industry
• Benefit from own use of data – increasing
awareness and engagement.
02.03.2018 Page 14
Informational Self-Determination
(informationalle Selbstbestimmung)
Privacy-by-Design
• Business-focus:
• Removing legal ambiguity over data use
• Increased richness of data sets
• Limitation of liability in order to foster open innovation
ecosystems (liability with data "owner" or user)
• Include data subjects in participatory value co-creation
approaches - business model transformation beyond
compliance.
• Must account for pluralism of data value chains
Increased interoperability and standardization mean that individuals and businesses alike will use data for their own
purposes in ways that the originating entities have not considered or indemnified against – this kind of use must be
supported without introducing financial risks for the originating entities if value is to be maximized.
15. Key Findings
• With Brexit, Germany will become the defacto champion of the European data economy
- but is still faced with significant unrealized potential.
• While a significant number of companies are beginning to adopt data-driven innovation,
this is heavily imbalanced with the relatively small number of “Made in Germany" data
products, solutions, and services.
• IT Security label a good start for CyberSecurity, but similar efforts needed for IoT trust
and compliance with new data protection regulation.
02.03.2018 Page 15
16. Issues for Canada
• Canada previously enjoyed adequacy status under the previous EU Data Protection
Directive 95/46/EC, but has now lost this under the forthcoming Regulation (EU)
2016/679 (GDPR) (Japan is the first country to attain this status under the GDPR).
• Canada will need to consider whether re-attaining this status is an area of strategic focus,
particularly if it wishes to actively participate in the European Digital Single Market and enable the
free flow of data.
• Other emerging regulations to watch - ePrivacy Directive and the NIS (CyberSecurity)
Directive, creating a strategic roadmap for CyberSecurity in Europe.
• Where does Canada align on strategic roadmap? Options for collaboration?
02.03.2018 Page 16
17. Issues for Germany
• DPA fragmentation - engaging with the national market requires a similar amount of
effort as simply engaging the European Single market directly.
• Privacy concerns need to evolve beyond abstinence only approaches towards
participatory approaches where end user awareness raising and the potential to
exercise individual rights through transparent processes are the norm.
• Privacy Paralysis - longest experience with informational self-determination of any
member state, but significant challenges in realizing benefits due to firmly rooted
attitudes shaped by past abuse.
02.03.2018 Page 17