With the EU Data Union Strategy now in the preparatory phase and Denmark’s Presidency of the Council of the EU planning to push for an ambitious GDPR review, European startups and scaleups are increasingly active in voicing concerns on issues ranging from health to automotive data.
Ovoko is a Vilnius-based marketplace, founded in 2016, that connects dismantlers and recyclers with buyers of used car parts across Europe.
carVertical, founded in 2017, provides vehicle history reports via VIN checks to reveal accidents, mileage fraud, theft records, and more.
Can you walk us through your typical experience of accessing data from public institutions? How long does it usually take from the moment you file a request to when you actually receive the data? And what would you say are the biggest hurdles in this process?
Rokas Medonis, CEO of carVertical: Our typical experience is a lengthy and labour-intensive process of proving our right to access vehicle data. Before we even get to the data, we spend months proving our right to access it. The problem is twofold: different GDPR interpretations across Member States, and in many cases, a lack of real ambition for open data. Together, these hurdles keep the EU’s data economy lagging behind global leaders.
In some countries, it can take two to three years just to obtain a single dataset from a state institution. The biggest challenge is the inconsistent treatment of VIN data. Many authorities classify VIN entries as personal data, which gives them grounds to restrict access. This domestic-first approach undermines the Single Market and harms consumers directly.
Our data shows the consequences: buyers of cars with manipulated odometers typically overpay by at least 20%. In 2024 alone, 4.9% of all used cars in Europe had falsified mileage. Once a vehicle crosses borders, it’s often impossible to verify its real history because of fragmented, sporadic data sharing.
On top of that, public institutions aren’t incentivized to release high-value datasets, since selling this data is often a revenue stream. That makes it even harder for companies like us to access the information needed to protect consumers and help them avoid fraud.
Rokas Medonis, CEO of carVertical
Unlike some other companies, Ovoko doesn’t rely heavily on public data sources. Why is that the case, and what challenges do you face when trying to access even basic technical identifiers like VINs or license plates?
Justinas Baranovskis, CEO of OVOKO: Yes, we don’t depend on data from public institutions because getting it is slow, inconvenient, and, most of the time, simply impossible. Basic details like VINs and license plates, which are vital for matching spare parts, are effectively out of reach. The main problem is that these technical identifiers are treated as personal data, even when they’re only used for safe, practical purposes. This blocks trade, reduces consumer choice, and can even put road safety at risk. The EU needs a clear, common rule that separates technical data from personal data, with safeguards against misuse. Public bodies should also commit to answering legitimate requests within a reasonable time, say 5-10 working days.
During the European Data Strategy consultation, one idea was to create a ‘one-stop shop’ for startups to access additional data sources and encourage voluntary data sharing. In your view, should scaleups have the same level of access, and why?
Rokas Medonis, Ceo of carVertical: I firmly believe that scaleups should enjoy the same level of access as small startups - unless the EU has changed its ambition for European-born and bred scaleups and unicorns. Creating an artificial distinction between startups and scaleups makes no sense when we’re talking about access to data within the EU. At the end of the day, whether it’s a 5 person startup or a 500-person scaleup, everyone has significant potential to benefit society and the European economy. If the EU wants to compete globally, it must give innovators space to scale - with the EU data framework as well.
Justinas Baranovskis, CEO of Ovoko: I agree. In addition to that, a single EU-wide platform for vehicle data would make life a lot easier and be a real game-changer. Right now, we deal with a patchwork of different rules and systems in each country, which wastes time and resources. Startups aren’t the only ones who need easier access; companies like ours face the same roadblocks. Equal access for all would mean fairer competition, faster service, and safer cars. When it comes to fixing vehicles, the data you need shouldn’t depend on where you’re based or how big your company is.
The Danish Presidency has made reducing the administrative burden of the GDPR one of its priorities, though most of the proposed changes focus on SMEs. From your perspective as a scaleup, what kinds of adjustments or clarifications in a GDPR review would actually make a difference and ease the administrative burden for you?
Rokas Medonis, CEO of carVertical: On paper, the Data Act does provide mechanisms to protect startups and scale-ups when accessing data from both public and private sources. But in reality, smaller and newer players rarely have the resources to engage in lengthy litigation to protect their rights.
Another major problem is how data access rules discriminate against companies that don’t neatly fit the definition of the automotive sector. Because we don’t manufacture car hardware or software, registries often shut their doors to us, even though our entire business revolves around vehicle data. I hope this can change very soon.
What’s really needed right now is a harmonized approach to vehicle data. Protecting only the incumbents is detrimental to the economy and consumers. In fact, it hurts them: studies indicate that European countries lose around €5.3 billion annually due to odometer fraud alone. Creating sustainable and fair mechanisms for vehicle data sharing can drastically reduce that damage.
Justinas Baranovskis, CEO of Ovoko: For us, the biggest GDPR challenge is that technical vehicle identifiers are automatically treated as personal data. That means we must go through long, unnecessary processes - extra paperwork, multiple consent steps, and pointless anonymisation- even when the data can’t be linked to a person. The rules should be clearer: if something like a VIN is only being used to check parts compatibility or safety, it should be handled differently. A VIN tells you more about a gearbox than about a driver, and treating it otherwise just adds cost and delays for everyone.
Justinas Baranovskis, CEO of Ovoko
Are there any good practices on data access from other EU Member States that you think are worth highlighting?
Rokas Medonis, CEO of carVertical: Some EU countries are showing real leadership when it comes to opening data for the broader public benefit and consumer protection. Sweden and Finland, for example, have introduced GDPR legal exceptions based on the legitimate interest principle, which enables access to technical inspection data for companies like ours.
It’s not only about legal tweaks either - Latvia, for instance, now compensates national registries for opening up high-value data sets, which they might otherwise be reluctant to do because of the revenue loss.
Justinas Baranovskis, CEO of Ovoko: In our experience, France has also managed to find a sensible balance between protecting privacy and allowing business to function. In a few places, authorised companies can check vehicle registry data in real time, under strict controls, for things like part compatibility. This means faster repairs, fewer mistakes, and safer roads without putting personal privacy at risk. The EU should copy these good examples so that this kind of access becomes standard everywhere. You can protect privacy and keep the wheels of business turning- some countries are already proving it.
