EU legislators are moving forward with regulation of data generated by devices.
This comes after the “landmark legislation to standardise data-sharing rules within the EU cleared the European Parliament March 14th, despite concerns about espionage and the protection of intellectual property.” The Act “creates a harmonised EU regulatory framework and defines the terms of engagement for how both the private and public sectors can use data.”
We may understand the EU’s Data Act as a response to two realities:
- The question of who owns and has the right to store and make use of non-personal digital data produced in the so-called Internet of Things (IoT). This question applies when objects are fitted with sensors or other record-keeping, data-generating technology, and are interacted with by more than one (a private owner). We may think of a smart fridge or sensors on a pedestrian street recording traffic.
- The fact that a great economic benefit may accrue to those industries that are able to assimilate and crunch large amounts of data (Big Data), which could help them, for example, anticipate changes and identify gaps in the market.
Said EU Commissioner Thierry Breton: “The Data Act will ensure that industrial data is shared, stored, and processed in full respect of European rules.”
In terms of other relevant legislation, the Data Act has been described as a “sidekick” to the General Data Protection Regulation (GDPR) and is more specific to industry.
In particular, as regards data that “represents the digitalisation of user actions and events,” the Act should lead to greater access by the citizenry that contributed to its generation:
The Data Act introduces the principle that users of Internet of Things products, such as smart bridges, should have the right to access the data they contributed to generating, port it or share it with a third party of their choice based on contractual agreements.
Interestingly, the Act sets up the conditions for a new data market, as
Users can monetise non-personal granular data, whilst the data holders can licence aggregated industrial data. In addition, data holders that make the data available to another company will be entitled to receive non-discriminatory and reasonable compensation that might include a margin.
Some industries stand to benefit. The International Road Transport Union (IRU), for example, supports the legislation. The group’s director for EU advocacy, Raluca Marian, was quoted by Politico as complaining that her industry’s data (concerning fuel consumption, driver behaviour, etc.) is important to the sector, but has so far been difficult to access. For example,
Transport operators mainly settled access to these data through contracts with the manufacturers, but they ran into multiple problems doing so … Some transport operators even had to buy specific devices to access the data, getting errors when they didn’t, tying them even more to the manufacturer.
The Data Act would presumably facilitate things and solve the problem of accessibility.
One obvious problem in the above involves trade secrets that might leak through to competitors with the implementation of the Act. To deal with this, the Act will now include an ‘emergency break’ so that concerned parties can notify authorities of information they do not want shared, after which the authorities must come to a decision. The Act also foresees the creation of a Data Coordinator to act as a “single point of contact for companies and authorities.”
As with much EU legislation—seeming reasonable and addressing areas that do genuinely need regulating—the Data Act may also serve as cover for overreach and political control of the citizenry.
Among possible abuses of the Data Act, it is not difficult to imagine a Data Coordinator and industry requirements benefiting some sectors of the economy over others, even apart from providing a sense of security for what is actually still a quite unpredictable, and potentially economically centralising, rollout and expansion of the IoT.
