European Commission Draft Data Act Lays Out Data Sharing Obligations for Device Manufacturers, Industrial Systems

CPO Magazine | Scott Ikeda | Mar 4, 2022

Following in the footsteps of the Data Governance Act, the 2021 regulation that established a framework for the handling of non-personal data, the European Commission (EC) is moving ahead with a bill that covers connected devices and their associated services. The Data Act would make data sharing terms more easily accessible to end users, allowing them direct access to stored data and controls to limit its use and movement.

Data Act a win for consumers, riles communications and IoT businesses

The Data Act focuses on the ream of information created and traded by connected devices and attached services. It seeks to give consumers a clear and simple portal into all of this, with direct controls over what is stored and how data sharing is conducted.

See:  UK leads Europe in open banking availability but slower on take-up

In addition to this, the consent process for data sharing is shored up with new rules that include a ban on “dark patterns” that can potentially trick end users into agreeing to unfavorable terms. The Data Act will also prevent government agencies from free access to this collected data, restricting them only to “proportionate and limited” requests during an established public emergency (i.e. a terrorist attack or public health issue). Routine law enforcement actions are specifically excluded from the Data Act terms.

The EC touted the Data Act as a core element of fairness in the digital realm, a catalyst for a competitive data market and data-driven innovation, and a means to make data and data sharing terms more accessible to the average EU resident. It also points out the recent massive growth of overall data volume, and that industrial data in particular goes unused 80% of the time and that €270 billion of additional GDP is possible by 2028 with the new data sharing rules.

See:  Canada Partners with the European Commission to Examine Use of Digital Credentials

Provisions have been added to protect small-to-medium enterprises (SMEs) from being locked out of all this by parties with stronger leverage, laying out terms for fair data sharing contracts. Very small “micro” companies will be excluded from obligations entirely, so long as they are not dependent on another company that qualifies for regulation.

And there is one final perk for end users: the ability to more easily switch between different cloud data-processing services providers and have legal safeguards against unlawful transfers.

While also touted as an overall win for all types of businesses and industrial organizations due to expanded access to device data for purposes such as analytics and comparison shopping, the development is not being taken well by certain industries, particularly tech companies and smart device manufacturers who will be forced to give up their essential monopoly on device-generated data.

Vehicle manufacturers are also generally displeased with the Data Act, seemingly hoping to sit on the unique collection of data generated by the sensors now commonly found throughout cars.

Global Fintech Ecosystems

More NCFA Resources

Subscribe to NCFA's Newsletter

[directiqwp 2]