The Data Act - data sharing in Europe's IoT present and future

Kris Somers

Last week, a significant new EU regulation has reached a major milestone. The Data Act, a key element of the EU Data Strategy package, was overwhelmingly passed in a plenary vote by the European Parliament on Thursday, following the conclusion of trilogue negotiations in June.

Introduced by the European Commission in February 2022, the Data Act is pivotal in promoting a unified data market. It complements the Data Governance Act, which is already operational and emphasizes the voluntary data sharing by individuals and businesses, along with standardizing the use of certain public sector data. Notably, European data indicates that 80% of industrial data remains unused. The Data Act is poised to unlock more data for reuse, potentially generating an additional 270 billion euros in GDP by 2028.

The essence of the Data Act is to guarantee that users of a product or its related service within the EU have timely access to data generated from its usage. This includes the ability to share this data with chosen third parties, thereby setting new standards for the use and access of data from connected products and related services.

The Data Act clarifies who can access data and under what conditions, allowing more private and public entities to share data. In addition, it secures a clear definition of 'trade secrets' and 'trade secret holders' to prevent unlawful data transfers and data leaks to countries with weaker data protection regulations and introduced rules to avoid competitors in a particular field being able to exploit access to data to reverse-engineer services or devices of their rivals.

In a nutshell: if your company manufactures, distributes or buys interconnected devices (IoT), it may be worth your while to check whether the Data Act, once adopted, will contain items for your "to do" list.

Key aspects of the Data Act include:

·????? Its applicability to manufacturers, service suppliers, data holders and recipients in the EU, public sector bodies requiring data under exceptional circumstances, and EU-based data processing service providers.

·????? Coverage of both personal and non-personal data across all sectors, including public.

·????? Mandates for fair, reasonable, and non-discriminatory data sharing for both business-to-consumer and business-to-business contexts, prohibiting unfair terms on small and medium-sized enterprises.

·????? A prohibition on barriers to switching cloud service providers.

?Among data experts, the Data Act has also raised concerns, particularly regarding the technical and contractual complexities of sharing data with third parties, potential impacts on business innovation, and issues related to protecting trade secrets.

?The Data Act now awaits formal approval by the Council of the European Union to become law. The subsequent publication of the act in the Official Journal will initiate a 20-month transition period.

?