EU Council adopts Data Act

The act sets principles of data access, portability, and sharing for users of IoT products.

Flag by EU.

The EU Council adopted a new regulation on fair access to and use of data (Data Act). Essentially, this new regulation will give users and businesses access to data generated by the use of their products or services, through a reinforced portability right and copying or transferring data across different internet of things (IoT) products.

The Data Act aims to ensure adequate protection of trade secrets and intellectual property rights while providing safeguards for exceptional circumstances and dispute settlement mechanisms. It also seeks to protect EU companies from unfair agreements. It allows public sector bodies, including the European Commission, the ECB, and EU bodies to access private-sector data that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest. Additional safeguards against unauthorised data transfers are guaranteed, and consumers are ensured they can switch cloud providers. The Data Act leaves it up to the discretion of the member states on how they will implement and enforce these requirements at the national level.

Following formal adoption, the Data Act shall apply 20 months from its entry into force, with new products required to meet design requirements for data accessibility after one year and existing contracts on IoT products after five years.

Why does it matter?

The adoption of the Data Act essentially aims to solve the issue of who owns the data generated by internet of things products (the users) by giving consumers the right to access all of their own data. Disputes between the device manufacturer and buyers will be primarily resolved through contractual agreements, resulting in disproportionate benefits to the more powerful party, which in this case was the manufacturer.

It is also believed that mandatory data-sharing could expose commercially sensitive data and lead to the development of imitative technologies across the EU. Additionally, concerns were raised over the possible clashes with the General Data Protection Regulation (GDPR).

On the bright side, it seems that the Data Act could benefit transport operators across the EU. It could ease the process of accessing data related to fuel consumption or driver training, among others, without having to buy specific devices to access these data.