Political agreement for new European Data Act
The EU has made a name for itself in the field of data protection. Brussels now seeks to mandate data sharing in order to revitalize dormant information. A European Data Strategy was announced in February of 2020, with which the EU intends to position itself as a pioneer in the era of the data-driven society. The European Union then adopted the European Data Governance Act in February 2020 seeks to increase trust in data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles to the reuse of data.
In addition to the European Data Governance Act, a new “European Data Act” shall define who is entitled to generate added value from data and under what circumstances this can or must occur. The European Parliament and EU Council reached a political agreement on 28 June 2023 to adopt the European Data Act, which the EU Commission had proposed in the form of a regulation in February 2022. This law, unlike the now-famous GDPR, concerns access to and use of the data of the so-called “internet of things”. It is therefore a matter of regulations designed to clarify who may use and have access to the data generated in the EU’s economic sectors.
Consider, for instance, a machine in a factory. The manufacturer of this machine reads and analyses its operating data to proactively offer repair services to the factory owner before the machine breaks down. Now, the EU Commission wants the factory owner to be able to grant a third-party company access to this data, which was previously solely controlled by the machine manufacturer. Thus, a third party would then be able to offer a potentially less expensive repair service.
The European Data Act would allow users access to data originating from their networked devices and the ability to share it with third parties. In public emergencies, such as floods and forest fires, a government shall also be able to compel companies to disclose certain data. Lastly, regulations are planned to facilitate customers’ transition from one cloud provider to another.
The European Data Act proposal has been criticized by a larger number of companies. Specifically, industry representatives are concerned that organizations may be compelled to share data with non-EU competitors (read: in China) who are not required to comply with the law’s safeguards. In addition, they criticized the fact that malicious actors could use the revealed internals to hack a company’s system.
In response to this criticism, an EU commission spokesperson emphasized that the new act was intended to create new business opportunities. The warnings were discussed during negotiations between the EU Commission, the European Parliament, and the Council of Member States. The protection of trade secrets would extend to foreign countries. According to the EU Commission, these should not be used as an excuse for not sharing data.
Following the political agreement between the European Parliament and EU Council of 28 June 2023, the two EU legislative bodies must now formally endorse this political agreement. Subsequently, the European Data Act will enter into force 20 days after its publication in the Official Journal of the European Union and become applicable 20 months after its entry into force.