Series
Blogs
EU: The “Data Act” – New rules on IoT data and switching cloud services
EU: The “Data Act” – New rules on IoT data and switching cloud services
16 March 2022
Series
Blogs
16 March 2022
With the number of devices connected to the internet steadily increasing, the internet of things (“IoT”) has become a reality. However, only a small part of IoT data being generated is used and its value is available only to a few large companies.
The recently proposed draft EU Data Act (COM (2022) 68 final) is part of the European Union’s wider Data Strategy and addresses this issue by proposing rules to facilitate access to and use of data generated by IoT devices and related services by companies, public authorities and individuals. The aim is to create a European single market for data (COM (2015) 192 final). The Data Act also proposes important changes to make it easier to switch cloud services.
The Data Act aims to facilitate consumers’ and businesses’ access to, and use of, data generated by IoT devices and related services, while prohibiting such data from being used to create competing products or services. It also contains rules allowing access by public bodies in certain cases.
In more detail:
The Data Act is also intended to facilitate customers of cloud and edge services to switch between cloud providers covering the same type of service. This is done by requiring cloud providers to remove commercial, technical, contractual and organisational obstacles.
In more detail:
The Data Act includes provisions to encourage the development of interoperability standards for data to be reused in different industry sectors to reduce barriers between and within domain-specific data spaces. It also leaves intact the separate rights and obligations under the GDPR that apply to personal data, which must be read in parallel – albeit the Data Act applies to all data, including non-personal data.
Member states must designate a competent authority to enforce the Data Act and set the administrative fines or financial penalties sanctioning any infringement. The Data Act also paves the way for new dispute settlement bodies to settle disputes about data sharing and access.
Before the Data Act can enter into force it must be approved by the European Parliament and the Council. This means that it could reasonably be expected to be adopted in late 2023 or in 2024.
Once finally approved, companies offering services and products into the European market will have 12 months to implement the legal requirements, in particular regarding the new contractual terms and technical means enabling access to data.
The Data Act strives for more fairness in the handling of IoT data by granting consumers and businesses access to the data generated by their devices and enabling them to use it for subsequent value-added services such as predictive maintenance.
The additional information will help users to make better choices, thus allowing them to purchase higher quality or more sustainable products and services. With access to more IoT data, businesses and industry players can benefit from a competitive market for data which allows them to tailor their services to the specific needs of their customers and thus to compete with comparable service offerings. Finally, pooling IoT data could help to develop entirely new digital services.
At the same time, the Data Act poses major challenges for the IoT industry in the way data is handled. In particular, it will require significant design changes to ensure that the data generated by IoT devices is, by default, easily, securely and directly accessible to users.