The day begins with a droning, unpleasant noise. Your smart refrigerator loudly informs you that the freezer compartment is now unusable thanks to water damage during the night. Instead of a shopping trip to the nearest electronics store, you now ask the manufacturer of your refrigerator for the data you need for a repair and send it to the installer you trust. This vision is part of the European data strategy and is intended to be an expression of a forward-looking and digital Europe. However, there is not only talk of potential, but also of a legal framework that does not lose sight of personal as well as economic aspects: the DATA ACT. In this blog post, you will learn why it is needed and what makes it tick.
Globally, rapid growth is occurring within an already enormous data economy. The EU forecasts a 530% increase in global data volume between 2018 and 2025. Accordingly, the absolute volume of data is expected to reach 175 zettabytes in just a few years, with one zettabyte equaling the absurd sum of one trillion gigabytes. In addition, the value of the data economy is expected to increase to 829 billion euros by 2025, which will be due not least to the eleven million data specialists in the European Union predicted by then. In this Europe, where two-thirds of the population will have at least basic digital skills, the aforementioned data strategy cannot be missing.
What's the plan?
The European Data Strategy was presented on February 19, 2020 and aims to create a European data market that enables the free flow of data within the EU and between business sectors, research and public administration. This is expected to create many benefits for individuals and businesses. For example, citizens will enjoy, among other things:
better medical treatment thanks to access to medical data,
better digital skills,
a trusted digital identity,
smart technologies to save energy and money,
as well as more environmentally friendly agriculture
and digitized transportation
can look forward to. For businesses, the EU predicts the following benefits, among others:
high-quality industry data that leads to cheaper and more efficient production
better trained employees
support for small and medium-sized enterprises through artificial intelligence.
To achieve these goals, the EU is focusing on three different aspects: the Data Governance Act, ten so-called Data Spaces and the Data Act.
The Data Governance Act (DGA) came into force on June 23, 2022, and will be applicable from September 2023 after a 15-month transition period. Centrally, the Data Governace Act includes four broad sets of measures. The first is to facilitate the use of public sector data. For example, health data can be used for research purposes. Second, it aims to ensure that intermediaries involved in the data sharing process are trustworthy. Third, the DGA provides that data from citizens and businesses can be more easily used for socially beneficial undertakings. Finally, it aims to make data sharing easier in general.
Data Spaces, in turn, are intended to enable the full potential of data to be realized in strategically important economic sectors. Ten areas were originally selected for this purpose: Health, Agriculture, Manufacturing, Energy, Mobility, Finance, Public Administration, Skills, the European Open Science Cloud and the Green Deal. Since then, more have been added, for example in the areas of media or cultural heritage. The goal is for all Data Spaces to work together to create a European market for data. Within the Data Spaces, tools and services are used to enable the collection, processing and sharing of data between organizations. They also include a legal framework that defines regulations regarding access and processing of data. Finally, the accessibility, quality and interoperability of data should be improved.
Aspect number three: The Data Act
The Data Act is the final building block of the European data strategy. The aim of the Data Act is to give a large group of stakeholders easy access to their data and thus maximize the value of the data. The large group of stakeholders means all parties involved in the production of data. It further aims to ensure fairness in the digital space, stimulate the data market, and promote data-driven innovation. Although the Data Act was introduced a little over a year ago on February 23, 2022, it will become applicable by 2025. Still, Brussels expects the Data Act to generate an additional €270 billion in gross domestic product by 2028.
In concrete terms, the Data Act provides for users of networked devices to have access to the data they produce, so that this data can subsequently be shared with third parties. This can be understood as the example at the beginning of the article as well as the sharing of data from a smartwatch with an insurance company in order to receive personalized rates. Furthermore, it gives small and medium-sized companies more bargaining power over large corporations by protecting them from unfair contract terms and by publishing templates of "data sharing" contracts between companies. The Data Act also provides funding for the public sector to access and then use data from private companies in emergencies such as forest fires. However, this data may only be non-personal data. Consumers will be able to switch between different cloud-based data processors and implement safeguards against unlawful data transfers thanks to the Data Act. Finally, the Data Act revises certain aspects of the "Database Directive" created in the 1990s. This is intended to ensure that data stores containing data from IoT devices are not protected by separate legal protections. This is to guarantee that IoT data can actually be used.
The final version of the Data Act was approved by the EU Parliament on June 28th, 2023 after introducing an original draft an call for feedback earlier in March that year. Among other things, this version finally stipulated that consumers do not have to pay for the data of data holders, i.e. companies with control over the data. Companies, on the other hand, may be asked to pay if they obtain data from other companies. Once obtained, it may not be used for the development of competing products.
In order to keep pace with developments as best as possible and create added value, we are working on a research project together with the St. Pölten University of Applied Sciences. Under the name DAIAP - Data Act in Action Prototype, a solution is to be developed by mid-2025 with which the Data Act can be implemented. Despite several discussions with experts in the field of EU legislation and various (IoT) companies in the course of trade fairs such as the IFA Berlin, the IAPP Data Protection Intensive Germany/ Brussels or the IoT Tech Expo Amsterdam, no concept could be found that meets the requirements of the Data Act.
Contact
Partner & Sales Manager: Alexander Jürgens
E-Mail: office@apocrat.at
Mobile: +43 676 4025255