What were they thinking?
IThis is the second post in a series of articles explaining the forthcoming EU Data Act. In the first article I explained what the EU Data Act is all about and who must comply and when. In this article I will try my best to explain what the EU is trying to achieve with this regulation. With the US now under the questionable politics of a second trump government, the timing for the act seems wholly appropriate.
The expansive portfolio of EU data governance regulations focusses on defining Europe's data economy as the counterpoint to monopolistic data economies grown out of the USA. The EU believes that if data is today's oil, then that oil needs to be taken from the hands of the offshore few and distributed equally into the palms of every consumer and small enterprise across the 27-nation block. And of course, not forgetting every interested public body and government department.
The Digital Markets Act fired the first major shot across the bow of team America by defining a specific group of companies as exploiting monopolistic practices when it comes to European data. Alphabet, Amazon, Apple, Bytedance, Meta and Microsoft are all defined as Data Gatekeepers and under the Digital Markets Act, must comply with a set of strict regulations around handling of personal data that are intended to even out the playing field as much as possible to allow small businesses in the EU to function without being run over.
The Data Act goes one step further and defines non-personal data generated by machines as being the common property of the EU. In fact, article 40 of the act goes so far as to state "...an undertaking that provides core platform services that has been designated as a gatekeeper cannot request or be granted access to user's data generated by the use of a connected product or related service or by a virtual assistant pursuant to this regulation". Or to put it simpler. "You guys don't get to play anywhere in our sandbox!".
So extending this legislative embrace of keeping EU Data inside the EU, the EU has decided a few more core principles around machine generated device and usage data.
1. IoT Data is always the property of the data subject. The data controller is no longer able to monopolize decisions on who gets it and when. From September 12 only the data subject can.
2. everyone inside the EU should be able to share their machine-generated data freely with anyone else within the EU.
3. The data controller is responsible for making sure that all data is sharable and distributed in machine readable format with the metadata necessary to interpret it.
4. while a data controller can charge for data being shared to other business entities, there are strict rules governing how much different size business entities can be charged.
5. If the S**t hits the fan, any public body can request and hoover up all relevant machine generated data from any data holder.
This of course represents an oversimplification of 75 pages of legal articles but in general the EU envisions a data economy where everyone from the smallest research institute to the competing service providers can access all machine generated data within the EU under Fair Reasonable and Non-discriminatory Terms. Ultimately there will emerge a digital Europe where data flows freely through the veins of commerce and where no commercial entities are able to corner and monopolize the value inherent in that data. A simple example would be a consumer buying a new car and requesting that their local garage be granted daily telemetry data for the purpose of competing with the OEM for preventative maintenance revenues. Similarly, a patient could request that their connected heart rate monitor share data hourly with a university medical researcher.
If you are reading this then you have likely also read some of the posts and comments on LinkedIn where the US is praised, and the EU is accused of strangling innovation and business through legislation. It is not my intent with this article to enter this debate, but it is fair to point out that European socialism always aims to put the good of the many above the interests of the few. If all data is freely available within the common market, the EU could eventually arise as the most versatile digital economy in the world. At least this seems to be Brussels' intent. Whether it pans out is another thing but for now, every business collecting data on any device within the EU has exactly 234 days left before they need to rescind control over IoT data to their users.
Antony Beswick
