Table of contents
Among the EU regulations that have been in the works for some years now, which confirm the European Union’s position as a global leader in the innovative ecosystem in the legislative field, there is the Data Act and its entry into force.
The Data Act process
On 28 June 2023, a
political agreement
was reached between the European Parliament and the Council of the EU on the Data Act. The law was then subject to approval by Parliament in November and published in the Official Journal
of the European Union in December. After 20 days of its publication, it finally came into force this week. It will become applicable after 20 months, i.e. from 12 September 2025.
The context
In the era of Digital of thinking , one of the challenges that companies are also facing concerns the amount of personal (e.g. health) and commercial data that they have to manage. We now live in a hyper-connected world where our data, also due to the[ab] use of social networks, is in the possession of various companies, from Big Tech to the Public Administration – and the exchange between them is difficult if not impossible. Their production is increasingly exponential and one of the problems lies in their management. In the past, there have been several actions by governments and the EU that have sought to protect the user, as well as the consumer, from the illicit use of their data. In this regard, the EU has already put in place the DMA and DSA for some years now. In this article you will find an in-depth look at the European regulatory framework and the current situation. While this amount of data represents an asset to be managed, on the other hand, its easy access thanks to the Data Act would allow for potential for innovation and competitiveness. This is why the Data Act aims precisely at greater control of data management by companies and their sharing, strengthening the right to portability, but also at protections and guarantees for users.
What it includes
The Data Act establishes certain mandatory data sharing requirements for industrial processes. It is therefore a law that aims at transparency and sharing of these through the obligation to companies in favor of other companies, governments and users: according to the European Commission, 80% of the industrial data collected is never used. The law will allow users to access and verify data generated by the use of connected products or related services (e.g., Internet of Things, industrial machinery). The Data Act will serve to protect trade secrets and prevent illicit data transfers for companies, in order to prevent them, such as the leakage of data to countries with weaker regulations on their protection or such as their access by competitors and their exploitation to decrypt rivals’ services or devices. The new law also makes it easier to change one provider (provider) of cloud services (cloud es. app, infrastructure or network companies) to switch to another. And it introduces safeguards against illegal international data transfers by these companies. It aspires to make after-sales services and repair of related devices more economical. In addition, the Data Act, in the face of emergencies, such as natural disasters (e.g. floods and fires), guarantees that the Public Administration will be able to access and use the data held by the private sector. Finally, the law would contribute to the development of new services, particularly in the field of artificial intelligence, where huge amounts of data are needed for the training of algorithms.
What’s changing for startups
For startups, the Data Act brings both opportunities and challenges: while startups will be able to access a greater source of data, especially from competitors, corporate or multinational, they will certainly have difficulty in complying with and integrating the new data protection rules into their services. Until now, this type of exchange already takes place through a confidentiality agreement (NDA), where both parties must still have ownership of the data being exchanged and above all always comply with the clauses of the GDPR. But with the Data Act, the new agreement will have to comply with its clauses, which ensure that users are in control of their data: and specifically, users may not allow the startup to transfer their data to another company.
Conclusions
Thanks to the Data Act, manufacturers and service providers will be obliged to allow access to the processed data. Essentially, control over the data generated will have to be in the hands of end users who will be able to share it with third parties. Until now, this option was only granted to the manufacturer, preventing the consumer from turning to a cheaper repair service. The aim of the Data Act is therefore to foster a more democratic distribution of the value produced by the use of data in an increasingly digital economy. As with the DMA (e.g. heavy penalties for violating the rules), there are also concerns about the Data Act that affect companies, such as foreign ones, to comply with these laws: the risk therefore not only of a slowdown in the economy, but also in innovation. the Data Act could then create conflicts with another regulation similar for some purposes and already in force for years: the General Data Protection Regulation (GDPR). It also adds to an increasingly complex and articulated package of regulations. There are also concerns about the safeguards that can actually be put in place to protect trade secrets during data access requests. Also on the user side in healthcare, such as for the potential “implications on patient or device safety” if the obligation to share data were to affect the requirements imposed on medical devices by other EU regulations. Users may not be able to interpret the raw data, increasing the risk of misdiagnosis and treatment decisions. Communication to organizations is essential, and what would be needed in the short term are guidelines that are easy for companies to adopt and in the immediate future. (Photo by Guillaume Périgois on Unsplash)
ALL RIGHTS RESERVED ©