The Data Act is a proposal for a new regulation that is intended to create horizontal legislation for sharing personal and non-personal data, by, for example, guaranteeing users of connected products – such as vehicles and machinery, medical equipment and connected health products for consumers – access to data generated from their use. The regulation also guarantees that public bodies are granted access to company data under certain conditions.
But are the proposals appropriate, and are the measures proportionate? The Confederation of Swedish Enterprise organised a digital seminar to take a closer look at the proposals’ consequences and opportunities.
Charlotte Andersdotter, head of Swedish Enterprise’s EU office in Brussels, welcomed participants and opened the session by saying that it is difficult to concentrate on anything other than events in Ukraine.
– Having said that, work must continue, and business has a key role to play in a strengthened Europe. The Data Act is a cornerstone of the European data strategy, and an important issue for the future not only for business – but for Europe and our immediate neighbourhood, Andersdotter said.
António Biason, Legal and Policy Officer, Directorate-General for Communications Networks, Content and Technology, said that the data-driven economy was facing a critical juncture. The Data Act is the latest initiative in the broader European data strategy, which aims to create a common European data flow – an internal market for data. The European Commission is working hard on several parallel initiatives to achieve this, Biason said, the Data Act being one of them.
– The Data Act is intended to establish a fairer market by giving users of connected products the right to access data generated during the use of such products. The regulation should harmonise the laws of member states and contribute to making data sharing fair, reasonable and transparent. Furthermore, the regulation will increase opportunities for more people to use data – the data-driven economy has the potential to increase the EU’s combined GDP by 270 billion euros by 2028, Biason explained.
Broadly speaking, the proposed regulation will give users more control over and access to their own data. The proposals will also give public bodies better access to necessary data, while minimising demands on companies.
– It was easier in the past, but the Internet of Things brings with it new challenges. It’s not just about how data is collected and used, but also who benefits from it. Small companies are exempt from many of the proposed requirements, but retain access [to data]. In addition, to support greater competition, the regulation would regulate unfair contractual requirements on small businesses, Biason said.
The Data Act must also make regulations between companies and public bodies proportionate, limited and predictable. Today, many companies receive multiple requests for the same data, which creates uncertainty and additional work.
– Companies need uniform and clear rules and standards to comply with. Only then can we maximise the value of the data-driven economy, give users control over their own data and make data accessible. This is how the EU can become a leader in the second wave of data economy, concluded Biason.
Moderators from Business Europe, Svetlana Stoilova, adviser, and Elena Bertolotto, senior legal adviser, led a discussion on the impact of the proposals on European business.
Christina Wainikka, policy expert for intellectual property law at Swedish Enterprise, saw two major question marks over the proposals. One concerned the broad definition of data. Many jurisdictions differentiate between data and information, such as the GDPR data and the Trade Secrets Directive.
– Is there a difference? Is there a definition? And what is the legal definition of data? Data is an important asset. Sometimes it is even referred to as the new oil; having access to data and knowing how to use it offers huge advantages over competitors. But what really is it in a legal sense? Definitions differ between member states, which complicates alignment efforts, Wainikka said.
Carola Ekblad, digital policy expert at Swedish Enterprise, described the initiative as “ambitious”, but also said that existing legislation concerning data sharing is still new and that market players probably needed clarification of existing legislation rather than more legislation.
– There are legal requirements that make it difficult to share data, and distinguishing between personal and non-personal data is one of them. A clearer set of rules regarding the requirements for data sharing is needed, and companies need more time to adjust. At this stage, we should focus on incentives rather than coercion. And the Data Act must ensure that the right to data is not abused. The right of public bodies to data must be limited to data with a strong public interest, and these requirements must be sharpened and better defined. The definitions in the current proposal are too broad, Ekblad said.
Carolina Brånby, digital policy expert at Swedish Enterprise, said that the consequences of the directive for small and medium-sized companies had not yet been sufficiently looked at. The measures required are costly, and it is difficult to know to what extent action needs to be taken, Brånby argued.
– Preventing the transmission of data creates competitive disadvantages for European business. In addition, the risk analysis is flawed. As with the GDPR, far-reaching security measures are required for data that are not necessarily particularly worthy of protection. The situation is also complicated by the fact that companies rarely transfer either personal or non-personal data – it is usually both. Third countries’ access to data is already regulated by the GDPR and trade agreements. There are already requirements for careful processing and informing users. Requirements on companies must be proportionate: the cost and time spent [complying with these measures] must be weighed against the benefits. In addition, the implementation time is far too short – companies need twice as much time, Brånby concluded.
Watch a recording of the webinar here.
EUData act