Uncovering the EU’s proposed Data Act

As it currently stands, can the EU Data Act actually work? And how will it affect the way data is utilised in Europe?  Paolo Falcioni, APPLiA Director General shared the reality of the current proposal at the thematic EPP Group stakeholders meeting.

As it currently stands, can the EU Data Act actually work? And how will it affect the way data is utilised in Europe?  Paolo Falcioni, APPLiA Director General shared the reality of the current proposal at the thematic EPP Group stakeholders meeting.

At its core, the overriding objective of the EU Data Act is to enable a data-driven economy that guarantees a fair treatment of data while securing innovation and fostering access to and usage of data. With no doubt,  the aim is laudable and pivotal to the ultimate success of the digital transition. Yet, the current proposal presents a number of substantial issues that, if not properly addressed, risk jeopardising the well functioning of the Single Market. The case of a washing machine clearly indicates some of the major downfalls of the Act, where generated data must be made available to the user. “First, we must ask, what kind of data? The memory dump of all data generated by the microprocessor? The washing habits? The definition of data, as provided in the text could be applied to all of the above,” outlined Falcioni. Next, the Act specifies that data generated by the washing machine must be made accessible in real-time and securely. “Normally, a washing machine is run when somebody is home,” hinted Falcioni. As such, “knowing that pattern will reveal when the home is unoccupied, compromising the safety of the people who live in it,” warned Falcioni, on the threat of the user’s data being exposed to third parties. Finally, on the topic of user’s sharing data with a third party, this could also open the door to a possible breach of trade secrets and of intellectual property rights, possibly leading to reverse engineering of products. The research and design of applications takes years, and money. Under any circumstances a law can depower that effort.

Assuming now that data is defined, that the data sharing is secure, and that a third party gets access to data, the Act states that it cannot be used to profile the user. But how could we make a separation between data that could potentially profile the user and data that cannot? 

Building on this, can the Act actually work? If it is to be the driving force of the European economy, three key principles must be secured:  

 (1) data sharing must be on a voluntary basis as legislation must not be used to force data disclosure; (2) contract law must apply; it must not be legislation setting contract terms between market actors, unless it is to address a market failure - which is not the case, today; (3)  finally, intellectual property must be protected in order to secure the research and design innovation of each manufacturer. 

In an ever-evolving ‘internet of things’ landscape, data is ‘the new oil’ in terms of services and opportunities it can generate. By design, the European Commission’s proposed Data Act is a "blanket legislation", applicable to all products regardless of the specificity of each sector. As such, its applicability is rather fuzzy, and so are its potential outcoming advantages.