“It appears on first read of the proposed act, that the IoT device manufacturers will be obliged to comply with the potentially costly changes to their products without much apparent up-sides, while users and third party service providers (including device manufacturers’ competitors!) reap the benefits of the access to vast amount of IoT data. Protection of trade secrets is on the radar, but it may be easier said than done.”
The Data Act is portrayed to expand the ‘data portability right’, familiar from the GDPR, to industrial data, as data should be shared to users or a third parties of their choice even in real time, where possible. The interoperability requirements introduced by the draft regulation are meant to facilitate data sharing. The Data Act will set requirements for data sharing agreements. Interestingly, the mandatory terms restricting device manufacturers’ freedom of contract as to sharing data resemble the license terms applicable to standard essential patents, which must made be available on fair, reasonable and non-discriminatory (“FRAND”) terms: Also the device manufacturers must share data on FRAND terms under the proposed Data Act. Further, the EU Commission aims to create non-binding model contractual terms for sharing of data. This, in turn, resembles of the open source licensing model, where code is provided for the users for free under standard terms.
“While SMEs are exempted from certain obligations imposed by the regulation, device manufacturers are prohibited from applying unfair contractual clauses in data-sharing agreements unilaterally imposed on an SME.”
IoT device manufacturers must also comply with the draft Data Act provisions that aim to reinforce the position of small and medium size companies (“SME”) in the data markets. While SMEs are exempted from certain obligations imposed by the regulation, device manufacturers are prohibited from applying unfair contractual clauses in data-sharing agreements unilaterally imposed on an SME. In addition to a general ban prohibiting such clauses, the draft regulation includes lists of clauses that are, or are presumed to be, unfair and thus invalid. In addition, the draft Data Act sets out obligations for private-sector data holders to share data with public-sector bodies for an exceptional need. This could apply, for example, in case of a sudden emergency, where the risks and/or impacts could mitigated by access to data.
New technologies and digital transformation of traditional businesses have affected all fields of society, and efficient access to data promoted by the Data Act is likely to speed up the transformation even more. Currently, the majority of data are still processed and analysed in data centres and centralised computing facilities. In the coming years, a larger portion of data is expected to be processed closer to the data source, for example in smart connected objects or in local computing facilities. The amount of data is growing exponentially, and it has been estimated that by 2025 the overall data volume will grow 530 % from the figures of 2018. In parallel, we see a clear trend in the growth of data-driven services and data-centred business models. There are new business opportunities within the data economy, for instance for facilitating the transfer and share of data. More extensive and efficient use of data could better support decision making and further accelerate research and development activities in many fields of business, for instance in improved personalised healthcare and new mobility solutions. Conscious use of data will improve traceability of products, help us contribute to a green deal and provide content for the training of artificial intelligence tools.
In order to address the transformation, the EU adopted the European strategy for data with a mission of making the EU a role model for a society empowered by data. Europe is not, however, the only player interested in the topic. Other big markets, such as China and the US, are actively developing and innovating their approach to access to and use of data. While the US market is largely shaped by big private sector players and China exploits all data to maximum effect without focusing on the protection of private individuals, the European approach to data economy is built on firm European values and fundamental rights.
As part of the European data strategy, the EU Commission has given proposals for five different data regulations:
- Data Governance Act (DGA) aims to promote altruistic data sharing by creating a new governance structure and lays down conditions for re-use of certain categories of public sector data;
- Digital Markets Act (DMA) lays down harmonised rules applicable to large online platform service providers (“gatekeepers”) with an objective to ensure fair digital markets;
- Digital Services Act (DSA) lays down harmonised rules applicable to the provision of online intermediary services such as online platforms, with the aim of increasing the safety, security and transparency of such services;
- Artificial Intelligence Act (AIA) lays down a risk-based legislative framework for AI applications and prohibits certain unacceptable AI practices; and
- Data Act (DA) lays down harmonised rules on fair access to and use of data across different sectors.
The DGA and DMA have already been published (although applicable only after the transition periods) and the DSA is expected to be published soon. AIA and DA are still subject to discussion.
Special thanks to Amanda Terhonen who participated in the writing of this article and works as an Associate Trainee at Dittmar & Indrenius in autumn 2022.