12/07/'21- For the European Commission, setting the worldwide (legislative) stage on digitization is vital. While the strong public and political discussion is on the Digital Markets Act, Digital Services Act and AI legislation, we should be very much aware of two other proposals with equally seismic ‘big play’ potential: the Data Governance Act and the Data Act.
European Data Act & Data Governance Act: the kids with gamechanging potential
Both Acts – the Data Act still being in the consultation phase – stem from the 2020 EU 'communication on a European Strategy for Data' in which the Commission outlined its vision on a “genuine single market for data” within the next 5-10 years.
Their vision has the potential to be an absolute gamechanger: by developing fit-for-purpose legislation, governance mechanisms as well as investing in next generation infrastructure, the Commission is committed to fostering a digital ecosystem (of companies, civil society, and individuals). Having a data-agile ecosystem will enable easy access to an almost infinite amount of high-quality industrial data to boost economic growth and create societal value.
Three potential heavy impact picks from the consultation document for the Data Act
Where the Data Governance Act (DGA) strengthens the single market's governance mechanism and establishes a framework to facilitate general and sector-specific data-sharing, the scope of the new legislative proposal (the Data Act) concerns the actual rights on the access to and use of data. Three potential heavy impact measures:
- Clarifying rights on IoT data stemming from professional use. The Commission states that the current framework on rights to (non-personal) data – regulated mostly through private contracts - is not entirely fit for purpose anymore. When (industrial) data is generated by a machine in a factory or a farmer using a row crop tractor, who does it belong to? The manufacturer, the factory owner, the farmer? And who may use and share this data with third parties, either to monetize it or to create or use new services? A redistribution of data access and use rights seems to be on the agenda.
- Complementing the portability right under Article 20 GDPR. The portability right under Article 20 GDPR is designed to empower individuals to “pack up all their stuff” and switch to another service provider. Whether that other service provider could actually read and re-use the data, was another question entirely. Now, the Commission intends to address the issues caused by the absence of appropriate technical tools and standards. Technical specifications (interoperability) should enable individuals to switch between service providers and to allow re-use of their (personal) data in a wider digital ecosystem. This might simultaneously promote a more competitive market for data.
- Improving portability for business users of cloud services. The same goes for the Commission desire to drastically enhance the portability of data and services in the cloud: the Commission is contemplating the introduction of a binding obligation for cloud service providers to offer data and application portability. Policy options on the table are the development of (new) Standard Contractual Clauses, high-level legal requirements, or even defining specific legal requirements based on distinct contractual, technical and economic conditions. In a move to foster a competitive cloud market, the Commission takes aim at ‘vendor lock-in’ barriers to put businesses and users back in the driver’s seat and in control of ‘their’ data and services.
Conclusion
A ‘single market for data’ might be approaching faster than we think and its disruption to the status quo of the data landscape should not be understated. Organizations (both public and private) would be wise to seize the opportunity to contribute to the dialogue and shape its impact on their business – before the period for public consultation closes on September 3rd 2021.