The European institutions have agreed on the data regulation, the Data Act, which will give EU citizens improved access to their personal information. These will be better framed, but not necessarily less disseminated.
Flooded as we are by connected objects or artificial intelligence, we cannot deny that the volume of data generated by both humans and machines is constantly increasing, becoming a major challenge for companies, users and public authorities. This Wednesday, June 28, MEPs and the Council of the European Union reached agreement on the Data Act. This European law must stimulate innovation by putting an end to the current barriers that limit access to data. Five years after the GDPR, the EU is about to adopt another major text on personal data.
What is the Data Act?
This new data regulation establishes the rules for the sharing of data through the use of connected products, services or machines in the IoT world in general. These include household appliances or connected cars. But all economic sectors are concerned. At the same time, the text makes it easier for users to switch providers in the cloud and (really) access the data they generate every day. They can thus exercise better control over them, at least on paper.
When you buy a smart device that generates data, you usually don’t know who can do what with the information collected. The Data Act must give individuals and businesses what the European Union calls a ” reinforced right to portability “. This allows the easy copying or transfer of data between different services, if this data has been generated by connected objects or devices.
Take the case of a car owner. He will now be able to choose whether or not to share the data produced by his use with his insurer. The information collected could, in return, freely contribute to improving services, or even reducing their cost. In our example, they would allow insurance companies to flag certain high accident risk areas. ” It will be easier to transfer data to and between service providers, encouraging more players, including SMEs, to participate in the data economy “, explains the European Commission.
Encourage the production and circulation of data while providing greater control to users
The EU is therefore about to take up the daring challenge of supporting innovation (the development of artificial intelligence in particular) within the area by collecting data to which users would have easier access. We are here faced with a sort of circle that is both virtuous and vicious. Europe needs to strengthen its single market in the face of the Chinese and American behemoths, but we are also putting a small piece in the machine to produce and share data.
Another point of concern: a thinned border between the private and the public. The regulation, which wants unlock the value of data would, for example, allow the authorities to have access to data from private companies. The European Union gives the example of floods or forest fires to pass the pill.
But limits are made to be crossed. ” If the data is needed to respond to a public emergency, it should be provided free of charge. In other situations – to prevent or overcome a public emergency, or to fulfill a public interest mandate imposed by law – the data holder may request compensation “explains Brussels. During the COVID period, after all, geolocation data, although anonymized, was used to limit the spread of the virus and limit outbreaks.
Fight against illegal data transfer and easier transition from one cloud service provider to another: the other points of the Data Act
It should be noted that MEPs took care to include certain provisions aimed at preventing illegal transfers and data leaks to countries with less stringent regulations on personal data.
Also, it will become easier to transfer data and applications from one cloud service provider to another, without having to incur any charges. This will become a reality thanks to the new contractual obligations arising from the settlement. Providers will then be subject to a new standards framework for the interoperability of data and services in the cloud.
Today, the data generated is only used exclusively by a few players, who lock it. If users will have access to data, small and medium-sized enterprises will also be protected against certain data sharing or use clauses. A start-up that relies on a database of a tech giant to develop an algorithm will, for example, be protected from too early termination of the contract, in the event that the large company develops a similar algorithm from from the same database.
The informal political agreement must now be formally approved by the two co-legislators (Parliament and Council of the EU). This will be the final stage before its entry into force, scheduled for 20e day following that of its publication in the Official Journal. Its applicability by the Member States must be done within 20 months.
Sources: European CommissionEuropean Parliament, Clubic
3