Christine Said, EU Policy Executive
This Opinion Piece featured on Malta Business Weekly, on 23 October 2022.
Some argue that data is a new form of currency. Data, terabytes of it, is generated daily in our modern world; offering those who are able to harness it and utilise it, the prospect of innovation and wealth. As of 2018, the global data volume stood at 33 zettabytes generated and this figure is projected to increase fivefold by 2025. On this premise, the European Commission understood the potential of optimising the access to and use of data and put it at the centre of its plan for ‘’a Europe fit for the Digital Age’’.
Recently, the Commission proposed a Data Governance Act and the EU Data Act. Whilst the Data Governance Act addressed the facilitation of data sharing across economic sectors and member states, the Data Act aims to make the data generated by Internet of Things devices widely available in creating more opportunities and benefits to both consumers and businesses. For example, the optimisation of operational cycles in factories will become possible. Having factories access all the data generated by the industrial equipment they use, means that they are able to analyse and rework the data in optimising their operations making them more efficient, productive, and consequently generate higher revenues.
The Data Act therefore lays the ground for horizontal sharing of data across sectors, business-to-business, business-to-government, government-to-business, and government-to-government. It is a first of its kind and has the potential to be as far-reaching as the GDPR law has been in recent past. However, this is only possible if there is the motivation and willingness for businesses to take up data driven solutions to increase growth and innovation. And this could only be achieved through a regulatory framework that is proportionate and that brings compliance costs to a minimum.
The Data Act aims to level the playing field by shielding SMEs from unfair contractual terms imposed by parties with a significantly stronger bargaining position, as well as develop model contractual terms in order to help such companies draft and negotiate fair data-sharing contracts. In the case of some data generating products and machines, the data will be directly accessible to users. In such cases, SMEs should not pay more than the costs that have been incurred by the other party to make the data accessible.
What does this all mean in practice? If we were to take data generated by connected cars for example, it would mean that SMEs offering aftermarket services would have access to the data generated by the users’ cars. This would be data that would have previously been only available to the manufacturer. Through the access of this data, the aftermarket services providers can now be more innovative in offering the correct kind of repair services without needing to consult the manufacturer and offer this at possibly a cheaper price.
Additionally, data processing services such as cloud providers would be obliged to simplify the process by which businesses switch to other providers by providing customer assistance and phase-out switching charges.
The Act also regulates how data could be used in public emergencies. In such cases, data would need be made available to the relevant public authorities free of charge, except for micro and small businesses that will be exempted from this obligation. In the event of a wildfire or flooding for instance, authorities would need access to quick and accurate data in responding effectively to that particular public emergency. Data generated from social media platforms for instance can help track the concentration of people in the area and research tools such as the University’s GPS directional wave buoy in Gozo, can measure the gravity of the emergency. For public bodies to have access to such data in times of emergencies can be considered as a game changer in saving lives.
The Data Act therefore, is of interest to a wide range of businesses, including manufacturers of IoT devices, distributors, cloud hosting services and data-driven companies. From a business perspective, given that this framework is consumer-focused and will have far reaching effects across sectors, this proposal is generally welcomed. Having businesses range from large to micro in scale having equal opportunity to access and share data is useful to help foster competition and give better access to innovative products which leads to increased efficiency. In making such data sharing possible, it is key to ensure the sharing and utilisation of high-quality data adheres to the FAIR data principles which include the principles of findability, accessibility, interoperability, and reusability of data.
Despite the positive intentions, there are still contentious points within the proposed Data Act that need addressing. First and foremost, the definition of data has to be clearly defined and understood, and the new proposed framework must be aligned with existing data-related legislation in making sure that it does not create any legal grey areas nor any added burdens to businesses in attempting to understand the legalities of this or in trying to comply with the new set of rules.
In having data shared so extensivelythe Act needs to ensure that trade secrets and other sensitive information is properly protected especially in the case of business-to-business data-sharing. Moreover, it must also be ensured that there is a clearly defined and narrow definition of the exceptional needs situations wherein businesses would need to share data with public authorities. This will ensure that any additional burden or costs on businesses are avoided. This would also protect their democratic rights and ensure accountability and transparency.
As for facilitating the switch of cloud service providers, it is important that appropriate contracts and rules are adopted to enable a seamless transition as much as possible.
It is important to include within the scope of the Data Act how SMEs can be helped in understanding how their businesses can benefit from data sharing agreements. Sharing of data with third parties does not come without risk. While the framework needs to secure legal consistency and compliance with EU legislation, it remains crucial that the Act also makes it clear how the obligations under GDPR are respected and reconciled within this new proposed Act.
To some the Data Act might sound to technically complex and to others their unfamiliarity with data will make it easier to dismiss this proposed framework as yet another aspect in the digitalisation agenda. Despite being comprehensive and complex, the Data Act can be the key towards growth and innovation even for the smallest of businesses. Knowledge, and training will be key in unlocking the full benefits that can be derived from a facilitated access to data.