Amazon, Microsoft, Google, IBM and other cloud-service providers will have to put in place safeguards to prevent non-EU governments’ unlawful access to EU data, according to the European Commission’s new data-sharing rules.
The EU’s Data Act, published on Wednesday (23 February), sets obligations for data-sharing, in a bid to compete with the major US and Chinese companies in the revolution of the Internet of Things (IoT).
The IoT refers to the network of smart devices that transmit and exchange data with other systems over the internet.
The aim is for European citizens and companies to have more clarity on “who can access data and on what terms,” Margrethe Vestager, EU competition commissioner and head of digital, told a press conference.
And the rules take a stand against the unlawful use of non-personal data held in the EU by third countries – a move that could potentially hit foreign companies which bypass the bloc’s data privacy laws when collecting data.
Non-personal data cannot be used to identify or trace an individual.
Vast amounts of data is created every time people use the internet. But the increasing volume of data generated from products and technologies along the manufacturing supply chain is expected to drive the next wave of economic growth, sometimes known as the fourth wave of the industrial revolution.
Currently it is estimated that 80-percent of this industrial data is unused. But who owns it?
The majority of data produced by small and medium companies is being sucked up by a handful of big suppliers — and that’s seen by some experts as a threat to Europe’s digital sovereignty.
If just a few US-based tech giants get ahold of industrial data from EU companies “all that value generated by these companies will flow and be read in terms of profits by the tech giant,” said Andrea Renda of the Brussels-based think tank Centre for European Policy Studies.
The Data Act has the potential to capture and retain the value created by EU companies in Europe, Renda said.
The EU commission estimated these new rules could generate €270bn of additional GDP by 2028 for the EU27.
The draft law stipulates that all the data produced by IoT devices (like a fridge or a car) should be accessible to users free and in real-time — but also for third parties that would like to use such data to offer services.
For example, a smart dishwasher manufacturer can negotiate and agree to share the device’s data with a repair service provider for a “reasonable” price, according to the commission.
SMEs will not have to pay more than the direct costs for making the data available.
The sharing of data, nevertheless, will have to comply with provisions linked to intellectual property and trade secrets.
The rules also include provisions to foster business-to-government data-sharing in “public emergencies and other exceptional situations” — a controversial initiative likely inspired by the response of some governments to the pandemic.
Renda warned that this language is “too vague,” lacking adequate safeguards like anonymisation requirements for companies.