Users to be granted rights to view IoT feeds • The Register

In proposals targeting IoT and machine data, the European Commission has launched the Data Act, which promises to force manufacturers to share after-sales data streams with third-party tech companies.

The Executive Vice-President of the European Commission, Margrethe Vestager

In a move meant to shake up the market for product-based digital services, the EU executive said it wants to give users of connected devices access to the data they generate.

Consumers and other users would then also have the right to ensure that manufacturers share such data with third parties to provide aftermarket or other data-driven services.

According to the proposed law, manufacturers would cover their costs and be protected from competitors’ access to data. These two caveats seem aimed at allaying the concerns of private companies since the EU first unveiled the data strategy in early 2020 (look here).

Until May 2021, when the Commission published its “impact assessment” for the Data Act, companies that generate data they consider “proprietary” data were concerned about “undermining their investments and potentially leaking trade secrets”. a Brussels-based lawyer put it

Bird & Bird LLP’s Francine Cunningham added, “There will also be concerns that the Data Act could remove certain privileged positions from some companies, particularly original equipment manufacturers (OEMs) of internet-connected objects, thereby jeopardizing investments in data generation objects. “

Commission Vice-President Margrethe Vestager said at a press conference: “The data law defines who can use which data and under what conditions. [People are] Buy more products that generate data, from smartwatches to connected cars. Currently, it is mainly the manufacturers of these products who store and use the data.

“To empower consumers, we want to change that by building data portability. First, consumers have the right to access all of this data for free and in real time. Secondly, [they] has the right to oblige the manufacturer to share this data with another company: a company that [they] have decided to offer additional services [such as] maintenance and repairs. Which gives [people] greater control over [their] Data. It also encourages competition by allowing more companies to offer their services [consumers].”

The proposals also aim to give SMEs more power to prevent the abuse of contractual imbalances in data-sharing contracts and to protect them from unfair contractual terms imposed by a party with a significantly stronger negotiating position.

Access for the public sector

In the face of the pandemic, public bodies are granted access to private sector data in exceptional cases, “particularly in the event of a public emergency such as floods and wildfires, or to implement a statutory mandate when it is not otherwise available,” the commission said.

Finally, the law promises to make data transfers between cloud providers easier for both businesses and consumers.

Vestager said the law aims to “remove commercial technical contractual barriers that still prevent customers from switching between cloud services.”

“Not only will this empower customers, but it will also allow for more competition in an area that is becoming increasingly important to both business users and governments,” she said.

Guillaume Couneson, privacy and technology partner at law firm Linklaters, said the law, if passed in its current form, would have important implications for a number of large tech companies developing IoT, virtual assistant, cloud or blockchain offer based products and services.

“Such companies may need to make data generated through the use of their products and services available to users, provide transparent information about it and remove barriers that prevent switching,” he said.

“To enable data-sharing with third parties, major tech players must, among other things, enter into ‘data-sharing agreements’ on fair, reasonable and non-discriminatory terms. The current privacy law proposal would also introduce a mechanism prohibiting unfair contract terms.”

Couneson said the Data Act was designed to “broadly complement” the rights granted under the General Data Protection Regulation (GDPR), and in some cases extend some of the rights and obligations to non-personal data without changing the GDPR.


But the implications of the GDPR in relation to the exchange of personal data between jurisdictions are far from clear. The French data protection authority CNIL, following a similar ruling by the Austrian authority, has declared that Google Analytics violates the regulations because it transfers the data of European internet users to America.

Meanwhile, US and EU negotiators are said to be nearing a conclusion on finding a replacement for Privacy Shield, the data-sharing agreement enshrined by the EU Court of Justice in the so-called Schrems II ruling in 2020 was knocked down.

The Eiffel Tower in Paris, France

France says Google Analytics violates GDPR when it sends data to US


In a press conference, Vestager said the EU is still negotiating a solution with US officials. “This is a high priority endeavor. This is not easy because we are following the guidelines of the court that decided on the basis of the Charter of Fundamental Rights what we cannot and will not change. We have to find a way to work together with the Americans accordingly in order not to get a negative Schrems III verdict, which is our priority in order to enable the economy to optimally use data under secure and transparent conditions.”

Software Alliance’s Thomas Boué, BSA’s EMEA Director General of Policy, said of the Data Act: “While the proposed Data Act is an important recognition of the need for a fair data economy, it needs fine-tuning.”

“We believe organizations that own data – ie the customers that serve BSA member companies – should retain full control over whether they share or transfer data, to whom and on what terms.

“Requiring organizations in the EU to share the data they own – or equally preventing them from sharing or transferring data to third countries – will not only prevent EU companies from reaping the full benefits of the digital transition, it will also prevent them less capable of doing so by innovating and competing more effectively in global markets.”

The data law is submitted to the directly elected European Parliament and the Council of Ministers – representatives of the governments of the member states. They will draft their own texts, with the Commission acting as an “honest broker” to negotiate a final text to be presented to Parliament. The process rarely takes less than a year and usually takes 18 months to two years. ®

About Willie Ash

Check Also

Ubuntu Core brings real-time processing to Linux IoT

Most of you are familiar with Ubuntu as a desktop operating system; others know it …