EU Data Act aims to 'unlock' industrial data

EU industrial data should be shared between businesses to unlock its full potential, the draft Data Act says, introducing new requirements for makers of connected devices not to shut off access to smaller companies.

The draft law, unveiled today, will create 270 billion euros ($306 billion) in additional economic growth in the EU by 2028, the European Commission said, by creating opportunities for new services in sectors including health, transportation and agriculture.

“Today is an important step in unlocking a wealth of industrial data in Europe, benefiting businesses, consumers, public services and society as a whole,” EU industry commissioner Thierry Breton said in a statement. “So far, only a small part of industrial data is used and the potential for growth and innovation is enormous.”

The legislation must still be debated and agreed upon by the European Parliament and national governments, either of which may introduce amendments, before becoming law.

Data generated by connected cars and other Internet of Things devices will be made available to a wide variety of related service providers such a repairers under the Data Act, which will prevent the makers of those devices from hoarding the data for themselves.

“Consumers and businesses will be able to access the data of their device and use it for aftermarket and value-added services, like predictive maintenance,” the commission said.

Road vehicles may later be subject to more specific legislation, as requested by consumer and aftermarket services groups; the commission plans to run a public consultation soon, MLex reported earlier this month.

Contract terms

The draft Data Act introduces a list of prohibited contractual clauses intended to prevent powerful companies from withholding their data from smaller businesses and to protect consumers.

For example, small businesses can’t be obliged to pay more for accessing data than the direct cost for making the data available. Clauses to limit a company’s liability for gross negligence would automatically be considered unfair, and those that limit remedies for the non-performance of contractual obligations would be presumed unfair unless proven otherwise.

The commission will also develop model contractual terms to help companies draft and negotiate fair data-sharing contracts.

The Data Act also outlines standards for “smart contracts” that are used for companies in sectors such as for supply chain management. These contracts are self-executing pieces of software that automatically transfer information and initiate payments according to pre-agreed terms.

The EU legislation will set certain requirements so that they can be used without errors, manipulation and to ensure continuity in case they’re terminated on short notice. These requirements will be refined with additional standards, the EU's executive arm said.

Commission officials say they want the provision to be “technology-neutral,” but smart contracts currently use distributed ledger technologies — chiefly blockchain networks.

The payments initiated by smart contracts are necessarily cryptocurrency transfers, not fiat currency transactions, which depend on the traditional banking system.

That means companies that want to use smart contracts for payments need to be willing to do business in cryptocurrency, which would be a big move for some large companies. Even if smart contracts are only used to transfer information, use of public blockchains incurs network fees that must be paid in cryptocurrency.

Alternatively, some companies — IBM, for example — operate their own proprietary private blockchains to provide smart contract-enabled services, such as supply chain management.

Cloud providers

The draft rules will also force cloud-service providers such as Amazon, Microsoft and Google to ensure “switchability” between providers.

The planned law “introduces minimum regulatory requirements of a contractual, commercial and technical nature, imposed on providers of cloud, edge and other data processing services, to enable switching between such services.”

The proposal says that access to interoperable data processes is a “precondition” for a “flourishing data economy in which data can be shared easily within and across sectorial ecosystems.”

In addition, cloud providers will be obliged to take measures to “avoid unlawful access” from foreign governments’ surveillance authorities.