The ‘Regulation on harmonised rules on fair access to and use of data’ (European Data Act, or EDA) was first proposed by the European Commission in February 2022 to “leverage the exponential growth of IoT and unlock the vast potential of industrial data in the EU in a safe manner”. In June 2023, it was announced that European Parliament and the Council of the EU had reached agreement on the EDA. The Act will most likely be finalised in or around October 2023, come into force soon thereafter and become applicable 20 months later, meaning in mid-2025.
The Act is aimed at overcoming what the EU sees as a series of barriers to the greater sharing of data generated by enterprise and consumer IoT devices. These barriers include: lack of incentive for data sharing by holders of data, lack of clarity about rights and obligations, costs and complexity of implementing technical interfaces, fragmentation of data silos, poor metadata management, lack of standards, ontologies and interoperability, and abuse of imbalance of power between holders, owners and potential users of data.
With the Data Act, the EU aims to establish a common framework for establishing what IoT data can be shared and under what circumstances. In so doing it aims to improve the sharing of data to create a secondary market for services based on IoT data. It also incorporates a number of subsidiary topics aimed at supporting that core aim.
In this report we consider the aims of the Data Act and the positioning of the Data Act in the wider context of EU data regulations, including the European strategy for data, the Data Governance Act, the Open Data Directive, European Data Spaces, and others. We then go on to examine the five main categories of rights and obligations under the act: access to data, public access to data, rights to switch cloud providers, prohibition on unlawful transfer, and interoperability standards. Finally, we examine the likely impact and challenges, including the opportunities created by the new data sharing rules, as well as potential pitfalls such as over intellectual property rights, limitations on use of leading vendors (such as Amazon Web Services and Microsoft), and additional compliance costs.