In recent years, the EU has implemented comprehensive legislation to safeguard data privacy and enhance individual rights. This includes laws likeGDPR(General Data Protection Regulation), which requires organizations to provide greater transparency and control of personal data to end users. The EU is not messing around when it comes to enforcement, either, and a number of tech giants have been fined serious money for flouting these regulations. That’s why the world is keeping a close eye as the EU works to finalize access rules for IoT devices and data providers both within and outside Europe.
The Act contains some very strict regulations on how data from IoT devices can be shared with third parties. Cloud providers can’t hold data hostage, and must help customers switch to another service if they want. The law has also introduced some minimum standards for blockchain “smart contracts”.
Beyond the hype, there are some real examples of how the EU Data Act could also benefit end users of both IoT devices and cloud services. A farmer based in the EU who uses interconnected IoT devices to manage their crops could potentially have better access to recorded data like soil moisture and acidity, allowing them to grow bigger and better. Cloud service users will not only have better support to switch providers through an “enforced portability right” but also have better guarantees that their data won’t be transferred without their consent.
The EU Council’s now sharingits next steps towards full adoption of the Data Act. First it will have to be officially endorsed by both the EU Council and Parliament. Even at this late stage it could be subject to revision, which may reassure crypto-enthusiasts who are worried about the implications for smart contracts. The upcoming Spanish EU Presidency will then submit the text to member states for their endorsement.
It’s not clear what shape the final Data Act will take, nor exactly how it will apply to manufacturers and data providers who operate within the European Union but are based in non-EU countries like the US. If the GDPR is anything to go by, the implications could be serious. Just one year after its introduction in 2018,Google faced its first investigation under GDPRregarding how it used data to target advertising. More recently theintroduction of Google Bard was delayed in the EUdue to concerns by the Irish Data Protection Commission over how the privacy of EU users will be protected.
After butting heads with various US Technology firms, last year theEuropean Data Protection Supervisor announced the creation of two EU social media servicesbased on the federated, open source standard used by the likes ofMastodon. This is unlikely to unseat social media giants like Twitter anytime soon. Still, it’s clear the EU is coming down on the side of open data and control of personal information, and not the proprietary standards of Big Tech.
