Responsible data sharing is not only critical to the digital economy but also to the whole European economy. The European data economy has grown at a year-over-year rate and now accounts for 3.6 percent of European Union (EU) GDP and was valued at over €440 billion in 2021. By 2030, the EU data economy should cross the €1 trillion threshold.
Adopted on February 23, 2022, the Data Act follows the Data Governance Act as part of the European Commission’s greater European data strategy. The Data Act addresses who can access and innovate using data generated by Internet of Things (IoT) connected devices, cloud services, and edge services. Specifically, the Act clarifies how economic sectors, public sector bodies, IoT manufacturers, suppliers of related services, data holders, data recipients, and other businesses can access and share data generated from consumer use of Internet-connected devices to benefit two stated beneficiaries—European small and medium-sized enterprises (SMEs) and consumers.
Unfortunately, the Data Act contains fundamental pitfalls and needs significant modification to not harm the European data economy. Among other concerns, the Act could increase barriers to entry for businesses, treat international cross-border data flows unfairly, raise privacy concerns regarding government use of data, and muddle the interactions with other EU data-focused legislation.
To carefully balance competition, innovation, and privacy in the EU, the European Commission should start by revising the Data Act to:
- Minimize the burdens of compliance and barriers to entry for all IoT companies, domestic and foreign, seeking to provide their services to European consumers. (i.e., Recital 19, Article 30, etc.)
- Clarify the Act’s effect on international data flows to make the EU data economy more competitive, not less, to multinational companies and global innovators. (i.e., Explanatory Memo’s Subsidiarity, Article 27, etc.)
- Balance privacy safeguards with data accessibility in business-to-government sharing to protect against misuse of consumer data from connected devices. (i.e., Chapter Five, Article 17, etc.)
- Mitigate legislative fragmentation that could result from the Act’s interactions with the Digital Markets Act and the General Data Protection Regulation (GDPR). (i.e., Article Five, Article Six, etc.)