The issue of data sovereignty is more topical than ever. The recently proposed Data Act is one of the legislative building blocks of the EU Data Strategy, aimed at building a more sustainable digital future in which people and organisations have more control over the data they generate. This marks the first time that data sovereignty is being included in an EU regulation. While this is an applaudable development, the mandatory nature of this legislation means that many companies may overlook the fact that data sovereignty principles also provide opportunities for innovation: to develop new ways of creating value and future relevance, and to re-define their business with products and services that are built on data.
Against the backdrop of the current geopolitical situation, the issue of sovereignty has become more topical than ever – and this also extends to data. ‘Data sovereignty’ provides the fundamentals for a new way of dealing with data, and society urgently needs this. For a sustainable digital future built on the exchange of data, it is necessary to ensure a better ‘data benefit balance’ between the party generating the data and the party that benefits from using that data. In other words, instead of enabling Big Tech giants, cloud providers and manufacturers of connected devices to exploit ‘our’ data in their own commercial and non-democratically controlled interests, it is essential that we remain ‘data sovereign’.
Legislating data sovereignty
It is therefore becoming increasingly paramount that the EU stands strong in defending a human-centric view of society and preserves European values such as transparency, security and trustworthiness. The Data Act clearly supports this aim. In fact, it is the very first time that data sovereignty is included in an EU regulation. The draft Data Act states clearly in black and white that those who generate the data should be in control over that data. It includes:
- Measures to allow users of connected devices to gain access to data generated by them and to share such data with third parties to provide aftermarket or other data-driven innovative services.
- Measures to prevent abuse of contractual imbalances in data sharing contracts.
- Means for public-sector bodies to access and use data held by the private sector that is necessary for exceptional circumstances, particularly in case of a public emergency such as floods and wildfires, or to implement a legal mandate if data is not otherwise available.
- New rules allowing customers to effectively switch between different cloud data-processing service providers and putting in place safeguards against unlawful data transfer.
- Provisions amending certain aspects of the Database Directive (including with respect to databases containing data from IoT devices and objects).
- The mentioning of Data Spaces and the need for interoperability.
Opportunities and need for innovation in data valorisation
The main focus of the Data Act is on regulating data access in relation to devices connected to the Internet of Things (IoT). While this is definitely a step in the right direction, as Data Sovereignty Now (DSN) we believe it is necessary to take things even further. There is still a lot of work to be done to educate politicians, consumers, organisations and businesses about the dynamics of data so that they better understand the potential of data and the need for new ways of dealing with it. For European organisations and businesses in particular, the Data Act presents real opportunities to build a more sustainable digital future based on data sovereignty principles – a future in which the data benefit balance is shared out more equally and in which the companies themselves maintain their future relevance. This is their chance to explore new ground and innovate their business models built on new approaches to data. In this context, it was Tommaso Valletti, who said: “I find it disappointing that all business models revolve around advertisements… you’d think we humans could do better. I mean, we invented town squares, libraries, universities, churches…” This is perhaps the hardest – but also most urgent – ‘nut to crack’; finding new and better ways of data valorisation.
One way to encourage innovation will be to show existing examples of successful new business models and new ways of dealing with data. To support adoption, this will require a ‘soft infrastructure’ for decentralised data sharing. And we also firmly believe in the constructive role that could be fulfilled by establishing the ‘Data Innovation Board’ (DIB), as mentioned in the Data Governance Act (DGA) with a Data Space Support Centre as the executing arm of the DIB. The DIB should be empowered and equipped to guide the emergence of a soft infrastructure for data sharing and prevent further fragmentation.
Summing up, we applaud the fact that data sovereignty is well covered in the draft Data Act. However, in order to achieve successful execution (and meaningful adoption), we urge the legislators to keep the momentum going. The window of opportunity is closing; the longer it takes to implement the Data Act, the more fragmentation will occur and the more dominant the Big Techs will become. Conversely, the sooner the Data Act is put into practice, the sooner businesses in the European market will be nudged to develop new business models and new ways of valorising data. This will bring about the much-needed human-centric focus in the European data economy, thus making it more difficult for Chinese and US players to impose their way of dealing with data in the EU market.
Data Sovereignty Now’s 3 steps to a sustainable digital future:
- The EU should make Data Sovereignty the central design principle of the data economy as a whole and a prerequisite for every organisation’s own data architecture.
- Next, implement a ‘soft infrastructure’ of functional, legal, technical and operational agreements which will support decentralised data sharing based upon European values, built on a sound consent mechanism that works for every entity, for example: a person, business or government.
- Focus on the adoption of Data Sovereignty principles by organisations and end users. The organisations which create the initial agreements should roll out the first version of the soft infrastructure. And soft infrastructures must then be allowed to evolve over time, and extend across multiple sectors.
Eric Pol (A New Governance) & Mariane ter Veen (INNOPAY)