In this document, as the member organisations of the Data Sovereignty Now (DSN) campaign, we outline our input for the Data Act. We welcome the Data Act and applaud the fact that it marks the first time that data sovereignty is being included in EU regulation, giving people and organisations control over the data they generate. It will add ‘means’ to the rights that the GDPR provides. While this is a positive development, we also have a few critical observations:
- Due to only covering data generated by the use of ‘connected devices (IoT)’ or related services, the scope of the Data Act proposal seems unjustifiably narrow
- Instead of just focusing on compliance, the opportunities for innovation created by the Data Act should also be highlighted and supported in the implementation process
- The interoperability envisioned in the Data Act requires a ‘soft infrastructure’ for decentralised data sharing to ensure smooth implementation
We elaborate on these observations below.
The recently proposed Data Act is one of the legislative building blocks of the EU Data Strategy. It aims at building a more sustainable digital future and a European single market for data, in which people and organisations have control over – and benefit from – the data that they generate.
Against the backdrop of the current geopolitical situation, the issue of sovereignty has become more topical than ever – and this also extends to data. ‘Data sovereignty’ provides the fundamentals for a new and fairer way of dealing with data. This is urgently needed to ensure social welfare and a more equal distribution of data-enabled benefits. For a sustainable digital future built on the exchange of data, it is necessary to ensure a better ‘data benefit balance’ between the party generating the data and the party that benefits from using that data. In other words, instead of enabling Big Tech giants, cloud providers and manufacturers of connected devices to exploit ‘our’ data in their own commercial and non-democratically controlled interests, it is essential that we remain data sovereign.
It is therefore becoming increasingly paramount that the EU stands strong in defending a human-centric view of society and preserves the European values such as transparency, security and trustworthiness. The Data Act clearly supports this aim. In fact, it is the very first time that data sovereignty is included in EU regulation. The draft Data Act states clearly in black and white that those who generate the data should have control over that data.
Broaden the scope
However, the main focus of the Data Act is on regulating data access in relation to devices connected to the Internet of Things (IoT). While this is definitely a step in the right direction, as DSN we believe it is necessary to take things even further. The focus on data generated by users of IoT devices seems to unjustifiably create a gap with data generated by users of other data processing services and digital resources. Just some examples of such data transactions include the use of an ERP system that has stock management insight based on transactions with other parties, the use of an app on a mobile phone, and the use of cloud services.
As DSN, we call for the scope of the Data Act to be expanded in that direction to cover all data generated by all ‘Data Subjects’.
What about innovation?
The mandatory nature of this legislation means that it may be perceived as a compliance issue by many companies. The fact that data sovereignty principles also provide opportunities for innovation and growth is too often overlooked. There is still a lot of work to be done to educate politicians, consumers, organisations and businesses about the dynamics of the data economy so that they better understand the potential of data and the need for tools to support the opportunities.
Organisations and businesses need to redefine their operating models with products and services that are built on data. The Data Act presents real opportunities to build a more sustainable digital future based on data sovereignty principles – a future in which the data benefit balance is shared out more equally and in which the companies themselves maintain their future relevance. This is their chance to explore new ground and innovate their business models built on new approaches to data. Finding new and better ways of data valorisation is perhaps the hardest – but also most urgent – ‘nut to crack’. Therefore, in the implementation process, we urge the European Commission to also highlight and support the opportunities for innovation that the Data Act creates, rather than only focusing on compliance.
Lastly, to ensure smooth implementation, interoperability is crucial. A soft infrastructure for decentralised data sharing will support adoption and enable data sharing in a single digital market; without it, fragmentation will prevent meaningful developments. We firmly believe in the constructive role that could be fulfilled by establishing a ‘Data Innovation Board’ (DIB), as mentioned in the Data Governance Act (DGA), with a Data Space Support Centre as the executing arm of the DIB. The DIB should be empowered and equipped to guide the emergence of a soft infrastructure for data sharing and prevent unwanted fragmentation.
The European Commission could ensure the deployment of a mission-oriented approach to well-functioning and fair data markets with appropriate funding instruments, which would promote and incentivise the development of the necessary soft infrastructure for a free flow of data in the EU. While the Commission has the jurisdiction to lead the work on European standards for interoperability, the private sector needs to be actively heard and the work should be industry-led based on a bottom-up rather than top-down approach.
As DSN, we applaud the fact that data sovereignty is well covered in the Data Act proposal. However, in order to achieve successful execution (and meaningful adoption), we urge the legislators to broaden the scope to include all data subjects, to highlight and support the opportunities for innovation, and to ensure the necessary interoperability based on a soft infrastructure for decentralised data sharing.
At the same time, it is important to keep the momentum going. The window of opportunity is closing; the longer it takes to implement the Data Act, the more fragmentation will occur and the more dominant the Big Techs will become. Conversely, the sooner the Data Act is put into practice, the sooner businesses in the European market will be nudged towards developing new business models and new ways of valorising data. This will bring about the much-needed human-centric focus in the European data economy, thus making it more difficult for Chinese and US players to impose their ways of dealing with data in the EU market.
Mariane ter Veen, Director Data Sharing at INNOPAY