The Great Data Liberation!

What is the European Data Act? Put very simply, this act tries to settle the whole discussion on who's the owner of the data that is generated by all those shiny tools in our life. On one side of the discussion you have the manufacturers of those objects, from your fridge to your car, and on the other the users. Well, actually that is not entirely true. On the other side you have all those smaller businesses that are not part of the huge corporations that manufacture and control the most intensively used appliances in our lives but would very much like to have access to your data. To keep it in the automotive sphere with an example, the non-manufacturer linked repair and maintenance outfits that don't have direct access to the data of your car that could provide a wealth of information. Currently the manufacturers were very stingy in providing access to the information, even if the actual user asked for it and gave permission.

So what changes? The big change provided by this legislation is a legal one. The data is well and truly the users'. Forget the argument of manufacturers that the information that is produced by something they made is still theirs. If they want to keep the data, they should not sell the goods. They are relegated to the role of data holder, holding the data on behalf of the user. I use the term user and not owner to clearly indicate that this also applies if you lease or rent or use the appliance in some other way without being outright owner. As of September of this year, manufacturers have to make sure that users have a way to share the data of their device with third parties free of charge. The implications of this in the long term are huge as we all know data is the new gold, especially in this AI age. To keep with the example from above, third party repair and maintenance chains will be able to ask for access to the data of your car so they can also send you a nice reminder that your vehicle is due for maintenance in 1.500 kilometers. Maybe 1.499 km to be just ahead of the car brand you are driving. I can already see the race to one-up each other taking place. The same goes for trucks, bulldozers, fridges, fitness bands and all those other devices that produce endless streams of data.

Whether the new legislation actually changes something will depend on the extent with which big companies comply with it and much more importantly, the extent to which users can be offered an easy route to share their valuable data. For those who are wondering what the incentive to comply is, the answer is simple. That will depend on local governments and courts actually upholding the rules. The potential penalties are similar to GDPR breaches and can run into the millions of Euros. We can all expect implementation to go slowly until there is a high profile case where some regulator shows its teeth. You can be sure that every trick in the book will be used to delay the arrival of that time as much as possible as the financial impact is tremendous.

Should we be happy with this evolution? Philosophically this is a major win for the average consumer. The tremendous value of the data we all create by using our favorite belongings is firmly ours. Whether we will reap the benefits of it will remain to be seen. Between having a right and being able to exercise it in a simple transparent way probably lies a gulf of litigation. One clear area where the impact will definitely pop up is when it collides with that other landmark piece of European law: GDPR. Take a simple lease contract as an example. The ownership usually lies with the lease company that has the vehicle in the books, while the employer of the driver pays for it and the employee uses it. In the eyes of the data act the one with the stable contract to use the vehicle is the employer. They can decide how a car is attributed and used. You don't think that's the case, just try taking the car with you after quitting your job. So it's the employer that can ask the manufacturer to share the data with other providers of services. But here it gets tricky. Quite a lot of the data that is produced by the vehicle can be considered private and can't be accessed without the consent of the driver due to the data protection in GDPR legislation. While the lease company, employer and other service providers have interest in using the data produced to optimally manage their fleet and business, they will have to very carefully navigate around the rights of the driver on privacy grounds.