technology
EU agreement on “Data Act”: What happens to device data?
A networked refrigerator (symbolic photo). According to the new data law, users of networked devices should in future be able to access their data and also pass it on to third parties. photo
© Zacharie Scheurer/dpa-tmn/dpa
Despite warnings from major companies, the EU has agreed on the “Data Act”. This should allow better use of data from all possible devices, from coffee machines to wind turbines.
The refrigerator, the car, the vacuum cleaner – data is now collected in almost every modern device. But who can access and use this data has so far been unclear. The The EU now wants to take action with its “Data Act” – but criticism is pouring down from all sides.
What exactly was decided
Representatives of the European Parliament and EU states agreed on a data law on Wednesday night. Until now, it has often been unclear who is allowed to do what with the data that is generated when using a dishwasher or a machine tool with Internet access, for example. Manufacturers have often simply granted themselves the right to use all the data generated.
The Data Act is now intended to give both individuals and companies more control over their data: in the future, users of networked devices should be able to access their data and also pass it on to third parties. For example, a car owner could choose to share certain data with their insurance company in the future. Large cloud providers such as Amazon Web Services, Microsoft or Google are now obliged to prevent illegal access to data and to make it easier to switch providers.
At the same time, however, data trading and the comprehensive use of data are to be boosted and new business areas opened up. In exceptional cases, such as forest fires or flood disasters, authorities should also be able to access data held by the private sector. The “Data Act” still has to be formally approved by the EU Parliament and the Council of Member States.
Which data is affected
A large number of devices that we use in everyday life are now networked locally or via the Internet. This applies to coffee machines, light bulbs, vacuum robots or the Thermomix, but also fitness bracelets and televisions. The “smart” devices can often be controlled by cell phone. They are in regular contact with the manufacturer, for example to call up the maintenance status or updates. The device often sends information to a cloud, where the data is processed or serves as the basis for other services, as explained by the Federal Office for Information Security. But it’s not just about household appliances, but also about airplanes, cars, wind turbines and combine harvesters.
What does that mean for consumers?
For the time being, there are probably no obligations for consumers. On the other hand, the hope is that the new law could make customer service or the repair of certain devices cheaper, for example. Consumer advocates are still critical of the law. The compromise that has now been reached is disappointing, said the head of the Federal Association of Consumer Organizations, Ramona Pop. It remains unclear how consumers would be protected if they chose to share the data. “Because the consequences that the voluntary sharing of data could have are difficult to survey. Companies could exploit this to take advantage of people or set false incentives.”
The European consumer protection organization Beuc sees a “missed opportunity”: The “Data Act” opens up too many exceptions for companies. They could prevent data from being accessed and shared, leaving consumers with little control.
Companies fear excessive interventions
Companies in particular are now held accountable in terms of transparency and data control. The “Data Act” represents a massive intervention in the previously well-functioning freedom of contract in data exchange between companies, criticized the mechanical engineering association VDMA. Although the “Data Act” now also regulates the protection of trade secrets, this does not go far enough for many. “In particular, it must be avoided that business secrets fall into the hands of competitors or countries that are less friendly to us as a result of the obligation to share data,” said Bitkom President Ralf Wintergerst.
The industry association BDI is also critical of the law because everything from smart heating thermostats to aircraft is treated the same: “There is a risk that neither manufacturers nor potential users will benefit from the EU Data Act,” said Iris Plöger from the BDI general management. “Companies could now be inclined to realign their data strategy and restrictively, which is likely to lead to less available data and thus run counter to the goal of the Data Act,” said Michael Kraus from the commercial law firm CMS.