On March 14, 2023, the European Parliament adopted draft legislation for the EU Data Act, focusing primarily on the access, portability, and sharing of data, and seeking to regulate how users, third parties, and the public sector can access personal and non-personal data.
According to the lead Member of the European Parliament (MEP), Pilar del Castillo Vera (EPP, ES), the Data Act “will be an absolute game changer, providing access to an almost infinite amount of high-quality industrial data. Competitiveness and innovation are part of its DNA.”
The Data Act represents the European Union’s efforts to encourage innovation and drive economic growth via effective data governance and aligns with the EU Data Governance Act (DGA), which promotes data accessibility and sharing across EU countries. While the DGA enables the movement of data freely within the EU, the Data Act specifies entities that can use certain data types as well as the conditions that must be met.
Telecom service providers are particularly interested in the specifics of the Act since they function both as users of data as well as transporters of data they do not directly use. As edge devices and 5G-enabled IoT services proliferate, telcos will need to clearly delineate between data use and simple data transport.
Understanding the EU Data Act
While data holds the key to unlocking innovation and economic growth, harnessing the power of data requires a balance between openness and protection. The Data Act seeks to help organizations unlock the full potential of data by creating an enabling environment for data sharing without compromising privacy, security, and trust.
The aim is to foster a culture of responsible data management that paves the way for businesses to harness the transformative power of data, drive innovation, and promote economic growth in the digital age.
Key Provisions of the EU Data Act
The key provisions of the EU Data Act aim to promote innovation, competition, data accessibility, and the protection of data rights within the EU. They include:
- General rules for the sharing of data generated by connected products or related services (such as IoT products and services, virtual assistants, and chatbots) to ensure fairness in data-sharing contracts
- Requirements for service providers and support for the development of new services, particularly in artificial intelligence, by providing access to the 80% of industrial data not currently in use for algorithm training
- A focus on contractual agreements in business-to-business relations that enable manufacturers of connected products to give users access to the data generated by those products upon request and the ability to share that data with third parties
- Guidelines for organizations to determine which data can be shared, with the option to withhold specific data. This ensures fairness and balance in data-sharing contracts to protect SMEs from unfair contractual terms imposed by larger companies
- Requirements for private sector data holders to grant access to their data to public sector bodies in the EU without delay in the event of an emergency or exceptional circumstance, such as natural disasters
- Increased provisions for protecting trade secrets where increased access to data can lead to reverse engineering of services or devices by competitors
- Rules for allowing customers to switch between cloud service providers and other data processing service providers without restrictions or penalties
- A provision to prevent unlawful data transfer by restricting cloud service providers from sharing non-personal data held in the EU with non-EU governmental entities or from transferring it internationally
Impact on the Cloud Services Sector
Offering scalable and efficient infrastructure for storing, processing, and analyzing vast amounts of data, cloud service providers (CSPs) play an important role in facilitating enhanced collaboration, innovation, and data-driven decision-making in today’s digital environment.
While the EU Data Act introduces new opportunities for the cloud services sector, it also brings new challenges for CSPs, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), as it shapes the way they manage data.
The Act allows for the switching between cloud service providers and other data processing service providers to support competition. Customers must be able to transition to similar providers without contractual or technical restrictions and terminate services with prior notice and data portability.
However, some have raised concerns around the prohibition of international data transfer of non-personal data held in the EU. This measure could potentially hinder business opportunities, competition, and innovation for non-EU cloud service providers in the EU.
Empowering Business Innovation with Data
Because businesses increasingly rely on cloud services for data storage, processing, and analysis, the Act’s emphasis on fair data sharing and access has a profound impact on the cloud services sector.
With advanced data storage solutions and services from Pure Storage, your organization can effectively harness the power of data, maximize its value, and position itself as a leader in this data-driven era.
Our expertise in data management and commitment to data stewardship positions us as a trusted partner for businesses navigating the complexities of GDPR and EU Data Act compliance. We’ve been driving efficiencies in data management across clouds for the last 10 years in highly regulated industries, such as financial services, subject to strict GDPR and data-sharing rules.
Data storage solutions from Pure Storage offer the scalability, performance, and security required to handle industrial data effectively so you can confidently leverage your data assets, drive innovation, and achieve your organization’s growth objectives.
