The European Union is proposing legislation that would force more data sharing among companies in Europe—aiming to loosen the grip officials say a few big tech companies have on some commercial and industrial data.
The new rules, proposed Wednesday in a bill called the Data Act, aim to help smaller companies keep up with big ones in the race to profit from troves of non-personal data generated by connected products, ranging from smart appliances to automobiles. The issue is increasingly relevant as more devices generate data used for control and monitoring, such as in smart homes and factories. The volume of such data will balloon with the rollout of 5G technologies.
But big tech companies complain that the bill discriminates against them and would effectively push many companies operating in Europe to store more of their data in Europe, with European providers, rather than sending it overseas or using American companies.
“The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules,” Thierry Breton, European Commissioner for the internal market, said. The European Commission said it anticipates the legislation could add 270 billion euros, equivalent to $305.76 billion, to the European economy by 2028.
Wednesday’s proposal is part of the biggest proposed expansion of global tech regulation in decades. The EU is in the final stages of settling on the texts of two new laws aimed at large tech companies, one that seeks to limit potential abuses of dominance and the other that aims to force them to take more responsibility for policing online content, both backed by significant fines.
Other laws aimed at big tech companies are being considered or implemented from South Korea to the U.K. to Canada. The U.S. Congress is currently debating proposals that include some similar provisions to those being completed in the EU.
The new data proposal by Brussels expands on a domain tackled by one of the EU’s biggest pieces of tech regulation to date: the bloc’s privacy law, known as the General Data Protection Regulation which became effective in 2018. While that law focused on how companies could—and couldn’t—collect personal information about EU residents, the Data Act is focused on non-personal data.
EU officials say their goal with the new law is to help open up more of a marketplace for data by forcing companies to strike data-sharing deals that would allow consumers to choose between competing service providers when using connected devices. Many of the provisions would apply broadly beyond just big tech companies.
One example that officials cited was a consumer who wants to send data from a smart dishwasher to a third-party repair service, rather than to the manufacturer. Another was of a factory owner who wants to share information collected by a robot with a third-party company that can help optimize its performance. The bill would also impose a requirement to make it easy for companies to switch between different cloud-services providers.
Lobbyists and industry lawyers said the legislation will impose a significant burden on companies, which will have to determine how to deal with data requests and what data they are obligated to share. “The economics of data have so far not been regulated,” said Christoph Werkmeister, a partner with Freshfields Bruckhaus Deringer. “It is certainly going to be a very major compliance burden.”
The act imposes new obligations on so-called gatekeepers, a term that refers to the world’s biggest tech companies and which the EU is still in the process of defining through the proposed law meant to put checks on their dominance, called the Digital Markets Act.
The new proposal would compel gatekeeper companies to share the data they collect from their devices and virtual assistants with users and smaller companies when the user requests that the information be shared. But at least in some earlier drafts of the proposal, gatekeepers aren’t allowed to request or receive such data, something tech lobbyists say would be discriminatory.
The lobbyists also express concern over provisions that order companies to take measures to prevent governments outside the EU from accessing any data collected in Europe, something EU officials say is meant to counter foreign surveillance. Tech lobbyists argue that the rule, which goes beyond GDPR rules governing only personal information, would create legal uncertainty and discourage trans-Atlantic data sharing.
Foreign access to data in the EU has been a point of consternation in Europe since the U.S. passed a law giving itself the authority to demand such data from American companies.
Companies’ ability to send personal information related to Europeans is already under threat from EU privacy regulators because of an EU court precedent from 2020 also related to government surveillance. Ireland’s privacy regulator said this week that it is in the process of completing an order for Facebook owner Meta Platforms Inc. to halt transfers of user data from the EU to the U.S., though any such order could take months to become official.
This story has been published from a wire agency feed without modifications to the text