Towards a fair data sharing economy
During the recent MyData 2022 conference we attended a panel discussion about the EU Data Act and the future of data sharing. According to the legislative train schedule, the Council of the European Union debated this piece of legislation in late June 2022. While there is still a while before it gets adopted, the complete draft is already available, and there is a lot to unpack.
The legislation primarily aims to enable fair value allocation among the data economy stakeholders. It also aims to foster access to and use of data.
The first objective is to ease access to data while creating incentives to invest in new data businesses. The Data Act aims to create a playing field where incumbents and new actors can access and generate value from data. Considering the immense value of today’s data economy and its projected growth, such legislation will help it remain a crowded space with healthy competition. Note that the regulation primarily focuses on IoT device data rather than data generated through using personal computing devices.
Enable “break-glass” access to corporate data for government bodies.
Another objective of the Data Act is to enable government bodies to access corporate data in emergency cases. The document discusses at length what such emergency cases might be. This includes anything from natural or human-induced disasters to the need to compile timely statistics. Already during the panel discussion, this point raised a lot of questions from the audience and a discussion of the wider implications are out of the scope of this post. A silver lining is that small and medium enterprises are excluded from these provisions, to reduce the financial burden of implementing them. Another important point is that the purpose of data access must be explicitly pre-defined and data must be deleted after use. CanaryBit’s Confidential Cloud enforces scope-defined, fined-grained secure data sharing.
Make it easy to switch between cloud and edge services.
It is not immediately clear to me how or why today’s architecture of computing infrastructure needs to be included in a legislative act meant to stay relevant for decades to come. However, it clearly shows that the authors place big hopes and expectations on edge computing.
Help prevent unlawful data transfer without notification by cloud providers.
This objective is related to the never-ending story of unlawful data transfer from the EU to other jurisdictions. It is unlikely that Data Act itself will effectively help prevent such unlawful transfers by cloud providers. However, the data owners will maybe at least be notified. CanaryBit’s Confidential Cloud allows tying data storage and processing to a specific hardware platform. This makes it impossible to transfer plaintext data to other jurisdictions.
Nurture development of interoperability standards for data sharing.
Standards are essential for enabling interoperability, both technological and legal. Another good thing about standards – as Andrew Tannenbaum aptly noted – “is that there are so many to choose from.” Effective standardisation is a balancing act between enabling interoperability while allowing space for innovation. In this context, the document mentions standards for smart contracts. Their future remains to be seen, since as of today they are “neither smart, nor contracts”.
The EU Data Act sets the stage for the future evolution of data sharing. While it is still in the discussion and adoption stage, it may change in various ways. Furthermore, the interpretation of this EU-wide act on a national level may vary, as it happened with other similar legislative acts. However, it is already clear that the Data Act takes a firm step towards enabling data sharing between organisations. Moreover, it will further stimulate the data economy.