EU countries, lawmakers reach data rule deal targeting Big Tech

BRUSSELS - European Union countries and lawmakers have agreed on rules that govern how Big Tech and other companies use European consumer and corporate data, with safeguards against non-EU governments gaining illegal access.

The European Commission proposed the Data Act in 2022 to cover data generated in smart gadgets, machinery and consumer products, part of a raft of legislation aimed at curbing the power of US tech giants.

EU concerns about data transfers have grown following revelations by former American intelligence contractor Edward Snowden in 2013 of mass US surveillance.

The agreement was reached after seven hours of talks on Tuesday.

“Tonight’s agreement on the Data Act is a milestone in reshaping the digital space... we are on the way of a thriving EU data economy that is innovative and open – on our conditions,” EU industry chief Thierry Breton said in a tweet.

The new legislation gives both individuals and businesses more control over their data generated through smart objects, machines and devices, allowing them to copy or transfer data easily from across different services.

It also gives consumers and companies a say on what can be done with the data generated by their connected products.

The Act makes it easier to switch to other providers of data processing services, introduces safeguards against unlawful data transfer by cloud service providers and facilitates the development of interoperability standards for data to be reused between sectors.

Manufacturers watered down a bid to force them to share data with third parties to provide aftermarket or other data-driven services. Siemens and SAP fear trade secret-related data leaks.

Such data-sharing requests can be rejected under exceptional circumstances where operators could face “serious and irreparable economic losses” undermining their financial viability under the new law.

Lawmaker Damian Boeselager said this created a loophole for some companies.

“I find this deeply concerning. But at least a national authority can review and annul such a unilateral decision by the operator in a timely manner,” he said.

The European Consumer Organisation (BEUC) lamented the agreement as a missed opportunity to do more for users. 

“The EU institutions have given too much flexibility to companies who can now prevent consumers from sharing data with other service providers on the basis it constitutes a trade secret, for example,” said BEUC deputy director-general Ursula Pachl.

However, Washington-based lobbying group The Information Technology Industry Council criticised the wide scope of the Act.

“We have ongoing concerns regarding the Act’s broad and ambiguous approach to data sharing, including on the expansion of the products and services originally in scope and the safeguards for trade secrets protection, as well as the rules impacting international transfers of non-personal data,” its director-general for Europe, Mr Guido Lobrano, said.

DigitalEurope, whose members include Airbus, US tech giants such as Amazon and Google, GFK, Nokia, Qualcomm, Philips, SAP, Siemens and Sony, said the data agreement fell short of businesses’ expectations. 

“The Data Act will place European industry at a disadvantage by forcing it to give up hard-earned data and restricting contractual freedom, potentially leading to a new wave of de-industrializsation and poses risks to our cybersecurity,” its director-general, Cecilia Bonefeld-Dahl, said in a statement.

The data law will come into force from 2025.

The EU is also currently preparing the world’s first comprehensive law to regulate artificial intelligence, and aims to approve the legislation by the end of the year. REUTERS, AFP