LThe General Data Protection Regulation (GDPR) gave wings to the European Commission. After the GDPR there will be the Data Act; the Open Data Directive has existed since 2019, the Data Governance Act, applied since June (with a compliance period of 15 months), and others are preparing. There is a risk of overlapping regulations that contradict each other, as well as the authorities that supervise them. We can fear a lack of consistency. The United States is following suit: the powerful competition authority, the Federal Trade Commission, wants to regulate commercial surveillance that affects the American consumer, while Congress is working on an American GDPR, the American Data Privacy and Protection Act .
But the new European regulations to which the GDPR applies have another purpose: to mitigate, in a certain sense, the effects of the GDPR. Because data is not only personal: it is also a common good that can solve many problems.
The Data Act concerns the data produced by our devices or by the services that use them. They belong to those who create them, to the users, and not just to the producers! The latter must make the data available through the device, and, when this is not possible, transmit them to those who may be interested on request. In return, this data cannot be used to develop a competing product.
The GDPR provided for the right to the portability of personal data. But, in practice, the lack of interoperable formats only made it possible to recover them on their own. This right is extended by the Data Act to non-personal data and legal person data and provides that a user can entrust their data to third parties. But Big Tech is kept out of this regulation. It is so easy for them to collect data that the Commission did not want to give them this additional chance.
Public bodies can benefit from this data, as long as they justify it (public emergency, public service), but not for police or administrative investigations. It is possible to object, if the data are not available or if the request does not comply with the Privacy Code.
Trusted third party
The data law thus makes it possible to change the data processing providers, for example to the cloud. But the rights of users and the obligations of cloud managers in terms of data must be specified in the contract. The Commission will be able to impose interoperability standards. As for the GDPR, producers must prevent any unlawful request from authorities outside the European Union to access data, except in cases provided for by mutual legal assistance treaties.
You still have 60.18% of this article to read. The following is for subscribers only.