'%20stroke-width='15'%20stroke-linecap='round'%20stroke-dasharray='0%2044%200%2044%200%2044%200%2044%200%20360'%20cx='100'%20cy='100'%20r='70'%20transform-origin='center'%3e%3canimateTransform%20type='rotate'%20attributeName='transform'%20calcMode='discrete'%20dur='2'%20values='360;324;288;252;216;180;144;108;72;36'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3c/circle%3e%3c/svg%3e%20--%3e%3csvg%20width='78'%20height='78'%20viewBox='0%200%2078%2078'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3crect%20x='14'%20y='17'%20width='48'%20height='44'%20fill='white'%20/%3e%3cpath%20d='M24.0741%2034.9365C21.432%2034.9365%2019.377%2037.0503%2019.377%2039.7365C19.377%2042.4228%2021.4466%2044.5512%2024.0741%2044.5512C26.7016%2044.5512%2028.7714%2042.4375%2028.7714%2039.7365C28.7714%2037.0356%2026.7016%2034.9365%2024.0741%2034.9365Z'%20fill='%235082AF'%20/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'%20/%3e%3c/svg%3e)
'%3e%3cpath%20d='M22%200H0V14.6667H22V0Z'%20fill='%2321468B'/%3e%3cpath%20d='M22%200H0V9.77778H22V0Z'%20fill='white'/%3e%3cpath%20d='M22%200H0V4.88889H22V0Z'%20fill='%23AE1C28'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_11_492'%3e%3crect%20width='22'%20height='14.6667'%20rx='2'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
The Data Regulation (DR), also known as the Data Act, has come into force. This text explains the types of data it covers and who it affects, outlines some of the rights and limits it introduces, and clarifies the purpose behind its creation.
We are not talking about personal data: the Data Regulation (DR) applies to data collected through the Internet of Things (IoT). This includes raw and pre-processed data captured via connected products (for example, connected cars, medical and fitness devices, industrial or agricultural machinery) and related services (i.e., anything that makes a connected product behave in a specific way, such as an app to adjust lighting brightness or regulate a refrigerator’s temperature). The scope also covers metadata, readily available data, and personal or non-personal data, although personal data remain subject to the provisions of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR).
Understanding the DR is particularly relevant for the users of these connected products and small and medium-sized enterprises (SMEs), because it regulates who can access this data, under what conditions, and with what guarantees.
Regarding users, the person generating the data must be able to access it, and, if they wish, must be able to share it with another company of their choice. Similarly, companies need the consent of the IoT device user to use any non-personal data collected.
As for SMEs, the DR allows them to disregard abusive clauses that may be imposed by stronger companies in this context of access to and use of data. To this end, a clause is considered abusive if it aims to exclude or limit the liability of the party that has unilaterally imposed the clause in cases of intentional acts or gross negligence; leave the weaker party without remedies in the event of breach of contractual obligations; and grant the stronger party the exclusive right to determine whether the data provided complies with the contract or to interpret any contractual clause.
Or, for example, a clause is presumed abusive when it seeks to prevent the weaker party from obtaining a copy of the data they have provided or generated.
In all other respects, the DR refers to data exchange between companies, and between companies and public administrations, regarding minimum requirements for interoperability between cloud and edge services, as well as the participants of the data spaces.
But why has the European Union created this Regulation? In 2020, the European Data Strategy was established to strengthen the European Union (EU) data-driven economy and, therefore, also to improve its position relative to the US and China. The strategy is mainly structured around the DR, and the Data Governance Regulation (DGR, also called the Data Governance Act or Data Governance Law), which regulates the reuse of protected public-domain data, whether personal or non-personal, but also includes an investment plan for the development of infrastructure that makes the content of the rules practicable, sovereignty in the field of cloud services, and a whole action plan aimed at achieving the main objective.
In addition, the EU institutions are creating common European data spaces across various sectors: agriculture, energy, health, the Green Deal, finance, research and innovation, language, media, mobility, public administration, skills, cultural heritage, and tourism.
Having quality data would improve the opportunities for AI to thrive in Europe, as it is decisive for improving accuracy, performance in new cases, and reducing the risk of bias that, in turn, could lead humans to make poor decisions.
The DR, together with the DGR, aims to turn data generated by connected devices within the single market into an accessible asset, establishing rules for its use and reducing, as far as possible, legal and technical frictions, which, ultimately, is part of a strategy aimed at strengthening European digital sovereignty, opening markets to SMEs, and improving the quality of the data that feed AI systems.
Article published in Expansión
