2 minute read
2.2 The "triangular relationship" of data holder, user and data recipient
would be forced to incorporate corresponding interfaces, etc. (investments) or to change the product technically in such a way that data use would never come into consideration, even if an application scenario arose in the future. This is especially true for battery-powered low-power IoT products, whose very limited energy budget must last for several years (typically five to ten years). Data transmissions outside the specified use case can drastically shorten the lifetime of these products. In addition, data-based innovative addons that require prior investment for data generation would be prevented. This would be diametrically opposed to the Data Act's goal of promoting data-based value creation.
There is still a need for clarification to the effect that the data generated during their use should be simple, secure and directly accessible to the user by default ("data access by design" or "by default") and thus be brought into line with both the data security requirements from Articles 25 and 32 of the GDPR and the product regulations pushed by the EU Commission, such as the Radio Equipment Directive (RED) and technical standardisation for more data and cyber security.
2.2 The "triangular relationship" of data holder, user and data recipient
With regard to data access and data portability rights of IoT product data in Chapter II of the Data Act, the EU Commission chooses a model with the "data holder", the "user" and the "third party" that does not adequately reflect complex industrial value chains. The EU Commission's highly simplified assumption of value chains chosen here prevents the Data Act from unleashing its full potential of data-driven value creation. In Industry4.0, a large number of actors (machine manufacturers, software and component providers, and customers) work together and share data for mutual benefit.
Particularly in combination with the very vague definitions in Chapter I, the Data Act leaves many questions open as to how the approach chosen here is supposed to function in this industrial context. For example, the approach focuses one-sidedly on the role of the asset user or operator and does not take into account the role of the component provider or seems to subsume this under the asset provider or supplier, who also has an interest in the usage data of their component, which they do not usually have in industrial practice. This is an example of the misguided basic assumption of the Data Act that in the industrial sector the manufacturer of a product is to be qualified as the data holder. On the contrary, the (component) manufacturer is usually cut off from using the data generated by its components, both technically and due to contractual provisions. Chapter II suggests (also taking into account the introductory Explanatory Memorandum) that the IoT asset provider is in fact to be regarded as the "data holder". However, in many cases this understanding misses the point of industrial practice, because here the "user", i.e. the customer who uses the product, usually also possesses the usage data.
