EU countries and EU lawmakers has agreed on rules that govern how Big Tech and other companies use European consumer and corporate data, with safeguards against non-EU governments gaining illegal access.
The European Commission proposed the Data Act last year to cover data generated in smart gadgets, machinery and consumer products, part of a raft of legislation aimed at curbing the power of US tech giants.
EU concerns about data transfers have grown following revelations by former US intelligence contractor Edward Snowden in 2013 of mass US surveillance.
The agreement was reached after seven hours of talks.
“Tonight’s agreement on the Data Act is a milestone in reshaping the digital space – we are on the way of a thriving EU data economy that is innovative and open – on our conditions,” EU industry chief Thierry Breton said in a tweet.
The new legislation gives both individuals and businesses more control over their data generated through smart objects, machines and devices, allowing them to copy or transfer data easily from across different services.
It also gives consumers and companies a say on what can be done with the data generated by their connected products.
The Act makes it easier to switch to other providers of data processing services, introduces safeguards against unlawful data transfer by cloud service providers and provides for the development of interoperability standards for data to be reused between sectors.
Manufacturers watered down an attempt to force them to share data with third parties to provide aftermarket or other data-driven services. Siemens and SAP had voiced fears about trade secret-related data leaks.
Such data sharing requests can be rejected under exceptional circumstances where operators could face “serious and irreparable economic losses” undermining their economic viability under the new law.
Lawmaker Damian Boeselager said this created a loophole for some companies.
“I find this deeply concerning. But at least a national authority can review and annul such a unilateral decision by the operator in a timely manner,” he said.
Lobbying group The Information Technology Industry Council (ITI) criticised the wide scope of the Act.
“We have ongoing concerns regarding the Act’s broad and ambiguous approach to data sharing, including on the expansion of the products and services originally in scope and the safeguards for trade secrets protection, as well as the rules impacting international transfers of non-personal data,” its director general for Europe, Guido Lobrano, said.