The EU Commission has made a significant change to its approach towards personal data with the implementation of new data regulations. While the current General Data Protection Regulation (GDPR) is known for its restrictive measures, the new regulations focus on enhancing the value and protection of data in the digital economy. However, because the GDPR cannot be modified, some contradictions are unavoidable.
To delve deeper into this issue, Stephanie Richter, a lawyer and associate at TaylorWessing law firm, was invited to the c’t data protection podcast. Richter, who has extensively studied the Data Act, discussed the conflicts between the draft and the existing GDPR regulations.
The Data Act was first presented by the EU Commission in February 2022 and has since undergone the decision-making process in the Council and the EU Parliament. Currently, it is in the trilogue process to find a compromise. If a compromise is reached this month, the Data Act could be passed soon. Companies would then have a grace period of twelve months to adjust to the new requirements.
The purpose of the Data Act is to ensure that data collected from devices is not confined to the manufacturers’ cloud but can be traded through intermediary services at the request of the data owner. This includes data from vehicles, IoT devices, and language assistants. Both consumers and companies will be affected by this, as the Act emphasizes “accessibility by design”, which includes interoperability and interfaces.
Stephanie Richter raises concerns about the collision between the obligation for manufacturers to make mixed data accessible under the Data Act and the GDPR’s requirement for data minimization. This conflict could potentially weaken data protection. On the other hand, companies may exploit data protection regulations to avoid complying with the requirements of the Data Act. Additionally, Richter highlights that data may also contain trade secrets, further complicating the situation.
In conclusion, Richter predicts that the implementation of the Data Act will lead to new legal uncertainties for consumers and companies. It may take several years of legal proceedings and decisions from the European Court of Justice (ECJ) before the ambitious goals of the Data Act set by the EU Commission are clarified.
For more information, listen to episode 88 of the c’t data protection podcast.
(hob) To access previous episodes, visit the podcast’s homepage.
