EU Proposes New Data Act Aimed At Regulating Non-Personal Data

Already at the forefront of personal privacy rules, European regulators are looking to extend their focus in an effort to protect small businesses with proposed legislation called the Data Act. The measure, as the Journal reports,  would “force more data sharing among companies in Europe,” in an effort to help ease the stranglehold that a handful of Big Tech players have on large swaths of commercial and industrial data—including “non-personal data generated by connected products” within the Internet of Things.

While the EU’s landmark GDPR centered on the collection and processing of personal data within the bloc, the proposed Data Act focuses on non-personal data. According to the Journal, “EU officials say their goal with the new law is to help open up more of a marketplace for data by forcing companies to strike data-sharing deals that would allow consumers to choose between competing service providers when using connected devices.” 

Though not yet law, lobbyists and tech lawyers are already pushing back on that they’re calling the “significant burden on companies” associated with the Data Act. Compliance concerns are likely to create a GDPR-like wave in privacy notice and Terms & Conditions revisions in coming years, as companies scramble to stay on top of the new requirements.

The Robins Kaplan Privacy Pulse blog features privacy and cybersecurity litigation topics including the latest news in cybersecurity law and policy, privacy legislation, and other related cyber topics making headlines.