On 27 November the European Council adopted the EU Data Act, a first-of-its-kind law that aims to unlock the value of 'industrial data' in the European Union.
Laws looking at how data is governed aren't original.
It's just that to date they have focused either on opening up government data for reuse or protecting data.
The Data Act, on the other hand, looks to shift the point of data control over to the user and business customers.
In this blog, I focus on access, sharing, and use of data generated by connected devices and related services, as well as cloud switching provisions from the Act, and what it means for a company like Cisco and our customers.
The EU Data Act requires device manufacturers to design products and interconnected services to allow customers to access them and to be transparent about what data is being generated by the products about their environment and use, and how that data is being used.
To stimulate competition and innovation in after-market services, such as for repair, management and operation of products, users will also be able to share their data with a third party.
From the perspective of a manufacturer of connected devices like Cisco, data governance operations deployed to meet existing data privacy requirements are a good starting point for a new programme.
You need to know, and be transparent about, what data you have and how you're using it.
At Cisco, we pioneered transparency on personal data governance on a product-level basis through our Privacy Data Sheets and Maps.
The Act aims to enable customers to easily migrate from one cloud service provider to another by porting their data and applications in a timely and cost-effective manner and being able to effectively use them in the new environment.
For Infrastructure-as-a-Service providers, that means porting of data and applications and facilitating 'functional equivalence' in their use in the destination service.
For Software-as-a-Service applications, it's largely about porting customer-generated data and related metadata.
The EU Data Act will be enforceable in approximately September 2025.
The issues that need to be addressed include the exact types of data and products in scope and how that is defined in edge cases; how access to data is provided and in what format; and safeguards for data that should not be as readily shared - to ensure trade secrets and personal data are appropriately protected and rights respected.
The standards around cloud data portability and interoperability are also not yet mature.
The European Commission has established an Expert Group on B2B Data Sharing and Cloud Contracts, which is working on non-binding model contract terms in these two sections of the law and is hopeful to deliver results by the end of 2024.
Insert data access and portability in product secure development lifecycle processes.
Adapt data and cloud strategies to leverage opportunities with vendors and products.
At Cisco, we believe in the vast opportunities of a responsible data economy.
This Cyber News was published on feedpress.me. Publication date: Tue, 05 Dec 2023 09:43:04 +0000