The EU data economy is on the verge of a dramatic transformation, with its value projected to skyrocket from €301 billion in 2018 to an estimated €829 billion by 2025. To fuel this growth, the EU is rolling out new regulations designed to promote the circulation and reuse of data. At the heart of this initiative are two key pillars: the Data Act and the Data Governance Act.
The EU Data Act: Breaking Down Data Silos
The Data Act, set to take effect on September 12, 2025, is poised to dismantle existing data silos by facilitating the free flow of data generated by connected devices and related applications. Currently, manufacturers and service providers typically maintain exclusive control over the data generated by their products. However, the Data Act will revolutionize this dynamic by ensuring that users of connected products and services can access and share their data with any third party of their choosing.
Data Act Compliance ‘by Design’
By September 12, 2026, all new devices and related applications must be designed to comply with the Data Act ‘by design.’ This means that manufacturers will be required to create products with default settings that make data easily accessible and transparent to users, ensuring that data can be shared directly with any third party without unnecessary barriers.
What Does This Mean for You?
Imagine buying a car with advanced electronics that record your driving data-such as location, speed, and braking-and send it to the car manufacturer. When you apply for car insurance, the insurer may ask you to install another device to collect similar data for their use. Currently, this results in two devices collecting nearly identical data, but sending it to different companies.
Under the Data Act, you’ll have the right to request the car manufacturer to share this data directly with your insurer, eliminating the need for multiple devices. This right extends beyond vehicles to all your devices, including smartwatches, voice assistants, Wi-Fi access points, smart meters, and various applications that monitor your behaviour, such as self-scanning apps, payment apps, and online marketplaces.
Starting on September 12, 2026, you’ll be able to share your data directly, without the need for intermediation by the product provider.
The Data Governance Act: Enabling Data Intermediation Services
The Data Governance Act (DGA), which came into force in September 2023, complements the Data Act by establishing a framework for data intermediation services. These services offer a secure and trusted environment for companies and individuals to share data, acting as neutral third parties that connect data owners with data users.
Data Sharing: A New Business Frontier
Compliance with the Data Act opens up significant business opportunities. Companies can develop data exchanges that utilize services provided by data intermediaries, enabling customers to share data with any chosen party and potentially monetize these activities. While the Data Act regulates the fees that small and medium-sized enterprises (SMEs) can be charged for data access, it does not impose restrictions on data-sharing agreements between large companies or between an SME and a larger company, leaving room for negotiation based on factors like data volume, format, and demand.
Navigating the Privacy Challenge
While the Data Act encourages data sharing, privacy rules remain unchanged. Under the GDPR, when data is shared with multiple recipients for different purposes, each use case must be explained separately, and data subjects must be given the opportunity to consent to each activity individually. Furthermore, withdrawing consent should be as straightforward as giving it.
Decentralizing Consent Management: The Scalable Solution
The challenge for companies lies in managing consent in a scalable way, especially when dealing with large volumes of data owners and recipients. Centralized consent management systems, where intermediaries handle consent for each data transaction, become prohibitively expensive as the number of participants increases. For example, if managing one consent costs €1, a system with 1 million data owners and 10 data recipients would incur costs of €10 million.
The solution is to decentralize consent management, allowing data owners to interact directly with recipients without intermediary involvement. This approach significantly reduces costs, as expenses are tied only to the number of data owners, potentially lowering costs from €10 million to €1 million in the example provided.
Ecosteer’s Revolutionary Technology: Decentralizing Data Visibility Control
Ecosteer, a pioneering technology company, has developed groundbreaking solutions that empower data owners with unilateral control over data visibility, thus decentralizing consent management. Their flagship innovation, the Data Visibility Control Overlay (DVCO), enables data owners to manage the visibility of data streams generated by their devices and applications, utilizing a globally patented multicast encryption scheme. Recently, Ecosteer also filed a U.S. patent for a record-level encryption scheme (RELE) that allows data owners to control visibility over individual data records stored by third parties, such as Electronic Health Records maintained by a clinic.
Data Visibility Control: A Third Layer of Data Governance
Ecosteer’s technology introduces a new layer of data governance-data visibility control-on top of existing security and privacy measures. While security focuses on protecting computational resources and privacy safeguards data exchanges, both are traditionally managed centrally by data-sharing service providers. Ecosteer’s approach adds a layer of decentralized control, ensuring that only the data owner can grant full access to their data.
In future articles, we will explore Ecosteer’s technologies in greater depth and examine their potential to reshape the data economy.
Originally published at https://www.linkedin.com.
