Preparing for the data generated by IoT & ensuring a seamless, multi-vendor cloud environment

Adopted by the Commission on 23 February 2022, the proposed Data Act aims to provide harmonised rules on making data available and stimulating its usage. This includes data generated through the use of products and their related services, and data which are made available in bilateral relations (i.e., from data holders to data recipients). It also includes provisions for requiring data holders to make data available to the public sector in specific circumstances. Providers of ‘data processing services’, which includes cloud providers, are specifically covered by the Act.

14 / 03 / 22

A framework for making data available

The Data Act is a key part of the European Commission’s EU legislative framework for data, increasing the possibility for businesses and consumers to access the data of products they own, rent or lease. Data from equipment businesses use in their production processes, as well as data from smart consumer appliances, for example, will become accessible. It is thus critical to the evolution of the Internet of Things. It also sets out the general rules for others to access the data; dispute settlement bodies will be set up to assist parties that disagree on the conditions.

Fair contracts and vendor lock-in

The act also tackles contractual unfairness, currently for micro-, small- and medium-sized enterprises. However, the commission will also develop model contractual clauses that may assist others in concluding contracts.

One key aspect for Beltug and our members is the introduction of rules to enable switching between cloud, edge and other data processing service providers. Businesses should be able to maintain functional equivalence when switching. If this is ‘not possible’, it is up to the provider to prove why.

Data security

The Data Act also addresses “unlawful third-party access to non-personal data held in the Union by data processing services offered on the Union market”. It obliges the providers to take measures to prevent such access. Last but not least, interoperability for operators of data spaces and data processing services (i.e., cloud services) is mandatory: “[…] interoperability of data processing services to promote a seamless multi-vendor cloud environment”. With such an approach, perhaps in a few years, the Beltug events such as Getting a grip on your hybrid IT architecture can focus on the advantages, not the challenges!

Beltug’s position

The Data Act will have a profound impact on Beltug members, and includes many positive elements. We will examine the provisions in the act from the point of view of the business users of digital technology and data, and analyse which parts of the proposal should be kept, suggesting improvements if needed. This work will be done through our cooperation with the CIO associations of France, the Netherlands and Germany.

Go back

Cookie	Duration	Description
_wordpress_test_cookie, test_cookie	session	WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
CONSENT	until you remove it	The cookie is set by the GDPR Cookie Consent WordPress plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. When Consent has been given the cookie is used to store the user consent for the cookies in the category 'Analytics'.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category 'Necessary'.
cookielawinfo-checkbox-third-party	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Third-Party".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
WordPress_clef_session, _wordpress_cleff_state	1 year	This WordPress cookie is necessary to use the administrator zone (only for administrators).
wp-settings-1, wp-settings-time-1	1 year	WordPress uses this cookie to customize your view of the admin interface, and possibly also the main site interface.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.
YSC	to be removed by you	Registers a unique ID to keep statistics of what videos from YouTube the user has seen. This cookie expires when you close your browser.
yt-remote-connected-devices	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.
yt-remote-device-id	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.

Cookie	Duration	Description
_pk_id.1.5b04	1 year 27 days	Used to store a few details about the user such as the unique visitor ID
_pk_ses.1.5b04	30 minutes	Short lived cookies used to temporarily store data for the visit