First, the good news: The Data Act could make a huge difference. It is a big chance to contribute to a legal framework to allow for data to be used differently from resources as we know them. Data does not need to be owned by one party, but different approaches such as data commons or data trusts are possible. We only need the courage to set up the rules accordingly (and some practice).
Now the bad news: The draft Data Act is not a revolution at all, but mainly a description of the status quo with a little bit of tinkering. The European Commission got lost in details and, while the objectives of fairness and innovation promise great change, the draft makes too tiny steps in the right direction while enshrining many aspects of how the data economy is run right now, in particular the powerful position of factual data holders.
Everybody but the data holders would benefit from a bolder approach to using the legislative momentum in order to enable a different economic approach to data. Data ownership is meant to be dead, but we still do not know how to fill the vacuum: What would the world look like without a data collector having, by default, full control over the data, a well-familiar concept from non-digital assets? The Data Act only hesistantly breaks with this paradigm by giving other parties certain rights to that data if very specific conditions are fulfilled. These conditions are narrow, too narrow to enable a paradigm shift away from the data holder being the default exclusive data owner.
Make access more meaningful
There are various limitations that strongly restrict data access by device users and third parties and that should be scrapped:
Article 4(4) stipulates that users may not use the data to produce a competing product (Article 6(2e) does the same for third parties that are granted access on behalf of the user). This is based on the intention "to avoid undermining the investment incentives for the type of product from which the data are obtained" (Recital 28) but it is far from clear that this would happen at all as a consequence of mere data sharing. One of the key objectives of the Data Act is to stimulate competition, but somehow the European Commission believes that this is not feasible (or desirable without overriding the established competition law doctrine) for the devices in scope of the regulation (IoT devices), only for their after markets. The point about investment incentives being destroyed by data access comes up frequently in arguments against data regulation, but no clear evidence exists that data access really has a tangible impact on these incentives in practice. A lot of data is collected as a by-product which would continue to happen irrespective of data access. It is plausible that for some data, imposing data access could move the needle from "I have an incentive to develop an innovative product" to "I don't have that incentive", but that potentially negative effect could be hugely outweighed by the benefits of sharing the data that continues to be collected. This is pure guesswork: Ironically, there is no empirical data on data incentives because there is no access to conduct such a study. Besides, market definition is chronically difficult in digital markets and leaves the door open for many arguments why what seems like an after market product may in fact be a competing product. Could we just give access to data also for the development of a competing product?
Recital 14 clarifies that information derived or inferred from data is not within the scope of the Data Act. This appears to strongly underestimate the need for interpretation of e.g. sensor data to derive useful information. Raw sensor signals will often be completely useless and manufacturers can argue that derived insights such as room temperature, velocity or volume of a sound are derived information outside of scope. There might be a rationale for protecting certain information that is the product of highly sensitive algorithms, but not for protecting inferred data in its entirety. The Commission does not clarify its reasoning but if it, again, wishes to protect innovation incentives, this would again be hypothetical.
Articles 5(2) and 6(2d) stipulate that no data may be passed on to gatekeepers (GAFAM and similar), the addressees of the Digital Markets Act. The intention is to avoid a first-order side effect: that gatekeepers grow stronger as a consequence of the Data Act because they know best how to put data access to use. Nonetheless, the provision invites a second-order unintended effect by giving consumers a reason to purchase their IoT ecosystem from one gatekeeper instead of mixing with other, smaller providers. Consumers know that, in compliance with the draft Data Act, they would be unable to share data from, for example, their smart meter or smart lighting with their Google Nest or Amazon Alexa ecosystem. So far, smaller providers aim to offer interoperability with the larger ecosystems; however, that would be limited by the DA. Consumers face three options:
Compared to now, mixing becomes more difficult, so it is well possible that the Data Act can increase the share of consumers who build an ecosystem exclusively with devices from one gatekeeper. In any case, it further adds complexity to what should be an overarching aim to grant data access and only restrict it where this is clearly beneficial.
There is a long list of additional criticism, including that data holders are allowed to limit themselves to providing in-situ access only, the lack of a clear prohibition of stricter rules at the national level (for databases), the insufficient definitions, hierarchies and justifications, the high degree of complexity and lack of focus (how on earth did smart contracts get in there?!). Mostof these are valid and important. But just as the Commission, it is easy to get lost in the detail.
The Data Act could have much more impact if it started out from assuming that data access should be granted UNLESS there are tangible, welfare-enhacing reasons not to do so. Instead, it follows the opposite approach that data remains with the data holder UNLESS there are tangible, welfare-enhancing reasons to grant access. In theory, one should end up roughly in the same spot. In practice, however, we know that there is a lot of grey on the spectrum and much more data will remain a private resource.
Stop pretending it is consumer policy
The draft Data Act mentions "consumer" 40 times. It could be understood to be consumer-oriented policy. That would be wrong. Unfortunately, the draft Data Act fails to bring about any tangible effects for consumers. It requires a user-led process (whereby the user needs to direct the data holder to provide access to a third party) that repeats flaws that we should have learned from the General Data ProtectionRegulation (GDPR).
The draft Data Act posits as a counterpart to the data holder the user of the device from which the data originates. This may be a business, but often will be a consumer. We already know that giving consumers formal rights does not necessarily lead to tangible empowerment. Instead, consent fatigue and choice overload often render rights conferred by the GDPR useless. Adding another set of rights will not change this. Besides, individual consumers will not benefit from data access: who will analyse their own smart meter usage data? It is only from the aggregation of data points that useful analysis becomes possible. Business customers might have a large enough number of devices to produce sensible insights from their data alone, but for consumers this is not the case.
There is still a very much ongoing debate about how to empower consumers more effectively (such as on delegation of data rights, collective representation and others). One might well argue that it is too early for the Data Act to figure out the best option for consumers. But it should neither build on and thereby enshrine past mistakes nor should it pretend to strengthen consumers. It could have chosen one of two options: a) work hard on strengthening consumer interests or b) wait until a preferred approach evolves from the debate. Right now, the risk is huge that the Data Act is a wasted chance for consumers, with no comparable opportunities coming up.