The EU Data Act became law on 11 Jan­u­ary, and will apply through­out the EU from 12 Sep­tem­ber 2025, 20 months after its pub­li­ca­tion in the EU Offi­cial Jour­nal. Man­u­fac­tur­ers of con­nect­ed devices will be required to com­ply with the EU Data Act, which oblig­es them to share data with users and third par­ties who request it. Dur­ing pub­lic emer­gen­cies, firms must also pro­vide unre­strict­ed access to data.

Con­nect­ed devices, such as blood glu­cose mon­i­tors, col­lect data on their envi­ron­ment. Data-shar­ing require­ments will cre­ate chal­lenges for man­u­fac­tur­ers and com­pa­nies will need to devise sound strate­gies for secure and defined data trans­fer. Leg­isla­tive inter­play is exac­er­bat­ing these oper­a­tional com­pli­ca­tions, as the EU Data Act cov­ers all data—personal and non-personal—while the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) reg­u­lates per­son­al data. The lack of con­crete def­i­n­i­tions for per­son­al and non-per­son­al data makes it hard to apply the leg­is­la­tion cor­rect­ly. Also, shar­ing data could com­pro­mise intel­lec­tu­al prop­er­ty and trade secrets, which has raised con­cerns. 

The EU Data Act per­mits access to be restrict­ed under cer­tain cir­cum­stances, such as to safe­guard intel­lec­tu­al prop­er­ty and trade secrets. But to autho­rise this clause, a data hold­er must estab­lish that it is high­ly like­ly to suf­fer seri­ous dam­age. This evi­dence can­not be a gen­er­al dis­claimer and man­u­fac­tur­ers have to make a pol­i­cy on what, and why, the data can­not be shared.

Source: Medtech Insight (an Infor­ma product)

Accom­pa­ny­ing this sub­ject we rec­om­mend the fol­low­ing con­tent on our website