Background

The Data Act is a new European regulation that will come into force in early 2024. It sets rules for the use of data generated by Internet of Things (IoT) devices. The term "IoT" is broadly defined and includes both private uses (smart home devices such as robot vacuum cleaners, light bulbs, various trackers, etc.) and industrial devices (intelligent machines). The Data Act not only grants access to information regarding the use of data from IoT devices, including access to the data itself, but also provides users with the right to compel companies (data holders) to provide the data they have collected to third parties. For example, farmers whose tractors collect information about pesticide use and sowing could make this data available to the Chamber of Agriculture. This enables the Chamber to fulfil its documentation and reporting duties while also promoting resource conservation and sustainable chemical usage. In conclusion, the Data Act gives users control over their data while also unlocking new possibilities for data utilization in the IoT sector.

Project Content

So far there is no well-engineered concept that is in keeping with the requirements of the Data Act. The best approach to date are data spaces. These are decentralized data platforms that enable different users to share their data without giving up sovereignty over this data. Data spaces have yet their limitations, as they do not include (end) users and have no adequate solution for how to handle the real-time sharing of enormous amounts of IoT data. Nonetheless, these challenges must be addressed, particularly as companies will be required to respond to user requests beginning in 2024 (with an 18-month transition period). In this project, we collaborate with companies to develop a prototype solution that not only tackles the issues in question but also meets the requirements of the Data Act.

Goals

APOCRAT provides consent management solutions for connected devices (IoT) that meet current legal requirements. In this project, we are focusing on developing a solution that complies with the Data Act. For this, the following sub-goals must be met:

• Identification of use cases together with companies and end users.
• Analysis of the impact of the Data Act on the identified use cases.
• Creation of a catalogue of requirements for the implementation of the Data Act.
• Development of a concept for a prototype and creation of a prototype
• Evaluation of the prototype with companies and end users based on the catalogue of requirements.

Target Groups

The project's target audiences encompass users of IoT applications, both individuals and legal entities, along with providers of IoT devices for private (smart home) and industrial use. Additionally, it includes other stakeholders from various sectors who are currently or will potentially be affected by the provisions of the Data Act.

Results

The prototype developed in the project is expected to meet the requirements of the Data Act, including the following aspects:

• Integration of (end) users: The system should appeal to both types of users: those proficient in technology and those with limited background knowledge in the specific area. It should facilitate a clear understanding of the type and volume of collected data for all users.
• Continuous, automated exchange of IoT data and development of a non-closed solution: The Data Act mandates the real-time or continuous transmission of collected data to users and authorized third parties. Consequently, data should not be manually uploaded; rather, access to the data should be automated for designated groups. Additionally, the system should offer simplicity and convenience for third-party users, requiring minimal effort for connection.
• Strong integration of privacy and a special focus on data protection: Privacy and robust data protection measures are fundamental aspects of the Data Act. However, it is essential for the Act to align with other pertinent legislation such as the TTDSG, GDPR, and Data Governance Act. Therefore, special emphasis is placed on ensuring compliance with these regulations.