 Good afternoon, everyone. Thank you for joining us. I'm pleased to welcome you to this IIEA webinar entitled The European Data Act, Harnessing the Value of Europe's Data. I'm Eric O'Donovan, head of digital economy policy with the business group IVEC, and I'm delighted to have been invited to chair today's event. In February 2020, the European Commission published its communication on a European strategy for data. It's understood that the Commission's belief is that the potential of data is currently underutilized in Europe and it's objective to enable data to be harnessed for further economic and societal benefits. A single market for data, as it were. And the strategy committed to a Data Governance Act and a Data Act, and the Data Governance Act has been jointly agreed by the Parliament and the Council on the 30th of November. And that Data Governance Act introduces rules for data marketplaces and establish rules for intermediates. We're delighted to be joined today by Christian Dukuna from the Data Policy and Innovation Unit in DG Connect, who has been generous enough to take time out of his busy schedule to speak to us today about the Data Act. Christian will speak to us for about 20 minutes or so and then we'll go to Q&A with our audience. This event is scheduled to run until 10 to 2 today. You'll be able to join the discussion using the Q&A function on Zoom, which you should see on your screen, and please free to send us on any questions you have throughout this session as they occur to you. And we'll be able to come back once Christian has finished his presentation. A reminder that today's presentation and the Q&A are both on the record. Please feel free to join the discussion on Twitter using the handle at IIEA. I'll formally introduce Christian now and then hand over to him. So Christian Dukuna works in the Data Policy and Innovation Unit of DG Connect in the European Commission. He's been involved in devising the EU cybersecurity strategy and in coordinating EU interoperable COVID-19 contact tracing apps. Previously served as head of the private office of the European Data Protection Supervisor. Before joining the EDPS, Mr Dukuna was involved in leading the review of the Data Retention Directive in negotiations on the EU internal security strategy. Christian, you're very, very welcome. And we very much look forward to hearing your keynote address. I'm just going to hand over to you now. Thank you. Thank you so much, Eric, for the introduction and thank you to the IAEA for the kind invitation to speak to you. It really is a pleasure to take time out of the day to talk to this event, which I've had dealings within the past and great respect for the events that you organise. So when you invited us, when you invited the Commission to present the Data Act, you were probably expecting to be the first of the mark to get a presentation on the Commission's latest proposal on the Data Act where actually we haven't adopted it yet. As Mike Tyson said, everyone has a plan until they get punched in the mouth. So suffice it to say we still have a plan, but the plan is to conclude the proposal of the Data Act on the 23rd of February next year, rather than the 1st of December this year. And I'll get into some more detail shortly, but just to cut to the chase. The Data Act will be addressing how data can be used and reused in the interests of a sustainable and competitive economy in the interest of empowered consumers and democratic society. And this is going to mean intervention in four main areas. First of all, between businesses. Second, between businesses and consumers. Third, between businesses and government. And fourth, between providers and users of cloud services, cloud being the essential infrastructure for getting value from your data and your digital assets. And the Data Act is the last major legislative initiative envisaged under the data strategy of February 2020 as Eric just mentioned. And it follows on from the Data Governance Act, the Digital Markets Act, and related initiatives like the Digital Services Act, the Artificial Intelligence Act, and the European Health Data Space, which is also on the horizon. First I'll try to explain the draw the broad policy context for the Data Act. Then I'll try to explain why we think this act yet another act on digital and data is needed. And lastly, I'll indicate what levers the proposal will aim to pull to achieve its objectives. So the biggest challenge that we face. Once we get to the end of the pandemic is obviously the climate and environmental crisis. And the implementation is essential to move to a sustainable growth model. And that can only be achieved through the efficient use of data. The data economy represents an estimated 2.6% of the GDP of the EU 27 member states. In preparing the Data Act, we have with our colleagues across the Commission, it's a joint effort involving a number of different services of the Commission, not only DG Connect. But we've reviewed all economic sectors of the European economy. The conclusions are remarkably consistent, despite the diversity of different sectors. All companies have data to a greater or lesser extent, but only a very few of them are actually doing something valuable with that data. And generally, the smaller the company, the less likely they are to get value from data. And we do and so we do not yet have an internal markets for data, the internal market for data that Eric mentioned. Anyway, well, most data collected is not actually used for anything, as much as 80% of it is just sitting there on servers consuming energy. And only 8% of companies, according to a 2018 report by McKinsey, have been able to embed data analytics across the whole organization. And the PhD research indicates that these companies which invest in data analytics grow as much as 10% faster than others. And that's why the Commission has proposed a target for 2030 a series of targets that 75% of businesses will be taking up cloud computing services using big data and AI. And that's against the 2020 baseline of well under 25%. Now the urgency for the data act now is for businesses and consumers stems from the fact that we are now on the cusp of an enormous wave of data generation with the entry onto the market of billions of connected things. This will generate an estimated 175 zettabytes of data by 2025. And for those of you, those of you who want to wear one zettabyte is equivalent to all the grains of sand on all of the world's beaches. These are products known as the Internet of Things, which have physical components like sensors microphones cameras radar gyroscopes. And they result in a continual stream of data which is sent, received and analyzed in real time by humans or artificial intelligence and machine learning. We have predicted that reversing the current tendency, the data will be processed close to the device on the edge, rather than being sent to remote cloud servers. And this will result in lower latency and save bandwidth. In other words, faster response times for people analyzing the data. The CDPR and rules on intellectual property and trade secrets already provide safe safeguards that information will not be misused or unlawfully acquired. And with the few exceptions of the automotive industry with the type approval regulation from 2018 banking with PST to and electricity, the electricity directive, the law is generally silent on what economic actors, businesses and consumers can actually do with data. And we hear from stakeholders that users of connected machinery cannot easily obtain data on the equipment performance and efficiency. And manufacturers often have a de facto monopoly of control on the data from those machines. And once back smaller companies who think that they could innovate innovate and compete and provide valuable services to customers, if only they could see the data. And the most obvious example of such aftermarket services is repair and maintenance services. Connected objects that cannot be easily repaired will be used inefficiently and probably thrown away. And these these objects often contain dangerous substances, which have a considerable impact on the environment. Think for instance of lithium ion batteries powering most IOT devices that have to be carefully replaced by specialists that know how to avoid the loss of data. I'm going to give you a couple of examples from from industry of why we think that the data act is needed right now. First of all in agriculture, farmers by lots of agri-tech equipment, things like tractors with soil detection sensors or fertilizer machines which track how much fertilizer has been used. Data use is basically dictated in this in this area by large manufacturers and producers of fertilizers and seeds. But you have to have access to the data in order to get the machines repaired and maintained and to decide when to sell it. And also in order to combine data from other sources on for example the weather or the quality of the soil. And this is basically precision farming, which is vital for meeting our goals for carbon emission reduction and stopping the biodiversity loss. But small farms and this is this is an area of the economy which is characterized in the across the EU by small and medium enterprises. Small farms usually don't have in-house data scientists, so they would need to turn to specialist apps and service providers, but that of course means that they need to have access to the data. The second example is cards and here recently the Netherlands Forensic Institute examined the physical memory storage cards in Tesla vehicles. And they found that the company was collecting much more data than it makes available to drivers. Data on vehicle speed, angle of the steering wheel, use of the throttle. Now what does this mean? This means that users are in effect locked into aftermarket services offered by the manufacturer or by the providers approved by the manufacturer. For consumers, from a consumer point of view, unfortunately data portability is still not a reality in the case of these IoT objects. Now let's take the example of voice assistance. The preliminary report of the commission's sector inquiry into consumer IoT devices showed that voice assistant providers accumulate and hoard voice queries, including queries about the use of third party consumer IoT products. Users cannot access and cannot direct the providers to give the data to third companies of the users choosing. That means that they are, they're not able to make best use of potential services, which will give them either valuable analytics information or help them replay the objects themselves. Now let's look at the standard developer services agreement offered by one well known voice assistant provider. It states, we have sole ownership and control over all sales and other data we obtain from end users in connection with the program, the program being the voice assistant. So this basically covers how users buy and download games and other digital products and services through the voice assistant service. In other words, when data is generated by your product, whoever, whoever holds the data can do anything with it, but you as a user cannot get the data on your own products lifespan and repair options. The commission reported in 2019 on how most people are unsatisfied with the information that's made available to them regarding their own gadgets and devices. And this indicates that the GDPR is very important, but it's not sufficient. The third area of interest for the data act is when governments can lawfully seek to reuse data, which is held by commercial entities in exceptional circumstances, and two examples may serve to explain this. First of all, there was there was an attempt last year for mobility data to be reused in order to assess the effectiveness of lockdown measures, which obviously had an enormous impact on GDP. And what public bodies found across the EU was that it was very difficult to to to reach agreements with mobile operators on how this data should be safely anonymized and provided. And also it was frustrating for for companies that there was no consistent approach to requesting this data. A second example is concerns disaster loss data which is held by insurance companies access to this data to prepare for it can be essential for preparing for climate change extreme weather climate change related extreme weather events, which has cost come at an enormous cost both to human lives, but also to to the economy. And therefore this data is essential to adaptation strategies and you can see that in the commissions, the commissions paper and adaptation published earlier this year. There are examples of agreements between public bodies and and and the insurance industry for accessing this data. There's one example in the city of Oslo. But again, these these agreements take many years in order to be finalized and for the data to be made available. So in other words, there is no clear predictable framework for for doing this across the EU, even though some member states are trying to move in this direction. There are also internal risks fragmentation and legal uncertainty in the internal markets. And then finally, turning briefly to check to cloud users of certain types of cloud services have great difficulty switching between infrastructures. We've suddenly confronted, for example, with charges to switch providers. A multi vendor multi vendor cloud environment was a key aim for the free flow of data regulation in 2018, which envisaged self regulatory codes of practice. So what we see from talking to stakeholders is that there are unbalanced contracts, and that users find themselves locked into specific vendors, when they could perhaps get better or more appropriate services elsewhere. So just to conclude what what areas are we looking to intervene in the aim of the data act overall is to open up opportunities for using data, but at the same time to preserve the incentive on manufacturers and other data holders to invest in getting value from data. So is indicated in our public consultation on the data act in the summer. We're looking at a number of different policy levers. First of all, how can rights to data and access rights to access and reuse data be clarified for consumers were building on and not affecting existing rights regarding personal data under the GDPR and consumer protection rules like the unfair commercial terms directive. So there's more control over the over the data that their their own connected products generate. We're also looking at the database directive, which gives a sui generous rights to those who who have invested in the creation of a database rather than the creativity itself. And whether such exclusive rights are appropriate for IOT data, where the data are themselves a byproduct of the operation of the device. Second, we look, we recognize that most data sharing is done through contracts and in principle any any businesses free to enter into a data sharing agreement with another business. And that will remain for us a guiding principle. But we're looking at the same time at how to ensure that imbalances in negotiating power are not abused. The clear message from stakeholders that we've received, especially from smaller players is that in effect, they do not enjoy contractual freedom. They have a they they have taken or leave it terms presented to them. And the result is that they do not get the data that they believe they need in order to compete and innovate. The third area is is is we're looking at developing a framework for reuse of public sector data in in a set of very very limited circumstances with clear safeguards and predictability for businesses, minimizing the burden on them and and minimizing also the data, which which if any needs to be transferred. And fourthly, we're looking at how to facilitate cloud switching, how to lower entry barriers for new and innovative service providers. These barriers could be contractual, or they could be technical. So that's, that's, that's a that's a brief overview of where we are with the data act. It is coming. The, the European Council twice this year, most recently, at the end of, at the end of October. All of the, the governments, the EU issued a statement and included within that statement was, was a clear instruction for, for the Commission to get on with proposing a comprehensive framework for data sharing, specifically improving data portability and fairness and interoperability in the interests of innovation and growth. So we're working on this. Watch this space early in the new year it should be out and in parallel to all of this. We were pleased that there is good progress on on the other legislative initiatives in the under the data strategy. So I think the, the data, the data governance act reached political agreement between the Parliament and the Council. I think today there's a vote on the, on the digital services act in Parliament. And there was a, there was a resounding vote in favor of the digital markets act in in Parliament a few weeks ago. So those things are coming along the track, more or less. So I think it's time and the last piece in this particular jigsaw will be will be the data act there'll be some specific sectoral interventions as well probably I mentioned health. Those rules are also being being worked on by colleagues elsewhere in the Commission. Thank you for your attention and I hope that was helpful when I look forward to the, to the discussion.