fbpx Skip to main content

SAP And The EU Data Act

SAP and Siemens are among five German technology companies who have questioned the draft EU Data Act, which covers all non-personal data: adding to a growing list of US companies like Amazon and Microsoft who are expressing concern about the final form of the legislation. US companies have said the law is too limiting but EU groups feel it is too vague.

The draft EU Data Act currently covers devices and software, including IoT end-points like smart home devices, vehicles and manufacturing systems.

Guido Lobrano, senior vice president for Europe of the tech trade association ITI said recently that the scope of the proposed provisions goes too far in their restriction of transfer of non-personal data.

“Data flows are the backbone of the digital economy and allow companies to reach consumers and access new markets. The Data Act should not create new restrictions to data flows that would harm Europe’s economy.”

The EU Data Act (initially proposed last year) is still in provisional form, but German corporations have now written to the EU commission addressing concerns about the act, which seeks to create a legal framework in European law to regulate the transfer and use of data created by devices and IoT endpoints. The leaders of these five German groups are requesting a pause in the process so that the proposals may take account of their concerns.

The EU commission is intending to create new laws to limit the way that big tech companies like Google move data across borders, so that European companies are protected against the data being accessed by foreign (non-EU) governments, and foreign corporations. The EU commission wants to regulate ownership and control of the data created by the use of technical products and services, as well as use the data to help achieve EU digital and sustainability initiatives.

The total amount of data generated globally is expanding exponentially and control and analysis of data will drive the growth of the tech sector and other businesses. The EU commission would like to democratize access to data so that other groups in Europe like consumers, third-party businesses and the public sector can also benefit from the data collected in Europe.

This week IgniteSAP will discuss the EU Data Act and the concerns of SAP and others, and how this may influence the development of SAP technology and the SAP ecosystem in the future.

The Objections Of German Tech Corporations

According to Reuters, five German companies wrote a jointly signed letter to representatives of the EU government, including European Commission President Ursula von der Leyen, European Commissioner for Competition Margrethe Vestager and Internal Market Commissioner Thierry Breton.

The letter, dated 4 May was sent by the CEOs of SAP, Siemens, Siemens Healthineers, Brainlab (Medical Tech), Datev (software company), and the lobbying group Digitaleurope, who’s members include 98 large technology corporations.

The primary concern of these organizations is that they believe the new legislation could compel companies to share data with others within and outside of Europe, to allow them to provide related services: potentially disclosing trade secrets, design data and other intellectual property. In turn this could lead (in their opinion) to unforeseen consequences at odds with the intentions of the law. The letter said that this would in effect impose an obligation to share data, and harm their ability to compete outside of Europe.

“…This could mean that EU companies will have to disclose data to third-country competitors, notably those not operating in Europe and against which the Data Act’s safeguards would be ineffective.”

The corporations wrote that in order to avoid this companies should be allowed to refuse requests to share data that included trade secrets or compromised data security, health or safety. The letter also requested that the list of devices included in the legislation should not be increased, and requested changes to the provision allowing customers to move between service providers of cloud infrastructure so that parties were able to mutually agree contracts for varied use cases.

In essence the German groups who signed the letter are warning that the current draft legislation is too broad in scope and needs to be very carefully defined to avoid undermining the competitiveness of European corporations, even though the initial intention was to protect those groups as much as other stakeholders.

Finding The Balance

In response to the letter the European Commission said that the law regarding trade secrets would remain the same, and that trade secrets should not be used as an excuse to retain control of all data.

Johannes Bahrke, a spokesman for the EU Commission said:

“We have to find the balance there. And that’s exactly what we’re trying to do with the proposal on the Data Act. There are safeguards, so contractual and technical protections laid out in the Data Act.”

Who’s Data Is It Anyway?

The new legislation which will not be passed for some time, builds on the EU General Data Protection Regulation (GDPR) passed in 2018 which protects personal data of EU residents. After considering the regulatory needs of EU citizens concerning personal data held by EU companies, the commission has now begun the process of expanding regulation to cover the informational needs of the European digital economy of the future.

At this critical moment in the development of a new digital Europe, the EU is attempting to balance the benefits to the whole economy of open access to non-personal data with protection of the process of collection, transfer and control of an ever-increasing pool of data.

SAP And The New European Data Landscape

It is certainly true that data flows are “the backbone of the digital economy” and SAP is a corporation which is built on facilitating that flow.

All concerned parties in the debate are taking the opportunity to make their voices heard in the legislative process because though all agree that data flow is essential to business processes, they are also aware that control, if not ownership of data, is necessary to their various business models.

SAP revenue comes in large part from customers who want real-time access to internal business process data and customer data so they understand the importance of the EU Data Act.

SAP also now generates revenue from customers who need to collect data in order to comply with EU legislation on sustainability, carbon footprints in supply chains and ESG reporting with solutions like SAP Sustainability Control Tower, so data regulation can lead to higher revenue for SAP and their partners.

The SAP Business Network is also a closed system for extended supply chain data-sharing among approved and trusted partners and so SAP are clearly aware of the benefits of data-sharing, but provide a secure network for this process. SAP GRC and Cybersecurity solutions are all based on the premise that more data, in the right hands, and carefully controlled, can only be of benefit to any company.

One of the main reasons for hesitancy among the pre-existing SAP customer-base in migrating on-premise SAP systems to the cloud is due to their uncertainty about being able to protect their own customer’s personal data in line with the European GDPR act of 2018. This is a symptom of the changing data landscape, where public awareness takes time to catch up with fast-moving technology and new legislation.

For all these reasons and more SAP’s signature on the letter to the EU Commission shows that the corporation is future-oriented, and doing due diligence on behalf of it’s customers, partners and shareholders. We can assume that whatever the outcome of the course of the EU Data Act through the legislative process, SAP will be in a position to adapt to the new European data landscape, and help other enterprises to adapt as well.

Are you an SAP professional looking for a new role in the changing SAP ecosystem? Our expert recruitment consultants can find your ideal employer and negotiate a competitive salary on your behalf so join us at IgniteSAP.