How the EU Data Act Restores User Control

The European Union’s Data Act has entered its second phase of implementation, fundamentally reshaping the data landscape by empowering users with rights over the data generated by their connected devices and services. In a significant move to promote fair play, the act prohibits unfair contract terms and mitigates vendor lock-in while mandating data portability to free information previously stuck in isolated systems, as noted by Shaun Hurst, principal regulatory advisor at Smarsh.

Hurst emphasized the importance of the Data Act for their financial services clients, who must navigate compliance complexities while retaining full control over their communication data. He expressed curiosity about the act’s implications, not just for Smarsh, but also for its competitors. Highlighting the act’s breadth compared to existing frameworks like the General Data Protection Regulation (GDPR), he pointed out that it encompasses all types of data, regardless of its nature, produced by interconnected products and services.

Describing the differences between the GDPR and the Data Act, Hurst stated, “While GDPR erects barriers to safeguard your data, the EU Data Act builds pathways to ensure you can utilize it effectively.” In his recent video discussion with Information Security Media Group, Hurst elaborated on various aspects, including the regulatory requirements for data processing, the potential of the Data Act to stimulate AI innovation globally, and the critical distinctions from privacy laws like GDPR and the Transatlantic Data Privacy Framework.

With over two decades of experience in assisting financial institutions with intricate IT challenges, Hurst is recognized as an expert in regulatory compliance, data privacy, eDiscovery, and cloud computing. His extensive tenure at one of the largest banks in the United States provides him with profound insights into the regulatory and operational challenges currently confronting financial entities.