EU data law: Smart TV to e-bike: Users will receive new rights from Friday

A lot of data is collected in the “Smart Home”: from the networked refrigerator, voice assistance or the smart TV – everything stores information. Digitization brings data -hungry devices with it and, according to the will of the EU, users should benefit more.

From Friday (September 12th) you will receive more rights to the data that collects your connected devices from Friday (September 12). Then the EU data law (“EU data act”) applies to these products. Manufacturers must therefore disclose what information is collected – and how to access it.

The EU’s data law came into force at the beginning of 2024 and is now used. It is intended to facilitate consumers to view their device data and, if necessary, to pass them on to other services, for example for repair purposes. In the end, services should become cheaper and easier. The most important questions about the new provisions at a glance:

What devices does the law apply for?

For which one would not be easier to answer. Because according to the EU regulation, the rules apply to all so-called networked devices. That sounds like an internet connection, but it is not absolutely necessary. The rules expressly include devices with wired data transmission.

A coffee machine that could transmit data for repair purposes, for example, falls as well as “smart” devices that are controlled by wireless connection or app.

What data is it about?

This definition is also generally kept in the law. The data concerned includes “any digital presentation of actions, facts or information”. This can also be videos, pictures or sound recordings that a device made. It is therefore more important whether the device affected generates or collects data about its use, performance or environment – and less as it does.

The list of affected industries and social areas is therefore comprehensive: cell phones, smartwatches, modern kitchen appliances, air conditioning systems or cars are also affected as well as industrial machines or aircraft.

Does the device have to be new?

No, the right to the generated data also exists for devices that have already been purchased. By the way: If you sell your fitness tracker or your television, you have to explain to the new owner how to get the data of the device. Because the EU data law does not distinguish between the first ownership and the second-hand.

From September 2026, the EU data law also provides that manufacturers bring their new products to the market with simple interfaces for the data access of their users – the new rights of their customers are already thinking about developing.

What should this bring to users?

Manufacturers have often granted themselves to all the data generated. Now both individuals and companies should get more control over their own data. In the future, they should access data, delete them or pass them on to third parties.

The latter in particular is associated with the hope that repairs or other services will become cheaper and easier for users. For example, a car owner could choose to share certain data with his insurance company in the future. In theory, an exemplary driving behavior could perhaps lead to a lower insurance premium.

According to the European Consumer Protection Organization Beuc, there are too many exemptions that make these options difficult in practice. BeUC managing director Agustín Reyna therefore described the law as a “missed chance”.

How should users get the data?

Here the EU regulation gives the providers two options: direct or indirect access. Where possible, users should easily access the data themselves. The providers and manufacturers must inform about how this works.

If direct access is not possible or is not desirable by the manufacturer, the Ordinance should be sufficient for a simple request, for example on a corresponding web portal. Without major hurdles, an answer with the corresponding data should follow.

What else does the EU hope for?

More revealing data trading should create new business areas according to the plans of the EU or to grow existing. The data creation should therefore contribute more to added value.

In addition, authorities in exceptional cases such as forest fires or flood disasters should be able to access data that are owned by the private sector.

Large cloud providers such as Amazon Web Services, Microsoft or Google are now obliged to prevent illegal access to data and to enable an easier change of provider.

What do companies say?

There is criticism from the Digitalverband Bitkom and the Federal Association of German Industry (BDI). There is still a lot of uncertainty in Germany because of the EU regulation. In the 20-month transition period, the legislature did not manage to transfer the EU regulation to German law, both associations complained. This lacks clear contact persons at the authorities.

A functioning data industry is central to successful digital business models, added BDI CO managing director Iris Plöger. “However, the EU legislator interferes excessively into the contract autonomy of industry,” said Plöger. Bitkom President Ralf Wintergerst evaluated possible opportunities by the EU regulation. The law could advance data -driven business models.