Smart contracts can be effective in reducing costs because data sharing agreements can change minimally, e.g. just changing scope a to another scope. Smart contracts can also be used as a safeguard to prevent data misuse by data recipients.
It is worth noting that smart contract rules apply not only to cases where a data owner needs to share data with a recipient, but also to other types of data sharing agreements. In other words, other players (possibly in the crypto industry) that use smart contracts to enter into data sharing agreements as vendors will also be bound by data laws.
some context
Data laws are EU “regulations”. This means that it will be directly applicable within the EU, without the need for EU Member States to adopt implementing legislation.
At the core of data law is the obligation of manufacturers and designers of IoT devices, as data owners, to share the data generated by the use of their devices with users (or third parties at the user’s direction). “User” is a natural or legal person who has the right to use an IoT Device. See previous post for more details.
The Data Act will apply from September 2025.
Concept and usefulness of smart contracts for holders
Data law defines smart contracts as “A computer program used to automatically execute a contract or part thereof that uses a set of electronic data records and ensures their completeness and chronological accuracy.”. This means that once the parties agree to the use and content of a smart contract, the fulfillment of the contract will occur automatically (in whole or in part).
Note that the requirement for “regulated” smart contracts only applies to contracts whose purpose is to “make data available.” This means that the various contracts used in the industry (where automated performance is done using computer programs) must comply with data laws. On the other hand, the use of smart contracts for purposes other than “making data available” is not covered by data laws.
In order to foster innovation, it is important to emphasize that the smart contract concept is technologically neutral (e.g. it does not have to be based on blockchain solutions, at least in theory). Any technology that complies with data law requirements and can be used for automated execution of data sharing agreements may fall within the concept of smart contracts. For example, smart contracts can be connected to electronic ledgers.
Smart contracts for vendors sharing data (but not the owner)
Rules around smart contracts will not only impact data owners who are manufacturers of IoT devices. It also affects vendors of applications that utilize smart contracts in the context of executing contracts or parts thereof, making data available to third parties. In the absence of a vendor, smart data laws apply to individuals who carry out commercial activities that make data available using contracts.
Therefore, the crypto industry may be affected by data laws as the use of smart contracts becomes popular (even as a core aspect) by cryptocurrency players. The fact that data laws may apply to smart contracts in a crypto environment is highly controversial. Even if the application of data laws to the virtual currency industry was not the original intention of the EU legislator, they may be applied if the stated conditions are met (e.g. if the purpose of the underlying agreement is “Sharing of data”).
Smart contracts for data holders of IoT providers
Data owners of IoT products must share in-scope data with data recipients as directed by data users. The sharing of this data should be regulated through a data sharing agreement, and the parties should agree on confidentiality obligations, remuneration, scope of obligations, and any other aspects that the holder and recipient wish to include.
(i) that there may be multiple requests performed by a third-party recipient to obtain data from a data owner, and (ii) that in many cases the only difference between requests is Because it is a category of data, the process becomes very iterative. The Data Act envisages the possibility of utilizing smart contracts when data owners act as vendors of information.
Additionally, the use of smart contracts can be a useful tool to avoid data misuse and violation of data sharing agreements by data recipients. If a “smart contract” could automatically stop the flow of data to a data recipient when any situation occurs that the parties have agreed to cause this outcome, the data owner would be able to protect his or her rights. You will be in a more advantageous position. For example, in many cases, non-compliance situations have automatic consequences, so data owners do not need to actively monitor recipient compliance.
Technical Requirements for Smart Contracts: Special Reference to “Kill Switch”
Vendors of applications that make data available using smart contracts must comply with the following requirements of data law:
- Robustness and access control must be ensured to avoid functional errors and withstand manipulation by third parties.
- Data archiving and continuity. Ensures the possibility to archive transaction data, smart contract logic, and code to maintain a record of operations (in situations where the smart contract needs to be terminated or deactivated).
- access control. Ensure smart contracts are protected through strict access control mechanisms at the governance and smart contract layers.
- Consistency with the terms of the data sharing agreement concluded by the smart contract shall be ensured.
- emergency stop device: A smart contract must (i) have a mechanism to terminate the continued execution of a transaction, and (ii) reset the contract or stop or suspend operation, especially to avoid future accidental execution. shall ensure that it contains internal functionality that can be directed. This requirement has been criticized by the industry as it goes against the core tenets of decentralization and trustlessness that underpin blockchain technology. Some experts say that in a fully decentralized and automated system, no one should be able to operate the kill switch.
The vendor shall carry out a conformity assessment in accordance with the above requirements and issue an EU declaration of conformity. The EU Commission will request the EU standards bodies to draft a harmonized standard that meets the essential requirements listed above. This is considered a positive attitude that will allow industry to participate in the design of the final concrete requirements.
Legal requirements for smart contracts
The use of smart contracts in the context of data sharing agreements does not prejudice the applicability of relevant civil, contractual and consumer protection rules. These laws apply regardless of the technology used to enter into the contract.
For example, a contract between a data owner and a data recipient cannot contain unfair contract terms (as provided in Chapter 4 of the Data Act). Contracts with consumers must be governed by consumer law, and in any event, contracts shall also be governed by applicable civil and commercial law.
What’s next?
- Data owners (IoT providers) who intend to share data with third parties using smart contracts must (i) ensure consistency with data law compliance requirements; (ii) ensure that the contract does not contain unfair terms;
- Vendors (such as virtual currency companies) that use smart contracts to make data available to other parties should (i) assess whether their products fall within the scope of data laws; (ii) where applicable, ensure compliance with data law compliance requirements (including kill switch requirements);