What privact does for services.
The EU Data Act comes into effect in September 2025. It introduces significant new obligations for service providers. These mainly relate to data portability and switching, transparency and disclosure, interoperability and technical standards, and data protection. The privact ecosystem is the solution to these challenges.
The privact ecosystem provides the necessary technical and organizational infrastructure to act as a reliable and fair marketplace for service providers dealing with personal data. The main obligation for services moving to the privact ecosystem is to store and compute personal data locally, on users’ devices. In return, services get access to much more personal data, legal security for data that needs to be stored in their own clouds, and the ability to promote their respect for users’ privacy by displaying the privact seal at the point of sale / use.
How it works
To participate in the privact ecosystem, services must store and compute personal data locally, not in the cloud. To do this, all data points that services want to use must first be registered in the central privact database schema. This database schema is then synchronized with the user’s local database instances. These then allow the service to store and use the new data points locally. Users also have the option to allow services to access data points created by other services.
Data that needs to be stored on the service provider’s computers (e.g. for legal reasons, delivery of goods, etc.) will have a smart contract attached to it. In this way, service providers can prove at any time that the personal data stored is in compliance with GDPR (or other relevant legislation).
Legally, the (yet to be created) foundation will act as a partner for services. They will have to sign the terms and conditions of the foundation. This will mainly allow the foundation to audit that the services respect the local only requirements for handling personal data.
Benefits for services
Participating in the privact ecosystem is a relatively easy way to comply with all legal requirements for handling personal data. The ecosystem provides a marketplace for personal data, a level playing field for all services, under the full control of users. It gives services real-time access to the largest pool of individual personal data, giving you the power to deliver the best personalized service experience you can imagine.
At the same time, by taking on the role of researcher, you can understand the needs and wants of your user base. And those who are not yet your users. By using the privact seal, you can easily demonstrate your commitment to digital privacy at the point of sale / use. This will convince those who are not yet using your service.
The legal perspective:
EU Data Act, GDPR and more.
The EU Data Act is a new law that will come into effect in September 2025. It ensures that valuable personal data generated by our devices and services is used more fairly and efficiently, while protecting people’s rights and privacy.
It extends the GDPR, which focuses on the protection of personal data and privacy rights, to facilitate broader data sharing and use.
The privact ecosystem provides the infrastructure that connected services and products need to easily comply with both EU Data Act and GDPR, as well as similar regulations around the world (e.g. California Consumer Privacy Act, California Privacy Rights Act, Brazil General Data Protection Law, Australian Privacy Act).