Personal Data Is Becoming Product Infrastructure
Connected products already create useful personal data. The hard part is turning legal access into something people can actually use.
Why this matters
Your devices already know useful things about your life.
A watch knows something about your sleep. A car knows something about how it is driven. A smart appliance may know when it is used, how often it fails, or what condition it is in. Industrial machines know even more.
The strange part is that the person or business generating that data often cannot do much with it outside the product that captured it.
The data exists, but it is not really theirs in any practical sense. It sits behind an app, a dashboard, a vendor portal, or a file export that only a lawyer could love.
That is why the EU Data Act is interesting. Not because regulation magically makes personal data useful. It does not. But it does push a very practical idea into the product conversation: connected-device data should be accessible, usable, and shareable by the user.
Worked example
The European Commission says the Data Act started applying in the EU on September 12, 2025. Its own summary frames the law around user control over data from connected devices like smartwatches and cars. It says consumers and business users should be able to access, use, and share raw data generated by connected devices, and that connected devices on the EU market should be designed to allow data sharing.
That phrase matters: designed to allow data sharing.
Because this is where the issue stops being only legal and starts becoming product work.
There is a big difference between a compliance export and usable data.
| Version | What it technically provides | What the user actually needs |
|---|---|---|
| Compliance export | A downloadable file | Something understandable |
| Data access | Permission to retrieve data | A workflow that makes it useful |
| Data portability | Movement between systems | Meaning preserved during the move |
| Product-grade data | Structured context | New services the user can actually trust |
A raw export is a start. But anyone who has opened a mysterious CSV, JSON dump, or ZIP archive knows the feeling. You technically have the data. You do not necessarily have a product.
It is like being handed the parts of a bicycle in a cardboard box and being told you now have transport.
Limitations / not a fit
The mistake would be treating the Data Act as the whole story.
Regulation can create access. It can create obligations. It can force a product conversation that companies may otherwise avoid. But regulation does not automatically create the interface, the interpretation layer, the privacy boundary, or the downstream tool that lets a person use their data well.
That is the real opportunity for personal AI and personal-data products.
If a user can bring device data, chat history, health context, financial history, or work patterns into a private tool they control, the data stops being exhaust. It becomes working material. Not a commodity for someone else to package, but context the person can actually use.
Personal data is becoming product infrastructure. The open question is whether that infrastructure will be built around the person who generated it, or around the platforms that captured it first.
Sources
- European Commission: EU Data Act gives users control over data from connected devices
- EUR-Lex: Regulation (EU) 2023/2854, the Data Act