Data Act: Council adopts new law on fair access to and use of data

To make the EU a leader in our data-driven society, the Council of the EU on 27 November 2023 adopted a new Regulation on harmonised rules on fair access to and use of data (Data Act). The data act puts obligations on manufacturers and service providers to let their users, be they companies or individuals, access and reuse the data generated by the use of their products or services, from coffee machines to wind turbines. It also allows users to share that data with third parties – for example, car owners could choose in the future to share certain vehicle data with a mechanic or their insurance company.

Main objectives of the law

The regulation sets up new rules on who can access and use data generated in the EU across all economic sectors. It aims to:

  • ensure fairness in the allocation of value from data among actors in the digital Environment
     
  • stimulate a competitive data market
     
  • open opportunities for data-driven innovation, and
     
  • make data more accessible to all

 

The new law also aims to ease the switching between providers of data processing services, puts in place safeguards against unlawful data transfer and provides for the development of interoperability standards for data to be reused between sectors.

The data act will give both individuals and businesses more control over their data through a reinforced portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices. The new law will empower consumers and companies by giving them a say on what can be done with the data generated by their connected products.

José Luis Escrivá, Spanish minister of digital transformation: “Today’s adoption will be a catalyst for a Europe fit for the digital age. The new law will unlock a huge economic potential and significantly contribute to a European internal market for data. Data trading and the overarching use of data will be boosted, and new market opportunities will open to the benefit of our citizens and businesses across Europe.”


Main elements of the new regulation

Scope of the legislation

The new regulation will allow users of connected devices, ranging from smart household appliances to intelligent industrial machines, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.

Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products instead of the products themselves. It introduces the distinction between ‘product data’ and ‘related service data’, from which readily available data can be shared.

Trade secrets and dispute settlement

The new law ensures an adequte level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour. While fostering the sharing of data, the new regulation aims at supporting the EU industry while providing safeguards for exceptional circumstances and dispute settlement mechanisms.

Data sharing and compensation

The new law contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position. These measures will protect EU companies from unfair agreements and give SMEs more room for manoeuvre. Moreover, the text of the regulation provides additional guidance by the Commission regarding the reasonable compensation of businesses for making the data available.

The regulation provides the means for public sector bodies, the Commission, the European Central Bank and EU bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.

When it comes to such requests to access data in the ‘business to government’ context, the new regulation provides that personal data will only be shared in exceptional circumstances, such as a natural disaster, a pandemic, a terror attack, and if the data required is not otherwise accessible. Micro and small-sized enterprises will also contribute their data in such cases and will be compensated.

Benefits for consumers

The new law will allow consumers to move easily from one cloud provider to another. Safeguards against unlawful data transfers have been also introduced, as have interoperability standards for data sharing and processing. Finally, the expectation from the new law is that it could make after-sale service of certain devices cheaper and more efficient.

Governance model

The new regulation preserves member states’ flexibility to organise the implementation and enforcement tasks at national level. The coordinating authority, in those member states where such coordination role will be required, will act as a single point of contact and be labelled as ‘data coordinator’.

Next steps

Following today’s formal adoption by the Council, the new regulation will be published in the EU’s official journal in the coming weeks and will enter into force the twentieth day after this publication. It shall apply from 20 months from the date of its entry into force. However, article 3, paragraph 1 (requirements for simplified access to data for new products), shall apply to connected products and the services related to them placed on the market after 32 months from the date of entry into force of the regulation.

Background

Following the data governance act adopted by the co-legislators in 2022, the data act regulation is the second main legislative initiative resulting from the Commission’s February 2020 European strategy for data, which aims to make the EU a leader in our data-driven society.

While the data governance act creates the processes and structures to facilitate data sharing by companies, individuals and the public sector, the data act clarifies who can create value from data and under which conditions. This is a key digital principle that will contribute to creating a solid and fair data-driven economy and guide the EU’s digital transformation by 2030. It will lead to new, innovative services and more competitive prices for aftermarket services and repairs of connected objects (‘Internet of Things’ / IoT).

In its conclusions of 25 March 2021, the European Council underlined the importance of digital transformation for EU’s growth, prosperity, security, and competitiveness, as well as for the well-being of our societies. In light of these ambitions and challenges, the Commission proposed on 23 February 2022 measures for a fair and innovative data economy (data act), as a follow-up to its communication of February 2020 on the European strategy for data. On 27 June 2023, the Council and the European Parliament reached a provisional agreement on this file.

 



Verlag Dr. Otto Schmidt vom 27.11.2023 16:19
Quelle: Council of the EU PR of 27 November 2023

zurück zur vorherigen Seite


Test subscription

 

Computer Law Review International

Subscribe now to CRi and secure the advantages of legal comparison for your practice: state-of-the-art approaches and solutions from other jurisdictions – every second month, six times a year.

Print (ordering option in German)

eJournal as PDF at De Gruyter