On November 9th, the European Parliament adopted the Data Act. The Data Act aims to remove conflicting economic incentives and technological barriers to promote data-driven innovation. This blog covers the key topics from the Data Act.
The Data Act aims to promote a fair, competitive and innovative digital economy in the European Union. The European legislator considers data as a central part of the digital economy and an essential resource for the green and digital transition. Smart devices (Internet of Things) generate data on a large scale. However, the problem is that 80% of that generated data is not used, or is owned by large (tech) companies. The Data Act aims to regulate access to and use of data by all kinds of market players. The European legislator also wants smaller companies to have better access to generated data so that they can compete. As a horizontal proposal, the Data Act provides basic rules for all sectors.
The Data Regulation is part of the broader European data strategy. This is a European initiative that aims to make Europe a leading player with a data-driven society by investing in technologies and infrastructures, promoting data skills of citizens, and creating a regulatory framework that supports and promotes data sharing.
Access to data
The Data Act aims to improve access to data generated by connected products and related services for both consumers and businesses (the users). Today, this access is often reserved exclusively for the manufacturer (the data holder). With the advent of the Data Act, for example, an agricultural company using smart agricultural machinery that collects all kinds of data on soil conditions can obtain and use this data to analyse and optimise its processes.
The regulation requires users of connected products or related services to be given clear information about what happens to their data. In addition, the regulation provides options that allow users to control how their data is used.
For instance, the regulation requires facilitating access to data already in the design process of a connected product. Products must be manufactured in such a way that the data generated by them are, by default, easily and – wherever possible – directly accessible to the user. Also, before a purchase is made, the data holder should inform the user of the product about the data that will be generated. For instance, with regard to the type of data, where the data will be stored and how the user can access his data free of charge.
If the user does not have direct access to the data generated via the connected product, the data holder shall, at the user’s request, make available all data accessed without delay and free of charge.
The Data Act encourages data sharing between companies and industry sectors to stimulate innovation. For example, a car manufacturer collects data on the use of its vehicles. The Data Act states that maintenance companies should be able to access this data to provide better maintenance.
The Data Act gives the user of a connected product or related service the right to share data with a third party (the data recipient). At the user’s request, the data holder must make the generated data available to the third party in a convenient and secure manner. This includes the related metadata needed to interpret the data.
Data holders should make data available under fair, reasonable, non-discriminatory and transparent conditions. The Data Act contains rules to prevent abusive contractual imbalances in data sharing agreements. In this context, the regulation cites examples of unfair contractual terms unilaterally imposed on a company. These unfair terms concern access to and use of data, or liability and remedies in case of breach or termination of data-related obligations. Under the regulation, such terms are not binding.
The Data Act promotes data interoperability and portability to make it easier to combine and use data from different sources. A company using different cloud storage services can transfer and integrate its data between these services more easily with the help of the Data Act.
The Data Act contains rules on standardising formats and protocols so that different products and services can work together seamlessly and exchange data.
Finally, the Data Act addresses the question of whether databases containing data generated or obtained through the use of connected products or related services are protected by the sui generis right under the Database Directive. The answer to that question is no. The European legislator does not want to impede users’ right to access and use of this data, but the regulation leaves some room for discussion. It is still unclear whether databases containing any machine-generated data are excluded from protection, or only databases consisting purely of machine-generated data.
The Data Act will enter into force 20 days after its publication in the Official Journal of the European Union. The regulation will actually apply 20 months later. This is expected to be in Q3 or Q4 of 2025. This seems far away, but it is wise to already make the necessary preparations to be compliant with the regulation.
Want to know more about the impact of the Data Act on your organisation? If so, please contact Marieke Jacobs.