15 March 2022

The Proposal for a Regulation on harmonised rules on fair access to and use of data (the “Data Act”) unveiled by the Commission on February 23rd, 2022, aims to maximise the value of data in the economy by promoting fair data exchange in the EU.

Scope and consistency with existing regulatory framework:

  • As a horizontal proposal, the Data Act envisages basic rules for all sectors, and applies to manufacturers of products and suppliers of related services placed on the market in the Union, as well as the users of such products or services.
  • It is consistent with existing rules on the processing of personal data (including GDPR and ePrivacy Directive) and complements the recently adopted Data Governance Act, which aims to facilitate the voluntary sharing of data as well as the proposal for a Digital Markets Act, which will require ‘gatekeepers’ to provide more effective portability of data generated through business and end users’ activities.

Key points of the Data Act:

  • Transparency and right of access for consumers and businesses to data generated by the products or related services they own, rent or lease:
  • Manufacturers and designers will have to design the products to make the data easily accessible “by default”, and to be transparent on what data will be accessible and how to access them.
  • Users can request and authorise the data holder to make such data available to third parties. Data must be made available under fair and non-discriminatory conditions, and any compensation will have to be reasonable.
  • The sui generis right established in Directive 96/9/CE does not apply to databases containing data obtained from or generated by the use of a product or related service.
  • Creation of an “unfairness test” to assess imbalances of power in contractual agreements on data access. The Commission will issue standard contractual terms based on fair terms.
  • Obligation to make data available in case of public emergencies or where public sector bodies have an exceptional need to use certain data that cannot be obtained on the market.
  • Interoperability requirements imposed on cloud providers and other data processing services of contractual, commercial and technical nature to enable switching between services, and essential requirements on interoperability for smart contracts.
  • Creation of specific safeguards against unlawful third-party access to non-personal data held in the Union by data processing services offered on the Union market. Providers will have to take all reasonable technical, legal and organisational measures to prevent such access.

Enforcement and penalties:

  • Competent authorities shall be designated in each Member State to foresee the implementation and enforcement of the Data Act. Member States are responsible for laying down the rules on penalties applicable to infringements of the Data Act.
  • The Data Act allows the Commission to adopt delegated acts to introduce a monitoring mechanism on switching of service imposed on providers and to further specify the essential requirements regarding interoperability.

Next steps:

  • The Data Act is open for feedback until May 10th, 2022, all feedback received will be summarised by the Commission and presented to the Parliament and Council of the European Union with the aim of feeding into the legislative debate.
  • The proposal will then be examined by the Council of the European Union according to the ordinary legislative procedure. Once the Council reaches an agreement, the Data Act will be debated before the Parliament.