EU data legislation: the Data Act will enhance access to data

Flash
16 September 2022

On 23 February 2022, the Commission proposed the Data Act, which aims to unlock the potential of unused data. As part of the European strategy for data, the Data Act seeks to create a framework that determines who can access what data. On 12 July 2022, the Czech Presidency of the EU Council presented a first compromise text. Thanks to this new piece of upcoming legislation, small and medium-sized enterprises (SMEs) will have a tool to gain access to datasets allowing them to create innovative products and services.

Focus on opening up connected data

The main focus of the Data Act is on data generated by connected products and services (e.g. Internet of Things devices). It lays down harmonised rules on making data generated or collected by using a product or related service available to the user of that product or service. The Data Act will boost aftermarket services and other data-driven services (think, for example, of data in the fields of health, mobility and transport, finance, software or agriculture). This is because it opens up the opportunity for data users to access their data or to delegate access to a third party. This will give consumers and companies greater control over the use of the data they generate, enhance their active participation in the digital economy, and allow them to benefit from a competitive data market. Thus, the Data Act paves the way for further innovation by making data available.

Data-sharing obligations

  1. The Data Act will advance business-to-consumer (B2C) and business-to-business (B2B) data sharing and aims to create a kind of open data regime outside the public sector. To achieve this, it will oblige businesses to make data generated by connected products and services accessible. As such, consumers will not only have access to the data they generate, but they can also request to share that data with other businesses. Since data should be easily accessible by default, companies will have to reflect on how they will implement these new requirements.
  2. The Data Act will introduce a specific protection regime for SMEs. This will be against unfair contractual terms in data-sharing contracts imposed by a party with a stronger bargaining position, similar to the B2B legislation already existing in Belgium.
  3. The Data Act will also have an impact in the public sector. In cases of exceptional need, public entities can require companies to make certain data available. Such exceptional need can exist when the data is needed to respond to a public emergency or to prevent or assist in recovery from a public emergency.
  4. Lastly, the Data Act will introduce rules for interoperability, cloud switching and smart contracts.

Additional regime alongside the GDPR, the DGA and sector-specific rules

The Data Act will complement the GDPR and the Data Governance Act (DGA – read our contribution on the DGA here).While the DGA creates the framework, processes and structures to facilitate data sharing (“how”), the Data Act focuses on who can access and use data and under which conditions (“who”).

Just like the DGA and the GDPR, the Data Act is not limited to a specific sector but sets common rules on data use and access across all economic sectors. Sector-specific rules in the nine areas where the Commission will establish common European data spaces (for manufacturing, Green Deal, mobility, health, finance, energy, agriculture, public administration and skills) will accompany the Data Act. The proposal on the European Health Data Space is the first such proposal of sector-specific rules. This means that entities active in the health industry will have to abide by the Data Act in relation to user-generated health data. Yet, at the same time, they will have to consider the European Health Data Space, which provides specific rules for the health sector.

Both the proposal and the compromise text will now be further discussed in the European Parliament and in the Council.