Data Act - The Council on the way to finalise its common position and European Parliament to adopt its report in plenary

Timeline is accelerating on the Data Act and both institutions are quite confident that they are going to strike a deal before the end of the Swedish Presidency which ends on 30 June 2023.


At the Council level, the new compromise on the draft Data Act further refines the protection of trade secrets and clarifies the relationship with data protection rules and the application of the cloud-switching provisions. The Swedish presidency wants to discuss the sixth compromise text on the Data Act on 14 March at the Telecom Working Party, with a view to formally land it on the Committee of Permanent Representatives (COREPER) table on 22 March.


The Data Act introduces the principle that users of connected devices should have the right to access and share the data they contribute to generating. However, which type of data should be covered by these data-sharing obligations has been a contested topic.


The controversy lies in that data might contain commercially sensitive or trade secrets related to how the organisation controlling the data, the data holder, processes it to obtain insights and other information. With this in mind, the Swedish presidency of the Council proposed cutting out of the scope all data processed via systems subject to Intellectual Property rights or specific know-how of the data holder. In the sixth compromise, the presidency also introduced the possibility for data holders to refuse to share data under exceptional circumstances. That is, if they can demonstrate it will be highly likely to cause them severe damage despite the possible safeguards the receivers might put in place.


Another critical aspect of the discussion concerned the relationship between the Data Act and the General Data Protection Regulation (GDPR). New wording clarifies that whenever users obtain data that is not theirs, the Data Act does not provide the legal basis for processing it. The data holders would have to ensure their sharing of personal data complies with EU data protection rules, including by anonymizing personal data or only transferring personal data related to the user.


The Data Act also empowers public bodies to request access to data held by private companies under exceptional circumstances. Notably, to respond to or mitigate a public emergency or if the public authority needs the data for a task in the public interest and cannot get it otherwise.


At Parliament level, the vote in the plenary is scheduled to take place on March 14 and no further amendments are forecast, it will be a direct vote confirming the compromises already struck by different European Parliament committees.


The intent is to quickly launch interinstitutional negotiations between the Council and the European Parliament after they both adopt their formal positions.


Write a comment

Comments: 0