Yesterday, the Council of the EU ratified the agreement in trialogue on the proposal for a regulation on harmonised rules on access to and fair use of data (Data Act).
The regulation sets up new rules on who can access and use data generated in the EU across all economic sectors. It aims to:
- ensure fairness in the allocation of value from data among actors in the digital environment
- stimulate a competitive data market
- open opportunities for data-driven innovation,
- make data more accessible to all
Main elements of the new regulation
Scope of the legislation
- The new regulation will allow users of connected devices, ranging from smart household appliances to intelligent industrial machines, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.
- Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products instead of the products themselves. It introduces the distinction between ‘product data’ and ‘related service data’, from which readily available data can be shared.
Trade secrets and dispute settlement
- The new law ensures an adequate level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour. While fostering the sharing of data, the new regulation aims at supporting the EU industry while providing safeguards for exceptional circumstances and dispute settlement mechanisms.
Data sharing and compensation
- The new law contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position. These measures will protect EU companies from unfair agreements and give SMEs more room for manoeuvre. Moreover, the text of the regulation provides additional guidance by the Commission regarding the reasonable compensation of businesses for making the data available.
- The regulation provides the means for public sector bodies, the Commission, the European Central Bank and EU bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.
- When it comes to such requests to access data in the ‘business to government’ context, the new regulation provides that personal data will only be shared in exceptional circumstances, such as a natural disaster, a pandemic, a terror attack, and if the data required is not otherwise accessible. Micro and small-sized enterprises will also contribute their data in such cases and will be compensated.
Benefits for consumers
- The new law will allow consumers to move easily from one cloud provider to another. Safeguards against unlawful data transfers have been also introduced, as have interoperability standards for data sharing and processing. Finally, the expectation from the new law is that it could make after-sale service of certain devices cheaper and more efficient.
- The new regulation preserves member states’ flexibility to organise the implementation and enforcement tasks at national level. The coordinating authority, in those member states where such coordination role will be required, will act as a single point of contact and be labelled as ‘data coordinator’.
As regards as next steps, the regulation will be published in the Official journal of the EU and will enter into force the twentieth day after this publication. It shall apply from 20 months from the date of its entry into force. However, article 3, paragraph 1 (requirements for simplified access to data for new products), shall apply to connected products and the services related to them placed on the market after 32 months from the date of entry into force of the regulation.
The text is available here.