INFORMATION TECHNOLOGY
Data Act: Council adopts new law on fair access to and use of data.
To make the EU a leader in our data-driven society, the Council adopted a new Regulation on harmonised rules on fair access to and use of data (Data Act).
Today’s adoption will be a catalyst for a Europe fit for the digital age. The new law will unlock a huge economic potential and significantly contribute to a European internal market for data. Data trading and the overarching use of data will be boosted, and new market opportunities will open to the benefit of our citizens and businesses across Europe.
The data act puts obligations on manufacturers and service providers to let their users, be they companies or individuals, access and reuse the data generated by the use of their products or services, from coffee machines to wind turbines. It also allows users to share that data with third parties – for example, car owners could choose in the future to share certain vehicle data with a mechanic or their insurance company.
Main objectives of the law
The regulation sets up new rules on who can access and use data generated in the EU across all economic sectors. It aims to:
- ensure fairness in the allocation of value from data among actors in the digital environment
- stimulate a competitive data market
- open opportunities for data-driven innovation, and
- make data more accessible to all
The new law also aims to ease the switching between providers of data processing services, puts in place safeguards against unlawful data transfer and provides for the development of interoperability standards for data to be reused between sectors.
The data act will give both individuals and businesses more control over their data through a reinforced portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices. The new law will empower consumers and companies by giving them a say on what can be done with the data generated by their connected products.
Main elements of the new regulation
Scope of the legislation
The new regulation will allow users of connected devices, ranging from smart household appliances to intelligent industrial machines, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.
Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products instead of the products themselves. It introduces the distinction between ‘product data’ and ‘related service data’, from which readily available data can be shared.
Trade secrets and dispute settlement
The new law ensures an adequte level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour. While fostering the sharing of data, the new regulation aims at supporting the EU industry while providing safeguards for exceptional circumstances and dispute settlement mechanisms.
Data sharing and compensation
The new law contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position. These measures will protect EU companies from unfair agreements and give SMEs more room for manoeuvre. Moreover, the text of the regulation provides additional guidance by the Commission regarding the reasonable compensation of businesses for making the data available.
The regulation provides the means for public sector bodies, the Commission, the European Central Bank and EU bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.
When it comes to such requests to access data in the ‘business to government’ context, the new regulation provides that personal data will only be shared in exceptional circumstances, such as a natural disaster, a pandemic, a terror attack, and if the data required is not otherwise accessible. Micro and small-sized enterprises will also contribute their data in such cases and will be compensated.
Benefits for consumers
The new law will allow consumers to move easily from one cloud provider to another. Safeguards against unlawful data transfers have been also introduced, as have interoperability standards for data sharing and processing. Finally, the expectation from the new law is that it could make after-sale service of certain devices cheaper and more efficient.
Governance model
The new regulation preserves member states’ flexibility to organise the implementation and enforcement tasks at national level. The coordinating authority, in those member states where such coordination role will be required, will act as a single point of contact and be labelled as ‘data coordinator’.
Next steps
Following today’s formal adoption by the Council, the new regulation will be published in the EU’s official journal in the coming weeks and will enter into force the twentieth day after this publication. It shall apply from 20 months from the date of its entry into force. However, article 3, paragraph 1 (requirements for simplified access to data for new products), shall apply to connected products and the services related to them placed on the market after 32 months from the date of entry into force of the regulation.
Today’s adoption will be a catalyst for a Europe fit for the digital age. The new law will unlock a huge economic potential and significantly contribute to a European internal market for data. Data trading and the overarching use of data will be boosted, and new market opportunities will open to the benefit of our citizens and businesses across Europe.
The data act puts obligations on manufacturers and service providers to let their users, be they companies or individuals, access and reuse the data generated by the use of their products or services, from coffee machines to wind turbines. It also allows users to share that data with third parties – for example, car owners could choose in the future to share certain vehicle data with a mechanic or their insurance company.
Main objectives of the law
The regulation sets up new rules on who can access and use data generated in the EU across all economic sectors. It aims to:
- ensure fairness in the allocation of value from data among actors in the digital environment
- stimulate a competitive data market
- open opportunities for data-driven innovation, and
- make data more accessible to all
The new law also aims to ease the switching between providers of data processing services, puts in place safeguards against unlawful data transfer and provides for the development of interoperability standards for data to be reused between sectors.
The data act will give both individuals and businesses more control over their data through a reinforced portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices. The new law will empower consumers and companies by giving them a say on what can be done with the data generated by their connected products.
Main elements of the new regulation
Scope of the legislation
The new regulation will allow users of connected devices, ranging from smart household appliances to intelligent industrial machines, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.
Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products instead of the products themselves. It introduces the distinction between ‘product data’ and ‘related service data’, from which readily available data can be shared.
Trade secrets and dispute settlement
The new law ensures an adequte level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour. While fostering the sharing of data, the new regulation aims at supporting the EU industry while providing safeguards for exceptional circumstances and dispute settlement mechanisms.
Data sharing and compensation
The new law contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position. These measures will protect EU companies from unfair agreements and give SMEs more room for manoeuvre. Moreover, the text of the regulation provides additional guidance by the Commission regarding the reasonable compensation of businesses for making the data available.
The regulation provides the means for public sector bodies, the Commission, the European Central Bank and EU bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.
When it comes to such requests to access data in the ‘business to government’ context, the new regulation provides that personal data will only be shared in exceptional circumstances, such as a natural disaster, a pandemic, a terror attack, and if the data required is not otherwise accessible. Micro and small-sized enterprises will also contribute their data in such cases and will be compensated.
Benefits for consumers
The new law will allow consumers to move easily from one cloud provider to another. Safeguards against unlawful data transfers have been also introduced, as have interoperability standards for data sharing and processing. Finally, the expectation from the new law is that it could make after-sale service of certain devices cheaper and more efficient.
Governance model
The new regulation preserves member states’ flexibility to organise the implementation and enforcement tasks at national level. The coordinating authority, in those member states where such coordination role will be required, will act as a single point of contact and be labelled as ‘data coordinator’.
Next steps
Following today’s formal adoption by the Council, the new regulation will be published in the EU’s official journal in the coming weeks and will enter into force the twentieth day after this publication. It shall apply from 20 months from the date of its entry into force. However, article 3, paragraph 1 (requirements for simplified access to data for new products), shall apply to connected products and the services related to them placed on the market after 32 months from the date of entry into force of the regulation.
