The European Parliament (EP) has backed new rules for access to, and use of, data generated in the EU across economic sectors making a few amendments to the European Commission (EC) proposal. The proposed EU Data Act establishes harmonised rules for the sharing of data generated by the use of connected products or related services (e.g. the internet of things). It aims to remove barriers to access data, for both private and public sector bodies, while preserving incentives to invest in data generation.
When the EC proposed the Act last year, it said that the Act “will ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all” and “lead to new, innovative services and more competitive prices for aftermarket services and repairs of connected objects.”
In its current form, the proposed Act covers both personal and non-personal data and includes:
- measures to allow users of connected devices to gain access to data generated by them and share such data with third parties to provide aftermarket or other data-driven innovative services (like predictive maintenance);
- measures to rebalance negotiation power for enterprises in relation to data sharing contracts, including measures to protect them from unfair contractual terms imposed by a party with a significantly stronger bargaining position;
- rules to facilitate switching between providers of cloud services and other data processing services;
- safeguards against unlawful international non-personal data transfer; and
- provisions for the development of interoperability standards and common specifications for data to be transferred and used.
The proposed Act also contains rules on compensation for making data available and provisions to protect trade secrets. The Act is designed to complement, and is without prejudice to, EU law on data protection and privacy (the EU General Data Protection Regulation (GDPR) and Directive on privacy and electronic communications). It is part of a data package which includes the Data Governance Act and also complements the Digital Markets Act (DMA), which entered into force in November last year. The DMA will require certain providers of core platform services identified as ‘gatekeepers’ to provide, inter alia, more effective portability of data generated through business and end users’ activities.
The EP will now start negotiations with the Council, who decided its own common position on 24 March, on the final shape of the law (under the ordinary legislative procedure). These negotiations may result in further changes to the proposed Act. Once formally adopted and in force, the Act is, however, likely to have a significant impact on data companies and the digital economy. It will also be interesting to see how its provisions will interact with, for example, gatekeepers' obligations under the DMA and data portability provisions under the GDPR.