The Council of the European Union adopted the Data Act on 27 Nov. According to the press release, the Act is to promote fairness in the allocation of value derived from data utilization within the digital economy and facilitate smoother transitions between data processing providers. The Act also bolsters safeguards against illicit data processing and strives to elevate standards of interoperability for seamless data utilization across different economic sectors. Here are some highlights:
“Data trading and the overarching use of data will be boosted, and new market opportunities will open to the benefit of our citizens and businesses across Europe.”
José Luis Escrivá, Spanish minister of digital transformation
“The Data Act puts obligations on manufacturers and service providers to let their users, be they companies or individuals, access and reuse the data generated by the use of their products or services, from coffee machines to wind turbines. It also allows users to share that data with third parties – for example, car owners could choose in the future to share certain vehicle data with a mechanic or their insurance company.”
The Data Act imposes responsibilities on both manufacturers and service providers. Specifically, it mandates that these entities must allow their users—whether those users are companies or individuals—to access and reuse the data that is generated through the utilization of the products or services offered by these manufacturers or service providers. In other words, the Act grants users the right to retrieve and repurpose the data that is created as a result of using a particular product or service.
Data Ownership and Access: The regulation addresses the issue of data ownership, allowing users to access data that is typically collected exclusively by manufacturers and service providers. Users of connected devices, such as smart household appliances and industrial machines, will have the right to access data generated by the use of these devices.
Product Data vs. Service Data: The law emphasizes the functionalities of data collected by connected products rather than the products themselves.
It introduces a distinction between ‘product data’ and ‘related service data’: Example: In a smart refrigerator, ‘product data’ might include information about the refrigerator’s temperature and energy usage, while ‘related service data’ could include data about the frequency of food restocking or usage patterns.
Data Sharing and Compensation: To prevent unfair contractual terms in data-sharing contracts, the regulation addresses contractual imbalances, especially when a party has a significantly stronger bargaining position. This protects EU companies from unfair agreements and gives smaller businesses more negotiating power.
Example: If a large tech company wants to access data from a smaller supplier, the regulation prevents the imposition of unfair terms and ensures reasonable compensation for the smaller business.
Consumers’ Side: The new law facilitates consumers’ ability to switch between cloud service providers easily. It introduces safeguards against unlawful data transfers and sets standards for interoperability in data sharing and processing. Additionally, the regulation is expected to make after-sale services for certain devices more affordable and efficient.
Data Coordinator: The regulation maintains flexibility for member states to organize the implementation and enforcement tasks nationally. In cases where coordination is necessary, a designated ‘data coordinator’ will act as a single point of contact.
Example: Each member state can tailor how it implements the regulation, but where coordination is required, the ‘data coordinator’ will streamline communication and enforcement efforts.
Safeguards: There are safeguards in place to prevent abusive behavior in the sharing of data. The regulation ensures an adequate level of protection for trade secrets and intellectual property rights.
Exceptional Circumstances: Safeguards are provided for exceptional circumstances where certain data may need to be restricted or protected.Mechanisms are established for settling disputes related to data sharing and usage.
In conclusion, the Data Act marks a significant stride towards data empowerment, establishing clear directives that confer users, whether they be individuals or companies, with the essential rights to access and reuse data generated through the use of products or services offered by manufacturers and service providers. This legislative initiative not only fosters a more equitable distribution of data-related benefits but also sets the stage for increased transparency and user control in the ever-evolving landscape of the digital economy. As manufacturers and service providers navigate these obligations, the Act reflects a nuanced approach to data governance, seeking to strike a balance that aligns with the principles of fairness, privacy, and innovation.