On 23 February 2022, the European Commission published its draft Data Act, i.e. a proposal for a regulation on harmonised rules on fair access to and use of data. The text is part of the European strategy for data launched by the Commission in 2020. More broadly, it is also part of one of the six priorities of the Commission (adapting Europe to the digital age), while contributing fully to the digital objectives developed by the Commission as part of its Europe’s Digital Decade.
Data regulation is essential, both from an economic point of view (the European Union wants to have a competitive digital market) and from the point of view of citizens protection (this digital market cannot develop to the detriment of a strong and appropriate protection for citizens). This explains the proliferation of legislative initiatives from the Commission, both in terms of data (data act, data governance act (see here our previous blog on the DGA)) and more broadly in terms of digital (digital services act, digital market act, artificial intelligence act, etc.).
The data act “aims to maximise the value of data in the economy by ensuring that a wider range of stakeholders gain control over their data and that more data is available for innovative use, while preserving incentives to invest in data generation”. The text complements the DGA, the latter having objective to facilitate the sharing of data between sectors and between Member States.
In short, what is the content of the draft data act?
- It is interesting to state that the definition of “data” is the same as in the DGA: data “means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording”.
- The text proposes a framework to allow users of connected devices to gain access to data generated by those devices and share them to provide aftermarket or other data-driven innovative services (see Chapter II of the draft, “Business to Consumer and Business to Business Data Sharing”).
- It also indicates the conditions of the legal obligations (and their compensation) for data holders to make data available (see Chapter III of the draft, “Obligations for data holders legally obliged to make data available”).
- The draft strengthens the protection of SMEs, in particular in the face of parties with a significantly stronger bargaining position (see Chapter IV of the draft, “Unfair terms related to data access and use between enterprises”).
- It creates a framework for public sector bodies to access and use private sector data in particular to address exceptional circumstances (see Chapter V of the draft, “Making data available to public sector bodies and Union institutions, agencies or bodies based on exceptional need”).
- It gives customers the possibility to switch more easily to cloud data processing services providers and puts in place safeguards against unlawful data transfers (see Chapter VI of the draft, “Switching between data processing services”).
- It provides for adaptations to the Database Directive, in particular with regard to data from internet devices and objects (see Chapter X of the draft, “Sui generis right under Directive 1996/9/EC”).
Now that the proposal has been published, the text must go through the European legislative process. We will not fail to follow the next important steps that will lead to the final adoption of the data act.
This article was co-authored by Edouard Cruysmans in his capacity of Professional Support Lawyer at Stibbe.