DATA ACT: The New EU Data Use Regulation

The need to rebalance access and use of data between businesses and consumers.

On 23 February 2022, a proposal for a regulation was presented by the European Commission on the use of data, the “Data Act”.

This Data Act complements the Data Governance Act proposed by the European Commission in November 2020 and adopted by the European Parliament in November 2021.

These texts are part of the European Strategy for data which aims to promote better data flows while maintaining high standards of protection.

As part of this strategy, the Data Governance Act provides for and puts in place the processes and structures to promote the availability of data, while the Data Act will regulate its use.

Data are defined by Article 2 of the Regulation as:

“means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording”

This definition covers both personal and non-personal data that is generated using Wi-Fi or Bluetooth connected devices (e.g., connected vehicles, connected watches for sports or daily life, TVs, etc.).

The development of connected devices is leading to an increase of this data, and the rights over its use by both manufacturers and consumers are often unclear.

Thus, the new rules of the Data Act aim to ensure fairness in the digital economy between the different actors and to promote access to and use of data.

Accordingly, the Data Act includes several key points:

• Access by users of connected devices to the data they generate immediately and free of charge, and the possibility of sharing this data with third parties in the context of the provision of after-sales services or for other services based on the use of data (except for competing products)

• Rebalancing the negotiating power of SMEs by preventing excessive contractual imbalances in data sharing contracts (including a prohibition on charges above the actual administrative cost of providing data)

• Access by public sector bodies to data held by the private sector (except for micro and small enterprises) necessary to deal with exceptional and urgent circumstances relating to, for instance, public emergency (e.g., natural disaster or terrorist attacks)

• Effective cloud switching (possibility to switch between different providers of data-processing services) and safeguards against unlawful data transfer with a similar approach to that used for personal data (RGPD)

The European Commission’s objective with these proposals is to restore the balance between businesses and consumers in access to and use of data, to promote data portability and interoperability, and to encourage data sharing in the context of public emergency.

The proposed regulation must now be approved by the Council and the European Parliament and then the national authorities of each Member State will have to implement the provisions of the future regulation.

For more information, contact the ODEON AVOCATS team.