Please click here to read the details.
Data protection legislation develops very intensively, and the speed of such developments is increasing every year, as personal data becomes more important with the spread of digital technologies.
One of the latest developments was published by the European Commission, on 23 February 2022: a proposal for a Regulation on Harmonised Rules on Fair Access to and Use of Data (“Data Act”). Please note, that is not a law yet, so some of its clauses may be changed in the future.
In short, the Data Act will make a bigger amount of data available for use. It tries to set up new rules on the subjects who can gain access and use data, defines what data may be used and for which purposes across all economic sectors in the EU.
The proposal for the Data Act includes the following main points:
- Allow users to get access to their data which is often exclusively harvested by the manufacturers. Example: your laptop was broken and only the manufacturer can access the data, so only the manufacturer is able to repair it. After the Data Act, users may request the data to be shared with the other repair service, which can make the cost or repairs lower for the user.
- Rebalancing of negotiation powers for small and medium-sized enterprises to prevent imbalances and abuse in data sharing contracts. Therefore, a stronger negotiating side will not be able to use its position to abuse and force to accept unfair contractual clauses. Moreover, the European Commission will develop model contractual clauses in order to make negotiations fairer and easier.
- In case of any public emergencies, such as war, floods, wildfires, etc., public sector bodies may get access to the data possessed by private sector bodies to respond fast and effectively to such emergencies while minimizing the burden on businesses.
- Allow users to switch between different cloud services which process data and put additional safeguards against unlawful data transfers.
Which companies does it touch?
The Draft Data Act stipulates in Article 1(2) that it applies to:
- manufacturers of products and suppliers of related services placed on the market in the EU and the users of such products or services;
- data holders that make data available to data recipients in the EU;
- data recipients in the EU to whom data are made available;
- public sector bodies and EU institutions, agencies, or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide the data in response to such request; and
- providers of data processing services offering such services to customers in the EU.
As a result, Data Act expects consumers and businesses to be able to have access to the data of their device and use it for aftermarket and value-added services, therefore making such businesses freer in making better and affordable decisions while having more information on the products they use. At the same time, industrial bodies having more data available will be able to benefit from a competitive data market, providing more personalized and developed services.
However, this act raises important concerns. With the wide ambition of the initiative, which tries to create a one-size fits all sectors approach for data sharing may lead to some unexpected consequences in the particular sectors which require a special regime. Also, it is important to keep up to the GDPR and intellectual property rights, as it also may result in some problems in future with regard to machine-generated data.
The Commission proposal will now be debated in the EU Parliament and Council and can be expected to enter into force by mid-2024.; therefore, it is the only option to wait and track any updates, implementing new practices when the rules become applicable. In any case, you may address your concerns to us and Legal IT Group will be happy to help you with it as your Data Protection Officer☺
Reminder: to make a donation please click here.