The Data Act, officially known as the “Regulation on harmonized rules on fair access to and use of data”, entered into force on January 11th, 2024. While some of the rules will apply 32 or 44 months after enactment, most rules of the Data Act will apply 20 months thereafter, i.e. starting from September 11th, 2025.
Building upon the foundation laid by the Data Governance Act, which became applicable in September 2023, the Data Act complements it by providing clarity on the utilization of data and the conditions under which value can be derived from it. While the Data Governance Act focuses on facilitating voluntary data sharing, the Data Act emphasizes fair access and usage rights, while also safeguarding personal data.
The Data Act’s primary objective is to ensure a fair distribution of the value derived from data within the European data economy. It achieves this by establishing transparent and equitable rules governing data access and usage. This is particularly relevant in the context of the growing Internet of Things (“IoT”) landscape, where connected products generate vast amounts of data. In order to achieve such purposes, IoT devices shall have to be designed and manufactured in a manner that empowers users, whether businesses or consumers, to securely and easily access, use, and share the data generated by these devices.
The new rules will affect, inter alia:
- manufacturers of connected products (e.g. connected cars, smart-home devices, medical devices);
- users of connected devices;
- data holders (i.e. natural or legal persons entitled or obligated to make data available);
- data recipients (i.e. natural or legal persons to whom data holders make data available);
- public sector bodies of EU member states or institutions, agencies or bodies of the EU that request data holders to make data available in case of exceptional needs (e.g., public emergencies);
- providers of data processing services (in particular cloud-services) to customers in the EU.
The Data Act addresses issues related to contractual imbalances that impede equitable data sharing and enables public sector bodies to access and use data held by the private sector for specific public interest purposes. It also facilitates efficient data interoperability and provides a framework for customers to switch between different data-processing service providers, thereby unlocking the EU cloud market.
Specifically, the Data Act:
- imposes specific contractual obligations for agreements regarding the sharing of data;
- establishes a regulatory framework for public entities’ access to and use of data;
- grants customers rights and imposes obligations on data processing service providers, such as cloud service providers, allowing customers to switch to alternative service providers seamlessly;
- introduces measures to prevent unauthorized access to non-personal data by third parties, including the implementation of technical safeguards;
- sets the stage for the development of interoperability standards to facilitate data access across different systems.
In practice, the Data Act promotes innovation and job creation by enabling the EU to capitalize on data-driven advancements. It fosters a competitive and dynamic digital ecosystem by empowering individuals and businesses to access and utilize data effectively.
Overall, the Data Act represents a significant milestone in establishing a robust framework for data governance within the EU. Its entry into force marks a crucial step towards realizing the full potential of data, while ensuring fairness, transparency, and protection of personal data.