(Source: European Commission)
Why do we need a Data Act?
Currently, the full value of data in the European economy is not being reaped due to a number of factors. Key issues include the lack of clarity regarding can use and access data data generated by connected products, the fact that SMEs are frequently not in a position to negotiate balanced data-sharing agreements with stronger market players, barriers to switching between competitive and trustworthy cloud and edge services in the EU, and the limited ability to combine data emanating from different sectors. This affects a range of economic sectors and leads to an underutilisation of data at EU level, with negative consequences for consumer choice, innovation and public service delivery.
The Data Act will remove barriers to access data, for both private and public sector bodies, while preserving incentives to invest in data generation by ensuring a balanced control over the data for its creators.
It will unlock the value of data generated by connected objects in Europe, one of the key areas for innovation in the coming decades. It will clarify who can create value from such data and under which conditions. It will ensure fairness in the allocation of data value among the actors in the data economy and in their contracts while respecting the legitimate interests of companies and individuals that invest in data products and services. The new rules will empower consumers and companies by giving them a say on what can be done with the data generated by their connected products.
What is in it for people and businesses?
When you buy a ‘traditional’ product, you acquire all parts and accessories of that product. However, when you buy a connected product (e.g. a smart home appliance or smart industrial machinery) generating data, it is often not clear who can do what with the data. Or it may be stipulated in the contract that all data generated is exclusively harvested and used by the manufacturer.
The Data Act will give both individuals and businesses more control over their data through a reinforced data portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines and devices. For example, a car or machinery owner could choose to share data generated by their use with its insurance company. Such data, aggregated from multiple users, could also help to develop or improve other digital services, e.g. regarding traffic, or areas at high risk of accidents.
It will be easier to transfer data to and between service providers and this will encourage more actors, including SMEs, to participate in the data economy.
Aftermarket service providers will be able to improve and innovate their services and compete on an equal footing with comparable services offered by manufacturers. Therefore, users of connected products (including consumers, farmers, airlines, construction companies or owners of buildings) could opt for a cheaper repair and maintenance provider (or maintain and repair themselves) and benefit from lower prices on that market. This could extend the lifespan of connected products, thereby contributing to the Green Deal objectives.
Also, availability of data about the functioning of industrial equipment will allow factories, farms or construction companies to optimise operational cycles, production lines and supply chain management, including based on machine-learning.
In precision agriculture, IoT analytics of data from connected equipment can help farmers analyse real time data like weather, temperature, moisture, or GPS signals and provide insights on how to optimise and increase yield, improve farm planning and make smarter decisions about the level of resources needed.
Increased business and manufacturing efficiency should lead to a reduction of waste, energy consumption and CO2 emissions.
What is in it for SMEs?
Freedom of contract remains the underlying principle but SMEs will now be protected against unfair contractual terms, due to the list of unilaterally imposed contractual clauses that will be deemed or presumed to be unfair. Clauses that do not pass this “unfairness test” will be not be binding on SMEs. For example, a clause stating that a company can unilaterally interpret the terms of the contract.
In furtherance of this, the Commission will develop and recommend non-binding model contractual terms. These standard clauses will help SMEs negotiate fairer and balanced data sharing contracts with companies enjoying a significantly stronger bargaining position. An independent Expert Group on B2B data sharing and cloud contracts will assist the Commission in this task.
What is in it for governments?
The Data Act aims to unlock the value of data from private companies in exceptional situations of high public interest, such as floods or wildfires. The current data access mechanisms by the public sector are inefficient or non-existent in public emergency situations. With the new rules, there will be an obligation on businesses to provide certain data, under key conditions (which businesses can enforce in case of abuse).
If the data is necessary to address a public emergency, it will be provided for free. In other situations: to prevent or recover from a public emergency, or to fulfil a public-interest mandate imposed by law — the data holder may request compensation. It should greatly improve evidence-based decision-making, in particular effective and rapid response to crises, such as floods and wildfires.
For example, during the COVID-19 pandemic, aggregated and anonymised location data from mobile network operators was essential for analysing the correlation of mobility and the spread of the virus, including informing early warning systems for new outbreaks and taking the right measures to combat the crisis.
Will the new rules touch upon cloud services?
Yes, data processing services, such as cloud and edge services provide the computing and storage capacities on which the data economy is built. They are a precondition for the innovative use of data. The Data Act will improve the conditions under which businesses and consumers can use cloud and edge services in the EU.
It will be easier to move data and applications (from private photo archives to entire business administrations) from one provider to another without incurring any costs, because of new contractual obligations that the proposal presents for cloud providers, and a new standardisation framework for data and cloud interoperability. In this respect, the Data Act will build on the strengths of the European standardisation organisations and other interested parties on the market.
In addition, the Data Act will raise trust by introducing mandatory safeguards to protect data held on cloud infrastructures in the EU. This will avoid unlawful access by non-EU/EEA governments. With these measures, the Data Act will support cloud adoption in Europe, which will in turn stimulate efficient data sharing within and across sectors.
How can the allocation of value in the data economy be improved?
The Data Act creates a fairer allocation of value by addressing situations where data is currently used exclusively only by a few actors.
In the context of connected objects, manufacturers have developed business models offering smart functions that typically generate data. In many cases, these data are currently locked in, the manufacturer can track the use of the object and offer repair and maintenance even before a problem occurs.
The Data Act will enable access to data to the users of such objects. That will spur the development of a broader range of services by third parties with whom the user accepts to share data, typically for a better price or quality of services.
Furthermore, the Data Act will protect small and medium-sized companies from certain clauses in data sharing or use contracts that would make data sharing partnerships unattractive.
A farmer wants to optimise the use of the different equipment as well as seeds and fertilizer on his farm and wants to entrust this to a farm optimisation software from a specialised vendor. The Data Act will give him the rights to obtain all relevant data.
A start-up develops an algorithm it wishes to train on the database of a large company, they sign a contract. The large company then decides to offer services resulting from a similar algorithm to be trained on the same database. The start-up will be protected by the Data Act from unduly short cancellation of their contract.
Will companies lose control on the data generated by their products?
Companies’ capacity to use data of objects they manufacture remains unaffected. Furthermore, the third party selected by the user compensates the manufacturer for the costs of granting access, i.e. of technical arrangements to make the data available, such as application programming interfaces.
In addition to that, safeguards provided for in the proposal prevent situations where the data is used in any manner that would negatively impact on the manufacturer’s business opportunities. This includes using it to develop a product or related service that would compete with the original data-generating product, or where the data is used by parties without an appropriate basis for the use, through the appropriate technical protection measures.
What is the relation with the data strategy of February 2020?
Following the Data Governance Act, the Data Act proposal is the second main legislative initiatives resulting from the February 2020 European strategy for data, which aims to make the EU a leader in our data-driven society.
While the Data Governance Act, presented in November 2020 and agreed by co-legislators in November 2021, creates the processes and structures to facilitate data sharing by companies, individuals and the public sector, the Data Act clarifies who can create value from data and under which conditions.
The Data Act is the last horizontal building block of the Commission’s data strategy. In line with the Open Data Directive, it is expected that an Implementing Act establishing a list of High-Value Datasets to be made available by the public sector for free and through Application Programming Interfaces (APIs) will be adopted in the coming months.
What is the link between the Database Directive and the Data Act?
The Data Act reviews certain aspects of the Database Directive, which was created in the 1990s to protect investments in the structured presentation of data. It clarifies that this directive cannot be used to prevent data generated by a connected product or related service from being accessed.
Because of the growing rollout of IoT technologies and of the vast volumes of data produced by sensors, data holders could otherwise de facto claim exclusivity over data generated by connected products, which, if unaddressed, would hinder the effective application of the access and portability rights laid out in the Data Act.
How does the GDPR apply to connected objects?
The Data Act is fully consistent with and builds on General Data Protection Regulation (GDPR) rules. This applies in particular to the right to data portability that allows data subjects to move their data between controllers who offer competing services. Under the GDPR, this right is limited to personal data processed on certain legal bases and where technically feasible. The Data Act will enhance this right for connected products so that consumers can access and port any data generated by the product, both personal and non-personal.
How does the proposal relate to the announced data spaces?
As a result of its provisions on data access and use and interoperability, the Data Act will contribute to more data being available, also for and within the sectoral data spaces. For instance, building on the Data Act, the common European energy data space will enhance the interoperability of energy assets and services, as well as the flexibility and the overall security and reliability of the energy system. As part of the Digitalisation of Energy Action Plan, this will contribute to priorities of both the Green Deal and the Digital Decade.
The European data strategy of February 2020 announced the creation of data spaces in 10 strategic fields: health, agriculture, manufacturing, energy, mobility, financial, public administration, skills, the European Open Science Cloud and the crosscutting key priority of meeting the Green Deal objectives. Since then, data spaces in other important areas such as media and cultural heritage have also emerged. The ultimate goal is that together, the data spaces will form a single European data space: a genuine single market for data.
The Staff Working Document on Common European Data Spaces, published together with the Data Act, provides an overview of the common European data spaces. The Commission supports the development of data spaces through its funding programmes (Digital Europe Programme, Horizon Europe, Connecting Europe Facility) Stakeholders in the data economy are encouraged to build up data spaces.
The Commission will further report on the development of common European data spaces in 2023.
Expert Group on B2B data sharing and cloud computing contracts
Together with the adoption of the proposal on the Data Act, the Commission will publish on the Register of the Expert Groups a Call for applications for an Expert Group on B2B data sharing and cloud contracts.
The Expert Group will assist the Commission in developing model contractual terms for B2B data sharing and standard contractual clauses for cloud computing contracts.
The Expert Group will consist of experts in their individual capacity. The deadline for applications is 6 April.