Key Facts about the new draft of the “Data Act

On February 23, 2022, the EU Commission presented the new draft of the so-called Data Act, the “Regulation on harmonized rules for fair access to and use of data”.
The aim of the Data Act is to ensure access to industrial data that is in the interests of all players in the data economy. According to the EU Commission, 80% of the industrial data collected is never used. The Data Act is intended to lay the foundation for an EU-wide data sharing economy and to leverage untapped potential in the development of innovative business models through improved harnessing of industrial data. The EU Commission’s goal here is also explicitly to shift the market power of large companies and platforms that act as gatekeepers to SMEs and consumers. Here you will find a brief summary of the most important contents:

Data use only on the basis of a contract

Non-personal data generated by the use of networked products should only be processed by the manufacturers of the products on the basis of a contract with the users. The user should even be able to demand that the provider make the data available to third parties free of charge and without delay.

Data Sharing – New Challenges in the Development of Smart Products

Users should be given a right to access data generated by them in their dealings with products or services at any time. In this context, the law provides for an “accessibility by design” obligation for product development, according to which products and services are to be designed in such a way that users can directly access user-generated data. If this data cannot be read out directly within the product by the user, providers are obliged to make the data available to the user immediately free of charge – and in individual cases even continuously and in real time.

In addition, manufacturers and providers of relevant products will in future be subject to pre-contractual obligations to provide information regarding details of data use and existing user rights similar to those under the GDPR.

Prohibition of unfair contract clauses in standard contracts with SMEs

The Data Act includes a prohibition on unfair contract terms in standard data use and licensing contracts. The prohibitions are strongly reminiscent of the German law on general terms and conditions and provide for a catalog-like list of contractual contents, the agreement of which can lead to the invalidity of individual clauses or, in extreme cases, the entire contract. In addition to the enumerated clause contents, clauses that grossly deviate from “good commercial practice of data access and data use” are particularly invalid.

Facilitating the change of provider for users

Switching providers in the area of data processing – i.e., cloud and edge services in particular – is to be made much easier for customers in the future. Specifically, the Data Act requires providers to remove all commercial, technical, contractual, and organizational barriers that prevent customers from terminating the contract with 30 days or less notice, contracting with a new provider, transferring the data, applications, and other “digital assets” to another service. To this end, corresponding providers are to be obliged to ensure the interoperability of their services by using open standards and interfaces.

Data access by public authorities

In exceptional cases, the Data Act also provides for a right of access to data by public bodies. The prerequisite for this, however, is that the public body explicitly requests disclosure from a company and approaches the company on the basis of an “exceptional need”. Under the Data Act, such special needs exist in particular in the event of emergencies or insofar as access is necessary for the fulfillment of the authority’s tasks (e.g., pandemics).

Conclusion

The drafting of the Data Act shows that the EU has recognized the relevance of data as a driver of innovation and wants to promote it. However, it seems questionable whether the Data Act in its present form can actually achieve the goal of promoting innovation through decentralization. In addition to desirable approaches to promoting the interoperability of data-processing systems, it contains numerous obligations for companies that are likely to hinder the harnessing of industrial data or reduce investments in corresponding products. This applies in particular to the obligations with regard to the design of new products and services.
It is striking that the Data Act brings the processing of industrial data closer to the processing of personal data in regulatory terms by assigning the right to use the data originally to the user and granting users far-reaching decision-making powers regarding its use. However, no concrete statement has been made on the subject of “data ownership”.

Finally, the Data Act represents a significant encroachment on the contractual freedom of the affected actors in data use contracts, the consequences of which cannot yet be conclusively assessed.
Companies should closely follow the development of the draft law and start implementing the requirements of the Data Act early, especially as it potentially provides for fines of up to EUR 20,000,000 or up to 4% of global annual turnover as under the GDPR.