The EU Data Act – Promising Approach or Further Obstacles?

The new EU Data Act is just around the corner. Promising approach or further impediments? We have already had a look at the design.

The regulation of digitization and data use is gaining new momentum. On February 23, 2022, the European Commission is expected to present the final draft of the Data Act, also known as the “Regulation of the European Parliament and of the Council on ensuring fairness in the allocation of value across the data economy” (“Data Act”).
We have already taken a look at the draft, which has not been officially published.

The Data Act is one of the European Commission’s many legislative initiatives as part of its data strategy aimed at improving fair access to and use of data. In this way, the European single market for data is to be strengthened across all sectors. Unlike the GDPR, the focus here is not on personal data, but on data in the true sense and thus on all digital representations of actions, facts or information.

The addressees are all companies active in the EU that collect data, process it, use it in their products or offer related services. This means that almost all companies that use data in some way for business purposes fall within its scope. Only micro and small enterprises are explicitly excluded.
Here are the main points:

• Data Access By Default: Products and services must be designed to provide users with easy access to the data generated by their use.
• Right of access to data: Companies are obliged to provide “users” (individuals or organizations) with access to the data they have helped to create. The idea is to provide access “in real time” and free of charge.
• Improved interoperability: Users should be able to switch between different providers easily and free of charge.
• Gatekeepers: So-called gatekeepers (providers of large online platforms) may not ask users to share their data with or receive data from gatekeepers. The term gatekeeper is defined in this context by the separate Digital Markets Act.
• Sanctions: Enforcement of the Data Act is the responsibility of the authorities of the member states. In this context, violations are to be sanctioned, with any sanction requirements to be determined by the member states at the national level. It is expected, however, that the data protection authorities will also be able to impose sanctions for certain violations in accordance with the fine provisions of the GDPR.

Outlook

The target direction is correct. To boost the data economy in Europe, it is essential that the commercial use of machine data is opened up to the market and accompanied by clear rules. The approaches to create a certain interoperability is also very useful. However, many practical aspects are open.

The obligation to share self-generated data is a clear encroachment on contractual freedom. A close examination of proportionality is appropriate here. It should also be borne in mind that such a sharing obligation naturally lowers the willingness to invest in generating high-quality data.

High-value data are valuable trade secrets in many areas, and the draft so far contains only rudimentary approaches to protection. Although shared data may not be used for the development of competing products, it is also unclear how compliance with this obligation is to be ensured.

It remains exciting to see what content will ultimately make it into the release in just under two weeks. One thing is certain: the Data Act will result in numerous obligations for digital companies and will require extensive process adjustments in the long term.