July 30, 2024 | Max Atallah

Data

Unlocking Data Opportunities: An overview of the Data Act

Unlocking Data Opportunities: An overview of the Data Act

The Regulation on harmonised rules on fair access to and use of data, also known as the Data Act, is a key element of European Union (EU) data policy and, as its name suggests, aims to improve fair access to and use of data in the EU. The regulation entered into force on 11 January 2024 and will apply from 12 September 2025.

The need for regulation has arisen particularly as a result of the spread of network connected products. Indeed, network connected products significantly increase the amount of data available for re-use in the EU, which in turn offers huge opportunities for innovation and competitiveness in the EU.

Objectives of the Data Act

The objectives of the act are:

  • improve access to data for all.
  • ensure that the value derived from data is fairly distributed among actors in the digital environment.
  • promote the competitiveness of data markets.
  • open up opportunities for innovation.

Content of the Data Act

The regulation specifies who can use what data and under which conditions. A key element of the regulation is the obligations imposed on data holders regarding the opening and sharing of data. The Data Act obliges data holders to give individuals and businesses the right to access data generated through the use of connected objects, machines and devices. Users of connected products will therefore be able to share this information with third parties if they so wish, allowing aftermarket service providers to improve and innovate their services.

The aim is therefore to avoid the concentration of data solely in the hands of manufacturers, to create new opportunities to use data and to promote fair competition. In addition, the new rules aim to facilitate the seamless transfer of valuable data between data holders and users while maintaining data confidentiality.

In certain situations, the data holder is also obliged to provide the data to public sector actors. In addition to these, the Act includes among other things provisions to increase fairness and competition in the European cloud market and facilitate the exchange of data processing services.

Practical Effects of the Regulation

1.      Internally within Companies

In order for a company to fulfil its obligations under the Regulation, it must first understand the situation in which it is a data holder, data user or possibly a third party. This status may vary from case to case and the same party may be both the data holder and the user at the same time. Thus, companies should clarify internally what position the company occupies in different relations.

Secondly, it is important for companies to distinguish between data subject to the sharing obligation and data that is further processed and intended exclusively for the company’s use. As a rule, data sharing obligations apply to data generated by the use of a product or service and not, for example, to processed data.

2.      Business to Consumers Relationships

In order to fulfil the data sharing obligation, companies must in future design and offer network-connected products and related ancillary services primarily so that the data they collect is by default available to the user free of charge, easily and securely. For example, a consumer should have access to data produced during the use of the car.

In addition to technical changes, data holders must implement these aspects in their contract templates. The data holder must have an agreement with the user that defines the rights of use, use and sharing of the data produced by the connected product or related services. It should be noted that the data holder cannot use the non-personal data generated by the product without the user’s consent. Therefore, for instance, surrounding temperature data cannot be utilized without an agreement with the user.

3.      Business to Business Relationships

When the user exercises the right to share data with a third party, the data holder also incurs obligations towards that third party. Among other things, the data holder must make the data available at the user’s request on fair, reasonable, and non-discriminatory terms.

Notwithstanding the above, data holders may request fair compensation for making data available to another company and trade secrets allow, under certain conditions, a limited right to withhold data sharing. The third party receiving the data, on the other hand, cannot use the data received from the data holder to, for example, develop a competing product connected to the network and may only process the data made available to it for purposes agreed with the user and on terms agreed with the user.

Finally

The Act can be seen as promoting European digital readiness and unifying the European single market for data. The regulation imposes significant obligations on data holders, which means that, for example, device manufacturers must take into account aspects related to data sharing and management at all stages of the product life cycle. It enables users to compete for services and eliminates supplier dependency based on technical barriers and contracts. The regulation thus unlocks huge economic potential and enhances the adoption of use of data, while opening up new market opportunities for businesses and citizens.

Our Associate Trainee Adeliina Sulkanen took part in writing this article.

Nordic LawPioneer in Web3 and Fintech law