1. What is the Data Act?
The Data Act is an EU regulation designed to regulate access to and use of data within the EU. The aim is to create a fair, transparent and innovative data market. Until now, a lot of data has been difficult for users and companies to access as it has often been kept secret by device manufacturers or service providers who generate this data.
2. To who and to what does the Data Act apply?
The Data Act applies to B2B and B2C, as well as to personal and non-personal data.
The Data Act is of particular practical importance for
- Manufacturers of connected products and connected services from the Internet of Things (IoT) (e.g. smart fridge and associated app)
- Users of connected products and connected services and
- Providers and users of data processing services (e.g. cloud and edge services)
What these products and services all have in common is that data is constantly being generated during their use, which the Data Act is intended to make visible to the user or third parties. Previously, this was often reserved for manufacturers or service providers.
3. The most important aspects of the Data Act
3.1 Easier access to data
- Consumers: If a smart device, such as a fitness tracker or a smart fridge, collects data, this data can now be accessed more easily by the users themselves and not just by the manufacturers. This means that independent repair services, for example, can access the necessary data to repair devices.
- Companies: These can combine data from different sources to develop better products and services. This allows companies to utilise data from different devices to make them more efficient.
3.2 Protection against unfair contractual clauses for SMEs
The Data Act protects SMEs from disadvantageous contractual terms that could be imposed by larger companies. Contractual clauses that are one-sided and unfair are now prohibited. This is intended to ensure that all market participants have fair opportunities.
To this end, Art 13 (3) Data Act provides for a general clause according to which a provision is deemed to be unfair if its application constitutes a deviation from good business practice in data access and use or is contrary to the principle of good faith.
Art 13 (4) and (5) of the Data Act also contains a blacklist and a greylist. The contents of the clauses listed in the blacklist are in any case considered abusive, while those contained in the greylist are a weakened form of the contents of the blacklist.
3.3 Use of data by the public sector
In emergencies, such as natural disasters, public authorities should be allowed to access data from private companies in order to be able to react more effectively. This can be life-saving if, for example, real-time data on traffic flows or weather conditions is required.
3.4 Data security and protection against abuse
The Data Act contains strict rules to ensure that data is handled securely and in accordance with data protection laws (in particular, the EU GDPR). More than ever, companies must ensure that data is not accessed without authorisation and that it is protected against misuse.
4 Impact of the Data Act
Consumers: The Data Act will make consumers' lives easier by improving access to their own data and enabling new, more cost-effective services. For example, if a smartwatch becomes faulty, an independent repair service can gain access to the necessary data to repair the watch, where previously the manufacturer's repair service had to be used.
Companies: SMEs in particular will benefit from the new rules. They will have easier access to data that is necessary for the development of new products and services and that has often been deliberately kept under lock and key by large companies. This should promote innovation and competition.
Overall, the Data Act is expected to contribute to economic growth in order to keep the EU competitive. In addition, easier access to data should lead to more efficient and sustainable business models.
5. Conclusion
The Data Act is a step towards a more open and fairer data market. It is intended to ensure that consumers and companies have better access to data, while at the same time protecting against misuse and unfair practices.
The implementation of the new rules will also pose challenges, as the IT industry in particular is critical of the Data Act.