What impact will the EU Data Act have on the digital economy?

On 23 February, the European Commission proposed the first draft of its new Data Act. It is mainly intended to ensure fairness in the allocation of value from data among actors in the digital economy and to foster data-sharing across sectors. It aims to resist a business model in which data from Internet of Things (IoT) devices is locked in for use only by the manufacturer, or by a few players.

For instance, by accurately tracking the use of smart objects, manufacturers are often able to offer their customers additional services – such as repair and maintenance – even before a problem occurs, making it difficult for new companies to establish themselves in the market, or for established competitors to offer new services.

Europe realised years ago that to create a sustainable data economy, it needed to distribute the value from data better – especially non-personal industrial data and internet of things (IoT) data. The goal of the Data Act is to enable users of connected objects to access their own data – including where incorporated in immovable items such as buildings – and, consequently, to facilitate the development of a broader range of services by third parties with whom the user accepts to share data for a better price or a better quality of services.

However, as recently seen with the EU proposal for the AI Act, striking a balance between protection of citizens’ rights and EU economic competitiveness can be difficult, and it requires complex evaluations. As the President of the EU Commission, Ursula von der Leyen, said early in 2019, it's important to avoid detrimental effects for citizens’ rights and freedoms “preserving high privacy, security, safety and ethical standards”.

The draft legislation is only a part of a major European strategy for data presented by the EU Commission in February 2020. Europe aims to build a genuine single market for data and become a global leader in the data-agile economy. This follows a 2021 resolution through which the EU Parliament urged the EU Commission to present a regulation to encourage and enable greater and fairer flow of data in all sectors. In the same resolution the European Parliament also stressed that market imbalances arising from the concentration of data have several negative effects on digital trade, including competition restrictions, creation of market entry barriers, and contraction of wider data access and use.

The draft proposal aims to ensure that businesses across all sectors are in a position to innovate and compete – without diminishing the safeguards for individuals’ rights. It equips businesses and public sector bodies with a proportionate and predictable mechanism to tackle major policy and societal challenges, including public emergencies – the pandemic being one example.

The Regulation proposal reflects the Commission’s goal to make Europe fit for the digital age. A future-ready economy that works for people will be characterised by a high degree of trust, security, safety and choice for consumers. This proposal intends to support the development of the internal market for data, so that data from the public sector, businesses and individuals is put to the best possible use. For instance, public authorities will be able to promptly and efficiently respond to public emergencies by accessing data held by private companies in certain exceptional circumstances, such as public emergencies, pandemics, floods, or wildfires. Similarly, private companies may be able to offer higher-quality products or services, taking better decision on the basis of more information.

To this extent, the Data Act aims to increase legal certainty around the sharing of data generated by the use of certain products or services, as well as operationalizing rules to ensure fairness in data sharing contracts. The Commission’s intention is that the proposal should facilitate access to data by both consumers and businesses, while motivating investors in new data-driven businesses. To enhance the level of trust in data processing services among users, the proposal sets safeguards against unlawful data transfer.

The Data Act has been designed in order to be consistent with existing rules, including those on the processing of personal data, such as the EU GDPR and the EU ePrivacy Directive, and those regulating other – but strictly related – aspects of the digital economy. The EU Commission has clearly stated that the proposal will not affect existing rules in the areas of intellectual property (with an exception concerning the Database Directive), competition, justice, and home affairs and related international cooperation, trade-related obligations, or the legal protection of trade secrets.

The proposal seeks to increase legal certainty for users and businesses, by requiring manufacturers and designers to design products in a way that makes the data they collect easily accessible by default. The proposal imposes an obligation for the data holder to make data available to third parties upon the request of the user. In simple terms, users will be allowed to ask the data holder to give access to their data to other businesses, including providers of aftermarket services or competitors – although small and micro enterprises (SMEs) will be exempt from these obligations.

The draft also sets out general rules about the obligation to make data available. When a data holder is obliged to make data available to another company, there must be fair and non-discriminatory conditions and reasonable compensation. The proposal also provides for the implementation of dispute settlement bodies which may help parties that disagree on the compensation or conditions to come to an agreement.

The EU Commission addresses unfairness of contractual terms in data-sharing contracts between companies, with focus on situations where there is an imbalance in negotiating powers between parties, such as where contractual terms are unilaterally imposed by one party on a SME. Similarly to what already happens in the consumer protection field, to protect the weaker contractual party, the Act introduces an unfairness test with unfairness impeding the use of data by both contractual parties. With these provisions, the Commission intends to ensure a fairer allocation of value in the data economy.

The Data Act regulates outside cloud providers by introducing minimum regulatory requirements of contractual, commercial and technical nature, on providers of cloud and other data-processing services. These provisions are intended to allow users to switch between such services without losing functionality.

Finally, the proposal addresses unlawful third-party access to non-personal data held in the EU. Providers will be obliged to take all reasonable technical, legal and organisational measures to prevent such access that conflicts with competing obligations to protect such data, unless strict conditions are met.

With its new legislative proposal, the EU has made clear – once again – that new technologies and new digital services come with both the potential to transform our world for the better and, at the same time, potential risks to our fundamental rights.

The new regulation tries to respond to the needs of the digital economy, to remove barriers to a well-functioning internal market for data, and to promote a fair exchange by setting a harmonised framework specifying who, other than manufacturers or other data holders, is entitled to access the data generated by products, under which conditions and on what basis. With this proposal, which will surely be subject to several adjustments in the coming months, the EU has started to create a clear and safe framework for companies in the digital sector to facilitate innovation and build trust with customers and users.