The Council of the EU has agreed its approach to the EU Data Act. This follows the Data Governance Act adopted in 2022, which was part of the European Commission’s February 2020 European strategy for data.
The Data Governance Act creates the processes and structures to facilitate data sharing by companies, individuals and the public sector. Meanwhile, the Data Act clarifies who can create value from data and under which conditions.
Member states have now reached a common position allowing the Council to enter negotiations with the European Parliament on the proposed Data Act. Although called an Act, it takes the form of a Regulation.
The Data Act aims to give both individuals and businesses more control over their data through a reinforced portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices. The proposed legislation also aims to provide consumers and companies with the ability to direct how the data generated by their connected products can be used. It also proposes new rules on who can use and access data generated in the EU across all economic sectors. It aims to ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible to all.
The proposal also aims to make switching between providers of data processing services easier, puts safeguards in place to prevent the unlawful data transfer by cloud service providers and providers for the development of the interoperability standards for data to be reused between sectors.
The Council’s common position maintains the general aims of the Commission’s proposal:
- measures to allow users of connected devices to gain access to data generated by those products, which is often exclusively collected by manufacturers;
- measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with a significantly stronger bargaining position;
- means for public sector bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly if there is a public emergency, such as floods and wildfires, or to implement a legal mandate if data is not otherwise available; and
- new rules allowing customers to effectively switch between different cloud data-processing service providers and putting in place safeguards against unlawful data transfers.
The Council’s text amends various parts of the Commission’s proposal, including:
- a clearer definition of the scope of the Data Act, especially about Internet of Things data, where the focus is now on the data collected by connected products instead of the products themselves;
- clarification on the interaction between the Data Act and the Data Governance Act and the GDPR respectively;
- the protection of trade secrets and intellectual property rights, and appropriate safeguards against abusive behaviour;
- additional guidance on reasonable compensation for making the data available and dispute settlement mechanisms;
- fine-tuning on data sharing requests by public sector bodies based on exceptional needs; and
- clearer and wider provisions on effective switching between data processing services.
Next steps
The agreement on the Council’s common position will allow the Swedish presidency to enter negotiations with the European Parliament on the final version of the proposed legislation.