The new EU Data Act – game changer or just more red tape?

In February 2022, the European Commission (“Commission”) published its proposal for a new Data Act (“Data Act”) which seeks to improve a user’s right to access and exploit data generated from their use of digital products and related services.

The Data Act is the second main legislative initiative (after the Data Governance Act) resulting from the EU’s strategy for data published in February 2020, which aims to make the EU a leader in a data-driven society. In keeping with this strategy, one of the main objectives of the Data Act is to promote a competitive data market and drive innovation by unlocking the economic and societal potential of data and technologies.

The Commission has estimated that a staggering 80% of industrial data is never used, yet this data can be used for “non-rival good”, meaning it can be used at the same time by many individuals without impacting the quality of the data or depleting its supply. By improving users’ right to access this data and operationalising rules to ensure fairness in the digital environment, it is envisaged that new opportunities for data driven innovation will open up, which the Commission estimates could create an additional €270 billion of GDP by 2028.

Main proposals

The main proposals of the Data Act are set out in the Commission’s paper dated 23 February 2022 here. In summary, the proposals being introduced include:

1. Measures to allow users of connected devices to gain access to data generated by them and to share that data with third parties, for example with service providers who offer aftermarket and value-added services. This will give third parties an equal chance to compete with manufacturers for comparable services by using data to inform and improve their services;
2. Measures to allow access to, and use of, data by public sector bodies where there is an exceptional data need, such as in the case of public emergency, but also where business-government data sharing can be justified;
3. Measures to rebalance negotiation power for SMEs by imposing restrictions on the use of unfair contract clauses in data sharing contracts. The Commission also intends to develop model contractual terms in order to help SMEs draft and negotiate fairer data sharing contracts;
4. New rules allowing customers to switch between different cloud and edge service providers, which is intended to promote access to competitive and interoperable data processing services; and
5. Putting in place safeguards against unlawful data transfers by cloud service providers without notification, which is intended to protect against unlawful access to data by non-EU governments.

What’s next?

The Data Act is still at a very early stage of the legislative process. The feedback period recently closed on 13 May 2022 and the proposal will now be passed to the European Parliament and Council for legislative debate.

Comment

This is an ambitious proposal from the EU which potentially impacts a number of different areas including the existing protections for personal data (contained largely in the GDPR), the law of confidence and trade secrets and also IP rights – notably the protection of databases through the database right.

Whilst the Commission’s proposal for a new Data Act clearly demonstrates its awareness of the competitive advantage access to data can bring and the need to create a fairer and more competitive marketplace in order to encourage a wider data economy, a number of questions and concerns have been raised, particularly by manufacturers who will inevitably experience a loss of control over the data they hold. These issues include the extent to which data needs to be made available, on what terms, and the impact this could have on a company’s trade secrets; the opportunity for companies to abuse the disclosure obligation to create competing products; the potential dilution of database rights; and determining what terms are considered “unfair” when imposed on SMEs.

We expect these issues will be the subject of extensive debate in the next stages of the legislative process. There is however clearly a fine balance between allowing access to data and ensuring that this new legislation does not create any unnecessary hurdles to entry to the EU market.

The UK’s position

Whether or not the UK will follow a similar legislative framework is uncertain but seems unlikely.

It was announced in the Queen’s Speech on 10 May 2022 that the UK government will be introducing a Data Reform Bill for the purpose of reforming the UK’s existing data protection regime which is currently modelled on the EU General Data Protection Regulation. One of the aims of this legislation is to reduce the burden on business of regulatory compliance although the UK government also aims to help innovation and facilitate data sharing.

This seems to suggest divergence from the EU data protection regime, however, the extent to which the two regimes diverge, remains to be seen.

One thing for UK businesses to keep an eye out for however is the extent to which this new EU legislation will impact them. It is for example likely to apply where the UK business has an office in the EU but it may also apply to the extent that the UK business does business in the EU.  If you have any questions about this topic, please contact Nick Phillips or Selina Clifford.

If you aren’t receiving our legal updates directly to your mailbox, please sign up now