The Data Act was published in the Official Journal of the EU on 22 December 2023 and it will become applicable on 12 September 2025. [1] The Data Act also includes measures to increase fairness and competition in the European cloud market as well as to protect companies from unfair contractual terms related to data sharing imposed by stronger players. It also establishes a mechanism through which public sector bodies can request data from a business where there is an exceptional need, for example in public emergency situations, and provides clear rules on how such requests should be made. In addition, it introduces safeguards to avoid that government bodies from third countries can access non-personal data where this would go against EU or national law. Finally, the Data Act defines essential requirements regarding interoperability to ensure that data can flow seamlessly between sectors and Member States, facilitated by Common European Data Spaces, as well as between data processing services providers.
In particular, the Data Act aims to protect all European businesses seeking to acquire data, in particular SMEs, against unfair contractual terms through its measures to intervene in situations where, for example, one of the businesses is in a stronger bargaining position (e.g. due to its market size) and imposes a non-negotiable term (‘take-it-or-leave-it’) related to data access and use on the other. The Data Act might be indirectly relevant to the FAME platform on two aspects: accruing availability of non-personal data and extended possibilities regarding the use of cloud services.
[1] Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
Legal basis for Data Act
The data act generally applies to data generated from products. This concerns the performance, use and environment of connected products and related services.
Key Definitions
- Product data: data generated by the use of a connected product that the manufacturer designed to be retrievable, via an electronic communications service, physical connection, or on-device access, by a user, data holder or a third party, including, where relevant, the manufacturer.
- Connected product; an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user.
- Customer; a natural or legal person that has entered into a contractual relationship with a provider of data processing services with the objective of using one or more data processing services.
- Related service; data representing the digitisation of user actions or of events related to the connected product, recorded intentionally by the user, or generated as a by-product of the user’s action during the provision of a related service by the provider.
- Data processing service; digital service that is provided to a customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction.
- Data intermediary service; a service which aims to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal, or other means,
- User; a natural or legal person that owns a connected product or to whom temporary rights to use that connected product have been contractually transferred, or that receives related services.
- Data holder; a natural or legal person that has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation adopted in accordance with Union law, to use and make available data, including, where contractually agreed, product data or related service data which it has retrieved or generated during the provision of a related service.
- Data recipient; a natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation adopted in accordance with Union law.