On February 23, 2022, the European Commission proposed a new set of rules on the use and access of data stemming from the EU. As the amount of data generated and accessed continues to grow astronomically, the EU Data Act looks to set a regulatory standard around the access of data by different parties. 

The goal is to empower consumers, businesses, and public sector bodies with data access rules. 

Maragrethe Vestager, EVP, A Europe Fit for the Digital Age, said: “We want to give consumers and companies even more control over what can be done with their data, clarifying who can access data and on what terms…”

What are the key highlights of the EU Data Act?

This new regulation comes on the heels of the Data Governance Act launched in December 2021, as the second legislative initiative under the European Strategy for Data, which, as the European Commission states, “focuses on putting people first in developing technology and defending and promoting European values and rights in the digital world”. 

The press release from the European Commission mentions the points below as key inclusions of the Data Act.

• Device users (individual or enterprise) will have access to data generated by their devices, with manufacturers transparent about this information. 
• These users can also enable third parties to access their data for value-added services (predictive maintenance, energy management, etc.), but are restricted from creating competing products or services from the data. 
• Data controllers will be incentivized to generate and provide high-quality data to their consumers. Contract standards are also set to prevent the exploitation of businesses.  
• In the case of a public emergency, such as a natural disaster or national security threat, public sector bodies will have easier access to the necessary private sector data.  
• New rules will facilitate customers switching between cloud-based data processing services, easing this process, along with safeguards to prevent unlawful data transfers. 

Who does the EU Data Act affect?

 The Data Act applies to the following parties:

• IoT and other connected products/services manufacturers in the EU 
• Users (Individual and Enterprise) of these products and services 
• Data recipients in the EU 
• Public sector bodies in the EU 
• Providers of data processing services who offer these services in the EU

What does this mean for businesses?

With more control over their data and more avenues to share data, businesses will now be empowered to innovate around the data-driven aspects of their products/services. 

The new standard contractual clauses in place will also allow for more balanced data-sharing contracts.

Overall, companies that offer connected products or services will need to look at the effects that increased user access and third-party sharing will have and focus on enabling processes to facilitate these new movements of data as stipulated by the EU Data Act. 

Further resources on legislation related to the European Strategy on Data: 

• OneTrust DataGuidance News: EU Commission publishes Data Act
• European Commission Press Release: Data Act: Commission proposes measures for a fair and innovative data economy 
• European Strategy on Data: A European Strategy for Data 
• OneTrust Blog on DGA: Agreement Reached on EU Data Governance Act 
• Data Act Summary from Reed Smith: What, another EU Data Act?

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on the EU Data Act and related legislation.