(Data)sharing is caring
Adoption of the so-called “Data Act” continues to move forward at EU level. The aim of the proposed rules is to boost innovation by removing barriers blocking access to data for consumers and companies. More specifically, the intention is for the rules to contribute to the development of new services, namely within the AI sector. Companies can expect that the new rules will apply one year after entry into force.
Data is the new oil. For that reason, the EU is also looking to harmonize the rules on fair access to and use of big data within the EU.
One of the pillars of the future framework includes the “Data Act”. This legal framework aims to make sharing and using industry data easier. By doing so, the expectation is that the market will become more competitive through, for example, lower prices and new opportunities for services relying on data access.
Companies that may become subject to the new rules as data holders, users, or recipients, include:
- Manufacturers of products, suppliers, and users within the EU
- Data holders that make data available to recipients within the EU
- Data recipients in the EU receiving such data
- Providers of data processing services within the EU (e.g., cloud solutions)
Exceptions are proposed for smaller companies.
Companies must enable user access, and more
Pursuant to the proposed rules, the aim includes to:
- Facilitate data sharing with companies and users
- Allow for the use of data by public authorities if necessary
- Facilitate switching between data processing services
- Establish interoperability standards
- Create safeguards against unlawful access by third countries to non-personal data
One way of ensuring these rights in practice will be through an information obligation. Accordingly, before concluding a contract, companies must provide the user with a range of details, in a clear and comprehensible format. Information will include details on:
- The nature and volume of data likely to be generated
- Whether data is likely to be generated continuously and in real-time
- How the user may access those data
- The intended use of the data by the manufacturer or via a third party
- Whether the seller is the data holder or, if not, the identity of the data holder
- How the user may request the data to be shared with a third party
- How to communicate with the data holder quickly and efficiently
- The right to lodge a complaint with the competent authority
One example of how the new rules will impact the market is, therefore, that users will be entitled to access data generated by the use of products or services. As the information obligation shows, users can also request for that data to be made available to third parties. Data sharing must be completed without undue delay, free of charge to the user, and be of the same quality as that available to the data holder.
Companies will still have the capacity to use the data from manufactured products. This right is not affected by the proposed rules. However, as a protective layer, safeguards will apply so that shared data will not negatively impact business opportunities, such as the development of a competitive product or service.
IUNOs opinion
Data sharing will cover personal as well as non-personal data. Therefore, once adopted, companies should prepare guidelines to ensure compliance with the data protection principle, especially with focus on data minimization, all while adhering to and benefitting from the proposed rules.
IUNO recommends that companies follow the process closely, as the rules will only allow for one year to adapt once adopted. It remains unclear to what extent smaller- and medium-sized companies will be exempt from the rules. However, this group of companies can begin to understand the contractual safeguards the proposed rules would introduce, if adopted.
[Proposal for an EU Regulation on Harmonized Rules on Fair Access to and use of Data (Data Act) of 23 February 2022]
Data is the new oil. For that reason, the EU is also looking to harmonize the rules on fair access to and use of big data within the EU.
One of the pillars of the future framework includes the “Data Act”. This legal framework aims to make sharing and using industry data easier. By doing so, the expectation is that the market will become more competitive through, for example, lower prices and new opportunities for services relying on data access.
Companies that may become subject to the new rules as data holders, users, or recipients, include:
- Manufacturers of products, suppliers, and users within the EU
- Data holders that make data available to recipients within the EU
- Data recipients in the EU receiving such data
- Providers of data processing services within the EU (e.g., cloud solutions)
Exceptions are proposed for smaller companies.
Companies must enable user access, and more
Pursuant to the proposed rules, the aim includes to:
- Facilitate data sharing with companies and users
- Allow for the use of data by public authorities if necessary
- Facilitate switching between data processing services
- Establish interoperability standards
- Create safeguards against unlawful access by third countries to non-personal data
One way of ensuring these rights in practice will be through an information obligation. Accordingly, before concluding a contract, companies must provide the user with a range of details, in a clear and comprehensible format. Information will include details on:
- The nature and volume of data likely to be generated
- Whether data is likely to be generated continuously and in real-time
- How the user may access those data
- The intended use of the data by the manufacturer or via a third party
- Whether the seller is the data holder or, if not, the identity of the data holder
- How the user may request the data to be shared with a third party
- How to communicate with the data holder quickly and efficiently
- The right to lodge a complaint with the competent authority
One example of how the new rules will impact the market is, therefore, that users will be entitled to access data generated by the use of products or services. As the information obligation shows, users can also request for that data to be made available to third parties. Data sharing must be completed without undue delay, free of charge to the user, and be of the same quality as that available to the data holder.
Companies will still have the capacity to use the data from manufactured products. This right is not affected by the proposed rules. However, as a protective layer, safeguards will apply so that shared data will not negatively impact business opportunities, such as the development of a competitive product or service.
IUNOs opinion
Data sharing will cover personal as well as non-personal data. Therefore, once adopted, companies should prepare guidelines to ensure compliance with the data protection principle, especially with focus on data minimization, all while adhering to and benefitting from the proposed rules.
IUNO recommends that companies follow the process closely, as the rules will only allow for one year to adapt once adopted. It remains unclear to what extent smaller- and medium-sized companies will be exempt from the rules. However, this group of companies can begin to understand the contractual safeguards the proposed rules would introduce, if adopted.
[Proposal for an EU Regulation on Harmonized Rules on Fair Access to and use of Data (Data Act) of 23 February 2022]
Similar
Expensive right of access requests
Seven commandments when closing the business e-mail account
Unfair design practices resulted in a 345 million euro fine
Accessible personnel files resulted in a data breach
Deadline to establish whistleblower schemes for medium-sized companies approaching
New guidance from the Danish Data Protection Agency on direct marketing