EU Data Act – Everything you need to know now about the EU data law

Who is allowed to do what with data?

One of the most frequently asked questions will be answered in more detail with the help of the EU Data Act. Today, more and more devices are collecting user data. From cars, toothbrushes and Alexa to wind turbines linked to the weather forecast, not only is data being collected, but more and more data is being networked. Data use, access and even the sale of data have been inadequately regulated.

Data and great business opportunities

Data is at the heart of the digital economy, because from search engines to industrial plants, large machines or household appliances, the data generated has a very high economic value. However, to date, it can hardly be exploited and is in the hands of a few large companies. As some may imagine, the image of a typical data-collecting company has great potential to add value if only it is properly regulated. And this is where the EU

Data Act comes in. Who does the Data Act apply to?

• The product manufacturers and providers of related services
• The users of the products and services
• Data Controllers providing data to recipients in the European Union
• The public bodies, institutions and agencies of the European Union
• The providers of data processing services to customers in the European Union
• Special rules apply to microenterprises, SMEs and gatekeepers

What changes in usage due to the Data Act?

The Data Act is intended to give consumers and companies more control over their data and ensure that it can be put to better economic use. In exceptional cases, such as environmental disasters, governments are to be able to access data from the private sector.

Fundamental changes and new market developments

“This data law can fundamentally change the situation and ensure that there is easier access to the almost infinite amounts of data available. We estimate that an additional 270 billion euros can be generated in this way by 2028,” said Pilar del Castillo Vera (EPP/Spain), who led the negotiations for the Parliament.

The goals of the Data Act

1. The legal framework clarifies who can create value from data and under what conditions.
2. The data law is intended to ensure consistency between access rights, which are often developed for specific situations and with different rules and conditions.
3. The law will require technology companies to prevent illegal access to data stored with them. In addition, the major technology companies are to establish rules that make it easier for users to switch providers.
4. The EU Data Strategy aims to create an open market for data that spurs innovation and promotes competition.

What does that mean in concrete terms?

• The principle applies that every user, whether a private person or an entrepreneur, should have access to the data they have contributed to generating.
• Increased legal certainty should lead to greater participation in the data economy.
• The measures to prevent abuse of contractual imbalances are intended to assist market participants in developing fair data-sharing contracts.
• Faster responses to public emergencies by public agencies accessing and using private sector data and acting in the public interest.
• Right framework to be able to switch between different data processing service providers in the EU cloud market.

Important changes for consumers

More rights for consumers: The rules on using data generated by Internet of Things (IoT) devices are intended to create more fairness. For example, car owners will be able to decide for themselves in the future whether the insurance company can analyze their own data or not. Consumers will also be given more rights if their data is passed on illegally by a cloud provider.

Regulation on use: The law will allow companies to use the data in a legally compliant manner for the further development of products, and basic consumers will also be able to turn the data collected by their devices into money.

More competition: Simplified transferability of data to and between service providers will mean that more (and also smaller) players will participate in the data economy, contributing to the market economy and developing innovations. According to the EU Commission, 80 percent of the industrial data generated is not used today, despite the enormous potential for growth and innovation. This could change with the data law.

No strengthening of data power: The transfer and receipt of data to companies such as Meta or Google, on the other hand, is ruled out to limit the data power of the large technology corporations and strengthen small businesses and SMEs.

Are company secrets at risk?

The EU Data Act is also expected to provide access to relevant data for aftermarket services, making repair and maintenance offers cheaper and extending the life of connected products. One concern is that the Act could oblige companies to share secrets, making European firms less competitive.

Where do we go from here with the Data Act?

Following a political agreement between the Parliament and EU government negotiators on 28.06.2023, the Data Act is now subject to formal approval. Once approved, it will enter into force 20 days after publication of the Official Journal and will become effective after 20 months.

The Data Act is a pillar of the legislation adopted by the EU Commission and will be clarified in interaction with the Data Act and applicable horizontal and sectoral legislation, such as the Data Governance Act and the General Data Protection Regulation (GDPR).

HWData – Your contact for more data protection

Feel free to email or call us if we can assist you with your data protection needs. From Legal as a Service to external data protection officer, we are there for you. You can also find more information on our website.