Technology | Proposal for Data Act published by the European Commission
The main objective of the Data Act is to ensure increased access to data for all, thereby contributing to innovation and the removal of market barriers hindering the full realization of the potential value of data among businesses, consumers, and the public sector. The Act is not only of relevance to EU Businesses, particularly IoT providers and SMEs who may, as a result, obtain greater access to data and thus better compete on the market, but also public sector bodies who may access data held by data holders in situations where there is an exceptional data need. The Data Act reviews certain aspects of the Database Directive and clarifies that databases containing data from connected devices (Internet-of-Things devices) should not be subject to separate legal protection under the Database Directive 96/9/EC. This facilitates access for users of IoT-devices to data generated by their own use and enables them to share such data with third parties. The proposed Data Act also reinforces data portability by providing a set of interoperability requirements for operators of data spaces and providers of data processing services.
The Data Act contributes to increased data safety, by reiterating the safeguards set out by the GDPR for the protection of personal data, in addition to providing safeguards for the protection of non-personal data to prevent unlawful transfers of data by cloud service providers. The Data Act also contributes to increased fairness in relation to access and use of data as a valuable resource by way of measures preventing abuse of contractual imbalance in data sharing contracts, shielding Small- and Medium-sized Enterprises (SMEs) from unfair contractual terms unilaterally imposed by a party with a significantly stronger bargaining position.
The Data Act builds on and supplements the existing rules and regulations regarding access and use of various types of personal and non-personal data, providing the first proposed basis for harmonized rules relating to all data generated within the EU, across economic sectors, and regardless of the type of data. The current legal text of the Data Act, as proposed by the European Commission, may be subject to amendments before it is finally approved by the European Parliament and adopted by the European Council. For the time being, it is entirely unclear when the Data Act can be expected to enter in to force in the EU or subsequently in the EEA. Once an EU Act is adopted, EEA EFTA experts review whether the act is of EEA relevance and, if so, whether any adaption is required in the Joint Committee Decisions before its incorporation into the EEA Agreement, as well as whether any constitutional requirements are likely.
BAHR works closely with technology companies at the forefront of digitalization and use of data. A sound framework for access to data is required to secure value creation from utilization of data and we will continue to follow the developments in Norway and the EU closely.