With the advent of the digital economy, industrial and commercial data is increasingly becoming a critical source of innovation and value. Moreover, it is now clear that data is an important currency in today’s world with its global volume expected to grow at a fast pace in the next years (530% increase by 2025 compared to 2018). Recent developments in technologies that rely extensively on this data such as cloud computing, the Internet of Things (IoT) and Artificial Intelligence (AI) confirm this trend. Hence, the need for the EU to discipline the use of data under a strong legal framework while ensuring high privacy, security and ethical standards.
In 2020, in attempting to present itself as a role model for a society empowered by data, the European Union presented its Strategy for Data. The strategy intends to create a single market of data where, under fair and clear EU rules, data could be exchanged across sectors ensuring Europe’s global competitiveness and data sovereignty.
Against this backdrop, on Wednesday 23 February, the Commission presented its proposal for a Data Act. The proposal complements the Data Governance Act, another legislative initiative directly related to data which dates back to November 2020. While the latter defines the data-sharing architecture and governance, the Data Act introduces provisions on how non-personal data can be accessed and shared.
The Regulation on harmonised rules on fair access to and use of data (Data Act)
In October 2021, the European Commission’s Regulatory Scrutiny Board rejected the Commission’s first attempt to present the act as it did not provide sufficient information on the conditions for public bodies to access private data. After being given the green light by the Board, the Act was finally presented on Wednesday.
The goal of the proposal is to promote access to and use of data as well as to guarantee fairness in the distribution of data value among players within the data economy. The Regulation also intends to maximise the economic value of data by ensuring that more actors have control over it and that it could also be used for innovation. Its provisions are directed towards providers of digital services and manufacturers of connected products (such as IoT technologies), consumers or business users of such services and products, the public sector and providers of data processing services (cloud services) in the EU.
Specifically, the proposal aims to set harmonised rules on data sharing, on conditions for access to data by public bodies, on cloud switching and interoperability, as well as on international data transfers.
As far as data sharing is concerned, the Commission sets out data-sharing obligations for data holders – manufacturers of connected products and providers of related services. Data holders would need to provide access to their data in an ‘easy, immediate and free of charge’ fashion. This provision has already raised some concerns linked to data ownership and, specifically, regarding who among the manufacturer, the user or third parties owns and can access data generated by this kind of technology.
Users, on the other hand, may choose to share data with authorised third parties, who, in turn, will not be allowed to exploit it to develop competing products. Here, third parties would need to adhere to specific measures to ensure consent to data sharing is not extorted.
The proposal would also impose on companies the obligation to share data with public authorities under specific circumstances. Access to data would be allowed limited to the most pressing social needs where no other means to access data is available (including threats to the environment, public health and security).
The initiative envisages specific rules for cloud and data processing services to further facilitate switching between services. It also calls for further implementing acts to adopt common specifications to address the lack of harmonised standards to increase interoperability.
Finally, the proposal calls for cloud services to take technical, legal and organisational measures to prevent the international transfer of data with countries whose legislation is in conflict with EU or national laws.
European Data Spaces
On Wednesday, the Commission, along with the Data Act, presented a document on the current status of common European data spaces, a further element envisaged by the EU Data Strategy announced back in 2020. Given the importance of data, the EU has promoted the development of common data spaces bringing together relevant governance frameworks and data infrastructures to facilitate data pooling, processing and sharing across the EU. More than 10 sectoral data spaces have been developed in as many strategic sectors and areas of public interest, such as health, agriculture, mobility and manufacturing. Each sectoral data space has its own specificities and is evolving at its own pace (Annex 1 to the Regulation). However, the development of these spaces is crucial to cross-sectoral actions towards a European data space – that is, a single market for data- which will unlock the EU potential in the data-driven economy. In this light, the Data Act will facilitate the flow of data across data spaces.
According to the Commission, by addressing the legal and technical impediments to data use and re-use, the Data Act could result in €270 billion of additional GDP for EU Member States by 2028. Therefore, this represents a unique opportunity for the EU to define its approach to data, regulating the issue while, at the same time, benefitting from its economic advantages. The European Parliament and the Council will now begin negotiations on the Commission’s proposal and, given its broad scope, it is foreseeable that multiple parliamentary committees will vie in being appointed as the leading committee in charge of the act.