EU Data Act: a harmonized framework for accessing and sharing data

Attention, EU citizens! Are you curious about how your personal data is being protected and utilised in the digital age? Get ready to discover the transformative power of the EU Data Act, a groundbreaking legislation that safeguards your privacy rights and empowers you in the digital realm.

If you’re like most people, the idea of sharing your data with strangers can be a little daunting. But thanks to the EU Data Act, data sharing, interoperability standards, and cloud switching are set to undergo a massive overhaul. With implications for a wide range of industries and sectors, from service providers and gatekeepers to device manufacturers and public authorities, the Data Act is poised to revolutionize the way we think about data ownership and sharing.

On 23 February 2022, the European Commission published the long-awaited Data Act, a proposal for regulation aimed at establishing a harmonised framework for industrial, non-personal data sharing in the European Union. According to the Commission, the new rules are expected to create €270 billion of additional GDP by 2028.

In this blogpost, Publyon’s consultant Brecht Osselaer will guide you through the Commission’s proposal for:

  1. Improved access to private sector data for the public sector (B2G);
  2. Fairness of data access and use in business relationships (B2B);
  3. New rules allowing customers to effectively switch between different cloud data-processing services providers.


Decoding the EU Data Act: what you need to know

The Data Act has the vital goal to put users and providers on equal footing when it comes to accessing data. It serves as a complementary piece of the Data Governance Act which, in turn, aims at strengthening trust and facilitating seamless data sharing across various EU sectors.

In concrete terms, Publyon envisions a world where every entity that contributes to the creation of data can also access data. This means that users will get standard access to the generated data on any of their integrated tools. These could be virtual assistants, connected home appliances and so forth. The data should be easily and freely accessible and shareable with third parties.

Furthermore, the draft sets out provisions to ensure interoperability, cloud switching and safeguards for international data transfers. The previous SWIPO (Switching Cloud Providers and Porting Data) initiative for cloud-switching was deemed insufficient for this purpose as the Commission now opts for binding measures.

Achieving functional equivalence while migrating software to another cloud platform is crucial, as it ensures the compatibility of interfaces and platforms with all the other services. Proper interoperability is essential for fair competition to function in the digital data market.

To realistically strive for interoperability, a set of harmonised standards among cloud services will be necessary. To achieve this, European standardisation organisations will be called upon and may be accompanied by a mandatory implementing act if needed.


Brace for Change: what the EU Data Act means for your business

Because of the targets of the proposed regulation, which range from service providers and gatekeepers to device manufacturers, companies and public authorities, the Data Act will have implications of data sharing, interoperability standards and cloud switching for many industries and sectors of the society.

A piece of horizontal legislation, the Data Act will apply to device manufacturersproviders of digital services and connected products (such as IoT) as well as public authorities in the EU.


To share or not to share

The proposed legislation mandates data sharing requirements to allow data sharing among businesses, public authorities and users. SMEs are exempted from these obligations, but overall, the requirements imply that the European Commission has opted for a one-size-fits-all solution that compels all businesses to adapt.

Certain limits will be put in place to guarantee that third party access to shared data remains safe and harmless to the parties involved. This entails agreed upon measures to protect confidentiality, privacy and trade secrets as well as restrictions on the use of the data by market competitors of the data holder.

Neither data holders nor third parties will be allowed to influence or prevent the user’s data sharing behaviour in any coercive, manipulative or technical way. Only micro and small companies will be excluded from these strict guidelines if they’re independent from other companies.


Who is in, who is out? The gatekeepers of data

In particular, providers with a significant position in the market will be labelled as gatekeepers within the market, in accordance with the Digital Markets Act. Such actors will be subject to more specific restrictions, as third parties are not allowed to share data with these gatekeepers, nor are gatekeepers allowed to request access to these data.


The EU Data Act across borders

Specific attention goes out to the risk of non-EU countries gaining access to data. The EU Data Act goes beyond current restrictions regarding the transfer of personal data outside the EU by extending such restrictions to non-personal data. Only when an international agreement is in place will court orders from third countries be adhered to. This is relevant keeping in mind the ongoing efforts on the EU-U.S. Data Privacy Framework.


Reactions from industry stakeholders

While some organisations welcomed the text and proposed to expand the data access rights to more users, others warned that the regulation lacks horizontal specifications and common methodologies for data sharing.

Another objection is that the obligation to share data might actually end up in a loss of competitiveness for the European industry, leading to lower sales, lower output, lower profits and ultimately a decline in employment.


How is the file progressing?

European Parliament

MEP Pilar del Castillo Vera (EPP, Spain) of the Industry, Research and Energy (ITRE) Committee is the rapporteur responsible for the rapport. Rapporteur del Castillo submitted her draft report in mid-September 2022. Over 1000 amendments were submitted which changed the text significantly. MEPs seemed to be mostly concerned with trade secrets, IP rights, personal data protection, administrative burdens as well as biometrics.

The ITRE Committee officially adopted its report on 9 February 2023, after which a plenary vote successfully adopted Parliament’s position on 14 March.


Council of the EU

The Council of the EU adopted its common position on the proposal on 24 March 2023, and the Swedish Presidency held its first round of trilogue negotiations with the European Parliament on 29 March.

The Council’s position amends various parts of the Commission’s proposal, including on the aspects of scope, protection of trade secrets and intellectual property rights. The amended text also featured amendments on reasonable compensation, data sharing requests and switching between data processing services. Furthermore, the interplay between the Data Act and existing horizontal and sectoral EU legislation was clarified.

Lastly, Council’s standpoint explicitly referred to the common European data spaces, providing a framework for sharing or jointly processing data related to a specific sector like health or transport. These data spaces are part of the European strategy for data, which is aimed at creating a single market for data that will ensure Europe’s global competitiveness and data sovereignty.


What can you expect?

The Data Act holds immense significance for EU citizens by establishing a framework that enhances transparency, consent, and control over personal data. By ensuring that companies are accountable for their data practices, this legislation offers EU citizens the tools to actively manage their online presence, make informed choices, and protect their privacy rights in the ever-evolving digital landscape.

A third round of trilogue negotiations between Parliament, Council and Commission is set for 27 June, after at least two further technical meetings planned on the provisions covering cloud issues.

With the file making much progress in the first round of trilogue negotiations, and rapporteur del Castillo’s intent to reach a deal in June, it looks like the Swedish Presidency will be able to find a compromise one of the most important tech files in recent years before the summer.


Learn more about our EU data-related services

Publyon closely follows legislative developments regarding the Data Act and other data-related policy issues. Thanks to its expertise and wide range of clients in the digital sector, Publyon is expertly placed to assist your company in identifying the impact of and leveraging the opportunities offered by the Data Act.

Would you like to know more about how your organisation can make the most out of this Regulation? Subscribe to Publyon’s newly launched service for EU digital-related policies or get in touch with our Managing Partner Jasper Nagtegaal.