On February 23, 2022, the European Commission published its proposal for the Data Act, which aims to maximize the value of industrial data in the economy by ensuring that a wider range of stakeholders gain control over their industrial data – and that more data is available for innovative use – while preserving incentives to invest in data generation.
The Data Act intends to lead to new, innovative services and more competitive prices for aftermarket services. According to the EU Commission, the Data Act will make more data available for reuse and is expected to create 270 billion euros (US$304 billion) of additional GDP by 2028.
Complementing the Data Governance Act, which aims to create the processes and structures to facilitate data sharing by companies across the EU and between sectors, the Data Act clarifies who can create value from industrial data and under which conditions, and put users and providers on more equal footing in terms of access to data.
The Data Act goes beyond current restrictions regarding the processing of personal data, particularly under the General Data Protection Regulation (GDPR), extending the new regulations to nonpersonal data.
The Data Act aims to impose data-sharing obligations for the manufacturers of connected products and providers of related services. These companies would have to provide users with easy, immediate and free-of-charge access to the industrial data they helped to generate.
The proposal for the Data Act includes:
- Specific measures to allow users to gain access to data their connected products generate, which is often exclusively harvested by manufacturers; and to share such data with third parties to provide aftermarket or other data-driven innovative services. It maintains incentives for manufacturers to continue investing in high-quality data generation, by covering their transfer-related costs and excluding use of shared data in direct competition with their product. However, large online platforms designated as gatekeepers under the Digital Markets Act are not eligible third parties.
- Measures to avoid third parties extorting or manipulating consent to data sharing.
- A fairness test to prevent the imposition of unfair contractual terms to small and medium-sized enterprises, which should not be charged for providing industrial data beyond the actual administrative cost. The Data Act will shield such enterprises from unfair contractual terms imposed by a party with a significantly stronger bargaining position. The EU Commission also will develop model contractual terms to help such companies to draft and negotiate fair data-sharing contracts.
- Means for public institutions to access and use industrial data held by the private sector that is necessary in case of a public emergency, such as terrorist attacks and natural disasters.
Micro and small companies have been excluded from these data-sharing obligations.
The Data Act also includes new rules allowing customers to effectively switch between different cloud service providers. The intention is to remove obstacles to cloud switching, for instance, software and applications that have grown in their use of data and are locked in with expensive fees.
The Data Act intends to tackle these issues by providing for contractual requirements that will need to allow switching to another service within 30 days, with full support and continuity of service during the transition. After three years, the so-called “exit service” would have to be provided for free.
Moreover, the Data Act provides for the development of interoperability standards for industrial data to be reused between sectors, defining and setting out the essential requirements to facilitate interoperability of industrial data, data sharing mechanisms and services, as well as essential requirements for smart contracts. It also regulates open interoperability specifications and European standards for the interoperability of cloud service providers to promote a seamless multivendor cloud environment. So far, the Data Act does not provide for any specific technical norms or standards.
International data transfers safeguards
Adopting a similar regime as the GDPR, the Data Act will extend the obligations for international data transfers under the GDPR and the Schrems II ruling by the Court of Justice of the European Union on cloud service providers.
Cloud services will need to implement appropriate safeguards to prevent international transfers of industrial data or access by a third government that would not be compatible with EU or national legislation.
In the coming weeks, the co-legislators, the Council of the EU and the European Parliament will assess the proposal and kick off the discussions. Because the Data Act is a regulation, it will be immediately applicable in all member states once the European Parliament and the Council of the EU have concluded their negotiations with the EU Commission.
If implemented, consumers and businesses will be able to access their devices’ data and use it for aftermarket and value-added services. Business and industrial players will have more data available and benefit from a competitive data market. Aftermarket services providers will be able to offer more personalized services – and compete on an equal footing with comparable services offered by manufacturers – while industrial data can be combined to develop entirely new digital services as well.