A shot is fired! Dead, injured? Who saw anything?

It was January 2024, a typical January day in Brussels.

The European Union’s?Data Act, set to take effect in September 2025, is poised to revolutionize data access and sharing across the EU.

This comprehensive legislation aims to unlock the potential of underutilized machine-generated data and foster innovation in the data economy.

What are the Key Objectives and Scope of the Data Act:

• Improve data access for individuals and businesses
• Remove legal, economic, and technical barriers to data utilization
• Reorganize the legal framework for data access and use in value chains

The Data Act covers a broad range of digital information, including personal and non-personal data. It applies to connected device users and manufacturers, related service providers, data holders, and cloud providers.

New Rights and Protections — Impacts on SMEs

Small and medium-sized enterprises (SMEs) will be particularly affected by two main aspects of the Data Act:

User Rights to Data Access

• Users (individuals or businesses) gain the right to access data generated by products they own, rent, or lease
• Companies must grant access to this data

Protection from Unfair Contracts

• Prohibits unfair clauses in data access and usage contracts
• Strengthens SMEs’ negotiating position in data-driven value chains

What are the challenges and opportunities for Businesses?

While the Data Act presents new opportunities, it also brings a few challenges like

• Compliance Burden: Companies need to understand and implement new regulations
• Data Logistics: Establishing systems for ongoing, potentially real-time data sharing
• Protecting Trade Secrets: Balancing data access obligations with safeguarding sensitive information

The good news?

Businesses have until September 2025 to prepare for these changes.

What are key provisions and requirements?

Data Access and Sharing

• Connected products and services must be designed for easy, secure, and free data access
• Data holders must make data available to users and authorized third parties
• Limitations on data use and provisions for protecting trade secrets

Cloud Switching

• Cloud providers must facilitate easy switching between services
• Contractual terms must include details on data portability and erasure

International Data Transfers

• New restrictions on transfers of non-personal data to prevent conflicts with EU law
• Providers must implement measures to prevent unauthorized access by foreign governments

And GDPR? Do we have an interaction?

The Data Act complements the General Data Protection Regulation (GDPR) in the following points.

• GDPR prevails for personal data processing
• Data Act applies to both personal and non-personal data
• Different timelines for data access requests
• Anonymization requirements for sharing with public authorities

Are any enforcements and penalties in place?

Yes. Three mainly.

• Member states to appoint regulators (possibly existing data protection authorities)
• Fines up to €20 million or 4% of global turnover, whichever is higher
• Criteria for fines similar to GDPR, considering factors like nature and gravity of infringement

And how, preparing for Compliance?

1. Determine if the Data Act applies to them
2. Identify their role under the regulation
3. Map applicable requirements
4. Implement compliance strategies
5. Design products and services with Data Act compliance in mind
6. Establish processes for handling data access requests

What are the impact on different Stakeholders?

Connected Device Manufacturers

• Must design products for easy data access
• Ensure data quality and availability

Cloud Providers

• Implement cloud-switching capabilities
• Update contracts to include required terms
• Establish transparency measures for switching processes

Data Holders

• Prepare for increased data access requests
• Implement systems for secure and timely data sharing
• Balance data sharing with the protection of trade secrets

SMEs

• Understand new rights and protections
• Prepare for potential increased access to valuable data
• Review and update data-related contracts

Legal and Compliance Teams

• Familiarize with new regulations and their interaction with existing laws
• Develop compliance strategies and internal policies
• Prepare for potential enforcement actions

Data Governance Teams

• Review and update data management practices
• Implement systems for tracking and fulfilling data access requests
• Ensure proper data classification (personal vs. non-personal)

Now, looking ahead: A New Era of Data Sharing?

Yes.

The EU Data Act marks a significant shift in the European data landscape. It promises to unlock the potential of underutilized data, fostering innovation and competition.

However, it also presents challenges for businesses in terms of compliance and data management.

What are the key takeaways?

• Increased data access rights for users and third parties
• New obligations for data holders and cloud providers
• Interaction with existing data protection laws
• Significant penalties for non-compliance

As the 2025 enforcement date approaches, organizations must act now to prepare. This includes reviewing current data practices, updating systems and contracts, and developing robust compliance strategies.

The Data Act represents both an opportunity and a challenge. By embracing its principles and preparing thoroughly, businesses can position themselves to thrive in the new data-driven economy while ensuring compliance with this landmark legislation.

#EUDataAct #DataGovernance #DigitalInnovation #BusinessCompliance #DeedsCountMore

Written by Thomas Schubert |?www.solexa.ch