K
Kathleen Martin
Guest
On February 23, 2022, the European Commission ("Commission") published a proposal for a Data Act which aims at enhancing data access and use within the European Union ("EU").
The Data Act will be applicable to both personal and non-personal data, and will be relevant for all companies generating, holding, or transferring data in the EU, in particular in the Internet of Things ("IoT") context or for Artificial Intelligence applications.
In a nutshell, the proposed Data Act seeks to:
The Data Act will be applicable to both personal and non-personal data, and will be relevant for all companies generating, holding, or transferring data in the EU, in particular in the Internet of Things ("IoT") context or for Artificial Intelligence applications.
In a nutshell, the proposed Data Act seeks to:
- Facilitate access to and use of data by businesses and consumers, while preserving incentives to invest: Business and consumers must have access to data generated by the product/services they own, rent, or lease (e.g., when using virtual assistants or IoT connected devices). Such access should be integrated by default in products/services, and the data must be provided directly or upon request, free of charge and in a timely manner (where applicable continuously and in real-time). There is also an obligation for data holders to port data to a third party authorized by the users, but for digital gatekeepers under the Digital Market Act. The Data Act also set up the access conditions and compensation principles in case of data porting obligations (under the Data Act or pursuant to specific sectorial data access regulations).
- Prevent unfair contract terms for data sharing imposed on SMEs, such as inappropriate liability restrictions, remedies limitations, unilateral contract interpretation and termination, restrictions to the data usages, etc.
- Ensure easy switching between cloud, edge, and other data processing services, through mandatory contractual terms (e.g., ensuring a transition period of maximum 30 days), the gradual withdrawal of switching charges, and technical equivalence.
- Provide for safeguards against unlawful data transfer/access by non-EEA governments, requiring justifications for transfers such as the existence of mutual legal assistance treaty, appropriate review by courts, and user notification.
- Review the Database Directive to exclude machine-generated data from its protection.