New provisions should help mitigate stakeholder concerns, although creating value from Europe’s data will only follow a lengthy implementation process
Legislation aims to ensure fair access to and use of data: On 27 June 2023, the European Parliament and the Council of the EU came to an agreement on the Data Act, a flagship legislative proposal to regulate how industrial data is accessed and utilised across the bloc. The act – on which consensus was reached days before the end of Sweden’s six-month presidency – outlines harmonised rules that aim to:
Ensure fairness in the allocation of value from data among actors in the digital environment;
Stimulate a competitive data market;
Create opportunities for data-driven innovation, and
Make data more accessible to all.
The legislation includes new provisions to facilitate switching between data processing service providers (i.e. cloud providers) and to safeguard against unlawful data transfers by them. It will support the development of interoperability standards for data to be reused between sectors, while giving consumers and firms a say on what can be done with the data generated by their connected devices.
Political agreement clarifies the act’s relationship with existing rules: According to Erik Slottner (Sweden’s Minister for Public Administration), once the regulation enters into force, it will “unlock the economic and societal potential of data and technologies”, contribute to an internal market for data, and enhance the European single market by allowing data to flow freely within the EU and across industries. The agreement between the region’s lawmakers ensures the Data Act provides additional guidance on the reasonable compensation of businesses making data available, as well as on adequate dispute settlement mechanisms and protections of trade secrets and IP rights. Notably, the text clarifies the interplay between the Data Act and current horizontal and sectoral legislation, such as the Data Governance Act (the other pillar of the EC’s Data Strategy) and the GDPR. Potential misalignment between the Data Act and the GDPR had been a particular concern for many stakeholders, with European data protection bodies advocating the latter prevails in the event of conflict.
The act is not due to come into force for nearly two years: Another issue that saw successful negotiation was allowing public bodies to access and use data held by the private sector under certain circumstances, including emergencies (e.g. floods, wildfires or pandemics). While Thierry Breton (Commissioner for Internal Market, EC) has described the political agreement reached by the European Parliament and the Council as a “milestone in reshaping the digital space”, it is now subject to formal approval by the two co-legislators before becoming law. The Data Act’s measures would then apply around 20 months later. With the act considered one of the most critical of all the EU’s new tech rules, the onus is on policymakers to get it over the line while allaying any outstanding concerns. Maximising the opportunities of and creating value from the act’s implementation will also be vital, with the EC previously estimating a €270bn boost to regional GDP by 2028.