The proposed Data Act, or Data Act, sets out rules for data sharing, conditions of access of public bodies, international data transfer, cloud switching and interoperability, according to the draft text that was consulted. of EURACTIV.
The Data Act is a horizontal law for non -personal data that the European Commission plans to introduce on February 23. The new rules will apply to manufacturers of connected products, digital service providers and users in the EU.
“The amount of data generated by humans and machines has grown exponentially, but most of the data is unusable, or its value is concentrated in the hands of a relatively small number of large companies”can we read in the proposal.
The Commission aims to unlock the potential of data-driven innovation by creating legal obligations to share data when connected devices (Internet of Things) begin to become more widespread.
The Data Act introduced the principle that every user, individual or organization, should have access to the data they have helped generate.
Conversely, connected products and associated services, including virtual assistants, should, by default, make data available to the user in an accessible manner. The user may use this data or share it with third parties free of charge.
When sharing data with third parties, the data holder and the user may agree on measures to maintain data confidentiality and trade secrets. The transmitted data cannot be used to develop products in competition with the data holder.
In particular, users or third parties may not share this data with organizations designated as access controllers (gatekeepers) under the Digital Markets Act (DMA). In turn, the gatekeepers has no right to ask the user to share data with them or receive it.
Data holders will not be able to enforce coercive or technical means to prevent data sharing and may only request information to verify that the request is from a user or authorized party.
To avoid rigged interfaces, third parties cannot “shall not in any way coerce, deceive or manipulate the user, by subverting or altering his autonomy, his decision -making or his choices, including through a digital user interface.»
Micro and small businesses are not included in these obligations, unless they are “depends economically on another business that does not qualify as a micro or small business.»
Unfair contractual obligations
The terms of the contract must be fair, reasonable and non -discriminatory, otherwise they will be considered void. An unfair contract clause “Totally deviate from good business practice in accessing and using data, which is contrary to good faith and fair dealing.»
The bill reverses the burden of proof by stating it “When another company thinks the conditions are discriminatory, it is up to the data holder to prove that there is no discrimination. »
In the case of a dispute, both parties may refer to dispute resolution bodies, certified by the Member States, but only disputes that have not been acted upon by another body or court will be rejected. The parties can always seek help before a national court.
Compensation for the provision of data must be reasonable and non -discriminatory. For SMEs, the compensation should not exceed the true value of the request.
Access to the public sector
Public bodies may access the data on exceptional occasions, including responding to a public emergency or fulfilling legal obligations.
Public emergencies include natural disasters, public health emergencies and terrorist attacks, excluding law enforcement. In urgent cases, the data must be provided free of charge, while the data holder may request compensation equal to the actual costs in other cases.
Data sharing requests must be proportional and not harm the data holder. The public body will not reuse the data obtained but may make it available for scientific research.
Where applicable, the data holder shall “make reasonable efforts to pseudonymize the data.»
Cloud switching and interoperability
The proposal states that SWIPO, a non -binding initiative to facilitate cloud switching, “The market momentum does not seem to have been affected much.»
Therefore, the law introduced obligations for contracts to contain clauses to support the transition, interoperability requirements, and a transition period to ultimately prohibit data processing service providers from charging fees for on the move.
If someone decides to move an operating service, software or application from one cloud service to another, they must consent “functional equivalence”. Vendors must ensure compatibility with open standards or interoperability interfaces for all other services.
The Commission will ask one or more European standardization bodies to formulate coherent standards for the interoperability of cloud services. If this is deemed insufficient, the EU executive can adopt an implementing act that imposes common specifications, open standards or open interfaces.
Cloud service providers must take all reasonable steps to prevent government access or transfer of non-personal data that violates EU or national law.
Court orders from third countries will only be recognized if they are based on an international agreement. If the ordering country meets certain conditions, the minimum amount of data allowed can be shared.
Enforcement is left to the competent authorities designed by the member states, with penalties also set at the national level.