Data Act: EU Council and Parliament strike deal on fair data access and use

27 June 2023

With a view to making the EU a leader in our data-driven society, the Council presidency and European parliament representatives reached a provisional agreement on a new regulation on harmonised rules on fair access to and use of data (data act).

Today’s agreement will accelerate our Union’s digital transformation. Once the data act enters into force, it will unlock the economic and societal potential of data and technologies and contribute to an internal market for data. It will enhance the single market, allowing data to flow freely within the EU and across sectors for the benefit of our citizens and businesses.

Erik Slottner, Swedish minister for public administration

The regulation proposes new rules on who can access and use data generated in the EU across all economic sectors. It aims to:

ensure fairness in the allocation of value from data among actors in the digital environment
stimulate a competitive data market
open opportunities for data-driven innovation, and
make data more accessible to all

The new legislation also aims to ease the switching of providers of data processing services, puts in place safeguards against unlawful data transfer by cloud service providers and provides for the development of interoperability standards for data to be reused between sectors.

The data act will give both individuals and businesses more control over their data through a reinforced portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices. The new legislation will empower consumers and companies by giving them a say on what can be done with the data generated by their connected products.

Main elements of the agreement

Scope of legislation

The political agreement clarifies the scope of the regulation allowing users of connected devices, ranging from smart home appliances to smart industrial machinery, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.

Regarding Internet of Things (IoT) data, in particular, the focus was moved to the functionalities of the data collected by connected products instead of the products themselves.

Data sharing, compensation, and dispute settlement

The text contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position.

Moreover, the text provides additional guidance regarding the reasonable compensation of businesses for making the data available, as well as adequate dispute settlement mechanisms.

Trade secrets

The agreement also ensures an adequte level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour of data holders.

Public sector bodies

The text provides the means for public sector bodies, the Commission, the European Central Bank and Union bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.

Benefits for customers

The new rules will also allow customers to effectively switch between different data-processing service providers (cloud providers) and put in place additional safeguards against unlawful data transfers.

Interplay with existing legislation

Finally, the new text clarifies the interplay between the data act and existing horizontal and sectoral legislation, such as the data governance act and the general data protection regulation (GDPR).

Next steps

Today’s provisional agreement must now be endorsed by the Council and the European Parliament. It will then be adopted by both institutions following legal-linguistic revision. From the Council’s side, the upcoming Spanish presidency intends to submit the text to member states’ representatives (Coreper) for endorsement as soon as possible.

Background

Following the data governance act adopted by the co-legislators in 2022, the data act regulation is the second main legislative initiative resulting from the Commission’s February 2020 European strategy for data, which aims to make the EU a leader in our data-driven society.

While the data governance act creates the processes and structures to facilitate data sharing by companies, individuals and the public sector, the data act clarifies who can create value from data and under which conditions. This is a key digital principle that will contribute to creating a solid and fair data-driven economy and guide the EU’s digital transformation by 2030. It will lead to new, innovative services and more competitive prices for aftermarket services and repairs of connected objects (‘Internet of Things’ / IoT).

In its conclusions of 25 March 2021, the European Council underlined the importance of digital transformation for EU’s growth, prosperity, security, and competitiveness, as well as for the well-being of our societies. In light of these ambitions and challenges, the Commission proposed on 23 February 2022 measures for a fair and innovative data economy (data act), as a follow-up to its communication of February 2020 on the European strategy for data.

Cookie	Duration	Description
__stripe_mid		This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid		This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
_abck		This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
_wpfuuid		This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
ASP.NET_SessionId		Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.
AWSALBCORS		This cookie is managed by Amazon Web Services and is used for load balancing.
bm_sz		This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cookielawinfo-checbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor		This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID		Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga		The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_4L7PKQPHHV		This cookie is installed by Google Analytics.
_ga_T50H0MNN9J		This cookie is installed by Google Analytics.
_gat_gtag_UA_12289088_5		Set by Google to distinguish users.
_gcl_au		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid		Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_mcid		No description available.
_swa_u		This cookie is set by the provider Sitewit.com. This cookie is used for statistical report and analysis.
ak_bmsc		No description available.
AWSALB		AWSALB is a cookie generated by the Application load balancer in the Amazon Web Services. It works slightly different from AWSELB.
ec_store_chameleon_font		No description available.
FCCDCF		No description available.
issuem_lp		No description available.
lp_us_his		No description
m		No description available.