The Data Act Approved by the European Parliament

D&I Alert

Today, the European Parliament voted yes to formally approve the new Data Act. Following today’s vote, the Data Act is expected to apply in the EU as of autumn 2025 except for Article 3(1), the transition period of which is one year longer. The exact date of application will be confirmed once the Data Act is published in the Official Journal of the European Union.

A political agreement of the Data Act was reached already in June 2023 and a provisional text of the Data Act published in July 2023. The Council has stated that if the Parliament adopts the Data Act in the agreed provisional text form, the Council will approve the Parliament’s position and the Data Act will be adopted as a result. Thus, the Data Act now only needs the formal approval by the Council to become law.

Gradual and retrospective application

The Data Act will be directly applicable as such throughout the EU, although the Member States need, e.g., to designate competent authorities and lay down rules on penalties applicable to infringements of the Data Act.

The Data Act will apply twenty (20) months after its entry into force. However, the obligation under Article 3(1) to design and manufacture connected products in such manner that the data is accessible to the user directly from the product or related service will only apply to products placed on the market after an additional twelve (12) months from the date of application.

Please note that the data holders are still required to make data available to the user under Article 4(1) and to third parties on behalf of the user under Article 5(1) as of the initial date of application. Therefore, it is recommended for data holders to now begin preparing for the Data Act from the technical and commercial as well as from the contractual perspective.

After two (2) years from the date of application, the rules prohibiting unilaterally imposed unfair contractual clauses in business-to-business relations (Chapter IV) will apply also retrospectively to contracts that are of indefinite duration or due to expire at least ten (10) years after the Data Act entered into force.

The review of existing business-to-business contracts for unilaterally imposed unfair clauses is recommended within the coming years.

Data Act in a nutshell

The Data Act is one of the cornerstones of the EU Data Strategy which aims to create a single market for data within the EU and to boost the European data economy by facilitating innovation and new data-driven business models.

The Data Act sets forth rules, inter alia, regarding

  • the access to and use of data generated by connected products (such as IoT devices) and related services, including the design, manufacturing and provision of such products and related services;
  • the contents of data sharing agreements, including protection from unfair contractual terms that are unilaterally imposed;
  • mechanisms for public sector bodies to access private sector data in certain limited cases;
  • switching between cloud data processing service providers; and
  • unlawful international governmental access and transfer of non-personal data.

The Data Act obliges manufacturers and other data holders of connected products to open user data for free to users and under FRAND terms to third parties in the EU as well as other third parties outside the EU, however, not subject to the FRAND terms. One of the key issues of the Data Act has been the protection of trade secrets and intellectual property rights included within such user data.

More by the same author

EU’s New Financial Data Space Proposal and DORA

On 28 June 2023, the European Commission published a proposal for a regulation on a framework for Financial Data Access (“FIDA”) for the access and use of customer data. As part of the EU Digital Finance Strategy,¬† FIDA is expected to lead to better-quality, user-centric financial services and new data-driven business models in the financial sector. As the financial data space evolves, the emergence of novel interfaces, data sharing methods, and other innovative technologies may also bring forth new risks, particularly in the realm of cybersecurity. We recommend stakeholders in the financial sector to consider their role and potential responsibilities and opportunities in light of the upcoming regulations.

Life Sciences Regulation in Finland: Overview

A Q&A guide to life sciences regulation in Finland. This Q&A provides a high-level overview of key practical issues, including life sciences clinical trials, manufacturing, marketing, abridged procedure, pharmacovigilance, data privacy, packaging and labelling, biological medicines, medical devices, health care IT, combination products, borderlines, and natural health products. Read the Finland chapter we contributed: Life

D&I’s Innovation Powerhouse

2023 has kicked off with a bang! Our Innovation Powerhouse has been busier than ever working with cases and clients that (dare we say without sounding clich√©?) inspire us every single day. Let’s take a look at what we have been up to and what we believe makes us the go-to partner for demanding clients working with innovations.

Latest insights

Vastuullisuus yrityskaupoissa

News / 22 Nov 2023
Reading time 2 minutes

New Act Governing Permitting and Construction of Offshore Wind Power within the Finnish EEZ Under Preparation

Alert / 7 Nov 2023
Reading time 2 minutes