Today, the European Parliament voted yes to formally approve the new Data Act. Following today’s vote, the Data Act is expected to apply in the EU as of autumn 2025 except for Article 3(1), the transition period of which is one year longer. The exact date of application will be confirmed once the Data Act is published in the Official Journal of the European Union.
A political agreement of the Data Act was reached already in June 2023 and a provisional text of the Data Act published in July 2023. The Council has stated that if the Parliament adopts the Data Act in the agreed provisional text form, the Council will approve the Parliament’s position and the Data Act will be adopted as a result. Thus, the Data Act now only needs the formal approval by the Council to become law.
Gradual and retrospective application
The Data Act will be directly applicable as such throughout the EU, although the Member States need, e.g., to designate competent authorities and lay down rules on penalties applicable to infringements of the Data Act.
The Data Act will apply twenty (20) months after its entry into force. However, the obligation under Article 3(1) to design and manufacture connected products in such manner that the data is accessible to the user directly from the product or related service will only apply to products placed on the market after an additional twelve (12) months from the date of application.
Please note that the data holders are still required to make data available to the user under Article 4(1) and to third parties on behalf of the user under Article 5(1) as of the initial date of application. Therefore, it is recommended for data holders to now begin preparing for the Data Act from the technical and commercial as well as from the contractual perspective.
After two (2) years from the date of application, the rules prohibiting unilaterally imposed unfair contractual clauses in business-to-business relations (Chapter IV) will apply also retrospectively to contracts that are of indefinite duration or due to expire at least ten (10) years after the Data Act entered into force.
The review of existing business-to-business contracts for unilaterally imposed unfair clauses is recommended within the coming years.
Data Act in a nutshell
The Data Act is one of the cornerstones of the EU Data Strategy which aims to create a single market for data within the EU and to boost the European data economy by facilitating innovation and new data-driven business models.
The Data Act sets forth rules, inter alia, regarding
- the access to and use of data generated by connected products (such as IoT devices) and related services, including the design, manufacturing and provision of such products and related services;
- the contents of data sharing agreements, including protection from unfair contractual terms that are unilaterally imposed;
- mechanisms for public sector bodies to access private sector data in certain limited cases;
- switching between cloud data processing service providers; and
- unlawful international governmental access and transfer of non-personal data.
The Data Act obliges manufacturers and other data holders of connected products to open user data for free to users and under FRAND terms to third parties in the EU as well as other third parties outside the EU, however, not subject to the FRAND terms. One of the key issues of the Data Act has been the protection of trade secrets and intellectual property rights included within such user data.