On 23 February 2022, the European Commission published its proposal for a Data Act. After the Data Governance Act, the proposal is the second legislative element of the European Data Strategy presented in 2020. The proposed act aims to “ensure fairness in the allocation of value from data among actors in the data economy and to foster access to and use of data.”
The proposal marks a significant step in the EU’s data strategy. It contains provisions on access to data generated by connected devices, rules for business-to-government data sharing in the public interest, and interoperability provisions for shared data spaces. As such, it proposes a framework that will help build the European data commons and improve the use of data for the public good.
Our observatory tracks the further legislative development of the proposal as it moves through the European Parliament and the Council.
The EP's ITRE Committee has adopted its report on the Data Act. The report shows a backlash against B2G data sharing, combining concerns about personal data protection and the impact on business, competition and innovation, preventing our proposal for a more robust B2G data sharing framework and a public data commons from gaining traction across the political spectrum.
Thirty cross-industry organizations have issued a joint statement calling the Data Act “a leap into the unknown.”
In the statement published on the DigitalEurope website, they call for the Data Act to address concerns about trade secrets and privacy, differentiate between B2B and B2C rules, and limit B2G data requests to public emergencies, among other things. They also call for a 36-month transition period, which would be a further extension of the 24 months called for by the IMCO Committee in its recent opinion, which is already twice as long as the 12 months proposed by the European Commission.
The Committee on Industry Research and Energy (ITRE) hosted a public hearing on the Commission's Data Act proposal to fuel the committee's work on the file. External participants included Tanja Rueckert (Robert Bosch GmbH), Sylvia Gotzen (AFCAR), David Martin (BEUC), Kristo Lehtonen (Finnish Innovation Fund Sitra), and Pau Balcells (Barcelona City Council).
The Centre for IP & IT law of KU Leuven published a white paper on the Data Act proposal. It offers a detailed academic analysis of each chapter of the Commission proposal. The white paper calls on policymakers to streamline legal differences and coherence across policy files, strengthen portability provisions in business-to-consumer and business-to-business data-sharing iterations, increase legal certainty in business-to-government data-sharing provisions, and put into place effective enforcement mechanism across Member States’ national competent authorities.
The EU B2G data sharing framework needs to be complemented by a strong and democratically accountable European Public Data Commons to allow public sector bodies to fill their mandates in a data-driven world.
The Committee on Civil Liberties, Justice and Home Affairs published its draft opinion, containing amendments collected by the rapporteur for opinion Sergey Lagodinsky (Greens/EFA). In total, the draft opinion contains 101 amendments.
The Center for European Policy Studies (CEPS) published a policy brief underpinning how a robust framework for B2G data sharing is a precondition for ensuring that public institutions and policymakers can fulfill their mandates.
The European Consumer Organization (BEUC) published its position paper on the Commission’s proposal for the Data Act. The paper focuses on Chapters II and III of the proposal with an eye on strengthening users’ positions in regard to machine-generated data against data holders. Among many recommendations, BEUC’s position paper provides guidance on obtaining greater coherence between the Data Act proposal and other EU laws, strengthening user protection in regards to access and use of machine-generated data, providing greater users’ control of data generated through the use of IoT products and related services, reducing gatekeepers’ monopolistic positions in the European data economy, and ensuring soundness in enforcement mechanisms.
The Committee on Legal Affairs published its draft opinion, containing amendments collected by the rapporteur for opinion Ibán García Del Blanco (S&D). In total, the draft opinion contains 114 amendments.
The Committee on the Internal Market and Consumer Protection published its draft opinion, containing amendments collected by the rapporteur for opinion Adam Bielan (ECR). In total, the draft opinion contains 86 amendments.
The Committee on Industry, Research and Energy published its draft report, containing amendments collected by Rapporteur Pilar del Castillo Vera (EPP). In total, the draft report contains 94 amendments.
The Czech presidency of the Council of the European Union published a compromise proposal for Chapter V of the Data Act. The compromise constituted the basis of the technical discussion taking place during the Telecom Working party meeting on 5 September. The text contains a new definition of public emergencies, including both natural and human-induced disasters, such as cybersecurity incidents; and further elaborates on the notion of public interest, which is now linked to situations where access to data, including metadata, is necessary for purposes related to local transport, city planning, and infrastructural services. The compromise also strengthens the principles of proportionality, transparency and purpose limitation in B2G contexts, with a restriction specifying that the European Commission and European agencies can have access to data shared in B2G contexts.
The Body of European Regulators for Electronic Communications published a high-level opinion focusing on discussing the Commission proposal from the perspective of setting the underlying conditions for an enforcement ecosystem based on cross-border cooperation among Member States' authorities.
The Czech presidency of the Council of the European Union published a compromise proposal for the Data Act. The compromise constituted the basis of the technical discussion taking place during the Telecom Working party meeting on 19 July and focuses on the first four chapters of the proposal. Notably, the definition of a product has been modified to any item able to collect or generate data and communicate it, including metadata, while the definition of users has been expanded to include public sector bodies. Finally, the overall text has been greater aligned with GDPR terminology for personal data protection.
On 21 June, we organized a panel discussion titled “Data Act: in-between policy and practice”, at the 2022 MyData Summit in Helsinki. The session provided a forum for an exchange of perspectives on the Data Act from public, private and civil society representatives.
This policy brief presents a model for public-interest B2G data sharing, aimed to complement the current proposal of the Data Act. The proposal includes the creation of the European Public Data Commons, a body that acts as a recipient and clearinghouse for the data made available.
We submit our feedback to the European Commission’s public consultation on the Data Act proposal, in which we generally welcome the proposal’s efforts to broaden access rights to machine-generated data while providing conditions for greater sharing and reuse of data. Our feedback identifies five points for the proposal to improve and deliver the objectives set in the European strategy for data: rules for business-to-government data sharing; review of the sui generis database rights; access right to machine-generated data; rules on interoperability; terminology and regulatory consistency.
The JURI Committee of the European Parliament published a study on Intellectual property rights and the use of open data and data sharing initiatives by public and private actors. The study outlines current developments in data-related practice, law and policy as well as the current legal framework for data access, sharing and use in the EU. On the basis of this analysis, the study evaluates the Commission’s proposal for a Data Act by identifying venues for improvement to address current barriers to data sharing in the single market. In particular, it proposes amendments to avoid contradicting enforcement competencies across Member States’ national authorities.
The European data protection board and the European data protection supervisor published their opinion on the Data Act. The opinion focuses on discussing the proposal from a perspective that acknowledges the risks posed by new harmonized rules on fair access to and use of data on data protection law. In particular, the opinion identifies three areas where significant improvement is needed: the rights to access, use and share data; the obligation to make data available in case of "exceptional need"; and the overall implementation and enforcement structure.
Alek finds that the impact of the proposed Data Act was assessed based solely on economic cost-benefit analysis. Important provisions on Business-to-Government (B2G) data sharing were evaluated without any methods for assessing societal value.
This note assesses the interconnectedness of the GDPR respectively with the Data Governance Act and Data Act, shedding light on the different inconsistencies between the two acts and the GDPR that risk hindering the overarching objective of the European strategy for data.
The Dataprotection landscape is a collaborative project which aims to keep track of data protection requirements stemming from EU activity in the field. It started after the publication of the GDPR in 2016 with the goal of providing more clarity on potential interpretations arising from data processing obligations. It is a full use of resources to understand the intersectionality of EU legislative initiatives in the field. The Data Act provisions have now been added to the repository. In total, following the Commission proposal, the authors identify 157 separate data processing provisions. As such, the Data Act repository functions as an important resource to allow anyone to link to a specific element of the Commission proposal.
The Center of European Policy Studies produced a policy brief “The EU Data Act: towards a new European data revolution?” on the regulatory intention behind the Commission proposal. The authors highlight that a variety of the Member States and other stakeholders are not necessarily aligned with the Commission’s regulatory intentions and that the final proposal is likely to be subject to fierce inter-institutional negotiations. They caution that, ultimately, this might significantly reduce the scope of the Data Act, therefore not leading towards a new European data revolution. In addition, they stress the importance of achieving effective enforcement across Member States agencies, given the high number of EU initiatives in the field which might lead to overlapping competencies.
MyData – one of the key players in the field of personal data governance – published a first reaction to the Data Act. In their reaction, titled "EU Data Act — making data portability actionable," they highlight the new data access provisions' effects on consumers and businesses, which they characterize as GDPR on steroids. In this light, according to their submission, it is important to ensure that interoperability requirements are accompanied by well-defined APIs to make the right-to-data interoperability actionable. In addition, it is important to increase legal certainty on the relationship between the Data Act and the Data Governance Act.
Open Future reviewed the proposal for a Data Act released by the European Commission on 23 February and published three briefs on the issues of Interoperability, Access to Data and B2G Data Sharing in the public interest.
Digital Europe – the leading Digital European industry association – shared its position on the Data Act proposal. It argues that the Data Act will unleash value in the data economy if it acts as an enabler rather than a set of restraining obligations.
In particular, Digital Europe expressed significant concerns that the new rules would undermine companies’ contractual freedom by replacing voluntary and commercially viable data sharing agreements. In addition, the current proposal would severely restrict international data transfers beyond the provisions set in the GDPR, therefore leading to significant economic losses for European digital businesses.
The value and use stemming from data sharing are conceptualized around a market logic, despite the collective societal benefits derived from society-wide access. The Data Act offers an opportunity to change this by attributing a public interest function to data sharing between the private and public sector.
The European Commission’s Regulatory Scrutiny Board issued a positive opinion with reservations on the impact assessment for the Data Act. The board found that the internal Commission report was substantially improved on both the problem definition and the costs and benefits analysis.
However, it still found it short in articulating its relationship with other legislative initiatives in the field, the scope of data access provisions for connected products and services, and on the conditions for business-to-government data sharing obligations in exceptional situations and public emergencies.
In this policy brief we review the EU policy debate on access and use of data in view of the upcoming Data Act. We provide arguments against the introduction of new property rights–including the sui generis database right–in favor of strengthening data access rights.
At MyData in the Netherlands, we co-hosted with Waag the workshop: "A closer look at data governance and the European data strategy: the Data Governance Act & the Data Act", during which we analyzed the EC's Inception Impact Assessment Document.
The European Commission’s Regulatory Scrutiny Board issued a negative opinion on the impact assessment of the Data Act. According to the internal review process, the Commission’s report falls short, first, in providing sufficient clarity on the purpose and scope of the initiative and its relation with other initiatives in the field. Second, it lacks clarity on policy options' precise design and content, particularly regarding fairness and public interest. Finally, the internal report does not sufficiently highlight the envisaged costs and benefits of the new measures and the difference in view between various categories of stakeholders.
The Government of the Netherlands publishes a non-paper on the upcoming Data Act. The Dutch non-paper is the only document shared by a Member State before the publication of the Commission proposal, a strong signal that not all Member States are necessarily aligned with the Commission’s regulatory ambitions.
The document expresses significant concerns about binding data transfer obligations for business-to-business situations and business-to-government situations. Instead, it calls for the development of effective market incentives.
In addition, the non-paper calls for the Commission to preserve an open economy by expanding on the existing right to data portability provisions, secure cooperation with international partners in cross-border data transfer situations and provide incentives for society-wide reuse of data by private and public stakeholders while respecting end-users and companies’ rights.
We submitted our feedback to the European Commission’s roadmap consultation on the Data Act & amended rules on the legal protection of databases. In our feedback, we discussed the proposal from a perspective acknowledging public interest data use and the fundamental role that Open Data and Open Access Commons data sharing plays in the overall data ecosystems. It is important to complement the market-based approach to data sharing with a perspective that acknowledges a societal perspective of data governance rooted in public interest data use and individual end-users rights.
To improve the measure, business-to-government data sharing should be limited to public interest uses, the Sui Generis Database right introduced by the 1996 Database Directive should be repealed and to improve B2B data sharing, strong interoperability measures should be considered.