Data Act

Status: Published in OJ
Type: Regulation

On 23 February 2022, the European Commission published its proposal for a Data Act. After the Data Governance Act, the proposal is the second legislative element of the European Data Strategy presented in 2020. The proposed act aims to “ensure fairness in the allocation of value from data among actors in the data economy and to foster access to and use of data.”

The proposal marks a significant step in the EU’s data strategy. It contains provisions on access to data generated by connected devices, rules for business-to-government data sharing in the public interest, and interoperability provisions for shared data spaces. As such, it proposes a framework that will help build the European data commons and improve the use of data for the public good.

Our observatory tracks the further legislative development of the proposal as it moves through the European Parliament and the Council.

Timeline

Data Act is published in the Official Journal
The Data Act is published in the Official Journal of the European Union. It will enter into force on 11 January 2024 and the provisions will apply starting on 12 September 2025.
European Parliament approves final Data Act text
The Parliament approved the final text of the Data Act that was agreed upon during the trilogue negotiations.
Trilogue agreement on the Data Act
The final version of the Data Act has been agreed by the European Commission, the European Parliament and the Council.
Council negotiation mandate
The Council of the European Union, under the Swedish presidency, agreed on a negotiating mandate for the upcoming trilogue meetings on the Data Act.
ITRE committee adopts Data Act report
The ITRE report was adopted with a majority of 59 votes in favor, 11 abstentions, and none against.
LIBE Opinion adopted
The Committee on Civil Liberties, Justice and Home Affairs – represented by rapporteur Sergey Lagodinsky (Greens–EFA) – adopted its opinion on the Data Act.
Thirty cross-industry organizations have issued a joint statement calling the Data Act “a leap into the unknown.” In the statement published on the DigitalEurope website, they call for the Data Act to address concerns about trade secrets and privacy, differentiate between B2B and B2C rules, and limit B2G data requests to public emergencies, among other things. They also call for a 36-month transition period, which would be a further extension of the 24 months called for by the IMCO Committee in its recent opinion, which is already twice as long as the 12 months proposed by the European Commission.
JURI Opinion adopted
The Committee on Internal Market and Consumer Protection – represented by rapporteur Ibán García Del Blanco (S&D), adopted its opinion on the Data Act.
IMCO Opinion adopted
The Committee on Internal Market and Consumer Protection – represented by rapporteur Adam Bielan (ECR), adopted its opinion on the Data Act.
The Committee on Industry Research and Energy (ITRE) hosted a public hearing on the Commission's Data Act proposal to fuel the committee's work on the file. External participants included Tanja Rueckert (Robert Bosch GmbH), Sylvia Gotzen (AFCAR), David Martin (BEUC), Kristo Lehtonen (Finnish Innovation Fund Sitra), and Pau Balcells (Barcelona City Council).
The Centre for IP & IT law of KU Leuven published a white paper on the Data Act proposal. It offers a detailed academic analysis of each chapter of the Commission proposal. The white paper calls on policymakers to streamline legal differences and coherence across policy files, strengthen portability provisions in business-to-consumer and business-to-business data-sharing iterations, increase legal certainty in business-to-government data-sharing provisions, and put into place effective enforcement mechanism across Member States’ national competent authorities.
LIBE publishes draft opinion
The Committee on Civil Liberties, Justice and Home Affairs published its draft opinion, containing amendments collected by the rapporteur for opinion Sergey Lagodinsky (Greens/EFA). In total, the draft opinion contains 101 amendments.
The European Consumer Organization (BEUC) published its position paper on the Commission’s proposal for the Data Act. The paper focuses on Chapters II and III of the proposal with an eye on strengthening users’ positions in regard to machine-generated data against data holders. Among many recommendations, BEUC’s position paper provides guidance on obtaining greater coherence between the Data Act proposal and other EU laws, strengthening user protection in regards to access and use of machine-generated data, providing greater users’ control of data generated through the use of IoT products and related services, reducing gatekeepers’ monopolistic positions in the European data economy, and ensuring soundness in enforcement mechanisms.
JURI publishes draft opinion
The Committee on Legal Affairs published its draft opinion, containing amendments collected by the rapporteur for opinion Ibán García Del Blanco (S&D). In total, the draft opinion contains 114 amendments.
IMCO publishes Draft Opinion
The Committee on the Internal Market and Consumer Protection published its draft opinion, containing amendments collected by the rapporteur for opinion Adam Bielan (ECR). In total, the draft opinion contains 86 amendments.
ITRE Publishes Draft Report
The Committee on Industry, Research and Energy published its draft report, containing amendments collected by Rapporteur Pilar del Castillo Vera (EPP). In total, the draft report contains 94 amendments.
The Czech presidency of the Council of the European Union published a compromise proposal for Chapter V of the Data Act. The compromise constituted the basis of the technical discussion taking place during the Telecom Working party meeting on 5 September. The text contains a new definition of public emergencies, including both natural and human-induced disasters, such as cybersecurity incidents; and further elaborates on the notion of public interest, which is now linked to situations where access to data, including metadata, is necessary for purposes related to local transport, city planning, and infrastructural services. The compromise also strengthens the principles of proportionality, transparency and purpose limitation in B2G contexts, with a restriction specifying that the European Commission and European agencies can have access to data shared in B2G contexts.
The Body of European Regulators for Electronic Communications published a high-level opinion focusing on discussing the Commission proposal from the perspective of setting the underlying conditions for an enforcement ecosystem based on cross-border cooperation among Member States' authorities.
The Czech presidency of the Council of the European Union published a compromise proposal for the Data Act. The compromise constituted the basis of the technical discussion taking place during the Telecom Working party meeting on 19 July and focuses on the first four chapters of the proposal. Notably, the definition of a product has been modified to any item able to collect or generate data and communicate it, including metadata, while the definition of users has been expanded to include public sector bodies. Finally, the overall text has been greater aligned with GDPR terminology for personal data protection.
The Scientific Foresight Unit of the European Parliamentary Research Services published a study on "Governing data and artificial intelligence for all. Models for sustainable and just data governance". The study calls on policymakers to make sure that the ambitions laid out in the European strategy for data find their application in the AI Act, Data Act, and Data Governance Act via the recognition and preservation of data as a public good.
Public consultation on the Data Act proposal closes
We submit our feedback to the European Commission’s public consultation on the Data Act proposal, in which we generally welcome the proposal’s efforts to broaden access rights to machine-generated data while providing conditions for greater sharing and reuse of data. Our feedback identifies five points for the proposal to improve and deliver the objectives set in the European strategy for data: rules for business-to-government data sharing; review of the sui generis database rights; access right to machine-generated data; rules on interoperability; terminology and regulatory consistency.
The JURI Committee of the European Parliament published a study on Intellectual property rights and the use of open data and data sharing initiatives by public and private actors. The study outlines current developments in data-related practice, law and policy as well as the current legal framework for data access, sharing and use in the EU. On the basis of this analysis, the study evaluates the Commission’s proposal for a Data Act by identifying venues for improvement to address current barriers to data sharing in the single market. In particular, it proposes amendments to avoid contradicting enforcement competencies across Member States’ national authorities.
The European data protection board and the European data protection supervisor published their opinion on the Data Act. The opinion focuses on discussing the proposal from a perspective that acknowledges the risks posed by new harmonized rules on fair access to and use of data on data protection law. In particular, the opinion identifies three areas where significant improvement is needed: the rights to access, use and share data; the obligation to make data available in case of "exceptional need"; and the overall implementation and enforcement structure.
The Dataprotection landscape is a collaborative project which aims to keep track of data protection requirements stemming from EU activity in the field. It started after the publication of the GDPR in 2016 with the goal of providing more clarity on potential interpretations arising from data processing obligations. It is a full use of resources to understand the intersectionality of EU legislative initiatives in the field. The Data Act provisions have now been added to the repository. In total, following the Commission proposal, the authors identify 157 separate data processing provisions. As such, the Data Act repository functions as an important resource to allow anyone to link to a specific element of the Commission proposal.
Public consultation on the Data Act proposal opens
The European Commission opened a public consultation on the Data Act proposal.
The Center of European Policy Studies produced a policy brief “The EU Data Act: towards a new European data revolution?” on the regulatory intention behind the Commission proposal. The authors highlight that a variety of the Member States and other stakeholders are not necessarily aligned with the Commission’s regulatory intentions and that the final proposal is likely to be subject to fierce inter-institutional negotiations. They caution that, ultimately, this might significantly reduce the scope of the Data Act, therefore not leading towards a new European data revolution. In addition, they stress the importance of achieving effective enforcement across Member States agencies, given the high number of EU initiatives in the field which might lead to overlapping competencies.
MyData – one of the key players in the field of personal data governance – published a first reaction to the Data Act. In their reaction, titled "EU Data Act — making data portability actionable," they highlight the new data access provisions' effects on consumers and businesses, which they characterize as GDPR on steroids. In this light, according to their submission, it is important to ensure that interoperability requirements are accompanied by well-defined APIs to make the right-to-data interoperability actionable. In addition, it is important to increase legal certainty on the relationship between the Data Act and the Data Governance Act.
Data Act proposal published
The European Commission published the proposal for a Regulation on harmonised rules on fair access to and use of data (Data Act). Together with the proposal, it also publishes the Impact Assessment report and a number of support studies.
Digital Europe – the leading Digital European industry association – shared its position on the Data Act proposal. It argues that the Data Act will unleash value in the data economy if it acts as an enabler rather than a set of restraining obligations. In particular, Digital Europe expressed significant concerns that the new rules would undermine companies’ contractual freedom by replacing voluntary and commercially viable data sharing agreements. In addition, the current proposal would severely restrict international data transfers beyond the provisions set in the GDPR, therefore leading to significant economic losses for European digital businesses.
The European Commission’s Regulatory Scrutiny Board issued a positive opinion with reservations on the impact assessment for the Data Act. The board found that the internal Commission report was substantially improved on both the problem definition and the costs and benefits analysis. However, it still found it short in articulating its relationship with other legislative initiatives in the field, the scope of data access provisions for connected products and services, and on the conditions for business-to-government data sharing obligations in exceptional situations and public emergencies.
Summary report of the public consultation
The Commission published the summary report on the public consultation on the Data Act & amended rules on the legal protection of databases.
The European Commission’s Regulatory Scrutiny Board issued a negative opinion on the impact assessment of the Data Act. According to the internal review process, the Commission’s report falls short, first, in providing sufficient clarity on the purpose and scope of the initiative and its relation with other initiatives in the field. Second, it lacks clarity on policy options' precise design and content, particularly regarding fairness and public interest. Finally, the internal report does not sufficiently highlight the envisaged costs and benefits of the new measures and the difference in view between various categories of stakeholders.
The Government of the Netherlands publishes a non-paper on the upcoming Data Act. The Dutch non-paper is the only document shared by a Member State before the publication of the Commission proposal, a strong signal that not all Member States are necessarily aligned with the Commission’s regulatory ambitions. The document expresses significant concerns about binding data transfer obligations for business-to-business situations and business-to-government situations. Instead, it calls for the development of effective market incentives. In addition, the non-paper calls for the Commission to preserve an open economy by expanding on the existing right to data portability provisions, secure cooperation with international partners in cross-border data transfer situations and provide incentives for society-wide reuse of data by private and public stakeholders while respecting end-users and companies’ rights.
Public Consultation on the Data Act closes
We submitted our feedback to the Commission’s public consultation on the Data Act & amended rules on the legal protection of databases by filling the published survey. Our response includes an additional document to our input to signal the importance of including strong public interest justifications for B2G data sharing, avoiding new exclusive rights in data such as in the forms of data producers’ rights, and withdrawing the sui generis database right for future cases.
Roadmap consultation on the Data Act closes
The European Commission’s roadmap consultation on the Data Act & amended rules on the legal protection of databases closed.
We submitted our feedback to the European Commission’s roadmap consultation on the Data Act & amended rules on the legal protection of databases. In our feedback, we discussed the proposal from a perspective acknowledging public interest data use and the fundamental role that Open Data and Open Access Commons data sharing plays in the overall data ecosystems. It is important to complement the market-based approach to data sharing with a perspective that acknowledges a societal perspective of data governance rooted in public interest data use and individual end-users rights. To improve the measure, business-to-government data sharing should be limited to public interest uses, the Sui Generis Database right introduced by the 1996 Database Directive should be repealed and to improve B2B data sharing, strong interoperability measures should be considered.
Public consultation on the Data Act opens
The European Commission’s public consultation on the Data Act & amended rules on the legal protection of databases opened. The Commission published a survey to gather feedback from participants.
Roadmap consultation on the Data Act opens
The European Commission opened the roadmap consultation on the Data Act & amended rules on the legal protection of databases. The Commission published an Inception impact assessment document.

keep up to date
and subscribe
to our newsletter
Subscribe