The European Commission will present its proposal for a Data Act on Wednesday 23 February. This text, a draft of which was obtained by EUROPE, will serve in particular to define certain rules on data transfers, the cloud, and data access conditions.
In concrete terms, the text seeks to make users responsible, while giving them the possibility of exercising control over their data. For example, the Commission’s proposal requires manufacturers and designers of products and services to make data easily accessible to users. This ‘easy’ access should be set as the default.
This, the Commission says, will not affect the possibility for manufacturers to access and use data from related products or services in agreement with users.
Entities holding data would be obliged to make it available to third parties at the user’s request. The transfer of data from the holder to a third party service - such as an after-sales service, the Commission says - should be subject to the user’s authorisation. However, not all would be affected, as small and micro enterprises would be exempt from these obligations, except in cases where they are “economically” linked to an enterprise that is not considered small or micro.
Compensation would be provided in cases where the data holder is forced to make the data available to another company, as provided for in the text. For SMEs, the compensation set could not exceed the costs incurred by the provision. National bodies would be responsible for resolving contentious situations.
In addition, third party users and services would not be allowed to share data with services qualified as ‘gatekeepers’, as defined by the Digital Markets Act (DMA) (see EUROPE 12885/7). These gatekeepers would, in turn, not be allowed to canvass for data.
Interoperability of services
In addition, the Commission’s proposal also sets out a list of unfair - or presumed unfair - clauses to protect weaker parties when negotiating contracts between two companies for data sharing. These provisions should, among other things, ensure that the importance of one company cannot have a major impact on a contract negotiation between a major player and a smaller company.
In addition, the Commission’s proposal also revisits the need for public services and bodies to access data held by companies. This would only be allowed in cases where there is an “exceptional need” for data, such as a “public emergency”, like a pandemic or disaster. The data would then be made available free of charge. In addition, for any other need deemed “exceptional”, but legitimately requiring access to data by public bodies, compensation including the costs of making the data available and a “reasonable” margin would be provided.
The text also includes new requirements for the interoperability of cloud services. These requirements state, for example, that customers of these services should “retain the functional equivalence of the service after switching to another provider”. However, the Commission has included a “technical unfeasibility” clause to deal with situations where switching from one service to another would not be possible. In this case, the text reverses the burden of proof and it would then be up to the supplier to prove that the approach is not feasible.
See the document: https://aeur.eu/f/g8 (Original version in French by Thomas Mangin and Pascal Hansens)