On Thursday 8 June, the Presidency of the Council of the European Union submitted a document to the Member States in preparation for the next round of inter-institutional negotiations (trilogue), which will take place on 27 June, on the ‘Data Act’ (see EUROPE 13174/38). The document reveals that the Council of the EU and the European Parliament are close to an agreement on several important points, including the issue of trade secrets.
While the section on trade secrets was one of the most debated points, the document from the Swedish Presidency of the Council of the EU - a copy of which EUROPE has obtained - states that there is “agreement on the main elements” thanks to a “fusion of the positions of the two institutions”.
The agreement to which the Council of the EU and the European Parliament could subscribe provides for the introduction of the concept of ‘trade secret holder’, in addition to that of ‘data holder’, to cover the eventuality that the entity that holds the trade secret is not the one that controls the data. On this point, the Swedish Presidency of the Council of the EU has asked Member States to “show flexibility”.
The entity holding the trade secret should identify the data covered by the trade secret and ask the recipient of the data to take proportionate measures to guarantee confidentiality and avoid harm. In the absence of appropriate measures, the data holder may decide to stop sharing the data.
Data sharing may also be suspended if security measures are not properly implemented. The competent authority should be informed of this decision. If the recipients of the data do not agree with this decision, they can then turn to the same authority. The matter could then be referred to a dispute resolution body.
Similarly, the Swedish Presidency of the Council of the EU is asking Member States to show flexibility on the possibility of “limiting the data holder’s right to withhold data sharing in exceptional circumstances only to cases related to the difficulties of enforcement in third countries.”.
Striking a balance in governance
Discussions at the next trilogue will also focus on governance. While the co-legislators agree on the tasks assigned to the competent authorities, the approach differs.
The European Parliament would like to see the establishment of a single data coordinator responsible for the application and implementation of data legislation and acting as a single point of contact for all tasks relating to the Regulation.
On the other hand, the EU Council mandate stipulates that “in Member States where more than one competent authority is designated, a coordinating competent authority shall be designated”.
In order to reach an agreement, the Swedish Presidency of the Council of the EU is also asking the Member States to show flexibility and give a single authority jurisdiction over all disputes relating to business secrets.
A single competent authority would also have the task of implementing and enforcing the provision of data to public sector bodies and EU institutions, agencies or bodies on the basis of exceptional need.
In addition, the Parliament and the Council of the EU will still have to agree on a number of points, including the date of entry into force of the future regulation. The Parliament would like to set this deadline at 18 months, compared with 24 for the Council of the EU. Once again, the Presidency of the EU Council is calling on the Member States to show flexibility on this point.
The draft agreement will first be examined by the EU Council’s Telecommunications Working Party on 19 June. A review of the EU Council’s mandate will be requested at the meeting of Member States’ ambassadors to the European Union (Coreper) on 23 June.
See the document: https://aeur.eu/f/7em (Original version in French by Thomas Mangin)