On the night of Tuesday 27 to Wednesday 28 June, the EU Council and the European Parliament reached a provisional political agreement on the Data Act (see EUROPE 13207/2).
“Today’s agreement will accelerate the digital transformation of our Union. Once the Data Act comes into force, it will unleash the economic and societal potential of data and technology and contribute to the creation of an internal data market”, commented Sweden’s Minister for Public Administration, Erik Slottner, after the negotiations.
“The Data Act is a real turning point. Having data on the operation of industrial equipment will enable factories, farmers and construction companies to optimise operating cycles, production chains and supply chain management”, added the rapporteur on the dossier, Pilar del Castillo Vera (EPP, Spanish).
The agreement reached by the co-legislators provides for users of connected devices, whether intelligent domestic appliances or intelligent industrial machines, to be able to access the data they generate. This access should be provided by the operator, who could also share it in real time and in regulated formats. Until now, this data was mostly collected exclusively by manufacturers and service providers.
In addition, the EU council’s approach - following a request from several Member States last February (see EUROPE 13116/7) - has been retained on the issue of data from the Internet of Things. On this point, the emphasis has been placed on the functionalities of the data collected, rather than on the products themselves.
Simplifying the process of switching cloud service providers
New rules have also been approved to allow customers to move easily from one cloud provider to another. Safeguards against illicit international data transfers by cloud computing service providers have also been introduced, as have interoperability standards for data sharing and processing.
Businesses, for their part, will be able to benefit from a single point of contact for all questions relating to the Data Protection Regulation.
The issue of business secrecy was debated at length. Several players in the data sector had insisted on the need for an adequate level of protection. The provisional political agreement stipulates that operators could refuse data requests in “exceptional circumstances” that could lead to “serious and irreparable economic losses” compromising their “economic viability”.
As far as access to data by public sector bodies is concerned, the text aims to give public bodies the possibility of accessing data held by the private sector “if necessary and in exceptional circumstances”, such as floods, fires or in order to carry out a task in the public interest, and if the data required is not otherwise accessible.
The provisional political agreement includes measures to protect against unfair contract terms imposed unilaterally by a company in a dominant position on a market on another company. According to the EU Council, these measures will protect EU companies from unfair agreements and give SMEs more room for manoeuvre.
Finally, the co-legislators also agreed on the date on which the text will come into force. Member States will have 20 months from the date of publication in the Official Journal of the EU, whereas the EU Council was expecting a period of 24 months. The European Parliament, for its part, would have liked to see this deadline shortened. In addition, new products will have to meet the text’s requirements for simplified access to data after a further year.
Concerns expressed by players in the sector regarding the link between the Data Act and the DMA
While the news of an agreement has been welcomed by a number of political players and the digital sector, not everyone has the same view.
“The political agreement on the new European data law, reached by negotiators from the European Parliament and the EU Council late last night, may be well-intentioned, but it risks hampering data-driven innovation”, warned the Computer & Communications Industry Association (CCIA Europe).
According to CCIA Europe, the agreement prohibits users from transferring data to connected devices or services of their choice, if these are operated by companies designated as ‘gatekeepers’ under the Digital Markets Act (DMA) (see EUROPE 13195/29).
“In practice, this means that any company receiving a request for data portability would no longer be able to comply with the General Data Protection Regulation if it had to refuse this request on the grounds that data law does not authorise the transfer of data to services managed by a so-called ‘gatekeeper’”, adds CCIA Europe. (Original version in French by Thomas Mangin)