European Data Act: The Scope, Purpose, and How to Comply

19.01.2024 twitter X safetica

As of the latest update, the European Parliament has adopted the final text of the Data Act. The Act, proposed by the European Commission in February 2022, is on the verge of becoming law after its official adoption by the Council on November 27, 2023.

The world is going through a digital transformation and the Data Act represents the EU's response to unlock the immense potential of data. The Data Act brings with it a trove of opportunities. It's aim is to stimulate innovation, providing a platform for businesses to develop new services, products, and operational models. Embracing the Data Act will pave the way for sustained growth and competitiveness in a data-centric marketplace.

Let’s take a closer look at what the European Data Act is, its key elements, and how it will affect businesses.

What is the Data Act?

The Data Act is an EU regulation that is designed to ensure fair access to data, laying down a framework for its usage and sharing, levelling the playing field across industries. It sets rules to facilitate fair access to certain types of data, especially data generated by connected devices like smart appliances, industrial machinery, and other IoT devices.

The Data Act encourages sharing data under specific conditions to stimulate innovation and create a competitive data market, while ensuring those who create the data still have control.

What is the purpose of EU’s Data Act?

The need for the Data Act arises from existing challenges in Europe's use of data. There's confusion about who can access data from connected products, making it tough for smaller businesses to make fair deals. Switching between cloud services is tricky, and it's hard to combine data from different areas. This Act aims to break these barriers.

Sharing (data) is caring!

Currently, there’s a significant imbalance in how data value is distributed among different entities involved in generating, using, or controlling data. The Data Act seeks to address inequalities in how the benefits of data are distributed among various players.

Some companies or entities might have exclusive control over data generated by connected devices like smart home appliances or industrial machinery. They can restrict access to this data, limiting its use by others who might benefit from it, such as third-party service providers or smaller businesses.

The Data Act intends to make sure the advantages derived from data are equitably shared among different stakeholders, fostering fair competition and innovation.

Stimulating a competitive data market

The Data Act hopes to dismantle barriers that hinder fair competition, fostering an environment where businesses can thrive on the basis of merit and innovation rather than monopolized control over data.

Furthermore, larger corporations might have stronger negotiating power in data-sharing agreements, often leading to unbalanced terms for smaller companies or startups. This can restrict fair competition and hinder innovation.

Innovation through data-driven approaches

Innovation is at the heart of the Data Act. It envisions a landscape where creativity and advancement are fuelled by unrestricted access to high-quality data.

Certain entities, like tech giants, may accumulate vast amounts of data and wield significant control over its use, which might hinder fair competition and innovation by other businesses.

Improving data accessibility

The Data Act seeks to remove hurdles that block or complicate access to data, ensuring a more open, transparent, and accessible data ecosystem. This initiative aligns with the EU's goal to make data more readily available and usable.

Scope: Who does the Data Act affect?

The Data Act will influence a spectrum of economic sectors, and its ramifications will be felt across industries ranging from manufacturing and transportation to healthcare, finance, and beyond. Irrespective of size, the Data Act touches businesses of all dimensions. Both small and medium businesses and larger enterprises operating within the EU are subject to its provisions. 

Notably, the Data Act places a significant emphasis on the realm of IoT (Internet of Things) data and connected products. It sets up rules for managing data generated by connected devices.

The multi-dimensional impact of the Data Act is clear, emphasizing the vast spectrum of businesses and sectors it seeks to regulate and empower.

Key elements of the Data Act

The building blocks of the Data Act hold the keys to reshape how we access and use data. These essential elements lay down the ground rules for fair data sharing:

1. Data access and sharing measures

    • The Data Act reinforces measures to enable users of connected devices to access and share data generated by these devices. This provision opens avenues for cheaper aftermarket services and other innovative solutions relying on data, such as predictive maintenance.

    • With an emphasis on data portability, the Data Act aims to foster an environment where the sharing of connected device data with third parties becomes more feasible. This facilitates the development of novel, data-driven services and opening up the playing field to innovative ideas.

2. Relationships in data processing

    • Under the Data Act, specific rules govern the processing of data shared by third parties. These regulations delineate the relationship between the third-party recipient of the data and the original data holder, ensuring fairness in data processing practices.

    • Addressing the issue of contractual imbalances, the Data Act aims to rebalance negotiating power, particularly for small and medium-sized enterprises (SMEs). It works toward preventing the exploitation of these entities by larger counterparts in data sharing contracts.

3. Public sector data access

    • The Data Act empowers public sector entities with the authority to access and utilize data held by private companies, particularly in circumstances of high public interest. This includes situations like natural disasters, giving access to critical data to aid in managing emergencies effectively.

    • In times of crisis, the Data Act facilitates the use of data held by private entities, leveraging it for the greater good.

4. Data portability and cloud services

    • The Data Act focuses on ensuring a seamless transition for end-users switching between various data processing service providers. This promotes healthy competition and offers safeguards against unlawful data transfers, ensuring user empowerment and data security.

    • Notably, the Data Act includes measures to protect against unlawful international data transfers. It sets out protocols to prevent unauthorized access by non-EU governments, reinforcing the security and integrity of data processing activities.

5. Clarifications and restrictions

    • The Data Act clarifies that databases containing data from IoT devices should not be subject to separate legal protection. This ensures that data generated by IoT devices are more easily accessed and utilized by end-users.

    • Furthermore, the Data Act imposes restrictions on data sharing with entities identified as gatekeepers under the Digital Markets Act, curbing any unfair advantages or monopolistic tendencies that could stifle fair competition.

So, what does all this mean for businesses in the EU?

The Data Act’s expected impact on businesses

Let's unpack how the Data Act is gearing up to revolutionize businesses. This section will reveal the potential changes in operations, innovation, and the overall business landscape. Let's dive right in:

Potential Positives

  1. Innovation boost: Driving new innovative practices leveraging newly shared data.
  2. Streamlined operations: Optimizing day-to-day operations and supply chain management.
  3. Market expansion: Opening doors to new market opportunities and wider business landscapes.

Challenges and concerns

  1. Safeguarding trade secrets: Addressing concerns regarding the protection of valuable trade secrets amidst increased data sharing.
  2. Data exposure: Tackling issues surrounding data exposure and ensuring adequate protection against unauthorized access.

Future expectations

  1. Evolution in services: Anticipating changes in aftermarket services and repairs due to easier access to data.
  2. Overall business transformation: Expecting shifts in the way businesses operate and strategize in a data-rich environment.

Bonus: Other legislation that comes into play

The implementation of the Data Act is poised to bring significant changes and opportunities for businesses across diverse sectors. Alongside these transformative changes, the upcoming EU AI Act is also set to play a big role in shaping the business landscape in the EU. It focuses on the regulation of AI systems.

Both the Data Act and the EU AI Act will interplay significantly, particularly in sectors where AI-driven technologies rely heavily on access to vast amounts of data. The Data Act's facilitation of data access, coupled with the regulatory framework set by the EU AI Act, will likely shape the way businesses approach AI development, data utilization, and compliance within the EU.

Preparing for compliance with the Data Act

As businesses navigate the implementation of the Data Act, they face the need for strategic adjustments in their operations, data handling, and compliance structures. This legislative milestone presents an opportunity for companies to innovate, optimize, and adapt their business models to keep up with these data-rick times.

Here are some steps that businesses and organizations can take before the Data Act comes into effect:

Understanding data categories: Identify the types of data your business generates, collects, and processes. Categorize these data sets to comprehend their implications for compliance under the Data Act.

Review internal data policies: Assess and revise existing data policies and practices within your organization to align with the guidelines outlined in the Data Act. Ensure clarity on data sharing, protection, and access rights to comply with the regulations.

Data mapping and documentation: Conduct a comprehensive data mapping exercise to track the flow of data throughout your systems. Maintain clear and up-to-date documentation of data sources, processes, and storage locations to ensure transparency and compliance.

Data security and access controls: Strengthen data security measures to protect sensitive information and prevent unauthorized access. Implement robust access controls (What is the Zero Trust Approach?), encryption protocols, and data protection mechanisms to align with the Data Act's security requirements. A strong data loss prevention solution can help.

Training and awareness: Educate employees on the implications of the Data Act and their roles in compliance. Provide training sessions about data security, data handling, and privacy.

External partnerships: Collaborate with external partners, vendors, and stakeholders to ensure compliance across the data chain. Review and amend contracts to reflect the new requirements and ensure shared accountability for data protection and fair access.

Seek expert guidance: Consider seeking guidance from legal advisors or data protection experts (not trying to name any names here, but Safetica comes to mind). Their expertise can provide valuable insights and help streamline compliance.

Compliance with the Data Act demands a proactive approach towards data governance, transparency, and security. Preparing in advance and implementing necessary changes within your organization will facilitate smoother adaptation to the regulations.

Safetica's Role in Ensuring Data Act Compliance

Safetica's DLP solutions aid businesses in managing risks associated with data sharing, ensuring secure data transfer between providers, and safeguarding against unlawful data access. Through encryption, monitoring, and access control features, Safetica enables businesses to fortify their data governance protocols in compliance with the Data Act's standards.

Moreover, Safetica provides invaluable guidance and training resources to help organizations navigate the complexities of the Data Act. By offering comprehensive educational materials and expert support, Safetica empowers businesses to cultivate a culture of data responsibility and compliance within their workforce.

The collaboration between businesses and comprehensive data protection solutions like Safetica paves the way for a secure, innovative, and compliant future in the EU's data-driven economy.


Talk to us

Next articles

Regulatory Compliance

SAMA’s Cyber Security Framework: The Scope, Purpose, and How to Comply

The Saudi Arabian Monetary Authority (SAMA) has introduced a Cyber Security Framework designed to fortify the nation's financial systems and critical industries against cyber threats. Throughout this guide, we'll explore the key components, while also providing tips and insights on how to achieve compliance with its requirements.
Read more
Regulatory Compliance

HITRUST framework: The Scope, Purpose, and How to Comply

This article will guide you through HITRUST's evolution, its current scope, and how it can be a game-changer for your organization's data protection strategy.
Read more
Regulatory Compliance

Understanding SOC 2: The Scope, Purpose, and How to Comply

Get started with your SOC 2 compliance efforts: what SOC 2 is, why it matters, and, most importantly, what steps you need to take if you want to get a SOC 2 report for your organization.
Read more