On January 11, 2024, the Data Act entered into force. This marks a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the broader European data strategy and plays a significant role in advancing the EU's digital transformation objectives outlined in theDigital Decade Policy Program 2030.
The widespread use of internet-connected products—the so-called Internet of things or "IoT," from cellphones to smart doorbell cameras—has notably increased the volume and potential value of data for consumers, businesses, and society at large. The recognition that barriers to data sharing hinder optimal data allocation for societal benefit led to the drafting of the Data Act.
The Data Act, which applies to both personal and non-personal data, encompasses several key elements designed to foster an efficient, fair, and innovative data economy:
- It facilitates data sharing, particularly data generated by connected devices and used by related This spans all sectors, underscoring the significance of non-personal data sharing for societal and economic benefits;
- It establishes mechanisms for data transfer and usage rights, with a special focus on cloud service providers and data processing services. This facilitates a more fluid and secure data sharing environment;
- It introduces interoperability standards to ensure data can be accessed, transferred, and used across different sectors, which is crucial for innovation and competitive markets;
- It reinforces the right to data portability, allowing users to move their data across different service providers, which enhances user autonomy and promotes competition;
- It mandates that providers of data processing services, such as cloud and edge services, implement reasonable measures against unauthorized third-party access to non-personal data, thereby fostering trust in data;
- It aims to balance the availability of data with the protection of trade secrets;
- It recognizes the need for public sector bodies, the Commission, the European Central Bank, or Union bodies to use existing data to respond to public emergencies or in other exceptional cases; and
- It provides protections against unfair contractual terms that are unilaterally imposed.
These elements collectively aim to enhance data accessibility and utility, protect individual and business interests, and foster a more competitive and innovative digital market in the EU.
The Data Act entered into force on January 11, 2024, and the provisions will apply starting on September 12, 2025. The timeline for complete enforcement is thus expected to span several years, allowing businesses and stakeholders adequate time to adapt to the new requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.