Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Data Act

2022/0047(COD)

The Committee on Industry, Research and Energy adopted the report by Pilar del CASTILLO VERA (EPP, ES) on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act).

The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:

Data and scope

The report clarifies that the proposed Regulation should lay down harmonised rules on:

- the design of connected products to allow access to data generated by a connected product or generated during the provision of related services to the user of that product;

- data holders making available data they accessed from a connected product or generated during the provision of a related service to data subjects, users or to data recipients, at the request of the user or data subject;

- fair contractual terms for data sharing agreements;

- making available data to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need in the public interest;

- facilitating switching between data processing services;

- introducing safeguards against unlawful international governmental access to non-personal data; and

- developing interoperability standards and common specifications for data to be transferred and used.

Objectives

The Data Regulation aims to boost innovation by removing barriers obstructing consumers and businesses’ access to data. The legislation will clarify who can access data and under what conditions. It will allow a wider range of private and public entities to share data.

The Regulation:

- obliges manufacturers of connected products and providers of related services to design their products and services in such a way that users of a connected product or related service in the EU can access, in a timely manner, the data accessible from the product or generated during the provision of a related service and that those users can use the data, including by sharing them with third parties of their choice;

- requires data holders to make data available to users and to data recipients designated by those users;

- provides that data holders should make data available to data recipients in the Union on fair, reasonable and non-discriminatory terms and in a transparent manner;

- provides that, if there is an exceptional need, data holders should make data available to public sector bodies of the Member States and to Union institutions, bodies, offices and agencies;

- further aims to facilitate switching between data processing services and to improve the interoperability of data and data sharing mechanisms and services in the Union.

SMEs

Start-ups, SMEs and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach.

When companies draw up their data sharing contracts, the law will rebalance the bargaining power in favour of SMEs, protecting them from unfair contract terms imposed by companies in a much stronger bargaining position.

Trade secrets

Members strengthened provisions to protect trade secrets and avoid a situation where increased access to data is used by competitors to retro-engineer services or devices. They also set stricter conditions on business-to-government data requests.

Emergency situations

The amended text also sets out how public sector bodies, in exceptional circumstances or emergencies, such as floods and forest fires, can access and use data held by the private sector where necessary.

Implementation and enforcement

The report underlines that avoiding fragmentation of the market must be a guiding principle of the Regulation. The Data Act should give further clarity on the roles and coordination between competent authorities regarding, inter alia, the supervision, complaint handling and penalty regime.

Strengthened coordination

The report notes that each Member State should designate an independent competent coordinating authority (‘data coordinator’) as responsible for the application and enforcement of this Regulation, for coordinating the activities entrusted to that Member State, for acting as the single contact point towards the Commission, with regard to the implementation of this Regulation and for representing the Member State at the European Data Innovation Board.

To further enhance coordination in the enforcement of this Regulation, the European Data Innovation Board should foster the mutual exchange of information amongst competent authorities as well as advise and assist the Commission in certain matters.

Processing of data

This Regulation should not be read as creating a new legal basis for the processing of personal data for any of the regulated activities. In the event of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data should prevail.