Vulcan Insight

The EU Data Act enters final stages of negotiations

9 March 2023

The Data Act, which is part of the 2020 European Strategy for Data, was first presented by the European Commission in February 2022 to regulate the use of and access to data. The Act is the second piece of legislation following the Data Governance Act, both attempting to take full advantage of data and technology while complying with EU regulations. The Data Act creates a set of common rules allowing public sector bodies to access and use data, preventing abuse of data-sharing contracts, and preventing unlawful data transfer. The Act also means that private companies must release user data in exceptional situations of high public interest. The European Commission estimates that the Act will create €270 billion of additional GDP by 2028. 

According to European Commission estimates, 80% of industrial information is never used. With the Data Act, this information will be available for individuals and businesses to use for aftermarket and value-added services. This allows for better decisions and capacity for predicting trends of future markets. Businesses and industrial entities will have wider access to data, in turn creating a more competitive market with lower barriers to entry. This allows them to customize services, compete equally with relevant markets, and create new digital services. 

The Data Act will also apply to cloud-services, improving the digital environment in which cloud and edge services can be used. The Act will make it easier to transfer data from one provider to another, whether it be private data or administrative data. It presents new obligations for cloud service providers allowing this exchange to occur with no additional costs and increased safety regulations for users.

The European Parliament’s ITRE Committee, which is the committee responsible for the file, adopted its final report in early February 2023, with 59 votes to 0 and 11 abstentions. MEPs changed the scope of the regulation to exclude data such as that processed by “complex proprietary algorithms,” and clarified how these rules would apply to each stakeholder. ITRE’s report also enforces protection of trade secrets for data holders and facilitates the transition between cloud providers. MEPs are now expected to vote on the Act at the next plenary, starting on 13 March.

The Swedish Presidency, leading the talks in the Council, shared its sixth compromise text on the Act on 8 March. Technical discussions are now expected to continue next week with a final text expected to get the green light on 22 March. In the latest compromise text, the Presidency has introduced the possibility for data holders to refuse to share data under exceptional circumstances. This would be possible if the holder can demonstrate it would be highly likely to cause severe damage. Sweden has proposed to extend the scope of this exceptional refusal from unlawful misuse or disclosure of information covered by IP rights to any trade secret. The relationship between the Data Act and the General Data Protection Regulation (GDPR), introduced across the EU in 2018, has been another point of great debate throughout the negotiations. In the latest text, new wording clarifies that whenever users obtain personal data that is not theirs, the Data Act does not provide the legal basis for processing it. 

The European Parliament and Council are under pressure to commence inter-institutional negotiations (trilogues) as soon as possible, with the lead negotiator in the Parliament, Spanish MEP Pilar del Castillo Vera (EPP) pushing to finish negotiations before Spain takes over the Council Presidency on 1 July 2022.