The EC has published its draft Data Act. The draft Data Act (which takes the form of a Regulation) clarifies who can create value from data (personal and non-personal) and under what conditions. It is the second major legislative initiative of the European Strategy for Data and follows on from the Data Governance Act which creates the processes and structures to facilitate data sharing.
The Act is intended to unlock industrial data by giving business users access to data they contribute to creating, and giving individuals more control over all their data, not just personal data. This is focused particularly on data created using connected devices and related services, for example voice assistants. It is partially aimed at largescale manufacturers and service providers of IoT products who are likely to lose their data advantage to a degree. Third party business users will not be able to use obtained data to develop directly competing products, but they will be able to use it to create other products and services.
The new rules will make more data available for reuse and are expected to create €270 billion of additional GDP by 2028.
The proposal for the Data Act includes:
In addition, the Data Act reviews certain aspects of the Database Directive, which was created in the 1990s to protect investments in the structured presentation of data. Notably, it clarifies that databases containing data from Internet-of-Things (IoT) devices and objects should not be subject to separate legal protection. This will ensure they can be accessed and used.
Member States must designate supervisory authorities which will have powers to sanction non-compliance in line with GDPR-level fines for certain breaches.
The legislation now begins the path to approval and is expected to come into effect 12 months after coming into force