On 9 November, 2023, the European Parliament adopted a compromise text for the proposal for the Data Act[1]. The new regulation is yet to be officially adopted by the Council of the European Union, but the contents of the future EU regulation are now known.

The Data Act is intended to eliminate barriers to access to data for entities in the private and public sector, while it also preserves incentives to invest in data generation by ensuring balanced control over the data for the entities that create the data.

In practice, the Data Act is intended to improve data access for a broad group of entities. For this reason, users will be given special rights to access data related to products and services they use. On the other hand, the providers of these products and services will have specific obligations to enable exercise of those rights.  Entities in the public sector, such as national or EU authorities, will also be given special rights to access data in the private sector, and the product and service providers will have additional disclosure obligations.

An important element of the Data Act will be rules on data portability to facilitate switching between providers of data processing services. Under the new rules:

Importantly, the current scope of protection of trade secrets is significantly broader than in the original proposal, following extensive criticism of the previous rules due to the scope of protection being too narrow.

As the Data Act is a regulation, it will be uniformly applicable across the EU. The regulation will take effect twenty months from enactment, but it is not clear when precisely this will occur. Barring unforeseen circumstances, the Data Act should apply from around QIII 2025.

Authors: Agnieszka Wachowska, Attorney-at-law, Co-Managing Partner and Piotr Konieczny, Junior Associate

Footnotes

[1] https://www.europarl.europa.eu/RegData/seance_pleniere/textes_adoptes/definitif/2023/11-09/0385/P9_TA(2023)0385_EN.pdf