News and developments
Data Act – will it affect cloud contracts and service provider obligations, and if so, how?
Will the provisions of the Data Act affect cloud contracts and the obligations of data processing service providers, and if so, how?
Current cloud computing guides and guidelines include requirements for the development of a cloud exit plan. However, these do not have the force of generally applicable law. Service providers face no sanctions for failing to apply these rules. Cloud users, on the other hand, do not currently have any tools to insist on adding appropriate provisions to cloud contracts, which would allow them, for example, to transfer their data to another provider. Will the proposed Data Act legislation change the situation for suppliers?
Under the Data Act, data processing service providers are required to put in place the measures provided for in the regulation which allow their customers to switch to another data processing service that covers the same type of service, but is provided by another provider. The obligations under the Data Act will apply to providers regardless of the scale of their operations.
The Data Act provides that, when changing the data processing service provider, the rights of the customer and the obligations of the provider in question, must be clearly set out in a written contract. The contract should therefore specify at least:
Author: Karolina Grochecka-Goljan
Footnotes [1] Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (OJ EU 2023 L. 2854)
-
- maximum period of notice of termination,
- the period during which the customer can retrieve the data,
- charges related to changing the provider,
- the provider's commitment to support the customer's exit strategy.
Author: Karolina Grochecka-Goljan
Footnotes [1] Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (OJ EU 2023 L. 2854)