**Questions? [[Contact us!]]** # Introduction **Purpose and scope** The Data Act, together with [[Data Governance Act]] (DGA), is part of [the European Data Strategy](https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en). Its aim is to give the EU a competitive advantage in an increasingly data-driven society while increasing prosperity and well-being in Europe. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest. **Who will be affected?** This Regulation applies to: - Manufacturers of products and suppliers of related services placed on the market in the Union and the users of such products or services; - [[Data holders]] that make data available to data recipients in the Union; - Data recipients in the Union to whom data are made available; - Public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request; - Providers of data processing services offering such services to customers in the Union. See also: [[What are the implications of the proposed Data Act for healthcare data sharing]]. **Legislative status** The Data Act has been adopted and has entered into force on 11 January 2024. It has been published in the Official Journal: [Regulation - EU - 2023/2854 - EN - EUR-Lex (europa.eu)](https://eur-lex.europa.eu/eli/reg/2023/2854) **Expected implementation date** Following its entry into force, the Data Act will become applicable in 20 months, i.e. 12 September 2025. This gives the relevant actors under the Data Act the time to adapt to the new rules and to make the necessary technical arrangements. The experts of the Data Law Hub can help with this. There is one exception to this rule. Article 3(1) of the Data Act, on requirements for simplified access to data for new products, shall apply to connected products and the services related to them placed on the market after <u>32</u> months from the date of entry into force of the regulation. This will be in mid-2026. # Definitions - [[Data]] - [[Data holders]] - [[Data recipient]] - [[Business-to-Government (B2G) data sharing]] - [[Functional equivalence]] - [[User]] # Key objectives The proposed Data Act aims to address various challenges related to data access and sharing by removing legal, economic, and technical obstacles. Its key objectives include: 1. **Facilitating Data Access**: The Act intends to make it easier for both consumers and businesses to access and utilize data. This is aimed at empowering individuals and organizations with more information, enabling them to make informed decisions. 2. **Maintaining Incentives for Investment**: While promoting data access, the Act also seeks to ensure that incentives for investment in data-driven opportunities are maintained. This is important to encourage continued innovation and value creation through data. 3. **Enhancing Legal Certainty**: To foster data sharing, the Act aims to increase legal certainty surrounding data sharing arrangements. This includes data obtained or generated through product usage and related services. 4. **Public Authorities' Access to Data**: The Act proposes granting public authorities access to data held by private sector entities when it is necessary for specific public interest purposes. This can be particularly important in emergencies and other exceptional situations, supporting evidence-based and effective public policies and services. 5. **Facilitating Cloud Service Provider Switching**: To promote a thriving data economy with easy data sharing, the Act aims to facilitate the transition between different cloud processing service providers. This helps ensure that data can flow seamlessly between providers. 6. **Safeguarding Data Transfer**: The Act introduces safeguards against unlawful data transfer without prior notice from relevant cloud service providers. This measure addresses concerns related to unauthorized access by third-country governments, enhancing data security and privacy. # The Data Act and other legislation **[[Data Governance Act]]** As indicated above, the DGA and the Data Act are part of the European data strategy. The DGA focuses on the transfer of non-personal data. It also introduces a regime for data intermediaries. These are neutral and transparent intermediaries that help with data management while ensuring the privacy of data subjects. The DGA also makes it easier to share data by creating a legal framework. Data Act, on the other hand, defines who can create value from data and under what conditions. **[[GDPR|General Data Protection Regulation]]** Besides differences, the Data Act has a number of similarities with the AVG. One of these similarities is that, like the AVG, it applies to all companies. This means that a company does not have to have a registered office in the EU, but only place services or products on the EU market. Making data available in the EU is also sufficient. In late May, a debate on several legislative proposals, including the Data Act, took place within the Digital Affairs Committee. During the debate, several MPs referred to a joint opinion from early May. In the opinion, the European Data Protection Board and the European Data Protection Supervisor stated that the Data Act should not compromise the protection of personal data and that the AVG takes precedence over the Data Act. This is because data sharing includes personal data. According to these regulators, the Data Act should clearly state that the AVG always applies when sharing personal data.