Data has become an integral part of everyday life and is a valuable resource for businesses. In practice, however, data is often difficult to access, or companies are reluctant to share it. The “Data Act,” a new European regulation coming into force in 2025, aims to make access to data and data fairer and easier, in order to realise the economic potential of data. This act will encourage innovation and increase competition.
In this blog post, we discuss some of the novelties in the Data Act.
A new right of access
The Data Act primarily contains an obligation for companies to share certain data with its users or customers. This obligation applies especially to companies that offer so-called “Internet of Things” (IoT) services or products. “Smart” devices in other words. Think, for example, of a self-driving car or your smart refrigerator. These devices all collect huge amounts of data, and sometimes it can be useful for the customer or user to have access to this data, for maintenance, for example. The Data Act therefore requires companies, under certain conditions, to make this data available to the user. This user can be either a consumer or a company. So even as a company, you may have this right of access.
What to do – Your company will have to organise itself so that it is possible to share the data with the customer or user. Where technically feasible and relevant, this process should be automated as much as possible According to the Data Act, products or services must be designed in such a way that the user has direct access to the data. Also, as a data holder, before a contract is entered into, you must provide appropriate information to the user. So in addition to the right of access, there is also a new transparency obligation for data holders
New rules for data sharing agreements under the Data Act
Data sharing under “FRAND conditions”
When a company is legally required to share certain data with another party, it must do so on fair, reasonable, and non-discriminatory terms (called FRAND terms, which stands for Fair, Reasonable, and Non-Discriminatory).
This obligation comes into play, for example, when a user asks the data holder to transfer his data to a third party. Indeed, according to the Data Act, the user has the right to request this. In that case, the data holder must enter into an agreement with that third party, where the terms are fair, reasonable and non-discriminatory.
What to do. – Existing templates may need to be reviewed to ensure they comply with these new rules in the Data Act. It is also appropriate to identify whether your company is legally required to share data with other companies. That way, your company is already prepared.
Protection against unfair terms
The Data Act also contains a number of specific rules that exclude unfair or unbalanced clauses in data sharing agreements. Important: these are clauses that are imposed unilaterally by one party. It does not concern clauses negotiated by mutual agreement.
These new rules of protection apply regardless of whether large, medium or small companies are involved. In practice, this does mean that the new rules primarily protect SMEs in their relations with large players. It is often precisely large companies that can unilaterally push forward certain clauses. Smaller companies often do not have the power to renegotiate such clauses.
The Data Act aims to change this and redress the balance.
What clauses are we talking about specifically?
The Data Act distinguishes between 3 types of unfair clauses:
- Clauses that depart significantly from good business practice and clauses contrary to good faith and fair dealing. This is the general category. If the use of a data sharing clause deviates so much from good business practice, it can be considered unfair. Ultimately, only a judge will be able to determine this after the facts;
- Therefore, the Data Act also provides a list of clauses that are always considered unfair. The advantage of this is that in advance, for example during the negotiation or its preparation, one can already consider which clauses should be avoided or for which clauses one should pay extra attention. An example of this is a clause in which the party imposing the clause bears no or only limited liability for intentional fault or gross negligence. This makes sense, as it deprives the injured party of the ability to seek damages or relief.
- Finally, the Data Act contains a list of provisions that are presumed to be unfair. However, this presumption can be rebutted. An example is a clause preventing the “aggrieved” party from early termination of the contract.
Importantly, the Data Act defines when a term is unilaterally imposed. A clause is considered unilaterally imposed if it is made by one party, and the other party, despite an attempt to negotiate it, has not actually had any influence on the content of that clause. Thus, if a clause is “take it or leave it,” it may be considered unilateral.
What to do. –In general, it is appropriate to avoid unilaterally imposed clauses as much as possible. A properly negotiated agreement is still preferable. Also, don’t forget to properly document negotiations. You will have to be able to prove that a clause is or is not unilateral. If a judge subsequently rules that an “unfair” clause was nevertheless negotiated by mutual agreement, the protection of the Data Act irrevocably falls away. So be attentive!
A new right of access for government
Last but not least, the Data Act also contains new rules on access for the government to data held by a company by the government This obligation only applies if the government can demonstrate an exceptional need to obtain the data. The government will also always have to justify its request
What to do – If your company is requested to provide access to certain data by a government, you must check whether all (formal) conditions have been met, and in particular whether the request is sufficiently justified. The Data Act contains a series of conditions that the government agency must meet.
How can CRANIUM help
CRANIUM’s legal team is ready to assess the impact of the Data Act on your organization. In particular, CRANIUM can assist in negotiating data sharing agreements and in drafting or revising existing templates. CRANIUM guides you step by step to become fully compliant with the Data Act.
