The European Commission publishes frequently asked questions to clarify the scope and application of the Data Regulation

The European Commission has published a frequently asked questions document (FAQ) about the Data Act, aiming to facilitate practical understanding and support businesses, administrations, and developers in its correct application. The document clarifies key concepts, defines obligations, and addresses frequently asked questions regarding access, use, and sharing of data generated by connected products and related services.

Key points:

• Right to access data generated by connected products: users (businesses or consumers) have the right to access the data generated by the use of IoT devices and related services, and to use it under fair, reasonable, and non-discriminatory conditions.
• Obligations of manufacturers and service providers: manufacturers must design products so that data is accessible by default to the user and, where applicable, to third parties authorized by the user.
• Data sharing with third parties (B2B and B2C): the Data Act regulates how and under what conditions data may be shared with third parties, avoiding abusive practices and unbalanced contractual clauses, especially concerning SMEs.
• Protection of trade secrets and sensitive data: access to and exchange of data do not waive the protection of trade secrets, which must be safeguarded through appropriate technical and contractual measures.
• Interaction with the GDPR: the Data Act does not change the rules regarding the protection of personal data. When data is personal, the GDPR will continue to apply fully, and a valid legal basis will be needed for its processing.
• Data and services in the cloud: rules are established to facilitate portability and transition between data processing service providers (in the cloud and at the edge), reducing dependency on the provider and promoting interoperability.
• Exceptional access by public authorities: in situations of exceptional need (emergencies, disasters, public crises), authorities may request access to certain private data, under strict and proportional conditions.
• Abusive contractual clauses: the Regulation introduces specific control over unilaterally imposed contractual clauses in B2B data sharing contracts, protecting the weaker party.
• Temporary application and next steps: SMEs remind of the deadlines for implementing the Data Act and highlight the need for organizations to begin adapting contracts, technical architecture, and data governance models.

Link:

• Commission publication:Commission Q&A

Article written by the TMT department of ECIJA Madrid.