Brussels, BELGIUM — The European Commission published a new Data Act proposal today, a new flagship legislation to help “make the EU a leader in a data-driven society”. The European Parliament and Member States will now review and amend the proposal.
The new EU regulation introduces several new rules instructing companies when and how they should share data, and with whom. Among others, the proposal imposes data access and portability rules for data generated by business users and individuals when using a service, and generally relies on parties’ good intentions to prevent undue competition and trade secrets exposure. Further, companies designated as “gatekeepers” under the Digital Markets Act (DMA) are prohibited from receiving users’ data and from participating in this EU data market. The proposal also puts forward stringent rules intended to help cloud customers switch to alternative providers.
The proposal also contemplates new rules for public bodies to request and obtain data from businesses potentially for a wide range of purposes.
European and international companies subject to foreign laws would also face new restrictions to transfer non-personal data outside the EU, or to even process such data within the bloc.
Various national regulators would be in charge of enforcing the new rules, with the power to levy fines up to EUR 20 million or 4% of annual global turnover, whichever is higher.
The following can be attributed to CCIA Public Policy Director Alexandre Roure:
“The Data Act proposal is well intentioned, but in need of improvements.
“The Data Act will serve the EU’s digital ambitions if it protects confidential business information, treats all companies equally, and avoids creating new data flow restrictions.
“We look forward to working with policymakers to ensure that the final Regulation will indeed help make the EU a leader in the data-driven economy.”