European Commission answers frequently asked questions on the Data Act

Written By

manuela cox Module
Manuela Cox

Associate
Netherlands

As an associate in our office in The Hague, I specialise in regulatory matters, including data protection and telecommunications law.

On 6 September 2024, approximately one year before the majority of the Data Act’s provisions begin to apply, the European Commission published a comprehensive FAQ document on the Data Act (“FAQ”). The FAQ is the result of extensive stakeholder engagement. Further background on the Data Act itself can be found here.

Legal significance and the role of the Commission

According to the European Commission, the FAQ is not binding and positions expressed within the FAQ should not be considered representative of the European Commission’s official position. Further, the expressed views “cannot prejudge any future actions the European Commission may take”.

Caveats aside, the Data Act FAQ provides welcome guidance on a complex regulation and will help guide businesses that are grappling to understand the sometimes ambiguous chapters of the Data Act. While the European Commission is not a supervisory authority under the Data Act, it does play an important role in coordinating national practices and ensuring uniform conditions for the implementation of the Data Act. For one, the European Commission is tasked, among other things, with setting standards and drafting guidelines, including on the calculation of reasonable compensation for making data available per article 9(5) Data Act. The European Commission also hosts the European Data Innovation Board (EDIB), an expert group that facilitates cooperation between competent authorities, promotes best practices and common approaches in enforcement of the Data Act. Furthermore, the European Commission maintains a public register listing, among other things, the competent authorities and measures in relation to penalties.

The FAQ’s content

The FAQ addresses all sections of the Data Act, including:

  • The interplay between the Data Act and other EU laws;
  • Data access and use in the IoT context;
  • FRAND conditions, compensation and dispute resolution;
  • Unfairness in B2B data sharing contracts;
  • B2G data access;
  • Switching between data processing services;
  • Unlawful access to and transfer of non-personal data held in the EU by third country authorities;
  • Interoperability;
  • Enforcement; and
  • What to expect next.

There is a fair amount of repetition of the law in the FAQ, but also some useful guidance in particular for the first chapters of the Data Act, such as the following:

  • FAQ 8 discusses what a “related service” is; the answer includes elements that could be used to narrow down whether the digital service in question is also a related service.
  • FAQ 9 and FAQ 30 address the problem of how second-hand connected products should be treated, as there might be legacy data on them. Contractual arrangements seem to be possible in those situations.
    FAQ 18 mentions that manufacturers can outsource the role of the data holder contractually.
  • FAQ 19 gives guidance on how strict the design obligation in Article 3(1) Data Act is, and gives some leeway to manufacturers.

The Data Act FAQ is intended to be a living document and will be updated periodically. Interested parties are invited to submit questions that are not covered by the FAQ via the contact form of the European Commission.

What to expect next

Further guidance and standardisation material on important subjects under the Data Act are underway. The European Commission is, amongst other things, preparing guidelines on reasonable compensation, standards for interoperability requirements and model contract terms for data sharing and standard contractual clauses for cloud computing contracts.
With respect to the guidance on reasonable compensation, the FAQ indicates that these should not be expected shortly. Although the European Commission does not mention an actual date, it alludes to these guidelines being published only after the majority of the Data Act provisions become applicable on 12 September 2025. This is particularly unfortunate, as an understanding of what is considered reasonable compensation is imperative for companies to fully gauge the impact that the Data Act will have on their businesses.

The European Commission has prepared a standardisation request called the “European Trusted Data Framework” in support of art. 33 Data Act regarding the requirements of interoperability. This request is currently under consultation with relevant stakeholders and is expected to be formally adopted by the end of 2025.

Further, the Expert Group on B2B data sharing and cloud computing contracts is developing model contractual terms for data sharing and standard contractual clauses for cloud computing contracts. The Commission is expected to adopt a recommendation on these contracts before 12 September 2025.

For further information, please contact Manuela Cox.

This article was originally published in our monthly Connected newsletter, to sign-up to receive future newsletters for the latest Regulatory & Public Affairs news and updates, see below:

TO SUBSCRIBE TO OUR CONNECTED NEWSLETTER CLICK HERE

Latest insights

More Insights
flower

NEWSFLASH - The UK’s New Consultation on AI and Copyright: Purr-suing Balance?

Dec 19 2024

Read More
laptop phone

EU/UK sanctions regarding Russia and Belarus (16-12-2024)

Dec 19 2024

Read More
Curiosity line teal background

Australia’s first standalone cyber security law – the Cyber Security Act 2024

Dec 18 2024

Read More