For further information,
please contact:

Senior Associate

Legal Alerts

Draft Data Act Published in EU

Legal Alerts
IT & Communications

         Click the button to listen to our legal alert now!


Recent development

On 23 February 2022, the European Commission (EC) proposed the draft Data Act, which is part of the European Data Strategy together with the Data Governance Act (DGA). With the Data Act, EC aims to increase access to data and provide a fair environment for the use of data. You may access the draft Data Act here.

What does the Data Act cover?

The Data Act covers both personal and nonpersonal data and regulates the access to such data by public bodies and users who help generate the data and the transfer of such data. The Data Act applies to manufacturers and users of data-generating products, data holders and recipients, public bodies and data processing service providers within the European Union.

The main proposed terms of the Data Act are as follows:

  • Access to IoT (Internet of Things) data: The Data Act obliges businesses to give users the right to easily, securely and — “where relevant and appropriate” — access the data they generate via connected devices. This right further allows users to their right to portability on this IoT data. Unlike the General Data Protection Regulation (GDPR), the Data Act applies to the data generated by both natural and legal persons.
  • Government’s access to data: The Data Act allows public bodies to access data that is held by the private sector, to the extent an exceptional need exists. This right to access is limited to situations where the access is necessary to prevent, respond to or recover from a public emergency such as terrorist attacks, public health emergencies, natural disasters, or where the lack of data prevents the public body from fulfilling a duty in the public interest provided by law.
  • Negotiation power for SMEs: The Data Act introduces measures to ensure a fair contractual relationship between data holders and data recipients, and especially strengthens the position of small and medium enterprises (SMEs). As stated by the EC press release, the EC will also publish model contractual terms on data transfer and use.
  • Data transfer and access restrictions to nonpersonal data: The Data Act aims to prevent unlawful transfer and access to the nonpersonal data held in the EU, to the extent such transfer or access would create a conflict with EU law or the relevant national law.
  • Right to switch between cloud and edge services: The Data Act obliges service providers to align their services in a way that allows customers to switch to another data processing service.
  • Smart contract requirements: The Data Act further introduces requirements for smart contracts and brings obligations to smart contract providers, such as providing data archiving and audit options.

Link between the Data Act and other EU regulations

As part of the European Data Strategy, the DGA that was agreed upon on November 2021 aims to increase the use of data in various fields such as AI, scientific researches, and production of goods and services by regulating the data sharing among different actors. In the meantime, the Data Act regulates the actors that can access data and generate value from the data.

Also, as stated by the EC, the Data Act is fully consistent with the GDPR and builds on, in particular, the right to data portability that allows data subjects to move their data between controllers who offer competing services. While the GDPR covers personal data, the Data Act allows users to access and port IoT data, both personal and nonpersonal.


The EU continues to introduce regulations as part of the European Data Strategy. With the implementation of the Data Act, the EC emphasizes that barriers against the use and access to data will be removed in a way to serve as a stepping stone in the EU’s strategy to become a leader in our data-driven society.