The Future of Non-personal Data Usage: The European Commission’s Data Act Proposal

Having access to data is the lifeline for some startups. For innovations that utilise non-personal data, a new proposal from the European Commission could open up further opportunities for innovation…

What is the Data Act Proposal?

In February 2022, the long-awaited Data Act Proposal was published, setting down new rules on who can use and access non-personal data (such as data from sensors, weather data, etc. that cannot be used to identify a person) generated in the European market. The Data Act together with the Data Governance Act aims to facilitate the use of non-personal data by parties other than manufacturers and fully utilise the dataset’s potential. If passed, it will open new opportunities for startups to offer services on a single data market and support data-driven innovation. 

What are the main proposals?

The proposed objectives of the Data Act Proposal include:

  • allowing users of connected devices (e.g. a smart home appliance or smart industrial machinery) to gain access to non-personal data generated by them and to share such data with third parties so that they can benefit from a wider range of services without being dependent on the manufacturers themselves;
  • helping startups and SMEs with drafting and negotiating fair data-sharing contracts (i.e. contracts for sharing non-personal data between manufacturers and service providers) – the Commission intends to draft model contractual terms, and unfair clauses will not be binding;
  • allowing customers to switch between different providers of cloud services without incurring any costs;
  • clarifying the Database Directive (which focuses on the legal protection of databases) – non-personal data from connected devices contained in databases will be allowed to be accessed and used in the same way as non-personal data, not included in databases. 

Who will be affected?

  1. Consumers will be able to access non-personal data generated through the use of their device and request that the manufacturers share this data with third parties that can provide aftermarket and value-added services, like predictive maintenance and repair. 
  2. Aftermarket service providers (e.g. a third-party service of smart cars) will have access to non-personal data to offer more affordable and personalised services. Through the use in machine learning and training algorithms, non-personal data can assist service providers in further innovating and creating new digital services.  
  3. Startups will gain access to non-personal data under clear rules but will be excluded from the abovementioned obligations to share such data with other businesses at customers’ request unless the startup is dependent on other large enterprises. Moreover, startups will be protected from unfair clauses in data-sharing contracts (such as a clause excluding or limiting the liability of the party that imposed the term for intentional acts or gross negligence).

How will this Act sit with the GDPR? 

The Data Act complies with the personal data-focused GDPR and continues in the regulation’s mission. Under the GDPR, the right to data portability is limited to personal data processed under certain legal bases and where it is technically feasible. The Data Act will broaden this right for connected products so that consumers can also access non-personal data generated by products they use.  ​​

Running a startup that would benefit from leveraging non-personal data? The Data Act could make it easier for you to access this information to improve your services, however, may impose additional obligations to respect consumers’ data rights. We are excited by the potential innovation this Act could bring and will keep an eye on developments as they occur. In the meantime, if you are curious about how to use personal data in your product find out more in our article here. 

Written by: Simona Stasová
Edited by: Tatiana Pavelková and Annabel Pemberton