Digital The "Data Act" The Data Act

The Data Act

What is the Data Act?

Regulation (EU) 2023/2854 of 13 December 2023, better known as “Data Act”, lays down harmonised rules on fair access to and use of data.

This European regulation aims at creating a fairer and more innovative data economy in the European Union.

The objectives of the Data Act are the following:
 

  • Providing users with greater control on the data they generate via connected devices (Internet of Things or IoT). This includes for instance data from smart domestic appliances, industrial machinery or mobile technology.
     
  • Fostering data driven innovation by enabling users (consumers and enterprises) to share data with third parties of their choice, for instance for repair or maintenance services, or for the development of new products.
     
  • Increasing the competitiveness of European enterprises, in particular SMEs, by tackling unfair contractual terms on data access and usage.
     
  • Facilitating the switching of providers of cloud services and other data processing services while avoiding vendor lock-in.
     
  • Providing a mechanism enabling public sector bodies on the basis of an exceptional need (such as natural disasters or health crises) to access the data detained by the private sector when these data are necessary to respond to the emergency.

What is the scope of the Data Act?

The Data Act is a cross-sectoral regulation with a large impact and is relevant for a diverse group of players in the European Union.

Which data?

The Data Act covers access to and sharing of personal and non-personal data, including the corresponding metadata needed to interpret and use these data. The term ‘data’ is defined as any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording. Only data that have not been substantially modified are concerned, i.e. data in raw form or data that have only been pre-processed for the purpose of making them understandable prior to subsequent processing. 

To whom does the Data Act apply?

  • Manufacturers of connected products, providers of related services, providers of data processing services placed on the market or provided in the EU, irrespective of the place of establishment of those manufacturers and providers. 
  • Data holders, irrespective of their place of establishment, that make data available to data recipients in the Union. A data holder is any natural or legal person that has the right or obligation, in accordance with the law or a contract, to use and make available data. 
  • Users in the EU of connected products or related services placed on the EU market. A user is any natural (consumer) or legal (enterprise, organisation) person that owns, rents or leases a connected product, or that receives related services. 
  • Data recipients in the EU to whom data are made available. A data recipient is any natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation.
  • Public sector bodies of the Member States or the EU that request data holders to make data available where there is an exceptional need for those data. 
  • Participants in data spaces and vendors of applications using smart contracts and persons whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement.

Supervision and coordination

The 2025-2029 federal coalition agreement stipulates that the supervisory and coordination powers provided for in the Data Act will be entrusted to the BIPT. In this framework, the BIPT will assume the role of data coordinator.

The Data Act also provides a role for the data protection authorities. The latter are responsible for monitoring the application of this Regulation insofar as the protection of personal data is concerned.

Useful sources of information for the sector

The FAQ of the European Commission is a first resource for understanding the Data Act

This page will be updated as the European Commission adopts the acts provided for in the Regulation, such as model contractual terms (MCTs) for data sharing, standard contractual clauses for cloud computing services (SCCs), and guidelines on the calculation of reasonable compensation.

Contact

For any questions regarding the Data Act in general, please contact the BIPT at info@bipt.be.

 

Back to top