Close Menu
Data

Shaping the digital future: newly adopted EU data laws and their implications | McDermott Will & Emery

5gantennas.orgBy No Comments7 Mins Read


In a rapidly evolving digital environment, European Union data law (data method), adopted on November 27, 2023, marks a major shift in data, privacy, and intellectual property regulation.

The Data Act applies to manufacturers of connected devices (such as connected vehicles as well as IoT and medical equipment). It also applies to data processing services such as cloud service providers and their users, public sector bodies, among other entities.

Similar to the General Data Protection Regulation (GDPR), applies equally to EU and non-EU companies, even if they are not established in the EU. However, unlike the GDPR, it applies to both personal and non-personal data.

This important legislation will come into effect on January 11, 2024 and apply from September 12, 2025. Companies within the scope should consider the broader data access/sharing obligations and should not delay implementation efforts. Its compliance affects current enterprises. Internal business processes. Similar efforts will be required regarding various transparency and contractual obligations, which may require longer lead times to be fully integrated into corporate practices.

Thoroughly

Background, purpose and scope of EU data law

The Data Act, which follows the Data Governance Act 2022, represents a significant step forward in the EU’s strategy to effectively manage, regulate and exploit the growth potential of the expanding data economy.

The main objective of the Data Act is to make the wealth of product and related services data generated across the European Union accessible not only to large companies, but also to small and medium-sized enterprises, start-ups and individual consumers. The European Union sees this democratization as an important step towards fostering fairer and more competitive digital markets.

The scope of data law is broad and includes all sectors of the economy. Like GDPR, it also affects companies not established within the European Union. The Data Act applies to:

  • Manufacturers of connected devices and providers of related services placed on the EU market
  • Users of connected devices and related services
  • Data recipients in the European Union and data owners who make the data available to the data recipients themselves (e.g. manufacturers of connected devices)
  • Providers of data processing services (e.g. cloud service providers)
  • Participants in the data space and various stakeholders in the smart contract field.and
  • Public sector/EU bodies requesting data owners to make their data available under certain circumstances.

Regarding the types of data covered by the Data Act, it includes data generated by connected devices and related services, and data processed by data processing services (including cloud service providers). In all such cases, the data in question may be personal or non-personal. By including such a wide range of organizations and industries, the Data Act aims to establish universal standards for data access and sharing within the European Union and impact the entire digital economy.

Key provisions of EU data law

Data law is an important piece of legislation that has far-reaching implications for various economic sectors. It introduces several important provisions that redefine how personal and non-personal data can be accessed, shared, and protected. The key elements of the new law are:

  1. Data sharing obligations: One of the fundamental provisions of data law is the obligation for manufacturers of connected products and service providers to share data. This includes making the data generated by the use of those products and services accessible to users of the same products and services, and to third parties under certain conditions. will appear. This provision aims to democratize data access and foster innovation and competition.
  2. Intellectual property and trade secret protection: Data laws facilitate data sharing while also protecting intellectual property and trade secrets. This gives manufacturers the right to veto data in certain scenarios where sharing data could lead to serious and irreparable financial loss or compromise sensitive trade secrets, and to restrict access to data. It balances the protection of business interests.
  3. Data portability and design requirements: This law strengthens users’ rights to access data generated by the use of products and services by requiring manufacturers to design these products and services to ensure data accessibility. . This enhances data portability, allowing users to seamlessly transfer data between different service providers, promoting consumer choice and flexibility. Compliance with these design standards is essential for manufacturers and service providers to respond to the new regulatory environment.
  4. Sector-specific rules: Recognizing the unique needs of different industries, the Data Act includes regulatory provisions tailored to sectors such as healthcare and the automotive industry. For example, it addresses specific challenges and opportunities in sharing data from medical devices and smart vehicles, ensuring sector-specific compliance and innovation.
  5. Data protection and GDPR compliance: In line with the robust EU data protection framework, the Data Act stipulates that all data sharing and processing must be GDPR compliant. This ensures that personal data accessed, used and shared under the Data Act is also processed in accordance with the GDPR.
  6. Transparency: The new law imposes strong transparency obligations affecting manufacturers’ production processes, including an obligation to inform users of the product data that connected products can generate before entering into a contract to purchase, rent or lease a connected product. It is determined.
  7. Public sector access in emergencies: The Data Act also outlines the conditions under which public sector bodies can access data held by private entities in an emergency. This provision aims to ensure that critical data is effectively available in situations such as public health crises and natural disasters, while maintaining appropriate safeguards.
  8. Dispute resolution and enforcement: The Data Act establishes a mechanism for resolving disputes related to data sharing and provides enforcement provisions. This includes the designation of a competent authority and the establishment of penalties for non-compliance by EU member states to ensure that its provisions are effectively complied with.

Challenges and considerations

  • Consumer rights and privacy: Balancing user access rights and privacy concerns requires a nuanced approach, especially under GDPR. This is especially important in health-related data where personal and sensitive information is at risk. Businesses also need to make complex decisions about which legal bases they can rely on to access and share personal and non-personal data under data law. While data law is clearer in some cases (e.g. regarding the sharing of non-personal data under contracts), it leaves companies open to interpretation (and risk assessment) regarding the legal basis on which they can rely. Sharing of personal data (although we suggest consent and contract as the appropriate legal basis).
  • Legal and technical complexity: The interplay between data sharing obligations and intellectual property rights poses legal challenges, especially in areas with sensitive data such as healthcare. Businesses must navigate these complexities while ensuring compliance and protecting competitiveness.
  • Adaptation and implementation: The broad scope of the law means that companies across a wide range of sectors will need to adapt their practices and overhaul their data processing and product design strategies.
  • Contractual protection: Data law establishes strong contractual protections for users. This makes it clear that any terms and conditions to the detriment of the User (in particular if they exclude or deprive the User of rights and/or modify them) shall not be binding. Therefore, companies should carefully consider such provisions in light of the possibility of future enforcement or litigation.

Looking to the future: A data-driven future

As data laws move toward implementation, they impose new regulatory challenges and opportunities for businesses, particularly when it comes to sharing and protecting data. This requires companies to make significant changes to their operations and ensure compliance with strict data management and privacy standards.

Policy makers and industry stakeholders will need to work closely together to effectively address these changes. The success of data law enforcement will depend on how its complex legal requirements are implemented in practice, and how companies can innovate within these constraints and create new standards for the digital economy in the European Union. It depends on whether you can establish it.

It remains to be seen whether data laws will follow in the footsteps of GDPR and impact global data governance practices for connected products and related services.

[View source.]



Source link

Share.

Related Posts

Leave A Reply