The EU “Data Act” entered into application almost a week ago. What is it? And how does it relate to data protection?
To avoid any misunderstanding: the new EU Data Act is not a new General Data Protection Regulation (GDPR; even if the name sounds similar). The EU Data Act is about “data” and not primarily about people (as in the GDPR).
In the EU large amounts of data are generated that we did not have before – particularly through connected products (e.g. machines, cars, household appliances). This data was usually controlled and used only by the manufacturer of the product. The Data Act ensures that users of products can access and share this data more easily. The aim is to promote innovation, competition and new business models.
Because of this, data licensing agreements are currently circulating. These agreements concern the possibility of the data owner making the device data available to others, i.e. other users and/or other manufacturers.
Is this relevant for data protection?
This is first and foremost not a data protection topic:
- Data protection applies to personal data (i.e. data about people).
- The Data Act governs the handling of data from connected devices (i.e. mainly data about machines).
However, there could be overlaps. This is the case when machine data is also personal data (for example, preparation preferences stored in a coffee machine or data on driving behaviour stored in a car).
In this case, the Data Act concisely states: The rules on data protection apply in parallel. Decisions are made on a case-by-case basis as to how both laws can be complied with at the same time.
Summary: Contracts relating to the new Data Act are only relevant to data protection if they (also) concern personal data.