HoC -
Bouygues Telecom
BERL, 10 June 2022
How should we understand the interplay between GDPR and Data Act? Is it
reasonable to assume that the GDPR applies ‘after’ the Data Act?
x The GDPR continues to apply when the processing of personal data is concerned.
x However, the Data Act will help to overcome previous legal uncertainty, e.g. with
regard to the effective application of Art. 20 GDPR, by clarifying the scope of data
portability in the context of data from IoT objects.
Is there a risk that consumers are encouraged to give away data too easily?
x This aspect was taken into account throughout the whole preparation work. The
proposal strengthens consumers' control over their data.
x Moreover, additional safeguards protect the consumer, such as the prohibition of
practices to manipulate the user’s decision-making process through dark patterns.
Background
The Data Act
The Data Act focuses on the following topics:
x Better access to IoT data: manufacturer of IoT objects must allow access to co-
generated data whilst maintaining the incentive to innovate. Users of IoT objects can
access and port data and third parties can use the data to offer services (SMEs get
special conditions).
x Horizontal rules for IoT data also frame data access and use in specific sectors.
x Contractual unfairness in B2B data sharing agreements: SMEs will have stronger
negotiating power where certain conditions are unilaterally imposed on them.
x Business-to-government: companies must make data available to public sector bodies
in case of emergency or exceptional need.
x Easier switching between cloud services.
x Facilitate interoperability: the Commission may adopt technical specifications if
necessary to reduce transaction costs related to the use of data even across sectors.
x Protection of European cloud data in the international context.
The Data Governance Act
The Data Governance Act was adopted by the European Parliament on 6 April 2022 and
will be formally adopted by the Council in May 2022. It will become applicable in the
Member States 15 months after its publication. It facilitates voluntary data sharing and
offers a framework for neutral actors between data holders and recipients as data
intermediaries. Based on the mandate given in the Data Governance Act, the Commission
will set up the European Data Innovation Board by the end of this year, i.a. to recommend
priorities in interoperability.
A Danish Labeling Program for Digital Accountability (D-seal) was launched in September
2021. It is founded by the Confederation of Danish Industry, the Danish Chamber of
Commerce, SMVdenmark and the Danish Consumer Council. Its aim is to promote data
security, data protection and data ethics. The label contributes to the same goal as the
Data Governance Act by increasing trust in the sharing of data.
Topics for discussion
2/2