EU institutions reach final agreement on EU Data Act


In the final hours of 27 June, the European Parliament, the Council of the European Union, and the European Commission managed to strike a final agreement on the EU Data Act during the last scheduled trilogue negotiation. The Data Act will lay down harmonised rules on fair access to and use of data in order to pave the way for the EU’s data economy and by unlocking the great potential of industrial data generated by Internet-of-Things (IoT) products and related services, as only 20% of such data is currently being used.

As such, the new Regulation shall incentivise data-driven innovation and stimulate a competitive data market by removing barriers to access and share data, as well as it shall make data more accessible to all, so that data users to a greater extent will be empowered to take ownership of the data they contribute to generating. 

During the tripartite talks, which kicked off at the end of March, certain key topics of the legislative file have caused heated debated both internally between the EU institutions but also among stakeholders. Especially the provisions related to trade secrets proved to cause quite some stir, as businesses and associations, including Ecommerce Europe, voiced concerns over the potential disclosures of trade secrets in the context of business-to-business (B2B) and business-to-consumer (B2C) data sharing.

Therefore, Ecommerce Europe is pleased to see that EU policymakers have decided to include strengthened trade secret provisions in their final text. For instance, the Data Act now includes safeguards against possible abusive behaviour of data holders, as well as an actual exemption to data-sharing, which allows manufacturers to refuse certain requests for access to data, if they can substantiate that such access would lead to disclosures of trade secrets with “serious and irreparable economic losses” as a result hereof. 

Another aspect of the legislation which similarly has been at the centre of discussion is that of business-to-government (B2G) data sharing. While Ecommerce Europe since the beginning of the negotiations on the file has acknowledged and supported the need for businesses to share certain data in exceptional situations where public health and safety could be at risk, we have also, together with other like-minded associations, pushed for a narrower scope of B2G data sharing.

More specifically, we have advocated that public bodies should only be allowed to request and access privately held data when required to respond to a public emergency. As such, Ecommerce Europe welcomes that policymakers in their final text have specified that an exceptional need to use date shall be e.g., “limited in time and scope”, and that public bodies shall have “exhausted all other means at its disposal to obtain such data”. 

On a more general note, the EU’s new data legislation also lays down rules making it easier for customers to switch between different cloud providers, as well as it introduces rules to prevent abuse of contractual imbalances in data sharing contracts, the latter which in particular will rebalance the negotiating power of small and medium-sized enterprises. Finally, the Data Act also provides additional guidance on reasonable compensation for businesses making data available.  

Following a legal-linguistic check-up, the co-legislators will have to formally adopt the Data Act. This is expected to take place in the Council on 14 July and in the Parliament on 19 July.  

If you have any questions or wish to know more about the topic, please feel free to contact us at