Negotiators from the European Parliament and EU countries on Tuesday reached a deal to regulate the access and use of data.
The European Data Act was proposed by the Commission in February 2022 to create harmonised rules across the 27 member states of the bloc.
It is meant to allow for easier data sharing between businesses and consumers, other companies, and governments as well as enabling customers to effectively switch between different cloud data-processing services providers.
The Act also includes safeguards against the unlawful transfer of data to countries outside of the EU, over surveillance and commercial espionage concerns.
Thierry Breton, Commissioner for the Internal Market, hailed the deal as a “milestone in reshaping the digital space”.
Erik Slottner, minister for public administration for Sweden, which currently holds the rotating presidency of the Council of the EU, said that the agreement “will accelerate our Union’s digital transformation”.
“Once the data act enters into force, it will unlock the economic and societal potential of data and technologies and contribute to an internal market for data. It will enhance the single market, allowing data to flow freely within the EU and across sectors for the benefit of our citizens and businesses,” he added.
The Act had drawn criticism from some industry players however, with the CEOs of several leading European companies and DigitalEurope, a trade organisation representing digital industries across the bloc, writing to the Commission last month to express their “deep concerns” over the text.
They had warned for instance that being forced to share data with other companies, including non-European competitors, could endanger European leadership and innovation and leave them vulnerable to malicious actors and cybersecurity threats.
The deal, DigitalEurope said on Wednesday, “fails to achieve the necessary balance”.
“We reiterate the urgent need to ensure that trade secrets, cybersecurity, health and safety are protected. It is imperative that thresholds for data holders to invoke these protections remain realistic, enabling companies to refuse access requests when they can demonstrate the risks posed to their trade secrets, cybersecurity and overall business operations,” DigitalEurope Director-General Cecilia Bonefeld-Dahl said.
The concern was echoed by the Computer and Communications Industry Association (CCIA), which said in a statement on Wednesday that the agreement reached “risks hampering data-driven innovation” and that it “would actually limit consumer choice.”
“The EU’s overall aim of encouraging data value creation can only be commended. Unfortunately, the deal struck on the Data Act does not do enough to enable responsible data sharing by companies, nor does it leave users free to decide how they want to use their exported data,” Alexandre Roure, Public Policy Director for CCIA Europe said.