Subscribe to Data Act
The unique relevance of interoperability in the Data Regulation(Data Act)
Blog

One of the main objectives of Regulation (EU) of the European Parliament and of the Council of 13 December 2023 on harmonised rules for fair access to and use of data (Data Regulation) is to promote the development of interoperability criteria for data spaces, data processing services and smart contracts. In this respect, the Regulation understands interoperability as:

The ability of two or more data spaces or communication networks, systems, connected products, applications, data processing services or components to exchange and use data to perform their functions.

It explicitly states that 'interoperable and high quality data from different domains increase competitiveness and innovationand ensure sustainable economic growth', which requires that 'the same data can be used and reused for different purposes and in an unlimited way, without loss of quality or quantity'. It therefore believes that "a regulatory approach to interoperability that is ambitious and inspires innovation is essential toovercome the dependence on a single provider, which hinders competition and the development of new services".

Interoperability and data spaces

This concern already existed in the European Data Strategy where interoperability was seen as a key element for the valorisation of data and, in particular, for the deployment of Artificial Intelligence. In fact, interoperability is an unavoidable premise for data spaces, so that the establishment of appropriate protocols becomes essential to ensure their potential, both for each of the data spaces internally and also in order to facilitate a cross-cutting integration of several of them.

In this sense, there are frequent standardisation initiatives and meetings to try to establish specific interoperability conditions in this type of scenario, characterised by the diversity of data sources. Although this is an added difficulty, a cross-cutting approach, integrating several data spaces, provides a greater impact on the generation of value-added services and creates the right legal conditions for innovation.

According to the Data Regulation, those who participate in data spaces and offer data or data services to other actors involved in data spaces have to comply with a number of requirements aimed precisely at ensuring appropriate conditions for interoperability and thus that data can be processed jointly. To this end, a description of the content, structure, format and other conditions of use of the data shall be provided in such a way as to facilitate access to and sharing of the data in an automated manner, including in real time or allowing bulk downloading where appropriate.

It should be noted that compliance with technical and semantic standards for interoperability is essential for data spaces, since a minimum standardisation of legal conditions greatly facilitates their operation. In particular, it is of great importance to ensure that the data provider holds the necessary rights to share the data in such an environment and to be able to prove this in an automated way

Interoperability in data processing services

The Data Regulation pays particular attention to the need to improve interoperability between different data processing service providers, so that customers can benefit from the interaction between each of them, thereby reducing dependency on individual providers.

To this end, firstly, it reinforces the reporting obligations of providers of this type of services, to which must be added those derived from the general regulation on the provision of digital content and services general regulation on the provision of digital content and services. In particular, they must be in writing:

  • Contractual conditions relating to customer rights, especially in situations related to a possible switch to another provider or infrastructure.
  • A full indication of the data that may be exported during the switching process, so that the scope of the interoperability obligation will have to be fixed in advance. In addition, such information has to be made available through an up-to-date online registry to be offered by the service provider.

The Regulation aims to ensure that customers' right to free choice of data service provider is not affected by barriers and difficulties arising from lack of interoperability. The regulation even contemplates an obligation of proactivity so that the change of provider takes place without incidents in the provision of the service to the customer, obliging them to adopt reasonable measures to ensure "functional equivalence" and even to offer free of charge open interfaces to facilitate this process. However, in some cases - in particular where two services are intended to be used in parallel - the former provider is allowed to pass on certain costs that may have been incurred.

Ultimately, the interoperability of data processing services goes beyond simple technical or semantic aspects, so that it becomes an unavoidable premise for ensuring the portability of digital assets, guaranteeing the security and integrity of services and, among other objectives, not interfering with the incorporation of technological innovations, all with a marked prominence of cloud services.

Smart contracts and interoperability

The Data Regulation also pays particular attention to the interoperability conditions allowing the automated execution of data exchanges, for which it is essential to set them in a predetermined way. Otherwise, the optimal operating conditions required by the digital environment, especially from the point of view of efficiency, would be affected.

The new regulation includes specific obligations for smart contract providers and also for those who deploy smart contract tools in the course of their commercial, business or professional activity. For this purpose, a smart contract is defined as a contract that

a computer programme used for the automated execution of an agreement or part thereof, which uses a sequence of electronic data records and ensures their completeness and the accuracy of their chronological order

They have to ensure that smart contracts comply with the obligations of the Regulation as regards the provision of data and, among other aspects, it will be essential to ensure "consistency with the terms of the data sharing agreement that executes the smart contract". They shall therefore be responsible for the effective fulfilment of these requirements by carrying out a conformity assessment and issuing a declaration of compliance with these requirements.

To facilitate the enforcement of these safeguards, the Regulation provides for a presumption of compliance where harmonised standards published in the Official Journal of the European Union are respected the Commission is authorised to request European standardisation organisations to draw up specific provisions.

In the last five years, and in particular since the 2020 Strategy, there has been significant progress in European regulation, which makes it possible to state that the right legal conditions are in place to ensure the availability of quality data to drive technological innovation. As far as interoperability is concerned, very important steps have already been taken, especially in the public sector public sector where we can find disruptive technologies that can be extremely useful. However, the challenge of precisely specifying the scope of the legally established obligations still remains.

For this reason, the Data Regulation itself empowers the Commission toadopt common specifications to ensure effective compliance with the measures it envisages if necessary. However, this is a subsidiary measure, as other avenues to achieve interoperability, such as the development of harmonised standards through standardisation organisations, must be pursued first.

In short, regulating interoperability requires an ambitious approach, as recognised by the Data Regulation itself, although it is a complex process that requires implementing measures at different levels that go beyond the simple adoption of legal rules, even if such legislation represents an important step forward to boost innovation under the right conditions, i.e. beyond simple technological premises.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). The contents and points of view reflected in this publication are the sole responsibility of its author.

calendar icon
The obligation to provide data to public bodies in exceptional situations in the Data Regulations (Data Act)
Blog

The recent Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules for fair access to and use of data (Data Act) introduces important new developments in European legislation to facilitate access to data generated by connected products and related services. In addition to establishing measures to boost interoperability in data spaces, data processing services and smart contracts, the new regulation also incorporates an important novelty by regulating data sharing with public entities in exceptional situations.

A new orientation in European regulation?

The main aim of the regulation on the re-use of public sector information was to facilitate access to data generated by public sector entities in order to foster the development of value-added services based on technological innovation. In fact, as expressly stated in the 2019 Directive, the reform it carried out was largely justified by the need to update the applicable regulatory framework to the new challenges posed by digital technology and, in particular, Artificial Intelligence or the Internet of Things.

Subsequently, under the European Data Strategy, a regulation on governance was approved, data spaces have been promoted and the Data Act was published only a few months ago. The latter implies an important shift from the point of view of the subjects concerned since, unlike the previous regulations focused on the obligations of public sector entities, on the one hand, it disciplines relations between private parties and, on the other hand, it establishes an important measure aimed at private entities providing data to public bodies under certain singular conditions.

In which situations should data be provided?

First of all, it is necessary to emphasise that the Data Act is not intended to extend the cases in which private entities have to hand over data to public bodies in compliance with their supervisory and enforcement powers, such as in the case of prevention, investigation and imposition of criminal or administrative sanctions. Thus, it does not affect the obligations that private parties already have to fulfil in order that, on the basis of the data requested, public bodies may carry out their usual activities in the exercise of a public service mission such as those indicated.

On the other hand, it is a regulation intended to deal with exceptional, unforeseeable and time-limited situations that may arise:

  • or to the need to obtain data to respond to a public emergency that are not available by alternative means under equivalent conditions, such as the provision of data in existing environments and platforms that have already been deployed for another purpose (e.g. provision of a service, implementation of a collaborative project...);
  • or, as the case may be, the impossibility for the public body to dispose of specific data in order to fulfil a task assigned by law and performed in the public interest when all other means at its disposal have been exhausted, such as the purchase of non-personal data on the market by the public body, the consultation of a public database or their collection on the basis of previously existing obligations for private subjects.

In the latter case, i.e. when the need for the data is not justified by the requirement to respond to emergency situations, the subject of the request may not refer to personal data unless, by the very nature of the request, it is essential to be able to know at some point in time the identity of the data subject. In this case, pseudonymisation will be necessary. Consequently, given that the data would not be anonymised, the guarantees established by data protection regulations must be taken into account. Specifically:

  • Data must be separated from the data subject so that the data subject cannot be identified by another unauthorised person
  • Technical and organisational measures must be taken to prevent the re-identification of the data subject, except by those entitled to do so where necessary.

For which purposes may the data not be used?

Unless expressly authorised by the private entity providing the data, public bodies may not use the data for a purpose other than that for which they were made available. However, in the field of official statistics or when it is necessary to carry out scientific research or analytical activities which cannot be carried out by the public bodies requesting the data themselves, it is permitted that the data may be transferred to other bodies for the purpose of carrying out such activities. However, there are important limitations to this possibility, as such activities must be compatible with the purposes for which the data were obtained, which would prevent for example using the data to train algorithms that can then be used for the exercise of other functions or competences of the public body not related to research or analysis. Furthermore, the data may only be made available to non-profit or public interest entities such as universities and public research organisations.

Nor may the data be used to develop or improve products and services related to the entity providing the data, or shared with third parties for such purposes. This would prevent, for example, the use of the data to train Artificial Intelligence systems by the public entity or one of its contractors that would negatively affect the object of the normal business of the entity that provided the data.

Finally, the data obtained in application of this regulation cannot be made available to other subjects under the open data and public sector re-use regulation, so its application is expressly excluded.

what safeguards are provided for the data subject obliged to hand over the data?

The request for the data must be made by the public body by means of a formal request in which it is necessary to identify the data needed and to justify why it is addressed to the entity receiving the request. In addition, it will be essential to explain the exceptional reasons supporting the request and, in particular, why it is not possible to obtain the data by other means.

As a general rule, the data subject has the right to lodge a complaint against the request for the data, which must be addressed to the competent authority designated by each State to ensure the application of the Regulation and which will be included in the register to be set up by the European Commission.

Finally, in certain cases, the data subject has the right to request reasonable compensation for the costs and a reasonable margin necessary to make the data available to the public entity, although the latter may challenge the requested compensation before the authority referred to above. However, where the request for access to the data is justified by the need to respond to public emergencies or the safeguarding of a significant public interest, no compensation to data subjects is envisaged. This would be the case of an event of natural origin (earthquakes, floods, etc.) or unforeseen and serious situations affecting the normal functioning of society in essential areas such as health or public order.

 

In short, the obligation of private parties to provide data to public entities in these cases goes beyond the objective of promoting a single market for data at the level of the European Union, a goal that had largely underpinned the progress in data regulation in recent years. However, the seriousness of the situation generated as a result of COVID-19 has highlighted the need to establish a general regulatory framework to ensure that public entities can have the necessary data at their disposal to deal with exceptional situations in the public interest. In any case, the effectiveness of these measures can only be verified as of September 2025, when they are expected to be effectively implemented.

 

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). The contents and points of view reflected in this publication are the sole responsibility of its author.

calendar icon
User access to data from connected products and related services in the new European Data Regulation ( Data Act)
Blog

The adoption of the Regulation (EU) of the European Parliament and of the Council of 13 December 2023 on harmonised rules for fair access to and use of data (Data Law) is an important step forward in the regulation of the European Union to facilitate data accessibility. This is an initiative already included in the European Data Strategy , the main aims of which are:

  • Regulate the provision of data topublic entities in exceptional situations.
  • Promote the development of interoperability criteria for data spaces, data processing services and smart contracts.
  • And, from the perspective that interests us now, to promote the provision of the data generated by connected products and services, either to those who use them or to the third parties they indicate.

In this respect, in view of users' difficulties in accessing data, the Regulation seeks to facilitate their free choice of providers of repair and other services, as it has been found that in many areas manufacturers try to reserve their use on an exclusive basis. Among other issues, it is intended to promote the user's right to decide for what purposes and by whom the data may be used, without prejudice to the existence of a series of limitations and conditions that are provided for in the Regulation itself.

A major shift in regulatory focus

While the Open Data and Re-use of Public Sector Information Directive and the Data Governance Regulation focus on establishing rules and safeguards to promote access to data held by public bodies, the new regulation pays special attention to relations between private parties. In other words, it allows public bodies to demand data from certain private subjects under exceptional conditions and for reasons of public interest.

One of the main objectives of the Data Regulation is to encourage not only "the development of new and innovative connected products or related services and to stimulate innovation in the aftermarkets, but also to stimulate the development of entirely new services using the data inquestion, including those based on data from a variety of connected products or related services".

To this end, it has been considered essential to establish clear and precise obligations  for manufacturers of connected products, suppliers of connected products and related service providers to share the data generated with users.

What obligations are in place?

Prior to contracting the products and services, the owner of the data - i.e. the supplier of the product or service, which may also be the manufacturer -‑‑, shall provide the user with information on:

  • The amount and conditions of the data that can be generated
  • How this data can be accessed 
  • How they can be suppressed

In this respect, the design of products and services is required to take appropriate measures to ensure that, by default, data are accessible, free of charge and directly, in particular in a structured, machine-readable format.

However, this right is subject to certain conditions and limitations in order to ensure that other legal interests and interests are not affected:

  • The data subject may not make it difficult for the user to access his or her data, but may require the user to identify himself or herself, even if he or she is prohibited from keeping the information generated indefinitely.
  • It may establish restrictions in the contract when, as a result of the user's access to the data, there is a risk to the functioning of the product that may affect the health or safetyof persons.
  • Under no circumstances may you use the data obtained during the use of the product or the provision of the service to make them available to a third party, unless it is strictly essential for the fulfilment of the contract.
  • It is also expressly forbidden to use the data to make enquiries about the user's circumstances and activity, such as, for example, the user's financial situation.

For his part, the user is also subject to a number of obligations specifically aimed at ensuring the good faith of his legal relationship with the holder:

  • You are not allowed to use the data to compete with the latter, either directly or through a third party to whom you may provide it,
  • You may not use access to them to make enquiries about the activity of the manufacturer of the product or, where applicable, of the data subject.
  • In addition to these obligations, you have the right to share the data with a third party, who may only use it for the purposes for which you authorise them to do so. In particular, it may not create profiles unless this is necessary to provide the service, make them available to another party or develop a product that competes with the one from which the data originally originated.

In any case, the regulation establishes an important limitation to be taken into account by users, as micro and small enterprises are excluded from this regime. With one exception: they have been commissioned to develop the product or provide the service by a subject that falls within the scope of the Regulation.

what safeguards are in place to ensure the effectiveness of this regulation?

As is generally the case in any area, the user may bring the matter before a judicial body to enforce his or her rights. In addition, the new regulation establishes the possibility of approaching the designated authority at State level to ensure the application and enforcement of the provisions of the Regulation. If the problem concerns the processing of personal data, you may also exercise your rights before the competent authority in this area.

In this respect, the European Commission will have to make public a list of the relevant authorities on the basis of the information provided by the States. They may designate more than one authority, indicating which one has the coordinating role. These authorities shall have sufficient means: their members shall have the expertise required for the performance of their duties and their impartiality shall be guaranteed, so that they may not receive instructions from other entities.

Apart from this channel, the data subject and the user - or, where appropriate, the third party to whom the user permits the use of the data - may voluntarily agree to submit to a certified dispute resolution body, whose decision must be taken within a maximum of 90 days. Such a body shall be accredited to the State where it is established. To this end, he or she must justify his or her impartiality, capacity and independence. It must also demonstrate that it has adequate procedural rules and that it is easily accessible by electronic means.

In short, the new Data Law has not only established a regulatory framework that reinforces users' access to the data generated by the connected products they acquire and the related services they enjoy, but it has also enshrined a series of guarantees specifically aimed at ensuring effective compliance.

infographic Data Law

Download the infographic in PDF here

This infographic is also available in two pages

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). The contents and points of view reflected in this publication are the sole responsibility of its author.

calendar icon
Challenges and uncertainties for the deployment of the Data Economy in Europe
Blog

Four years after the publication of the European Commission's Communication 'A Data Strategy', the European Commission has published a Communication on the European Commission's 'Data Strategy'A Data Strategy' (February 2020) (February 2020) - setting out the broad outlines of the broad outlines of the European Union's future data economy - the profusion of data-related regulation, the growing importance of open data and the deployment of initiatives of all kinds that have an impact on the development of this area, make it advisable to carry out a review to update the state of the art. This is what the members of the PromethEUs network1 thought, under the title of 'The European Data Strategy from a Multidimensional Perspectivein June 2023, they published an analysis of the European Data Strategy from two main perspectives: political and regulatory aspectson the one hand, and geopolitical aspectson the other. This analysis is complemented by two chapters presenting the economic impact of data-driven innovation and the specific case of the digitisation of the health sector in Southern Europe.

The first of the analyses - produced by the Portuguese Institute for Public Policy-- starts from the main idea that the European Union aspires to create a data-driven economy with citizens at its centre. An objective that will, in part, be achieved by implementing the guidelines followed by legislative acts such as the Regulation on Data Governance (DGA) Regulation and the Data Act (Data Act).

Regulations to consider

In essence, the DGA enables an enabling framework for data exchange, promoting the availability of data and the creation of a reliable and secure environment in which to realise new innovative services and products. Among its main measures, three aspects stand out:

  1. More extensive re-use of protected information held by the public sector (with full respect for its privacy and confidentiality).
  2. A framework for the promotion of neutral data brokering services, guaranteeing data sovereignty.
  3. Mechanisms for the altruistic transfer of data.

The DA aims to establish harmonised rules on fair access and use of data, to address imbalances in contractual relations between providers and users regarding ownership and use of data, to promote interoperability and efficient portability of data, and to ensure minimum conditions for users of data processing services.

Other regulatory texts have a direct or indirect impact on the overall objective described above and interact significantly with both the above-mentioned DGA and DA, as well as with specific sectoral regulations. These include the Open Data Directive (2019), the Digital Bill of Rights (2022), the Digital Markets Actact, the Digital Services Act, or the proposals for the Artificial Intelligence Actfor the aI Liability Directive and for the Gigabit Infrastructure Act. All this without forgetting the decisive impact on this field of both the Personal Data Protection Regulation (2016) and the Directive on Privacy and Electronic Communications (2002), which will be replaced by the forthcoming Regulation on the same subject.

Effects of the European data strategy

After reviewing the most relevant aspects of this regulation, the PromethEUs document highlights three dimensions in terms of the effects of the European Data Strategy: political, economic and regulatory. Effects, on the other hand, which they expect to be positive overall, although they recognise that there is uncertainty about the associated laws and their practical implementation.

Political dimension

In the policy dimension, the authors highlight the role that both the European Commission and the European Data Innovation Board (EDIB) provided for in Article 29 of the DGA will play. The EDIB has an indispensable co-ordination role which will also have to be deployed in relation to the Member States and the respective competent authorities. In this sense, the authors warn, the lack of coordination can lead to a heterogeneous institutional framework that can delay the implementation of the Strategy. They also recommend the establishment of clear guidelines and even guidelines to prevent possible confusion as to the requirements and possible penalties imposed by states.

Economic dimension

On the economic dimension, the report highlights that the Commission expects a clear positive impact and cites an OECD study that estimates that data access and sharing will generate social and economic benefits of between 0.1 and 1.5% of GDP in the public data sector, rising to between 1 and 2.5% (some studies put it at 4%) in the private sector. The Commission, the document explains, estimates that the increased availability of data for commercial use and innovation among businesses, as well as for consumers and companies using connected products and related services, could generate up to €196.7 billion per year by 2028. The implementation of the DA alone will create up to 2.2 million jobs in the period 2024-2028.

In this sense, and in relation to the Strategy's objective of boosting competitiveness and R&D investment, the authors say that the DGA and the DA should build trust for B2B data sharing; and that the central idea would be for companies not to focus their resources and business model exclusively on the internal maintenance of their data, but on the creation of value through data transformation and combination. Likewise, in relation to SMEs, they point to the need to reduce access barriers and especially compliance costs that may be induced by the DA. Even considering that SMEs are protected in many respects, they explain, such costs can be a setback for many companies. So, they say, while for some it may mean added financial costs, for others it may mean a complete redesign of the company's business models.

Regulatory dimension

Finally, regarding the regulatory dimension, the authors point out that the implementation of the DA and the DGA will require well-trained regulatory bodies for the abundant work that will emanate from them. The creation of effective corps will require, they explain, a significant investment in human resources and skills. They also warn of the risk of overlapping powers between public administrations and regulators in areas such as data protection, cybersecurity, network infrastructure and competition issues. Therefore, they conclude, proper coordination of activities, among other issues, will be of paramount importance.

Indeed, coordination is a key concept at all levels. The evolution of the Data Economy - both at EU level and globally - is linked, whatever the field under analysis, to this essential factor. A factor applicable to how the European Strategy, the real baton that is setting the pace of this process, is implemented and deployed. But it also applies to the way in which the multiple regulations concerned are interrelated and, consequently, to the essential harmonised action of the authorities and bodies that apply them in their respective areas of competence. In short, a coordination that, like the conductor's virtuoso baton, allows for a successful execution of the score. A score - the European Strategy - that translates into the vigorous melody that the Data Economy promises, as already demonstrated by the indicators and records that outline its unstoppable evolution.       

 

 

 

 

1PromethEUs is a network of think tanks composed of the Institute of Public Policy (Portugal); the Real Instituto Elcano (Spain); the Istituto per la Competitività I-Com (Italy); and the Foundation for Economic & Industrial Research - IOBE (Greece).

 
calendar icon
European data regulation faces the challenge of a harmonized application that will boost data sharing
Blog

Two of the European Union's most relevant data regulations will soon articulate the legal contours that will delineate the development of the data economy in the coming years. The Data Governance Act (DGA) has been fully applicable since September 24, 2023, while the wording of the Data Act (DA) was approved on November 27. 

They are not the only ones, as the legal framework already includes other important rules that regulate interconnected matters, thus revealing the proactive approach of the European Union in establishing rules of the game in line with the needs of European citizens and businesses. These guidelines provide the necessary legal security environment to achieve the ultimate goal of promoting a European Digital Single Market.  

 In the case of the DGA and the DA, the negotiations for their approval have shown that their objectives were shared by the stakeholders concerned. For both, data is a central element for digital transformation, and they share an interest in eliminating or reducing the barriers and obstacles to its sharing. They thus assume that data-driven innovation will bring enormous benefits to citizens and the economy. Therefore, creating legal frameworks that facilitate such processes is a common goal for companies, institutions and citizens. 

The contributions from the academic, business and associative worlds have been abundant and enriching, both for the drafting phase of the standards and for what will be their implementation and development in practice. One of the most reiterated questions is the concern about how the different standards of this 'digital regulatory package' will interact. Particularly important is the interaction with the General Data Protection Regulation, which is why DGA and DA have established general guidelines on the pre-eminence of said regulation in case of conflict. In this regard, the increase in regulation does not prevent specific situations from arising in practice around key concepts in the field of personal data, such as consent, purposes of processing, anonymization, or portability. 

Another of the issues highlighted has to do with the search for synergies between this regulation and current or future data business models. The recognized overall goal is to boost the development of data spaces and the data economy as a whole. This goal will be closer to the extent that the 'regulatory burden' does not reduce the incentives for companies to invest in collecting and managing data; that it does not weaken the competitive position of European companies (by adequately protecting trade secrets, intellectual property rights and confidentiality); and that there is an appropriate balance between general and business interests. 

The case of the Data Governance Act  

In the case of the DGA, the provisions related to data brokering services ––one of the central parts of the regulation–– occupied a significant part of the previous analyses carried out. For example, the question was raised as to what extent SMEs and start-ups could compete with large technology companies in the provision of these services; or whether, by requiring the structural separation required of data brokering service providers (through a separate legal entity), there could be problems related to other functionalities of the same companies.    

Along the same lines, the question arises as to whether a more decentralized data economy requires new intermediaries, or whether under the new legal formulation, they can successfully compete in data markets through alternative, non-vertically integrated business models. 

Considerations on the deployment of the Data Act  

With regard to the DA, the final wording of the regulation clarified its scope, the definition of concepts and the categorization of data, as suggested by the industry. The specific sectoral application to be developed subsequently will further define those concepts and interpretations that provide the desirable legal certainty.  

This legal certainty has also been argued in relation to trade secrets, intellectual property rights and confidentiality; an aspect that the Regulation seeks to address with safeguards aimed at preventing misuse and fraud. 

Other aspects that attracted attention were compensation for making data available; dispute resolution procedures; provisions on unfair contract terms (aimed at compensating for imbalances in bargaining power); making data available in case of exceptional need; and, finally, provisions on switching from one data processing service provider to another.  

 A positive starting point  

The starting point, in any case, is positive. The data economy in the European Union is taking hold on the basis of the European Data Strategy and the regulatory package that develops it. There are also practical examples of the potential of the industrial ecosystems that are being deployed around the Common European Data Spaces in sectors such as tourism, mobility and logistics, and agri-food, among others. In addition, initiatives that bring together public and private interests in this area are making significant progress in the deployment of technical and governance foundations, strengthening the competitive position of European companies, and achieving the ultimate goal of a single data market in the European Union. 

Click here for an extended version of this note. 

calendar icon