Blog
The adoption of the Regulation (EU) of the European Parliament and of the Council of 13 December 2023 on harmonised rules for fair access to and use of data (Data Law) is an important step forward in the regulation of the European Union to facilitate data accessibility. This is an initiative already included in the European Data Strategy , the main aims of which are:
- Regulate the provision of data topublic entities in exceptional situations.
- Promote the development of interoperability criteria for data spaces, data processing services and smart contracts.
- And, from the perspective that interests us now, to promote the provision of the data generated by connected products and services, either to those who use them or to the third parties they indicate.
In this respect, in view of users' difficulties in accessing data, the Regulation seeks to facilitate their free choice of providers of repair and other services, as it has been found that in many areas manufacturers try to reserve their use on an exclusive basis. Among other issues, it is intended to promote the user's right to decide for what purposes and by whom the data may be used, without prejudice to the existence of a series of limitations and conditions that are provided for in the Regulation itself.
A major shift in regulatory focus
While the Open Data and Re-use of Public Sector Information Directive and the Data Governance Regulation focus on establishing rules and safeguards to promote access to data held by public bodies, the new regulation pays special attention to relations between private parties. In other words, it allows public bodies to demand data from certain private subjects under exceptional conditions and for reasons of public interest.
One of the main objectives of the Data Regulation is to encourage not only "the development of new and innovative connected products or related services and to stimulate innovation in the aftermarkets, but also to stimulate the development of entirely new services using the data inquestion, including those based on data from a variety of connected products or related services".
To this end, it has been considered essential to establish clear and precise obligations for manufacturers of connected products, suppliers of connected products and related service providers to share the data generated with users.
What obligations are in place?
Prior to contracting the products and services, the owner of the data - i.e. the supplier of the product or service, which may also be the manufacturer -‑‑, shall provide the user with information on:
- The amount and conditions of the data that can be generated
- How this data can be accessed
- How they can be suppressed
In this respect, the design of products and services is required to take appropriate measures to ensure that, by default, data are accessible, free of charge and directly, in particular in a structured, machine-readable format.
However, this right is subject to certain conditions and limitations in order to ensure that other legal interests and interests are not affected:
- The data subject may not make it difficult for the user to access his or her data, but may require the user to identify himself or herself, even if he or she is prohibited from keeping the information generated indefinitely.
- It may establish restrictions in the contract when, as a result of the user's access to the data, there is a risk to the functioning of the product that may affect the health or safetyof persons.
- Under no circumstances may you use the data obtained during the use of the product or the provision of the service to make them available to a third party, unless it is strictly essential for the fulfilment of the contract.
- It is also expressly forbidden to use the data to make enquiries about the user's circumstances and activity, such as, for example, the user's financial situation.
For his part, the user is also subject to a number of obligations specifically aimed at ensuring the good faith of his legal relationship with the holder:
- You are not allowed to use the data to compete with the latter, either directly or through a third party to whom you may provide it,
- You may not use access to them to make enquiries about the activity of the manufacturer of the product or, where applicable, of the data subject.
- In addition to these obligations, you have the right to share the data with a third party, who may only use it for the purposes for which you authorise them to do so. In particular, it may not create profiles unless this is necessary to provide the service, make them available to another party or develop a product that competes with the one from which the data originally originated.
In any case, the regulation establishes an important limitation to be taken into account by users, as micro and small enterprises are excluded from this regime. With one exception: they have been commissioned to develop the product or provide the service by a subject that falls within the scope of the Regulation.
what safeguards are in place to ensure the effectiveness of this regulation?
As is generally the case in any area, the user may bring the matter before a judicial body to enforce his or her rights. In addition, the new regulation establishes the possibility of approaching the designated authority at State level to ensure the application and enforcement of the provisions of the Regulation. If the problem concerns the processing of personal data, you may also exercise your rights before the competent authority in this area.
In this respect, the European Commission will have to make public a list of the relevant authorities on the basis of the information provided by the States. They may designate more than one authority, indicating which one has the coordinating role. These authorities shall have sufficient means: their members shall have the expertise required for the performance of their duties and their impartiality shall be guaranteed, so that they may not receive instructions from other entities.
Apart from this channel, the data subject and the user - or, where appropriate, the third party to whom the user permits the use of the data - may voluntarily agree to submit to a certified dispute resolution body, whose decision must be taken within a maximum of 90 days. Such a body shall be accredited to the State where it is established. To this end, he or she must justify his or her impartiality, capacity and independence. It must also demonstrate that it has adequate procedural rules and that it is easily accessible by electronic means.
In short, the new Data Law has not only established a regulatory framework that reinforces users' access to the data generated by the connected products they acquire and the related services they enjoy, but it has also enshrined a series of guarantees specifically aimed at ensuring effective compliance.
Download the infographic in PDF here
This infographic is also available in two pages
Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). The contents and points of view reflected in this publication are the sole responsibility of its author.
Evento
A new year begins and it is time to write down all those appointments that we want to attend during the next 12 months. There are all-kind event: large international events, contests and hackathons, workshops... all designed for data and new technologies lovers that want to be aware of new trends and challenges related to these areas.
As in previous years, our country will host several big events. Barcelona will be the world technology headquarter with 3 unavoidable appointments: Mobile World Congress (February, 25-28), IOT Solutions World Congress (October, 29-31) and SmartCity Expo (November, 19-21). Data have a fundamental role in all these technologies: Smartphones, IoT devices or smart cities sensors generate a huge volume of information, whose analysis is critical for decision-making. Therefore, it is not surprising that we find spaces dedicated to data management or analytics in each of these events. For example, at the Mobile World Congress, datathons and conferences focused on how to drive a data-driven future will be held. The agendas of IOT Solutions World Congress and SmartCity Expo are not yet available, but we do not doubt that both will remain along the same lines as last year.
Madrid, meanwhile, will host the Digital Enterprise Show, known as DES (May, 21-23) or the South summit (October, 2-4), which last year edition brought together more than 100 start-ups wanting to innovate. Also in Madrid will be the Open Expo Europe (June, 6), a professional fair on Open Source, Free Software and Open World Economy (Open Data and Open Innovation), and T3chFest 2019 (March, 14-15), a computer and new technologies fair held at the Carlos III University where, among other issues, speakers will talk about data science, developments and open formats.
Other appointments to consider are Greencities (March, 27-28 in Malaga), focused on urban intelligence and sustainability, and Alldata 2019 (March, 24-28 in Valencia), an international conference on Big Data, Small Data, Linked Data and Open Data.
The good moment of the open data is also evident in the large number of contests and hackathons that are expected during the next months. The registration period for the Open Data Competition of Castilla y León is currently open.
In addition, the Data Journalism workshop, organized by Medialab Prado, will be held from March 25 to 29. Under the title, “follow the food”, the workshop will focus on the food and its relationship with the Sustainable Development Goals (SDG). The call for projects was closed last January 9, and now is time for those who want to participate to sign up as collaborators.
Another workshop, related to Open Data Management, will be held in the city of Burgos on February 13. It will address the legal and ethical framework of open data and the tools to make research data accessible, among other issues
In addition to these examples, new appointments and events related to data world will be released during the year. For example, there will be a new edition of Aporta Meeting. And do not forget that next March 2 is the Open Data Day, a framework made up of various activities that will gradually be published on its website.
From datos.gob.es we will inform you of all these news, so you do not miss any appointment.