Numerique

Data Act Lawyer

The Data Act redefines data access and sharing. Anticipate your new obligations regarding connected device data, the cloud and your contracts.

Schedule a call

Context

The Data Act, the new rules of the game for data

The European regulation on data (Data Act) establishes an unprecedented framework for the access, sharing and reuse of data, particularly data generated by connected devices and related services. Where the GDPR governs personal data, the Data Act targets more broadly data, both personal and non-personal, produced through the use of digital products and services.

It creates new rights for users, who can access the data they generate and share it, and new obligations for manufacturers and providers. It also makes it easier to switch cloud service providers. For companies in the IoT, digital and cloud sectors, this framework profoundly transforms the contractual and technical management of data.

Problem

A new framework that disrupts business models

The Data Act catches off guard many companies that had not anticipated that the data from their connected products would become accessible to their users and shareable with third parties. Models based on the exclusive retention of this data must be rethought, and contracts adapted accordingly.

For cloud providers, the new obligations regarding portability and facilitating provider switching call into question certain commercial practices. And the interplay with the GDPR, when the shared data is personal, adds a layer of complexity. Without upstream analysis, companies risk finding themselves at odds with a framework whose contours are becoming clearer.

Solutions

Integrating the Data Act into your data strategy

I help you understand and integrate the Data Act, turning the constraint into a mastered framework.

I map the data generated by your products and services, I characterise your role with respect to the regulation and I analyse the gap with your current practices. I precisely identify your obligations depending on whether you are a manufacturer, data holder, cloud provider or user.

I then review your contracts and terms of use to align them with the requirements of fairness and sharing, I adapt your cloud portability clauses, and I articulate all of this with your GDPR obligations. My aim is to bring you into compliance while preserving the value of your data and your business model.

Méthode

Notre méthode

Mapping and characterisation

I map the data generated by your connected products and services and I characterise your role with respect to the Data Act: holder, recipient, data processing service provider, user. This step defines your precise obligations.

Compliance analysis

I analyse the gap between your current practices and the requirements of the Data Act: user access to data, sharing conditions, cloud portability. You gain a clear view of the work to be carried out and its priorities.

Contractual compliance

I review and adapt your contracts and terms of use: data access and sharing clauses, fairness of conditions, cloud migration and reversibility clauses. Your contractual documents are aligned with the new framework and protect your interests.

Ongoing support

I support you over the long term: interplay with the GDPR, adaptation to clarifications of the regulation, advice on your new products and services. You integrate the logic of the Data Act into your business without bearing the regulatory risk.

FAQ

Questions?

What is the European Data Act?

The Data Act is the European regulation on data. It establishes harmonised rules on fair access to data and its use. It covers in particular data generated by connected devices and related services, data sharing between businesses and with the public sector, and switching providers of data processing services such as the cloud.

What is the difference between the Data Act and the GDPR?

The GDPR protects personal data and the privacy of individuals. The Data Act has a broader purpose: it governs the access, sharing and portability of data, whether personal or not, in particular data from connected devices. The two frameworks coexist: when data sharing under the Data Act concerns personal data, the GDPR continues to apply.

Which companies are affected by the Data Act?

Those affected include manufacturers of connected products and providers of related services, companies that hold or receive data, providers of data processing services (cloud, edge), as well as users, both professionals and consumers. Players in the IoT, digital and cloud sectors are on the front line, but the text more broadly concerns any company handling data from connected products.

What new obligations does the Data Act create?

The Data Act notably requires enabling users to access the data they generate and to share it with third parties, providing information on the data produced, framing sharing conditions through fair contracts, and facilitating cloud provider switching. It also regulates unfair contractual terms regarding data access between businesses.

Does the Data Act affect my contracts?

Yes, significantly. The conditions for data access and sharing must be set out in contracts that comply with the regulation's fairness requirements. Cloud providers must review their migration and reversibility clauses. Manufacturers of connected devices must adapt their terms of use and their service contracts. A contractual review is necessary to align your documents with the new framework.

How does the Data Act facilitate cloud switching?

The Data Act aims to remove obstacles to switching providers of data processing services. It requires cloud providers to facilitate migration to another provider or to one's own infrastructure: gradual removal of transfer fees, assistance obligations, defined time limits, interoperability. For customers, this is a negotiating lever; for providers, an obligation to incorporate into their offering and contracts.

What are the penalties for failing to comply with the Data Act?

Member States designate the competent authorities and set the penalty regime, which must be effective, proportionate and dissuasive. Beyond the risk of penalties, non-compliance with the Data Act exposes companies to disputes with users or partners and to a competitive disadvantage. Anticipating compliance avoids these risks and can become a commercial argument.

How can I prepare for the Data Act?

Preparation involves mapping the data generated by your products and services, analysing your role with respect to the regulation (holder, recipient, cloud provider, user), reviewing your contracts and terms of use, and adapting your technical processes for access and sharing. A proactive approach makes it possible to gradually align your business with the new framework.

The Data Act redefines data access and sharing. Anticipate your new obligations regarding connected device data, the cloud and your contracts.

Nous accompagnons les entreprises de la tech et du commerce avec une double compétence juridique et technique, de l'analyse à la mise en œuvre.

Homme en costume bleu foncé avec cravate et pochette blanche, bras croisés, regardant vers l'avant.

Ressources

Nos contenus & guides

00
article(s) affiché(s) sur
00

4 min

Website creation contract by an attorney - Romain Mirabile
The website creation contract is an essential document for web agencies and e-commerce sites. It establishes the working basis between the service provider and the client, and defines the commitments of each party. In this article, we will address the different phases of this contract, e

4 min

Commercial agent: a key player in software sales
The commercial agent is a key player in software sales. In the world of digital commerce, the commercial agent plays a crucial role. They represent a company that sells software and act as the link with potential clients. This role takes on particular importance in France, where regulation and the leg

3 min

Transfer of personal data to the United States possible again
The United States offers an adequate level of protection for personal data transferred from EU companies to the United States. It is in this sense that, on 11 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework.

Let's discuss your project

Need to secure a contract, manage compliance, or anticipate a dispute? Our first meeting is designed to understand your needs and clearly explain how we can help.

Book an appointment
Prendre rendez-vous
Book an appointment