Numerique
The Data Act redefines data access and sharing. Anticipate your new obligations regarding connected device data, the cloud and your contracts.
Context
The European regulation on data (Data Act) establishes an unprecedented framework for the access, sharing and reuse of data, particularly data generated by connected devices and related services. Where the GDPR governs personal data, the Data Act targets more broadly data, both personal and non-personal, produced through the use of digital products and services.
It creates new rights for users, who can access the data they generate and share it, and new obligations for manufacturers and providers. It also makes it easier to switch cloud service providers. For companies in the IoT, digital and cloud sectors, this framework profoundly transforms the contractual and technical management of data.
Problem
The Data Act catches off guard many companies that had not anticipated that the data from their connected products would become accessible to their users and shareable with third parties. Models based on the exclusive retention of this data must be rethought, and contracts adapted accordingly.
For cloud providers, the new obligations regarding portability and facilitating provider switching call into question certain commercial practices. And the interplay with the GDPR, when the shared data is personal, adds a layer of complexity. Without upstream analysis, companies risk finding themselves at odds with a framework whose contours are becoming clearer.
Solutions
I help you understand and integrate the Data Act, turning the constraint into a mastered framework.
I map the data generated by your products and services, I characterise your role with respect to the regulation and I analyse the gap with your current practices. I precisely identify your obligations depending on whether you are a manufacturer, data holder, cloud provider or user.
I then review your contracts and terms of use to align them with the requirements of fairness and sharing, I adapt your cloud portability clauses, and I articulate all of this with your GDPR obligations. My aim is to bring you into compliance while preserving the value of your data and your business model.
I map the data generated by your connected products and services and I characterise your role with respect to the Data Act: holder, recipient, data processing service provider, user. This step defines your precise obligations.
I analyse the gap between your current practices and the requirements of the Data Act: user access to data, sharing conditions, cloud portability. You gain a clear view of the work to be carried out and its priorities.
I review and adapt your contracts and terms of use: data access and sharing clauses, fairness of conditions, cloud migration and reversibility clauses. Your contractual documents are aligned with the new framework and protect your interests.
I support you over the long term: interplay with the GDPR, adaptation to clarifications of the regulation, advice on your new products and services. You integrate the logic of the Data Act into your business without bearing the regulatory risk.
FAQ
The Data Act is the European regulation on data. It establishes harmonised rules on fair access to data and its use. It covers in particular data generated by connected devices and related services, data sharing between businesses and with the public sector, and switching providers of data processing services such as the cloud.
The GDPR protects personal data and the privacy of individuals. The Data Act has a broader purpose: it governs the access, sharing and portability of data, whether personal or not, in particular data from connected devices. The two frameworks coexist: when data sharing under the Data Act concerns personal data, the GDPR continues to apply.
Those affected include manufacturers of connected products and providers of related services, companies that hold or receive data, providers of data processing services (cloud, edge), as well as users, both professionals and consumers. Players in the IoT, digital and cloud sectors are on the front line, but the text more broadly concerns any company handling data from connected products.
The Data Act notably requires enabling users to access the data they generate and to share it with third parties, providing information on the data produced, framing sharing conditions through fair contracts, and facilitating cloud provider switching. It also regulates unfair contractual terms regarding data access between businesses.
Yes, significantly. The conditions for data access and sharing must be set out in contracts that comply with the regulation's fairness requirements. Cloud providers must review their migration and reversibility clauses. Manufacturers of connected devices must adapt their terms of use and their service contracts. A contractual review is necessary to align your documents with the new framework.
The Data Act aims to remove obstacles to switching providers of data processing services. It requires cloud providers to facilitate migration to another provider or to one's own infrastructure: gradual removal of transfer fees, assistance obligations, defined time limits, interoperability. For customers, this is a negotiating lever; for providers, an obligation to incorporate into their offering and contracts.
Member States designate the competent authorities and set the penalty regime, which must be effective, proportionate and dissuasive. Beyond the risk of penalties, non-compliance with the Data Act exposes companies to disputes with users or partners and to a competitive disadvantage. Anticipating compliance avoids these risks and can become a commercial argument.
Preparation involves mapping the data generated by your products and services, analysing your role with respect to the regulation (holder, recipient, cloud provider, user), reviewing your contracts and terms of use, and adapting your technical processes for access and sharing. A proactive approach makes it possible to gradually align your business with the new framework.
Nous accompagnons les entreprises de la tech et du commerce avec une double compétence juridique et technique, de l'analyse à la mise en œuvre.

Ressources
Need to secure a contract, manage compliance, or anticipate a dispute? Our first meeting is designed to understand your needs and clearly explain how we can help.