Slaughter and May | Hilal Temel
Boosting access to data, data sharing and the data economy has become an increasingly important policy objective for the UK government and EU institutions alike. With new legislative measures announced from both quarters, is it ‘all systems go’ for data sharing reform?
UK plans
In a word, no – or at least, not from a UK perspective. It’s true that the UK had only recently proposed data sharing provisions as part of its Data Protection and Digital Information (DPDI) Bill, and its Smart Data Roadmap was announced as recently as April – paving the way for new smart data schemes. However, the future of these proposals is now uncertain as the DPDI Bill was dropped when Parliament was dissolved ahead of the UK’s election and there was no express mention of it in any of the recent party manifestos.
EU pushing forward with new Data Act
The EU is, however, pushing ahead with its plans to implement the Data Act, which came into force at the start of the year, and applies from 12 September 2025.
As discussed in our previous blog, the Data Act has several objectives, one of which is to establish harmonised rules for sharing data generated by smart products (e.g. connected cars, medical and fitness devices) or related services (e.g. an app to adjust the brightness of lights).
To help organisations understand and apply the Act in practice, the European Commission has published an overview (the “Data Act explained”) to serve as a handy companion guide to the Act. The overview uses simple terms and illustrative examples to explain the Act’s provisions. For each area of the Act, this overview looks at why that provision is needed, the types of data that will be in scope, and how it will work in practice. For example, in the context of B2B and B2C data sharing, the overview clarifies that all readily available raw and pre-processed data generated from the use of a connected product or a related service is in scope, but inferred or derived data is not. The overview also reaffirms the fact that existing IP laws still apply – so if, for example, a user was watching a film on a smart TV, the film itself does not fall within the scope of the Act, but the data on the brightness of the screen does.
In a further example of the work that the European Commission is doing to bring the Act to life and enhance its practical impact, the Commission has also set up an expert group to draft non-binding model contractual terms to help businesses conclude data sharing contracts that are “fair, reasonable and non-discriminatory.” The plan is that these will be ready by autumn 2025. The same expert group is also planning to develop standard contractual clauses for cloud computing contracts to facilitate data and application transfers between providers without incurring costs.
What’s next?
While the UK’s position may remain unclear for some time, manufacturers of connected products placed on the EU market and providers of related services (wherever they are based) have just over a year to prepare for the new EU rules. If work has not already begun, now is the time to conduct a scoping exercise to determine the applicability of the EU Data Act to products, and implement any necessary changes to product design and internal processes to comply with the relevant requirements.
Organisations wishing to benefit from the new data sharing rules should also start considering if specific contractual provisions (such as those being developed by the Commission) are needed in both new, and existing, contractual arrangements.
This article first appeared on Lexology. You can find the original version here.