On 23 February 2022, the EU Commission presented a proposal for a Data Act. The Data Act is part of the European Commission’s European Strategy for Data, which complements the Data Governance Act, a draft Act designed to facilitate data sharing across sectors and EU Member States.This sets out important principles, such as:

– The right of users to access those data generated by the use of connected products.
– The ability to transfer data access rights to a third party provider of their choice. Aftermarket repair and maintenance services and access to diagnostic information are explicitly included.
– Manufacturers will in turn be required to make the data transparent and “easily accessible” to the user.
– At the same time, manufacturers are restricted in monitoring the activities of the user or third parties.
– Compensation for the costs of providing data, especially for SMEs, will also be regulated.

The EU has set itself the goal of creating suitable framework conditions so that a strong European data economy can develop. The current proposal for a data law is a first important step in this direction. However, this data law alone will not be sufficient for the automotive aftermarket sector. A sector-specific legislation is urgently needed to transfer the principles and provisions of the Data Act into concrete legal and technical measures for the automotive sector. Sector-specific regulation is necessary because it is the only way to create the trust and incentives that independent service providers need to invest in new, innovative data-driven services that benefit consumers through smarter, safer and more sustainable mobility solutions.

On February 23, 2022, the European Commission adopted a Proposal for a Regulation designed to harmonize rules on the fair access to and use of data generated in the EU across all economic sectors (the “Data Act”). The Data Act is intended to “ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all.” Importantly, the Data Act applies to all data generated in the EU, not only personal data, which is regulated by the General Data Protection Regulation (“GDPRGDPR -General Data Protection Regulation – European Union regulation on data protection and privacy in the EU and the European Economic Area More”).

Key elements of the Data Act include:

• Reinforced data portability measures allowing connected device users to gain access to, and share with third parties, data generated by connected devices, thereby allowing cheaper aftermarket and other data-driven innovative services (such as predictive maintenance).
• Measures to rebalance the negotiating power of small and medium-sized enterprises (“SMESME – “small and medium-sized enterprises” More”) by preventing the abuse of contractual imbalances in data sharing contracts. Model contracts also will be developed by the European Commission to help companies draft and negotiate fair data-sharing contracts.
• Grants public sector bodies the authority to access and use data held by private companies in circumstances of high public interest, such as natural disasters, subject to specific conditions.
• Data and cloud interoperability rules that allow end users to effectively switch between cloud and edge service providers, and establish safeguards against unlawful data transfer and access by non-EU governments.
• A clarification that databases containing data from Internet-of-Things (IoT) devices and objects should not be subject to separate legal protection, thereby allowing data generated by IoT devices to be accessed and used more easily by end users.

According to the European Commission, “(t)he Data Act is fully consistent with and builds on the [GDPR] rules,” particularly with respect to the GDPR’s right to data portability. Under the GDPRGDPR -General Data Protection Regulation – European Union regulation on data protection and privacy in the EU and the European Economic Area More, the right to data portability is not absolute and applies only to personal data processed pursuant to specific legal bases. The Data Act would enhance the right to data portability for connected devices so that end users can access and export any data generated by the device, both personal and non-personal.

Read the European Commission’s Press Release on the Data Act.

Read the full text of the Data Act.

European Strategy for Data

With the European Strategy for Data (EU Data Strategy) at the 2020 EU Commission published its vision for a data economy in Europe. The EU will work towards a common market for data with data flows between member states and sectors based on European values and standards and under the premise of fair, practical and clear rules. The objective is to add value in Europe, both for citizens and industrial stakeholders. In particular, it should be ensured that there is a fair exchange of data between all stakeholders in order to do justice to the approach of a “level playing field”. Preferential treatment of individual interest groups, sectors or company sizes should thus be ruled out.

In the context of this EU strategy – and also national data strategies – there are consecutive regulations and current regulatory projects on the part of the EU Commission.
The following are examples:
1. Since November 2020, there has been a draft for a Data Governance Act (DGADGA – Data Governance Act – key pillar of the European strategy for data seeksto increase trust in data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles to the reuse of data More), which is intended to strengthen the European data economy. To this end, the exchange of data between companies, private individuals and the public sector is to be simplified and trust in the transfer of data is to be created. and to create trust in the transfer of data.
2. The Data Act (DADA – Data act – is intended to apply across all sectors and ensure a fairer distribution of value creation in the exploitation of non-personal data. To this end, it is intended in particular to create access opportunities for data that were previously reserved exclusively for a few players More) aims to expand access to and use of data by both public and private actors. It is intended to ensure fairness in the data market between the individual stakeholders involved. To this end, the DADA – Data act – is intended to apply across all sectors and ensure a fairer distribution of value creation in the exploitation of non-personal data. To this end, it is intended in particular to create access opportunities for data that were previously reserved exclusively for a few players More explicitly addresses the exchange of business-to-business (B2B) and business-to-government (B2G) data.
3. The Digital Markets Act (DMADMA – Digital Markets Act – is a European Union regulation that is part of a regulatory package designed to ensure that digital markets in which gatekeeper operate and remain contestable, i.e., that other market participants can exert competitive pressure on these gatekeepers and that fairness and a level playing field are ensured for players in digital markets in the EU. The regulation is designed to ensure that digital markets in which gatekeepers operate (i.e., companies that control market access for others due to their market power and network effects) are and remain contestable.   More), which provides a set of narrowly defined criteria for the classification of large online platforms as gatekeeper, is intended to balance market power in the data markets.
4. The Digital Services Act (DSADSA – Digital Services Act – is an EU regulation to modernise the e-Commerce Directive regarding illegal content, transparent advertising, and disinformation. It was submitted along with the Digital Markets Act (DMA) by the European Commission to the European Parliament and the Council on 15 December 2020. More), aims to facilitate the expansion of smaller platforms, SMEs and start-ups in the data market. It aims to create a safer digital space where users’ fundamental rights are protected and a level playing field for companies applies.
5. The Implementation Act High Value Datasets aims to unlock the socio-economic potential of data.

EU member states are developing strategies not only at the European level, but also at the national level. EU member states are also developing strategies to enable the transition to digitization.
The German government, for example, has drawn up a “Data Strategy of the German government”. This describes the innovation strategy for societal progress and sustainable growth: the fundamental aim of this strategy is to create a data culture that
– ensures that the fundamental values, rights and freedoms of society are protected and
– significantly increases the provision of data and thus promotes innovation.

The basis for implementing the data strategy is the sustainable expansion of high-performance and secure data infrastructures and the creation of sectoral data networks and secure data infrastructures and the creation of sectoral data spaces – for example in the fields of including in the areas of industry, the environment and mobility.
Other EU member states are pursuing similar goals with their respective national data strategies comparable goals.

The availability and the access to the in-vehilce data is essential for the development of new competing services. That is why independent third-party providers need independent access rights to the information and resources for the development of such services – apart from the explicit consent of users to access data.

However, under the current approach of the Data Act, the service providers would only retrieve a kind of derivative right. But this will not be sufficient in practice, because it ignores: These providers have to know in advance which data and functions are basically available and will be available to them. Only an autonomous and independent right of access to the in-vehicle data and functions will make it possible to develop competing digital services. Access rights must therefore be granted by appropriate measures.

The EU Commission has now spent five years gathering comprehensive insights into the automotive ecosystem. Two things have become clear:

1. The potential applications for vehicle-generated data are extremely diverse.
2. At the same time, however, competeable applications are depending entirely on open and non-discriminating access to in-vehicle data and functions.

The solution is on the table

With the S-OTPS-OTP – Secure On-Board Telematics Platform – is a solution addressing the challenges of true consumer choice, security and effective competition in the automotive services sector More model (Secure On-Board Telematics Platform), a suitable technical solution is already available. It was developed by European industry associations of the brand-independent automotive sector, together with the European leasing industry and motorists’ clubs and presented last year.

Therefore, what is now needed as a next step – after the proposal for a general data law – is a proposal for solid sector-specific legislation on access to in-vehicle data and functions.

• European Comission: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1113