Estimated reading time 8 min

The Data Act promises the same keys to success to everyone participating in the data economy

The Data Act paves the way for a fairer and more diverse data economy with the help of common ground rules. This is an excellent opportunity for Europe to lead the way in the regulation of data use globally.


Kristo Lehtonen

Director, Fair data economy

Laura Halenius

Project Director, Competitiveness through data

Taru Rastas

Senior Lead, Competitiveness through data


The Data Act has been under preparation for a long time. It is an ambitious attempt to create a fairer data-led economy by tackling identified obstacles to the accessibility of data and its wider use with the help of legislation. The Data Act is meant to supplement regulatory initiatives that implement the EU’s data strategy and cover digital platforms, internet services and data intermediation services.

The legislation that is currently being prepared is a wide-scale initiative as it targets everyone who produces and uses data. Therefore, it affects all of us indirectly, as consumers, citizens, employees and entrepreneurs. What is particularly noteworthy is the regulation’s starting point – the rights and obligations are aimed at all parties participating in the production of data.

The European Commission will present its proposal for the Data Act at the end of February. However, there is already public debate following a leaked draft. The commission also held a public hearing on the topic last summer and Finland has been active in supporting the initiative.

The significance of the Data Act is on a par with the General Data Protection Regulation

In terms of its significance, the Data Act is comparable to the EU’s General Data Protection Regulation. General Data Protection Regulation (GDPR) Regulation (EU) 2016/679, the European Union’s ("EU") new General Data Protection Regulation ("GDPR"), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. Open term page General Data Protection Regulation (GDPR)
Whereas the GDPR defines the processing of personal data, the Data Act will target all data from the perspective of data protection. At best, the act will create regulatory symmetry because, practically speaking, data often contains both personal and other information.

The Data Act will impact operators of all sizes in all sectors of society. In addition, the thinking behind the legislation is driven by the possibilities afforded by the use of advanced technologies, for example AI-based solutions in research, services and business, and by the benefits that can be derived from the increasing use of smart contracts, networked devices and the Internet of Things (IoT).

Stronger rights for those participating in the production of data

The purpose of data regulation is to strengthen access to data and to widen the reuse of data for both communities and individuals. As users of smartphones, smart devices and digital services, we are all already part of the data economy. We must have access to the data we produce and the ability to control it.

The Data Act views access to data as a relationship between the producer and user of the information. This means that the producer of a product, such as a car manufacturer, could be required to open up access to data created by the use of the car and provide the opportunity to transfer and use the data when we choose a service for car maintenance, for example.

Changing service providers will become easier

The new legislation will strengthen the portability of data. If you want to change your service provider, it should be simple to transfer the data that a service has accumulated. This basic principle is already present in banking services, for example. When we change banks, our money, assets and access to and control over them move swiftly with us in the form of data.

A similar mechanism would be created for corporate users when switching cloud services, as access to data and the ease of use has become vital for businesses. In the long term, we can also consider whether more flexible cloud solutions would bring some desired competition to the markets and open up opportunities for new, European cloud services.

A stronger position for SMEs through non-discriminatory contract terms

Sharing data between companies is largely based on agreements. Right now, it is particularly difficult for SMEs (small and medium-sized enterprises) to negotiate the terms of data use, which might mean missing out on creating some data-based innovations and business. It has been estimated that half of the data collected by companies is not in use, but some other company might be able to utilise this data.

The aim of the regulation is to create more balanced bargaining power between various parties by requiring fair, reasonable and non-discriminatory (FRAND) contract terms. In addition, negotiation can be supported with contract templates.

A wide variety of regulatory activities

The forthcoming legislation might include clearly defined obligations and guidance for joint activities. For example, obligations could be created for cloud services to enable the portability of data and ensure all functionalities in the new environment.

At the same time, there is a willingness to promote the interoperability of data by creating standards that operators in the industry could define together. Data must be compatible on a sufficient level in order to enable the transfer and use of data in what are known as data spaces, for example.

Conflicting operator interests

The impact of the act will naturally be dependent on how the measures proposed during the preparation are integrated into the final act and how they are implemented in practice. The key to success is innovative co-operation between the commission, member states and stakeholders to determine the best solutions and practices.

We can also expect conflicts between various interests as well as intense lobbying around the Data Act’s proposals. Producers of products and services will have to fulfil new obligations according to which devices and software will need to be designed in a way that makes it easy for service users to access data. The rights to share data with third parties must be defined clearly. Producers cannot prohibit the sharing of data in a technical, or any other, manner.

Fair, reasonable and non-discriminatory contract terms must be used when sharing data between companies. The purpose of this is to balance SMEs’ bargaining power and enable access to the market. It must also be possible to demonstrate and ensure that the terms are realised and whether any deviations appear.

In addition, in situations concerning the public interest, such as a health crisis like the Covid-19 pandemic, companies should be obliged to share data with the public sector. Transferring data when changing cloud services should not incur any costs and operators could be obliged to co-operate in order to create interfaces that improve data portability and to create standards.

Conflicts are likely to arise regarding the basis of data transfer costs, companies’ obligations to disclose data to the public sector and, in general, the relationship between business secrets, freedom of contract and data rights. To solve these conflicts of interest, we must look past narrow interests and sectoral disputes and towards a more balanced future for the data economy — one that creates activity, sustainable growth and well-being. In other words, providing greater benefits to everyone.

Now is the time to influence the direction of the data economy

The act’s proposals will be revealed at the end of February. We hope that the regulatory process will be as open and inclusive as possible, both nationally and within the EU. A successful end result will be achieved by cross-sectoral examination in which we listen to the views of parties representing small operators and users in addition to large companies and industry-specific communities. Operators must also have the opportunity to prepare for the changes that the act might bring.

Thinking about solutions together is likely to improve many practical details. How can action related to the access to data and data sharing be realised as technical interfaces in a smarter way than at present? And what kinds of opportunities will better access to data offer for developing new business or creating networks of trust based on data sharing? Solving practical details together could give Finnish operators opportunities to create service and infrastructure layers for the data economy. We have strong expertise in areas such as open data and MyData in finance, mobility, health and the built environment.

Sitra’s Fair data economy theme includes a regulatory review as part of the “A Roadmap for a Fair Data Economy” project. In the review, the impact of and opportunities created by the regulation are examined from the perspectives of individuals, companies and communities. The purpose is to strengthen a common understanding and perspective of the EU’s data regulation now and in the future.

What's this about?