keyboard_tab Data Act 2023/2854 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- Article 1 Subject matter and scope
- Article 2 Definitions
- Article 3 Obligation to make product data and related service data accessible to the user
- Article 4 The rights and obligations of users and data holders with regard to access, use and making available product data and related service data
- Article 5 Right of the user to share data with third parties
- Article 6 Obligations of third parties receiving data at the request of the user
- Article 7 Scope of business-to-consumer and business-to-business data sharing obligations
- Article 8 Conditions under which data holders make data available to data recipients
- Article 9 Compensation for making data available
- Article 10 Dispute settlement
- Article 11 Technical protection measures on the unauthorised use or disclosure of data
- Article 12 Scope of obligations for data holders obliged pursuant to Union law to make data available
- Article 13 Unfair contractual terms unilaterally imposed on another enterprise
- Article 14 Obligation to make data available on the basis of an exceptional need
- Article 15 Exceptional need to use data
- Article 16 Relationship with other obligations to make data available to public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 17 Requests for data to be made available
- Article 18 Compliance with requests for data
- Article 19 Obligations of public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 20 Compensation in cases of an exceptional need
- Article 21 Sharing of data obtained in the context of an exceptional need with research organisations or statistical bodies
- Article 22 Mutual assistance and cross-border cooperation
- Article 23 Removing obstacles to effective switching
- Article 24 Scope of the technical obligations
- Article 25 Contractual terms concerning switching
- Article 26 Information obligation of providers of data processing services
- Article 27 Obligation of good faith
- Article 28 Contractual transparency obligations on international access and transfer
- Article 29 Gradual withdrawal of switching charges
- Article 30 Technical aspects of switching
- Article 31 Specific regime for certain data processing services
- Article 32 International governmental access and transfer
- Article 33 Essential requirements regarding interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces
- Article 34 Interoperability for the purposes of in-parallel use of data processing services
- Article 35 Interoperability of data processing services
- Article 36 Essential requirements regarding smart contracts for executing data sharing agreements
- Article 37 Competent authorities and data coordinators
- Article 38 Right to lodge a complaint
- Article 39 Right to an effective judicial remedy
- Article 40 Penalties
- Article 41 Model contractual terms and standard contractual clauses
- Article 42 Role of the EDIB
- Article 43 Databases containing certain data
- Article 44 Other Union legal acts governing rights and obligations on data access and use
- Article 45 Exercise of the delegation
- Article 46 Committee procedure
- Article 47 Amendment to Regulation (EU) 2017/2394
- Article 48 Amendment to Directive (EU) 2020/1828
- Article 49 Evaluation and review
- Article 50 Entry into force and application
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
BUSINESS TO CONSUMER AND BUSINESS TO BUSINESS DATA SHARING
CHAPTER III
OBLIGATIONS FOR DATA HOLDERS OBLIGED TO MAKE DATA AVAILABLE PURSUANT TO UNION LAW
CHAPTER IV
UNFAIR CONTRACTUAL TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
CHAPTER V
MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES, THE COMMISSION, THE EUROPEAN CENTRAL BANK AND UNION BODIES ON THE BASIS OF AN EXCEPTIONAL NEED
CHAPTER VI
SWITCHING BETWEEN DATA PROCESSING SERVICES
CHAPTER VII
UNLAWFUL INTERNATIONAL GOVERNMENTAL ACCESS AND TRANSFER OF NON-PERSONAL DATA
CHAPTER VIII
INTEROPERABILITY
CHAPTER IX
IMPLEMENTATION AND ENFORCEMENT
CHAPTER X
SUI GENERIS RIGHT UNDER DIRECTIVE 96/9/EC
CHAPTER XI
FINAL PROVISIONS
- data
- metadata
- personal data
- non-personal data
- connected product
- related service
- processing
- data processing service
- same service type
- data intermediation service
- data subject
- user
- data holder
- data recipient
- product data
- related service data
- readily available data
- trade secret
- trade secret holder
- profiling
- making available on the market
- placing on the market
- consumer
- enterprise
- small enterprise
- microenterprise
- Union bodies
- public sector body
- public emergency
- customer
- virtual assistants
- digital assets
- on-premises ICT infrastructure
- switching
- data egress charges
- switching charges
- functional equivalence
- exportable data
- smart contract
- interoperability
- common specifications
- harmonised standard
- data 36
- holder 16
- measures 9
- technical 9
- party 6
- protection 6
- shall 6
- user 6
- article 5
- unauthorised 5
- such 5
- third 5
- disclosure 4
- paragraph 3
- pursuant 3
- goods 3
- agreed 3
- recipient 3
- trade_secret 3
- available 3
- same 3
- purposes 3
- apply 3
- including 3
- well 2
- paragraph 2
- they 2
- means 2
- made 2
- without 2
- point 2
- users 2
- organisational 2
- union 2
- parties 2
- access 2
- under 2
- taken 2
- used 2
- trade_secrets 2
- from 2
- infringing 2
- applied 2
- recipients 2
- unlawfully 2
- person 2
- right 2
- article 2
- agreement 2
- suffering 1
Article 11
Technical protection measures on the unauthorised use or disclosure of data
1. A data holder may apply appropriate technical protection measures, including smart_contracts and encryption, to prevent unauthorised access to data, including meta data, and to ensure compliance with Articles 4, 5, 6, 8 and 9, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not discriminate between data recipients or hinder a user’s right to obtain a copy of, retrieve, use or access data, to provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation adopted in accordance with Union law. Users, third parties and data recipients shall not alter or remove such technical protection measures unless agreed by the data holder.
2. In the circumstances referred to in paragraph 3, the third party or data recipient shall comply, without undue delay, with the requests of the data holder and, where applicable and where they are not the same person, the trade_secret holder or the user:
| (a) | to erase the data made available by the data holder and any copies thereof; |
| (b) | to end the production, offering or placing_on_the_market or use of goods, derivative data or services produced on the basis of knowledge obtained through such data, or the importation, export or storage of infringing goods for those purposes, and destroy any infringing goods, where there is a serious risk that the unlawful use of those data will cause significant harm to the data holder, the trade_secret holder or the user or where such a measure would not be disproportionate in light of the interests of the data holder, the trade_secret holder or the user; |
| (c) | to inform the user of the unauthorised use or disclosure of the data and of the measures taken to put an end to the unauthorised use or disclosure of the data; |
| (d) | to compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data. |
3. Paragraph 2 shall apply where a third party or a data recipient has:
| (a) | for the purposes of obtaining data, provided false information to a data holder, deployed deceptive or coercive means or abused gaps in the technical infrastructure of the data holder designed to protect the data; |
| (b) | used the data made available for unauthorised purposes, including the development of a competing connected_product within the meaning of Article 6(2), point (e); |
| (c) | unlawfully disclosed data to another party; |
| (d) | not maintained the technical and organisational measures agreed pursuant to Article 5(9); or |
| (e) | altered or removed technical protection measures applied by the data holder pursuant to paragraph 1 of this Article without the agreement of the data holder. |
4. Paragraph 2 shall also apply where a user alters or removes technical protection measures applied by the data holder or does not maintain the technical and organisational measures taken by the user in agreement with the data holder or, where they are not the same person, the trade_secrets holder, in order to preserve trade_secrets, as well as in respect of any other party that receives the data from the user by means of an infringement of this Regulation.
5. Where the data recipient infringes Article 6(2), point (a) or (b), users shall have the same rights as data holders under paragraph 2 of this Article.
whereas