The German government (Berlin) wants more clarity on how the new data law will interact with data protection rules, differentiating between B2B and B2C data sharing, rethinking the gatekeepers’ exclusion, and making egress fees subject to contractual arrangements.
The German position on the EU’s Data Act, a flagship legislative initiative to regulate how data can be accessed, shared and transmitted, was sent last week to the Swedish presidency of the EU Council, which is gathering feedback before submitting a new compromise proposal by the end of the month.
“The proposal needs further analysis and discussion. The following remarks are preliminary and without prejudice to further changes and amendments. Further remarks at a later date reserved,” reads the introductory commentary to the German position paper, submitted last week and obtained by EURACTIV.
Germany calls for clarifications of some definitions related to the data that would fall under the scope of the regulation. Regarding products to be covered, the suggestion is to have a general rule to exclude devices primarily intended to display content like Smart TVs.
For the German Government, a central point of criticism is the lack of clarity on the Data Act’s relationship with the EU’s General Data Protection Regulation due to contradictions, overlaps and inconsistencies between the two.
Thus, the German government is calling for making explicit that any personal data obtained via the Data Act needs to be handled in compliance with the GDPR and that the new data law does not provide a legal basis for processing personal data.
The Data Act introduces the principle that users of connected devices should be able to access and port the data they contributed to producing or delegate the matter to a third party.
Germany wants the legal conditions to be differentiated between Business-to-Business (B2B), in which additional leeway might be given to contractual arrangements, and Business-to-Consumer (B2C) scenarios, where consumer interests might require more robust safeguards.
“The German government is considering creating incentives in the B2C sector to promote data use and prohibit unfair business practices by Union law,” the comments continue.
An article has been added listing unfair commercial practices such as using the data for one of the AI applications banned under the AI Act, like social scoring, building disproportionate user profiles and de-anonymising the data.
Berlin also argues that the prohibition of using the obtained data to develop a competing product should be more precise. In this case, the argument is that the burden of proof should be on the users or the relevant third party.
To what extent the Data Act’s data-sharing obligations ensure that the manufacturer of the connected product can protect its trade secrets is a sensitive question that has put some industry associations on a war footing.
Germany insists that trade secrets are broader than simple Intellectual Property rights and must be respected when handling the obtained data to prevent misuse and fraud.
Big Tech exclusion
The original proposal prevents the tech companies with such market power to be designed as gatekeepers under the Digital Market Act from enjoying the regulation’s data-sharing provisions as possible third parties.
The measure, intended to avoid the concentration of data in a handful of companies, is branded as ‘questionable’ by Germany, which proposes keeping out only the ‘core platform services’, where Big Tech has a dominant market position, instead of excluding the entire enterprise.
The exclusion is further criticised, arguing that it restricts users’ choice, limits competition among Big Tech companies and might prevent innovation in the Internet of Things sector.
The Data Act enables public bodies to access privately held data under specific circumstances to prevent or address a public emergency or when the data is necessary to carry out a specific task in the public interest.
While supporting the measure’s rationale, Germany has a scrutiny reservation on this entire chapter, noting that it should be made more specific and raising the point that this question might be better addressed in sectorial legislation.
Unfair contractual terms
The Data Act includes a ‘fairness check’ for contractual arrangements related to data-sharing between SMEs and larger companies. By contrast, Berlin wants to expand this protection against unfair contractual terms to all companies.
In addition, the country proposes including only a ‘black list’ of practices always considered unfair. The current version also includes a list of presumed unfair clauses, a so-called ‘grey list’, that the Germans think creates more legal uncertainty than anything.
The original proposal mandates that a user be able to change cloud service provider with a maximum notice period of two months.
Germany considers this provision a substantial restriction of contractual freedom and proposes to include the possibility of agreeing on a different timeframe mutually.
Regarding switching charges, Berlin asks for clarification regarding the last presidency’s compromise, arguing that “it is difficult to see why a statutory abolition of data egress charges should be necessary” as “contractual agreements seem sufficient here”.