We previously provided a brief overview of the Data Act’s key concepts, definitions and applicable timeline in Part One: Harnessing the power of data under the Data Act and the new data access right in Part Two: Data access and product design under the Data Act. A key element to increase the utilisation of data is the standardisation of the terms and conditions for sharing data generated by connected products and the services related to those connected products. We will explore the elements of the data sharing rules introduced by the Data Act in this third article in our series.

B2B / B2C sharing

Under Article 5 of the Data Act, the user of a connected product or related service has the right to share product and related service data with a third party either by sharing themselves or requesting the data holder to share the data. For example, a user of a smart watch could request that their data be made available to another provider of a smart watch.

A user encompasses both natural and legal persons, so this right extends to both individuals and businesses. A data holder is the entity that controls access to the data, typically the manufacturer of the product or provider of a related service and must have a contract with the user. For example, one company may manufacture a fridge and another may provide a related service that helps regulate the temperature of a fridge – both companies would be data holders.

The data must be provided to the third party in the same quality as is available to the data holder. The data to be shared includes product and related service data as well as the relevant metadata that is needed to use and interpret the data. Data must be provided to the designated third party without “undue delay” and if possible, continuously and in real time.

Since the Data Act is intended to promote competition, gatekeepers designated under the Digital Markets Act, which wield considerable market power, cannot be third parties and therefore cannot receive data as directed by users. While the intent of this restriction is obvious, the effect is not so clear as individuals and businesses may certainly wish to share data with gatekeepers that may offer popular connected products and related services in certain markets.

As a reminder, there are limitations which can be set in relation to the access and use of trade secret data which we explain in Part Two: Data access and product design under the Data Act.

What rules apply if a data holder is required to share data by law?

In cases where a data holder is required by law (including under Article 5 of the Data Act) to share data with a third party in B2B relations, the terms for sharing must be based on the FRAND principles, i.e. such terms must be fair, reasonable and non-discriminatory.

Data holders cannot charge the user for exercising the data sharing right under the Data Act, however, where legally required to share data, the data holder can agree compensation with the third party who receives the data as directed by the user (the data recipient). Compensation should be non-discriminatory and reasonable and may include a margin. It may cover the costs incurred in making the data available and reflect the investment in the collection and production of the data. However, where the data recipient is an SME or not-for-profit organisation, they can only be charged for the costs for making the data available and not the investment costs. As this will certainly be a point of great debate, the European Commission will produce guidelines on the calculation of reasonable compensation.

Can users or data recipients use data to create a competing product?

No. While the purpose of the Data Act is to improve competition in aftermarket services, it is not designed to provide a means for a competitor to create a competing connected product and users and data recipients are prohibited from doing so. There is no restriction on data recipients creating competing related services.

The effect of these prohibitions remains to be seen as it will be very difficult to prevent data recipients from gleaning know how from received data sets. The fact that a single additional data point is collected may, in and of itself, be valuable to a data recipient offering same or similar products or services. Issues in relation to the misuse of data, and generally in relation to the terms on which data is made available, will provide ample work for the dispute settlement body eventually certified to handle disputes under Article 10 of the Data Act.

Article 6 of the Data Act also imposes restrictions on the use that the data recipient can make of the data it receives, including that it shall only use the data for the purposes agreed with the user, and shall not use the data in a manner that has an adverse impact on the security of the connected product or related service.

In a B2B context, are there any limits on the contractual terms that can be imposed on users and data recipients in relation to their access and use of data?

Data holders are free to agree limits on the use of data by data recipients – in fact they should do so to bolster the prohibition on use of the data to create a competing product or to otherwise share data that constitutes trade secrets.

However, the Data Act includes a new prohibition on unfair terms which are unilaterally imposed relating to data access and use and to liability and remedies for the breach or termination of data-related obligations. This prohibition will apply to new B2B contracts agreed after 12 September 2025. Unfair terms are those that grossly deviate from good commercial practice, contrary to good faith and fair dealing.

While the Data Act recognises the importance of contractual freedom particularly between B2B parties, it is concerned with the imposition of terms on a take-it-or-leave-it basis by a stronger party resulting in a weakening of data access and use rights where unfair terms mean the exercise of these rights becomes less commercially viable or even economically prohibitive. The Act contains a non-exhaustive list of unfair terms and presumed unfair terms. For example, a term where the imposing party has the exclusive right to determine if the data provided are in conformity with the contract will be deemed unfair. Unilaterally imposed terms preventing the use and exploitation of data are presumed unfair, as are terms that are significantly detrimental to the legitimate interests of the data recipient.

Be mindful that there is a limited look-back provision. This ‘unfair terms’ prohibition will require remediation of certain long-term contracts (i.e. of indefinite duration or 10+ years) which were agreed prior to 12 September 2025. The deadline for this remediation exercise is 12 September 2027. In reality, re-opening these long-term contracts, particularly for data rich arrangements, may trigger a larger negotiation of terms or even termination in favour of a more up-to-date arrangement.

B2G sharing

Data holders must also make data available to public sector bodies, the European Commission, the European Central Bank or other EU bodies upon a duly reasoned request where there is an exceptional need in relation to their performance of a task in the public interest. Examples of such circumstances include emergencies, such as a pandemic, natural disasters or major cyber-security incidents. It also covers non-emergency circumstances, although only non-personal data can be requested in those cases. Data holders are entitled to fair compensation when required to share data in these circumstances.

If you require further information on the Data Act, please contact any member of our Technology and Innovation Group or your usual Arthur Cox contact.