Abstract

The Data Act, which will in principle become applicable as of 12 September 2025, provides for an obligation to share readily available data from communicated products (e.g. IOT devices) and related services (e.g. applications that support such products and enable such a product to perform one or more of its functions). The Act refers to both personal and non-personal data. In the case of personal data, it supplements Articles 15 and 20 of the GDPR (with regard to the sharing of data with data subjects) as well as introduces restrictions on the use of the shared data for automated decision-making (Art. 22 of the GDPR). The Data Act also introduces significant restrictions on data holders, who will not be able to use non-personal data without a agreement with the user or in case of product data - share it for purposes other than implementation of a contract. The Data Act also sets out the measures that may be taken to protect trade or business secrets of data holders.