Data Sharing Debate: Determining What Information to Disclose and to Which Recipients After Collection
Under the European Data Act, manufacturers of connected products face specific data access requirements aimed at fostering a thriving European data economy. The key provisions include ensuring users can access and manage data generated by their use of the products.
Starting from September 12, 2025, data holders (manufacturers) must make data generated by connected products easily accessible, secure, free of charge, and in a common machine-readable format. This data access should be provided directly through the product where technically feasible, a concept known as "Data Access by Design." If direct access is not feasible, manufacturers must provide readily available data to users in real-time and continuously where possible.
The scope of data subject to sharing is limited to that primarily generated through the use of the product or service. Secondary or derived data does not need to be shared.
Pre-contractual transparency is another crucial aspect. Manufacturers must inform users about the type, format, estimated volume, and frequency of data collection, whether data generation is continuous and real-time, and how users can access, retrieve, and delete the data. They must also disclose whether the manufacturer or third parties will use the data and for what purposes, as well as their identity and contact details.
Users have the right to access data generated by their use of the product or related service without undue delay, free of charge, and ideally electronically in a structured, machine-readable format upon request.
Additional technical details require manufacturers to inform users if the connected product is capable of storing data on-device or on a remote server, the intended duration of data retention, and provide information on how users may access, retrieve, or erase the data along with the technical means and terms of use.
To comply with the Act, data holders must verify user identity and provide low-threshold access to data by simple request through electronic means. They must also implement processes to handle data access requests efficiently and ensure user verification mechanisms are in place to prevent unauthorized access.
The obligation to share data with third parties at the user's request will be a critical topic for understanding the broader data-sharing framework under the Data Act.
There is still time to act before the Data Act comes into effect. Manufacturers are encouraged to adapt their contracts to ensure compliance and seek guidance on the Data Act at dataact-vienna@our website. These combined obligations reflect the European Union’s intention to ensure that users maintain control and transparency over data generated by connected products, promoting fairness and interoperability in the digital economy.
In the context of the European Data Act, manufacturers must provide data generated by users' interactions with their connected products in a machine-readable format, ensuring compliance with the principle of data access by design. This data must be accessible without undue delay, free of charge, and electronically upon request, demonstrating the EU's commitment to fostering transparency and user control in the digital economy.
Additionally, manufacturers must inform users of the intended data retention duration, data storage locations (on-device or remote server), and the technical means to access, retrieve, or erase data, as part of the effort to promote fairness and interoperability in the data economy. Control of user data remains a priority, with manufacturers also required to handle user data access requests efficiently and prevent unauthorized access.
