A Critical Analysis of the EU Data Act Proposal To what extend does the EU Data Act’s Interplay with the General Data Protection Regulation impact its objective of facilitating access to data?
dc.contributor.advisor | Husovec, Martin | |
dc.contributor.author | Azhar, Rana | |
dc.date.accessioned | 2023-07-11T10:55:52Z | |
dc.date.available | 2023-07-11T10:55:52Z | |
dc.date.issued | 2023 | |
dc.description.abstract | In the EU, a number of regulatory initiatives have attempted to set out regulations that confer upon individuals an extent of control over data. The General Data Protection Regulation (‘GDPR’),9 despite being a data protection regime, grants data subjects control rights over their personal data by way of the right to data portability (‘RtDP’).10 However, the RtDP as a tool for data access and sharing is first, limited in scope and secondly, has proven to be underused because of its inadequate technical considerations.11 A more recent regulatory initiative is a proposal for a Regulation on harmonised rules on fair access to and use of data (the ‘Data Act’ or the ‘Proposal’)12. The Data Act was proposed by the EU Commission on 23 February 2022 as part of the “European strategy for data”13 with the aim of ensuring “fairness in the allocation of value from data among actors in the data economy and to foster access to and use of data”.14 The Data Act’s Explanatory Memorandum furthermore puts forward a set of specific objectives. Amongst these specific set of objectives is to facilitate “access to and the use of data by consumers and businesses while preserving incentives to invest in ways of generating value through data...”.15 The proposal also indicates that it will achieve broader EU policy goals by ensuring all sectors are “in a position to innovate and compete”.16 The Data Act is envisaged to reach its objectives through a set of measures that are to apply horizontally to all sectors.17 Amongst these measures are the rules on data sharing in the contexts of business to consumer (B2C) and business to business (B2B) set out in Chapter II of the Data Act (‘Access Rules’). These rules apply to data - irrespective of whether personal or non-personal data – and without prejudice to existing access regimes, including sector-specific regulations. 18 Importantly, the GDPR – and its RtDP - will also remain applicable horizontally to all sectors.19 Insofar as the the future regulatory framework entails the Data Act to operate alongside the GDPR, there will be an inevitable interplay between the two regimes. On the one hand, this interplay may occur in practice in the context of mixed datasets. Insofar as the Data Act applies to non-personal data, mixed datasets will entail an interplay with the GDPR rules which - in principle - apply to personal data. This potential interplay will raise issues where mixed datasets cannot be disentangled.20 Furthermore, the Data Act adopts a selective approach whereby it essentially acknowledges personal and non-personal data as two distinct categories. As a regime that acknowledges a distinction between these two categories of data by subjecting each category to a different set of standards, the Data Act will similarly raise concerns where datasets are mixed. The second point of interplay between the two regimes occurs in the context of access to data by third parties. In this regard, the Data Act explicitly mentions that it will not “hinder, prevent or interfere with the exercise of the rights of the data subject under [the GDPR] and, in particular, with the [RtDP] under Article 20 of [the GDPR].”21 To transpose the heavily criticized and largely underused RtDP into the context of the Data Act raises questions as to the overall effectiveness of the regulatory framework for data access and sharing.22 Therefore, the purpose of this dissertation is to assess the potential outcomes of the future regulatory framework where the Data Act will be in force along with the GDPR. It will not discuss data protection concerns presented by the Data Act, but rather focus, in particular, on whether this potential interplay will affect the objectives of facilitating data access and reuse. Firstly, Section 1 of this dissertation will assess whether the overlapping applicability of both regimes to personal data adequately takes into consideration potential practical complexities. It will particularly focus on the issue of mixed data sets, which are - as will be argued - common in practice, and will also take account of the “dynamic”23 nature of personal data. Secondly, Section 2 will seek to set out the the potential consequences of the envisaged complementarity between the Access Rules, on one hand, and the RtDP, on the other. It will attempt to do so by delineating the scope of each right, taking into account the types of data covered by each right, the grounds for processing required pursuant to each right, and finally, the interoperability measures set out by each of the two regimes. | |
dc.format.extent | 22 | |
dc.identifier.citation | OSCOLA | |
dc.identifier.uri | https://hdl.handle.net/20.500.14154/68572 | |
dc.language.iso | en | |
dc.subject | Data Law | |
dc.subject | Data | |
dc.subject | Technology Law | |
dc.title | A Critical Analysis of the EU Data Act Proposal To what extend does the EU Data Act’s Interplay with the General Data Protection Regulation impact its objective of facilitating access to data? | |
dc.type | Thesis | |
sdl.degree.department | Law | |
sdl.degree.discipline | Law | |
sdl.degree.grantor | London School of Economics and Political Science | |
sdl.degree.name | Master of Laws (LLM) |