Not only does the Data Act introduce obligations around data access and sharing. It also presents new rules to prevent unfair contractual terms. These provisions aim to support a fair data economy by ensuring that no party can block or distort data sharing through one-sided contractual clauses.
As previously discussed, the central goal of the Data Act is to make data more accessible and usable. It is no surprise, therefore, that this also includes setting boundaries on what is permissible in contracts – not just for consumer contracts (B2C), but also in business-to-business (B2B) arrangements. The rules apply to contract terms related to access, use of data, liability, and remedies for breach or termination of data obligations.
When does a clause fall under these rules?
This regulation applies to applies to one-sidedly imposed contractual terms, which do not define the main subject matter. This means a term is only covered if one party tried (and failed) to negotiate. Even a minor change following negotiations would exclude the clause from the scope. So, both parties are incentivized to enter into negotiations, otherwise the rules could void some clauses.
Importantly, these rules are mandatory law and cannot be waived or opted out of.
What makes a clause unfair?
A clause is considered unfair if it “grossly deviates from good commercial practice” or violates “good faith and fair dealing.” While these terms are intentionally broad, the EU plans to publish standard clauses to help interpret what is considered fair.
However, the regulation also lists examples of terms that are - if one-sidedly imposed - automatically deemed unfair, such as:
- excluding or limiting liability for intentional acts or gross negligence
- denying remedies to the party upon whom the clause was imposed
- giving one party the sole right to determine whether data is in conformity
It also outlines terms presumed to be unfair when unilaterally imposed, such as:
- granting one-sided access to sensitive or protected data (e.g. trade secrets, IP)
- preventing the disadvantaged party from terminating the agreement within a reasonable period of time
So what should businesses do?
This marks a significant shift in how data-related contracts must be structured. Companies should review and update their standard templates to ensure compliance until 12 September 2025. With the deadline approaching, now is the time to review and adapt your contractual landscape.
All new contracts must comply with these requirements. Existing contracts must also be adapted accordingly. However, for contracts that are either (i) of indefinite duration or (ii) had a remaining term of at least ten years as of 11 January 2024, the adaptation must be completed by 12 September 2027.Still, early action is advisable, as amending long-term contracts can be a lengthy process.
In our next article we will dive into the data sharing obligations with public bodies. Stay tuned!
Need guidance on the Data Act?
