Go to Content

We are the flag of Portugal on the internet


.PT Legal & Corporate Affairs
Data Act
The Data Act was published in the Official Journal of the European Union on December 22, 2023, which will be applicable from September 12, 2025. The Data Act proposes new rules on who can use and access to data ("data”, "personal data”, "non-personal data” and "metadata”). It applies to various entities, such as data processing service providers, including cloud service providers and their users, the public sector, among others.

The Data Act is part of the context of the European strategy for data, which aims to put people first in the development of technologies and ensure the defense and promotion of European values and rights in the digital world.

The Data Act must be interpreted in conjunction with the Data Governance Act, which came into force in September 2023, and with Directive (EU) 2019/1024 of the European Parliament and of the Council, of 20 of June 2019, relating to open data and the reuse of public sector information, and transposed into the domestic legal system by Law no. 68/2021, of August 26th, which came into force on October 1st of the same year.

The Data Act now establishes that connected products (IoT), as well as the provision of their related services, must be designed, manufactured and provided in such a way that data relating to that product and/or service is accessible, by default and in an easy, secure and free way to the user, who can share this same data with third parties.

Unlike the General Data Protection Regulation (GDPR), the Data Act extends its scope beyond personal data, encompassing the concepts of "data”, "non-personal data” and "metadata”.

Main objectives of the Data Act:

  • Ensure greater equity in access to the digital environment, as well as the creation of a competitive data market with opportunities for data-based innovation;
  • Switching between data processing service providers is another aspect that the Data Act aims to facilitate, also creating guarantees against the illicit transfer of information and interoperability rules for the reuse of data;
  • Allow users of devices connected to the Internet to access the data generated by their use, focusing on the functionalities of the information collected rather than the equipment itself; 
  • Includes measures to ensure the protection of trade secrets and intellectual/industrial property rights. The scope of the Data Act also includes measures to prevent abuse in data sharing contracts;
  • Establishes means for public sector entities, the European Commission, the European Central Bank and other EU bodies, to access and use private sector data based on exceptional needs, such as in cases of emergency, for example public sector bodies they will be able to request the necessary data to help them respond quickly and safely to a public emergency;
  • If the user cannot directly access the data from the connected product or related service, the data holder must make the data available, as well as the metadata necessary to interpret and use that data, without undue delay, with quality identical to that available to the data holder, in an easy and secure way, free of charge for the user, in a comprehensive, structured, commonly used and automatic reading format, and, if relevant and technically viable, in a continuous way and in real time. 

We are connected!

Please note: the articles on this blog may not convey the opinion of .PT, but of its author.
Back to Posts