EU Data Act proposal welcomed, but rules must boost data portability, ensure level playing field, and align with GDPR


Insurance Europe has published a set of key messages on the European Commission’s proposal for an EU Data Act, which aims to create an EU single market for data and to give individuals and businesses more control over their data. Overall, insurers welcome the proposal, as the proposed reinforcement of data portability rights will benefit consumers and enable insurers to develop innovative digital services.

While there are many positive elements in the EC’s proposals, there are also some areas which can be improved.

What works?

  • The insurance industry fully endorses the enhanced data portability rights of users of connected products. This includes their right to access the data generated through the use of their products and to allow access to that data by a third party of their choice.
  • Insurers welcome the provisions establishing that gatekeepers under the Digital Markets Act do not have access to the data generated by users via their connected products, as well as the prohibition on third parties developing competing products based on the data received. These requirements are a step in the right direction towards achieving a level playing field in the data economy.
  • A key element of any future cross-sectoral data-sharing framework is the horizontal provision to protect trade secrets, most notably by allowing data-holders to refuse to share such data with a third party. Data-holders should not be obliged to share business-sensitive information or proprietary data that they have generated and analysed/enriched themselves, and that is the outcome of their own work.

What can be improved?

  • The Data Act’s provisions should ensure a more level playing field between players of all sizes.
  • Data portability rights should prohibit the data-holder from making it cumbersome or effectively impractical for the user to request that the data be shared with third parties.
  • It is essential to ensure alignment between the Data Act and the General Data Protection Regulation.
  • Government access to data should be more strictly defined.
  • The provisions on cloud switchability are also a positive step, but should be refined to fully enable companies and SMEs to switch freely between cloud services without undue burden.