INTRODUCTION Contributed by: Christian Schröder and Odey Hardan, Orrick
the export, transit and brokering of technology relating to dual use items and consisting of large sets of data, by applying export control regu - lations and requiring entities to apply for prior approval of the data transfer from export control authorities. European Data Act For a long time, protection focused only on per - sonal data/personal information. The Chinese Data Security Law has established a framework for the protection and transfer of important non- personal data since 2021, and the EU now also aims to significantly expand protection to cover non-personal data by adopting the European Data Act (DA). The DA represents a significant legislative effort to ensure fair access to and use of data within the EU. It complements existing data protection frameworks, such as the GDPR, by establishing new rules for how users of con - nected products and services can utilise the data they generate and how data holders can derive economic value from it. The DA aims to foster a competitive data market, promote data- driven innovation and enhance data accessibili - ty, addressing key challenges in the digital econ - omy. It introduces comprehensive guidelines on how data generated by connected products and related services can be accessed and shared. This includes establishing a data access and sharing regime that applies to both business- to-consumer and business-to-business interac - tions, as well as public entities. The scope of the DA is broad, impacting a wide range of stakeholders, including manufactur - ers of connected products (such as IoT devices like smart cars and home devices), providers of related services, data holders, data recipients, public sector bodies and several providers of data processing services, such as cloud com - puting services.
The DA's requirements cover both personal and non-personal data, with a primary focus on non-personal data rather than personal data, which continues to be governed by the GDPR. The DA imposes specific obligations on several cloud computing service providers, referred to as “data processing services”. These providers must facilitate switching without charging fees or imposing obstacles, ensuring that customers can transition smoothly to a different service provider. The DA requires providers to include mandatory terms in customer agreements to ensure consumers have the right to switch pro - viders, and to comply with technical obligations to facilitate switching. The EU Commission cur - rently develops SCCs for switching between data processing services. The DA applies to manufacturers or related ser - vice providers established outside the EU, pro - vided the connected products and related ser - vices are placed in the EU. This extraterritorial scope shall ensure that users can exercise their access rights under the DA, regardless of the provider's location. European Artificial Intelligence Act The European Artificial Intelligence Act (AI Act) marks a pioneering effort by the EU to establish a unified legal framework for the regulation of artificial intelligence systems. As the first com - prehensive legislation of its kind, the AI Act aims to address the unique challenges and opportu - nities presented by AI technologies, ensuring that they are developed and used in a manner that is safe, ethical and aligned with fundamen - tal rights. The AI Act establishes requirements for high-risk AI systems to ensure transparency, accuracy and data quality, addressing concerns about the potential misuse of AI technologies.
7
CHAMBERS.COM
Powered by FlippingBook