Scope

The Data Act targets connected products within the Internet-of-things ecosystem, namely products capable of gathering, generating or collecting data communicated via various means. The key subjects of the acts are “data holders”, including natural or legal persons with the right or obligation to use and make available data (typically manufacturers of connected products and providers of related services).

Relevance

The Data Act seeks fostering a competitive and fair data market, stimulating data-driven innovation, and ensuring data accessibility. The Act will most likely lead to increased data transfers across national borders. Norwegian businesses should therefore ensure that they have the right to use the data they hold, for example, through explicit agreements. Furthermore, businesses should secure that their data can be effectively shared, by making it available in real-time, is continuously in a machine-readable format, and that sharing is done free of charge. Businesses should also implement procedures on how to initiate access to and deliver data to third parties.

Read more about the Data Act in this Article (Norwegian only).

Key obligations

The Data Act empowers users of IoT-products to access data from data holders under fair, reasonable and non-discriminatory terms (i.e. through a right to access data generated by the products, and a right to portability allowing users to migrate to third party services. The Act further limits an encompassed entity’s possibility to discriminate against data recipients, and introduces a “policing of reasonableness” with respect to standard terms used towards micro-, small-, and medium enterprises. Finally, data holders are under an obligation to share data with governmental bodies upon further defined conditions.