Art. 5 Data Act - Trialogue Agreement

1.           Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available readily available data, as well as the metadata that is necessary to interpret and use that data, to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder, easily, securely, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time. The making available of the data by the data holder to the third party shall be done in compliance with Articles 8 and 9.

1a.          The right under paragraph 1 shall not apply to readily available data in the context of testing of other new products, substances or processes that are not yet placed on the market unless use by a third party is contractually permitted.

2.           Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation   (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act), shall not be an eligible third party under this Article and therefore shall not:

(a)     solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1);

(b)     solicit or commercially incentivise a user to request the data holder to make data available to one of its services pursuant to paragraph 1 of this Article;

(c)     receive data from a user that the user has obtained pursuant to a request under Article 4(1).

3.           In order to verify the quality as user or as third party pursuant to paragraph 1, the user or third party shall not be required to provide any information beyond what is necessary. Data holders shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure.

4.           The third party shall not deploy coercive means or abuse gaps in the technical infrastructure of a data holder designed to protect the data in order to obtain access to data.

5.           A data holder shall not use any readily available data to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has given permission to such use and has the technical possibility to easily withdraw that permission at any time.

6.           Where the user is not  the data subject whose personal data is requested, any personal data generated by the use of a product or related service, including data derived and inferred from that use, shall only be made available where there is a valid legal basis under Article 6 of Regulation (EU) 2016/679 and where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 and Article 5(3) of  Directive (EU) 2002/58 are fulfilled.

7.           Any failure on the part of the data holder and the third party to agree on arrangements for transmitting the data shall not hinder, prevent or interfere with the exercise of the rights of the data subject under Regulation (EU) 2016/679 and, in particular, with the right to data portability under Article 20 of that Regulation.

8.           Trade secrets shall be preserved and shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party.  The data holder or the trade secret holder when it is not the data holder shall identify the data which are protected as trade secrets, including in the relevant metadata, and shall agree with the third party all proportionate technical and organisational measures necessary to preserve the confidentiality of the shared data, such as model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.

8a.          Where there is no agreement on the necessary measures or if the third party fails to implement the agreed measures or undermines the confidentiality of the trade secrets, the data holder may withhold or, as the case may be, suspend the sharing of data identified as trade secrets. The decision of the data holder shall be duly substantiated and provided in writing without undue delay to the third party.
In such cases, the data holder shall notify the national competent authority designated in accordance with Article 31 that it has withheld or suspended the sharing of data and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality compromised.

8b.         In exceptional circumstances, when the data holder who is a trade secret holder can demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the third party, that data holder may refuse on a case-by-case basis the request for access to the specific data in question. Such demonstration shall be duly substantiated, based on objective elements, in particular the enforceability of trade secrets protection in third countries, the nature and level of confidentiality of the data requested, the uniqueness and novelty of the product, and provided in writing and without undue delay. When the data holder refuses to share data pursuant to this Article, it shall notify the national competent authority designated in accordance with Article 31.

8c.          Without prejudice to the third party’s right to seek redress at any stage before a court or a tribunal of a Member State, the third party wishing to challenge the data holder’s decision to refuse, withhold or suspend the sharing of data in accordance with paragraphs 8a and 8b may:

(a) lodge in accordance with Article 31(3), point (b), a complaint with the national competent authority, which shall, without undue delay, decide whether and under which conditions the data sharing shall start or resume; or

(b) agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1b).

9.           The right referred to in paragraph 1 shall not adversely affect the rights of other data subjects pursuant to the applicable data protection law.