BDI statement on the EU Data Act in the public consultation
rights would therefore extend beyond data access. There would be a risk that the rights of the owners would be unduly restricted here. As a general warning, it must be noted that it will be very difficult to find an appropriate wording in the definition of access rights to data that can be interpreted and applied with legal certainty. This has already been pointed out in the discussion on the introduction of an IP right to data. All in all, it should be noted that the protection of data is currently regulated in a scattered manner in a number of special legal norms. However, these regulations fulfil their purpose and provide a balance between the protection of right holders and the interest of data users. Any current shortcomings in the use of data are therefore not due to a lack of protection by intellectual property rights or copyright. The content of the existing regulatory framework should therefore not be changed. 8. Safeguards for non-personal data in international contexts In order to ensure a level playing field, the envisaged transparency measures should in principle apply to all cloud computing service providers active in the EU internal market, regardless of their headquarters. Furthermore, the introduction of additional legal, technical and organisational measures must take into account the different business models of cloud computing service providers and their existing technical and organisational data protection measures and processing practices. Here, the EU Commission should continue to engage in dialogue with cloud computing service providers and include existing protection measures of the providers, such as confidential computing, homomorphic encryption and „keep-your-own-key“.
10
