We already have the final text of the Data Law. Months ago this proposal left us baffled by the Article 30 requirement. The latter said that Smart Contracts must have a termination and suspension system: the SC provider must guarantee that there is a mechanism that can terminate the execution of the transaction. We review the whole Law and we clarify doubts
What is Data Act?
The European Commission published on February 22, 2022 its draft Data Law, which is part of the European Data Strategy. It is a draft law that aims to create an open single market for non-personal data for fair access and use.
The rationale behind the Data Act is the free flow of data generated across sectors.
In broad terms, the Data Act proposal includes:
- Measures to allow users of connected devices to access the data generated by them, which is typically collected exclusively by manufacturers, and to exchange it with third parties to provide after-sales or other innovative data-driven services.
- Measures to rebalance the bargaining power of SMEs by preventing the abuse of contractual imbalances in data sharing contracts. The Data Act will protect them from unfair contract terms imposed by a party with a much stronger bargaining position. The Commission will also develop model contractual clauses to assist these companies in drafting and negotiating fair data exchange contracts.
- Means for public sector bodies to obtain and use data held by the private sector that are needed in exceptional circumstances, especially in case of public emergencies such as floods and forest fires, if the data are not otherwise available. Data information is needed to respond quickly and safely, while minimising the burden on business.
- New rules that allow customers to effectively switch cloud data processing service providers and establish safeguards against illegal data transfer.
In essence, consumers and businesses will be able to access their device data and use it for after-sales and value-added services, such as predictive maintenance. With more information, consumers and users such as farmers, airlines, construction companies or building owners will be in a position to make better decisions, such as buying higher quality or more sustainable products and services, thus contributing to the objectives of the Green Deal.
Businesses and industry players will have more data and benefit from a competitive data market. After-sales service providers will be able to offer more personalized services and compete on a level playing field with comparable services offered by manufacturers, while data can be combined to develop completely new digital services as well.
And how does this law affect Smart Contracts?
In the previous version, article 30 of the Data Act included direct obligations for application providers using smart contracts (ergo, any crypto service provider).
I copy the article verbatim to analyze its implications:
Essential requirements for smart contracts for data exchange.
- The provider of an application using smart contracts or, failing that, the person whose trade, business or profession involves the use of smart contracts for third parties in the context of a data sharing agreement shall comply with the following essential requirements:
- robustness: he shall ensure that the smart contract is designed in such a way as to provide a very high degree of robustness in order to prevent functional errors and to counter attempts of manipulation by third parties;
- secure termination and suspension: shall ensure that a mechanism is in place to terminate the execution of transactions; the smart contract shall include internal functions to reset the contract or instruct it to terminate or suspend the transaction in order to prevent future (accidental) executions;
- data archiving and continuity:in the event that the smart contract needs to be terminated or deactivated, it shall provide for the possibility of archiving transaction data, as well as smart contract logic and code, in order to keep a record of previously executed data operations (auditability);
- access control: the smart contract shall be protected by strong access control mechanisms at the governance level and at the smart contract level.
- The smart contract provider or, failing that, the person whose trade, business or profession involves the use of smart contracts for third parties in the context of a data sharing agreement shall carry out a conformity assessment for compliance with the essential requirements referred to in paragraph 1 and shall issue an EU declaration of conformity in respect of such compliance.
- When issuing the EU declaration of conformity, the provider of an application using smart contracts or, failing that, the person whose trade, business or profession involves the use of third party smart contracts in the context of a data sharing agreement shall be responsible for compliance with the essential requirements referred to in paragraph 1.
- A smart contract that complies with the harmonised standards, or the relevant parts of those standards, drawn up and published in the Official Journal of the European Union shall be presumed to comply with the essential requirements referred to in paragraph 1 of this Article, in so far as those standards cover those requirements.
- In accordance with Article 10 of Regulation (EU) No 1025/2012, the Commission may request one or more European standardisation organisations to develop harmonised standards that satisfy the essential requirements referred to in paragraph 1 of this Article.
- Where the harmonised standards referred to in paragraph 4 do not exist, or where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements of paragraph 1 of this Article in a cross-border context, the Commission may, by means of implementing acts, adopt common specifications with regard to the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39 (2).
As could be seen from the article itself, there were obviously issues that could not be addressed by the very functioning of smart contracts (such as secure termination and suspension).
Although the legislation was not explicitly aimed at the crypto industry (but focuses on non-personal data generated through the Internet of Things), there may be some concern that the Data Act may have had an effect on the crypto sector…
Today, finally, with it and the final text, we can make the following clarifications:
- The reference to SCs should be understood as technologically neutral (they can be blockchain or not) and this is established in recital 104:
The notion of ‘smart contract’ in this Regulation is technologically neutral. Smart contracts can, for example, be connected to an electronic ledger.
- The obligation to include a function to stop the smart contract is maintained BUT only in cases where it has been agreed by the parties:
The essential requirement to ensure that smart contracts can be interrupted and terminated implies mutual consent by the parties to the data sharing agreement.
The applicability of the relevant rules of civil, contractual and consumer protection law to data sharing agreements remains or should remain unaffected by the use of smart contracts for the automated execution of such agreements.
ABOUT ATH21
ATH21 is the first Spanish full-service law firm specialized in crypto and blockchain. We offer real legal solutions for new business models. We adapt to each project, according to the jurisdiction of the moment in such a changing environment. We have been involved in the development of international projects based on blockchain and cryptoassets since 2010.
If you want to know more about our services or need personalized legal advice, do not hesitate to contact us at hello@ath21.com.