The European Commission approved on 23rd February 2022, the new proposal for a European Data Law (cd. “EU Data Act”), which is part of the European Data Strategy..

The Union and its Member States, including Italy, are very active in the field of data protection and the implementation of the European Data Strategy. In this direction, there are both the Regulation on the protection of personal data (now known, under the acronym of GDPR), and the most recent proposal for a European law on data management (Data Governance Act), now transmitted to the Council of the European Union, according to the ordinary legislative procedure.

The Data Act aims to achieve a more competitive data market and to define opportunities for more accessible data-driven innovation by removing barriers to access.

With respect to the Data Governance Act, which aims to create procedures and structures to facilitate the sharing of data by companies, the Data Act requires manufacturers and suppliers to increase the accessibility of data to users (whether they be business or consumer). For example, car manufacturers will have to make accessible to either the driver or to the car owner, all of the data collected by the vehicle, such as traffic information, weather, security systems. Users may also make such data available to third parties, provided that they comply with the provisions of the GDPR, where personal data is involved.

For these reasons, companies that operate in the field of the production of devices that capture or retain data (“data holders”), may face new compliance obligations. Specifically, data holder companies will be able to provide complete information on the data (nature, volume, access mode) generated by the device at the time of its use, but also use the data generated by the device, provided there is a contract with the user.

Italy is ready to comply with the content of the proposal even if it showed, through coordinated action by the European privacy guarantors, its critical position on the content of the proposal. Indeed, this proposal would be, for some parts, in contrast with the content of the GDPR (which imposes important constraints on the possibility of transferring personal data, or in any case of allowing access to personal data).

In the meantime, Italy continues its constant monitoring and implementation activities in order to guarantee effective data protection. Among the most recent initiatives, we note the favourable opinion of the Authority for the Protection of Personal Data on the draft provision of the Director of the Revenue Agency on the new technical rules for the storage of electronic invoices, that will be used for risk analysis and control for tax purposes and for economic and financial policing functions. In addition, we should outline the coordinated action of the European Privacy Guarantors to verify and highlight critical issues about the use of cloud services by public entities.

This active role of Italy in agreement with its European partners and their governance authorities, such as the Committee and the European Data Protection Supervisor, provides that the Member States’ and the Italian data protection policy are being pursued at Union level.

D’Andrea & Partners Legal Counsel will continue to monitor and follow the development of this legislative process with particular attention. If you are interested in this topic or if you have any relevant questions about it, please contact us at