Draft Recommendation on non-binding model contractual terms on data access and use and non-binding standard contractual clauses for cloud computing contracts

They have been developed to help parties, especially SMEs, implement the provisions of the Data Act. Their use is voluntary and open to users’ possible amendments. Although they were mainly drafted for business-to-business contracts, they can also be used in relations between businesses and consumers, if relevant consumer protection rules are added.

Model Contractual Terms (MCTs)

For data sharing under chapter II and III of the Data Act, three sets of MCTs were drafted to cover the three relationships where data sharing is mandatory, i.e. between data holders, users and data recipients of data generated when using connected products. Each set of MCTs is drafted as a full contract that can be used by businesses to implement the specific requirements for data sharing:

• Data Holder to User MCTs (covering both parties’ rights and obligations for accessing, using and sharing of the data generated by the User’s use of a connected product or related service),
• User to Data Recipient MCTs (setting out the conditions of data use by the data recipient chosen by the user),
• Data Holder to Data Recipient MCTs (covering the terms for the Data Holder’s sharing of data with the Data Recipient chosen by the User and the potential compensation for this).

All three sets of MCTs are compliant with the rules of Chapter IV on unfair contract terms, which stipulate that contractual terms that have been imposed unilaterally on an enterprise by another enterprise are non-binding if they are unfair. An additional set of MCTs was drafted for situations of voluntary data sharing (i.e. sharing any kind of data between any type of entities), so as to provide contractual terms that would be compliant with this unfairness control of Chapter IV: Data Sharer to Data Recipient MCT.

Standard Contractual Clauses (SCCs)

Three SCCs translate the provisions of Chapter VI (cloud switching) into ready-to-use contractual terms that can be inserted in data processing contracts:

• SCC Switching & Exit (provisions on switching),
• SCC Termination (provisions on contract termination),
• SCC Security & Business continuity (provisions on security & business continuity during switching, including provider notification of significant incidents).

Three additional SCCS were drafted, fostering the key characteristics of fair, reasonable and non-discriminatory contractual rights and obligations which are necessary to ensure that the rights and obligations in Chapter VI are not undermined by contractual imbalances:

• SCC Non-Dispersion (to ensure a transparent contractual environment),
• SCC Non-Amendment (to avoid unjustified changes imposed unilaterally),
• SCC Liability (to assist a more balanced liability distribution between parties, including by avoiding unjustified liability limitations by the cloud provider).

The recommended MCTs and SCCs are based on the report of an expert group, which was set up to assist the Commission with this task. The expert group received regular feedback from a subgroup consisting of 31companies and associations, sharing their experience with what works in practice. 12 public webinars were also carried out during the work to collect feedback from a wide selection of stakeholders to make sure the model contracts were adapted to real-life situations and would be easy to use.

Supporting implementation of the Data Act   

The Communication published today contains the Recommendation on Model Contractual Terms on data access and use and Standard Contractual Clauses on cloud computing contracts in English. The next step is translating and publishing both the MCTs and SCCs in all EU languages. This may take some time. 

This initiative is part of the Commission’s broader work on guidance for implementing the Data Act including: 

• Frequently asked questions (FAQs) about the Data Act
• Guidance on vehicle data, accompanying the Data Act

In the future, the Commission will publish guidance on reasonable compensation for mandatory business-to-business data sharing in the context of Chapter III of the Data Act.  

Building on the guidance materials already published, the Commission has launched the Data Act Legal Helpdesk to offer stakeholders concrete guidance on legal questions related to the Data Act. Taken together, these measures make the Data Act easier to navigate, reduce costs, and boost legal certainty.