EU Data Act: New unfair contractual terms in B2B data-sharing agreements

As we highlighted in our previous article, the Data Act (Regulation (EU) 2023/2854) prohibits certain unfair contractual terms in B2B data-sharing agreements: any clause concerning data access, use, liability, or remedies that is unilaterally imposed by one party is unenforceable if considered unfair.

What constitutes an unfair clause?

A clause is considered unfair if it significantly deviates from established principles of good commercial practice regarding data access and use, thereby breaching the standards of good faith and fair dealing. In practical terms, if a clause creates a “substantial imbalance” to the detriment of the party bound by it, that clause may be challenged as unfair.

In addition, the legislation distinguishes between two categories of such clauses:

• A Blacklist, which contains clauses that are automatically deemed unfair; and
• A Greylist, which contains clauses that are presumed unfair unless proven otherwise.

Blacklist - A contractual clause is deemed unfair if its purpose or effect is to 

• Exclude or limit liability in case of intentional acts or gross negligence;
• Exclude the remedies available to the party upon whom the term has been unilaterally imposed in the case of non-performance of contractual obligations, or the liability of the party that imposed the term unilaterally, in case of a breach of those obligations;
• Grant exclusive rights to determine whether the data provided is compliant with the contract or to interpret any contractual clause.

Greylist - A contractual clause is presumed to be unfair if its purpose or effect is to 

• Limit remedies in the event of non-performance of contractual obligations or liability for breach of such obligations, or to extend the liability of the company to which the clause has been unilaterally imposed;
• Allow the party that unilaterally imposed the clause to access and use the other party’s data in a way that seriously harms the legitimate interests of that other party (e.g., sensitive data, trade secrets, IP);
• Prevent the other party from using the data it has generated or provided;
• Prevent the party to which the clause was unilaterally imposed from terminating the agreement within a reasonable period;
• Prevent the party to which the clause was unilaterally imposed from obtaining a copy of the data it provided or generated during the term of the contract or within a reasonable time after its termination;
• Allow for unilateral termination with an excessively short notice period, except for legitimate reasons;
• Allow for substantial changes to the price stated in the contract or to any essential terms without a valid reason or without providing the other party the right to terminate the contract in the event of such a change.

When are contract terms “unilaterally imposed”?

A clause is considered unilaterally imposed if it has been drafted and provided solely by one contracting party, without affording the other party a genuine opportunity to influence or negotiate its content, even where that party actively sought to do so. The burden of proof lies with the party that proposed the clause, which must demonstrate that it was not unilaterally imposed.

Key protections and limitations

No reliance on unfair clauses

A party that introduces a contested clause cannot rely on it to justify its application if it is ultimately deemed unfair.

Severability

Where an unfair clause is severable, the remainder of the contract remains valid and enforceable.

Scope limitations

These protections do not extend to contractual terms that:

• Define the main subject matter of the contract; or
• Establish the adequacy of the price in relation to the data provided.

Non-derogation rule

The Data Act expressly prohibits companies from excluding, modifying, or circumventing the application of these safeguards, thereby ensuring that protections against unfair contract terms apply in full and without waiver.

Actions to take when data-sharing clauses in a contract are considered unfair

1. Confirm applicability under the Data Act: Ensure the clauses in question fall within the scope of the Data Act by verifying that they:
   • Relate to data-related obligations, such as access, use, liability, remedies, or termination;
   • Do not derive from mandatory EU law;
   • Are unilaterally imposed by one party; and
   • Apply to contracts between enterprises.

2. Assess fairness under the Data Act: Determine whether the clauses are considered (blacklist) or presumed (greylist) unfair according to Article 13(4) and (5) of the Data Act.

3. Evaluate commercial reasonableness: Even if not listed in the “greylist” or “blacklist”, consider whether the clauses significantly deviate from fair commercial practice. Such clauses can be challenged using supporting evidence.

4. Remediation: If a clause is found to be unfair, the imposing party should remove it.
5. Legal effect and dispute resolution:
   • Unfair terms are not binding, but the remainder of the contract remains valid if the invalid terms are separable.
   • Disputes can be brought before a competent authority, the courts, or, if both parties agree, a dispute settlement body.

Voluntary Standard Contractual Clauses(SCCs) and Model Contract Terms (MCTs)

To support compliance, the Commission has released non-binding Standard Contractual Clauses(SCCs) and Model Contract Terms (MCTs).

These model terms and clauses are primarily intended for business-to-business (B2B) arrangements but may also be adapted for business-to-consumer (B2C) relationships. In B2C contexts, however, they must be supplemented with additional provisions to ensure consistency with mandatory consumer protection law, for instance, rules governing the consumer’s right of withdrawal in contracts concluded online or at a distance.

Want to learn more?

You may find a general overview of the Data Act (here), and a dedicated post on the obligations for data holders of connected products and related services (here). Next week article will be focusing on the requirements for Data Processing Service Providers on Customer Switching and Portability.

Should you require any legal or tax advice in the field of Data, not limited to the Data Act, please contact us below.