top of page

Proposed Data Act has insurance ramifications for European businesses


Insurance Europe, the European insurance and reinsurance federation, says the industry broadly welcomes the European Union's proposed new Data Act despite concerns it could expose businesses to increased liability.

It is also seen as important to align the Data Act with GDPR rules which took effect in 2018 and tightened restrictions on the use and flow of the personal data of EU citizens.

The Commission’s intention is the Data Act Proposal, published in February, will create a single market for data that will allow a free flow within the EU and across sectors, benefitting businesses, researchers and public administrations.

The Act covers both personal and non-personal data with the Commission claiming 80% of industrial data in the EU remains unused and the new rules would add €270 billion to the EU's gross domestic product by 2028.

Mark Dutton, director W Denis, believes the proposed Act means businesses need to ensure they have adequate insurance cover. He said: “The onset of more regulations around the use of data, have wider reaching ramifications for businesses of all sizes.

“Such companies need to have a robust suite of insurances not just to protect the business and its assets/liabilities around the use of data, but also directors and officers face management liability exposures concerned with their behaviour and conduct in complying with the raft of laws and regulations. “

Insurance Europe backs moves to create enhanced data portability rights, a level playing field and effective protection of trade secrets, as provided by the Commission’s proposal. There is also support for provisions establishing that gatekeepers under the Digital Markets Act do not have access to the data generated by users via their connected products.

These requirements are seen as a step in the right direction, however, Insurance Europe believes there are improvements to be made to the Data Act including:

· Data portability rights should prohibit the data-holder from making it cumbersome or effectively impractical for the user to request that the data be shared with third parties.

·  It is essential to ensure alignment between the Data Act and the General Data Protection Regulation.

· Government access to data should be more strictly defined.

· The provisions on cloud switchability should be refined to fully enable companies and SMEs to switch freely between cloud services without undue burden.

The Data Act Proposal must be approved by the European Parliament and the Council of the EU and once adopted, it will be directly applicable in all EU Member States. Member states would be obliged to establish a dispute settlement body where data holders and data recipient can file a complaint if they think that the rules of the regulation have been violated.

W Denis Europe arranges comprehensive insurance for EEA based businesses, large and small, including Cyber, Errors & Omissions, Directors & Officers Liability and much more. If you wish to discuss your insurance requirements, please visit or contact Vida Jarašiūnaitė or Mark Dutton

bottom of page