By Robert J. Kerwin

While efforts in Washington D.C., and indeed nationwide, have sparked momentum toward widespread acceptance of the rights of device owners to choose who would repair the devices they own, recent approval by the European Parliament and the Council of the EU of the European Data Act may be a great leap forward for “right to repair” in its own right.

Is it time for an industry understanding on right to repair?
Within two years, European manufacturers may well be required to share data with device users and/or the third parties they employ. While the European Court of Justice and EU member states will likely need to establish guidance and sort out some of the trade secret and privacy protections to be claimed, the European Data Act is seen by knowledgeable observers as, on the whole, compelling greater cooperation in allowing access to data by device users — including for repair purposes.

While the treatment of intellectual property is different in Europe when a device is sold, it will be interesting to see if multinational device manufacturers will be able to assert broad trade secret arguments on repair information in the U.S., when they may be compelled by law to turnover repair information as part of device data to users in the EU.

In light of these developments, it may be time for the industry to undertake adoption of general principles pertaining to cooperation on data access for repairs. Perhaps, as happened with the automotive industry, a memorandum of understanding may be reached. Some may find such an understanding preferable over what might otherwise be imposed by court interpretations of the European Data Act.

Overview of the European Data Act
In December 2023, the EU published the Data Act, Regulation (EU) 2023/2854), in the Official Journal of the EU. The regulation was adopted after much debate and consideration and will be effective as of September 12, 2025. In short, the new regulation will give data users more rights to their own data.

While the details of access have been debated, Article 4 provides users and data holders the right to access service data:

Where data cannot be directly accessed by the user from the connected product or related service, data holders shall make readily available data, as well as the relevant metadata necessary to interpret and use those data, accessible to the user without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge, in a comprehensive structured, commonly used and machine readable format and, where relevant and technically feasible, continuously and in real time. This shall be done on the basis of a simple request through electronic means where technically feasible.

While users and data holders could contractually restrict access if the process undermines security requirements, it should be noted that the overall purpose of the regulation is to provide data access.

When a data holder declines to share data, it is required to notify the EU Member State Competent Authority of its decision to decline access. The Competent Authority is empowered to conduct investigations, impose, where appropriate, ‘proportionate and dissuasive’ financial penalties or initiate legal proceedings. Individuals and companies also have a right to lodge complaints with the Competent Authority if they consider their rights under this regulation to have been infringed.

In the regulation preamble (which spans over 100 paragraphs), the right of the data users of a connected product to share data with third parties is acknowledged:

This Regulation ensures that users of a connected product or related Service in the Union can access, in a timely manner, the data generated by the user of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice.

Data must be made available in fair, reasonable and nondiscriminatory terms and conditions, and in a transparent manner. It states plainly: “[t]herefore, this regulation adapts rules of contract law and prevents exploitation of contractual imbalances that hinder fair access to and use of data.” The preamble acknowledges that this data is valuable in the context of the “health and the circular” economy, including through facilitating the “maintenance and repair” of the connected products in question.

The preamble notes that the regulation enables users of connected products to benefit from aftermarket, ancillary and other services based on data collected by sensors embedded in such products. It also acknowledges the difficulty in accessing some of this data and informs manufacturers that they need in the future to design products to permit the users an easier way to access data. The regulation suggests that EU law or EU member state law could be introduced to address further product design to permit greater access to data.

Need to inform national authority of trade secret claim
While acknowledging that “trade secrets shall be preserved and shall be disclosed only where the data holder and the user take all necessary measures prior to the disclosure to preserve their confidentiality, in particular regarding third parties,” the data holder in asserting the trade secrets is required to identify the data which is protected and agree with the user-proportionate technical and organization measures to preserve the confidentiality of the shared data.

Financial penalties may be imposed for noncompliance
When there is no agreement regarding the necessary measures or if the user fails to implement measures agreed to, the data holder may suspend the sharing of data identified as trade secrets, but is required to notify the Competent Authority.

While “the devil is in the details” as to how this and other provisions of the Data Act are to be enforced, it is clear that conditions for a right of access to data are being established across the pond. There is an obligation to design products and related service data in a manner that product data and related service data are, by default, more easily accessible to the user. This requirement will apply as of September 12, 2026. The rules on unfair contractual terms are expected to start to be applied by September 12, 2027. The clock is ticking.

Given the adoption of the European Data Act by the EU, isn’t it time to begin a conversation with industry stakeholders to implement an understanding for data access to repair in the U.S.?

 

About the author: Robert J. Kerwin is the general counsel for IAMERS, the International Association of Medical Equipment Remarketers and Servicers

This article is reprinted with permission of DOTmed HealthCare Business News and can be read online in its original format at: https://www.dotmed.com/news/story/62936