Data law and the Data Act in practice

Overview of the objectives of the European Data Strategy for Business and Public Administration

• Legal and technical foundations of artificial intelligence.
• Machine learning, data processing and data extraction.
• Opportunities and risks.
• Added value through data purchasing and data preparation.

Available data sources & data procurement

• Legal entitlement to data and legal basis for access to public data on the part of the economy.
• Information rights, file inspection rights and requirements for public administration from the Data Governance Act, the PSI Directive for the public sector, INSPIRE, the new digital building law in the Building Code, EU Directive on open data in the public sector with the German Data Utilization Act - DNG.

Data usage

• Fundamentals of the EU data economy through the Data Act in practice, overview of the Data Act of (EU) Regulation 2023/2854).
• Regulation and obligations to disclose data generated when using networked products or connected services (IoT) to users and third parties.
• Requirements for manufacturers of networked products.
• Access by design.
• Rights of data recipients and data owners.
• Access to machine data generated in the context of IoT and liability for data.
• Sale of data to third parties for services.
• Entitlement to interfaces and portability of data in cloud services.

Legal possibilities and limits of data collection

• Basics of EU database law.
• Text and data mining: Copyright protection of databases and their contents.
• Protection of structured research data.
• Legal permissibility of reading databases and training AI with third-party data.
• Data licenses.
• When is the training of AI with which data permitted?
• Application of the opt-out principle in practice.
• Protection against screen scraping.

Right to transfer and interoperability of data, change of service providers and data portability, data export

• Legal bases for the transfer of data and the interoperability of data records with other service providers.
• Regulatory content of the Data Act, Digital Market Act (DMA), GDPR and the EU Non-Personal Data Directive.

Risks and prohibited technologies of artificial intelligence

• Basics of the AI regulation and the use of AI in practice.
• Classification of AI systems according to risk classes in the AI Regulation.
• Legal consequences.
• Compliance check for AI systems.
• Influence of the Digital Market Act on AI.
• Discussion of open legal issues.

Risks and limits of data collection due to data protection law and secrecy protection

• Prohibitions on data transfer and screen scraping under GDPR.
• Laws on the protection of trade secrets and copyright.
• Limits of data readout for AI training through data privacy.
• Information/transparency obligations.
• Privacy by design and by default.
• Use of personal data for teaching, training and testing AI and the limits of the GDPR and the AI Act
• AVV contracts.
• New requirements for marketing in lettershop processes.

Digital Market Act (DMA)

• Area of application.
• Requirements for large central platform services and gatekeepers according to DMA.
• Access to data and interoperability.

Data contract law and contract design for data-based business models

• Data purchasing, data trading, data usage agreements, data transfer, cooperation and data transfer agreements for data used to train AI systems.
• Regulatory points and contract design: Overview of types of data licenses.
• Content of data contracts: users, data owners, data recipients, liability for data quality.
• Differentiation from license agreements for software and open source.
• Creative Commons.
• Database licenses.