Chapter VII: International context non-personal data safeguards

by Bundesverband der Deutschen Industrie e.V.

Chapter II: Business to consumer and business to business data sharing

cloud service provider. This can lead to significant barriers to switching providers in certain cases.

With a view to such constellations, the BDI welcomes the EU Commission's aim of making it easier for users to switch providers and thus increase the openness of the cloud market.

However, the measures that are to be implemented on the part of the providers of corresponding services to achieve this goal show a high level of intervention in their entirety, which furthermore do not sufficiently take into account the technical complexity of cloud solutions in practice, as well as the heterogeneity of the services offered on the market. For example, data processing services - even if they fulfil the same function - are usually realised in different ways: for example with regard to data formats, data semantics or hardware architectures. The Commission's draft also does not sufficiently take into account the fact that - depending on the application context -the amount of data generated can be far too large to be continuously stored by a service provider with reasonable effort and to be kept ready for a possible later porting process. Another example is the design of termination periods, which requires differentiation between highly standardised cloud services (with general terms and conditions as the contractual basis) and complex customised solutions based on an individual project contract. Overall, the requirements of Chapter VI should be designed in such a way that they can be implemented realistically and with reasonable economic effort by market participants of all company sizes.

Against this background, the BDI is in favour of more balanced regulations, taking into account existing approaches that have been developed by market participants in the context of self-regulation. The adoption of impracticable requirements, on the other hand, would entail the risk that certain cloud services would no longer be offered in Europe due to commercially unjustifiable expenses and that innovations in this area would be inhibited.

It is also important to ensure the greatest possible coherence of the Data Act with other European regulatory activities. This concerns, for example, the Digital Markets Act, which also contains requirements relating to switching between digital services and the portability of data. These overlapping requirements result in open questions that must be clarified in the further legislative process.