Zum Hauptinhalt springen

Recital 20

In practice, not all data generated by connected products or related services are easily accessible to their users and there are often limited possibilities regarding the portability of data generated by products connected to the internet. Users are unable to obtain the data necessary to make use of providers of repair and other services and businesses are unable to launch innovative, convenient and more efficient services. In many sectors, manufacturers are able to determine, through their control of the technical design of the connected products or related services, what data are generated and how they can be accessed, despite having no legal right to those data. It is therefore necessary to ensure that connected products are designed and manufactured, and related services are designed and provided, in such a manner that product data and related service data, including the relevant metadata necessary to interpret and use those data, including for the purpose of retrieving, using or sharing them, are always easily and securely accessible to a user, free of charge, in a comprehensive, structured, commonly used and machine-readable format. Product data and related service data that a data holder lawfully obtains or can lawfully obtain from the connected product or related service, such as by means of the connected product design, the data holder’s contract with the user for the provision of related services, and its technical means of data access, without disproportionate effort, are referred to as ‘readily available data’. Readily available data does not include data generated by the use of a connected product where the design of the connected product does not provide for such data being stored or transmitted outside the component in which they are generated or the connected product as a whole. This Regulation should therefore not be understood to impose an obligation to store data on the central computing unit of a connected product. The absence of such an obligation should not prevent the manufacturer or data holder from voluntarily agreeing with the user on the making of such adaptations. The design obligations in this Regulation are also without prejudice to the data minimisation principle laid down in Article 5(1), point (c), of Regulation (EU) 2016/679 and should not be understood as imposing an obligation to design connected products and related services in such a way that they store or otherwise process any personal data other than the personal data necessary in relation to the purposes for which they are processed. Union or national law could be introduced to outline further specificities, such as the product data that should be accessible from connected products or related services, given that such data may be essential for the efficient operation, repair or maintenance of those connected products or related services. Where subsequent updates or alterations to a connected product or a related service, by the manufacturer or another party, lead to additional accessible data or a restriction of initially accessible data, such changes should be communicated to the user in the context of the update or alteration.