29. Are there any limitations on the data holder’s use of the data generated by the user?

While the GDPR governs processing of personal data, Article 4(13) and (14) of the Data Act cover the use of non-personal data by the data holder. Article 4(13) states that the data holder can use the non-personal data for any purpose, provided that (i) this is agreed with the user; and (ii) the data holder does not derive insights about the economic situation, assets and production methods of the user in any other manner that could undermine the commercial position of that user on the markets on which the user is active. Recital 25 further explains that any contractual term regarding the data holder’s intended use of data should be transparent to the user. Possible purposes of data usage by the data holder include the improving of the functioning of the connected product or related service or making aggregated data available to a third party, provided that these data do not allow identification of granular data. The user is the sole source of access to granular non-personal data from the connected product or related service. Article 4(14) addresses the specific aspect of data usage by the data holder that involves the sharing of non-personal data with third parties, which should only take place if contractually agreed with the user (in line with Article 4(13)).