Since September 2025, the Data Regulation has been in force. This new European regulation should give consumers within the EU more control over the use of their data. In the Netherlands, compliance with the Data Regulation is now also being monitored, as the Data Regulation Implementation Act entered into force on Nov. 21. In the Netherlands, the Autoriteit Consument & Markt ACM) and the Autoriteit Persoonsgegevens (AP) are supervising.
The Data Regulation should give people control over the data associated with their use of connected products (so-called "smart" devices). Users will have greater insight into what data is collected about them. They can also more easily decide for themselves what happens to this data and with whom the data is shared. For businesses and governments, the new rules are also intended to encourage a fair, reliable and innovative data economy within the EU.
For example, a car owner gets the right to access the data the car collects. If a repair is needed, the owner can share the data with a garage of his choice. So the owner no longer necessarily has to go to the brand dealer. This increases freedom of choice and convenience. Consumers can thus decide with whom they do or do not share data.
Companies can benefit by using shared data to develop or improve IT applications, for example. Consider a manufacturer of an industrial machine that can use user data to improve business processes.
The Data Regulation:
The AP has been designated as the supervisor of provisions in the Data Regulation that are related to the General Data Protection Regulation (AVG). The Data Regulation supplements, and does not detract from, the rules in the AVG. In case of conflicting rules, the AVG takes precedence. This means that any data sharing involving personal data must comply with the AVG. For example, consider a complaint about data sharing from a connected device that also contains personal data. In addition, the AP is designated as the supervisor of data requests by government agencies in cases of exceptional necessity.
The ACM has been designated as the national data coordinator for the Data Regulation. This means that the ACM oversees how companies give consumers access to data from connected devices and how companies deal with requests to share data. A key focus for the ACM is that companies are transparent to consumers and other companies about what data is collected, and how access to that data is granted. In addition, the ACM supervises cloud services established in the Netherlands. The Data Regulation should make switching between cloud providers and linking cloud services (interoperability) easier.
