---
title: "EU Data Act Non-Personal Data and Mixed Datasets FAQ"
canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets"
source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets"
author: "Sorena AI"
description: "FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records."
published_at: "2026-05-06"
updated_at: "2026-05-06"
keywords:
  - "EU Data Act"
  - "Regulation (EU) 2023/2854"
  - "non-personal data"
  - "mixed datasets"
  - "GDPR"
  - "data holder"
  - "user"
  - "third party"
  - "GDPR overlap"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU Data Act Non-Personal Data and Mixed Datasets FAQ

FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.

*FAQ* *EU* *Data Act*

## EU Data Act Non-Personal Data and Mixed Datasets FAQ

How to classify and handle non-personal data, personal data, and mixed datasets in Data Act access and sharing workflows.

Use this FAQ to separate Data Act scope from GDPR duties, identify user, data holder, and third-party roles, and keep evidence for inclusions, limits, and refusals.

The EU Data Act does not let teams treat a mixed dataset as wholly non-personal just because the access request is about connected-product data. The practical question is which fields are readily available product data or related-service data, which fields are personal data controlled by GDPR and ePrivacy rules, which fields are inferred or derived, and which fields need trade-secret, security, or public-sector-request controls.

## What does non-personal data mean under the EU Data Act, and how does it differ from personal data?

The Data Act defines non-personal data as data other than personal data. That sounds simple, but it means the team must classify fields by substance, not by dataset label. A machine telemetry export, support log, vehicle dataset, or cloud export can contain both non-personal fields and fields that identify, relate to, or can be linked to a natural person.

For connected products and related services, the Data Act access analysis should start with raw and pre-processed data that is readily available to the data holder, plus metadata needed to interpret and use it. Inferred or derived information, highly enriched outputs, protected content, and material outside the connected-product or related-service boundary should be marked separately instead of silently included.

- Classify each field as personal, non-personal, mixed or linkable, inferred or derived, trade-secret-sensitive, or outside the request.
- Record whether the field is product data, related-service data, relevant metadata, or another data category.
- Do not rely on internal labels such as telemetry, operational data, customer data, or analytics unless the field-level classification is visible.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines non-personal data and the key product, related-service, user, data holder, and data recipient terms used for field classification.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that Chapter II covers raw and pre-processed readily available data, including metadata, and excludes inferred or derived data.

## Does the EU Data Act override GDPR when a dataset contains both personal and non-personal data?

No. The Data Act complements EU data-protection and privacy law and must not be interpreted to diminish personal-data rights. When a mixed dataset contains personal data, GDPR, the EU institutions data-protection regulation, and ePrivacy rules continue to control the personal-data processing layer.

The Data Act also does not create a new legal basis for collecting or generating personal data. If the user requesting data is not the data subject, personal data generated by a connected product or related service may be made available to the user or a third party only where a valid GDPR legal basis exists and any relevant special-category or ePrivacy conditions are satisfied.

- Treat Data Act access and GDPR processing as separate questions that must both be satisfied for personal-data fields.
- If the requester is not the data subject, document the GDPR legal basis before releasing personal data.
- Where possible, separate, anonymise, or limit personal-data fields instead of blocking access to non-personal fields that remain in scope.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - States that the Data Act is without prejudice to data-protection and privacy law and does not create a new legal basis for personal-data collection or generation.
- [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Provides Commission context that EU personal-data protection is grounded in GDPR, the Law Enforcement Directive, and the EU institutions data-protection regulation.

## Which Data Act roles matter when handling non-personal data and mixed datasets?

The Data Act context is the starting point for this answer. The main roles are user, data holder, third party, and data recipient. A user is the person or organisation that owns, rents, leases, or receives the related service for the connected product. A data holder is the person or organisation with the right or obligation to use and make data available. A third party can receive data at the user's request, and may also be a data recipient for business-to-business sharing rules.

Do not assign roles once for the whole company. The same organisation can be a user in one workflow, a data holder in another, and a data recipient in a supplier or aftermarket-service workflow. Role classification controls who can request data, who must make it available, who may use it, and who must preserve trade secrets or delete data when it is no longer needed.

- Name the user, data holder, third party, data recipient, and any data subject for each request.
- Check whether the relevant organisation is a manufacturer, related-service provider, provider of data processing services, public undertaking, or another party with a Data Act duty.
- Keep the role map with the request log because role errors change the access, sharing, GDPR, and evidence analysis.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines user, data holder, data recipient, product data, related-service data, and related Data Act roles.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains Chapter II roles in practice, including users, third parties, and typical data holders for connected products and related services.

## What mixed-dataset access must a data holder provide to a user under the EU Data Act?

The Data Act context is the starting point for this answer. Where the user cannot directly access the data from the connected product or related service, the data holder must make readily available data and necessary metadata accessible to the user without undue delay, in the same quality available to the data holder, securely, free of charge, and in a comprehensive, structured, commonly used, machine-readable format. Where relevant and technically feasible, access should be continuous and real-time.

That duty covers both personal and non-personal data only when the personal-data layer is lawful. If GDPR conditions are not met for a personal-data field, the data holder should not treat that as a reason to suppress the non-personal fields that can lawfully be made available.

- Deliver in-scope non-personal fields and metadata in the required format and quality.
- For personal fields, confirm whether the user is the data subject or has a valid GDPR basis for receiving them.
- Document any excluded field by category: personal-data restriction, inferred or derived data, trade secret, security requirement, unavailable data, or out-of-scope content.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4 sets user access duties for readily available product data, related-service data, and metadata, including format and quality requirements.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Summarises the Chapter II user-access right and the scope of readily available raw and pre-processed data.

## Can a user ask the data holder to share a mixed dataset with a third party under the Data Act?

Yes, but the same boundaries apply. At the user's request, the data holder must make readily available data and relevant metadata available to a third party under the Data Act conditions. A gatekeeper under the Digital Markets Act is not an eligible third party for this user-requested Chapter II sharing route.

For personal data in a mixed dataset, the data holder may make the data available to the third party only where the GDPR and any relevant ePrivacy conditions are met. For non-personal data, the third party must use the data only for the purposes and conditions agreed with the user, and must erase it when it is no longer necessary for that purpose unless the user has agreed otherwise for non-personal data.

- Tie third-party sharing to a specific user request and a stated user-approved purpose.
- Screen the requested recipient for the Data Act gatekeeper exclusion where Chapter II third-party access is used.
- Add recipient controls for purpose limitation, onward sharing, deletion, trade secrets, security, and non-use for competing connected products.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 5 and 6 set user-requested third-party sharing duties, gatekeeper exclusion, GDPR limits, purpose controls, deletion, and onward-sharing restrictions.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that users may share connected-product data directly or ask the data holder to share it with a third party of their choice, excluding gatekeepers.

## What are the main boundaries for non-personal data use by data holders and third parties under the Data Act?

The Data Act context is the starting point for this answer. A data holder may use readily available non-personal data only on the basis of a contract with the user. The data holder must not use that data to derive insights about the user's economic situation, assets, production methods, or use of the product in a way that could undermine the user's commercial position.

Third parties that receive Data Act data at the user's request also face limits. They may not use the data to develop a competing connected product, make it available to a Digital Markets Act gatekeeper, or use non-personal product or related-service data to derive commercial insights about the data holder. These restrictions should be visible in contract terms and recipient controls, not buried in a generic data-sharing policy.

- Check the user contract before using non-personal product or related-service data internally.
- Separate permitted aftermarket or related-service use from prohibited development of a competing connected product.
- Prohibit commercial insight extraction about the user, data holder, or third party where the Data Act restricts it.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 6 limit data holder and third-party use of non-personal product and related-service data, including competitive-product and insight restrictions.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains limits on using Data Act data to develop a competing connected product and distinguishes related or aftermarket services.

## How should trade secrets and security concerns be handled in mixed datasets under the Data Act?

Trade secrets are not a blanket reason to deny a Data Act request. The data holder or trade-secret holder must identify protected data, including relevant metadata, and agree proportionate technical and organisational measures with the user or third party. Examples in the Data Act include contractual terms, confidentiality agreements, strict access protocols, technical standards, and codes of conduct.

Withholding, suspension, or refusal needs a written, substantiated basis. A refusal based on trade secrets is exceptional and must be assessed case by case. Security limits are also narrow: users and data holders may restrict or prohibit access, use, or further sharing where processing could undermine legally-laid-down security requirements of the connected product and cause serious adverse effects to health, safety, or security.

- Identify trade-secret fields and metadata before applying confidentiality measures.
- Use proportionate safeguards first; reserve withholding, suspension, or refusal for the Data Act conditions that support them.
- Keep the written reason, affected fields, measures requested, measures implemented, and any competent-authority notification.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 5 require trade-secret identification, proportionate confidentiality measures, written substantiation, and competent-authority notification for withholding, suspension, or refusal.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that trade-secret protection and security restrictions are limitations on access, not broad exemptions from Data Act sharing.

## How do public-sector requests change the treatment of non-personal data and mixed datasets under the Data Act?

The Data Act context is the starting point for this answer. Chapter V is different from ordinary user and third-party access. Public sector bodies, the Commission, the European Central Bank, and Union bodies may request data from data holders on the basis of an exceptional need, but the request must be limited in time and scope and tied to statutory duties in the public interest.

For public emergencies, the Commission explainer states that the public body should request non-personal data and may request personal data only if non-personal data is insufficient; where possible, the data holder should anonymise it. For non-emergency exceptional need requests, the Data Act route is limited to non-personal data and requires the requesting body to show that it could not obtain the data by other means.

- Separate Chapter V public-sector requests from Chapter II user or third-party requests.
- For emergency requests, record why non-personal data is sufficient or why personal data is necessary and anonymisation is or is not possible.
- For non-emergency requests, verify that the request is for non-personal data and that the requester has documented the public-interest task and failed alternatives.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 14 and 15 define exceptional-need requests and limit non-emergency exceptional-need requests to non-personal data.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains Chapter V emergency and non-emergency handling, including the focus on non-personal data and anonymisation where possible.

## What should cloud and data-processing-service teams know about non-personal data under the Data Act?

The Data Act also contains rules for data processing services and international governmental access to non-personal data held in the Union. Providers of data processing services must take adequate technical, organisational, and legal measures, including contracts, to prevent third-country governmental access or transfer of non-personal data where it would conflict with Union or Member State law.

This cloud rule should not be confused with connected-product user access. It is a separate control for providers of data processing services and is relevant when a cloud provider receives a third-country decision or request concerning non-personal data held in the EU.

- Classify whether the workflow is connected-product access, cloud switching, or third-country governmental access.
- For third-country governmental access, keep the request, legal basis, conflict assessment, minimisation decision, customer notice analysis, and any national-authority consultation.
- Do not use cloud-access rules to narrow a user's Chapter II access to connected-product data.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 sets safeguards against conflicting third-country governmental access and transfer of non-personal data held in the Union.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that Chapter VII protects non-personal data stored in the EU against unlawful third-country governmental access requests.

## What evidence should teams keep for Data Act non-personal data and mixed-dataset decisions?

Keep evidence that proves the classification and the outcome, not a generic compliance memo. The minimum useful record is a field-level data inventory, the Data Act role map, the requester and recipient identity checks, the GDPR basis or exclusion for any personal-data fields, and the final delivery or refusal file.

For each excluded or limited field, preserve the reason and source: outside product or related-service data, not readily available, inferred or derived, personal-data restriction, trade secret, security requirement, public-sector-request condition, cloud third-country access rule, or other Union or national law. The record should let a reviewer understand what was delivered, what was withheld, why, who approved it, and what was communicated.

- Keep the data dictionary, request log, role map, field classification, recipient purpose, and delivery manifest together.
- Attach GDPR, anonymisation, trade-secret, security, and third-country-access assessments only where those issues affected the result.
- Store written substantiation and competent-authority or dispute records for withholding, suspension, refusal, or challenged restrictions.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports evidence fields for user access, third-party sharing, GDPR limits, trade-secret measures, security restrictions, technical protection measures, and dispute routes.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Provides practical implementation context for Chapter II access, Chapter V public-sector requests, and Chapter VII non-personal-data safeguards.

## What source evidence should teams keep for a Data Act mixed-dataset decision?

For mixed datasets, the decision record should point to the exact Data Act article or recital, the Commission guidance used, the actor role, and the specific dataset or workflow reviewed. That makes it easier to explain why some fields were shared, some were excluded, and which law controlled each part of the decision.

Keep the cited source URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the page remains auditable and easy to update when the underlying Data Act process changes.

- Map the mixed-dataset decision to a cited Data Act source URL.
- Store the owner, affected workflow, evidence artifact, and review trigger.
- Keep article-level references with the field-level inventory so reviewers can connect the rule to the decision.

## Which team should own a Data Act mixed-dataset implementation decision and keep it current over time?

For mixed datasets, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. The owner should be the person who can approve the field-level classification, route any GDPR or trade-secret review, and close the request with a documented outcome.

For mixed datasets, use one accountable owner per action, then record consulted teams and evidence dependencies separately so the handoffs remain clear if the decision is reviewed later.

- Assign one accountable owner for the classification and one for the response if the workflow spans multiple teams.
- Record the legal, product, procurement, cloud, support, and security inputs alongside the final decision.
- Keep the owner with the cited Data Act source URL and the request log so the decision can be reproduced.

## Primary sources

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text used for definitions, Chapter II user and third-party access rules, GDPR interaction, trade-secret and security limits, Chapter V public-sector requests, and Chapter VII non-personal-data transfer safeguards.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical context on raw and pre-processed readily available data, mixed personal and non-personal datasets, user/data holder/third-party roles, public-sector requests, and non-personal cloud data safeguards.
- [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission data-protection overview used to ground the GDPR precedence and personal-data-rights context for mixed datasets.

## Topic Guides

- [Data Act and Common European Data Spaces](/artifacts/eu/data-act/data-act-and-common-european-data-spaces.md): How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
- [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md): FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
- [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md): FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
- [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md): FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Clauses](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Template](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
- [Data Act B2G Exceptional-Need Requests](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
- [Data Act Cloud Switching Compliance Checklist](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
- [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md): FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
- [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md): FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
- [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md): FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
- [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md): FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
- [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md): FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
- [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md): FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
- [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md): FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
- [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md): FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
- [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md): FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
- [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md): FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
- [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md): FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
- [Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/smart-contracts-for-data-sharing.md): Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
- [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md): FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
- [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md): FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
- [Data Act Trade Secrets and Protection Measures](/artifacts/eu/data-act/trade-secrets-and-protection.md): Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
- [Data Act Unfair Contractual Terms | Article 13 B2B Contract Review](/artifacts/eu/data-act/unfair-contractual-terms.md): Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
- [Data Act Vehicle Data Guidance](/artifacts/eu/data-act/vehicle-data-guidance.md): Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
- [Data Act vs GDPR: connected-product data access](/artifacts/eu/data-act/data-act-vs-gdpr.md): Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
- [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md): FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
- [EU Data Act Applicability Test](/artifacts/eu/data-act/applicability-test.md): Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
- [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md): FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
- [EU Data Act Article 3 Pre-Contract Information](/artifacts/eu/data-act/pre-contractual-information-obligations.md): What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
- [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md): FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
- [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md): FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
- [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md): FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
- [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md): When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
- [EU Data Act Checklist for Product, Cloud, and Contract Teams](/artifacts/eu/data-act/checklist.md): A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
- [EU Data Act Cloud Switching and Exit Plans](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
- [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md): Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
- [EU Data Act Compliance Program](/artifacts/eu/data-act/compliance.md): Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
- [EU Data Act Connected Product Scope and Data Types](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
- [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md): FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
- [EU Data Act Data Processing Service Switching](/artifacts/eu/data-act/data-processing-services-switching.md): A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
- [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md): FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
- [EU Data Act deadlines and compliance calendar](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
- [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md): FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
- [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md): FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
- [EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates](/artifacts/eu/data-act/faq.md): Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
- [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md): FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
- [EU Data Act Penalties and Enforcement](/artifacts/eu/data-act/penalties-and-fines.md): Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
- [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md): FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
- [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md): FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
- [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md): FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
- [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md): FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
- [EU Data Act requirements](/artifacts/eu/data-act/requirements.md): Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
- [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md): Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
- [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md): FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
- [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md): FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
- [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md): FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
- [EU Data Act User Access and Portability Rights](/artifacts/eu/data-act/access-rights-and-portability.md): Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
- [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md): FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
- [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md): FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
- [EU Data Act vs Data Governance Act](/artifacts/eu/data-act/data-act-vs-data-governance-act.md): Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.

*Recommended next step*

*Placement: after evidence section*

## Review Data Act mixed-dataset handling

Turn non-personal and mixed-dataset classification into request handling, field-level evidence, GDPR checks, and recipient controls that legal, product, support, and engineering teams can maintain.

- [Open Research Copilot](/solutions/research-copilot.md): Ask cited questions about Data Act non-personal data, mixed datasets, GDPR overlap, and access boundaries.
- [Discuss mixed-dataset controls](/contact.md): Review how Data Act classification, recipient restrictions, source citations, and evidence records apply to your product and cloud workflows.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets