The Data Act and trade secrets: must I share data that is my trade secret?
Adopted 2026-06-16 ยท ≈ 2 min read ยท 
edited by Dirk Baaijen
Not a free pass to refuse. The Data Act gives users a right to data from connected products, but protects trade secrets: you may take safeguards and, in exceptional cases, refuse where serious harm is shown.
Short answer: No, a trade secret is not a free pass to refuse data sharing. The Data Act gives users of connected products a right to the data they generate and to share it with third parties, but it protects your trade secrets at the same time. You may take safeguards and refuse only in exceptional, well-reasoned cases.
What does the Data Act regulate?
The Data Act is Regulation (EU) 2023/2854. It gives users of connected products โ think vehicles, telematics units and sensors โ a right to the data the product generates, and the right to have that data shared with third parties. As the data holder (for example a manufacturer of telematics or vehicles) you are in principle obliged to enable that access.
At the same time the regulation recognises that these data flows may contain trade secrets. Arts 4 and 5 provide an explicit protection framework for this. The starting point is a balance: access for the user, with safeguards for your legitimate interests.
How are your trade secrets protected?
The protection is graduated, not absolute:
- Safeguards, not a blanket block. You may take the necessary technical and organisational measures to preserve your trade secrets, for example confidentiality agreements or technical safeguards around the shared data.
- Identify and justify. The condition is that you identify the data concerned as a trade secret in advance and substantiate your claim. A general reference to "competitive sensitivity" is not enough.
- Refusal or suspension as a last resort. Only in exceptional, well-reasoned cases may you refuse or suspend sharing, namely where serious economic harm can be demonstrated. You must notify the competent authority.
So this is not a right to refuse by default, but an exception you must justify case by case.
What should you do now?
As a manufacturer of telematics or vehicles, prepare in advance:
- Map which data fields contain genuine trade secrets and which are simply shareable.
- Set agreements with users and third parties on confidentiality and use of the shared data.
- Set up a process for the exception: how you substantiate serious harm and how you notify the supervisory authority.
This way you meet your sharing obligation without giving up your actual trade secrets.
Read more: the Transport & Logistics overview. Take the scan.
Sources
- https://eur-lex.europa.eu/eli/reg/2023/2854/oj
Regulation (EU) 2023/2854 (Data Act), Arts 4-5: data access and trade secrets.
Read next
What do I risk for non-compliance with the Data Act?
The Data Act applies since 12 Sep 2025. Non-compliance risks civil claims, contract terms that are not binding, and GDPR enforcement where personal data is involved. From 12 Sep 2026 the design obligation applies.
Data Act vs GDPR: what if my data contains personal data?
If your connected product's data contains personal data, the Data Act and the GDPR apply side by side. The Data Act governs access and sharing; the GDPR governs the lawful basis and protection of personal data.
Does my telematics and vehicle data fall under the Data Act?
Yes. Data generated by your trucks, on-board units and sensors falls under the Data Act's connected-product rules. As a user you have a right of access โ and can have that data shared with a third party. What that means for your fleet.