Data Matters Privacy Blog EU Data Governance Law – Getting closer to a single European data market

On April 6, 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote data availability and increase trust in data sharing across EU sectors. EU. Some of the main objectives of the new legislation include enabling the re-use of certain categories of protected public sector data and making it easier and safer to share their data with relevant citizens and business stakeholders.

As a result, the DGA could bring the EU closer to its goal of a single European data market. Indeed, the DGA’s goal is to transform the way data is shared, potentially creating new opportunities for businesses, including lowering barriers to creating innovative data-driven products and services, as well as ‘by fostering new business models for companies that qualify as data intermediation services. To ensure compliance with the GDPR, the DGA ensures users control over their data and explicitly refers to the data processing requirements of the GDPR.

The DGA is part of the broader digital and data strategy of the European Commission. Other recent legislative proposals include the Digital Markets Act (“DMA”), the Digital Services Act (“DSA”), the Data Act and the Artificial Intelligence Act. After hard-fought negotiations, political agreement was reached last week on the DSA, which proposes new content regulation provisions for online intermediaries. This follows the recent DMA Content Agreement, which proposes a set of obligations for so-called “gatekeeper” platforms to ensure fair and contestable digital markets. The formal approval of the DGA and the relative speed with which agreement was reached on the DMA and the DSA demonstrate the political will to move the strategy forward.

Main pillars

Reuse of protected public sector data

The DGA provides a set of harmonized basic conditions under which public authorities can authorize the reuse of data subject to the rights of others for example, trade secrets, personal data and data protected by intellectual property rights. In this regard, it complements the Open Data Directive (“ODD”), which establishes rules on the re-use of certain data in the EU but which excluded these types of sensitive data from its mandate. The DGA seeks to remedy the under-use of this data. Legislation requires Member States to be technically equipped to ensure that privacy and confidentiality are fully protected for example, through anonymization, secure processing environments and/or confidentiality agreements to ensure relevant data can be shared securely.

The DGA also provides safeguards against unlawful international transfer or government access to non-personal data (similar safeguards for personal data are available under the GDPR).

Data intermediation services

The DGA will create a framework for a new business model in the form of data intermediation services. These services will provide a secure environment to help businesses or individuals share data (either to support voluntary business-to-business data sharing or to facilitate legally mandated data sharing obligations), without fear of misuse. or loss of competitive advantage. To ensure neutrality, data sharing intermediaries will not be able to exchange data for their own benefit (for exampleby reselling it to another company or by using it to develop its own product from this data) and will have to comply with strict rules ex ante compliance and transparency requirements (such as listing in a public registry).

Data altruism

The DGA encourages data altruism, whereby individuals and companies can make data voluntarily available (without financial compensation) for the common good, such as for scientific and medical research, the fight against climate change or the improvement of mobility. Entities wishing to collect such data can apply to be listed on a public register of recognized data altruism organisations, which will give them recognition across the EU. In order to protect the rights and interests of citizens and businesses, these organizations must have a non-profit character and meet transparency requirements, as well as put in place specific safeguards.

European Data Innovation Council

The DGA foresees the creation of a European Data Innovation Board to facilitate the sharing of best practices by Member States and the consistent application of the framework.

Broader Context

The DGA aims to encourage the use of “technology for good“and allowing”more data and good quality datato fuel innovation for the common public good. The DGA will support the establishment and development of common European data spaces in strategic sectors such as health, environment, energy, mobility and finance. In addition, the DGA will soon be supplemented by the next data law. While the DGA creates the framework, processes and structures to facilitate data sharing, the Data Act specifies who can access and use – and therefore control and benefit from – data, and under what conditions. The Commission published its proposed data law on 23 February 2022 and it will now be considered by EU co-legislators, the European Council and the European Parliament.

Next steps

In November last year, the European Council and the European Parliament reached a political agreement on the content of the DGA, and following developments over the past week, what remains to be done before it can be promulgated is the formal approval of the Council. The rules will apply 15 months after the entry into force of the regulation and are therefore likely to apply from mid to end of 2023.


Source link