EU looks to make data sharing easier: Council agrees position on Data Governance Act

Met dank overgenomen van Sloveens voorzitterschap Europese Unie 2e helft 2021 i, gepubliceerd op vrijdag 1 oktober 2021.

The EU is working to strengthen various data-sharing mechanisms. The aim is to promote the availability of data that can be used to power applications and advanced solutions in artificial intelligence, personalised medicine, green mobility, smart manufacturing and numerous other areas.

Today, member states agreed on a negotiating mandate on a proposal for a Data Governance Act (DGA). The Act would seek to set up solid mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and promote data altruism across the EU.

The Data Governance Act is part of a wider policy to give the EU a competitive edge in the increasingly data-driven economy.

Successful digital transformation and achieving our climate goals depend on data-driven innovation, which relies on the availability of data. It is therefore crucial to increase trust in data sharing. This law will not oblige anyone to share their data, but for those who want to make their data available for certain purposes, it creates a safe and easy way to do it and to stay in control.

Boštjan Koritnik Minister for Public Administration, President of the Council

Promoting reuse of public-sector data

The Data Governance Act will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others. This includes for example data protected by intellectual property rights, trade secrets and personal data. Public-sector bodies allowing this type of reuse will need to be technically equipped to ensure that privacy and confidentiality are fully preserved.

In this respect, the DGA will complement the Open Data Directive from 2019, which does not cover such types of data.

In order to avoid creating costly obligations on the public sector, the Council position introduces more flexibility in the text and takes account of national specificities that already exist in some member states.

Creating a new business model for data intermediation

The proposal creates a framework to foster a new business model - data intermediation services - to provide a secure environment to help companies or individuals share data.

For companies, these services could take the form of digital platforms, which would support voluntary data-sharing between companies or facilitate data-sharing obligations set by law. By using these services, companies will be able to share their data without the fear of misuse or a loss of competitive advantage.

For personal data, such providers would help individuals exercise their rights under the general data protection regulation (GDPR). This would help people have full control over their data and allow them to share their data with a company they trust. This could be done, for example, by means of novel personal information management tools, such as personal data spaces or data wallets, which are apps that intermediate with others based on consent.

Data intermediation service providers would need to be listed in a register, so that their clients would know that they can rely on these providers.

The service providers would not be allowed to use shared data for other purposes. They would not be able to benefit from the data, for example by selling it on. They may, however, charge for the transactions.

The Council position has clarified the scope of these provisions, in particular to indicate more clearly which types of companies can be data intermediaries.

Encouraging data altruism

The proposal also makes it easier for individuals and companies to make data voluntarily available for the common good, such as a particular research project. Entities seeking to collect data for objectives of general interest based on data altruism may request to be registered in a national register of recognised data altruism organisations. Registered organisations will be recognised across the EU. This will create the necessary trust in data altruism, encouraging individuals and companies to donate data to such organisations so that it can used for wider societal benefits.

The Council text has added compliance with a code of conduct as a requirement for registration as a recognised data altruism organisation. Such codes of conduct are to be developed in cooperation with data altruism organisations and relevant stakeholders and adopted by the Commission through implementing acts.

European Data Innovation Board

A new structure, the European Data Innovation Board, will be created to advise and assist the Commission in enhancing the interoperability of data intermediation services and ensuring consistent practice in processing requests for public-sector data, among other tasks. The Council has introduced some improvements in the Board’s tasks and structure.

International access and transfer of non-personal data

The proposal creates safeguards for public-sector data, data intermediation services and data altruism organisations against unlawful international transfer or governmental access to non-personal data. For personal data the EU already has similar safeguards under the GDPR.

The main change introduced by the Council here is that the Commission - through an implementing act - may adopt model contractual clauses to support public-sector bodies and re-users in the case of transfers of public-sector data to third countries.

Application timeline

Under the Council text, the new rules will apply 18 months after the entry into force of the regulation (instead of 12 months, as proposed by the Commission).

Procedure

Today's mandate was approved by ambassadors meeting in the Council's Permanent Representatives Committee (Coreper). It will allow the Council presidency to start negotiations with the European Parliament. Both the Council and the European Parliament will need to agree on the final text.