Promoting data sharing: presidency reaches deal with Parliament on Data Governance Act
[Press release updated on 15 December 2021 to include a link to the text following approval by Coreper]
Today, negotiators from the Council and the European Parliament reached a provisional agreement on a new law to promote the availability of data and build a trustworthy environment to facilitate its use for research and the creation of innovative new services and products.
The Data Governance Act (DGA) will set up robust mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and foster data altruism across the EU.
It is an important component of the European strategy for data, which aims to bolster the data economy, increase wealth and wellbeing, and give Europe a competitive advantage to the benefit of its citizens and businesses.
The Data Governance Act is a major milestone that will boost the data-driven economy in Europe in the years to come. By enabling control and creating trust, it will help unlock the potential of vast amounts of data generated by businesses and individuals. This is indispensable for the development of artificial intelligence applications and critical for the EU’s global competitiveness in this area. Data-powered innovations will help us address a range of societal challenges and drive economic growth, which is so important for the post-COVID recovery.
Boštjan Koritnik, Slovenian Minister for Public Administration, President of the Council
Wider reuse of protected public-sector data
The Data Governance Act will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others. This includes, for example, trade secrets, personal data and data protected by intellectual property rights. Public-sector bodies allowing this type of reuse will need to be properly equipped, in technical terms, to ensure that privacy and confidentiality are fully preserved.
In this respect, the DGA will complement the Open Data Directive from 2019, which does not cover such types of data.
Exclusive arrangements for the reuse of public-sector data will be possible when justified and necessary for the provision of a service of general interest. The maximum duration for existing contracts will be 2.5 years and for new contracts 12 months.
The Commission will set up a European single access point with a searchable electronic register of public-sector data. This register will be available via national single information points.
A new business model for data intermediation
The DGA creates a framework to foster a new business model - data intermediation services - that will provide a secure environment in which companies or individuals can share data.
For companies, these services can take the form of digital platforms, which will support voluntary data-sharing between companies or facilitate the fulfilment of data-sharing obligations set by law. By using these services, companies will be able to share their data without fear of its being misused or of losing their competitive advantage.
For personal data, such services and their providers will help individuals exercise their rights under the general data protection regulation (GDPR). This will help people have full control over their data and allow them to share it with a company they trust. This can be done, for example, by means of novel personal information management tools, such as personal data spaces or data wallets, which are apps that share such data with others, based on the data holder’s consent.
Data intermediation service providers will need to be listed in a register, so that their clients know that they can trust them.
The service providers will not be allowed to use shared data for other purposes. They will not be able to benefit from the data - for example, by selling it on. They may, however, charge for the transactions they do carry out.
Data altruism for the common good
The DGA also makes it easier for individuals and companies to make data voluntarily available for the common good, such as medical research projects.
Entities seeking to collect data for objectives of general interest may request to be listed in a national register of recognised data altruism organisations. Registered organisations will be recognised across the EU. This will create the necessary trust in data altruism, encouraging individuals and companies to donate data to such organisations so that it can used for wider societal good.
If an organisation wants to be recognised as a data altruism organisation under the DGA, it will have to comply with a specific rulebook.
Easy identification of service providers
Voluntary certification in the form of a logo will make it easier to identify compliant providers of data intermediation services and data altruism organisations.
European Data Innovation Board
A new structure, the European Data Innovation Board, will be created to advise and assist the Commission in enhancing the interoperability of data intermediation services and issuing guidelines on how to facilitate the development of data spaces, among other tasks.
International access to and transfer of non-personal data
The DGA creates safeguards for public-sector data, data intermediation services and data altruism organisations against unlawful international transfer of or governmental access to non-personal data. For personal data, the EU already has similar safeguards under the GDPR.
In particular, the Commission - through secondary legislation - may adopt adequacy decisions declaring that specific non-EU countries provide appropriate safeguards for the use of non-personal data transferred from the EU. These decisions would be similar to adequacy decisions relating to personal data under the GDPR. Such safeguards should be considered to exist when the country in question has equivalent measures in place that ensure a level of protection similar to that provided by EU or member state law.
The Commission may also adopt model contractual clauses to support public-sector bodies and re-users in the case of transfers of public-sector data to third countries.
Application timeline
The new rules will apply 15 months after the entry into force of the regulation.
Next steps
The provisional agreement reached today is subject to approval by the Council. It will now be submitted to the Council’s Permanent Representatives Committee (Coreper) for endorsement.