On 6 April 2022, the European Parliament formally authorised the Data Governance Act (“DGA”), which establishes a authorized framework to advertise the supply of data and enhance belief in data sharing throughout sectors within the EU. Some of the important thing targets of the brand new laws embody enabling the re-use of sure classes of protected public sector data and making it simpler and safer for residents and companies to share their data with related stakeholders.
As a consequence, the DGA might deliver the EU one step nearer in the direction of establishing its purpose of a European single marketplace for data. Indeed, the intention of the DGA is to remodel the best way that data is shared, doubtlessly creating new alternatives for firms together with reducing boundaries to the creation of progressive data-driven services and products, in addition to fostering new enterprise fashions for firms that qualify as data intermediation providers. To guarantee compliance with GDPR, the DGA supplies customers with management over their data and explicitly refers to GDPR’s data processing necessities.
The DGA is a part of the European Commission’s broader digital and data technique. Other current legislative proposals embody the Digital Markets Act (“DMA”), the Digital Services Act (“DSA”), the Data Act and the Artificial Intelligence Act. After hotly contested negotiations, final week, political settlement was reached on the DSA, which proposes new content material regulation provisions for on-line intermediaries. This follows the current settlement on the content material of the DMA, which proposes a set of obligations for so-called “gatekeeper” platforms to make sure honest and contestable digital markets. The formal approval of the DGA and the relative velocity with which settlement was reached on the DMA and DSA demonstrates the political will to progress the technique.
Re-use of protected public sector data
The DGA supplies for a set of harmonised primary situations below which public authorities might enable the re-use of data that’s topic to the rights of others e.g., commerce secrets and techniques, private data and data protected by mental property rights. In this respect, it enhances the Open Data Directive (“ODD”), which lays down guidelines on the re-use of sure data throughout the EU however which excluded from its remit these kind of delicate data. The DGA seeks to deal with the underutilisation of this data. The laws requires Member States to be technically outfitted to make sure that privacy and confidentiality are absolutely protected e.g., by anonymisation, safe processing environments and/or confidentiality agreements to make sure related data could be shared securely.
The DGA additionally supplies for safeguards in opposition to illegal worldwide switch of or governmental entry to non-personal data (related safeguards for private data can be found below the GDPR).
Data intermediation providers
The DGA will create a framework for a brand new enterprise mannequin within the type of data intermediation providers. These providers will present a safe setting to assist firms or people share data (both to assist voluntary data-sharing between firms or facilitate data-sharing obligations set by legislation), with out the concern of misuse or a lack of aggressive benefit. To guarantee neutrality, data-sharing intermediaries won’t be able to change the data for their very own curiosity (e.g., by promoting it to a different firm or utilizing it to develop their very own product primarily based on this data) and should adjust to strict ex ante compliance and transparency necessities (corresponding to being listed in a public register).
The DGA encourages data altruism, whereby people and firms could make data voluntarily accessible (with out monetary reward) for the frequent good, corresponding to for scientific and medical analysis, combating local weather change or bettering mobility. Entities searching for to gather such data might request to be listed in a public register of recognised data altruism organisations, which is able to give them recognition throughout the EU. To shield the rights and pursuits of residents and firms, these organisations should have a not-for-profit character and meet transparency necessities, in addition to implement particular safeguards.
European Data Innovation Board
The DGA supplies for the creation of a European Data Innovation Board to facilitate the sharing of finest practices by Member States and constant software of the framework.
The DGA is geared toward encouraging the usage of “tech for good” and enabling “more data and good quality data” to gas innovation for the frequent public good. The DGA will assist the set-up and improvement of frequent European data areas in strategic sectors corresponding to well being, setting, vitality, mobility and finance. Further, the DGA will probably be quickly complemented by the forthcoming Data Act. While the DGA creates the framework, processes and buildings to facilitate data sharing, the Data Act clarifies who can entry and use – and due to this fact management and profit from – data, and below what situations. The Commission revealed its proposal for the Data Act on 23 February 2022 and it will now be scrutinised by the EU’s co-legislators, the European Council and European Parliament.
In November final yr, the European Council and European Parliament reached political settlement on the content material of the DGA, and following final week’s developments, all that is still excellent earlier than it may be handed into legislation is formal approval by the Council. The guidelines will apply 15 months after entry into pressure of the regulation and are due to this fact prone to apply from mid to late 2023.