EU co-legislators found a middle ground on the Data Governance Act (DGA) by adopting new rules for data sharing, marking the first step of the European data strategy.
The EU Parliament and Council reached an agreement on Tuesday (30 November) on the new data law to provide a framework for sharing industrial data across the bloc. The DGA defines the rules for trading data, includes smaller actors in the data economy, and provides a mechanism for re-using public-sector data.
“Our goal with the DGA was to set the foundation for a data economy people and businesses can trust in. Only if trust and fairness are guaranteed, data sharing can flourish to its fullest potential and stimulate new business models and social innovation,” Angelika Niebler, the leading negotiator for the European Parliament, told EURACTIV.
The DGA is the first legislative initiative of the European data strategy. It creates a new governance structure that will apply to common data spaces that the European Commission will launch in the health, energy, and agriculture sectors.
While the DGA defines the data-sharing architecture, the upcoming proposal for a Data Act is expected to introduce provisions on how non-personal data is accessed, shared and monetised. After failing an independent review, the Data Act proposal is now expected in February 2022.
The DGA introduces rules for data marketplaces in the form of non-for-profit intermediation services where companies can share their data voluntarily. Neutrality obligations have been introduced to make such marketplaces a trustworthy environment. Many businesses currently prefer not to share their data for fear of misuse or breaching privacy obligations.
“Over 80% of data lies unused in the Union,” stressed EU lawmaker Miapietra Kumpula-Natri.
Data intermediaries that comply with the requirements of the DGA can ask to be listed in a public register; a soft certification meant to foster trust and make compliance easier for smaller companies.
A similar approach was adopted for data altruist entities, individuals, or organisations that make data available for the common good, medical research, or fighting climate change.
“We are concerned about how a weak definition of altruism in this agreement could allow companies to over-use vague, altruistic grounds to push consumers to share their data,” said Jelena Malinina, digital and health policy officer at the European Consumer Organisation (BEUC).
Moreover, the DGA prohibits tying intermediation services with other services such as cloud storage or business analytics, services that are excluded from the scope of the DGA. This anti-bundling measure aims to prevent large tech platforms from creating a commercial lock-in that might disadvantage smaller competitors.
“We should not repeat the same problems of monopolisation we have seen in other fields of the digital economy,” MEP Kumpula-Natri added.
Data Innovation Board
The new law will establish the Data Innovation Board, an advisory body to provide expert input on developing guidelines for European data spaces. Technical issues include the development of common standards and interoperability requirements both at European and international levels.
“The rules for the data interoperability and portability in the EU data economy should be shaped by all stakeholders in the EU, and should not be front-run or pre-decided by exclusive groups of individual member states or companies,” said MEP Damian Boeselager.
The Board will be composed of members of academia, research, industry and civil society and will also advise the European Commission on cybersecurity requirements for data exchanges and storage.
Public sector data
A controversial point of the negotiations was allowing the reuse of sensible data from the public sector. The new EU law is meant to provide legal certainty in the rights and obligations for data-sharing with public authorities.
The exchange of public-sector data will also be possible with organisations based in third countries, but with safeguards that there are no unlawful inbound transfers or government access to industrial data.
Member states will designate one or more public bodies to support the public sector in sharing data in an anonymised form that protects the privacy and intellectual property rights.
Following a procedure already in place for the transfers of personal data, the European Commission will be charged with adopting adequacy decisions for specific non-EU countries. Similarly, the EU executive is also expected to adopt model contractual clauses, standardised versions of private contracts that facilitate compliance.
Moreover, upon request from the MEPs, the public administration will not have exclusive arrangements with private companies for more than one year as a measure to ensure fair access to data.
The DGA still needs to receive formal approval from the European Parliament and Council, but there is little doubt the agreement will be confirmed.
“The data revolution does not wait for Europe and certainly will not materialise through wishful thinking,” MEP Niebler added, “the DGA can be the kick-start for this development.”
[Edited by Alice Taylor]