Data Governance Act
EU aims to promote European data exchange
At the end of last year, the European Commission presented its draft legislation for a legal framework for data sharing within the EU and the European data economy. The draft of the so-called Data Governance Act was presented by Commission Vice-President Magarethe Vesthager and Digital Commissioner Theirry Breton on 25.11.20 in Brussels.
What is Data Governance?
Data governance refers to measures and rules for the use of data. These include mechanisms and agreements as well as technical standards for data sharing and structures and processes for secure data exchange.
What do we need data governance for?
Data has played an increasing role in social and economic issues for several years. They offer the potential to gain new insights via their processing. These lead to innovations, for example in the development of economic product or services. But new insights are also leading to progress in the public sector, such as in healthcare to combat disease.
To truly realize the potential of data, it must be made available for easy sharing. And at the same time, provisions must be made for safeguarding the protection of personal rights.
Goals of the Data Governance Act
The Data Governance Act has the broad goal of unifying the different requirements for such a legal framework. In essence, there are three main goals:
- First, an EU-wide harmonization of conditions for the reuse of protected data held by public sector bodies.
- The second is the creation of so-called data intermediaries to provide a reporting and oversight framework for data sharing services.
- It also aims to create a framework for so-called data altruism – the voluntary registration of entities that collect and process data provided for altruistic purposes, as well as the possibility for citizens* to donate personal data for altruistic research purposes.
European Data Single Market
As a result, European citizens should be given more control over personal data, trust should be promoted, and the EU’s data sovereignty should be strengthened. European data rooms facilitate the exchange of data within the EU and in accordance with EU-compliant principles.
The creation of such a single European data market is expected to bring both economic and social benefits, as mentioned above. Data exchange with data processors outside the EU is not to be prevented – only the protection of personal and sensitive company-related data of European citizens is to be more secure.
Fears for personal data protection
It is true that the EU Commission sees the focus of the new regulation in the use of non-personal data, such as from industry. Nevertheless, some data protectionists fear for the protection of personal data rights achieved with the EU GDPR.
Terms that are only vaguely defined, such as “data altruism” or “data reuse,” pose a threat to citizens’ control over the use of their data, according to Estelle Massé of the NGO Access Now(https://www.accessnow.org/european-union-privacy-legacy/ ). To protect this control, the Commission envisaged the roles of data intermediaries, who would be trusted third parties entrusted with the processing of the data without disclosing it.
Another approach is to anonymize data. However, the draft law has also been criticized by data protectionists. The technical conditions for irreversible data anonymization are not yet in place, Max Schrem said during a debate with EU Commissioner Breton(https://www.bruegel.org/events/future-of-data-economy-a-conversation-with-thierry-breton-and-maximilian-schrems/).
CONCLUSION: What does that mean?
What is certain is that such a new data regulation will bring some innovations, some of which should be welcome, while others will certainly pose challenges. Until 21.01.21 the EU Commission still opens the possibility to give feedback on the draft(https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12491-Data-sharing-in-the-EU-common-European-data-spaces-new-rules- ).
The draft regulation will now be guided through the usual legislative procedure. The new rules are unlikely to be adopted before 2022.
Questions & Answers