EC Data Governance Act
The European Commission (EC) is set to introduce the Data Governance Act which aims to facilitate the sharing of data between individuals and public agencies. The Data Governance Act is intended to support consumers to be in control of their personal data and ensure they benefit from sharing data. Martel brings you the lowdown.
The application of the Act would extend to, for example, allowing public hospitals to pool data on their fight against COVID-19, or letting patients donate data voluntarily for scientific research. The Data Governance Act is intended to clarify the role of data intermediaries, building trust and establishing data governance, as the GDPR does for data protection.
EU privacy rights are already protected under the EU’s General Data Protection Regulation without requiring companies to base themselves in Europe. The EU Data Governance Act goes further by limiting the processing of public sector data to within the EU. It states companies engaged in handling the data should be legally established in Europe.
The proposal was overseen by Internal Market Commissioner Thierry Breton, a former tech CEO. In an interview with Politico, Mr Breton pushed back on the idea that the Data Governance Act would be contrary to World Trade Organization (WTO) commitments. Currently, the EU must allow access to its market to data processing from abroad, and is barred from forcing foreign businesses to legally establish in Europe.
“Of course we will continue to respect these rules, but the world is changing a lot since 25 years ago. Not one of the big [tech] platforms existed,” said Mr Breton.
The new proposal on data sharing includes a provision that requires companies handling sensitive data to have permission from an EU court before they share it with a foreign government.
The EC has proposed the creation of nine common EU data spaces across sectors including heathcare, agriculture and energy. It also plans the establishment of a Data Act in 2021, that could “foster business-to-government data sharing for the public interest”.
The text of the European Data Strategy, put forward in February 2020 says, “The Common European data spaces should both allow the clarification and harmonisation of data governance models and practices and rely on the necessary infrastructures, including pan-European sustainable cloud federations, for the sharing of good quality and interoperable data.”
In the establishment of EU common data spaces to facilitate greater sharing of non-personal data, data-sharing entities known as ‘data intermediaries’ are envisaged. These would allow for exchanges between data producers and data consumers. Conditions outlined in the Data Governance Act will require Data Spaces to adhere to conditions to ensure trust’.
“In this context data sharing service providers would have to ensure that they only act as intermediates in the transactions, and do not use the data the exchange they aim to facilitate for any other purpose.” the Data Governance Act text states.
It adds that there should also be a ‘structural separation’ between the data-sharing service and any other services related to the data-sharing service provider to “avoid issues of conflict of interest.”
“In order to facilitate supervision of the compliance with the requirements laid out in this article and other relevant Union law, the provider of data sharing services shall be established within the Union or a country of the European Economic Area.”
By extension, the Commission wants there to be rules in place to ensure that ‘requests from third countries’ for access to non-personal data in the new sharing ecosystem, are refused. This is seen to be a means to assert data sovereignty in Europe amid a global context where the EU can gain value from its industrial data.
A draft of the Data Governance Act was released on Oct 28, 2020 and the MyData global organisation reviewed the draft regulation, and outlined their community’s analysis of areas for potential improvements:
- define the key roles in data sharing (Art. 2 Definitions) so that data rights holders and technical data sources can be separated and acknowledge the type of data sharing where individuals are active participants in the transactions
- clarify the scope of the data sharing services (Art. 9 (2)) and extend it to include services that empower the data subject beyond compliance
- address explicitly in the regulation the interconnectivity of the data sharing services.
Independent analysis hails the Data Governance Act as a challenge to big tech’s dominance over personal data brokering stating the focus on Data Unions and Data Trusts will empower consumers and unlock new business opportunities for EU startups.
Martel is keeping a close eye on the delivery of The Data Governance Act and the official publication of the European Commission proposal is expected within a few weeks. Data Operators/data intermediaries are crucial in making personal data management through trusts and unions the new norm. Martel works with EC projects Next Generation Internet and Next Generation Internet of Things for a human-centric Internet which gives back control of data to the users as well as the benefits of sharing it. Together we are building an Internet of Humans.
See Martel’s related article ‘EC policy round up’
As well as our article on The European Green Deal, our blueprint to digital transformation