It’s just over a year since the European Union’s executive proposed legislation aimed at encouraging widespread sharing and reuse of industrial data and protected public sector data-sets — such as health data, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills.
Yesterday the bloc’s co-legislators reached agreement on the DGA after trilogue discussions — paving the way for formal adoption once the Council and Parliament vote to approval the final text.
The Data Governance Act (DGA) is intended to create a standardized framework of trusted tools and techniques to encourage data reuse — by setting “secure and privacy-compliant conditions” for sharing data, as the Commission presented it.
The hope is also that legislation will lead to the creation of common data spaces across strategic domains to support R&D.
Key components of the plan include the creation of a network of trusted and neutral data intermediaries; and an oversight regime to ensure conditions are being complied with — comprised of national monitoring authorities and a new advisory/steering body (aka, the European Data Innovation Board).
The legislation will also bring in international data transfer rules for non-personal data. (Such rules already exist — at least on paper — covering the export of personal data from the EU under the General Data Protection Regulation.)
Getting political agreement is typically the most challenging component of EU lawmaking.
Although the final text of the DGA will still need to be approved by the Council and Parliament before it’s formally adopted. (And, in terms of wider timeframe, the new rules will apply 15 months after the entry into force of the regulation — so likely not before 2023.)
In a press release on the provisional agreement, the Council of the EU said: “[N]egotiators from the Council and the European Parliament reached a provisional agreement on a new law to promote the availability of data and build a trustworthy environment to facilitate its use for research and the creation of innovative new services and products.”
“The [DGA] will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others. This includes, for example, trade secrets, personal data and data protected by intellectual property rights. Public-sector bodies allowing this type of reuse will need to be properly equipped, in technical terms, to ensure that privacy and confidentiality are fully preserved,” the Council added.
An earlier Open Data Directive, from 2019, does not cover the data types being legislated for here.
EU lawmakers believe Europe has a major advantage in industrial data — and want the DGA to create conditions that will encourage widespread data sharing and reuse. (A Data Act is also incoming which will propose measures intended to encourage business-to-business data sharing and business-to-government data sharing.)
The Commission has also been pushing the notion of “data altruism” and data sharing for the common good, although the overarching goal for the DGA is to foster the development of regional AIs to stoke economic competitiveness and growth.
“Businesses, both small and large, will benefit from new business opportunities as well as from a reduction in costs for acquiring, integrating and processing data, from lower barriers to enter markets, and from a reduction in time-to-market for novel products and services,” it suggests in a Q&A on the DGA.
At the same time the Commission has suggested that the creation of common European “data spaces” in sectors like manufacturing and health will help advance research — which could lead to cures for rare or chronic diseases or at least support evidence-based policymaking and foster other types of societally beneficial developments.
So the DGA co-mingles purely economic goals (via opening access to data) with broad-brush notions of “data altruism” and “data for society”.
This fuzziness has raised some watchful concern among civil society groups — such as the European Consumer Organisation BEUC, which has warned that “a weak definition of altruism in this agreement could allow companies to over-use vague, altruistic grounds to push consumers to share their data”.
Weak enforcement of existing legal protections for EU citizens’ data may also work against the sought for ‘trust to share’ push.
Commenting in a statement on the trilogue agreement on the DGA yesterday, the Commission’s EVP for digital, Margrethe Vestager, avoiding citing any such concerns — merely offering a boosterish claim that: “This Regulation is a first building block for establishing a solid and fair data-driven economy.”
“It is about setting up the right conditions for trustful data sharing in line with our European values and fundamental rights,” she went on, adding: “We are creating a safe environment in which data can be shared across sectors and Member States for the benefit of society and the economy.”
Internal Market commissioner, Thierry Breton, also stuck to the promotional script, saying the agreement on the DGA will allow the bloc to define “a common approach to data sharing”, and further suggesting: “We are facilitating the flow of growing industrial data across sectors and Member States to help Europe become the world’s number one data continent. We are doing so by building trust, putting the individuals and companies who generate data in the driving seat so they remain in control of the data they create. In a nutshell: an open yet sovereign European Single Market for data.”
In its PR, the European Parliament said MEPs secured tighter provisions on “trust and fair access” during the DGA negotiations — aimed at plugging loopholes in the legislation they said would have allowed operators from non-EU countries to abuse the scheme.
MEPs also focused on beefing up the role of the European Data Innovation Board — and on clarifying the scope of the legislation, saying they secured “precise requirements” on which services will fall under the new DGA.
Getting a better deal for SMEs and startups was another parliamentary priority, they said.
The trilogue agreement reached yesterday includes the possibility for exclusive arrangements for the reuse of public-sector data — which the Council said will be possible “when justified and necessary for the provision of a service of general interest”.
However the maximum duration for existing contracts will be 2.5 years and for new contracts 12 months — with MEPs writing that: “Public sector bodies will have to avoid creating exclusive rights for the re-use of certain data, and exclusive agreements should be limited… to make more data available to SMEs and start-ups.”
The co-legislators have also agreed that the Commission will set up a European single access point with a searchable electronic register of public-sector data — which will be made available via national single information points.
The EU is anticipating that the DGA will create a new business model for data intermediation services — to provide a secure environment in which companies or individuals can share data; and which will commit not to use the data for their own ends (but will be able to charge for the transactions they enable).
Such services must be listed in an EU register under the incoming rules.
“For companies, these services can take the form of digital platforms, which will support voluntary data-sharing between companies or facilitate the fulfilment of data-sharing obligations set by law. By using these services, companies will be able to share their data without fear of its being misused or of losing their competitive advantage,” the Council writes.
“For personal data, such services and their providers will help individuals exercise their rights under the [GDPR]. This will help people have full control over their data and allow them to share it with a company they trust. This can be done, for example, by means of novel personal information management tools, such as personal data spaces or data wallets, which are apps that share such data with others, based on the data holder’s consent.”
EU lawmakers are hoping that having dedicated rules to govern data-sharing will encourage both companies and individuals to make data available voluntarily — for altruistic purposes such as medical research projects.
The DGA will therefore create national registers of recognised “data altruism organisations” — aka entities seeking to collect data for objectives of general interest. Such entities must agree to comply with specific rules, and (once registered) will be recognised across the EU.
“This will create the necessary trust in data altruism, encouraging individuals and companies to donate data to such organisations so...
Yesterday the bloc’s co-legislators reached agreement on the DGA after trilogue discussions — paving the way for formal adoption once the Council and Parliament vote to approval the final text.
The Data Governance Act (DGA) is intended to create a standardized framework of trusted tools and techniques to encourage data reuse — by setting “secure and privacy-compliant conditions” for sharing data, as the Commission presented it.
The hope is also that legislation will lead to the creation of common data spaces across strategic domains to support R&D.
Key components of the plan include the creation of a network of trusted and neutral data intermediaries; and an oversight regime to ensure conditions are being complied with — comprised of national monitoring authorities and a new advisory/steering body (aka, the European Data Innovation Board).
The legislation will also bring in international data transfer rules for non-personal data. (Such rules already exist — at least on paper — covering the export of personal data from the EU under the General Data Protection Regulation.)
Getting political agreement is typically the most challenging component of EU lawmaking.
Although the final text of the DGA will still need to be approved by the Council and Parliament before it’s formally adopted. (And, in terms of wider timeframe, the new rules will apply 15 months after the entry into force of the regulation — so likely not before 2023.)
In a press release on the provisional agreement, the Council of the EU said: “[N]egotiators from the Council and the European Parliament reached a provisional agreement on a new law to promote the availability of data and build a trustworthy environment to facilitate its use for research and the creation of innovative new services and products.”
“The [DGA] will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others. This includes, for example, trade secrets, personal data and data protected by intellectual property rights. Public-sector bodies allowing this type of reuse will need to be properly equipped, in technical terms, to ensure that privacy and confidentiality are fully preserved,” the Council added.
An earlier Open Data Directive, from 2019, does not cover the data types being legislated for here.
EU lawmakers believe Europe has a major advantage in industrial data — and want the DGA to create conditions that will encourage widespread data sharing and reuse. (A Data Act is also incoming which will propose measures intended to encourage business-to-business data sharing and business-to-government data sharing.)
The Commission has also been pushing the notion of “data altruism” and data sharing for the common good, although the overarching goal for the DGA is to foster the development of regional AIs to stoke economic competitiveness and growth.
“Businesses, both small and large, will benefit from new business opportunities as well as from a reduction in costs for acquiring, integrating and processing data, from lower barriers to enter markets, and from a reduction in time-to-market for novel products and services,” it suggests in a Q&A on the DGA.
At the same time the Commission has suggested that the creation of common European “data spaces” in sectors like manufacturing and health will help advance research — which could lead to cures for rare or chronic diseases or at least support evidence-based policymaking and foster other types of societally beneficial developments.
So the DGA co-mingles purely economic goals (via opening access to data) with broad-brush notions of “data altruism” and “data for society”.
This fuzziness has raised some watchful concern among civil society groups — such as the European Consumer Organisation BEUC, which has warned that “a weak definition of altruism in this agreement could allow companies to over-use vague, altruistic grounds to push consumers to share their data”.
Weak enforcement of existing legal protections for EU citizens’ data may also work against the sought for ‘trust to share’ push.
Commenting in a statement on the trilogue agreement on the DGA yesterday, the Commission’s EVP for digital, Margrethe Vestager, avoiding citing any such concerns — merely offering a boosterish claim that: “This Regulation is a first building block for establishing a solid and fair data-driven economy.”
“It is about setting up the right conditions for trustful data sharing in line with our European values and fundamental rights,” she went on, adding: “We are creating a safe environment in which data can be shared across sectors and Member States for the benefit of society and the economy.”
Internal Market commissioner, Thierry Breton, also stuck to the promotional script, saying the agreement on the DGA will allow the bloc to define “a common approach to data sharing”, and further suggesting: “We are facilitating the flow of growing industrial data across sectors and Member States to help Europe become the world’s number one data continent. We are doing so by building trust, putting the individuals and companies who generate data in the driving seat so they remain in control of the data they create. In a nutshell: an open yet sovereign European Single Market for data.”
In its PR, the European Parliament said MEPs secured tighter provisions on “trust and fair access” during the DGA negotiations — aimed at plugging loopholes in the legislation they said would have allowed operators from non-EU countries to abuse the scheme.
MEPs also focused on beefing up the role of the European Data Innovation Board — and on clarifying the scope of the legislation, saying they secured “precise requirements” on which services will fall under the new DGA.
Getting a better deal for SMEs and startups was another parliamentary priority, they said.
What’s been agreed?
The trilogue agreement reached yesterday includes the possibility for exclusive arrangements for the reuse of public-sector data — which the Council said will be possible “when justified and necessary for the provision of a service of general interest”.
However the maximum duration for existing contracts will be 2.5 years and for new contracts 12 months — with MEPs writing that: “Public sector bodies will have to avoid creating exclusive rights for the re-use of certain data, and exclusive agreements should be limited… to make more data available to SMEs and start-ups.”
The co-legislators have also agreed that the Commission will set up a European single access point with a searchable electronic register of public-sector data — which will be made available via national single information points.
The EU is anticipating that the DGA will create a new business model for data intermediation services — to provide a secure environment in which companies or individuals can share data; and which will commit not to use the data for their own ends (but will be able to charge for the transactions they enable).
Such services must be listed in an EU register under the incoming rules.
“For companies, these services can take the form of digital platforms, which will support voluntary data-sharing between companies or facilitate the fulfilment of data-sharing obligations set by law. By using these services, companies will be able to share their data without fear of its being misused or of losing their competitive advantage,” the Council writes.
“For personal data, such services and their providers will help individuals exercise their rights under the [GDPR]. This will help people have full control over their data and allow them to share it with a company they trust. This can be done, for example, by means of novel personal information management tools, such as personal data spaces or data wallets, which are apps that share such data with others, based on the data holder’s consent.”
EU lawmakers are hoping that having dedicated rules to govern data-sharing will encourage both companies and individuals to make data available voluntarily — for altruistic purposes such as medical research projects.
The DGA will therefore create national registers of recognised “data altruism organisations” — aka entities seeking to collect data for objectives of general interest. Such entities must agree to comply with specific rules, and (once registered) will be recognised across the EU.
“This will create the necessary trust in data altruism, encouraging individuals and companies to donate data to such organisations so...