Data Governance Act agreed upon by Council of the EU
The Data Governance Act is expected to give the EU a competitive advantage in a world that is becoming increasingly data-driven.
A mandate for a Data Governance Act has recently been agreed upon by the Council of the EU, and this is expected to make data sharing easier, leading to several other benefits by extension. In an October 1st press release, the Council announced that Member States had agreed upon a negotiating mandate on a proposal for a Data Governance Act or DGA. This act is intended to promote certain data sharing mechanisms, like facilitating the reuse of certain categories of protected public-sector data, improving public confidence in data intermediation services and promoting data altruism.
The Data Governance Act will promote the reuse of public sector data while preserving privacy and confidentiality.
The Open Data Directive, which does not cover data from public sector bodies, will soon be complemented by the proposed DGA, allowing safer sharing of this category of data. The DGA will cover categories of public-sector data that are subject to the rights of others. This includes data protected by intellectual property rights, as well as trade secrets and personal data. The allowance of this manner of reuse will require the technical capabilities to maintain privacy and confidentiality. The Council’s stance on this will promote greater flexibility which respects any pre-existing national specificities of the various EU Member States.
The DGA is expected to foster the creation of a new business model – data intermediation.
Data intermediation services can help facilitate sharing by providing secure environments for companies and individuals to share data. This may take the form of digital platforms and would help individuals exercise their rights under the GDPR, while facilitating voluntary data sharing by companies. This may include features such as personal data spaces or data wallets, which would allow people to have full control over their data while sharing with companies that they trust.
Service providers will need to be kept in a register which individuals can refer to, to ensure that they are sharing with providers they can safely depend on. In addition these providers will only be able to use the data for the intended purposes. The data can not be sold or used for any alternative purpose. As part of their process the Council of the EU has clarified which types of companies can function as data intermediation service providers.
Data altruism is expected to be made more feasible by the Data Governance Act, allowing companies and individuals to share data for the common good.
For the purposes of research and other public interest, individuals and companies may want, or need to share data. The proposal for data governance is expected to make it easier to make data voluntarily available for these purposes. Organizations will be able to request to be registered to collect data for objectives of general interest. Organizations who register will be recognized across all EU Member States. The trust created by their being registered is expected to encourage individuals and companies to voluntarily share data with these organizations, and this data can then be used to benefit the wider society. There will also be a compliance code of conduct to which these organizations must adhere. This code of conduct will be created with the cooperation of data altruism organisations and relevant stakeholders.
A European Data Innovation Board will be created to ensure consistency in practice for all organizations involved.
The introduction of the DGA will usher in a new structure, called the European Data Innovation Board, which will be tasked with maintaining a level of consistency for organizations involved in the data sharing process. This Board will be expected to advise and assist the Commission in enhancing the interoperability of data intermediation services. In addition, it will ensure consistency in the processing of requests for public sector data. These changes are expected to all foster increased sharing by reassuring the public that data sharing can indeed be safe and maintain the protection of their rights and freedoms.
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, Law Enforcement Directive and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today
- The risks associated with geolocation data: an assessment by LINC, CNIL - August 11, 2022
- CJEU ruling on special categories of personal data - August 9, 2022
- Fine imposed on Volkswagen by German Data Protection Commissioner for multiple GDPR violations - August 4, 2022