1. Data governance
What is data governance?
Data governance refers to a set of rules and means to use data, for example through sharing mechanisms, agreements and technical standards. It implies structures and processes to share data in a secure manner, including through trusted third parties.
Why do we need a regulation on data governance?
The economic and societal potential of data use is enormous: it can enable new products and services based on novel technologies, make production more efficient, and provide tools for combatting societal challenges. In the area of health for example, data contributes to providing better healthcare, improving personalised treatments and helping cure rare or chronic diseases.
To realise this enormous potential, more data must be made available, shared with confidence and technically easy to reuse. The data governance regulation will ensure Member States’ actions on data are aligned to create a true single European market for data, and to support the development of common European data spaces.
How will the regulation benefit citizens and businesses?
The data governance regulation will ensure access to more data for the EU economy and society and provide for more control for citizens and companies over the data they generate. This will strengthen Europe’s digital sovereignty in the area of data.
It will be easier for Europeans to allow the use of data related to them for the benefit of society, while ensuring full protection of their personal data. For example, people with rare or chronic diseases may want to give permission for their data to be used in order to improve treatments for those diseases. Through personal data spaces, which are novel personal information management tools and services, Europeans will gain more control over their data and decide on a detailed level who will get access to their data and for what purpose.
Businesses, both small and large, will benefit from new business opportunities as well as from a reduction in costs for acquiring, integrating and processing data, from lower barriers to enter markets, and from a reduction in time-to-market for novel products and services.
2. Data for society
How can data benefit society?
Insights derived from data allow more evidence-based decisions and policies to be developed. For example, insights can be used to respond to emergencies, such as floods and wildfires, to make our cities greener and cleaner, and to help people live longer and healthier. Data can be used to develop personalised medicine or advance research to find cures for specific diseases, or for the public sector to improve services.
How to encourage data sharing for the benefit of society?
As an online consultation to prepare this proposal has shown, it is the lack of tools, not of willingness, that hampers data sharing for the benefit of society. The regulation will put in place rules and means for trusted data altruism. This means data that is made available without reward for purely non-commercial usage that benefits communities or society at large, such as the use of mobility data to improve local transport. The objective is to create the right conditions for individuals and companies to trust that when they share their data, it will be handled by trusted organisations based on EU values and principles.
In addition, a common European consent form will be developed for data altruism to allow the collection of data across Member States in a uniform format. This will be a modular form, which can be tailored to the needs of specific sectors and purposes.
How will a company be recognised as data altruism organisation?
An entity engaging in data altruism will be able to register voluntarily as a data altruism organisation in a new public register. The organisation has to have a not-for-profit character and meet transparency requirements as well as specific safeguards to protect the rights and interests of citizens and companies. The aim is to provide maximum trust with minimum administrative burden.
3. Data sharing with the public and private sector
How will public sector bodies guarantee privacy and confidentiality?
Member States will need to be technically equipped to ensure that privacy and confidentiality are fully respected. This can include a range of tools, from technical solutions, such as anonymisation or processing in dedicated infrastructures operated and supervised by the public sector, to legally binding confidentiality agreements to be signed by the reuser. Whenever data is being transferred to a reuser, mechanisms will be in place that ensure compliance with the GDPR and preserve the commercial confidentiality of the data.
How will data intermediaries ensure trust in data sharing?
Many companies currently fear that sharing their data would imply a loss of competitive advantage and represent a risk of misuse. Trusted providers of data-sharing services (so-called data intermediaries, such as data marketplaces) will pool and organise data neutrally to increase trust. To ensure this neutrality, the data-sharing intermediary cannot exchange the data for its own interest (e.g. by selling it to another company or using it to develop their own product based on this data) and will have to comply with strict requirements to ensure this neutrality. Both stand-alone organisations providing data sharing services only and companies that offer data sharing services next to other services will be allowed. In that case, the data sharing activity will be strictly separated from other data services. The data and metadata acquired can be used only to improving the data sharing service.
Under the proposed regulation, data intermediaries will be required to notify the competent public authority of their intention to provide such services. Public authorities will monitor compliance with the requirements and the Commission will keep a register of data intermediaries.
How can public sector data be reused by companies, administration, academia or citizens?
The Open Data Directive of June 2019 lays down rules on the reuse of public sector information. The public sector also holds vast amounts of data that cannot be made available as open data because it includes information on individuals or company information (e.g. health data, information on financial systems). The proposed regulation therefore complements the directive by addressing data that cannot be made available as open data. This concerns data subject to data protection legislation, intellectual property, or containing trade secrets or other commercially sensitive information.
The challenge is to find ways to enable knowledge to be extracted from the data, while fully preserving privacy or other rights that may be attached to the data. Some Member States have already created secure and privacy-compliant conditions for the reuse of such data. The regulation will make these practices more widespread across the EU by increasing the findability of such data and ensuring that public sector bodies are technically equipped so that any reuse of the data preserves privacy and confidentiality.
What will be the role of the European Data Innovation Board?
The draft regulation provides for the creation of a European Data Innovation Board to facilitate the sharing of best practices by Member States’ authorities, in particular on data altruism, data intermediaries and the use of public data that cannot be made available as open data. In addition, it will advise the Commission on the prioritisation of cross-sector interoperability standards.
4. European Data Spaces
What is the purpose of common European data spaces?
European Data Spaces will allow data from across the EU, both from the public sector and businesses, to be exchanged in a trustworthy manner and at a lower cost, thereby boosting the development of new data-driven products and services. Data spaces are composed of both the secure technological infrastructure and the governance mechanisms.
The Commission will support the set-up and development of common European Data Spaces, as well as data use between them, in nine strategic domains, as set out in the February 2020 data strategy: health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills.
The necessary funding will come from the Digital Europe programme and the Connecting Europe Facility. In particular, the Commission plans to invest €2 billion to foster the development of data processing infrastructures, tools, architectures and mechanisms for data sharing.
Will the EU introduce data localisation requirements?
We want to give Europeans more options, not fewer, to treat their data. For the EU, there are two principles that have to go hand in hand and that are non-negotiable: ensure a stable and predictable environment with free flow of data at the global level, and the privacy protection for personal data. Where relevant, sensitive non-personal data (for example commercially sensitive data) should also be duly protected.
The vision of the EU’s digital economy - with its reinforced data space and artificial intelligence solutions – is to maintain an open, but assertive approach to international data flows, based on European values and which is fully, in line with our commitment to open trade, our bilateral engagements with partners around the world and our World Trade Organization obligations.
We want Europe to create and strengthen its data economy, but there is no obligation to store and process data in the EU. Nobody will be prohibited from dealing with the partner of their choice. At the same time, the EU must ensure that any access to EU citizen’s personal data and certain sensitive data is in compliance with its values and legislative framework.
The free flow of data to third countries should be ensured. The Commission will continue to fulfil its role and mission in addressing unjustified data localization requirements in other parts of the world.
What are the next steps?
The new regulation will provide a good governance framework supporting the common European data spaces and will ensure that data can be made available voluntarily by data holders.
It will complement the upcoming rules on high-value datasets under the Open Data Directive which will ensure access to certain datasets across the EU for free, in machine-readable format and through standardised Application Programming Interfaces (APIs). The reuse of such datasets can have major benefits for society and the economy, for example geospatial data, mobility data, and earth observation and environment data.
In 2021, more dedicated proposals on data spaces are expected, for example a European Health Data Space and a Green Deal Data Space. They will be complemented by a Data Act that will give citizens and governments better access to and control over IoT data from industry and big data sources held by businesses in order to create a fairer economy and benefit society as a whole.
*Source: European Commission