Articles

European Strategy for Data: short analyse of the proposed regulation of data governance (Data Governance Act)

European Strategy for Data: short analyse of the proposed regulation

European Strategy for Data: short analyse of the proposed regulation of data governance (Data Governance Act)

05.11.2021 EU law

On 25 November 2020, the European Commission published a proposal for a regulation on data governance  and a related Q&A. On 1st October 2021, the Council of the European Union agreed position on Data Governance Act. That will allow the Council presidency to start negotiations with the European Parliament. Both the Council and the European Parliament will need to agree on the final text. This blog briefly present the proposal of the European Commission.

 

Introduction


On 25 November 2020, the European Commission published a proposal for a regulation on data governance (see here) and a related Q&A (see here). The texts are part of the European Strategy for Data published (and launched) by the Commission on 19 February 2020 (see here). This strategy should enable the European Union (EU) to strengthen its competitiveness and its digital sovereignty to become a major player in and of the data economy. EU aims to create a single European market for data, in order to guarantee their free circulation, share and re-use for the benefit of individuals, companies, researchers and/or public administrations. This cannot be done outside any regulatory framework, respecting the EU values. The proposed regulation has the difficult task to develop a data market that gains the trust of all stakeholders.
On 1st October 2021, the Council of the European Union agreed position on Data Governance Act (see here). That will allow the Council presidency to start negotiations with the European Parliament. Both the Council and the European Parliament will need to agree on the final text.

A. Scope of application and impact on the GDPR


The proposal deals with data governance. However, this key concept is not defined in the text but well in the Q&A: “[d]ata governance refers to a set of rules and means to use data, for example through sharing mechanisms, agreements and technical standards. It implies structures and processes to share data in a secure manner, including through trusted third parties”.
The concept of “data” is defined as “any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording”. This broad definition encompasses the concept of personal data, i.e. “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (article 4(1) GDPR). 
The European Commission is fully aware of the risks that this new text may present in terms of articulation with the GDPR. This is why, on several occasions, it indicates that the draft regulation is without prejudice to GDPR. In other words, the proposal (a general regulation) strengthens personal data protection (a specific regulation). In consequence, the requirements of the GDPR should prevail when data falling within the definition of personal data.

B. The key content of the proposed regulation on data governance


The aim of the European Commission is to develop trustworthy systems to share, re-use and process data. To achieve it, several sets of measures are taken.

 

  1. The proposal of regulation provides for mechanisms to facilitate the re-use of data held by public sector bodies that cannot be made available as open data because they are protected on grounds of commercial or statistical confidentiality, protection of intellectual property rights, or protection of personal data. It prohibits to grant exclusive rights on these data or to restrict their availability preventing their re-use. 

The re-use of this data (that may be subject to a fee) must comply with some conditions: for example, it has to be “non-discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed”. These conditions guarantee in particular that the right to privacy of the persons concerned by these data is respected, as well as any intellectual property rights.

  1. Other requirements relate to data sharing services and their providers. Data sharing means “the provision by a data holder of data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary”. Among others, the providers “shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory” and take procedures to “prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services”. Some data sharing services shall also be subject to a notification procedure. 
  2. Data altruism means “the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non-personal data without seeking a reward, for purposes of general interest, such as scientific research purposes or improving public services”. The proposal introduces a common European data altruism consent form in order to facilitate the collection of data based on data altruism.

Data altruism organisations are recognised and registered by national authorities. That imply that the organisations (i) are legal entities acting in the general interest, (ii) operate on a non-profit basis, and (iii) perform activities related to the data altruism independently. These organisations must comply with transparency requirements (that are monitored by the national authorities) by keeping full and accurate information records and providing to the data subjects guarantees and information.

  1. The national competent authorities have to be independent, impartial and transparent in the exercise of their tasks. One of their function is to receive complaints against providers of data sharing services or entities entered in the register of recognised as data altruism organisations. 

On a European level, the proposal of regulation creates a European Data Innovation Board composed of representatives of national competent authorities. The board has mainly to (i) advice the European Commission on the regulation and (ii) facilitate the coordination between the national authorities. 

Conclusion


The proposed regulation on Data Governance must now be discussed, negotiated and voted on by the European Parliament and the Council of Ministers. It constitutes a first draft that will perhaps be amended. The text remains very interesting in the context of the development of the European data strategy. It proposes a new legal framework for the data with a broader scope of application than GPDR. It is clear that the future adoption of the proposal will lead to many questions regarding its exact relationship with GDPR. The proposal also seems to have to be understood as giving new economic and social opportunities, in particular for businesses. From this point of view (at least), it is therefore interesting to follow the future developments of the text, until its final adoption.

 

By Edouard Cruysmans and Erik Valgaeren
 

Team

Related news

02.12.2021 NL law
Back to the future – Commission publishes roadmap for green and digital challenges

Short Reads - The Commission’s Communication “A competition policy fit for new challenges” (link) (the “Communication”) identifies key areas in which competition law and policy can support European efforts in dealing with the challenges of the green and digital transitions. The document covers all areas of competition law (antitrust, merger control, and State aid) and identifies various ways in which new and existing tools can contribute to addressing these challenges.

Read more

02.12.2021 EU law
ECJ: private enforcement in aviation sector also a national court's game

Short Reads - Recently, the ECJ ruled that national courts dealing with private enforcement cases are competent to apply EU competition law to historical behaviour in the aviation sector, regardless of public enforcement by the Commission and national competition authorities, and regardless of whether or not such authorities had authority to pursue public enforcement in the relevant period.

Read more

02.12.2021 NL law
Google Shopping: self-preferencing is a form of abuse of dominance

Short Reads - On 10 November 2021, the General Court (GC) almost entirely dismissed Google’s action against the European Commission’s Google Shopping decision. According to the European Commission (the Commission), Google illegally favoured its own comparison shopping service by displaying it more prominently in its search results than other comparison shopping services (see our July 2017 Newsletter). The Commission found that Google was abusing its dominant position and imposed a EUR 2.42 billion.

Read more

02.12.2021 NL law
Gun jumping: beware, the Commission will take action

Short Reads - The Commission has imposed interim measures on Illumina and GRAIL. These measures include the obligation to run GRAIL by independent management. By adopting interim measures in addition to opening an investigation into whether Illumina and Grail breached the standstill obligation, the Commission has made clear it will not shy away from tough action against gun jumping during an ongoing merger review. 

Read more