The EU member states and the European Parliament reached a provisional agreement regarding a European Data Governance Act (DGA) on November 30, 2021. The objective of these discussions is to promote the availability of data and build an environment for research and the creation of new services and products. This is the first legislative initiative under the European strategy for data.
The DGA proposes to create the foundation for a new method of data governance while keeping in line with the GDPR. This proposed regulation aims to facilitate more data exchange across the EU member states. It will set up a robust mechanism to permit the reuse of certain public sector data and foster data altruism across the EU.
Reusing protected public-sector data
The DGA, as mentioned above, aims to ensure the safe reuse of certain public-sector data which includes trade secrets, personal data, and data protected by IP laws. The public-sector bodies permitting such reuse will have to be adequately equipped so as to follow through with this objective.
The DGA will cover that set of public data that is outside the scope of the Public Sector Information Directive of 2019. Further, it restricts the grant of exclusive rights to reuse such data unless necessary for the provision of products or services in the general interest. Additionally, the DGA also imposes conditions for the reuse of such data, in order to preserve confidentiality. This includes the requirement to anonymise or pseudonymise personal data. It also speaks of reusing data in a “secure processing environment” regulated by the public sector body.
The DGA makes provisions for a concept known as data altruism. Data altruism refers to persons, natural and legal, consenting to the use of their data in the general interest. The term “general interest” includes activities such as scientific research.
Those entities that operate on a non-profit basis and support the general interest may register as “data altruism organizations recognized in the Union”. Such membership will be valid in all member states. Such organizations will have to record all details pertaining to the processing of the said data. The organization shall also inform data holders regarding data processing in any third country. The concept will ensure a trustworthy environment to facilitate greater and safer data exchange.
Transfer to third countries
The DGA also accounts for data transfers to third countries. Reasonable precaution is to be taken to prevent transfer of data to third countries, if the same creates conflict with EU member states.
Further, it states that decisions by courts or authorities from third countries will be enforceable based on the existence of an international agreement.
This agreement now awaits formal approval by the European Parliament and Council. Additionally, the commission is believed to soon propose the Data Governance Act. This move aims to encourage the sharing of data between businesses and governments.