The European Commission (“EC”) on November 25, 2020, released the proposal for a Regulation on European Data Governance (Data Governance Act) (“DGA”). The DGA stems out of the measures which were announced in the 2020 European Data Strategy (“Data Strategy”), released on February 19, 2020, which aims to create a single market for the free flow of data across the sectoral data spaces that were identified in the Data Strategy.
The 9 data spaces (as identified in the Data Strategy) include:
(a) A common European industrial (manufacturing) data space;
(b) A common European Green Deal data space;
(c) A common European mobility data space;
(d) A common European health data space;
(e) A common European financial data space;
(f) A common European energy data space;
(g) A common European agriculture data space;
(h) A common European data spaces for public administration; and
(i) A common European skills data space.
The DGA’s goal is to provide businesses and industries the tools to control data in a way that does not violate any fundamental rights and stays protected and trusted within European values. According to the commission, the DGA will be in line with the existing data protection frameworks for personal data such as the General Data Protection Regulation (“GDPR”), and consumer protection laws. Moreover, keeping in mind the large amount of data that big-techs process, the Commission will assist in providing an alternative model for data handling practices, while at the same time introducing new rules on neutrality. The DGA also facilitates the reuse of data within the public sectors, for example, the reuse of health data for research.
Interestingly, while previous drafts of the DGA laid down a requirement for data localisation, in the sense that intermediaries between data holders and the secondary users would have to be established in the EU itself, the final proposal released on November 25, 2020, has done away with this requirement, facilitating data sharing even with non-EU entities or third countries. However, the caveat in this regard is that such data sharing service providers should either have a place of establishment in the EU or a designated representative. The DGA also introduces measures that are aimed at ensuring that data intermediaries function as ‘trustworthy’ organisers of data sharing within the established European data spaces. Such intermediaries will have to notify the authorities of their intention to provide any kind of data sharing services, while also complying with the strict rules of neutrality. For this purpose, the DGA envisages that data sharing service providers must only act as intermediaries and not use the data that is exchanged for any other purposes. As per the Commission, to implement the DGA, the best process is to create a structural separation between the data acquirer and the data intermediary, which will also eliminate any conflict of interest.
The DGA is the first set of proposals as part of the Data Strategy. The DGA is indeed an encouraging regulation that will foster growth and regulate data for the common good. However, certain applications in the proposal, such as the transfer of data to third countries, are yet to be looked upon more closely. We at BlockSuits will be following developments around the DGA and will report on further implementations.
Authored by Samaksh Khanna and Shivani Agarwal.
Comentários