The Data Governance Act (DGA) is the first legislative act of the European data strategy, and it was published in the Official Journal of the European Union on 3 June 2022. The DGA aims at facilitating the reuse of certain categories of protected public-sector data and increasing trust in data sharing across public sector bodies, users, data users, and data holders. It does so by allowing wider reuse of protected public-sector data, by proposing a new business model for data intermediation services and by promoting data altruism for the common good. The DGA, which provides a new framework for greater societal reuse and access to data, is the first element of an ambitious attempt to shape the European data economy. It will be complemented by the Data Act (see our observatory here).
Our observatory tracked the legislative development of the DGA from the Commission’s proposal in November 2020 all the way to the text adopted by the EU in May 2022. The observatory now provides a historical archive of the legislative process that led to the final text of the DGA.
This note assesses the interconnectedness of the GDPR respectively with the Data Governance Act and Data Act, shedding light on the different inconsistencies between the two acts and the GDPR that risk hindering the overarching objective of the European strategy for data.
The Data Governance Act risks leading to the growth of for-profit data intermediation services and centralizing market power even further. One way to avoid this is to provide stronger support for commons-based data governance.
... remains in line with a neoliberal focus on personal data and the individual imperative for each person to govern ‘their’ data
In this light, the Data Governance Act would not significantly alter the status quo for collective data governance mechanisms despite introducing the concept of data cooperatives. The authors find this attributable to the GDPR focus on personal data, which would enable cooperativism for non-personal data only. On the contrary, personal data, as highlighted in recital 24 DGA, would always require consent at the individual level, therefore making any delegation or conferral of rights to a third party impossible for personal data.
In this paper commissioned by Algorithm Watch, Winfried Veil argued that the EU is not sufficiently leveraging the concept of data altruism introduced by the Data Governance Act. Veil ascribes that as a failure because of the EU’s “religious approach” to personal data protection hindering collective governance mechanisms of personal data. In this light, GDPR is seen as a straitjacket for the concept of the data for good.
At MyData in the Netherlands, we co-hosted with Waag the workshop: "A closer look at data governance and the European data strategy: the Data Governance Act & the Data Act", during which we analyzed the EC's Inception Impact Assessment Document.
As part of the EDRIgram of July, we published a blogpost on the current state of things concerning the Data Governance Act proposal. We stress the importance of safeguarding GDPR provisions in the DGA to ensure legal certainty concerning the governance of personal data. Likewise, we highlight the missed potential of “data cooperatives” in the Data Governance Act to give rise to collective data governance mechanisms.
The Governments of Austria, Denmark, Finland and the Netherlands – self-proclaimed “Friends of the Data Economy” – sent a working paper to the Slovenian presidency on the Data Governance Act. The four countries have formulated common proposals to improve the final text ahead of the Council compromise proposal, including amendments aimed to “contribute to a flourishing and responsible data economy.”
The Centre for IP & IT law of KU Leuven published a white paper on the Data Governance Act. It offers an academic perspective to the Commission proposal on three main points. First, the authors argued that the regulation of data as an object of rights may exacerbate risks with the GDPR. Second, they highlighted the lack of reference to European data spaces despite being central to the European Strategy for Data. Finally, they discuss the impact of the proposal in light of Europe’s digital sovereignty ambitions.
The European Data Protection Board published its opinion on the Data Governance Act. The document focuses on the lack of adequate personal data protection in the proposal, which is not sufficiently differentiated from non-personal data. Likewise, it laments a lack of GDPR primacy in data protection which could be compromised by certain provisions in the DGA. In doing so, the Board proposed a wide range of amendments to protect personal data better and ensure consistency with other policy files at the EU level.
The German presidency of the Council of the European Union publishes a compromise proposal for the Data Governance Act. The compromise aims at clarifying the scope and the definitions introduced by the DGA in light of existing initiatives in the field and clarifies the obligation for public sector bodies in making data available to the public. In addition, it stipulates more requirements for data sharing services in making data available for reuse in order to ensure their independence. Finally, it clarifies the role of competent authorities in enforcing the application of the measure and the mandate of the European Data Innovation Board.
We submitted our Feedback to the Commission’s public consultation on the Data Governance Act proposal. In our submission, we discuss the proposal from a perspective that acknowledges the fundamental role of Open Access Commons-based data sharing in the overall data ecosystems. In particular, we focus on the need to protect open access commons resources in the European data-sharing ecosystem, which is not acknowledged in the original proposal. Precisely, in the original text, they might fall under the definition of “data sharing services” and “recognized data altruism organizations.” For a comprehensive European Data Strategy, it is important to correctly reference the important society-wide function performed by open access common resources.