On 25 November 2020, the European Commission published its proposal for a Data Governance Act. The measure is the first legislative element of the European data strategy presented in 2020. The proposed act aims at laying the foundations for a novel European way of data governance. And it does so by providing a new blueprint for the European data economy in the years to come by introducing new rules for public sector bodies, data intermediation services, and data altruism organizations. In this light, it is a key step in the definition of the European data commons by providing a new framework for greater societal reuse and access to data.
Our observatory tracks legislative developments of the proposal as it moves through the European Parliament and Council.
The Council of Ministers approved the final text of the Data Governance Act (DGA) that was agreed upon during the trilogue negotiations. The DGA will enter into force 20 days after its publication in the Official Journal of the European Union, and it will become applicable in August 2023.
This note assesses the interconnectedness of the GDPR respectively with the Data Governance Act and Data Act, shedding light on the different inconsistencies between the two acts and the GDPR that risk hindering the overarching objective of the European strategy for data.
The Data Governance Act risks leading to the growth of for-profit data intermediation services and centralizing market power even further. One way to avoid this is to provide stronger support for commons-based data governance.
... remains in line with a neoliberal focus on personal data and the individual imperative for each person to govern ‘their’ data
In this light, the Data Governance Act, despite introducing the concept of data cooperatives, would not significantly alter the status quo for collective data governance mechanisms. The authors find this attributable to the GDPR focus on personal data which would enable cooperativism for non-personal data only. On the contrary, personal data, as highlighted in recital 24 DGA, would always require consent at the individual level, therefore making any delegation or conferral of rights to a third party impossible for personal data.
Data altruism: how the EU is screwing up a good idea
In this paper commissioned by Algorithm Watch, Winfried Veil argues that the EU is not sufficiently leveraging the concept of data altruism introduced by the Data Governance Act. The author ascribes such as a failure because of the EU’s “religious approach” to personal data protection which hinders collective governance mechanisms of personal data. In this light, GDPR is seen as a straitjacket for the concept of the data for good.
At MyData in the Netherlands, we co-hosted with Waag the workshop: "A closer look at data governance and the European data strategy: the Data Governance Act & the Data Act", during which we analyzed the EC's Inception Impact Assessment Document.
The Data Governance Act – between undermining the GDPR and building a Data Commons
As part of the EDRIgram of July, we publish a blogpost on the current state of things concerning the Data Governance Act proposal. We stress the importance of safeguarding GDPR provisions in the DGA to ensure legal certainty concerning the governance of personal data. Likewise, we highlight the missed potential of “data cooperatives” in the Data Governance Act to give rise to collective data governance mechanisms.
AT, DK, FI, NL submit working paper to the Slovenian presidency
The Governments of Austria, Denmark, Finland and the Netherlands – self-proclaimed “Friends of the Data Economy” – send a working paper to the Slovenian presidency on the Data Governance Act. The four countries have formulated common proposals to improve the final text ahead of the Council compromise proposal. These amendments aimed to “contribute to a flourishing and responsible data economy”, constitute the only public document so far that represents Member States’ position on the Data Governance Act.
CiTiP Working Paper Series: White Paper on the Data Governance Act
The Centre for IP & IT law of KU Leuven published a white paper on the Data Governance Act. It offers an academic perspective to the Commission proposal on three main points. First, the authors argue that the regulation of data as an object of rights may contribute to the exacerbation of risks with the GDPR. Second, they highlight the lack of reference with the concept of European data spaces despite being central in the European Strategy for Data. Finally, they discuss the impact of the proposal in light of Europe’s digital sovereignty ambitions.
The European Data Protection Board publishes its opinion on the Data Governance Act. The document focuses on the lack of adequate protection of personal data in the proposal, which is not sufficiently differentiated from non-personal data. Likewise, it laments a lack of GDPR primacy in data protection which could be compromised by certain provisions in the DGA. In doing so, the Board proposes a wide range of amendments to better protect personal data and ensure consistency with other policy files at the EU level.
The German presidency of the Council of the European Union publishes a compromise proposal for the Data Governance Act. The compromise aims at clarifying the scope and the definitions introduced by the DGA in light of existing initiatives in the field and clarifies the obligation for public sector bodies in making data available to the public. In addition, it stipulates more requirements for data sharing services in making data available for reuse in order to ensure their independence. Finally, it clarifies the role of competent authorities in enforcing the application of the measure and the mandate of the European Data Innovation Board.
We submit our Feedback to the Commission’s public consultation on the Data Governance Act proposal. In our submission, we discuss the proposal from a perspective that acknowledges the fundamental role played by Open Access Commons-based data sharing in the overall data ecosystems. In particular, we focus on the need to protect open access commons resources in the European data-sharing ecosystem, which are not acknowledged in the original proposal. Precisely, in the original text, they might fall under the definition of “data sharing services” and “recognized data altruism organizations”. For a comprehensive European Data Strategy, it is important to correctly reference the important society-wide function performed by open access common resources.