The EU is working to strengthen various data-sharing mechanisms. The aim is to promote the availability of data that can be used to power applications and advanced solutions in artificial intelligence, personalised medicine, green mobility, smart manufacturing and numerous other areas.

The Council of the European Union’s Permanent Representatives Committee (COREPER) has now agreed on a negotiating mandate on the Commission’s proposal for a Data Governance Act (DGA). The DGA would seek to set up mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and promote data altruism across the EU.

The DGA covers:

• reuse of public-sector data: the DGA will create a mechanism to enable the safe reuse of certain categories of public sector data that are subject to the rights of others, e.g., data protected by intellectual property rights, trade secrets and personal data; public-sector bodies allowing this type of reuse will need to be technically equipped to ensure that privacy and confidentiality are fully preserved; the DGA will complement the Open Data Directive (2019/1024/EU), which does not cover such types of data; the Council text introduces more flexibility and takes account of national specificities that already exist in some Member States;
• creating a new business model for data intermediation: the proposal creates a framework to foster a new business model for data intermediation services to provide a secure environment to help companies or individuals share data; such services could be digital platforms, which would support voluntary data sharing between companies or facilitate data sharing obligations set by law; by using these services, companies will be able to share their data without the fear of misuse or a loss of competitive advantage; as for personal data, such providers would help individuals exercise their rights under the GDPR, giving them full control over their data and allowing them to share their data with a company they trust, e.g., through the use of personal information management tools, such as personal data spaces or data wallets, i.e. apps that intermediate with others based on consent; data intermediation service providers would need to be listed in a register; they would not be allowed to sell the data on or use it for other purposes, but would be allowed to charge for the transactions; the Council position has clarified the scope of these provisions, in particular to indicate more clearly which types of companies can be data intermediaries;
• encouraging data altruism: the proposal makes it easier for individuals and companies to make data voluntarily available for the common good, such as a particular research project; entities seeking to collect data for objectives of general interest based on data altruism may request to be registered in a national register of recognised data altruism organisations recognised across the EU; the Council position has made compliance with a code of conduct a requirement for registration as a recognised data altruism organisation;
• European Data Innovation Board: this new structure will advise and assist the Commission in enhancing the interoperability of data intermediation services and ensuring consistent practice in processing requests for public sector data, amongst other tasks; the Council has introduced some improvements in the Board’s tasks and structure; and
• international access and transfer of non-personal data: the proposal creates safeguards for public sector data, data intermediation services and data altruism organisations against unlawful international transfer or governmental access to non-personal data; for personal data, the EU already has similar safeguards under the GDPR; the main change introduced by the Council is that the Commission can adopt model contractual clauses to support public sector bodies and re-users in the case of transfers of public sector data to third countries.

Under the Council text, the new rules will apply 18 months after the entry into force of the Regulation (instead of 12 months, as proposed by the Commission). The Council presidency can now start negotiations with the European Parliament. Both the Council and the European Parliament will need to agree on the final text. To read the Council’s press release in full and for a link to the Council mandate, click here.