Data Governance Act: increasing trust around data sharing

by Domenico Orlando - Compliance Consultant
| minute read

On September 24, 2023, the Data Governance Act (DGA) will come into force across the EU. Around three years in the making, this is the first legislative initiative of the EU data strategy to reach this stage, with others in the pipeline. Let’s try to map out the logic of this new law, the new concepts and roles it introduces, and the opportunities it could bring.

Through the Data Governance Act, the European Commission wants to harness the potential of the data held by public sector bodies. It aims to regulate the sharing of that data with businesses and research bodies, making the process easier but also ensuring it occurs within an appropriate framework of rules. Ultimately, this could facilitate the creation of new products and services while preserving transparency, equality, and privacy.

New concepts and roles

The act, which applies both to personal and non-personal data, is innovative on several fronts. It introduces new concepts and tools such as data altruism, which is the choice to make data available for use in the public interest, voluntarily and without reward. It also introduces protections and safeguards for non-personal data flowing from the EU to third countries.

The act introduces new roles too. First, there is the data intermediation services provider, a broker who acts as a link between the data holder and the party interested in using the data (the data user). This role is designed to be a trusted, transparent, and neutral intermediary between the two parties, who work within data protection rules, including GDPR. These intermediaries will conform to a strict set of requirements and will be registered in their jurisdiction. For example, the intermediary will exist as a separate legal entity and will not use the data except to transfer it from the holder to the user.

Secondly, any entity that wishes to engage in data altruism can register as a data altruism organisation throughout the EU. Additionally, the act provides for the creation of the European Data Innovation Board, made up of member-state and EU authorities in the fields of data protection and cybersecurity, which will develop good practices and advise the Commission on data reuse and interoperability. Member states will appoint national authorities to enforce the new regulations.

Who benefits?

We expect the Data Governance Act will be particularly relevant to sectors such as health, mobility, finance, and public administration. The data economy is often dominated by just one or a few players, sometimes public or semi-public, who hold a vast amount of valuable data but don’t use it to its full potential.

There will no doubt be start-ups and entrepreneurs with innovative ideas who will want to access that data to develop services that will benefit all of us. Here, the data intermediaries will step in to meet the needs of both the data sharer and the data user.

We can help!

As experts in data consulting, my colleagues and I can advise your organisation on how best to manage your data, no matter what you need to do with it. If your organisation wants to share data, altruistically or not, directly or via an intermediary, we can help you ensure that your trade secrets and intellectual property rights are protected, as well as guarantee that any personal data you hold will stay private.

One such guarantee comes out of the data holder’s obligation to anonymise data using the most up-to-date and effective techniques. The choice of intermediary is a key factor too, as they must be a trusted broker listed on a national register. We can also put safeguards in place to protect any non-personal data you want to transfer outside the EU. Additionally, our extensive legal expertise means we can help anyone in the Benelux who’s interested in becoming a data intermediation services provider.

Of course, we can also support data users who need to know the ins and outs of using data coming from the public sector. For instance, we can provide the necessary guarantees and organisational and technical measures to preserve any data you receive, as only trusted entities will succeed in this burgeoning market.

The data economy is a reality today, and it’s about to really take off. Now that there’s a clear set of rules in place, any organisation that wants to work in this sector needs to know the lie of the land.

Check out this blog post to find out more about EU compliance and the many benefits of data governance. Or contact me and my colleagues directly for a no-obligation chat.