Introduction
The Data Governance Act is a fundamental component of the European Strategical Plan for Data. It officially became effective on 23rd June, 2022 and was adapted on 24th September, 2023. This Act aims to enhance the utilization of data within the European Union through by enabling the re-use of the secured data held by the public sector agencies. It underscores the possibility for innovation and technological growth through access to data. It emphasizes the importance establishing robust guidelines and protection for sharing and re-use of data.
Purpose Of the Data Governance Act
The objective of the EU Data Governance Act is to be met through the implementation of several core initiatives which are:
- Introduction of mechanisms that allow for the access and re-use of specific data types which are held by public sector bodies, which cannot be released as floating data due to the existing data protection regulations.
- Establishment of measures to ensure that online intermediaries are reliable enablers for data sharing or pooling within the European data ecosystem.
- Creating incentives for individuals and companies to make their data available for the common good, supporting endeavors in healthcare, academia, research etc.
- Designing regulations which would enhance data sharing, particularly to facilitate data use across various sectors and with specific objectives.
Scope Of the Act
The Data Governance Act sets out guidelines for the utilization within the EU for the data held by the public sector entities. This data is secured and protected for reasons such as commercial confidentiality, third-party intellectual property rights and the protection of personal data. While the Act does not explicitly detail the circumstances under which it is applied to the foreign organizations, there are several provisions which imply its extraterritorial implications. Any non-EU entity which provides services within the European Union and qualifies as a data altruism company or intermediary must appoint a legal representative in every member state it is operating in. Hence, non-EU organizations which engage in the data re-use frameworks set up by the Act must stay abreast with any developments of the Act.
Mechanisms For Re-Utilization of Protected Data
The Act complements the Open Data Directive by addressing the re-use of the secured data which is not under the functions of the latter. It establishes several secured walls for the re-utilization of such data held by the public sector bodies including the governmental and other public sector entities. The Act does not obligate the public sector bodies to permit the reuse of data but sets conditions for any such authorization. These regulations include the banning of exclusive re-use rights, enforcement of technical measures like anonymization to protect data the privacy of the data holders and ensuring that the re-use of data complies with the principles of proportionality, non-discrimination and intellectual property rights. The Act provides the public sector agencies with two months to respond to any re-use requests and charging of fees which must be limited to necessary costs. Further it requires for confidential data to be shared only with the user consent. These measures aim to promote data re-use.
Data Transfer to Third Countries
In terms of data transfer beyond the EU, the DGA defers the GDPR. The provisions of the DGA are meant to not prevent cross-border transfer of data, and in any instance of conflict between the two laws, the GDPR or any EU law shall prevail.
Further, the DGA allows the European Commission to establish rules for the data transfer to non-EU states. These set of rules include conditions like restrictions on the re-use of data, specifying the authority to transfer data and the under what exceptional circumstances can such transfer take place. Re-use of data must be notified by the users to the originating public sector bodies about the purpose for transferring the data abroad. Public sector bodies can and shall permit such transfers if the re-users agree to comply with the specific obligations under the jurisdiction of the originating member state or as and when the European Commission recognizes that the third nation offers equivalent protections for trade secrets and intellectual property, along with effective enforcement and judicial redressal mechanisms.
Data Altruism Mechanism Under the Act
The Digital Governance Act (DGA) defines “data altruism” as the voluntary contribution of data by individuals and companies without any compensation, which is aimed at serving public interest objectives. To support this, the DGA has introduced a standardized European data altruism consent form, simplifying the data collection process across member states while ensuring easy consent management. This measure provides legal clarity for entities utilizing such data and establishes a trusted environment to promote data sharing for societal gains, like advancing research in healthcare and climate change or enhancing public services. Additionally, the DGA plans to create a “Rulebook” detailing technical and security standards for data altruism and mandates the registration of independent, not-for-profit data altruism organizations in national public registers.
Monitoring Of Compliances and Imposing of Penalties
Under the Digital Governance Act (DGA), each EU Member State is required to designate official bodies responsible for several key roles: aiding public sector entities in deciding whether to grant or deny requests for data reuse, overseeing data intermediation services, and managing the registration of data altruism organizations. These authorities are tasked with ensuring that the rules of the DGA are followed within their areas of responsibility. They have the power to enforce compliance by stopping data sharing services, deregistering data altruism organizations, or imposing significant financial penalties. These can even be applied retroactively for data intermediation services. Additionally, each Member State must establish its own penalties for violations of the DGA. This would ensure that the penalties are fair, impactful, and strong enough to discourage future infractions.
Conclusion
In conclusion, the Data Governance Act (DGA) is a significant step forward in optimizing data utilization within the European Union. It upholds rigorous standards for security and privacy. The Act facilitates re-use of protected data in a controlled manner, by public sector bodies and promotes data altruism, benefiting public good initiatives such as healthcare and climate research. By establishing a standardized consent framework and a clear regulatory environment, the DGA encourages data sharing. It ensures compliance through appointed national authorities who monitor adherence and can impose penalties for non-compliance. This regulatory framework ensures that data sharing contributes to societal benefits. It also positions the EU as a leader in global data governance, setting a benchmark for data security, privacy, and ethical data usage that could influence international standards and practices in the digital age.
