The Data Governance Act – regulating access to data held by public authorities
Why a Data Governance Act?
On 25 November 2020 the European Commission published a Proposal for a Regulation on European data governance1(the “Data Governance Act”), part of a set of measures related to the European data strategy that aims at making the EU a leader in a data-driven society.
Noting that public authorities are collecting a vast amount of data that may be of substantial commercial or industrial interest, the proposed Data Governance Act establishes a framework enabling private entities to re-use such data for commercial or non-profit purposes.
In that context, the definition of data as “any digital representation of acts, facts or information and any compilation of the same, including in the form of sound, visual or audiovisual recording” is quite broad.
Conditions need to be set out as the data concerned is traditionally protected on various legal bases such as commercial or statistical confidentiality, intellectual property rights or personal data protection2.
In contrast, the complementing regime on Open Data aims at making freely accessible documents and/or statistical data produced by public sector bodies of the Member States that are not otherwise protected.
Read more about Open Data.
What’s in the Data Governance Act?
The proposed Data Governance Act relies on several concepts allowing onward processing operations of data initially held by public authorities, notably as follows.
- Managing access to data held by public authorities: EU Member States would be required to designate one or more competent bodies, which may be sectoral, to support public sector bodies granting access to data for re-use purposes;
- Data intermediaries providing data sharing services: neutral data-sharing providers would provide intermediation services, in particular between “data holders” and “data users”, notably by the creation of platforms enabling such exchange or joint exploitation of data; a notification framework would govern entities willing to provide such services.
- Data altruism: a concept that would enable legal entities to gather data from individuals for projects of general public interest (such as scientific research; interested entities would need to qualify as “data altruism organisations” based on certain specific criteria, such as operating on a not-for-profit basis.
What’s not in the Data Governance Act
The Data Governance Act does not intend to create new obligations on companies processing personal data, the processing of which remains subject to the GDPR.
Private entities will not be able to request disclosure of any trade secret or other valuable data from competitors on the basis of the Data governance Act. Rather, it regulates access to data held by public sector entities or the voluntary disclosure of other data between companies and individuals. Private entities may indeed be inclined to share some of their data on a voluntary basis in order to foster big data analyses that, for example, would be profitable to a whole sector of activity.