Council of the EU agrees position on Data Governance Act
Browse this blog post
Related news and insights
Blog Post: 22 February 2024
Blog Post: 14 February 2024
Blog Post: 07 February 2024
Blog Post: 31 January 2024
On 1 October 2021, the Council of the European Union (Council) reached agreement about the text of the proposed European Commission Data Governance Act (DGA) and issued a mandate to the EU Presidency to start trilogue negotiations about the proposal with the European Parliament and the European Commission.
The DGA seeks to facilitate data-sharing mechanisms with the aim to promote availability of public-sector data to drive innovation and advanced solutions in artificial intelligence, smart manufacturing, mobility, healthcare and other areas. The DGA is expected to enable the reuse of certain categories of protected public-sector data, build confidence in data intermediation services and promote data-altruism. You can find our high-level overview of the original European Commission’s proposal here and on the Council’s work on the DGA here.
The final compromise text adopted now by the Council includes the following key changes to the initial proposal:
- Relationship between the DGA and the GDPR: the Council’s text includes a clearer delineation for situations when personal data are concerned and makes it explicit that the DGA does not create a legal basis for personal data processing.
- Reuse of protected public-sector data: the Council amended the provisions regulating administrative arrangements enabling reuse of public-sector data that are subject to rights of others (such as data protected by IP rights, trade secrets and personal data), with the aim of increasing flexibility for Member States in relation to regulating such re-use. Public sector bodies will not be obliged to provide assistance to potential re-users in seeking permission for re-use or consents (but may choose to do so in certain cases).
- New business model for data intermediation services: the proposal sets out the regulatory context for a new business model that would provide a secure environment for companies or individuals to share data through data intermediation services. The Council introduced a definition of ‘data intermediation service’ to the draft DGA, clarifying that entities offering these services will not share data themselves but rather have a facilitating role for other entities that engage in data sharing. The Council also clarified the key characteristics of different types of data intermediation services for the purposes of the DGA and included a non-exhaustive list of the types of entities that are covered by this definition (e.g. data pools established jointly by several companies for licensing the use of such pool to other parties) or are explicitly excluded (e.g. advertisement or data brokers).
- Data altruism: the proposal seeks to enable individuals and companies to share their data voluntarily for wider societal benefits. The Council’s amendments seek to encourage Member States to develop organisational or technical arrangements (including national policies) to facilitate data altruism. Some requirements on recognised data altruism organisations were removed (e.g. provisions requiring a separate legal structure for the activities related to data altruism from organisation’s other activities are replaced with the requirement for a functional separation), while other requirements were made more onerous. For instance, the Council’s text now clarifies that compliance with the codes of conduct for data altruism organisations, to be adopted by the European Commission, will be required for registration as a recognised data altruism organisation.
- International access and transfer of non-personal data: the Council introduced amendments to allow the European Commission to adopt model contractual clauses to support public sector bodies and re-users to comply with DGA obligations in the event of transfers of public-sector data to third countries.
- Transitional provisions: the Council proposes to extend the transitional period for when the DGA becomes applicable from 12 months to 18 months after its entry into force. Entities providing data intermediation services will have a further 24 month period after the DGA becomes applicable to comply with new requirements.