EU – Data Governance Act becomes applicable
Browse this blog post
Related news and insights
Blog Post: 27 April 2023
Blog Post: 02 February 2022
Blog Post: 24 January 2022
The DGA prescribes rules and safeguards to facilitate the re-use of protected data (such as personal data and commercially confidential data) held in the public sector. It sets out the conditions and procedure for the filing and acceptance of data re-use requests and the measures needed to ensure protection of data throughout the process.
With respect to data intermediation, the DGA provides for data intermediaries, such as data marketplaces, to act as neutral and transparent third parties whose role is to connect individuals and companies with data users and who cannot directly use the data that they intermediate for profit. There is a strict regime for obtaining confirmation from competent authorities that a data intermediary is recognised and authorised to operate. There must also be a strict legal separation between the data intermediation service and any other services provided by an entity.
The DGA also facilitates data altruism, to encourage individuals to consent to, and companies to give permission for, the data they generate being used in the public interest to promote research and development activities. This requires data altruism organisations to have a not-for-profit character and meet transparency requirements. They must also comply with the rulebook developed by the European Commission on information requirements, technical and security requirements, communication roadmaps and recommendations on interoperability standards.
The DGA envisages the establishment of the European Data Innovation Board (EDIB), whose primary task is to advise and assist the Commission in implementing the DGA and developing consistent practices for data altruism and data intermediation. The EDIB will take the form of an expert group comprising representatives from the Member State competent authorities for data intermediation and data altruism, and also from the European Data Protection Board, the European Data Protection Supervisor and the European Union Agency for Cybersecurity.
Finally, the DGA sets out safeguards with respect to international transfers of non-personal data, whereby a re-user of data in a country outside the EU will need to ensure the same level of protection as under EU law.