The EU Data Governance Act (DGA) aims to promote sharing and re-use of public sector data and to encourage data altruism. Those wishing to benefit from public sector data for their own analysis (referred to as data users in the DGA) need to understand the conditions that such sharing and re-use will operate under.
Is the text of the law finalised yet? When will it apply?
Yes. The DGA was adopted on 30 May 2022 and published in the Official Journal of the European Union on 3 June 2022. It entered into force on 24 September 2023.
Who does it apply to?
The DGA applies to:
- public sector bodies (but not state-owned businesses);
- data intermediaries (i.e. neutral third parties who help broker the flow of data from the data source to data users, which may be individuals or companies); and
- recognised data altruism organisations (data altruism is when individuals or companies voluntarily make their data available free of charge so it can be used in the public interest. Data altruism organisations will facilitate this).
What are the key obligations?
The DGA establishes principles around the re-use of data that public sectors bodies must comply with. For example, conditions for re-use of data placed on data users must be non-discriminatory, transparent, proportionate, objectively justified and must not restrict competition. Member States will be required to establish a single information point as an interface for the re-use requests.
Data intermediaries will be required to be neutral and cannot themselves use the data which they are facilitating to be re-used. The procedure for data users to access data intermediary services must be fair, transparent and non-discriminatory. Data intermediaries will also need to notify and register with a regulatory body.
Individuals and companies may choose to consent to the use of their personal and non-personal data for altruistic purposes. The European Commission is to develop a European data altruism consent form. Recognised data altruism organisations will have to be not-for-profit, legally independent and structurally separate.
The DGA also imposes General Data Protection Regulation style restrictions around transferring non-personal data outside of the EU.
Does the UK have anything similar?
No, but the UK has similar concerns on data availability so this may serve as a blueprint for UK.
What are some of the commercial impacts of this law?
Organisations wishing to take advantage of the new framework will need to consider how to identify and contract with registered data intermediaries and data altruism organisations appropriately.
Where can I learn more?
Click here to download our full report on the EU/UK Digital and Cyber Strategies.
Subscribe and stay up to date with the latest legal news, information and events . . .