The European Union takes the final step towards approval of the Data Governance Act 

The European Union takes the final step towards approval of the Data Governance Act 

The Data Governance Act (DGA) aims to establish robust mechanisms to facilitate the re-use of certain categories of protected public sector data, increase trust in data brokering services and encourage data altruism across the European Union.

This is an important component of the EU’s data strategy, which aims to boost the data economy. The new rules will apply 15 months after the entry into force of the Regulation.

What does the EU intend to achieve with this regulation? 

The DGA will complement the 2019 Open Data Directive, which does not cover this type of data.

In this sense, the DGA creates a framework to foster a new business model – data brokering services – that will provide a secure environment in which companies or individuals can share data.

For companies, these services can take the form of digital platforms, which will support data sharing between businesses and facilitate compliance with data sharing obligations established not only by this law, but also by other legislation, whether at European or national level. By using these services, companies will be able to share their data without fear of misuse or loss of competitive advantage.

In the case of personal data, these services and their providers will help individuals to exercise their rights under the General Data Protection Regulation (GDPR). This will help individuals to have full control over their data and allow them to share it with a company they trust. This can be done, for example, through novel personal information management tools, such as personal data spaces or data wallets, which are applications that share such data with others, based on the consent of the data subject.

Introduction of the figure of data intermediaries 

The Data Governance Act provides for the creation of so-called data intermediaries, new entities in charge of storing and processing data, to offer an intermediary service between data subjects and those entities that want to use the data, whether they are in the public or private sector.

Data brokers must guarantee the security, availability, integrity and usability of the data, that the data will only be used for their intended purpose and that they will not be sold to other entities for financial gain.

Data brokering service providers must be registered, so that their clients know that they can trust them. Furthermore, they may not use the shared data for other purposes, nor may they profit from the data, e.g. by selling it. However, they may charge for the transactions they carry out.

Other aspects included in this regulation 

The DGA also makes it easier for individuals and companies to make data available on a voluntary basis for the common good, such as medical research projects.

Entities wishing to collect data for general interest purposes can apply for inclusion in a national register of recognised data altruism organisations, and registered organisations will be recognised throughout the EU. This is intended to provide the necessary confidence to encourage individuals and businesses to provide data to such organisations so that it can be used for the wider social good.
Furthermore, the DGA creates safeguards for public sector data, data brokering services and data altruism organisations against unlawful international transfer or government access to non-personal data. And for personal data, the European Union already has similar safeguards in place under the GDPR.