The Data Governance Regulation (the “DGR”) – The first wave of the digital era in Europe11 March 2021
On November 25th, 2020, the European Commission („EC”) published its proposed Data Governance Regulation (the „DGR”) in response to the public consultation on the European Strategy for Data. The DGR is the first of a wave of regulatory reforms targeting the digital sector, which will include additional legislative proposals between 2020 and early 2021, as well as significant changes to the EC’s ability to enforce the European Union competition rules.
At this moment, from a procedural point of view, the Regulation is beginning to take shape, between November 25th, 2020, and until February 24th, 2021 it was subject to discussions within the Council of European Parliament and its preparatory bodies regarding its entering into force. The public consultation was open until 8 February 2021. After it enters into force, the DGR will be binding in its entirety and directly applicable in all Member States and it does not require to be transposed into national laws.
In the following, we cover the main proposals of the DGR, which we believe will reshape the data sharing landscape in Europe in 2021.
The DGR – an „equilateral triangle” of three main objectives
Generally, the DGR describes a vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union. Besides this objective of free data sharing, the DGR has other three main objectives:
► Sharing of public sector data: the DGR aims to create a mechanism to promote the sharing and re-use of certain categories of protected public sector data that are subject to personal data protection, intellectual property, or commercial confidentiality rights and therefore fall outside the scope of the access envisaged by the 2019 Open Data Directive. The DGR does not create a right to re-use such data, but provides for a set of harmonized basic conditions under which the re-use of such data may be allowed;
► Introducing the notion of „Data sharing service providers”: the DGR also aims to create a new legal regime for so-called “data-sharing service providers” concerning both personal and non-personal data, who will: (i) be the only third parties able to run data exchanges (often referred to them as “trusts” for “data pools”) envisaged by the DGR; and (ii) have to be neutral as regards the data exchanged, including by being prohibited from using data for other purposes and being subject to fiduciary duties towards individuals;
► Introducing the term „Data altruism”: the DGR aims to introduce and facilitate the so-called “data altruism” –individuals or companies voluntarily consenting to the use of their data (personal and non-personal) for the general interest, and creating a new system to register organizations engaging in data altruism to increase trust in their operations. The concept of „data altruism” seems to be a new type of consent for the use of protected data (personal or otherwise) without reward for general interest, such as scientific research purposes or improving public services.
What wider regulatory changes will the DGR be a part of?
The EC’s digital regulatory and antitrust agenda is highly ambitious, including not only the Digital Strategy but also the EC’s White paper on artificial intelligence and consultations on the Digital Services Act package, a “New Competition Tool” („NCT”) to allow the EC to investigate and require changes in market structure without showing an antitrust infringement, and the EC notice on relevant market definition in the field of competition law.
The DGR and the compliance with other EU policies
As a rule, the DGR must be fully compliant with other Union policies. Sector-specific legislation on data access is in place and/or under preparation to address identified market failures in fields such as the automotive industry, payment service providers, smart metering information, electricity network data, intelligent transport systems, environmental information, spatial information, and the health sector. The current proposal supports the use of data made available under existing rules without altering these rules or creating new sectorial obligations.
Nonetheless, the DGR must not:
► contain any provision specific to these data spaces, but rather aims to create an institutional framework that will apply to them as well as other data exchanges (further measures will likely be set out in the Data Act, originally expected in the second quarter of 2021, but delayed until at least the third quarter);
► create any obligation to share or right to re-use data or alter the intellectual property rights of third parties or limit the exercise of these rights in any way, except as set out in the DGR.
Public-sector data sharing – an „older goal” of the EU policy
The idea that data generated at the expense of public budgets should benefit society has been part of EU policy for a long time. The Open Data Directive requires the public sector to make more data easily available for use and re-use, but commercially confidential data, data subject to statistical confidentiality, and data protected by intellectual property rights of third parties (including trade secrets and personal data) are generally excluded.
Due to the sensitivity of such data, certain technical and legal requirements must be met before they can be shared. Some Member States have taken measures to encourage this type of re-use, but this is not the case across all EU’s Member States.
New tasks for public sector bodies under the DGR – a competition law perspective
To be in line with the DGR provisions, public sector bodies:
► will be required to establish principles for re-use of data they hold that are non-discriminatory, proportionate, and objectively justified, while not restricting competition;
► when entering into agreements for re-use of such data, must avoid as far as possible the conclusion of exclusive agreements, except when necessary for the provision of a service of general interest (for example, where there is only one entity specialized in the processing of a specific dataset). In any case, such agreements must be awarded consistently with EU public procurement and State aid rules and for periods of no more than three years.
Additionally, the DGR requires that the Member States establish a „single information point” to act as the primary interface for re-users that seek to re-use data held by public sector bodies. The Member States must also designate bodies to support the public sector bodies allowing re-use of protected data, including by providing secure data processing environments to allow data analysis in a manner that preserves the privacy of the information. Such bodies could also support the management of consents.
Finally, as an advantage, public sector bodies could charge the users for the re-use of data. Such fees must be non-discriminatory, proportionate, and objectively justified and should not restrict competition and the DGR provides the possibility that lower fees, for example, could be charged for certain categories of re-uses (i.e. non-commercial re-use, or re-use by small and medium-sized enterprises).
What are the benefits offered by the DGR?
Firstly, the DGR aims to ensure good data management and data sharing will enable industries to develop innovative products and services and will make many sectors of the economy more efficient and sustainable. It could be also essential for training AI systems.
On top of that, with more data available, the public sector can develop better policies, leading to more transparent governance and more efficient public services.
Lastly, data-driven innovation will bring benefits for companies and individuals by making their lives and work more efficient through health data (i.e. improving personalized treatments, providing better healthcare), mobility data, environmental data (i.e. combatting climate change), agricultural data (i.e. developing precision farming, new products in the agro-food sector), and public administration data (i.e. delivering better and more reliable official statistics, and contributing to evidence-based decisions).
These ambitious objectives need to be followed by concrete actions, especially from the Member States, so that we may all have a Europe that fully embraces the new digital age in the field of data sharing. Yet, one thing is sure: the DGR seems to be the legislative link between the public sector and the private one in the matter of data sharing across Europe.
 Proposal for a Regulation on European Data Governance (Data Governance Act) available on the following link https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020PC0767&from=EN
 This proposal complements the Directive (EU) 2019/1024 on open data and the re-use of public sector information (Open Data Directive) which can be consulted at the following link https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019L1024&from=RO