As of September 2023, the provisions of the Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724, or “Data Governance Act” (DGA) for short, are directly applicable in the EU Member States. Find out what the Data Governance Act entails and the most important provisions here.
What is the Data Governance Act?
The Data Governance Act is one of five new regulations that have been or will be enacted by the EU as part of the European data protection strategy.
While the Digital Markets Act (DMA) is mainly aimed at clarifying competition and antitrust issues and resolving big data monopolies, the Data Governance Act aims to create a single European market for data and remove previous barriers to the use of data. The Data Governance Act aims to make more data available and facilitate the exchange of data between sectors and EU countries in order to harness the potential of data for the benefit of European citizens and businesses.
What is the Data Governance Act supposed to achieve?
By creating a single European data market, data is to be made more easily accessible so that it can be used both commercially and for research purposes. The aim is to make the European market more competitive in the field of data-based innovations.
Who is affected by the provisions of the Data Governance Act?
The Data Governance Act is primarily aimed at public bodies, data brokerage services and altruistic organizations.
- Public sector body are the State, regional or local authorities, bodies governed by public law or associations formed by one or more such authorities, or one or more such bodies governed by public law (Art. 2 No. 17 DGA).
- Data intermediation service means the provision of data by a data subject or a data holder to a data user for the purpose of the joint or individual use of such data, based on voluntary agreements or Union or national law, directly or through an intermediary, for example under open or commercial licences subject to a fee or free of charge (Art. 2 No. 11 DGA).
- Data altruism means the voluntary sharing of data on the basis of the consent of data subjects to process personal data pertaining to them, or permissions of data holders to allow the use of their non-personal data without seeking or receiving a reward that goes beyond compensation related to the costs that they incur where they make their data available for objectives of general interest […] (see Art. 2 No. 16 DGA).
In addition, natural and legal persons have the right to lodge a complaint if they believe that actors are not complying with the provisions of the Data Governance Act or are implementing them inadequately (Art. 27 DGA).
Central regulatory content
The primary aim of the Data Governance Act is to increase the availability of data. The central regulatory content of the Data Governance Act are the following:
- Under certain conditions, data from the public sector should be able to be used by non-public bodies beyond its original purpose.
- Data intermediation services are intended to enable the exchange of large volumes of data and simplify the use of data in the context of legal obligations.
- Data intermediation services should act as trustworthy organizers for data sharing between companies.
- Individuals and companies can give their consent or permission to provide data.
- Institutions that provide relevant data on the basis of data altruism can register as data altruism organizations recognized in the Union.
What sanctions does the Data Governance Act stipulate?
Violations of the provisions of the Data Governance Act are subject to sanctions (Art. 34 DGA). The Member States shall adopt provisions on sanctions for this purpose, which shall be effective, proportionate and dissuasive.
Is the Data Governance Act a curse and/or a blessing?
Increasing the availability of data and creating a single European market for data are fundamentally welcome goals that should be pursued in the long term.
However, the Data Governance Act also sets out a comprehensive catalog of requirements for the individual players. At this stage, it is not yet clear whether the provisions of the Data Governance Act will actually have the desired effect or even prove to be counterproductive.