About the proposal
On 25 November 2020, the European Commission announced its Proposal on European Data Governance, Data Governance Act (DGA) for short. The proposal follows the Commission’s Communication “A European Strategy for Data” from February 2020. The Commission has announced the DGA to be the first of a number of legislative proposals to govern access and use of data in the European Union.
I am the European Parliament’s rapporteur for the opinion of the committee on Civil Liberties, Justice and Home Affairs (LIBE), that has exclusive competences regarding matters of data protection.
The DGA combines several instruments to “increase trust in data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles to the reuse of data”, according to the Commission. First, it complements the Open Data Directive to open up data explicitly excluded from the scope of the Directive, that is non-personal data held by public sector bodies that is protected by third party rights, as well as personal data held by the public sector. Second, it establishes rules for data sharing service providers, with the purpose of enabling data sharing among businesses with and without remuneration, and encourages the creation of cooperatives that would strengthen individual data subjects’ and small non-personal data holders’ position. Finally, it encourages “data altruism” by individuals by creating a standardized consent form for data subjects to make their personal data available for purposes serving the general interest, and by establishing organisations to pool these data and make them attractive for data users. It also creates a structure of competent authorities to enforce its provisions, and an expert group to support its goals.
In its impact assessment, the Commission estimates the economic value of the combined measures to amount to 3.87% to 3.95% growth of the GDP.
My Point of View
As has been pointed out by experts from academia, civil society, as well as notably in the joint statement of the European Data Protection Board and the European Data Protection Supervisor, the DGA has substantial implications for the protection of personal data. As rapporteur for the LIBE committee with its exclusive competences on data protection, the following issues are most important to me:
- Emphasizing the centrality of the General Data Protection Regulation: Legal clarity and certainty about the DGA’s relationship vis-a-vis the General Data Protection Regulation (GDPR) is central to the regulation, considering that the legislator is bound by Article 8 of the Charter and Article 16 of the Treaty on the Functioning of the European Union. Thus, my opinion draft proposes one central provision stating the primary role of the GDPR. This clarification will secure the fundamental right of protection of personal data.
- Effective differentiation between personal and non-personal data: One of the main premises of the data protection law is that the data subjects’ rights are very different from controls holders of non-personal data can exercise. Thus, I decided to re-draft the provisions applying to data subjects and data holders respectively to emphasize the differences between the two. This also applies to data sharing service providers who must treat the two categories of data differently. In case of non-personal data, they can offer pooling and sharing, as well as additional treatment of data as a service. Regarding personal data, those providers cannot and should not substitute data subjects who must continue to comprehensively exercise their rights in their own name. As a result, the providers’ function with respect to personal data must be distinctly different, and focus on facilitating between data subjects and potential data users. Only then, will they be able to remain neutral and not process personal data themselves.
- No disincentive for public sector bodies to make data available under the Open Data Directive: While the Open Data Directive’s provisions exclude non-personal data protected on grounds of commercial and statistical confidentiality, of intellectual property rights of third parties, as well as personal data, the Data Governance Act applies explicitly to those. This should not create any disincentive for public sector bodies to publishing Open Data. Where techniques such as anonymization, aggregation, or others can effectively be applied and thus derive data that does fall under the re-use regime mandated by the Open Data Directive, the latter should take precedence.
- Data altruism must lead to data use in the general interest: Where individuals are incentivized to make their data available voluntarily for the benefit of general interest, their trust should not be abused. Therefore, it is important to clarify that the organisations that make such data available, as well as the potential data users, use the data with the same objective of contributing to the general interest. Consequently, I have opted to change the name of the organisations pooling and sharing altruism data, to “General Interest Data Hubs”.
Current state of the legislative procedure
Under the so-called “associated committee procedure”, the European Parliament’s Industry (ITRE) committee takes the lead on the DGA, while the LIBE committee is exclusively responsible for certain parts of the report on matters of the protection of personal data.
In LIBE, shadow rapporteurs can submit amendments to the Commission proposal by 1 June, followed by compromise discussions between the different political groups. A vote in LIBE is currently foreseen for the 28 June.
The ITRE committee is currently discussing compromises and intends to vote on the report in the last weeks of June.