The Commission proposal on European data governance (Data Governance Act) put forward in November 2020 aims to give the EU new rules on how public authorities, companies and individuals should be able to make their data available and to increase data use. These rules on the “data market” should ensure, that public authorities and companies can make industrial data (so-called non-personal data) available to data users. In addition, personal data should also be made available.
Wherever personal data is processed or made available, the European General Data Protection Regulation (GDPR) applies, because the protection of privacy is a fundamental right and is firmly anchored in the Treaties on European Union.
As rapporteur for the opinion of the Committee on Civil Liberties, Justice and Home Affairs (LIBE) in the European Parliament, I have a special responsibility for data protection. Therefore, the warning expressed by European data protection authorities regarding the possibility of legal uncertainty in data protection was one of the main guidelines for my draft opinion that I am publishing today.
The guidelines for my draft:
- The General Data Protection Regulation is of central importance, so I am clarifying the primacy of the GDPR for data governance as well.
- Personal and non-personal data must be treated differently as a matter of principle, since for personal data the rights of data subjects are decisive, and they cannot be ceded.
- Public entities must continue to make data available for reuse. Data governance must not be an incentive to stop publishing data where this would be possible under the Open Data Directive.
- If individuals are incentivized to make their personal and sensitive data available as “data altruism,” their trust must not be abused. Therefore, data use must also serve the common good.
The shadow rapporteurs are now required to submit their amendments on data governance by June 1.