Towards a new era in data management in Europe

25/09/2023

In the digital age, data management and regulation are crucial issues at national and European level.

In this article, we will examine three important European regulations that aim to provide a new framework for data governance:

  • Regulation (EU) 2022/868 on European data governance (DGA - Data Governance Act),
  • the proposal for Regulation COM (2022) 68 (the so-called Data Act) concerning harmonised rules on fair access and use of data, and
  • the proposal for Regulation COM (2022) 197 on the European Health Data Space (EHDS).

Regulation (EU) 2022/868 (DGA - Data Governance Act)

Regulation (EU) 2022/868 or more simply DGA (Data Governance Act) aims to establish a regulatory framework for the management, exchange and use of data within the EU. The DGA will apply from 24 September 2023, establishing important guidelines for the re-use within the EU of certain categories of data held by public bodies, as well as a framework for the collection and provision of data brokerage services.

The Regulation applies under Article 3 to data held by public sector bodies for reasons of:

  • commercial confidentiality, including commercial, professional or business secrets;
  • statistical confidentiality;
  • protection of intellectual property rights of third parties; or
  • protection of personal data, insofar as such data is outside the scope of the Open Data Directive (EU) 2019/1024.

Public sector bodies have the option and not the obligation to allow access to protected data for re-use. When re-using data, public bodies shall ensure in accordance with Article 5 that the following requirements are met:

  • grant access for re-use of data only if the public sector body has ensured that the data have been anonymised, in the case of personal data; and modified, aggregated or processed in the case of confidential business information;
  • access and re-use the data remotely within a secure processing environment provided or controlled by the public body;
  • accessing and re-using data within the physical premises where the secure processing environment is located.

The DGA then provides for the establishment of the single information point (Article 8), which will act as a central contact point for those wishing to re-use data. This point will simplify and facilitate the process of requesting access to data.

In this way, the regulation aims to promote the altruistic attitude of non-personal data controllers and data subjects by encouraging the sharing of data for the common benefit.

Regulation (EU) 2023/2854 (Data Act)

On 27 November 2023, the European Parliament and the Council of the European Union approved the Data Act on harmonised rules on fair access to and use of data, with the aim of regulating the re-use of data by removing obstacles to the development of the European data economy.Some key points of the Data Act include:

  • access to and use of data: facilitating access to and use of data by consumers and businesses;
  • interoperability of data and data-sharing mechanisms and services;
  • establishing safeguards against unlawful data transfers;
  • obligations for data holders such as: providing full information on the data generated; allowing users to access the data generated; and sharing the data generated with other parties indicated by users.

This Regulation therefore seeks to promote the openness, transparency and accessibility of data generated by the use of a product or service in relation to its user, thus making more data available for the benefit of businesses, citizens and public administrations.

The Data Act aims to create an environment where data is seen as a strategic resource for making informed decisions, stimulating innovation and improving cooperation between different institutions.

Proposal for a Regulation COM (2022) 197 (EHDS-European Health Data Space)

The Proposal COM (2022) 197 of 3 May 2022 on the 'European Health Data Space' (EHDS) aims to create a common European health data space enabling the secure and interoperable exchange of medical information between EU Member States.

The main objective is to facilitate research, innovation and the effectiveness of health policies and to promote public health.

The EHDS aims to ensure a high level of data protection and public trust in the management of personal data, while ensuring compliance with privacy and data security rules. This initiative promises to strengthen cooperation between EU Member States and contribute to a more integrated and efficient European health system.

Conclusions

The regulatory measures examined highlight the growing importance of data management and use at national and EU level. Indeed, the current European framework is a key opportunity for public administrations and economic operators to promote transparency, innovation and re-use of data in the digital age, while ensuring data protection and trust in information management.