The start of inter-institutional negotiations on the proposed Data Governance Act are expected to be announced at the start of the European Parliament’s plenary session next week. This follows the adoption on 15 July of a report on the Act by Christian-democratic MEP Angelika Niebler (EPP, Germany) for the lead Industry, Research and Energy Committee (ITRE).
To recall, the European Commission published its proposal for a Data Governance Act on 25 November 2020, as part of its European Data Strategy which aims to make the EU a leader in a data-driven society. The aim is to enable by allowing data to move freely within the Internal Market, to the benefit of businesses, researchers and public administration. This proposal, which takes the form of a Regulation, aims to build trust in order to facilitate access to data that would not otherwise have been shared due to protected characteristics. For further detail on the content of the Act, see a previous article on this topic here.
Mrs Niebler, who was responsible for preparing the Parliament’s main report on the draft Act, has stated that the goal is to ensure data can move easily, safely and freely between Member States so that the EU has a “Schengen for data.” She also suggested that very large companies currently have a hold over personal data, which she attributed to the EU being “late” to act to prevent this from happening. For this reason, the EU now wants to be “ahead of the curve” with regard to industrial data, “by establishing ground rules to ensure fair competition and access to data from the beginning.”
- Clarity on definitions and scope
Following criticism that the scope of the proposed Act and the definitions contained therein were unclear, the ITRE report aims to resolve potential inconsistencies. The term ‘data sharing provider’ becomes ‘data intermediary’ in the suggested amendments, and a detailed definition of ‘data intermediary’ is provided to ensure that large tech companies are covered by the framework.
- Transfer of public sector data
The European Commission’s original proposal was criticised by some Members of the European Parliament for attempting to keep data in the EU, and for a lack of guidance on how data could be transferred to a third country. MEPs have attempted to rectify this by laying down a system whereby sensitive public-sector data may be transferred outside the EU, if the relevant third country offers the same or similar level of data protection. According to the proposed amendments, the Commission would have the power to decide which countries meet those standards. Nevertheless, MEPs will also have a say, as the declaration is to be made via a Delegated Act to which the Parliament or Council can express objections.
- Data altruism
One of the key features of the original text proposed by the Commission was the promotion of data altruism, which involves data being made available voluntarily, by informed consent, in the general interest such as for scientific research, healthcare, combatting climate change or improving mobility. In this respect, the ITRE Report highlights the need for national policies and technical arrangements to facilitate such altruism including the setting up of data pools, based on a voluntary registration scheme.
- Support for SMEs
MEP Niebler stated that the aim of her report was “to make data sharing easier, not harder, especially for small and SMEs.” This commitment to supporting SMEs is evidenced in the report, particularly in the recommendation that competent authorities should be able to apply reduced or no fees for micro, small and medium-sized enterprises and start-ups, where fees for access to data are envisaged under the legislation. The goal is to support what is regarded as an enormous potential for growth and innovation. Furthermore, MEPs have proposed that exclusive agreements on the re-use of certain public-sector data be limited to a period of 12 months so that such data can be more readily accessible to smaller companies and start-ups.
- European Data Innovation Board
After concerns were expressed by the European Data Protection Board and the European Data Protection Supervisor regarding the necessity of creating yet another supervisory body for the Data Governance Act, it is interesting to note that the proposed Board has been retained in the ITRE Report. In fact, MEPs have suggested another new body be created. The Data Innovation Advisory Council would be composed of representatives from industry, SMEs, research and standardisation organisations, among other relevant parties.
The rationale appears to be that involvement of a wider range of stakeholders will increase inclusion and transparency as, alongside the representatives from Member States and the European Data Protection Board, the Report recommends that this newly-established Advisory Council, and the European Union Agency for Cybersecurity (ENISA), also attend meetings of the Board. In addition, decisions and documents of the Board would be made publicly available. Finally, the report aims to clarify the role of the Board, with a clear focus on the harmonisation of both penalties and policies.
The European Parliament is expected to vote on the draft Report during this month’s plenary session (13-16 September 2021). In the meantime, the Council will continue to discuss the proposals, with a view to also finalising its position in the course of September. However, Austria, Denmark, Finland and The Netherlands have already expressed reservations about the potential burden imposed by privacy safeguards included in the draft Act, which could complicate the process of reaching a final consensus.
For further information contact Francine Cunningham
Sign up for our Connected newsletter for a monthly round-up from our Regulatory & Public Affairs team.