“Data Governance Act”: the innovative aspects of the European Commission's proposal
1 memorandum, 46 recitals, 8 chapters and 35 articles: these are the numbers that characterize the very recent proposal of the European Commission, dated 25 November 2020, for the Data Governance Act, which could represent a fundamental turning point on the subject of data governance at European level, continuing the revolution triggered by the GDPR (European Regulation 679/2016). The proposal is not an isolated action, but is one of the steps taken under the "European Data Strategy 2020", a package of measures announced on February 19, 2020, designed to avoid the risk of fragmentation of the European digital single market.
Fears in this regard arise from the jagged and complex legislation that regulates this particular sector, represented by a heterogeneous series of references such as:
GDPR: EU Regulation 676/2016 on the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and repealing Directive 95/46 / EC; “E-Privacy” Directive: directive 2002/58 / EC for electronic communications; “Open data” directive: EU directive 1024/2019; EU Regulation 1807/2018 relating to a framework applicable to the free circulation of non-personal data in the European Union.
Analysis of the Data Governance Act proposal: the key points
In the face, therefore, of a regulatory framework of this type, the Data Governance Act aims to be a direct instrument for the harmonization and coordination of the various regulatory interventions on digital policy, in order to avoid divergences between the provisions of the different Member States and which could lead to a weakening of the European digital single market.The principles and objectives, which guide and inspire this proposal, are contained and explained in its incipit, the memorandum, which summarizes them in four specific points:
“Making public sector data available for re-use, in situations where such data are subject to the rights of others” (eg rights relating to the protection of personal data); "Sharing data between companies, for remuneration in any form"; "Allow the use of personal data with the help of a" personal-data sharing intermediary ", designated to help people exercise their rights under the GDPR"; "Allow the use of data for altruistic reasons". The content of the proposal, divided into various items and articles, is complex and full-bodied, but full of novelties and new operational ideas.
In addition to the aforementioned mechanism for the re-use of data held by public authorities, the will to introduce a specific regime that regulates all activities related to data sharing, from notifications to various controls, is the basis of the proposal itself. the provision of the establishment of particular authorities or competent subjects and the identification of a team of experts, the European Data Innovation Board.
The use of data for altruistic reasons
Another aspect that arouses much interest is related to the concept of "altruism" in the field of data, an expression unrelated to other normative provisions, an evocative expression, but which must not be misleading and lead to misleading conclusions. The CD. "Data altruism" refers to the use of data for purposes not related to economic aspects, given its free nature, but to scientific objectives, linked to the upgrade of services of public interest or even simply for research purposes.This mechanism is obviously not automatic, but is underlying the expression of a consent by the interested party or the expression of an authorization by the owner.
In this regard, there are also specific provisions regarding the characteristics that a subject must satisfy if he wants to operate in the context of "data altruism". Specifically:
Pursue objectives of general interest; Carry out its own non-profit activity and not be connected in any way with subjects that carry out activities for this purpose; If other activities are carried out, other than those involving "data altruism", they must be legally separated from the latter, which must have its own autonomous and independent structure. In order to safeguard the proper performance of these activities, specific Supervisory Authorities must be set up, in charge, among other things, of maintaining a special register relating to the "altruistic data" activities. A register will always be set up to allow registrations to those who intend to carry out this type of activity, one for each member state; if the office is not located in one of the member states, but in a non-EU country, it will be necessary to appoint a legal representative in one of the member states.
Data sharing
Sharing also acquires a central role in the Data Governance Act proposal, which, as mentioned, will be characterized by new figures in charge, the intermediaries for sharing data. These subjects will be in charge of facilitating and coordinating the collection, aggregation and sharing procedures of the data themselves, as totally independent subjects and detached from users or data holders. These activities, as also envisaged for example for the mechanism of data reuse in public bodies, must be promptly regulated with specific provisions, such as a notification regime for subjects who want to carry out intermediation activities between data holders and users, of support to subjects (users / companies etc.), of intermediation between interested parties and users, should the former intend to make their data available.The providers of these services must also comply with a series of obligations in the exercise of their activities, for example:
Neutrality with respect to the data in question; Preparation of a specific procedure for accessing the service provided, which respects the criteria of fairness, transparency and non-discrimination; Impossibility of using the data in question for different purposes and purposes; Provision of procedures aimed at preventing abusive and / or fraudulent activities to the detriment of the data in question; Maintaining a high level of security during data storage and transmission activities. In order to protect the hypothesis of violation, then, an Authority will be established in charge of the repression of such circumstances, including through the imposition of sanctions or the imposition of obligations such as the termination or postponement of a specific activity.
Conclusions
This whole series of interventions and tools will be inserted in a context of harmonization and promotion, culminating in the establishment of a "European data space" for specific sectors of pre-eminent importance , such as financial services, health care, manufacturing activities and others, seeking to increase the trust of those involved and therefore a greater propensity for mechanisms and instruments of exchange within the EU.The objectives to which the Commission's proposal aims, if satisfied, would represent a turning point and certainly an important opportunity to strengthen cooperation between member states in sectors and for activities inherent in an intrinsic and peculiar nature. delicate, deserving of precise and effective tools.
Europe, therefore, demonstrates, as at other times, that it wants to be an example and a precursor for other international actors, promoting not only initiatives and regulatory instruments but also real principles and values to be followed and pursued in relations between Member States and the Union.
We will still have to wait to know the results of this affair, but surely the prepared bases seem to give us hope.