Data portals and the Data Governance Act
These days, companies can access massive amounts of data, leading to new and innovative services—mapping apps warn people about traffic jams and health tracking apps allow runners to compare themselves to their community. The risk is that powerful technology companies control so much data that they could leave other companies at a disadvantage. Distributing the benefits of data to other organisations, particularly small and medium-sized enterprises, is a challenge. The EU’s digital strategy aims to bring a solution.
As part of its digital strategy, the EU wants to facilitate new, more data ecosystems that are open and fair. These ecosystems, referred to as data spaces, set rules for gathering and exchanging information. Data spaces ensure that more data becomes available to the economy and society, while keeping companies and individuals in control of this data. These data spaces should lead to increased trust in data sharing and should help to overcome possible technical obstacles when reusing data.
The Data Governance Act: unlocking public-sector data
The Data Governance Act was proposed on 25 November 2020 and will enter fully into force in September 2023 following a 15-month grace period. The Act aims to encourage more data sharing in three ways:
- Trustworthy data sharing: put in place or strengthen the mechanisms to make more dataset publicly available, e.g. all those techniques such as anonymisation, aggregation and obfuscation of personal or sensitive datasets so that they can become open.
- Data intermediation: creation of data intermediaries that offer services that facilitate bilateral data sharing. These intermediaries will act as brokers between organisations that collect data and those who want to use that data to create new and innovative applications.
- Data altruism: encouraging people and organisation to make their data available for the public good, such as for medical research or research on climate change. An example of this is the Corona Data Donation, which collected ´donated` data from half a million German citizens’ smart watches and fitness trackers to explore how the coronavirus spread as well as the effects of long COVID.
The role of data portals within data spaces: opportunities and discussion points
The Data Governance Act suggests that existing data portals could play a key role in the context of data spaces, and we can see different opportunities:
- Access to an increased number of datasets to share can help data portals create more complete data ecosystems. Valuable data that would have been forbidden under old regulations can now be added, once the appropriate arrangements are made. More valuable datasets mean data portals can provide an even more positive impact for society.
- Access to more datasets also means that it becomes easier for data portals to be a true single information point for everyone who wants to explore and use public sector data.
- While the Act leaves open which organisations support public bodies to share protected data, data portals such as data.europa.eu can play a role in laying the ground rules and operational framework on how to share data to which other parties have some rights.
While the Data Governance Act lays out a framework, it certainly provides space for data portals to carve out a role for themselves, to develop e.g. new data spaces—what that role will be is something that should be discussed and debated in the community.
Another point for discussion is how sharing will work in practice? And how will it be done in a responsible way, respecting privacy and confidentiality of personal and commercially sensitive data? The answer to this question is not easy, and one can immediately think of a couple of potential issues around which the Act does not provide a clear answer:
- The Act specifies that personal data in a dataset can be protected, such as with anonymisation, but does not specify how robust that anonymisation shall be. Researchers have shown that making data anonymous is not easy, and if done incorrectly, could reveal people’s personal information. This could place public agencies in legal difficulty, beside the damage done to the individuals. Guidance for safe privacy-preserving practices needs to follow.
- While the Act encourages more data sharing, it does not create a legal obligation to do so. Given concerns around how difficult it could be to prevent abuse, public agencies may decide that sharing data is not worth the risk. This could create gaps in the data when an agency decides that releasing data is too risky.
Would you like to discuss this with us or stay informed about news around the Data Governance Act, open data and legal developments across Europe, contact us or follow us on Twitter, Facebook and LinkedIn, or subscribe to our newsletter.