Data portals and the Data Governance Act
Publication Date/Time
2022-08-26T12:40:00+00:00
Country
Europe
The Data Governance Act should open more data. What does this mean in
practice?
 

These days, companies can access massive amounts of data, leading to
new and innovative services—mapping apps warn people about traffic
jams and health tracking apps allow runners to compare themselves to
their community. The risk is that powerful technology companies
control so much data that they could leave other companies at a
disadvantage. Distributing the benefits of data to other
organisations, particularly small and medium-sized enterprises, is a
challenge. The EU’s digital strategy
[https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age]aims
to bring a solution. 

As part of its digital strategy, the EU wants to facilitate new, more
data ecosystems that are open and fair. These ecosystems, referred to
as _data spaces_, set rules for gathering and exchanging information.
Data spaces ensure that more data becomes available to the economy and
society, while keeping companies and individuals in control of this
data.  These data spaces should lead to increased trust in data
sharing and should help to overcome possible technical obstacles when
reusing data. 

THE DATA GOVERNANCE ACT: UNLOCKING PUBLIC-SECTOR DATA

The Data Governance Act was proposed on 25 November 2020 and will
enter fully into force in September 2023 following a 15-month grace
period. The Act aims to encourage more data sharing in three ways:

 	* TRUSTWORTHY DATA SHARING: put in place or strengthen the
mechanisms to make more dataset publicly available, e.g. all those
techniques such as anonymisation, aggregation and obfuscation of
personal or sensitive datasets so that they can become open. 
 	* DATA INTERMEDIATION: creation of data intermediaries that offer
services that facilitate bilateral data sharing. These intermediaries
will act as brokers between organisations that collect data and those
who want to use that data to create new and innovative applications. 
 	* DATA ALTRUISM: encouraging people and organisation to make their
data available for the public good, such as for medical research or
research on climate change. An example of this is the Corona Data
Donation [https://corona-datenspende.de/science/en/], which collected
´donated` data from half a million German citizens’ smart watches
and fitness trackers to explore how the coronavirus spread as well as
the effects of long COVID.

THE ROLE OF DATA PORTALS WITHIN DATA SPACES: OPPORTUNITIES AND
DISCUSSION POINTS

The Data Governance Act suggests that existing data portals could play
a key role in the context of data spaces, and we can see different
opportunities:

 	* Access to an increased number of datasets to share can help data
portals create more complete data ecosystems. Valuable data that would
have been forbidden under old regulations can now be added, once the
appropriate arrangements are made. More valuable datasets mean data
portals can provide an even more positive impact for society.
 	* Access to more datasets also means that it becomes easier for data
portals to be a true single information point for everyone who wants
to explore and use public sector data.
 	* While the Act leaves open which organisations support public
bodies to share protected data, data portals such as data.europa.eu
can play a role in laying the ground rules and operational framework
on how to share data to which other parties have some rights.

While the Data Governance Act lays out a framework, it certainly
provides space for data portals to carve out a role for themselves, to
develop e.g. new data spaces—what that role will be is something
that should be discussed and debated in the community.

Another point for discussion is how sharing will work in practice? And
how will it be done in a responsible way, respecting privacy and
confidentiality of personal and commercially sensitive data? The
answer to this question is not easy, and one can immediately think of
a couple of potential issues around which the Act does not provide a
clear answer:

 	* The Act specifies that personal data in a dataset can be
protected, such as with anonymisation, but does not specify how robust
that anonymisation shall be. Researchers have shown that making data
anonymous is not easy
[https://link.springer.com/chapter/10.1007/978-3-030-50316-1_32], and
if done incorrectly, could reveal people’s personal information.
This could place public agencies in legal difficulty, beside the
damage done to the individuals. Guidance for safe privacy-preserving
practices needs to follow.
 	* While the Act encourages more data sharing, it does not create a
legal obligation to do so. Given concerns around how difficult it
could be to prevent abuse, public agencies may decide that sharing
data is not worth the risk. This could create gaps in the data when an
agency decides that releasing data is too risky.

 

Would you like to discuss this with us or stay informed about news
around the Data Governance Act, open data and legal developments
across Europe, contact us [https://data.europa.eu/en/feedback/form] or
follow us on Twitter [https://twitter.com/EU_opendata], Facebook
[https://www.facebook.com/data.europa.eu] and LinkedIn
[https://www.linkedin.com/company/publications-office-of-the-european-union/],
or subscribe to our newsletter.

 
