The European Parliament, in a legislative resolution of April 6, 2022, has taken the first step towards the approval of the future regulation on European data governance.
The direct antecedent of this initiative is found in the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of February 19, 2020, A European Data Strategy.
In this Communication, the Commission assumes that Data is the lifeblood of economic development, as they form the basis of many new products and services, allow them to be more personalized and improve not only policy development but also public services. Therefore, they are a vital resource for startups and SMEs when developing products and services.
In this context, the EU promotes a common European data space, that is, an internal data market in which said data can be used regardless of the place of its physical storage in the territory of the Union. Thus, the creation of common data spaces in which the data is findable, accessible, interoperable and reusable and supported by a high level of cybersecurity, that results in the trust of organizations and citizens, in relation to the storage and mobility of said data.
Keys to the new Data Governance Law
In line with this vision, the new proposal for a Regulation on European data governance is aimed at promote a borderless digital internal market with four fundamental axes:
- The conditions for reusing data within the EU held by public sector organizations, understanding the concept of reuse as the use by natural or legal persons of data held by public sector organizations for commercial or non-commercial purposes other than the initial purpose.
- The regulation of intermediation services, creating a reporting and monitoring framework for data provision. These services aim to share data between interested parties and data owners, on the one hand, and users of said data, on the other.
- Creating a framework for voluntary registration of entities that collect and process data making it available to third parties for altruistic purposes. In this context, “data altruism” implies the voluntary exchange of data (personal and non-personal) on the basis of the informed consent of its owners. Organizations registered in this registry must be non-profit, comply with specific transparency requirements and establish mechanisms to safeguard the rights of data subjects and owners.
- The establishment of a European Data Innovation Council. In this body, among others, the competent authorities for intermediation services, the competent authorities for the registration of data altruism organizations of all Member States, the European Data Protection Board, the European Data Protection Supervisor will be represented. Data, ENISA, the European Commission and other representatives of relevant bodies in specific sectors. Among its functions, the Council will advise the Commission on the development of guidelines to protect legal transfers of data to third countries and compliance with cybersecurity requirements in the storage and exchange of data.
Upon approval, this new Regulation on European data governance will be directly applicable fifteen months after its entry into force in each Member State, promoting a digital internal market without borders, in which personal and non-personal data are secure, growth is promoted and value is created and which, in addition, will be key to the development of technologies based on artificial intelligence.
If you are interested in data protection, we invite you to learn about our Master in Compliance & Data Protection Management which will turn you, in just 12 months, into a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private companies and public administrations: data protection and regulatory compliance.
