Three things you need to know about Europe’s Data Governance Act
The new European Data Governance Act is applicable as of 24 September 2023. This ambitious piece of legislation aims to deploy the full potential of data for all European businesses, public services and citizens. In other words, using this act, Europe wants to make data more available. But what exactly does that mean? Why are we doing this? How exactly will we be doing this? And most importantly, what does it mean for me and my business? This article will provide you with some answers.
Data collaboration: it’s my data, but I’m happy to share it with you.
Are you eager to satisfy your data hunger? Here are three bullets as food for thought. What if we could…
increase the trust in shared data through neutral data suppliers;
strengthen mechanisms to make data more available;
and overcome technical obstacles that block reusing data?
1. Yes, you need the Data Governance Act
Let us first look at the bigger picture. Why would we need a Data Governance Act anyway? Well, none of the globally dominant data-driven companies are European. Look at Meta (Menlo Park, USA), Google (Menlo Park, USA), TikTok (Peking, China), Snapchat (Santa Monica, USA), Uber (San Francisco, USA) and you’ll understand why Europe needed to rethink who really was missing access to our data.
Although a lot of EU companies have significant data available, none of them individually have access to high amounts of datasets like foreign market leaders do. By joining - sorry, sharing - forces we exploit our data potential to the fullest. That will lead to increased prosperity and well-being in Europe as it will give the European Union a competitive advantage in an increasingly data-driven society. And here you have the overall goal of the Data Governance Act. All in favor? Thought so.
So the key to being competitive in this data landscape is to create ways for smaller European players to more easily and efficiently share data amongst each other.
How exactly will a Data Governance Act manage to do so?
2. Data collaboration will help you grow
Enter data altruism for both private and public players, the quintessence of the Act. Think about it: for a long time, we have considered data as an asset that, once collected, we meticulously kept to ourselves. Mine, mine, it’s mine! This attitude has resulted in a multitude of closed data silos at both private and public organizations, often packed with valuable data. It’s a form of data egoism with insufficient data usage, that is now being challenged by the Data Governance Act.
Propelled by the act, it now is time to shift from closed data silos to shared data spaces where data can be exchanged in an accurate and safe manner. It is time for data altruism.
Does this mean we will all be forced to share our data? Definitely not. The Data Governance Act regulates the re-use of public sector closed data. It makes sense that personal data or commercially confidential data cannot be made available as open data. There is still something called data privacy. Yet there is a large amount of valuable information to be found in these closed datasets. This will be made available to all companies thanks to this Act.
This regulated part is completed with a motivational part. By introducing neutral data intermediaries and safe data spaces, the Act wants to motivate all companies to develop a data strategy where they proactively open their data for more data usage based on the data altruism idea. For the benefit of society and because the method of sharing can be trusted, more and more companies will hopefully open their data silos.
For the benefit of society and because the method of sharing can be trusted, more and more companies will hopefully open their data silos.
To do so, data owners will use these so-called data spaces to safely harbor their data.
What are data spaces exactly?
Data spaces are a smart way to turn closed data into shared data.
Overall, the EU wants to create eight different domains for data spaces: finance & insurance, health, energy, mobility, industry, environment, agriculture and finally public administration. When in place, all players active in one domain can upload their data to the domains’ data space and can easily - but above all safely - exchange data. That’s where the magic begins. Organizations will have access to tons of new relevant data - whilst respecting each individuals’ privacy as imposed by GDPR.
Imagine what could be discovered if data would be shared across multiple parties. New insights are bound to be discovered which eventually will result in new, more efficient solutions.
Imagine for example what could be discovered if data about mobility would be shared across multiple parties such as car manufacturers, urban mobility providers like Poppy, Bird or Lime, GPS providers like Waze, Apple Plans or Google Maps, taxi companies - both traditional and Uber-like - and of course public transport companies. New insights are bound to be discovered which eventually will result in new, more efficient solutions for people on the move, mobility policy, exhaust prevention and so on.
Let’s take it a step further. How often do you need to fill out a date of birth? And by doing so sharing personal information? What if this question for a specific date were to be replaced by a simple yes/no query to a data intermediary? Question: are you 18 years old? Answer: yes / no. The value ‘day/month/year’ is being replaced by a checked box. Has the data subject reached majority? Yes. Simple as that.
3. You can trust data spaces to collaborate
This sounds exciting but what exactly does such a data space entail? And how will such data exchanges between parties take place? Rest assured: it will never be a direct transaction between a data owner and a data user. A neutral third party will accommodate every transaction: the data intermediary. The intermediary can give access to data following strict guidelines to guarantee that the rights of both data owners and data subjects are respected. Each data intermediary must go through a registration procedure that ensures data privacy and appoint a legal representative in the EU. If they fail to comply with the requirements of the Act they can face significant fines. So there are firm guarantees when you share your data. Take a look at Athumi for example, a Flemish public company that aims to increase trust in data collaboration by designing personal smart data spaces.
Each data intermediary must go through a registration procedure and appoint a legal representative in the EU. If they fail to comply with the requirements of the Act they can face significant fines. So there are firm guarantees when you share your data.
Data spaces work like this: I own data, share them in a data space monitored by a data intermediary. In that data space third parties can access my data. And I can of course access their data.
It is only natural to ask ourselves some questions here. Why would we trust a data space? Or the neutral third party that manages it? Let us first address the idea of a safe data space. We are all acquainted with sharing information over the internet. We trust in secure access, techniques to manage who can access what and safe hosting with redundant servers to create a trustworthy solution. Data spaces look similar. This is needed because trust is the undeniable basis for the use of that space. There is a more personal line of trust to be fulfilled within the data spaces as well.
How can data subjects be confident that their data will not be abused? And what about guarantees for their rights?
Agreed, data privacy and data subject’s rights might seem like an afterthought in this article as we only discuss it now. But in fact they are at the very core of the European legislation around data and that’s no difference in this Data Governance Act. Of course all legislation surrounding personal and digital privacy - such as GDPR - are still applicable within these data spaces. Even better: every user of a product or service will have access to his own data. And each user can decide whether and to what extent third parties have access to this data. Or for what purposes and under which conditions they may use it. So if the data is being shared, there is an explicit approval of each data subject, being a person or a company, and that again, is a huge leap forward compared to today’s situation.
Each user can decide whether and to what extent third parties have access to this data. Or for what purposes and under which conditions they may use it.
Conclusion: it’s an act that increases your and my competitiveness
To cut a long story short: it will increase your ability to compete with the current megalithic data-driven companies in Asia and the United States. You’ll have access to datasets from other companies. Both public data that would have been inaccessible earlier or private data that you can retrieve in a secure data space. And you can share your data and be a data altruist. You can do so in a safe way in data spaces and with respect for your data subjects' privacy.
To cut a long story short: the Data Governance Act will increase your ability to compete with the current megalithic data-driven companies in Asia and the United States.
Would you like to learn more?
Follow the European Union's updates on its website Shaping Europe Digital Future.
Or take the time to listen to Margarethe Vestager, the Executive Vice President of the European Commission, responsible for all things digital. She shares her insight into global data, data sharing, big tech, the Data Governance Act and the reality of policy and implementation.
Get in touch
Would you like to discuss in depth? At Craftzing we also specialize in data and compliance, so leave us a message. We’ll be more than happy to talk with you.
By Yves Braeckman
As Head of Compliance I work on finding a balace between performing online interactions and respect for privacy in the broadest sense. The goal is to gain stakeholders’ confidence while creating durable digital solutions. Already today - but even more so in the years to come - compliance forms a cornerstone for any online activity.