by Bivika
on August 3, 2022

Written by Vijay Damodharan

The Data Governance Act was approved three months ago and it introduces huge changes to how data can be collected, shared, and processed. 

Data technology background. Big data visualization. Flow of data. Information code. Background in a matrix style. 4k rendering.

Data is the engine of many services, such as personalised treatment in health care, more efficient search engines, identifying security issues through data flows, and much more. However, the huge potential of data processing must be balanced with proper data protection and privacy.

We already have many data protection laws, such as the UK General Data Protection Regulations, the Trans-Atlantic Data Privacy Framework which handles data sharing between the EU and the US, the Data Protection Acts, and more. The Data Governance Act is a step towards easier Data Sharing in order to optimise data usage.

Data Sharing

Vector of men and women using mobile devices and computers uploading data on secure cloud storage

The proposal aims to allow the safe reuse of data for purposes different to the ones for which it was originally collected, in order to increase the amount of data available for use within the EU.

Specifically, it concerns data that is: 

  • Confidential
  • Protected by copyright
  • Personal data as defined in the GDPR

However, it does not include data that would pose a threat to public security. 

The data released for public use under the DGA will need to be protected, such as by using confidentiality obligations or anonymisation. The act only allows for free sharing of such data within the EU and not to countries outside.  

However, within EU and UK GDPR, there is a principle of ‘purpose limitation’, where a processor must be clear about what the purposes for processing are from the start. Clearly, this seems to contradict, so the idea of data intermediaries has been introduced.

Data Intermediaries

A group of people is trying to contact a person through an intermediary. Press secretary, media and public relations, representing the interests of a person or company. Mediation

Data intermediaries are those that help broker the flow of data from the data source to the data user. In other words, they would handle the sharing of data between the individuals, public bodies, and private companies.

The DGA requires intermediaries to: 

  • notify public authorities of their intention to provide data-sharing services;
  • commit to the protection of sensitive and confidential data; and
  • obey strict requirements to ensure neutrality.

The idea of a data intermediary is that they will provide an additional layer of transparency and security that would incentivise individuals to share their data, creating a platform which provides prior information about the purposes and users of the personal data to the data subject. 

These providers need to distinguish their data sharing services from other commercial operations, and cannot use the exchanged data for any other purposes. Services such as cloud providers, data advertising brokers, data consultancies, or providers of data products have been excluded from becoming new data intermediaries as part of the regulation. 

Sector-specific data spaces

Manager Balancing Fossil And Renewable Resources

The Act also aims to create data spaces to help enable the sharing of data within a specific sector. 

The nine initial Common European data spaces are: 

  • Industrial data space to support the industries within the EU.
  • Green deal data space to use data to deal with problems such as biodiversity, climate change, pollution, etc.
  • Mobility data space to develop an efficient and intelligent transport system.
  • Health data space to help in detecting, treating, and preventing diseases.
  • Financial data space to create market transparency, sustainable finance, and to stimulate innovation.
  • Energy data space to promote a cross-sector sharing of data in a customer-centric, secure, and trustworthy manner.
  • Agriculture data space to improve the performance of the agricultural sector.
  • Public Administrations data space to improve transparency and accountability of public spending and quality of spending, to fight corruption.
  • Skills data space to reduce skills mismatches between education and training systems and the labour market needs.

Data altruism 

A man is an altruist, a donor who gives a piece of himself, sacrificing himself to the person who needs it

However, the Act also relies on the concepts of Data Altruism. 

Data altruism means encouraging individuals to voluntarily donate personal data to serve the general interest. To do so, “personal data spaces” will be created to ensure that the data they share will only be used for the purposes to which they have agreed. For example, data donated for medical research cannot be used for transport. 

Non-for-profit organisations can sign up to a public register of “data altruism organisation”, which are organisations that collect and process data for altruistic (non-profit) purposes. These organisations must meet transparency and security requirements. They must also comply with the rulebook, which lays down information, technical, and security requirements, communication roadmaps, and recommendations on interoperability standards. 

Examples of data altruism organisations include ‘MyData Global’, ‘Smart Citizen’, and ‘Corona-Datenspende-App’.  

The European Data Innovation Board

Business People Communication Office Meeting Room Concept

A European Data Innovation Board will also be created under this act. Its mission would be to oversee the data intermediaries and provide advice on best practices for data sharing.

It will have representatives from:

  • Member State competent authorities for data intermediation
  • Member State competent authorities for data altruism
  • The European Data Protection Board
  • The European Data Protection Supervisor
  • The European Union Agency for Cybersecurity (ENISA)
  • The European Commission
  • The EU SME Envoy/representative appointed by the network of SME envoys
  • Other representatives of relevant bodies (The Commission will launch a call for experts to this end)

The EDIB will operate through at least three sub-groups – one for stakeholders, one for technical discussions, and one for the Member State representatives.

Conclusion and Final Thoughts

Final Thoughts

Like anything, the Act has its benefits and its problems. There are concerns about the increased barriers to data flow as a result of this Act, or that this could allow for discrimination, because it requires companies to notify the authorities if they want to become service providers.

However, the Data Governance Act increases the overall usability of data, and could potentially increase the economic value of certain types of data by €11 billion by 2028. 

Provided sufficient security measures are taken, sharing and reusing data can be greatly beneficial to a myriad of activities. 

If you have questions about international data transfer, need help with data protection, or next steps, Bivika provides DPO as a service. Please get in touch via info@bivika.com.

Categories:

Privacy

Tags:

Data AltruismData Governance ActData IntermediariesData SharingData spacesEuropean Data Innovation Board

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 Bivika. Created for free using WordPress and Colibri