The EU General Data Protection Regulation (GDPR) gave EU citizens new rights over their personal data. It has now been 2 years and 6 months since the GDPR took effect and compliance became mandatory. Now the EU’s Executive Commission has proposed new rules –The Data Governance Act – covering the handling of industrial and government data.
In effect, the proposed rules will introduce a similar regulatory framework to the GDPR for industrial and government data and will give EU citizens further rights over their personal data.
“The proposal is the first of a set of measures announced in the 2020 European strategy for data. The instrument aims to foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU,” said the Executive Commission.
The types of data covered by the proposed legislation is not normally available due to intellectual property rights of the holders of the data, commercial confidentiality and privacy rights, but the EU believes that the sharing of some of that data could have benefits to society as a whole and may help to boost the economy.
A framework similar to the GDPR would be introduced to ensure confidentiality and anonymity, and a single data marketplace would be created for countries of the European Union that facilitates data sharing and gives businesses and government entities the confidence to engage in data sharing for the common good.
There are several goals that the EU hopes to achieve, but one of the main aims is to drive innovation in areas such as healthcare and climate change. If pertinent data is shared with researchers and private companies, it could lead to major advances that would otherwise take years.
The new legislation is also likely to help the EU counter the dominance of the large U.S. and Chinese tech companies and is, as the EU calls it, an attempt at achieving digital sovereignty. Currently companies such as Google and Facebook collect vast quantities of user data and consent is provided to those companies to collect and use that data in exchange for providing a host of free services. Under the proposed new rules, individuals could choose to share their data with EU companies and government agencies. One example would be the sharing of healthcare data to help advance research by EU companies, or to provide personal data in exchange for the use of a free service, or even to be paid a fee for providing data if no free service is offered.
Rather than handling over control of data to a company, data could be sent through a central repository that is handled and managed by a neutral and trustworthy body that acts as a broker for pools of data. Individual citizens would have rights over their data, as under the GDPR, and could choose who has access to their data and how their “personal data spaces” would be used.
The Data Governance Act will create a framework that could act as an alternate model to the data practices of the big tech companies and could pave the way to the EU becoming the number 1 data continent.
The EU’s Executive Vice President Margrethe Vestager also explained that there is an ever-growing role of industrial data in our economy, and what Europe needs is an open, but sovereign, Single Market for Data.