Adopted on 30 May 2022, the Data Governance Act is a European regulation that came into force on 23 June 2022 and has been fully effective since 24 September 2023.
A pillar of the European data strategy, the DGA responds to the need to facilitate the circulation of data by establishing trust mechanisms for sharing. This text lays the foundations for the development of a data intermediation market based on trusted third parties.
| THE PILLARS | CLARIFICATION |
|---|---|
| Re-use of public sector data | Certain types of data held by public bodies can be re-used. This applies in particular to information covered by commercial confidentiality or containing personal data. To ensure responsible use, public bodies must put in place specific procedures, such as anonymisation, and may under no circumstances grant exclusive rights to this data. The public body holding the data may also introduce a charge to cover costs. |
| Supervision of data intermediaries | The text creates data intermediation service providers. These entities play the role of trusted third parties, facilitating data exchanges between the various parties involved - data holders or data subjects on the one hand, and users of the data on the other. Several measures must be put in place, such as guaranteeing the security of the data transmitted. They also have a duty to act in accordance with the interests of the people whose data they manage. |
| Framework for data altruism | States may introduce measures to facilitate altruism with regard to data. Individuals are encouraged to make their data available free of charge for general interest purposes (e.g. healthcare, scientific research). These contributions will be managed by specialised organisations, officially recognised as "altruistic data organisations" and entered in a dedicated national register. The Commission should develop a European consent form to harmonise data collection. |
"The Data Governance Act redefines the approach to data governance by imposing a structured framework for cross-sector sharing. The introduction of certified data intermediaries and common spaces requires a review of existing information architectures. The implementation of robust anonymisation mechanisms, granular consent management and traceability of secondary uses becomes essential to operate in this ecosystem where data circulates while maintaining its integrity and regulatory compliance."
The European Data Innovation Board (EDIB), set up by the European Commission, facilitates the sharing of best practice in data intermediation and altruism, as well as the use of public data that is not freely accessible. It prioritises cross-sector interoperability standards and proposes guidelines for common European data spaces, notably on the protection of transfers outside the EU. Its role is to harmonise data management practices in Europe.