The European Commission wants more European data (public, private and personal) to be shared for the purposes of innovation, research and business. It also wants to avoid a system where only a few large platforms control all the data. It thus wants to create mechanisms and tools to get there. That’s commendable! What the Commission proposes in the Data Governance Act (DGA), though, is at times very unclear.
Here is a breakdown of the European Commission proposals by sector, peppered with our take on some relevant aspects and support for some European Parliament and Council amendments.
Public Sector Data
DGA creates a mechanism for re-using protected public sector data (e.g. because of privacy rules, statistical confidentiality or IP) . Public sector bodies are to establish secure environments where data can be mined within the institution. Anonymised data could be provided through outside of the institution, if the re-use can’t happen within its infrastructure.
What we specifically like is that the European Commission proposes to limit the use of the sui generis database right by not allowing institutions to implement it. To our knowledge this is the first time the EU proposes to restrict an existing intellectual property right. The correct action would be of course to abolish it. But still, Article 5 (7) is a step forward: “The right of the maker of a database as provided for in Article 7(1) of Directive 96/9/EC shall not be exercised by public sector bodies in order to prevent the re-use”.
“The European Commission proposes to limit the use of the sui generis database right by not allowing institutions to implement it. To our knowledge this is the first time the EU proposes to restrict an existing intellectual property right. The correct action would be of course to abolish it.”
What we very much worry about, on the other hand, is the frontal assault on the GDPR. The scenarios the proposed Regulation talks about are covered by the GDPR and creating parallel rules won’t help anyone and would be terrible for data protection standards. The same standards that the EU created and are steadily being picked up by jurisdictions across the globe. We would prefer to make it very explicit that the new law doesn’t change the already existing one.
The European Commission wants Member States to create a notification regime (de facto a public registry) for “data sharing providers”. Such organisations are meant to boost B2B data sharing by acting as neutral clearinghouses for the data that multiple companies could share. These entities may have no other purpose and should be either registered in the EU or have a legal representative in one of the Member States.
One issue we find here is that “providers of data sharing services” are not well defined. In the proposal Article 9 (1) that defines them reads: “intermediation services between data holders which are legal persons and potential data users”. There is a similarly imprecise exception in Article 14:
“This Chapter shall not apply to not-for-profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.”
We are pretty sure that Wikimedia projects or Europeana aren’t meant to be targeted here, but we can’t tell for sure if they are excluded. This is why we welcome attempts by both the European Parliament rapporteur Angelika Niebler (EPP DE) and the Protuguese Presidency to provide new and unambiguous wording. They both introduce the term “data intermediation service”, which in the current Council negotiations is framed in Article 2 as:
“‘data intermediation service’ means a provider of a commercial service, which, through the provision of technical, legal and other means establishes relationships between an undefined number of data subjects and data holders, on the one hand and data users on the other hand, for the purpose of data sharing, pooling or trade of data as well as the exercise of data subjects’ rights.”
Wikimedia projects and Europeana basically drop out at “provider of commercial service”.
“Data Altruism Organisations”
The Commission wants to establish a possibility for organisations engaging in data altruism to register as ‘Data Altruism Organisation recognised in the EU’. As a real-life example you can imagine a project gathering activity tracker data to research COVID-19 symptoms. The label will come with rules and strings attached: being a legal entity constituted to meet objectives of general interest and operating on a non-for-profit basis and independently from any for-profit entity. The Commission would create a “common European data altruism consent form” through which data subjects may share their personal data with such organisations for a purpose of general interest. Data Altruism Organisations will also have to be either established in the EU or have a legal representative within the Union.
As with other parts of the regulation, it remains unclear what “data altruism” means and how adding bureaucracy to it would make it better (as such projects already exist and thrive under current rules). One concrete European Parliament amendment that we can support comes from the S&D and Greens/EFA group and aims to replace the requirement for data altruism organisations to “meet objectives of general interest” (Article 16 a) by a requirement to meet the objectives of “public interest”. The issue with the former is that “general interest” is that it makes it unclear whether, for instance, research undertaken by private entities is covered.
“As with other parts of the regulation, it remains unclear what “data altruism” means and how adding bureaucracy to it would make it better”
Another part that worries us is Article 18, which asks data altruism organisations to submit annually “a list of all natural and legal persons that were allowed to use data it holds” to authorities. This shows that the authors were not thinking of or aiming at projects like Wikidata, Wikipedia or Europeana when writing this. It also means that we will not want to be included, as one fundamental value of open access and free licenses is that they are freely re-usable, without a need to ask for permission.
We will be working with the European Parliament and Council to fill the gaps that this proposal comes with. We welcome that the European Commission is really trying to imagine new ways forward, not fixating on current, dominant platform models. Kudos for that! We would have however appreciated if commons & open access projects were taken into account form the start.