Governing the Data Economy
Sharon Bauer
A data economy cannot thrive without proper data governance, which governs intercompany relationships, data sharing, and collaboration. All of these elements should work together to promote trust amongst all parties. Creating decentralized channels, opportunities, and governance for intercompany data sharing promotes a trustworthy and efficient stream of data flows, collaboration, and enhancement for social benefits. This is especially critical for the furtherance of enhanced technologies that need a large volume of data for analytics and insights.
While China and the US are leading in the data economy race, other jurisdictions, like the E.U., are falling behind. The E.U.’s slow pace is partly due to the non-existent and/or inefficient data-sharing regime, and the lack of trust and buy-in amongst companies and individuals. A data sharing gridlock is not uncommon when companies fear losing their competitive edge, there is a lack of proper infrastructure, a lack of opportunities, high costs, or an unbalanced power over data.
One way to break down roadblocks and improve the data economy is to develop governance rules that aim to address trustworthy practices and open channels of opportunity.
The Instigator for the Data Governance Act
In mid-December 2021, the Council of the EU and the European Parliament reached a provisional agreement to develop a new law, the Data Governance Act (“DGA”), which promotes the availability and sharing of data in a trustworthy manner. The DGA is meant to increase Europe’s economic value of data sharing within Europe and across sectors to the benefit of private businesses, public administrations, researchers, and citizens.
A key instigator to the development of the DGA is the lack of data sharing amongst European companies, the majority of which do not share data nor reuse data obtained from other companies. Europe’s digital economy falls behind countries such as China and the U.S., who fuel their digital economy vis-a-vis intercompany data sharing. The DGA sends a message that data sharing is encouraged and should be promoted to prompt a successful digital economy, especially as artificial intelligence (AI) and the Internet of Things (IoT) is gaining more prominence.
The DGA focuses primarily on three main topics, which include (1) Reuse of Public-Sector Data; (2) Trustworthy Providers; and (3) Data Altruism.
Reuse of Public-Sector Data
The DGA creates a standard for reusing certain categories of protected public-sector data within the E.U., which includes, for example, personal data and trade secrets. Public-sector bodies must implement proper governance and structure to ensure privacy and confidentiality are maintained. The re-use of public-sector data is justified if it is used for a service of general interest.
Trustworthy Providers
The DGA creates a framework by which data intermediation services can provide secure environments in which parties, whether businesses or individuals, can share data. The controlled environment enables companies to share data knowing that the data will not be misused. Furthermore, companies using the intermediation services gain the trust of individuals who wish to exercise their rights and give individuals more control over their data.
Data intermediation service providers must be registered to demonstrate they meet the framework and can be trusted. The service providers must remain neutral, act solely as a conduit, and in no way benefit from the data it is entrusted with.
Data Altruism
The DGA establishes a framework for companies and individuals who want to volunteer data for altruistic purposes, such as medical research projects to cure diseases or other types of socially beneficial developments. Companies who want to collect data for a common good can apply to be included in a national register that recognizes data altruistic organizations. The purpose of being registered is to be recognized by other companies and individuals as a trustworthy company that is using the data for an altruistic purpose.
International Data Transfers
While the General Data Protection Regulation (GDPR) already handles the safeguarding of international personal data transfers, the DGA will implement something similar for non-personal data, including adopting adequacy decisions where a non-EU country provides acceptable safeguards that are similar to those in the EU. There will likely also be model contractual clauses, similar to the GDPR, upon an international transfer of non-personal data.
Governing the Governance
While the DGA is a positive step forward towards encouraging responsible data sharing, the implementation of this legislation will be interesting to follow. For instance, what equation are we using to determine what a ‘service of general interest’ is and how will that be evaluated? Will ‘general interest’ change over time? Similarly, who is the judge that determines what is an ‘altruistic purpose’ and will those companies that are put on the national register be monitored to ensure they continue to use the data for altruistic purposes? Over time, will the change in politics and evolving views change the evaluation of what is altruistic?
Creating a Positive Sum
The DGA creates a positive-sum scenario towards facilitating a procurement marketplace for data processing services, gaining free access and reuse of public data sets that are of high value, and provides legislative order and measure on data governance, access, and reuse. The DGA is aiming to build trust in a data economy whereby all parties, including individuals, feel that they are in control of their data and that they are sharing or safely receiving data under common standards.
While the DGA aims to govern a geographical jurisdiction, lessons can be learned from this legislation to promote data sharing within industries whereby the benefits gained by sharing data outweigh the potential roadblocks to furthering the industry.
This article was originally published by The Lawyer’s Daily (www.thelawyersdaily.ca), part of LexisNexis Canada Inc.