Three essentials for unleashing the full benefits of data
The European Commission wants to make Europe fit for the digital age and unleash the full benefits of better data usage. In order to achieve this ambition, we believe that it is first necessary to make data sovereignty a design principle, develop a soft infrastructure and focus on adoption.
The new data strategy published by the European Commission aims to make the EU a leader in a data-driven society. It seeks to create a single market for data that will allow it to flow freely within the EU and across sectors for the benefit of businesses, researchers and public administrations.
At Sitra and INNOPAY, we fully support this ambition. However, we believe that it can only be successfully achieved if the following three essentials form the basis for implementing the data strategy:
1. Data sovereignty as a design principle
Data sovereignty – self-determination over data by both individuals and companies – should be an underlying key design principle for the execution of the European Data Strategy. Individuals or organisations are self-determining when they have the capacity to control who has access to their data and under what conditions. We don’t discriminate here between personal and non-personal data. After all, organisations’ data-driven services are ultimately mostly consumed by individuals and the usage of personal data improves the quality of those services.
A focus on data sovereignty reflects our European values and sets Europe’s data model apart from today’s other two dominant models (the ‘winner takes all’ platform model based on individuals as market actors, and the state-led data-sharing model). In fact, data sovereignty is already embodied in European legislation; the GDPR General Data Protection Regulation (GDPR) Regulation (EU) 2016/679, the European Union’s ("EU") new General Data Protection Regulation ("GDPR"), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. Open term page General Data Protection Regulation (GDPR) has given citizens the ‘right’ to data sovereignty, but not yet the means to execute that right – so there is still work to be done.
But this is both feasible and worthwhile, because data sovereignty offers benefits for all roles in the data-sharing ecosystem. It allows citizens and organisations to permit sources holding data on their behalf (e.g. telecom companies, utilities, banks, trading partners, etc.) to use that data for specific purposes and/or to share it with other authorised parties. It also enables citizens and organisations to withdraw their consent at any time.
2. Soft infrastructure because it’s all about access
Data is essential for the creation of new business models for data-driven innovations and services. However, a growing unwillingness to share data due to privacy and security concerns on the one hand, and the inability to share data due to a lack of interoperability on the other, are standing in the way of access to sufficient data.
An enterprise architecture view of data governance is needed to ensure data sharing within sectors and across sectors. At the moment, the discussion around data governance happens mostly inside sectors and in individual projects and tends to emphasise just one or two different aspects, such as technology, legislation or business models. It is difficult to create a common governance framework when there is a lack of common concepts and semantics. In order to bridge the gap, the European Commission should look into establishing an EU trust framework for cross-sectoral data governance. This should be built around easy-to-grasp and actionable guidelines encompassing all relevant aspects: business, legal, ethical and technical.
This ‘soft’ infrastructure or afsprakenstelsel will serve as the basis for managed data sharing in the future, just as hard infrastructure (such as waterways, roads, railways, sewers and the electrical grid) has been the foundation of health, wealth and economic growth through the centuries. An afsprakenstelsel could facilitate how to deal with consent.
We believe that the European Commission should try to avoid regulating per sector (‘point regulation’ or regulation per use case) wherever possible and focus on principle-based regulation instead. After all, the adoption of telecoms, payments and internet is not defined per sector either.
In our view, the quickest and most effective regulatory intervention would be to make data sovereignty mandatory for businesses and the public sector in the coming decade for both personal data and business data alike. That can be done in just a few steps, if the ‘how’ (interoperability, trust, standards, governance, level playing field, certification, adherence, etc.) is clearly distinguished from the ‘what’ (sector use cases/applications). In that case, only the application is sector-specific and will require additional implementation guidelines and associated governance.
3. Focus on adoption, not on technology
A crucial yet often undervalued aspect of new advancements is communication and awareness building towards end users. This is especially true for the European data sovereignty infrastructure, as this is a new concept which will manifest itself in all ‘B2G2C’ services such as business-to-consumer (B2C), business-to-business (B2B), business-to-government (B2G), government-to-business (G2B) and government-to-consumer (G2C) services. We believe that, with the right focus on adoption, it is possible to educate the European population and subsequently the global population on the benefits of a new, empowered approach to data, just as happened in the past in the case of mobile telephony, payments and messaging, for example.
Easy-to-grasp paradigm based on European values
Based on European values and the concept of data sovereignty, the European Data Strategy provides the necessary direction to unleash the full benefits of better data usage in the EU and create a thriving human-centric data economy.
We believe that the shortest and most effective intervention in order to ensure this succeeds in practice is to make data sovereignty mandatory over the coming decade. It’s an easy-to-grasp paradigm that can be introduced in just a few steps – supporting short-term implementation and adoption, yet also allowing the time needed to develop the accompanying fit-for-purpose regulatory framework.
The aim should be to nudge businesses and governments (and their IT providers) into giving their users, customers and citizens tools to manage, share and exploit their data. This should include ways to monetise/compensate for data benefits. Ultimately, this will accelerate the execution of the European Data Strategy and ensure that the EU becomes a leading role model as a society empowered by data.