Who decides the rules of fair data sharing?

The trustworthy sharing and usage of data are at the heart of the vision for a fair data economy in the European Union. Effective data sharing between organisations enables better products and services and creates a tremendous potential for increasing the productivity of work. Multiple stakeholders sharing data collaboratively are often known as a data ecosystem a data ecosystem . 

Data sharing requires trust. Trust can be facilitated with effective governance, which basically means the rules for sharing of data. But where do these rules come from? 

The European Commission is implementing a new regulatory framework (Data Act, Data Governance Act etc.) to boost trusted sharing and usage of data between organisations. However, there are so many new pieces of legislation that it can be overwhelming for smaller companies to navigate.  

Many new and existing EU-level bodies, such as the European Data Innovation Board and the European Data Protection Board, provide guidance on data sharing. At the national level, existing agencies such as competition-, telecom- or data protection authorities or newly established bodies will oversee EU-level data laws. Eventually, data-sharing between different parties will also require subject-specific rules, architectures and standards to complement legislation ( soft infrastructure soft infrastructure ). 

The pyramid illustrates how the rules for data sharing data sharing will be developed at many levels at the same time:

1. New EU data laws, for example, Data Governance Act (DGA) and Data Act. 
2. EU level bodies, for example, European Data Innovation Board (new) and European Data Protection Board (existing).
3. Member states – New and old tasks to the member state authorities.
4. Data Space Initiatives, for example, Maritime data space, Digital product passport, Skills data space, Tourism data space.

The new regulatory framework alone is hard to navigate for the companies, but it gets even more complicated when the other three levels (EU level bodies, member states and data space data space initiatives) are included. 

For businesses wishing to participate in data sharing, it shouldn’t be necessary to understand all the complexities. Ideally, complying with the data-sharing rules should be effortless, even automated.  

Fair data sharing necessitates action by the member states  

Many questions will have to be solved by the national authorities during implementation. This creates a risk of non-harmonised interpretations of the regulations in different member states and a higher burden for organisations wishing to share data or operate in multiple member states. 

At the time of writing, the member states are struggling against the clock to implement the first of the new pieces of data legislation, the Data Governance Act, before the transition period ends, in September 2023.  

In accordance with the Data Governance Act, each Member State needs to: 

• Appoint competent authorities to register and supervise the data intermediation services (Art. 13) and data-altruism organisations (Art. 23). These authorities will represent the member state in the European Data Innovation Board (Art. 29). 
• Establish a single information point to receive requests to re-use public sector data (Art. 8).  
• Designate supporting bodies to help public agencies to manage data reuse requests (Art. 7). 

Should one or more agencies handle these tasks? Should some entirely new bodies be established, or can the new functions be carried out by, for example, the competition agency, telecom authority or data protection authority? In implementing the Data Governance Act, member states should also look at the requirements of the other new laws. 

When it comes to the proposed Data Act, Member States have to: 

• Designate one or more competent authorities to apply and enforce the new rules (Art. 31/1). One must be chosen as the coordinating authority if multiple authorities are involved. 
• Designate a competent authority to apply and enforce the rules for switching between data processing services (Art. 31/2). 
• Certify dispute settlement bodies to assist parties that disagree on the compensation or other conditions regarding data sharing. 
• Have a separately regulated obligation to mutual assistance and cross-border cooperation (Article 22). 

Those are just a few examples of what member states must do for the EU Data Strategy to deliver.  

Looking at the data sharing governance at all levels 

Is Europe’s desire to create a single digital market about to become a reality? Can Europe achieve a common single market also in a data economy, with effective competition, the emergence of new entrants and fair rules based on European values? We hope that the answer to each of these questions is yes.  

aNewGovernance is an international association that brings together public bodies, associations, academics, start-ups, and corporates worldwide. This initiative is accompanying the shift to a fair data economy, especially in the context of the GDPR and of the European Data Strategy with the development of Data Spaces. The association’s aim is to help build those Sectoral Data Spaces in their Governance and Personal Data dimensions, as well as the Personal Cross-Sectoral Data Space. 

Three years after publishing 35 proposals for an EU Data Strategy, Sitra and aNewGovernance join up again to do a data governance study, as many legislations and initiatives are underway. We want to ensure that the potential gaps, overlaps, distortions, and uncertainties are addressed and that the initial goals of the EU Data Strategy are delivered. A holistic understanding of what the EU Data Strategy means in terms of governance is needed at all levels. We are mapping the current stage of data-sharing governance to identify issues and will publish our report and recommendations in the autumn of 2023.