Do you know what data altruism is? And intermediation in access to data? If not, have a read to find out that and more about the Data Governance Act.

The EU legislator has set the bar of expectations quite high in terms of how the recently announced European Data Governance Act is supposed to contribute to the flourishing of modern technologies. Whether it will be possible or not, we will not be able to find out earlier than in a dozen or so months. Meanwhile, it is worth getting acquainted with the novelties in the common digital market introduced by the Regulation (EU).

Earlier this year, in April we wrote about a draft Regulation (EU) called the Data Act, which is to be one of the key elements of the EU Data Strategy, which in turn is a part of the wider European Digital Strategy. The Data Act still remains a draft regulation, while the other regulation that makes up the European Data Strategy was published in the Official Journal of the European Union at the beginning of June 2022. The act in question is the Data Governance Act (hereinafter DGA), i.e. Regulation (EU)?2022/868 of the European Parliament and of the Council of 30?May 2022 on European data governance and amending Regulation (EU)?2018/1724 (Data Governance Act).

DGA entered into force on June 23, 2022, while its application will begin as of September 24, 2023. It will apply directly to every European - just like e.g. GDPR.

The purpose of DGA is to increase access to data on the market by establishing a harmonized legal framework for sharing data between entities in order to facilitate creation of innovative services and products. On a daily basis we see how modern technologies have changed the society and the economy in recent years. In the centre of this digital transformation is data, the innovative potential of which cannot be overestimated. It has been therefore recognized by the legislator that the creation of a more inclusive data economy is necessary, as is bridging the digital gap, increasing women's involvement in the tech - driven economy as well as enhancing technical awareness of the society[1]. It has been ?acknowledged that conditions for data sharing in the single market should be improved. Action in this regard at EU level is needed to increase trust of individuals and businesses. [2]

?Below are presented the main issues covered by the DGA Regulation.

1. Re-use of certain categories of data held by public sector entities.

It is worth noting that certain categories of public sector data may already be made available to users pursuant to the provisions of Directive (EU) 2019/1024 on open data and the re-use of public sector information. However, certain public data are not subject to disclosure upon that directive; those are public sector data subject to commercial or statistical confidentiality, as well as data contained in content protected by intellectual property rights of third parties. It is to these last categories of information, as well as to personal data not covered by Directive 2019/1024 held by public entities, that DGA will apply.

?Re-use of data within the meaning of DGA means:

the use by natural or legal persons of data held by public sector bodies, for commercial or non- commercial purposes other than the initial purpose within the public task for which the data were produced, except for the exchange of data between public sector bodies purely in pursuit of their public tasks[3].

Public sector entities will be, inter alia, required to make available the conditions that will have to be met for the authorization to re-use the data to be granted, together with the procedure for application to be followed. This information will be made available through the so-called single information point. Public entities will be allowed to charge fees for granting permission to re-use data subject to commercial or statistical secrets or intellectual property rights.

?Importantly, DGA also regulates the issue of transferring confidential, non-personal data to so called third countries (countries from outside the EEA). The act lays down rules applicable to the procedure of granting an authorization for the re-use of public sector data to a user who intends to transfer those data to a third country. A user who intends to share data with third countries will be subject to specific obligations, including a commitment to enter into an appropriate contract with a public sector entity. The intention to transfer data to a third country shall be disclosed when submitting a request for data re-use.

The European Commission may adopt model contractual clauses applicable to the obligations of a user who transfers data to a third country. Moreover, if justified so by a significant number of requests for data transfer to certain third countries, the Commission may adopt legal measures to facilitate data transfer to such country. The Commission’s executive acts would e.g. confirm that legislation of a third country in question ensures proper protection of intellectual property and commercial secrets.

2. Provision of data brokerage services.

The regulation introduces also a new type of services in the digital market, i.e. data brokerage services, as semi - regulated services as DGA defines conditions for their provision, including notification procedure and supervision of entrepreneurs’ conduct by competent authorities.

?Data brokerage services may consist of [4] :

1. intermediation between data holders and potential users, including provision of technical means, creation of platforms or databases enabling data exchange or joint use of data;
2. intermediation between personal data subjects intending to disclose their personal data or natural persons intending to provide non-personal data, and the potential data users, including providing technical or other means enabling provision of such services;
3. services provided by data cooperatives

Services of data cooperatives means data intermediation services offered by an organisational structure constituted by data subjects, one-person undertakings or SMEs who are members of that structure, having as its main objectives to support its members in the exercise of their rights with respect to certain data (…)[5].

A service provider wishing to provide brokering services must notify the competent authority. Such application will entitle to provide brokering services in each EU member state.

The Commission is to establish a project of a common logo to identify providers of intermediation services, recognized in the EU. A recognized service provider will have to display the logo in all their publications relating to the brokerage activities. The Commission will keep a publicly available register of all intermediation service providers providing their services in the Union.

Article 12 of DGA specifies the conditions for the provision of brokerage services, i.a.:

• a broker will not be allowed to use for their own purpose the data subject to the brokerage services they provide,
• commercial conditions offered by a service provider, e.g. the price of the service, cannot depend on whether or not a customer uses other services offered by the provider,
• data brokerage services may include an offer of additional, specific tools and services to facilitate data exchange, such as temporary storage, conversion, anonymisation and pseudonymisation;
• a data brokerage service provider must put in place procedures to prevent fraud or abuse in connection with seeking access to data through its services;
• service providers will keep a log of events relating to data brokerage activities.

Member states will designate ?authorities competent for the notification procedure in scope of the provision of brokering services. Such authorities will also monitor and supervise compliance of intermediaries with the requirements of the DGA Regulation. As part of the oversight suppliers may be subject to corrective measures, including administrative fines or a request to stop providing the brokerage service.

3. Providing data for altruistic reasons.

Data altruism has been defined as:

voluntary sharing of data on the basis of the consent of data subjects to process personal data pertaining to them, or permissions of data holders to allow the use of their non-personal data without seeking or receiving a reward that goes beyond compensation related to the costs that they incur where they make their data available for objectives of general interest as provided for in national law, where applicable, such as healthcare, combating climate change, improving mobility, facilitating the development, production and dissemination of official statistics, improving the provision of public services, public policy making or scientific research purposes in the general interest [6].

Data altruism organizations recognized in the EU will be entered into national public registers of the data altruism organizations. Similarly as for the intermediation service providers, the Commission will establish a common logo that each data altruism organization will have to use in their online and offline publications.

Recognized data altruism organizations will also be subject to monitoring and supervision in terms of meeting the requirements of DGA. Competent authorities will be able, if necessary, to apply measures ensuring compliance with the requirements of the Regulation. Contrary to data brokerage service providers, no fines are foreseen for altruism organizations. If an altruism organization, despite being called to cease the violations, still fails to meet the requirements, it will lose its right to use the label "data altruism organization recognized in the Union" and will be removed from the relevant national register.

? 4. Legal remedies

The regulation provides for the possibility for legal entities to submit an individual or collective complaint to the authority competent for data brokerage services, against a provider of such services, or to the authority competent for the registration of data altruism organizations, against a recognized data altruism organization.

In addition to the complaint measure, natural or legal persons must have a right guaranteed, to an effective remedy to be sought before a court of a member state, against a decision by authorities competent for either the organizations of data altruism or for providers of intermediation services, relating to access to data.

?Establishing a harmonized legal framework for sharing of data to the benefit of innovation development is a part of the ?vision of a Europe able to effectively compete with the rest of the world. One of the three pillars of the ?European Digital Strategy is the creation of "technology that works for people". Achieving this goal includes investing in digital skills of all Europeans, accelerating the introduction of ultra-fast broadband networks in homes, schools and hospitals throughout the EU. It is also about protecting people from cyber threats (hackers, ransomware, identity thefts) and ensuring development of artificial intelligence in a way that guarantees respect for human rights and gaining people's trust. The vision also includes increasing Europe's supercomputing capacity to develop innovative solutions in the fields of medicine, transport and the environment.

We follow the latest legal regulations in this area. We are aware that they create a completely new reality, offering extraordinary opportunities on the one hand, and imposing obligations on every European on the other. These tasks include, among others:? inventorying the data held, classifying it and ensuring its security. These are not merely technical activities, for their also require appropriate?legal preparation. We support data operators, help them to implement procedures and standards. It is worth starting preparations for new businesses and the requirements of European data governance today. We look forward to working with you ??.

?

Photo by Camylla Battani on Unsplash

[1] Recital (2) of the Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (data governance act) , hereinafter in footnotes as a Regulation

[2]????Recital (3) and (5) of the Regulation 's preamble .

[3]????Art. 2 point 2) Regulation

[4]???Art. 10 of the Regulation

[5]??Art. 2 point 15)?of the Regulation

[6]???Art. 2 point 16)?of the Regulation