Europe’s New Strategy for Data as a Public Good

Thoughts about digital transformation and AI for enterprise leaders and their legal & compliance advisors

These posts represent my personal views on enterprise governance, regulatory compliance, and legal or ethical issues that arise in digital transformation projects powered by the cloud and artificial intelligence. Unless otherwise indicated, they do not represent the official views of Microsoft.

It is widely recognized that Europe has led the world in developing modern ideas about the protection of personal data, the kind of data that has surged in both volume and value in recent years as online services and social media have become such a large part of our daily lives. The legislative embodiment of these ideas is a European Union law we’ve discussed many times in this blog: the General Data Protection Regulation (GDPR). Interested readers may want to look at some of my earlier posts on this topic, notably “Some Thoughts and Resources to Help with GDPR Compliance” and “Can AI Meet the GDPR Challenge?” The GDPR has influenced thinking about privacy in many other regions of the world, including the United States, where it has stimulated new legislative proposals at both the federal and state levels (see in particular California’s pioneering new privacy law).

But now the Europeans are taking a further step in their thinking about the value of data. In a remarkable position paper published last week, the European Commission (the executive branch of the European Union) has laid out a set of proposals for making data into a public good whose value can be captured by society as a whole. It’s a fair wager that this paper, under the unassuming and slightly technocratic title of “A European strategy for data,” will become a landmark in thinking about this subject.

A key insight in the EU paper is that not all data is personal in nature and that indeed some of the most valuable kinds of data are non-personal. This latter category includes data generated by industry, agriculture, the development and exploitation of natural resources, and the vast infrastructures undergirding modern society in areas such as transportation and energy. The paper also encompasses the intermediate kind of data we might call “no longer personal,” for instance the patient medical records whose value for society can only be fully realized after stripping away personal identifiers.

“A European strategy for data” contains many interesting ideas. I can’t cover all of them here and hope to revisit the topic in future posts. But the paper’s main purpose is to sketch a governance and legal framework that will enable Europe to transform the immense quantities of non-personal and anonymous or anonymizable data its economy produces into genuinely public goods. This will require breaking that data out of the legal and technical silos where it now resides and establishing rules for its safe and fair shared use by all participants in Europe’s economy. As the position paper puts it:

“Citizens should be empowered to make better decisions based on insights gleaned from non-personal data. And that data should be available to all—whether public or private, big or small, start-up or giant. This will help society to get the most out of innovation and competition and ensure that everyone benefits from a digital dividend. This digital Europe should reflect the best of Europe—open, fair, diverse, democratic, and confident.”

The paper introduces an innovative four-fold model for describing how to share data as a public good:

• Government-to-Business (G2B). National and local governments across Europe produce tremendous quantities of data paid for by the public. While existing EU laws including the recently revised Open Data Directive already encourage publication of such data resources, the EC considers that more should be done. It cites the example of medical researchers who are blocked from accessing crucial public health databases because no one has yet built a policy and technology framework capable of allowing such access while respecting data protection laws such as the GDPR. It’s worth pointing out that, unlike the US, most of Europe’s healthcare sector is public. The data locked away in the medical databases of the EU’s dozens of national healthcare systems could be of unrivaled value to medical research if the right policy and technology platform existed for sharing it.
• Business-to-Government (B2G). The EU paper sees data sharing between the public and private sectors as a two-way street. One interesting example cited by the paper of where private data might be beneficially shared with public authorities is the analysis of aggregated and anonymized social media data to monitor the spread of an epidemic (an example made unexpectedly relevant by the latest news of the spread of the coronavirus in Europe).
• Business-to-Business (B2B). The sharing and use of privately-held data between companies is perhaps the most intriguing category suggested by the EU paper. The idea here is that Europe, as the world’s leading industrial power, is sitting on a reservoir of incalculable and largely untapped value in its industrial data. To liberate that value the EU proposes to create a new framework of laws and policies to provide economic incentives together with trustworthy contractual mechanisms for sharing of data between private companies. As we approach the era where every vehicle on the road will be permanently connected to the Internet, we can imagine for example that Europe’s automotive industry would greatly benefit from sharing data about the effects of driver behavior and vehicle performance on road safety, energy efficiency, and the environment.
• Government-to-Government (G2G). One of the stated goals of the EU initiative is to avoid duplication and fragmentation of European data-sharing efforts that might be caused by the growth of multiple different national approaches. Accordingly, it calls for the creation of a legal framework ensuring that data made available for public access and use in one EU member state is made available in all member states. Public health data and environmental data are excellent examples. The ideal scenario for a researcher working in one of these areas is to be able to access data from a single source or interface rather than having to sort through dozens of different national offerings.

It appears from the above that Europe is about to lead us into a brave new world of shared data as a public good. Of course, there are many important practical and legal issues to be resolved before this bold vision can come to pass. These issues include all the devilish nuts-and-bolts details of data quality and interoperability, the texts of the new laws that the EC plans to introduce over the next year or two, as well as crucial issues of cybersecurity and AI ethics. These issues aren’t trivial and finding good solutions will require debate and hard work. But I’m optimistic that this process will be fruitful. I’m also confident that these ideas will spread rapidly to other regions. In a very few years, every country in the world will be asking how it too can join the era of data as a public good.

Microsoft has published a book about how to manage the thorny cybersecurity, privacy, and regulatory compliance issues that can arise in cloud-based Digital Transformation. The book explains key topics in clear language and is full of actionable advice for enterprise leaders. Click here to download a copy. Kindle version available as well here.