Establishing common rules and practices across the EU relating to developing a framework for data governance
The DGA is an EU-wide regulation that has been applicable since 24 September 2023.
The aim of the DGA is to improve the conditions for data sharing in the EU's internal market. It contains horizontal rules, creating a harmonised framework for (personal and non-personal) data exchanges and the basic requirements for data governance. With the DGA, the EU aims to eliminate some of the hurdles for the development of common European data spaces.
Who is in scope of the DGA
The DGA applies to different types of entities. The DGA contains a substantial new regulatory framework for data-sharing services that qualify as data intermediation services. Examples include open data marketplaces, enablers of data-sharing ecosystems and data pools that license data to all interested parties and reward all contributors. The DGA also establishes data sharing frameworks for the public sector and the non-profit sector.
“The conditions for data intermediation services can have an important impact on the business model of service providers.”
Requirements for data intermediation services
Among other requirements, data intermediation service providers are required to:
- remain neutral with regard to the data exchanged between data holders or data subjects and data users;
- make a prior notification to the competent authorities;
- provide these services through a separate legal person; and
- comply with strict obligations in the provision of the relevant services.
Data sharing frameworks
Public sector bodies can rely on the data sharing framework established by the DGA if they want to share certain protected data. “Protected data” means data that is protected by, for example, confidentiality, third-party intellectual property rights, trade secrets or personal data protection.
The DGA also sets out a voluntary framework of consent-based data sharing for data altruism, which refers to the use of data for the greater good. Nonprofit organisations that meet certain conditions will be able to be recognised as data altruism organisations.
Actions to consider
Providers of data intermediation services should assess whether their services are likely to be in scope for DGA and if so to notify the competent authority. In such cases, a thorough assessment of the new requirements is needed. Public sector bodies and nonprofit organisations should also assess the potential benefits of, and opportunities for, data sharing.
Get in touch with your usual DLA Piper contact or our key contacts below for information on how we can assist you with this exercise.