LegalGeneralitiesLaw

DGA – Data Governance Act

The DGA law, or European Data Governance Act, is a European law aimed at improving mechanisms for data availability and sharing.
Find out what the Data Governance law is in our dedicated blog article.

By Cyber Expert
DGA law
0

The DGA law, or European Data Governance Act, is a European law aimed at improving mechanisms for data availability and sharing.

The DGA officially entered into force on June 23, 2022, and has become applicable since September 2023.

Find out what the Data Governance law is in our dedicated blog article.

DGA – What for?

The law on Data Governance within the European Union aims to simplify data sharing and accessibility between EU countries, as well as between sectors.

This law has several objectives:

  • Improve confidence in data sharing.
  • Enable data reuse.
  • Improve data availability through the use of efficient mechanisms.
  • Create a common European space in key sectors within European Union countries.

This new law will have an impact on various sectors of the private and public sectors :

  • Health
  • Energy
  • Environment
  • Agriculture
  • Mobility
  • Manufacturing industry
  • Finance
  • Public administration
  • Skills

The 5 pillars of the new Data Governance law – DGA

The 5 pillars of the new Data Governance law
The 5 pillars of the new Data Governance law

1. Reuse of public sector data

The law allows the reuse of data held by public bodies.

However, this reuse is subject to a number of constraints governing their use. In addition, the public sector holds a great deal of personal data, which cannot be reused as “open” data.

They can be reused within strict frameworks defined by European and national laws.

Practices and limits to the re-use of public sector data

  • EU member countries must have solutions and protocols to ensure the confidentiality of data stored, shared and reused.
  • If a public body is unable to provide the requested data related to reuse for another “re-user” organization, the public body will have to help the “re-user” to seek the consent of the individual or the authorization of the rights holder of the data.
  • Confidential data may only be reused with the agreement and consent of the person or company concerned.
  • The Data Governance Act limits the principle of exclusive data reuse agreements to very specific cases.
  • Public bodies can charge for data reuse as long as it is reasonable.
  • A public body must respond within 2 months for the reuse of data.
  • Competent organizations can help and support public bodies in managing data reuse.
  • In order to facilitate the reuse of data, each country must set up a single information point. The European Commission will, for its part, set up a single European information point.

2. Data intermediation services

The DGA Act will put in place a set of rules for data intermediaries, with the aim of gaining the trust of organizations that will share their data.

The neutrality and transparency of data intermediary organizations will guarantee control over the loss of company’s competitive edge, as well as the risk of misuse of reused data.

The practices and limits of data intermediation services

Data intermediaries will have several rules to respect, so they will:

  • Be able to charge, at a reasonable price, the processing of reused data.
  • Be neutral third parties between companies and data “re-users”.
  • Not be able to re-use the data themselves for financial profit (resale for example).
  • Must avoid any conflict of interest.
  • Separate data intermediary services from other services.
  • Must inform the competent authorities that they wish to be data intermediaries and this authority will approve or not this service. A logo and a certification will then be distributed for the confidence of the organizations.
Data Governance Act
Data Governance Act

3. Data altruism

The principle of Data Altruism is an essential part of the DGA Data Governance Act.

In this way, companies and individuals will be able, with their permission and consent, to make data available in the public interest, without any desire for remuneration in return.

This will be used to advance research in areas that are now essential, such as health, the environment and mobility.

As a result, only trusted organizations will be able to manage this data, which cannot be used commercially.

A common form across the European Union will be provided for altruistic data sharing.

Practices and limits of data altruism

Organizations making altruism-based data available must :

  • Register as “recognized altruistic data organizations in the Union”.
  • Have a non-profit nature.
  • Meet transparency requirements.
  • Protect the rights and interests of companies and individuals wishing to share their data.
  • Comply with regulations regarding safety, techniques, communication and standards.
  • If they wish, register in the public register of data altruistic organizations.

4. European Data Innovation Council

The European Commission will set up the European Data Innovation Board (EDIB) to facilitate the sharing of best practices, with regard to data intermediation, data altruism and the use of public data that cannot be made available as open data, as well as the prioritization of standards.

Who is the EDIB made up of?

The European Data Innovation Board is made up of :

  • Competent authorities of member countries for data intermediation.
  • Competent authorities of member countries for data altruism.
  • European Data Protection Board.
  • European Data Protection Supervisor.
  • ENISA: European Union Agency for Cybersecurity.
  • European Commission.
  • Representative of SMEs from the European Union.
  • Representatives of competent bodies.

Practice of the European Innovation Council

The EDIB will operate via 3 subgroups:

  1. Representatives of member states’ competent authorities
  2. A subgroup responsible for technical discussion on standardization, interoperability and portability
  3. A subgroup for stakeholder participation

5. International data flows

All the data collected through data intermediaries will help to increase the European Union’s economic growth and international competitiveness on the world stag.

Through confidentiality agreements and levels of protection equivalent to those imposed by DGA, DGA will allow data to be exchanged, if necessary and under certain conditions, with a trusted third country.

Examples of use of the DGA law

The DGA Act will allow great progress in many areas.

So, here is an example of the impact and use this new law will have on data governance :

  • Improve the innovation of products and services in European industry.
  • Contribute to the training of AI.
  • Have better national and European policies.
  • Make public services more efficient.
  • Have more transparent data governance.
  • Provide improved and personalized care.
  • Contribute to the treatment of rare or endemic diseases.
  • Save time for individuals using public transportation.
  • Fight against climate change.
  • Improve the fight against emergency climate situations and effects.
  • Improve and develop agriculture.
  • Provide official and reliable statistical data to public administrations.
  • Create jobs.
  • Improving innovation within the EU.
  • Reduce data cost.
  • Reduce time to market for new products and services.
Continue Reading
More
Legal

Cyber Resilience Act

Standards & Certifications

PASSI Qualification

News

France Identity & Cybersecurity

Standards & Certifications

ISO 27001 Standard

Comment

Your email address will not be published.

Articles

Cyber Resilience Act

PASSI Qualification

France Identity & Cybersecurity

1 of 11