CIPL responds to the European Fee’s proposal for a regulation on European information administration
On February 5, 2020, the Center for Information Policy Leadership (“CIPL”) in Hunton Andrews Kurth submitted a response to the European Commission’s public consultation (the “Commission”) on the Commission’s proposal for a Regulation on European Governance of Data ( “Data Governance Act” or “DGA”). This proposal is the first series of initiatives announced as part of the broader European data strategy.
The Commission published a draft of the DGA for the first time on November 25, 2020. The proposed regulation is intended to strengthen trust in the ecosystem of data exchange and promote data availability. The three main objectives are: (1) to encourage the reuse of certain categories of public sector data; (2) create requirements for data exchange services; and (3) creating a framework for data altruism organizations. The proposal would also create a new group of experts, the European Data Innovation Board (“EDIB”), which would work with the European Data Protection Board (“EDPB”) on a number of tasks, including promoting best practices for data exchange .
CIPL welcomed the opportunity to respond to the proposed regulation and agrees with the DGA’s objectives, as data availability and exchange are fundamental to a data-driven economy. CIPL’s response to the consultation contains specific comments on the DGA as well as general comments for future proposals on European data spaces, high quality data sets or the future data law. The DGA and upcoming initiatives provide an important opportunity to further promote a principle-based, risk-based, and accountable approach to data sharing and related initiatives.
The main recommendations from CIPL to the Commission are:
- Inclusion of organizational accountability as a building block of the DGA and future European data strategy initiatives, supported by a simple, principle-based and agile regulatory approach to data sharing;
- Integrate a risk-based approach to data exchange to adequately balance benefits, risks, and retention risks for data exchange and apply the appropriate mitigation measures.
- Enable trust across the data exchange ecosystem, including data providers, intermediaries and recipients, whether public or private.
- Enabling the joint creation of a unified governance framework for responsible data exchange between regulators and industry;
- Promote regulatory sandboxes to enable responsible data sharing and innovation through experimentation in consultation with regulators;
- Clarify the relationship between the DGA and the GDPR and ensure that the Data Protection Authorities (DPAs) are the only supervisory authorities responsible for matters related to personal data.
- Avoid placing undue reliance on consent to the detriment of other available legal bases and the statistical and research exemptions under the GDPR.
- Ensure a simple, agile and harmonized approach to requesting access to datasets and sharing processes between EU Member States;
- Clarification of the international data transfer toolkit for non-personal data, taking into account the experience of the GDPR with the transfer of personal data to third countries;
- Enable the use of cloud services to promote data exchange while providing a secure processing environment.
- Create a level playing field inside and outside the various mechanisms and approaches to data exchange, so that both new players and established companies can be innovative and competitive; and
- Identify and support the mechanisms already in place that enable organizations to responsibly share data for socially beneficial purposes and in the public interest.
Download CIPL’s full response to the consultation.