Hogan Lovells 2024 Election Impact and Congressional Outlook Report
The European Union has already enacted several Directives to allow (or mandate) the possibility for companies to access and re-use the data held by EU public administrations in the European Union. However, in many cases this access is still not allowed, where data is protected by laws that impede access to it by private entities. This is the case of personal data, data protected by some intellectual property provisions or by specific trade secret laws, etc. that cannot be generally shared by public administrations. The incoming Data Governance Act (still under legislative process) aims to provide new legal tools to enable the sharing of such data.
The European Union institutions and bodies (the EU) are aware that data is an essential resource for economic growth, competitiveness, innovation, job creation and societal progress in general. In order to maximize the possibilities of the use of data, while safeguarding the rights of EU citizens, the European Commission has developed the European Strategy for Data. The European strategy for data aims at creating a single market for data that will ensure Europe’s global competitiveness and data sovereignty.
As part of this strategy, the EU has the intention, through new legal tools, to facilitate initiatives that would make data more widely available by opening up high-value publicly held datasets across the EU, allowing their reuse for free or at a proportionate charge.
In the words of the EU Commission,
"the data governance act will increase trust in data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles to the reuse of data" and "will also support the set-up and development of common European data spaces in strategic domains, involving both private and public players: health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills".
The EU has enacted several legal tools to allow the access to data held by public administrations by the wider society. The main Directive that has been enacted in this sense is the Open Data Directive. The main objective of this Directive is to enable re-use of all data held by public administrations by anyone (including companies), by fostering standard, machine-readable, accessible, interoperable, etc. formats, through well-designed APIs. The term “Data” in the Directive should be interpreted as having an extremely wide scope, to include any kind of documents and dynamic data, for example environmental, traffic, satellite, meteorological and sensor generated data.
However, the Open Data Directive has excluded from its scope data protected by different laws or provisions. For instance:
Documents, such as sensitive data, which are excluded from access, including on grounds of commercial confidentiality (including business, professional or company secrets);
Data protected by intellectual property rights of third parties; and
Documents that contain personal data.
The problem here is that the exception for the access to the data is so broad, that at the end of the day a high amount of data cannot be accessed and re-used which, as stated in the Data Governance Act, "has led to the underutilisation of such data".
In the context of the aforementioned aims, it is important to understand that certain categories of information will still be protected and out of the scope of the Data Governance Act, such as data held by public undertakings, public service broadcasters, data protected for reasons of national security, defence.
In view of this underutilization of data, the EU Commission has developed its Proposal for the Data Governance Act. The key elements are:
The conditions for re-use of data may include:
The access may be subject to fees, but those fees shall be proportionate, objectively justified, non-discriminatory and shall not restrict free competition.
The EU is aware that the conditions of re-use imposed by the public administration may not be enforceable in third countries, with the risk of "unlawful access that may lead to IP theft or industrial espionage". Therefore, if the public administration has considered that the data available for re-use is to be considered confidential or protected by intellectual property rights, it may prohibit the transfer of such data outside the EU.
There are some derogations to this prohibition:
Where data qualifies as "highly sensitive" further restrictions can be imposed to allow data to be transferred outside the European Union.
One of the main opportunities for business under the Data Governance Act is the creation of data sharing service providers, that will act as intermediaries between public administrations and companies with the aim of re-use. These data sharing services will be instructed to prepare the data to adapt it to the need of the re-user, while ensuring compliance with the conditions of re-use imposed by the public administration.
There is a strict framework for data sharing services. For example, such service providers will be required to notify the relevant authorities under the Data Governance Act and will not be allowed to use the data for their own purposes.
The Data Governance Act will bring new opportunities for companies with interest in data held by the public sector in the European Union. In this sense:
Authored by Gonzalo F. Gállego and Juan Ramón Robles.