Digital transformation is revolutionising our lives and resulting in the transfer of many offline activities to the network. This trend has been accelerated by the pandemic, social distancing and lock-downs which have imposed smart working and distance learning. Given the increasing volume of non-personal industrial data and public data in Europe, combined with technological changes in how the data is stored and processed, being a potential source of growth and innovation, a regulatory framework and an ecosystem must be guaranteed in accordance with European values, fundamental rights and rules creating trust and benefits for all Europeans.
European institutions are aware of the importance of ensuring an ecosystem able to create trust and encourage data use. Three main pieces of legislation currently provide the legislative framework for data – the General Data Protection Regulation (Reg. 2016/679), the Regulation on the free flow of non-personal data (Reg. 2018/1807) and the Open Data Directive (Directive 2019/1024). An in-depth overview of the main steps taken by the von der Leyen Commission has been presented, highlighting aspects to be further developed, and anticipating the next steps foreseen by the Commission’s Work Programme for 2021. To ensure a coherent and comprehensive approach, a set of actions has already been established by the Data Strategy (February 2020) and will be complemented by i.a. the regulation on data governance (Q4 2020) and the Data Act (Q3 2021) to ensure the safe and effective sharing and reusing of data.
THE EUROPEAN STRATEGY FOR DATA
Specifically, on 19 February 2020, the European Commission presented the Communication “Shaping Europe’s digital future” explaining the European Digital Strategy and the Data Strategy and the White Paper on Artificial Intelligence which are the first pillars of the new digital strategy. The Communication “A European strategy for data” underlines several critical issues to be overcome concerning the availability of data, imbalances in market power, data interoperability and quality, data governance, data infrastructures and technologies, empowering individuals to exercise their rights, skills and data literacy and cybersecurity.
Considering these issues, the Commission has outlined a strategy focused on four pillars and several key actions: 1) a cross-sectoral governance framework for data access and use. Key actions: a) cross-sectoral (or horizontal) measures for data access and use establishing a legislative framework for the governance of common European data spaces (Q4 2020) to strengthen the governance mechanisms at EU and MS level relevant for cross-sector data use and for data use in the common sectoral data spaces, involving both private and public players, facilitating decisions on which data can be used, and how and by whom for scientific research purposes compliant with the GDPR and making it easier for individuals to allow the use of the data they generate for the public good, if they so wish (‘data altruism’), in compliance with the GDPR; b) starting the procedure for the adoption of an implementation act on high-value data sets (Q1 2021) under the Open Data Directive, making these data sets available across the EU for free, in machine-readable format and through standardised Application Programming Interfaces (APIs); c) the adoption of a Data Act (2021); d) analysis of the importance of data in the digital economy (e.g. through the Observatory of the Online Platform Economy), and review of the existing policy framework under the Digital Services Act package (Q4 2020); 2) enablers, involving investments in data and strengthening Europe’s capabilities and infrastructures for hosting, processing and using data, interoperability. Key actions: a) invest in a High Impact project on European data spaces; b) sign Memoranda of Understanding with MSs on cloud federation, Q3 2020; c) launch a European cloud service marketplace, integrating the full stack of cloud service offering, Q4 2022; d) create an EU (self-)regulatory cloud rulebook, Q2 2022; 3) competences, empowering individuals, investing in skills and in SMEs. Key action: explore enhancing the portability right for individuals under Article 20 of the GDPR giving them more control over who can access and use machine-generated data (possibly as part of the Data Act in 2021); 4) common European data spaces in strategic sectors and domains of public interest, promoting the development of common European data spaces in strategic economic sectors – Industry (manufacturing), the Green Deal, Mobility, Health, Finance, Energy, Agriculture, Public Administrations, and Skills. Key action: create a framework to measure data flows and estimate their economic value within Europe, as well as between Europe and the rest of the world, Q4 2021.
THE PUBLIC CONSULTATION: MAIN FINDINGS
The European Strategy for data was subject to public consultation until 31 May 2020. On 24 July 2020, the Commission published a summary report taking stock of the contributions and presenting their preliminary trends. In total, 806 contributions were received – 338 from a company or business organisation/association, 201 from citizens (all EU citizens), 98 from academic / research institutions, and 57 from public authorities. Consumers were represented by 7 respondents and non-governmental organisations (including 2 environmental organisations) by 54 respondents.
The online consultation involved general questions on the data strategy (section 1), specific questions on data governance (section 2.1) – including standardisation, secondary use of data, data donation and data intermediaries -, specific questions on high-value datasets (section 2.2), and specific questions on the (self-/co-) regulatory context of cloud computing (section 2.3). For the general questions, there is consensus on the need to increase data availability, make it easier for individuals to grant access to their existing data, in line with the GDPR, remove difficulties in using data from other companies, and make major investments in technologies and infrastructures that enhance data access and use, while giving individuals, as well as public and private organisations, full control over the data they generate.
Where governance is concerned, there is a general consensus that standardisation is necessary to improve interoperability and ultimately data re-use across sectors. As for making a broader range of sensitive data available for R&I purposes for public interest, the report highlights the importance that public authorities place on the anonymity of specific data for concrete use-cases and the clarification of the legal rules. For “data altruism”, instead, the lack of sufficient tools and mechanisms to ‘donate’ their data was underlined. Regarding the specific questions on high-value datasets, the respondents consider the establishment of a list of high-value datasets, to be made available free of charge, without restrictions and via Application Programme Interfaces (APIs). This is seen as a good way to ensure that public sector data has a positive impact on the EU’s economy and society, as well as providing funding to enhance the availability and re-use of high-value datasets across Europe, especially those to improve the quality (e.g. machine-readability) and interoperability of the data /metadata and, to a lesser extent, funding for engaging with re-users.
As for the regulatory context of cloud computing, the stakeholders answered that the cloud market currently offers the technological solutions that businesses need to grow and innovate, even if a significant percentage of respondents underlined the existence of problems in cloud market functioning, of barriers (security, technical and economic/cost barriers), and the idea that security concerns are the most prominent risk for the future. To achieve a successful digital transformation for the economy and society, Europe should seize on the opportunity to capture, store and take advantage of available data. This means developing new technologies and infrastructures, with a clear legal framework and the supply of the right skills, with the final goal to ensure that all Europeans may profit from the potential that data can provide for our economies and societies.
Considering that data management undoubtedly plays a central role in supporting the decision-making process and also in business development, data should be characterized by high standards of quality and interoperability. For this reason, it is important to develop a legislative framework based on the values of transparency, interoperability and accessibility and a network for mutual assistance and prevention of cyber-attacks based on an EU cybersecurity certification framework. Conditions for donation of data will be specified as well, whether it comes from companies, associations or the public sector. Rules to be applied to intermediaries in facilitating the sharing, mainly between private actors, should be clearly determined in order to create a secure and clear legal framework. A framework for the exploitation of data concerning competition rules, market fairness and asymmetries in the exploitation and use of data will be also taken into account so the DSA package (Q4 2020) and the Data Act will be an opportunity to achieve these goals.