Data Governance Act: making a virtue out of necessity

The European Commission on November 25, 2020 published the Data Governance Act: its proposed regulation for the European data market. The Data Governance Act is a legal and policy framework aimed at enabling public authorities, companies, and citizens to get maximum value from data across all sectors of the economy and many aspects of society. To date, in fact, it is the lack of tools that is the real problem, not of will, the actors are ready to do each his part.

The Data Governance Act aims to:

  1. Make public sector data (protected by trade secrets, third party intellectual property, etc…) available for reuse. Reuse in the meaning of use by citizens or legal entities of documents held by public bodies or public companies (not possible to date unless exclusive agreements are created with partners for general interest purposes and for no longer than three years);
  2. Sharing of data between companies for remuneration;
  3. Allowing use of and access to data through data sharing intermediaries.
    The birth of these new interlocutors that will surpass the figures of the (not always clear) data brokers, will imply a massive control by the European Commission that will insert them in a certified register with the guarantee that one of their offices will be on the territory of a member country of the European Union.
  4. Allowing the use of data for altruistic purposes through intermediaries who will not act for profit but in the light of a general interest, such as health, scientific research, responses to emergencies such as floods and fires, the development of personalized medicine, etc.


The legal basis for this future regulation is art. 114 of the Treaty on the Functioning of the European Union (TFEU). The choice of the legal instrument – Regulation – is justified by the need for uniformity and order in a horizontal sense, not subject to the unilateral visions of the member states. Moreover, the initiative is proportional to the objectives: never going beyond what is necessary for the harmonization of the digital market while respecting the prerogatives of the Member States.

This is the “European Strategy“, an innovative approach to data sharing that builds trust and facilitates data exchange in a “single but sovereign market” that is also an alternative model to the data processing practices of the major technology platforms. The European line is the result of long reasoning regarding a precise question: “what kind of processing do the technological platforms we use every day adopt? And why is this processing characterized by glimpses of dangerousness?”.

Since Cambridge Analityca, through the Snowden affair and up to Maximilian Shrems’ battle (and without having to bother with Jeremy Bentham’s Panopticon and George Orwell’s Big Brother) we have had before our eyes what the real issue is: the current technological platforms, which we all use to some extent, have a high market power, since their business models imply the control of large amounts of data.

What does “control the data” mean? – Questioning who owns the data is of primary importance in order to understand the efforts that the European Union is making – Controlling the data means that the current technological platforms store in their databases an elephantine mass of data and have at their disposal the tools to make them attractive, conditioning their choices.

The framework for action is clear and the need for structure is certainly not only a European aspiration: Switzerland, too, runs on parallel tracks. Switzerland is also running on parallel lines. Our country has mobilized itself to meet the same requirements. The new Swiss Data Protection Act 2020 (DPA), which was approved by the Swiss Federal Parliament on Friday, 25 September 2020, will enter into force in mid-2022. How quickly Switzerland will be able to accomplish its goals will also depend on the EU: as of today, Switzerland is waiting for the European Commission to renew its adequacy decision, a decision that allows unimpeded data transfers to Switzerland. At the same time, the EU could put pressure on Switzerland to accelerate the implementation of the DPA. *(We will elaborate on these issues in future articles).

The context in which we find ourselves is therefore full of reflections and discussion points.

Of course the European Union needs to make every citizen/company/public body aware of the responsibility towards shared data and it is clear that the effort of the European Commission aims to promote yes the availability of data to be used but also to increase the valuable trust towards data intermediaries and strengthening the sharing mechanisms across the EU.

Better positioning the diopters, we acquire that:

  1. The European Commission’s proposal looks to the future regulation in a continuation of values already provided in the GDPR and ePrivacy Directive, values that speak the same language – even multiple languages – and share a culture
  2. It aims to unlock the economic and social potential of data and technologies such as artificial intelligence while respecting EU norms and values
  3. Integrate the Open Data and Reuse of Public Sector Information Directive of 20 June 2019 no. 1024 of the European Parliament and Council in order to create a basic cultural order and approach
  4. Supports the creation of a data economy in the digital single market
  5. Marks a need: to avoid staying in the fragmentation of the spaces and places where Big Data is kept and consequently aim for innovation. The opposite case would involve inertia, stopping in one’s own (to date fake) comfort zone and distrust: clear signals that should no longer be underestimated;
  6. Adopt clear solutions aimed at giving Europeans and states that will adapt control over the use of the data they generate, making it easier and safer for companies/citizens/public bodies to voluntarily make their data available for the common good.
  7. Generating a new and more consonant concept of neutrality to enable new data brokers to become trusted organizers of data sharing; these new organizers of data sharing will be the real players in an important goal to increase trust. To ensure this neutrality, the data sharing intermediary cannot process the data on its own behalf (e.g., by selling it to another company or using it to develop its own product based on this data) and will have to meet strict requirements.

From this side of the view we realize that it is an issue that is boiling in Europe but not only. Today, the debate in the United States revolves around the certainty that if America does not come forward in the discussions with concrete proposals, others will. This will materialize their worst nightmare: a balkanized world to the detriment of American societies and economy, for now, however, assumptions remain anemic. China, for its part, has long been using a wide-ranging censorship regime, nicknamed “the Great Firewall”, to regulate content and access to the Internet. But China can’t sleep easy dreams because it knows that if estimates of the number of Internet-connected devices, prognosticated at three times the current number in 2023, are realized, it will have to accelerate and revise its vision on the matter and transform existing business models. The Covid-19 pandemic has further accelerated digitization across all industries and the clock is ticking.

Returning to the European side, the proposal will be debated and negotiated by the European Parliament and the Council of Ministers before being adopted. The debate will also continue in light of new proposals on the Digital Markets Act, the Digital Services Act and interactions with GDPR rules.