The Data Governance Act – between undermining the GDPR and building a Data Commons

Compared to the DSA and the DMA, the DGA has received relatively little attention, both from the digital rights community and, seemingly, from industry stakeholders. So far, the discussion in the EP – where the Internal Market ( IMCO), legal affafirs (JURI) and civil liberties (LIBE) committees have issued opinions – has revealed relatively few clear faultlines. 

In the shadow of the discussions about the Digital Services Act (DSA) and the Digital Markets Act (DMA), the Data Governance Act (DGA) is slowly but steadily making its way through the European Union (EU) legislative process. Eight months since the unveiling of the proposal by the European Commission in November 2020, the European Parliament’s (EP) Industry, Research and Energy (ITRE) Committee – with MEP Angela Niebler as rapporteur – is expected to vote on its report at the end of this week, which would pave the way for the adoption of the EP’s negotiating position after the summer break. 

Compared to the DSA and the DMA, the DGA has received relatively little attention, both from the digital rights community and, seemingly, from industry stakeholders. So far, the discussion in the EP – where the Internal Market (IMCO), legal affafirs (JURI) and civil liberties (LIBE) committees have issued opinions – has revealed relatively few clear fault lines. 

Why is the DGA important? What is the connection with the GDPR?

From a digital rights perspective, the main issue at stake is the relationship between the proposed DGA and the existing acquis dealing with data protection – the General Data Protection Regulation (GDPR) and the ePrivacy Directive. While the existing regulatory framework rests on a data governance model rooted in privacy and data protection principles to protect people’s fundamental rights, the DGA’s primary objective is to foster the emergence of a European data-driven economy. 

To avoid conflicting provisions with data protection law, EDRi and Access Now have called for the removal of personal data from the scope of the DGA. These demands have not been answered by the EP, although the amendments contained in the opinion adopted by the LIBE committee increase privacy and data protection safeguards compared to the original proposal. 

Missed opportunity

While it remains to be seen whether these changes will find their way into the final EP negotiation position, it is nonetheless clear that the DGA has so far been a missed opportunity to establish data governance mechanisms that reflect a ‘commons approach’ to data governance. On the contrary, the proposal mainly rests on the assumption that data is an untapped asset that must be unlocked to enable a stronger European digital economy. 

Nevertheless, there are important references to data sharing arrangements that do not entirely rely on private control over non-personal data: the proposal in passing introduces the concept of “data cooperatives”. In addition, a cornerstone in the proposed DGA is the introduction of so-called “data altruism organisations”, that fail to convince in their current form. 

What should be done?

As EDRi’s affiliate Open Future argues in their recent policy brief – “The Data Governance Act: Five opportunities for the Data Commons” – there is some limited potential to strengthen these concepts beyond their current economic framing. To be sufficiently ambitious and reflect societal needs, data altruism needs to be tied to a strong public interest function. Likewise, emerging concepts like data cooperatives and common interoperable data spaces need to be narrowly defined and accompanied by governance structures that reflect a variety of stakeholders, beyond industry representatives. For a more detailed discussion of these opportunities please refer to the above-mentioned policy brief.

(Contribution by: Paul Keller & Francesco Vogelezang, Open Future)