Mozilla Data Futures Lab defines data cooperatives as constructs that “aim to facilitate the collaborative pooling of data by individuals or organizations for the economic, social, or cultural benefit of the group”.
In the DGA, this definition seems to apply, first, to collectives which seek to strengthen the position of data subjects vis-à-vis processors in exercising their rights under GDPR. Second, to those organizations that leverage the position of one-person companies, micro, small and medium sized enterprises in terms of data sharing knowledge. In this light, services of data cooperatives would negotiate terms and conditions for data processing in users’ interest before they consent, thus guiding them in making informed choices.
This concept should be better developed as it bears potential for users’ empowerment in the online sphere. Existing initiatives, such as FairBnB, Driver’s Seat, and Resonate have already demonstrated their impact in safeguarding the position of certain data subjects’ groups vis-à-vis controllers. Therefore, amendments clarifying the scope of data cooperatives, such as those submitted by the Greens and the Renew group, are important steps in the right direction.
Interoperability is an important principle that will ensure that data sharing is possible to a greater exchange, and conducted in a standardized way. It is a principle that supports innovation and competition. The proposal to introduce interoperability, in particular to data intermediaries defined in Chapter III, is made by the S&D group. Interoperability is one of the key components of the FAIR data principles, which are referred to in the European Data Strategy.
Related to this is the concept of common sectoral data spaces, which are also defined in the Strategy as key components of the European data governance framework. These spaces have been missing from the original DGA proposal. The amendments proposed by the S&D group, which outline a new Chapter V by defining data spaces together with design principles for their creation, would substantially improve the proposed Regulation by providing for greater definitional clarity.
On a similar note, Chapter VI deals with the creation of a governance body of the DGA: the Data Innovation Board. The original proposal, in Article 26, foresees the creation of an Expert group consisting of the representatives of competent authorities from all Member States, the European Data Protection Board, the Commission and key sectors. The Board would advise the Commission on increasing data sharing in the Union. So far, the submitted amendments reflect different political stances on the assigned powers to the Board, its competences, and governance structure. Most notably, these include diverging opinions on the setting of the Board as an expert group or as a stakeholders’ body. There are currently on the table two proposals for an ancillary body to the Board: a “Data Exchange Board” and a “Data Innovation Advisory Council”. Although this difference seems insignificant at first glance, these two terms embed different regulatory preferences. The Data Exchange Board would consist of an expert group aimed at supporting the emergence of European data spaces and interoperability across intermediaries. And the Data Innovation Advisory Council would in turn be concerned with more broad advice on innovative data practices. The creation of a dedicated ancillary body responsible for data interoperability would be an important addition to the proposal. In this context it will be crucial that broad, society-wide representation is ensured in all DGA governance bodies – especially from academia, civil society and public institutions. This is necessary to avoid the capture of European data governance process by particular private interests.
In addition to these new rules for data sharing, the DGA also contains provisions that further modify the data sharing regime for public sector bodies in the EU. Chapter II addresses some of the questions that have been left out by previous regulatory interventions in this area, most recently by the 2019 Open Data Directive. In this light, two main issues emerge.
First is the issue of which categories of data, used by public sector bodies, fall under the scope of the Regulation. On this point, the Left group is proposing changes that would remove personal data from the scope of the proposal, together with data processed in the context of employment. The Greens and S&D propose to exclude data held by cultural and educational establishments when protected by fundamental rights provisions or third party intellectual property rights. Such attempts to limit the obligations imposed on public institutions are understandable, but it is important that they are well defined. Specifically, the exclusion of data protected by intellectual property rights must be limited to situations where such rights are held by third parties and not by institutions themselves. Otherwise, the existence of (highly problematic) database rights might render the provisions introduced by the proposed DGA ineffective from the start, which would result in a substantial weakening of policies aimed at increasing access to culture or educational resources.
Secondly, there is considerable discussion on the issue of data transfer by public sector bodies to third countries. The Left group, in line with its overall interpretation of the Schrems II ruling, aims not to enable data transfers to third countries lacking an adequacy decision by the Commission. The EPP and Renew are in favour of keeping dataflows as open as possible provided that, as stipulated in art. 5(10), confidential information is not disclosed and that the re-user accepts the jurisdiction of the Courts of a Member State of the public sector concerned in the case of dispute. Finally, the Greens take a middle stance as they aim to halt the transfer of personal data while keeping non-personal dataflows open, if the two above-mentioned conditions are met.
The controversy around this issue is once again linked to the Schrems II ruling that significantly altered dataflows in the global economy. To shed more light on this issue, it is fundamental to strike a fair balance between data protection and economic interests, provided that such compromise is sufficiently applicable. In the absence of a new EU-US deal on data exchanges, an important contribution is offered by the LIBE draft opinion which contains important additions to the empowerment of public bodies in evaluating the legality of data transfers towards third countries. Accordingly, reusers would not be granted the prerogative of transferring data unless they are compliant with the above mentioned conditions spelled out in article 5. This would provide at least temporary clarity for the transfer of users’ data to third countries.
The discussions around these five themes are likely to endure for quite some time during the next legislative phases As highlighted throughout the text, the DGA is an important legislative cornerstone for Europe’s pursuit of strategic autonomy and digital sovereignty. As such, it is highly interconnected with parallel legislative initiatives, most notably the Artificial Intelligence Act, the ePrivacy reform, and the Data Act. The Data Act, in particular, will be at the centre of our attention as the measure is set to supplement the DGA on the use of privately-held data by the public sector, Business-to-Business data access, competition in the cloud computing market and the sharing of non-personal data to third countries. As the Data Act proposal matures, we will analyze how it can contribute to strengthening the Data Commons in Europe.