The European Parliament adopted by 501 votes to 12, with 40 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act).
The European Parliament's first reading position under the ordinary legislative procedure amends the proposal as follows.
Subject matter and scope
This Regulation lays down: (i) conditions for the re-use, within the Union, of certain categories of data held by public sector bodies; (ii) a notification and supervisory framework for the provision of data intermediation services; (iii) a framework for voluntary registration of entities which collect and process data made available for altruistic purposes; and (iv) a framework for the establishment of a European Data Innovation Board.
The Data Governance Act (DGA) aims to increase trust in data sharing, create new European rules on the neutrality of data markets and facilitate the re-use of certain data held by the public sector. It will establish common European data spaces in strategic areas such as health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills.
The Regulation does not create any obligation for public sector bodies to allow the re-use of data, nor does it release public sector bodies from confidentiality obligations under EU or national law.
Re-use of certain categories of public sector data
Public sector bodies will need to avoid creating exclusive rights for the re-use of certain data, and exclusive agreements should be limited to a period of 12 months for new contracts, and two and a half years (30 months) for existing contracts, to make more data available to SMEs and start-ups.
Conditions for the re-use of data
The public sector bodies competent to grant or refuse access for re-use of one or more of the categories of data should make public the conditions for allowing such re-use and the procedure for requesting re-use through the national Single Points of Information.
The conditions for re-use should be non-discriminatory, transparent, proportionate and objectively justified, without restricting competition, with an emphasis on promoting access to such data by SMEs and start-ups.
Public sector bodies will have to ensure that the protected nature of the data is preserved.
Unless national law provides specific safeguards on confidentiality obligations applicable to the re-use of data, the public sector body will have to make the re-use of the data provided conditional on the re-user complying with a confidentiality obligation prohibiting the disclosure of any information that compromises the rights and interests of third parties that the re-user may have acquired despite the safeguards in place.
Transfer of data to third countries
A re-user intending to transfer protected data to a third country will have to comply with the obligations laid down in the Regulation, even after the data have been transferred to the third country. The Commission may declare, by means of implementing acts, where this is justified by a large number of requests throughout the Union for the re-use of non-personal data in specific third countries, that a third country offers a substantially equivalent level of protection to that provided for under Union law.
Fees
Fees applicable under the Regulation should be transparent, proportionate, non-discriminatory and objectively justified. In addition, competent authorities will be able to apply reduced or zero fees for SMEs, start-ups, civil society organisations and educational establishments.
Single information point
Member States should ensure that all relevant information on conditions for re-use and charges is available and easily accessible through a single information point. The single information point may be linked to sectoral, regional or local information points. It could establish a separate, simplified and well-documented information channel for SMEs and start-ups, to meet their needs and capacities for requesting data re-use.
Data intermediation service providers
Members clarified the scope of the legislation, in particular regarding data intermediation services, to ensure that large technology companies are included in the framework.
In order to ensure that data intermediation service providers recognised in the EU are easily identifiable throughout the EU, the Commission will have to devise a common logo by means of implementing acts. EU-recognised data altruism organisations should display the common logo clearly on every online and offline publication that relates to their data altruism activities.
Where a data intermediation service provider not established in the Union does not appoint a legal representative or where that legal representative does not provide the necessary information proving compliance with the Regulation, the competent authority may postpone the commencement of the provision of the data intermediation service or suspend its provision.
Data altruism
Member States may develop national policies in the field of data altruism. These national policies may, in particular, assist data subjects in making personal data related to them held by public sector bodies available voluntarily for data altruism. Data intermediation services providers recognised in the Union should display the common logo clearly on every online and offline publication that relates to their data intermediation activities.
Legal remedies and sanctions
Any natural or legal person affected by a decision of a public sector body or a competent body, as the case may be, should have an effective right of judicial review of that decision before the courts of the Member State in which that body is situated. Member States will also have to provide for a system of penalties applicable to breaches of the provisions of the Regulation.