The EU Data Governance Act: Data Intermediation Services
Data Leaders members can download our full 25-page report and connect with peers via the Data Leaders Hub.
A pivotal aspect addressed by the new EU Data Governance Act (DGA) is the provision of data intermediation services as a mechanism to bolster data sharing.
Data sharing is still a controversial topic. Many organisations remain reluctant to share their data, driven by concerns of losing their competitive advantage and amplifying the risks of data misuse. Meanwhile, Big Tech platforms wield significant market power in their data-handling practices owing to their extensive control over vast volumes of data.
The DGA framework establishes a set of rules to govern data intermediation services to ensure data intermediaries (such as data marketplaces) operate as trustworthy organisers of data sharing or pooling within the common European data spaces.
According to the EU Commission, the framework offers an alternative model to the data-handling practices of major tech platforms. It seeks to increase trust in data sharing based on the neutrality and transparency of data intermediaries whilst empowering individuals and companies to retain control over their data.
It is, therefore, essential for data leaders, despite their industry, who are already engaged in or considering data exchange through intermediation services within the EU, to comprehend the nuances of this new regulation. This understanding is crucial for CDAOs to navigate their responsibilities and rights effectively and to fully capitalise on the opportunities it presents.
In the following set of infographics, we lay out the key elements of the framework.
Categories of services considered data intermediation services under the Data Governance Act
The Data Governance Act lays out three categories of data intermediation services covered by its legislation:
- Services connecting data subjects (identified and identifiable persons) and data users (a person who can legally access and use data for commercial and non-commercial purposes). These services relate particularly to the use of personal data.
- Services connecting data holders (a person authorised, but not the data user, to share or provide access to data), and data users . A common use case is the sharing of industrial data.
- Service of data cooperatives (organisational structures who help their members in exercising their rights over data).
Procedure for data intermediation service providers intending to operate within the EU.
Among others, the DGA outlines a clear procedure for data intermediation service providers intending to operate within the EU. This includes obtaining and using the common logo designed by the EU to identify authorised providers; the process differs for EU-based and non-EU based services who will require legal representatives within the member country.
In the next two infographics, we outline the steps to identifying and engaging with these authorities.
Conditions for provision of data intermediation services
The DGA also establishes conditions for the provision of data intermediation services to ensure fairness, neutrality, transparency, and compliance. To help understand these, we have divided the conditions into three categories: commercial, data handling and management, and data privacy, security and protection. Organisations intending to provide data intermediation services in the EU must comply with the following conditions:
Monitoring of intermediation services
The competent authorities appointed by the member states will be responsible for monitoring and supervising compliance, collaborating across the Union to ensure adherence to the DGA. Providers who are found to be non-compliant with one or more of the conditions listed in the DGA will be notified and given 30 days to respond.
Enforcement measures
Competent authorities have the power to require the end of any infringements to the conditions above listed and to take appropriate and proportionate measures to ensure compliance, namely via financial penalties, legal proceedings, suspension and cessation of services.
Next in our Data Law series, we’ll be looking at Reuse of Data Held by the Public Sector under the EU Data Governance act.
Ensure you get stories like this and many more interesting insights from data and analytics leaders like you by signing up to our newsletter. Would like to become a member? Get in touch!