The last five years of the EU digital policy agenda focused on several big areas — artificial intelligence, of course, cybersecurity and online platforms.
Data sharing was high on the list, as well. The topic may not have received as much limelight as the Digital Markets Act or Digital Services Act, but a lot of policy efforts and political capital were spent on the Data Governance Act, the Data Act and the data spaces proposals. And, indeed, their ripple effects might well be worth another look.
Back in 2020, the European Commission presented its European Data Strategy. It noted European businesses and public bodies generated a tremendous amount of data, yet its potential was largely untapped.
The Commission then set out to create a European data space. The DGA was the first piece, establishing a regulatory framework to facilitate, or mandate in some cases, the sharing of data. The Data Act came next to clarify rules around value creation. Thirdly, the Commission announced it would create data spaces to apply this framework in a sector-specific way across 14 domains, including agriculture, energy, financial services, mobility and health.
The European Health Data Space is the first data space to be proposed and finalized. The final text was formally agreed to in March and it is expected to enter into force this fall.
The EHDS will be significant for the pharmaceutical and medical sectors as it will impact how many types of health data are collected, used, shared and re-used. It may also serve as a blueprint for future data spaces and, at the very least, inform some policy decisions to come.
The text contains a number of stress points which might emerge in other data spaces to some extent, irrespective of the domain they cover: for example, intellectual property and trade secret protection; limitations on international data transfers; anonymization and consent or opt out; and extraterritorial application.
These data spaces will also have to account for existing requirements under data protection, cybersecurity and digital identity, among other things.
There are also implications at the member state level. Creating these data spaces requires infrastructure and data architecture development to strive for harmonization in a European landscape that is still fragmented across many of the 14 domains. European public funding is already being poured into projects to address these challenges.
Negotiations on the framework for Financial Data Access are expected to resume under the new parliamentary term and the Commission laid out the data sharing foundations of the mobility data space last November.
Elsewhere
- The European Parliament is back at work. Its Committee on Civil Liberties, Justice and Home Affairs is resuming unfinished business related to the Commission proposals put forward last term. It reappointed rapporteurs on several legacy files still in progress, for example the proposal on AI liability. It also hopes to resume negotiations with the European Council soon on files that are more advanced.
- A U.K. Information Commissioner's Office survey of more than 2,000 data controllers highlights that 49% of organizations report lack of expertise and staff training as reasons for not adopting new technologies. Almost half point to the effort required to understand compliance requirements, and 23% reported legislative requirements, as a factor in ultimately not using the technology.
Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.