Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
Expected in the second half of 2025, the European Data Union Strategy follows the actions outlined in the 2020 European strategy for data. The objective of the 2020 strategy at the time was to create a market in which data could flow freely within the EU and across sectors — the Digital Governance Act, Data Act and data spaces were all wrapped under this initiative.
Promoting cross-industry coordination and data sharing to accelerate the integration of artificial intelligence into the European industry was a top recommendation in the 2024 report on European competitiveness by former Italian prime minister and European Central Bank President Mario Draghi. A less publicized though equally interesting April 2024 report by former Italian prime minister Enrico Letta also postulated that the EU is not quite there in terms of having a truly single market for data.
Enter the Data Union Strategy. The strategy, currently in preparation, aims to support AI innovation and stimulate investment in data technologies; facilitate secure data sharing and availability; simplify the regulatory regime applicable to data and its application; and accelerate the development of new systems or applications while respecting fundamental rights, including in addressing international data flows.
The problem statement, as posed by the European Commission in its working document, is that "access to data, access to talent, computing facilities, and capital remains a challenge." It intertwines a slower digitalization of traditional sectors in the EU and a lack of alternative to non-EU tech solutions, including for developing and applying AI.
The Commission notes that the "complex mix" of rules on data use in the EU and their interplay are hard to understand. The complexity is compounded by different authorities in charge of enforcement, member states tending to deviate on the interpretation of personal data rules, the growing number of legislative reporting and notification requirements, and finally, excessive dependencies on third countries raising questions on the EU's economic security.
Against this backdrop, the Commission is thinking of drafting the upcoming strategy around three axes. The first axis aims to stimulate investments in data technologies, which could include measures to improve data access for start-ups and facilitate voluntary data sharing, perhaps by expanding the Data Governance Act.
The second intends to simplify existing rules and develop data tools to reduce the existing burden. Adjustments are still under evaluation, including looking at effective governance mechanisms. The Commission does not exclude deploying digital infrastructures to enable automatic compliance with reporting obligations.
The third axis seeks to develop an International Data Strategy with actions to safeguard the export of EU data and to stimulate data imported into the EU, looking at a holistic approach across internal data and the EU's digital trade policy. Could this mean a fresh look at the EU's digital chapter language in trade agreements, which many observers considered overly restrictive on data flows?
Recently published by the European Commission, the State of the Digital Decade 2025 report shows uneven progress against the 2030 targets set for Europe's digitalization. Within digital infrastructure, digital transformation of businesses, digital skills and digital public services categories, AI and data analytics take-up are two areas where most progress is still needed.
Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.
This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
