A non-paper pressing for data sharing provisions, interoperability requirements, and data access for the public sector in the European Commissions Data Act proposal was circulated by the Dutch government on Friday (30 September). The act is expected to be formally presented by the end of 2021.
The Hague considers it an urgent need to ensure that individuals and smaller companies have access to and can capitalise on their data, something they believe is currently limited to large entities.
“To utilise data to its full potential, all individuals and organisations participating in the data economy should be able to benefit from the use of data and trust that their rights and interests are protected,” the non-paper said.
The Dutch initiative comes at a crucial time for the Data Act, the next milestone of the European Data Strategy. The European Commission is finalising the proposal’s text, and it’s expected to be published in the fourth quarter of the year.
The Dutch document makes three key arguments.
For the Dutch authorities, the Data Act should redistribute the economic benefits of the data economy, which are currently distributed amongst a handful of companies. To do so, the legislative proposal should enable individuals and organisations to remain in control of their data.
“Due to existing deficiencies in the market, such as a lack of interoperability, individuals and organisations are often hesitant or unable to share their data,” according to the non-paper.
In the case of individuals, the Dutch government points to the right to data portability included in the GDPR. Since the EU privacy law does not stipulate technical specifications for interoperability requirements, customers are de facto denied this right through vendor lock-in and bundling services in packages.
For organisations, the non-paper noted that “the legal protection of ‘non-personal’ data is currently very fragmented and often indirect.”
This legal gap is commonly filled in by private contracts, which for lack of insight and control might lead especially SMEs and start-ups to asymmetrical access and usage rights.
“The Data Act should also contain further measures such as horizontal modalities, codified access and use rights or black-listed and grey-listed practices. The aim should be to set a broad standard for fairness of use so that the rights and interests of all parties are protected, and organisations can control and benefit from their co-generated data,” the text noted.
Interoperability and standardisation
Another point the Netherlands wants the Data Act to address is providing a framework for service portability between platforms. This would restrict the competition of data-driven markets when limited through vendor lock-in.
The non-paper continued, “There are few common principles or generally accepted standards that effectively facilitate data sharing on a large scale, whether within an industry or between industries.”
The non-paper said developing common standards is a highly complicated process that the market on its own fails to provide on a significant scale as it lacks the necessary coordination and incentives. To make things even more complex, data markets are divided into multiple sectors, each with different requirements and needs.
The Dutch government argued that the legislative proposal needs to be supported by a set of standards developed by the European Commission through the European Standardisation System to address the situation. Initial safeguards should be included to prevent potential theft of intellectual property or privacy breaches.
“Broad implementation of the standards should be ensured by linking standards and technical specifications to portability, usage and access rights where applicable,” the document said.
Access for the public sector
The last point of the document concerns Business-to-Government (B2G) data sharing, namely the sharing of privately-held data for legitimate public interests, such as the innovative delivery of public services or the improvement of policymaking.
The Hague noted that “the purpose and public interest should be clearly defined, and proportionality and accountability should be ensured to prevent misuse.”
B2G data sharing should also occur in compliance with data protection and intellectual property rights.
Personal data protection is singled out as a critical point “because anonymising data is becoming increasingly difficult.” Thus, the legal basis for sharing personal data with the public authorities will require alignment with privacy legislation.
[Edited by Alice Taylor]