Data sharing services must be ‘established in the EU,’ leaked regulation reveals

In the establishment of EU common data spaces as part of the bloc's forthcoming data strategy, providers of new data sharing services must both be established in the EU and should avoid 'conflicts of interest' in collecting new troves of data, a copy of the Commission's Data Governance Act obtained by EURACTIV, reveals.

The European Commission is due to present is Data Governance Act on November 11. [Shutterstock]

In the establishment of EU common data spaces as part of the bloc’s forthcoming data strategy, providers of new data sharing services must be established in the EU and should avoid ‘conflicts of interest’ in collecting new troves of data, a copy of the Commission’s Data Governance Act, obtained by EURACTIV, reveals.

As a means to facilitate greater sharing of non-personal data, the EU executive believes that data-sharing entities known as ‘data intermediaries’ should be set up as a means to act as a go-between for exchanges between data producers and acquirers.

However, such bodies will be subject to strict conditions as a means to ensure ‘trust’ in the new framework, a draft of the Data Governance Act states.

In this vein, data intermediaries must be able to prove that they will not use the data they acquire for any other self-interested purpose, and must also be based in the European Union.

“In this context data sharing service providers would have to ensure that they only act as intermediates in the transactions, and do not use the data the exchange they aim to facilitate for any other purpose,” the text states.

It adds that there should also be a ‘structural separation’  between the data-sharing service and any other services related to the data-sharing service provider so as to “avoid issues of conflict of interest.”

‘Requests from third countries’

In addition, under a list of more granular requirements for data sharing services, such organisations must be EU-based, the text states.

“In order to facilitate supervision of the compliance with the requirements laid out in this article and other relevant Union law, the provider of data sharing services shall be established within the Union or a country of the European Economic Area.”

By extension, the Commission wants there to be rules in place to ensure that ‘requests from third countries’ for access to non-personal data in the new sharing ecosystem, are refused.

“The provider of data sharing services shall have adequate safeguards in place including of a technical, organisational and legal nature, that prevent it from responding to requests from authorities of third countries with a view of obtaining access to non-personal data relating to companies established in the Union,” the draft states.

Such measures are believed to have been considered by the Commission as a means to assert its data sovereignty amid a global context where the EU is aiming to better engage in value-extraction practices from the use of its industrial data.

This week’s leaked draft, first reported by Politico, states that the establishment of data intermediaries can offer an “alternative to the current business model for Big Tech platforms,” and by extension, helping to create a “European model for data sharing” that fosters innovation and protects standards.

In February, the Commission unveiled its broader data strategy, which broadly attempted to exploit the “untapped potential” of vast troves of industrial data, allowing public and private actors “easy access” to huge reserves of information.

Proposals put forward earlier this year include the creation of nine common EU data spaces across sectors including heathcare, agriculture and energy, as well as the establishment of a Data Act in 2021, that could “foster business-to-government data sharing for the public interest”.

However, some are concerned that the EU’s efforts in this vein could be veering into the domain of data protectionism, whereby the EU attempts to wade off global competitors from obtaining data produced on the bloc.

In this spirit, the Commission would like to have greater control over the data it generates, concerned that global competitors could take advantage of such streams before the EU has had a chance to catch up.

The EU “missed the battle” on personal data at the height of the platform explosion, Internal Market Commissioner Thierry Breton admitted earlier this year, saying he would seek to redress the balance by ensuring the bloc makes the most of the industrial data it produces.

“We recognize that we missed the battle for personal data to the US,” said Breton. “The battle for industrial data starts now,” he said, adding Europe was in a good position to win that battle.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters