European data regulation faces the challenge of a harmonized application that will boost data sharing

Two of the European Union's most relevant data regulations will soon articulate the legal contours that will delineate the development of the data economy in the coming years. The Data Governance Act (DGA) has been fully applicable since September 24, 2023, while the wording of the Data Act (DA) was approved on November 27. 

They are not the only ones, as the legal framework already includes other important rules that regulate interconnected matters, thus revealing the proactive approach of the European Union in establishing rules of the game in line with the needs of European citizens and businesses. These guidelines provide the necessary legal security environment to achieve the ultimate goal of promoting a European Digital Single Market.  

 In the case of the DGA and the DA, the negotiations for their approval have shown that their objectives were shared by the stakeholders concerned. For both, data is a central element for digital transformation, and they share an interest in eliminating or reducing the barriers and obstacles to its sharing. They thus assume that data-driven innovation will bring enormous benefits to citizens and the economy. Therefore, creating legal frameworks that facilitate such processes is a common goal for companies, institutions and citizens. 

The contributions from the academic, business and associative worlds have been abundant and enriching, both for the drafting phase of the standards and for what will be their implementation and development in practice. One of the most reiterated questions is the concern about how the different standards of this 'digital regulatory package' will interact. Particularly important is the interaction with the General Data Protection Regulation, which is why DGA and DA have established general guidelines on the pre-eminence of said regulation in case of conflict. In this regard, the increase in regulation does not prevent specific situations from arising in practice around key concepts in the field of personal data, such as consent, purposes of processing, anonymization, or portability. 

Another of the issues highlighted has to do with the search for synergies between this regulation and current or future data business models. The recognized overall goal is to boost the development of data spaces and the data economy as a whole. This goal will be closer to the extent that the 'regulatory burden' does not reduce the incentives for companies to invest in collecting and managing data; that it does not weaken the competitive position of European companies (by adequately protecting trade secrets, intellectual property rights and confidentiality); and that there is an appropriate balance between general and business interests. 

The case of the Data Governance Act  

In the case of the DGA, the provisions related to data brokering services ––one of the central parts of the regulation–– occupied a significant part of the previous analyses carried out. For example, the question was raised as to what extent SMEs and start-ups could compete with large technology companies in the provision of these services; or whether, by requiring the structural separation required of data brokering service providers (through a separate legal entity), there could be problems related to other functionalities of the same companies.    

Along the same lines, the question arises as to whether a more decentralized data economy requires new intermediaries, or whether under the new legal formulation, they can successfully compete in data markets through alternative, non-vertically integrated business models. 

Considerations on the deployment of the Data Act  

With regard to the DA, the final wording of the regulation clarified its scope, the definition of concepts and the categorization of data, as suggested by the industry. The specific sectoral application to be developed subsequently will further define those concepts and interpretations that provide the desirable legal certainty.  

This legal certainty has also been argued in relation to trade secrets, intellectual property rights and confidentiality; an aspect that the Regulation seeks to address with safeguards aimed at preventing misuse and fraud. 

Other aspects that attracted attention were compensation for making data available; dispute resolution procedures; provisions on unfair contract terms (aimed at compensating for imbalances in bargaining power); making data available in case of exceptional need; and, finally, provisions on switching from one data processing service provider to another.  

 A positive starting point  

The starting point, in any case, is positive. The data economy in the European Union is taking hold on the basis of the European Data Strategy and the regulatory package that develops it. There are also practical examples of the potential of the industrial ecosystems that are being deployed around the Common European Data Spaces in sectors such as tourism, mobility and logistics, and agri-food, among others. In addition, initiatives that bring together public and private interests in this area are making significant progress in the deployment of technical and governance foundations, strengthening the competitive position of European companies, and achieving the ultimate goal of a single data market in the European Union. 

Click here for an extended version of this note.