gobierno del dato

The adoption of the Regulation (EU) of the European Parliament and of the Council of 13 December 2023 on harmonised rules for fair access to and use of data (Data Law) is an important step forward in the regulation of the European Union to facilitate data accessibility. This is an initiative already included in the European Data Strategy , the main aims of which are:

• Regulate the provision of data topublic entities in exceptional situations.
• Promote the development of interoperability criteria for data spaces, data processing services and smart contracts.
• And, from the perspective that interests us now, to promote the provision of the data generated by connected products and services, either to those who use them or to the third parties they indicate.

In this respect, in view of users' difficulties in accessing data, the Regulation seeks to facilitate their free choice of providers of repair and other services, as it has been found that in many areas manufacturers try to reserve their use on an exclusive basis. Among other issues, it is intended to promote the user's right to decide for what purposes and by whom the data may be used, without prejudice to the existence of a series of limitations and conditions that are provided for in the Regulation itself.

A major shift in regulatory focus

While the Open Data and Re-use of Public Sector Information Directive and the Data Governance Regulation focus on establishing rules and safeguards to promote access to data held by public bodies, the new regulation pays special attention to relations between private parties. In other words, it allows public bodies to demand data from certain private subjects under exceptional conditions and for reasons of public interest.

One of the main objectives of the Data Regulation is to encourage not only "the development of new and innovative connected products or related services and to stimulate innovation in the aftermarkets, but also to stimulate the development of entirely new services using the data inquestion, including those based on data from a variety of connected products or related services".

To this end, it has been considered essential to establish clear and precise obligations  for manufacturers of connected products, suppliers of connected products and related service providers to share the data generated with users.

What obligations are in place?

Prior to contracting the products and services, the owner of the data - i.e. the supplier of the product or service, which may also be the manufacturer -‑‑, shall provide the user with information on:

• The amount and conditions of the data that can be generated
• How this data can be accessed 
• How they can be suppressed

In this respect, the design of products and services is required to take appropriate measures to ensure that, by default, data are accessible, free of charge and directly, in particular in a structured, machine-readable format.

However, this right is subject to certain conditions and limitations in order to ensure that other legal interests and interests are not affected:

• The data subject may not make it difficult for the user to access his or her data, but may require the user to identify himself or herself, even if he or she is prohibited from keeping the information generated indefinitely.
• It may establish restrictions in the contract when, as a result of the user's access to the data, there is a risk to the functioning of the product that may affect the health or safetyof persons.
• Under no circumstances may you use the data obtained during the use of the product or the provision of the service to make them available to a third party, unless it is strictly essential for the fulfilment of the contract.
• It is also expressly forbidden to use the data to make enquiries about the user's circumstances and activity, such as, for example, the user's financial situation.

For his part, the user is also subject to a number of obligations specifically aimed at ensuring the good faith of his legal relationship with the holder:

• You are not allowed to use the data to compete with the latter, either directly or through a third party to whom you may provide it,
• You may not use access to them to make enquiries about the activity of the manufacturer of the product or, where applicable, of the data subject.
• In addition to these obligations, you have the right to share the data with a third party, who may only use it for the purposes for which you authorise them to do so. In particular, it may not create profiles unless this is necessary to provide the service, make them available to another party or develop a product that competes with the one from which the data originally originated.

In any case, the regulation establishes an important limitation to be taken into account by users, as micro and small enterprises are excluded from this regime. With one exception: they have been commissioned to develop the product or provide the service by a subject that falls within the scope of the Regulation.

what safeguards are in place to ensure the effectiveness of this regulation?

As is generally the case in any area, the user may bring the matter before a judicial body to enforce his or her rights. In addition, the new regulation establishes the possibility of approaching the designated authority at State level to ensure the application and enforcement of the provisions of the Regulation. If the problem concerns the processing of personal data, you may also exercise your rights before the competent authority in this area.

In this respect, the European Commission will have to make public a list of the relevant authorities on the basis of the information provided by the States. They may designate more than one authority, indicating which one has the coordinating role. These authorities shall have sufficient means: their members shall have the expertise required for the performance of their duties and their impartiality shall be guaranteed, so that they may not receive instructions from other entities.

Apart from this channel, the data subject and the user - or, where appropriate, the third party to whom the user permits the use of the data - may voluntarily agree to submit to a certified dispute resolution body, whose decision must be taken within a maximum of 90 days. Such a body shall be accredited to the State where it is established. To this end, he or she must justify his or her impartiality, capacity and independence. It must also demonstrate that it has adequate procedural rules and that it is easily accessible by electronic means.

In short, the new Data Law has not only established a regulatory framework that reinforces users' access to the data generated by the connected products they acquire and the related services they enjoy, but it has also enshrined a series of guarantees specifically aimed at ensuring effective compliance.

Download the infographic in PDF here

This infographic is also available in two pages

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). The contents and points of view reflected in this publication are the sole responsibility of its author.

The awards ceremony for the seventh edition of the Castilla y León open data competition was held on Monday 12 February seventh edition of the Castilla y León open data competition, which aims to recognise and value the good use of open dataas well as promoting and encouraging its use and exploitation.

The competition, which has been running since 2016, aims to to raise interest in open data and the and the multiple economic possibilities associated with it. In this way, the initiative, organised by the Regional Ministry of the Presidency of the Junta de Castilla y Leónthe initiative, organised by the Regional Ministry of the Presidency of Castile and Leon, recognises projects that generate ideas, studies, services, websites or mobile applications. As has been the case in previous editions, the common denominator of the entries in this competition is the use of datasets from the Open Data Portal of the Junta de Castilla y León.

Thirty-two entries were submitted in this call, of which eight were awarded in one of the four categories eight of them have been awarded in one of the four categories: Ideas, Products and Services, Didactic Resource and Data Journalism.

Eight award-winning projects in this edition of the competition

The winners in the different categories, chosen from the 32 entries submitted, were:

Category Ideas:

• First prize of 1500 €: Health supply in Castilla y León / Dashboard - Author: Almudena María Moreno Maderuelo.
  
  • Scorecard related to public health in Castilla y León, based on open data.
• Second prize of 500 €: "Geographical names and their oral transmission" - Author: Guillermo Herrero Gacimartín.
  
  • An idea to take advantage of open data to promote the conservation and dissemination of the wealth of geographical names and histories of the peoples of our autonomous community.

Category Products and Services:

• First prize of 2500 €: EnergyCyl. Boosting energy efficiency through energy analysis in Castilla y León  - Author: David Aparicio Sanz.
  
  • Web application that compiles, analyses and provides detailed information on the energy sector in the autonomous community of Castilla y León.
• Second prize 1500 €: Active Territories Project.Webmapping for the characterisation and sustainable promotion of innovative initiatives in the rural environment of Castilla y León - Authors: Víctor Pérez Eguíluz, María A. Castrillo Romón, Elvira Khairulina, José Luis Lalana Soto and Enrique Rodrigo González.
  
  • Website of the "Territorios Activos" project to study innovation in the context of rural environments in the autonomous community of Castilla y León.
• Third prize 500 €: Anomalous pattern monitoring for operational optimisation of logistics infrastructures - Author: Unai Beristain.
  
  • Open data and IoT solution for logistics management and early detection of anomalous patterns in logistics infrastructures. 3D web map based on open data.
• Student prizes of €1500: Offers for young people in Castilla y León - Authors: Ismael Martín Moakil, Alberto Herrero Jiménez, Oscar Antona Gutierrez, Daniel Herranz Herranz, Alberto Aguilar García, Joel Garrido Hernández, Rafael Martín Domínguez and Alonso Gallego. IES Alonso de Madrigal (Ávila).
  
  • App for Android that allows you to find out about discounts and promotions for young people with the Carnet Joven de Castilla y León (Youth Card of Castilla y León)

Didactic Resource Category:

• First prize: 1500 €: CHEST: an application to support the creation and reuse of ubiquitous educational experiences related to cultural heritage around the world - Authors: Pablo García Zarza, Guillermo Vega Gorgojo, Miguel L. Bote Lorenzo, Juan I. Asensio Pérez, Eduardo Gómez Sánchez and Yannis Dimitriadis.
  
  • Application to support teachers in the design and implementation of ubiquitous learning when teaching subjects related to cultural heritage.

Data Journalism Category:

• First prize of 1500 €: what is life like without a bar? How the villages manage to play the game - Authors: Ana Isabel Ruíz Espinar, Marta Ley and Guillermo Cid.
  
  • Journalistic article that analyses how the existence of hotel and catering establishments affects the municipalities of Castilla y León.

The Junta de Castilla y León has published a list of all the projects that entered the competition, available on its website: https://datosabiertos.jcyl.es/web/es/concurso-datos-abiertos/proyectos-presentados.html

During the awards ceremony, the Minister of the Presidency of the Junta de Castilla y León, Luis Miguel González Gago, insisted on the premise of continuing to improve the presentation and accessibility of open data accessibility of open data. In this sense, the aim is to improve the visualisation of the data presented by all the departments of the Junta de Castilla y León, which in a homogeneous and coordinated way will use the same presentation schemes so that they can be easily located, understood and interpreted easily located, understood and interpreted by citizens by citizens. A commitment to interoperability.

The Spanish Federation of Municipalities and Provinces (FEMP) approved at the end of 2023 two model ordinances that address progress in two key areas: transparency and data governance. Both documents will not only improve the quality of processes, but also facilitate access, management and re-use of data. In this post, we will analyse the second ordinance drafted within the FEMP's Network of Entities for Transparency and Citizen Participation in its quest to define common reference models. In particular, the ordinance on data governance.

The usefulness and good work of the Model Ordinance on Data Governance in Local Entities has been highlighted by the Multisectoral Association of Information (ASEDIE), which awarded it the prize in the category 'Promoting data literacy' at its 15th ASEDIE International Conference.

Under this premise, the document addresses all elements related to the collection, management and exploitation of data in order to approach them as a commongood, i.e. ensuring their openness, accessibility and re-use. This is a relevant objective for local administrations, as it enables them to improve their functioning, service delivery and decision-making. Data governance is the framework that guides and guarantees this process and this ordinance proposes a flexible regulatory framework that different administrations can adapt according to their specific needs.

What is data governance?

 Data Governance comprehensively addresses all aspects related to the collection, management and exploitation of data, as well as its openness and re-use by society as a whole on an equal basis. Itcan therefore bedefined as an organisational function responsible for being accountable for the effective, efficient and acceptable use of databy the organisation, which is necessary to deliver the business strategy. This is described in the specifications UNE 0077:2023 on Data Governance and UNE 78:2023 on Data Management, which include standardised processes to guide organisations in the establishment of approved and validated mechanisms that provide organisational support to aspects related to the opening and publication of data, for subsequent use by citizens and other institutions.

How was the FEMP Data Governance Ordinance developed?

In order to develop the Model Ordinance on Data Governance in the Local Entity, a multidisciplinary working group was set up in 2022, which included workers from the Public Administrations, private companies, representatives of the infomediary sector, the Data Office, universities, etc. This team set out two main objectives that would mark the content of the document:

• Develop guidelines for municipalities and other public authorities defining the strategy to be followed in order to implement an open data project.
• Create a reference model of datasets common to all public administrations to facilitate the re-use of information.

With these two challenges in mind, in early 2023 the FEMP working group started to establish aspects, structure, contents and work plan. During the following months, work was carried out to draft, elaborate and reach consensus on a single draft.

In addition, a participatory process was organised on the Idea Zaragoza platform to nurture the document with contributions from experts from all over the country and FEMP partners.

The result of all the work was based on the Open Data Charter (ODC), the recommendations issued by the Spanish Government's Data Office and the existing European and national regulations on this matter.

New features and structure of the Data Governance Ordinance

The FEMP's Model Ordinance on Data Governance is in line with the context in which it has been presented, i.e. it recognises relevant aspects of the current moment we are living in. One of the document's salient features is the premise of guaranteeing and enhancing the rights of both natural and legal persons and respecting the General Data Protection Regulation. The regulation places particular emphasis on the proportionality of anonymisation to ensure the privacy of individuals.

Another novel aspect of the standard is that it brings the vision of high-value data defined by the European Commission from the perspective of local government. In addition, the Model Ordinance recognises a single regime for access and re-use of public information, in accordance with Law 19/2013 of 9 December on transparency, access to public information and good governance, and Law 37/2007 on the re-use of public sector information.

Beyond ensuring the legal and regulatory framework, the FEMP Ordinance also addresses the data associated with artificial intelligence, a cutting-edge technological synergy that every day offers great innovative solutions. For an artificial intelligence to function properly, it is necessary to have quality data to help train it. In relation to this point, the ordinance defines quality requirements (Article 18) and metrics for their assessment that are adapted to each specific context and address issues such as accuracy, portability or confidentiality, among others.  The document establishes guarantees that the use of the data will be carried out in a way that respects the rights of individuals.

All these new aspects are part of the FEMP's Model Ordinance on Data Governance for Local Entities, which is organised in the following structure:

1. General provisions: This first section presents data as the main digital asset of Public Administrations as a strategic asset, and the object, principles and right of citizenship.
2. Planning, organisation and tools for data governance: Here the organisation and competencies for data governance are defined. In addition, the importance of maintaining an inventory of datasets and information sources is stressed (Article 9).
3. The data: This chapter recognises the publication requirements and security standards, the importance of the use of reference vocabularies, and the categories of datasets whose openness should be prioritised, namely the 80 typologies referred to by FEMP as most relevant.
4. Life cycle: This section highlights, on the one hand, the collection, opening, storage and use of data; and, on the other hand, the limits, deletion and destruction of data when these actions are required.  when these actions are required.
5. Access, publication and re-use: The fifth chapter deals with issues related to the exploitation of data such as the use of specific licences, exclusive rights, payment for re-use or prior request for access to certain datasets.
6. Liability and guarantees: The last point describes the sanctioning and disciplinary regime and the civil and criminal liabilities of the re-user.

In short, the publication of the Ordinance on Data Governance in Local Entities provides local administrations with a flexible regulation and defines administrative structures that seek to improve management, reuse and the promotion of a data-driven society.

You can access the full document here: Standard Ordinance on Data Governance in the Local Entity

Navarra has been the chosen venue to bring together, for the first time, representatives of the Data Offices of the autonomous communities around the centrality of data in public management. The meeting, promoted by the Secretary of State for Digitalization and Artificial Intelligence (SEDIA) and the Government of Navarra, was aimed at sharing the advances in the world of data at the regional level, as well as the assumption of commitments to lay the foundations for a digital future linked to data and its transformative power.  

Focus on the transformative power of data  

The Councilor for University, Innovation and Digital Transformation of the Government of Navarra, Juan Cruz Cigudosa García, was in charge of opening the conference, emphasizing the need to strengthen the response to social challenges and stimulate innovation and economic development through data, highlighting the unavoidable commitment to innovation through the use of disruptive technologies such as Artificial Intelligence, always under an ethical prism and respect for European values and principles. In this last line of action, the launching of an Ethics Committee for the Navarra Data Office was announced. This committee, framed in the Digital Spain Strategy and the Navarra Digital Strategy 2030, is aligned with the active policies and the national and international leadership of SEDIA, reflected in its charter of digital rights.   

Next, the Chief Data Officer of the Government of Spain, Alberto Palomo, highlighted the strategy that had been designed at European level in relation to data and its sovereign management. He also pointed out the transformative power of data, a key element in the digital transformation and in the entry of technologies such as artificial intelligence. He also reported on the recent statement published as a result of the current Spanish Presidency of the Council of the European Union, which was signed at the beginning of November during the Gaia-X Summit meeting under the name "The Trinity of Trusted Cloud, Data and AI as Gateway to EU's competitiveness". This document is a declaration that shows the commitment of the participants in this meeting to boost data spaces in Europe through strategic autonomy in the cloud, data and artificial intelligence. It agrees, among other points, to expand and improve coordination in the development of European cloud and data initiatives, advocating interoperability as a backbone element and advocating the development of Artificial Intelligence based on high quality data and with solid governance. It also highlights the need to homogenize data sources to better model relationships, optimize processes and innovate and create new business models.   

The day continued as a communication forum, in which, as an example, direct experiences of the participants could be shared, thus creating a space for reflection and dialogue. The day was structured through three thematic blocks, about the who, the how and the what for, with each block being contextualized, before the specific presentations, by SEDIA's Data Office and grounded in practice by the Government of Navarra. 

1. The first thematic block was "The data ecosystem: who". It addressed some of the strategies around data from the Generalitat de Catalunya and from the Basque Government.  

2. This was followed by presentations in a second block entitled "Governance model, ethics and culture: how". The governments of Aragon, Andalusia, the Canary Islands, Valencia and the Spanish Federation of Municipalities and Provinces made presentations of their success stories in this area.  

3. In a final block entitled "Citizen service, innovation and data spaces: what for", presentations were given by Andalusia, the National Institute of Statistics, Castilla-la Mancha and the General Secretariat of Digital Administration, and Red.es, the latter presenting the services offered to the autonomous communities from the datos.gob.es platform. 

Seven key principles to drive the data economy forward  

 The meeting culminated with the presentation of seven principles to advance the joint formulation of strategies and policies related to data management and the digital future. These are:  

• Establish effective data governance by setting policies, standards and procedures for the effective management, exploitation and sharing of data, while implementing controls and evaluations to ensure compliance.  

• Perform an ethical treatment of data, assessing the lawfulness and legitimacy of all data practices, seeking to minimize any adverse impact on individuals and society. 

• Prioritize reliable administrative processing centered on data, prioritizing the transition from document to data, capable of enabling and catalyzing the use of advanced technologies and tools for descriptive, predictive and prescriptive analytics (BI, big data, machine learning, deep learning), generative algorithms (LLM, GPT) and process automation (RPA).  

• Deployment of sovereign data sharing as a resource whose value increases with its dissemination, establishing who can access what data and under what conditions of use, security and trust.  

• Encourage the open dissemination of information, promoting its effective reuse and publication in accordance with FAIR principles, i.e., ensuring that data is findable, accessible, interoperable and reusable.  

• Designing and analyzing public policies based on evidence, in order to make informed decisions that lead to effective services and public innovation.   

• Fostering data culture, promoting the creation of new profiles, positions and responsibilities related to working with data, without neglecting the training and transmission of knowledge around data. 

The success of the participation, the interventions and reflections raised show the consensus on advancing towards the achievement of a data-oriented Administration, capable of taking advantage, through the use of innovative technological means, of the potential of data, enabling the design, implementation and evaluation of public policies focused on the citizen, generating a data-oriented, sustainable, inclusive and social value-generating economy.   

The Forum has thus become a meeting point and a place to generate synergies between the different public administrations. Interoperability between the various public sector agencies and between the different levels of government in the processing and exchange of information boosts territorial cohesion and enables the effective use of available technologies in the quest to satisfy the common good.

Since 24 September last year, the Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022, on European Data Governance (Data Governance Regulation) has been applicable throughout the European Union. Since it is a Regulation, its provisions are directly effective without the need for transposing State legislation, as is the case with directives. However, with regard to the application of its regulation to Public Administrations, the Spanish legislator has considered it appropriate to make some amendments to the Law 37/2007, of 16 November 2007, on the re-use of public sector information. Specifically:

• A specific sanctioning regime has been incorporated within the scope of the General State Administration for cases of non-compliance with its provisions by re-users, as will be explained in detail below;
• Specific criteria have been established on the calculation of the fees that may be charged by public administrations and public sector entities that are not of an industrial or commercial nature;
• And finally, some singularities have been established in relation to the administrative procedure for requesting re-use, in particular a maximum period of two months is established for notifying the corresponding resolution -which may be extended to a maximum of thirty days due to the length or complexity of the request-, after which the request will be deemed to have been rejected.

What is the scope of this new regulation?

As is the case with the Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the reuse of public sector informationthis Regulation applies to data generated in the course of the "public service remit" in order to facilitate its re-use. However, the former did not contemplate the re-use of those data protected by the concurrence of certain legal assets, such as confidentiality, trade secrets, the intellectual property or, singularly, the protection of personal data.

You can see a summary of the regulations in this infographic.

Indeed, one of the main objectives of the Regulation is to facilitate the re-use of this type of data held by administrations and other public sector entities for research, innovation and statistical purposes, by providing for enhanced safeguards for this purpose. It is therefore a matter of establishing the legal conditions that allow access to the data and their further use without affecting other rights and legal interests of third parties. Consequently, the Regulation does not establish new obligations for public bodies to allow access to and re-use of information, which remains a competence reserved for Member States. It simply incorporates a number of novel mechanisms aimed at making access to information compatible, as far as possible, with respect for the confidentiality requirements mentioned above. In fact, it is expressly warned that, in the event of a conflict with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the latter shall in any case prevail (GDPR), the latter shall in any case prevail.

Apart from the regulation referring to the public sector, to which we will refer below, the Regulation incorporates specific provisions for certain types of services which, although they could also be provided by public entities in some cases, will normally be assumed by private entities. Specifically, intermediation services and the altruistic transfer of data are regulated, establishing a specific legal regime for both cases. The Ministry of Economic Affairs and Digital Transformation will be in charge of overseeing this process in Spain

As regards, in particular, the impact of the Regulation on the public sector, its provisions do not apply to public undertakings , i.e. those in which there is a dominant influence of a public sector body, to broadcasting activities and, inter alia, to cultural and educational establishments. Nor to data which, although generated in the performance of a public service mission, are protected for reasons of public security, defence or national security.

Under what conditions can information be re-used?

In general, the conditions under which re-use is authorised must preserve the protected nature of the information. For this reason, as a general rule, access will be to data that are anonymised or, where appropriate, aggregated, modified or subject to prior processing to meet this requirement. In this respect, public bodies are authorised to charge fees which, among other criteria, are to be calculated on the basis of the costs necessary for the anonymisation of personal data or the adaptation of data subject to confidentiality.

It is also expressly foreseen that access and re-use take place in a secure environment controlled by the public body itself, be it a physical or virtual environment.  In this way, direct supervision can be carried out, which could consist not only in verifying the activity of the re-user, but also in prohibiting the results of processing operations that jeopardise the rights and interests of third parties whose integrity must be guaranteed. Precisely, the cost for the maintenance of these spaces is included among the criteria that can be taken into account when calculating the corresponding fee that can be charged by the public body.

In the case of personal data, the Regulation does not add a new legal basis to legitimise the re-use of personal data other than those already established by the general rules on re-use. Public bodies are therefore encouraged to provide assistance to re-usersin such cases to help them obtain permission from stakeholders. However, this is a support measure that can in no way place disproportionate burdens on the agencies. In this respect, the possibility to re-use pseudonymised data should be covered by some of the cases provided for in the GDPR. Furthermore, as an additional guarantee, the purpose for which the data are intended to be re-used must be compatible with the purpose for which the data were originally intended justified the processing of the data by the public body in the exercise of its main activity, and appropriate safeguards must be adopted.

A practical example of great interest concerns the re-use of health data for biomedical research purposes reuse of health data for biomedical research purposes, which the Spanish legislator which has been established by the Spanish legislator under the provisions of the latter precept. Specifically, the 17th additional provision of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rightsallows the reuse of pseudonymised data in this area when certain specific guarantees are established, which could be reinforced with the use of the aforementioned secure environments in the case of the use of particularly incisive technologies, such as artificial intelligence. This is without prejudice to compliance with other obligations which must be taken into account depending on the conditions of the data processing, in particular the carrying out of impact assessments.

What instruments are foreseen to ensure effective implementation?

From an organisational perspective, States need to ensure thatinformation is easily accessible through a single point. In the case of Spain, this point is available through the platform enabled through the platform datos.gob.esplatform, although there may also be other access points for specific sectors and different territorial levels, in which case they must be linked. Re-users may contact this point in order to make enquiries and requests, which shall be forwarded to thethese will be forwarded to the competent body or entity for processing and response.

The following must also be designated and notified to the notify to the European Commission one or more specialised entities with the appropriate technical and human resources, which could be some of the existing ones, that perform the function of assisting public bodies in granting or refusing re-use. However, if foreseen by European or national regulations, these bodies could assume decision-making functions and not only mere assistance. In any case, it is foreseen that the administrations and, where appropriate, the entities of the institutional public sector, according to the ‑‑according to the terminology of article 2 of Law 27/2007‑‑who make this designation and communicate it to the Ministry of Economic Affairs and Digital Transformationwhich, for its part, will be responsible for the corresponding notification at European level.

Finally, as indicated at the beginning, the following have been classified as specific infringements for the scope of the General Administration of the State certain conducts of re-users which are punishable by fines ranging from 10,001 to 100,000 euros. Specifically, it concerns conduct that, either deliberately or negligently, involves a breach of the main guarantees provided for in European legislation: in particular, failure to comply with the conditions for access to data or to secure areas, re-identification or failure to report security problems.

In short, as pointed out in the European Data Strategyif the European Union wants to play a leading role in the data economy , it is essential, among other measures, to improve governance structures and increase repositories of quality data , which are often affected by significant legal obstacles. With the Data Governance Regulation an important step has been taken at the regulatory level, but it now remains to be seen whether public bodies are able to take a proactive stance to facilitate the implementation of its measures, which ultimately imply important challenges in the digital transformation of their document management.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the "Innovation, Law and Technology" Research Group (iDerTec).

The contents and points of view reflected in this publication are the sole responsibility of the author.

In the first part of this article, the concept of data strategy was introduced as the organisation's effort to put the necessary data at the service of its business strategy. In this second part, we will explore some aspects related to the materialisation of such a strategy as part of the design or maintenance - if it already exists - of a data governance system.

For the materialisation of the data strategy, a development environment will have to be addressed, as described in a founding act that includes some aspects such as the identification of the main people responsible for the implementation, the expected results, the available resources and the timeframe established to achieve the objectives. In addition, it will contain a portfolio of data governance programmes including individual projects or specific related projects to address the achievement of the strategic objectives of the data.

It is important to mention that the implementation of a data strategy has an impact on the development and maintenance of the different components of a data governance system:

• Manager
• Organisational structures
• Principles, policies and frameworks
• For Information
• Culture, ethics and behaviour
• People, skills and competences
• Services, infrastructures and applications.

In this sense, it can be said that each of the projects included in the data government's programme aims to contribute to developing or maintaining one or more of these components.

It should be noted that the final design of this data governance system is achieved in an iterative and incremental manner over time, depending on the constraints and possibilities of the organisation and its current operating context. Consequently, the prioritisation, selection and sequencing of projects within the data governance programme to implement the strategic objectives of data also has an iterative and incremental nature[1].

The three biggest data risks commonly encountered in organisations are:

• Not knowing who has to take responsibility for implementing the data strategy,
• Not having adequate knowledge of data in quantity and quality, and
• Failure to exercise adequate control over the data, e.g. by at least complying with current legislation.

Therefore, as far as possible, projects should be approached in the following way:

• Firstly, to address those projects related to the identification, selection or maintenance of organisational structures ("strategic alignment" type objective), also known as governance framework.
• Next, undertake projects related to the knowledge of the business processes and the data used (a "strategic alignment" type objective aimed at the description of data through the corresponding metadata, including data lifecycle metadata).
• And finally, proceed to the definition of policies and derived controls for different policy areas (which may be of the "strategic alignment", "risk optimisation" or "value for money" type). 

The artefact-based approach and the process approach

In approaching the definition of these data governance programmes, some organisations with a project understanding more oriented to the generation and deployment of technological products follow an artefact-based approach. That is, they approach the projects that are part of the data governance programme as the achievement of certain artefacts. Thus, it is possible to find organisations whose first concern when implementing data governance is to acquire and install a specific tool that supports, for example, a glossary of terms, a data dictionary, or a data lake. Moreover, as for various reasons some companies do not adequately differentiate between data governance and data management, this approach is often sufficient. However, the artefact approach introduces the risk of "the tool without the instruction manual the artefact approach introduces the risk of "the tool without the instruction manual": the tool is purchased - probably after a proof of concept by the vendor - and deployed according to the needs of the organisation, but what it is used for and when it is used is unknown, leaving the artefact often as an isolated resource. This, unless the organisation promotes a profound change, may end up being a waste of resources in the long run as the use of the artefacts generated is abandoned.

A better alternative, as has been widely demonstrated in the software development sector, is the execution of the data governance programme with a process approach. This process approach allows not only to develop the necessary artefacts, but also to model the way the organisation works with respect to some area of performance, and contextualises the rationale and use of the artefacts within the process, specifying who should use the artefact, for what, when, what should be obtained by using the artefact, etc.

This process approach is an ideal instrument to capture and model the knowledge that the organisation already has regarding the tasks covered by the process, and to make this knowledge the reference for new operations to be carried out in the future. In addition, the definition of the process also allows for the particularisation of chains of responsibility and accountability and the establishment of communication plans, so that each worker knows what to do, what artefacts to use, who to ask for or receive resources from to carry out their work, who to communicate their results to, or who to escalate potential problems to.

This way of working provides some advantages, such as predictable behaviour of the organisation with respect to the process; the possibility to use these processes as building blocks for the execution of data projects; the option to easily replace a human resource; or the possibility to efficiently measure the performance of a process. But undoubtedly, one of the greatest advantages of this process approach is that it allows organisations to adopt the good practices contained in any of the process reference models for data governance, data management and quality management that exist in the current panorama, such as the UNE 0077 specifications (for data governance), UNE 0078 (for data management) and UNE 0079 (for data quality management).

This adoption enables the possibility of using frameworks for process assessment and improvement, such as the one described in UNE 0080, which includes the Alarcos Data Maturity Model, in which the concept of organisational maturity of data governance, data management and data quality management is introduced as an indicator of the organisation's potential to face the achievement of strategic objectives with certain guarantees of success. In fact, it is common for many organisations adopting the process approach to pre-include specific data objectives ("strategic alignment" type objectives) aimed at preparing the organisation - by increasing the level of maturity - to better support the execution of the data governance programme. These "preparatory" objectives are mainly manifested in the implementation of data governance, data management and data quality management processes to close the gap between the current initial state of maturity (AS_IS) and the required final state of maturity of the organisation (TO_BE).

If the process approach is chosen, the different projects contained in the data programme will generate controlled and targeted increments in each of the components of the data governance system, which will enable the transformation of the organisation to meet the organisation's strategic business objectives.

Ultimately, the implementation of a data strategy manifests itself in the development or maintenance of a data governance system, which ensures that the organisation's data is put at the service of strategic business objectives. The instrument to achieve this objective is the data governance programme, which should ideally be implemented through a process approach in order to benefit from all the advantages it brings.

More and more organisations are deciding to govern their data to ensure that it is relevant, adequate and sufficient for its intended uses, i.e. that it has a certain organisational value.

Although the scenarios are often very diverse, a close look at needs and intentions reveals that many of these organisations had already started to govern their data some time ago but did not know it. Perhaps the only thing they are doing as a result of this decision is to state it explicitly. This is often the case when they become aware of the need to contextualise and justify such initiatives, for example, to address a particular organisational change - such as a long-awaited digital transformation - or to address a particular technological challenge such as the implementation of a data lake to better support data analytics projects.

A business strategy may be to reduce the costs required to produce a certain product, to define new lines of business, to better understand customer behaviour patterns, or to develop policies that address specific societal problems. To implement a business strategy you need data, but not just any data, but data that is relevant and useful for the objectives included in the business strategy. In other words, data that can be used as a basis for contributing to the achievement of these objectives. Therefore, it can be said that when an organisation recognises that it needs to govern its data, it is really expressing its need to put certain data at the service of the business strategy. And this is the real mission of data governance.

Having the right data for the business strategy requires a data strategy. It is a necessary condition that the data strategy is derived from and aligned with a business strategy. For this reason, it is possible to affirm that the projects that are being developed (especially those that seek to develop some technological artefact), or those that are to be developed in the organisation, need a justification determined by a data strategy[1] and, therefore, will be part of data governance.

Strategic objectives of the data

A data strategy is composed of a set of strategic data objectives, which may be one or a necessary combination of the following four generic types:

• Benefits realisation: ensuring that all data producers have the appropriate mechanisms in place to produce the data sources that support the business strategy, and that data consumers have the necessary data to be able to perform the tasks required to achieve the strategic objectives of the business. Examples of such objectives could be:
  
  • the definition of the organisation's reporting processes;
  • the identification of the most relevant data architecture to service all data needs in a timely manner;
  • the creation of data service layers;
  • the acquisition of data from third party sources to meet certain data demands; or
  • the implementation of information technologies supporting data provisioning and consumption
• Strategic alignment: the objective is to align the data with basic principles or behavioural guidelines that the organisation has defined, should have defined, or will define as part of the strategy. This alignment seeks to homogenise the way of working with the organisation's data. Examples of this type of objective include:
  
  • establish organisational structures to support chains of responsibility and accountability;
  • homogenise, reconcile and unify the description of data in different types of metadata repositories;
  • define and implement the organisation's best practices with respect to data governance, data management and data quality management[2];
  • readapt or enrich (what in DAMA terminology is known as operationalising data governance) the organisation's data procedures in order to align them with the good practices implemented by the organisation in the different processes;
  • or define data policies in any of the areas of data management[3] and ensure compliance with them, including security, master data management, historical data management, etc.
• Resource optimisation: this consists of establishing guidelines to ensure that the generation, use and exploitation of data makes the most appropriate and efficient use of the organisation's resources. Examples of such targets could include:
  
  • the decrease of data storage and processing costs to much more efficient and effective storage systems, such as migrations of data storage and processing layers to the cloud[4];
  • improving response times of certain applications by removing historical data; improving data quality;
  • improving the skills and knowledge of the different actors involved in the exploitation and use of data;
  • the redesign of business plans to make them more efficient; or
  • the redefinition of roles to simplify the allocation and delegation of responsibilities.
• Risk optimisation: the fundamental objective is to analyse the possible risks related to data that may undermine the achievement of the different business objectives of the organisation, or even jeopardise its viability as an entity, and to develop the appropriate data processing mechanisms. Some examples of this type of target would be:
  
  • the definition or implementation of security and data protection mechanisms;
  • the establishment of the necessary ethical parameters; or
  • securing sufficiently qualified human resources to cope with functional turnover.

A close reading of the proposed examples might lead one to think that some of these strategic data objectives could be understood as being of different types simultaneously. For example, ensuring the quality of data to be used in certain business processes may seek, in some way, to ensure that the data is not only used ('benefit realisation' and 'risk optimisation'), but also helps to ensure that the organisation has a serious and responsible brand image with data ('strategic alignment') that avoids having to perform frequent data cleansing actions, with the consequent waste of resources ('value for money' and 'risk optimisation').

Typically, the process of selecting one or more strategic data objectives should not only take into account the context of the organisation and the scope of these objectives in functional, geographic or dataterms, but also consider the dependency between the objectives and the way in which they should be sequenced. It may be common for the same strategic objective to cover data used in different departments or even to apply to different data. For example, the strategic objective of the types "benefit realisation" and "risk optimisation", called "ensuring the level of access to personal data repositories", would cover personal data that can be used in the commercial and operational departments.

Taking into account typical data governance responsibilities (evaluate, manage, monitor), the use of the SMART (specific, measurable, achievable, realistic, time-bound) technique is recommended for the selection of strategic objectives. Thus, these strategic objectives should:

• be specific,
• the level of achievement can be measured and monitored,
• that are achievable and realistic within the context of the strategy and the company, and finally,
• that their achievement is limited in time.

Once the strategic data objectives have been identified, and the backing and financial support of the organisation's management is in place, their implementation must be addressed, taking into account the dimensions discussed above (context, functional aspects and dependencies between objectives), by defining a specific data governance programme. It is interesting to note that behind the concept of "programme" is the idea of "a set of interrelated projects contributing to a specific objective".

In short, a data strategy is the way in which an organisation puts the necessary data at the service of the organisation's business strategy. This data strategy is composed of a series of strategic objectives that can be of one of the four types outlined above or a combination of them. Finally, the implementation of this data strategy will be done through the design and execution of a data governance programme, aspects that we will address in a future post.

______________________________________________

The main motivation of this first article - of a series of three - is to explain how to use the UNE 0077 data governance specification (see Figure 1) to establish approved and validated mechanisms that provide organizational support for aspects related to data openness and publication for subsequent use by citizens and other organizations.

To understand the need and utility of data governance, it must be noted that, as a premise, every organization should start with an organizational strategy. To better illustrate the article, consider the example of the municipality of an imaginary town called Vistabella. Suppose the organizational strategy of the Vistabella City Council is to maximize the transparency and quality of public services by reusing public service information.

Fig. 1. Specification processes UNE 0077, 0078 and 0079

To support this organizational strategy, the Vistabella City Council needs a data strategy, the main objective of which is to promote the publication of open data on the respective open data portals and encourage their reuse to provide quality data to its residents transparently and responsibly. The Mayor of the Vistabella City Council must launch a data governance program to achieve this main objective. For this purpose, a working group composed of specialized data experts from the City Council is assigned to tackle this program. This group of experts is given the necessary authority, a budget, and a set of responsibilities.

When starting, these experts decide to follow the process approach proposed in UNE 0077, as it provides them with a suitable guide to carry out the necessary data governance actions, identifying the expected process outcomes for each of the processes and how these can be materialized into specific artifacts or work products.

This article explains how the experts have used the processes in the UNE 0077 specification to achieve their goal. Out of the five processes detailed in the specification, we will focus, by way of example, on only three of them: the one describing how to establish the data strategy, the one describing how to establish policies and best practices, and the one describing how to establish organizational structures.

Before we begin, it is important to remember the structure of the process descriptions in the different UNE specifications (UNE 0077, UNE 0078, and UNE 0079). All processes are described with a purpose, a list of expected process outcomes (i.e., what is expected to be achieved when the process is executed), a set of tasks that can be followed, and a set of artifacts or work products that are the manifestation of the process outcomes.

"Data Strategy Establishment Process"

The team of experts from the Vistabella City Council decided to follow each of the tasks proposed in UNE 0077 for this process. Below are some aspects of the execution of these tasks:

T1. Evaluate the capabilities, performance, and maturity of the City Council for the publication of open data. To do this, the working group gathered all possible information about the skills, competencies, and experiences in publishing open data that the Vistabella City Council already had. They also collected information about the downloads that have been made so far of published data, as well as a description of the data itself and the different formats in which it has been published. They also analyzed the City Council's environment to understand how open data is handled. The work product generated was an Evaluation Report on the organization's data capabilities, performance, and maturity.

T2. Develop and communicate the data strategy. Given its importance, to develop the data strategy, the working group used the Plan to promote the opening and reuse of open data as a reference to shape the data strategy stated earlier, which is to "promote the publication of open data on the respective open data portals and encourage their reuse to provide quality data to its residents transparently and responsibly." Additionally, it is important to note that data openness projects will be designed to eventually become part of the structural services of the Vistabella City Council. The work products generated will be the adapted Data Strategy itself and a specific communication plan for this strategy.

T3. Identify which data should be governed according to the data strategy. The Vistabella City Council has decided to publish more data about urban public transport and cultural events in the municipality, so these are the data that should be governed. This would include data of different types: statistical data, geospatial data, and some financial data. To do this, they propose using the Plan to promote the opening and reuse of open data again. The work product will be a list of the data that should be governed, and in this case, also published on the platform. Later on, the experts will be asked to reach an agreement on the meaning of the data and choose the most representative metadata to describe the different business, technical, and operational characteristics.

T4. Develop the portfolio of data programs and projects. To achieve the specific objective of the data strategy, a series of specific projects related to each other are identified, and their viability is determined. The work product generated through this task will be a portfolio of projects that covers these objectives:

• Planning, control, and improvement of the quality of open data
• Ensuring compliance with security standards
• Deployment of control mechanisms for data intermediation
• Management of the configuration of data published on the portal

T5. Monitor the degree of compliance with the data strategy. To do this, the working group defines a series of key performance indicators that are measured periodically to monitor key aspects related to the quality of open data, compliance with security standards, use of data intermediation mechanisms, and management of changes to the data published on the portal. The work product generated consists of periodic reports on the monitoring of the data strategy.

"Establishment of Data Policies, Best Practices, and Procedures Process"

The data strategy is implemented through a series of policies, best practices, and procedures. To determine these policies or procedures, you can follow the process of Establishing Data Policies, Best Practices, and Procedures detailed in UNE 0077. For each of the data identified in the previous process, it may be necessary to define specific policies for each area of action described in the established data strategy.

To have a systematic and consistent way of working and to avoid errors, the Vistabella City Council's working group decides to model and publish its own process for defining strategies based on the generic definition of that process contained in Specification UNE 0077, tailored to the specific characteristics of the Vistabella City Council.

This process could be followed by the working group as many times as necessary to define and approve data policies, best practices, and procedures.

In any case, it is important for the customization of this process to identify and select the principles, standards, ethical aspects, and relevant legislation related to open data. To do this, a framework is defined, consisting of a regulatory framework and a framework of standards.

The regulatory framework includes:

• The legal framework related to the reuse of public sector information.
• The General Data Protection Regulation (GDPR) to ensure that the minimum requirements for the security and privacy of information are met when publishing open data on the portal.

The framework of standards includes, among others:

• The practical guide for improving the quality of open data, which provides support to ensure that the shared data is of quality.
• The UNE specifications 0077, 0078, and 0079 themselves, which contain best practices for data governance, management, and quality.

This framework, along with the defined process, will be used by the working group to develop specific data policies that should be communicated through the appropriate publication, taking into account the most appropriate legal tools available. Some of these policies may be published, for example, as municipal resolutions or announcements, in compliance with the current regional or national legislation.

"Establishment of Organizational Structures for Data Governance, Management, and Use Process"

Even though the established Working Group is making initial efforts to address the strategy, it is necessary to create an organizational structure responsible for coordinating the necessary work related to the governance, management, and quality management of open data. For this purpose, the corresponding process detailed in UNE 0077 will be followed. Similar to the first section, the explanation is provided with the structure of the tasks to be developed:

T1. Define an organizational structure for data governance, management, and use. It is interesting to visualize the Vistabella City Council as a federated set of council offices and other municipal services that could share a common way of working, each with the necessary independence to define and publish their open data. Remember that initially, this data pertained to urban transport and cultural events. This involves identifying individual and collective roles, chains of responsibility, and accountability, as well as defining a way of communicating among them. The main product of this work will be an organizational structure to support various activities. These organizational structures must be compatible with the functional role structures that already exist in the City Council. In this regard, one can mention, by way of example, the information responsible unit, whose role is highlighted in Law 37/2007 as one of the most important roles. The information responsible unit primarily has the following four functions:

• Coordinate information reuse activities with existing policies regarding publications, administrative information, and electronic administration.
• Facilitate information about competent bodies within their scope for receiving, processing, and resolving reuse requests transmitted.
• Promote the provision of information in appropriate formats and keep it updated as much as possible.
• Coordinate and promote awareness, training, and promotional activities.

T2. Establish the necessary skills and knowledge. For each of the functions mentioned above of the information responsible units, it will be necessary to identify the skills and knowledge required to manage and publish the open data for which they are responsible. It is important to note that knowledge and skills should encompass both technical aspects in the field of open data publication and domain-specific knowledge related to the data being opened. All these knowledge and skills should be appropriately recognized and listed. Later on, a working group may be tasked with designing training plans to ensure that individuals involved in the information responsible units possess these knowledge and skills.

T3. Monitor the performance of organizational structures. In order to quantify the performance of organizational structures, it will be necessary to define and measure a series of indicators that allow modeling different aspects of the work of the people included in the organizational structures. This may include aspects such as the efficiency and effectiveness of their work or their problem-solving ability.

We have reached the end of this first article in which some aspects of how to use three of the five processes in the UNE 0077:2023 specification have been described to outline what open data governance should look like. This was done using an example of a City Council in an imaginary town called Vistabella, which is interested in publishing open data on urban transport and cultural events.

The content of this guide can be downloaded freely and free of charge from the AENOR portal through the link below by accessing the purchase section. Access to this family of UNE data specifications is sponsored by the Secretary of State for Digitalization and Artificial Intelligence, Directorate General for Data. Although the download requires prior registration, a 100% discount on the total price is applied at the time of finalizing the purchase. After finalizing the purchase, the selected standard or standards can be accessed from the customer area in the my products section.

https://tienda.aenor.com/norma-une-especificacion-une-0077-2023-n0071116

Content developed by Dr. Ismael Caballero, Associate Professor at UCLM, and Dr. Fernando Gualo, PhD in Computer Science, and Chief Executive Officer and Data Quality and Data Governance Consultant. The content and viewpoints reflected in this publication are the sole responsibility of the authors."

As technology and connectivity have advanced in recent years, we have entered a new era in which data never sleeps and the amount of data circulating is greater than ever. Today, we could say that we live enclosed in a sphere surrounded by data and this has made us more and more dependent on it. On the other hand, we have also gradually become both producers and collectors of data.

The term datasphere has historically been used to define the set of all the information existing in digital spaces, also including other related concepts such as data flows and the platforms involved. But this concept has been developing and gaining more and more relevance in parallel with the growing weight of data in our society today, becoming an important concept in defining the future of the relationship between technology and society.

In the early days of the digital era we could consider that we lived in our own data bubbles that we fed little by little throughout our lives until we ended up totally immersed in the data of the online world, where the distinction between the real and the virtual is increasingly irrelevant. Today we live in a society that is interconnected through data and also through algorithms that link us and establish relationships between us. All that data we share more or less consciously no longer affects only ourselves as individuals, but can also have its effect on the rest of society, even in sometimes totally unpredictable ways - like a digital version of the butterfly effect.

Governance models that are based on working with data and its relationship to people, as if it were simply isolated instances that we can work with individually, will therefore no longer serve us well in this new environment.

The need for a systems-based approach to data

Today, that relatively simple concept of the data sphere has evolved into a complete, highly interconnected and complex digital ecosystem - made up of a wide range of data and technologies - that we inhabit and that affects the way we live our lives. It is a system in which data has value only in the context of its relationship with other data, with people and with the rules that govern those relationships.

Effective management of this new ecosystem will therefore require a better understanding of how the different components of the datasphere relate to each other, how data flows through these components, and what the appropriate rules will be needed to make this interconnected system work.

Data as an active component of the system

In a systems-based approach, data is considered as an active component within the ecosystem. This means that data is no longer just static information, but also has the capacity to influence the functioning of the ecosystem itself and will therefore be an additional component to be considered for the effective management of the ecosystem.

For example, data can be used to fine-tune the functioning of algorithms, improving the accuracy and efficiency of artificial intelligence and machine learning systems. Similarly, it could also be used to adjust the way decisions are made and policies implemented in different sectors, such as healthcare, education and security.

The data sphere and the evolution of data governance

It will therefore be necessary to explore new collective data governance frameworks that consider all elements of the ecosystem in their design, controlling how information is accessed, used and protected across the data sphere.

This could ensure that data is used securely, ethically and responsibly for the whole ecosystem and not just in individual or isolated cases. For example, some of the new data governance tools that have been experimented with for some time now and can help us to manage the data sphere collectively are data commons or digital data assets, data trusts, data cooperatives, data collaboratives or data collaborations, among others.

The future of the data sphere

The data sphere will continue to grow and evolve in the coming years, driven once again by new technological advances and the increasing connectivity and ubiquity of systems. It will be important for governments and organisations to keep abreast of these changes and adapt their data governance and management strategies accordingly through robust regulatory frameworks, accompanied by ethical guidelines and responsible practices that ensure that the benefits that data exploitation promises us can finally be realised while minimising risks.

In order to adequately address these challenges, and thus harness the full potential of the data sphere for positive change and for the common good, it will be essential to move away from thinking of data as something we can treat in isolation and to adopt a systems-based approach that recognises the interconnected nature of data and its impact on society as a whole.

Today, we could consider data spaces, which the European Commission has been developing for some time now as a key part of its new data strategy, as precisely a logical evolution of the data sphere concept adapted to the particular needs of our time and acting on all components of the ecosystem simultaneously: technical, functional, operational, legal and business.

Content prepared by Carlos Iglesias, Open data Researcher and consultant, World Wide Web Foundation.

The contents and views reflected in this publication are the sole responsibility of the author.

The European Commission's 'European Data Strategy' states that the creation of a single market for shared data is key. In this strategy, the Commission has set as one of its main objectives the promotion of a data economy in line with European values of self-determination in data sharing (sovereignty), confidentiality, transparency, security and fair competition.

Common data spaces at European level are a fundamental resource in the data strategy because they act as enablers for driving the data economy. Indeed, pooling European data in key sectors, fostering data circulation and creating collective and interoperable data spaces are actions that contribute to the benefit of society.

Although data sharing environments have existed for a long time, the creation of data spaces that guarantee EU values and principles is an issue. Developing enabling legislative initiatives is not only a technological challenge, but also one of coordination among stakeholders, governance, adoption of standards and interoperability.

To address a challenge of this magnitude, the Commission plans to invest close to €8 billion by 2027 in the deployment of Europe's digital transformation. Part of the project includes the promotion of infrastructures, tools, architectures and data sharing mechanisms. For this strategy to succeed, a data space paradigm that is embedded in the industry needs to be developed, based on the fulfilment of European values. This data space paradigm will act as a de facto technology standard and will advance social awareness of the possibilities of data, which will enable the economic return on the investments required to create it.

In order to make the data space paradigm a reality, from the convergence of current initiatives, the European Commission has committed to the development of the Simpl project.

What exactly is Simpl?

Simpl is a €150 million project funded by the European Commission's Digital Europe programme with a three-year implementation period. Its objective is to provide society with middleware for building data ecosystems and cloud infrastructure services that support the European values of data sovereignty, privacy and fair markets.

The Simpl project consists of the delivery of 3 products:

• Simpl-Open: Middleware itself. This is a software solution to create ecosystems of data services (data and application sharing) and cloud infrastructure services (IaaS, PaaS, SaaS, etc). This software must include agents enabling connection to the data space, operational services and brokerage services (catalogue, vocabulary, activity log, etc.). The result should be delivered under an open source licence and an attempt will be made to build an open source community to ensure its evolution.
• Simpl-Labs: Infrastructure for creating test bed environments so that interested users can test the latest version of the software in self-service mode. This environment is primarily intended for data space developers who want to do the appropriate technical testing prior to a deployment.
• Simpl-Live: Deployments of Simpl-open in production environments that will correspond to sectorial spaces contemplated in the Digital Europe programme. In particular, the deployment of data spaces managed by the European Commission itself (Health, Procurement, Language) is envisaged.

The project is practically oriented and aims to deliver results as soon as possible. It is therefore intended that, in addition to supplying the software, the contractor will provide a laboratory service for user testing. The company developing Simpl will also have to adapt the software for the deployment of common European data spaces foreseen in the Digital Europe programme.

The Gaia-X partnership is considered to be the closest in its objectives to the Simpl project, so the outcome of the project should strive for the reuse of the components made available by Gaia-X. 

For its part, the Data Space Support Center, which involves the main European initiatives for the creation of technological frameworks and standards for the construction of data spaces, will have to define the middleware requirements by means of specifications, architectural models and the selection of standards.

Simpl's preparatory work was completed in May 2022, setting out the scope and technical requirements of the project which have been the subject of detail in the currently open contractual process. The tender was launched on 24 February 2023. All information is available on TED eTendering, including how to ask questions about the tendering process. The deadline for applications is 24 April 2023 at 17:00 (Brussels time).

Simpl expects to have a minimum viable platform published in early 2024. In parallel, and as soon as possible, the open test environment (Simpl-Labs) will be made available for interested parties to experiment. This will be followed by the progressive integration of different use cases, helping to tailor Simpl to specific needs, with priority being given to cases otherwise funded under the Europe DIGITAL work programme.

In conclusion, Simpl is the European Commission's commitment to the deployment and interoperability of the different sectoral data space initiatives, ensuring alignment with the specifications and requirements emanating from the Data Space Support Center and, therefore, with the convergence process of the different European initiatives for the construction of data spaces (Gaia-X, IDSA, Fiware, BDVA).