Legislación y justicia

Today, data drives the world. It conditions public policies, the behaviour of algorithms and the decision-making of many companies. That is why it is important to have figures that correctly represent reality, i.e. that take into account all variables, including gender.

Thais Ruiz de Alda is founder and CEO of Digital Fems, an entity that designs projects to increase the presence of women in technological environments. In addition to consultancy tasks and the design of equality policies, Digital Fems carries out projects based on data science with a gender perspective. In this interview, Thais talks about the current situation and the challenges in this field (video only available in Spanish).

Full interview:

1. Why is it important to have gender-sensitive data?

Gender-sensitive data is a tool to measure various aspects, in a differentiated way between men and women, between different sexes.

It also serves to measure reality in terms of gender identity, if information is available.  Finally, there are subjects, areas of data processing, where it is essential to include intersectional perspectives, such as gender or origin. For example, when data is collected on the use of health services, we can see differentiated effects depending on whether the patients are of different sexes, or for example in the use of public transport, it is important to identify the sex of the person using the service, in order to design a service in accordance with the needs of the passengers: space for breastfeeding, space for carrying children, safety and avoidance of sexual harassment or other types of aggression. The problem we still have today is the lack or non-existence of this type of data. The famous gender data gap. That is why many organisations say that without data with a gender perspective, equality is not possible. Without GenderData , equality is not.

2. What is the current status of this type of data? You indicate that there is a gender gap in the data…

There is a tremendous gender gap in data. In general, and since the era of open government began in 2007, public administrations have been the ones that started opening data. This makes sense, given that administrations have been the generators of official statistics and the owners and guardians of some of the data that citizens create through the use of public services. According to the United Nations, by December 2020, we had only 39% of the gender-sensitive data we need to monitor the SDGs. So, from the public authorities' side, we still have some way to go. I think the future outlook for this kind of data is positively good, because we are on the right track, making progress in creating this kind of data. This is where we can say that, in parallel, there are civil society organisations that are also working on the generation of gender-sensitive data. Many women's organisations have realised the need to create and collect this data in order to alleviate this gap. In fact, right now, civil society organisations are the ones that should be pushing and lobbying to show the value of this type of data and pushing for public authorities to generate it. Now we need other stakeholders such as companies or academic environments to prioritise this need and generate data with a gender perspective in order to understand issues that affect men and women differently. The topic could be the subject of a doctoral thesis... but in short, the first stumbling block to be resolved is to produce data with this perspective, which has been ignored, and once we have these data, we will be able to read reality, measure it and draw conclusions that will allow us to make decisions with much greater precision.

According to the United Nations, by December 2020, we had only 39% of the gender-sensitive data we need to monitor the SDGs

3. Digital Fems, together with other organisations, has set up GenderDataLab.org, a repository of open data with a gender perspective. What kind of information can users find there? What are the challenges you have encountered in collecting and making this kind of data public?

Genderdatalab is a recently created space for experimentation and publication of datasets with a gender perspective, where visitors can choose to:

• Learn through articles, recommendations, guides or best practices and information collected on the discipline of data with a gender perspective. It is a space of common use because after registering, users can create datasets and publish them, with open licenses to publish their study reports, etc.
• Register and publish datasets; it is a space of common use because after registering, users can create and publish datasets, with open licenses to publish their study reports, etc.
• Download or use the API of the datasets, or simply visit the datasets and visualise them... 

Despite our "youth" we have had diverse experiences: we have convinced organisations to publish their data, which contained the gender perspective, in open format and they have had some fears that open data is susceptible to manipulation. Therefore, we have evangelised about open data to non-digitised communities. On the other hand, we have seen how, on the contrary, organisations that wanted to publish gender-inclusive reports, opened up to do so, and asked us for help and support in implementation. We have also detected some fears in the use of the platform, i.e. resistance to publish datasets for "fear" that they are not well designed, etc. and that is why we are now going to publish mini training courses to familiarise users with the functionalities of the platform, as well as with the contents and encourage the members of the platform, which already has a few hundred people registered.

4. One of the areas where data can also help us is in the fight against gender violence. This is the field of work of your project DatosContraelRuido.org, where you use Big Data techniques to analyse thousands of data files on the subject. How have you developed the project and what has been its impact?

The DatosContraElRuido.org project was the first project that we launched at Digitalfems in terms of gender data activism. We developed the project so that, through the application of our methodology, complex legal concepts could be understood in data visualisations, processed and analysed from a gender perspective, which could explain the presence of male violence in Spain, or the typology of violence that is exercised with the data that the Ministry of Justice and the General Council of the Judiciary publish.  With all these thousands of lines of information, we have been able to create an understandable story for ordinary people, and to design communication campaigns that allow us to understand the dimension of male violence.

Each time we publish an update of the data, we achieve a relatively important media impact, which has allowed us to be invited to many forums, especially in the context of male violence, to explain three issues:

1. Creating technology or technological solutions with a gender perspective helps to broaden the field of vision of the problems. We need more women technologists who can address social issues.
2. GenderData is a discipline of data science that is not only concerned with data collection, but also applies to the way data is structured and processed for analysis. 
3. All data can be downloaded from GenderDataLab.org so that anyone can in turn process the data and expand the scope of analysis.

The social impact we are aiming for is to clarify the high prevalence of male violence, based on official, undeniable data.... and to raise social awareness about it. For us, DatosContraelRuido.org is an open and accessible tool for society to know the reality of a type of violence that needs to be spoken out loud and clear. If drugs, traffic accidents and public safety are areas of public interest, so too is the violence that some men inflict on women. Seventy per cent of complaints are filed away...

DatosContraelRuido makes it possible to understand complex legal concepts in data visualisations, processed and analysed from a gender perspective. The aim is to explain the presence of male violence in Spain, or the typology of violence that is exercised with the data published by the Ministry of Justice and the General Council of the Judiciary.

5. In your opinion, what should be the strategic actions to generate gender-sensitive data from an institutional perspective?

We live in data-driven societies, and we are getting more and more... so it would make perfect sense to take into account the different tools, methodologies and processes that help to generate the best possible quality data. Here it is very clear that we need an action plan to make this possible.

First and foremost, training must be provided to individuals, departments and teams responsible for maintaining datasets or with the potential to create datasets within the public administration. It is necessary to invest in training the people who manage data generation. In fact, it is a "leg" of what is meant by digitising or digitally transforming public administration.

The second is to promote the creation of this type of data through administrative instruments. For example, the European Commission announced in 2020 that beneficiaries of its research grants would have to incorporate sex and gender analysis in the design of their studies, probably due to the experience of COVID-19 and vaccines.

The third is to raise awareness of this new discipline, and the benefits it would bring, but this without the other actions is useless. And most importantly, without budgets to incentivise change or put in place elements of innovation, we do nothing....

First and foremost, training must be provided to individuals, departments and teams responsible for maintaining datasets or with the potential to create datasets within the public administration.

6. Although it is a sector in constant growth, women are still a minority in work environments linked to the technological field. What are the reasons behind this situation? What measures should be taken to change it?

It is complex because this reality is found all over the planet, countries and territories. One of the strongest reasons is that there is a strong presence of gender stereotypes about "technology". There are many, many studies that show how even from an early age, girls and boys associate technology with masculine skills. Let's be aware that in the cradle of tech culture, Silicon Valley, there is a term that is constantly used to define traits of corporate cultures: Brogrammer, a fusion between brother and programmer.

Stereotypes operate invisibly, and are one of the reasons why there are no women university students in specific engineering-related fields, and therefore there are also  low rates into professional environments. It is said that women represent approximately 30% of the total number of employees in the tech sector, in a sector whose growth rate is 10% per year, vs. 0.4%, which is the rate of growth of the employment rate in the Eurozone. So the recruitment rate of female technologists is low because there are few of them, but this rate continues to fall as careers develop and the retention of female talent is an unresolved issue in the tech sector.

The solution to this is complex, because it implies that on the one hand, public policies must be activated to generate actions that promote a greater female presence. For example, Barcelona City Council has been a pioneer in regulating and setting criteria and means to change the trend of the sector (the government measure is called BcnFemTech). On the other hand, corporate policies must also and above all be activated among the companies that form part of the sector through the creation of measures that encourage the entry of more women, and the retention of this talent, which also has a direct impact on the company's profits: the more diverse people who design software, the better and more effective it will be, as the Bill and Melinda Gates Foundation says.

The recruitment rate of female technologists is low because there are few of them, but it is also because this rate continues to fall as careers develop and the retention of female talent is a pending issue in the tech sector.

7. Can you tell us about Digital Fems' next lines of work in the field of open data?

Well, we continue to work with data from some of the organisations we collaborate with, for example with CIMA, where we follow up on their reports on the presence of women in film, and we monitor the evolution of the number of women working in the industry, directing films or scriptwriting them, and we calculate the gender gap. We are also going to publish openly two works we have done this year: a survey of companies based in Catalonia about women's roles and tasks in technological environments, and a report and dataset about women in tech environments in Spain. We are very happy because these two reports will shed light on the reality of women technologists in Spain. By the last quarter of 2022 we will probably be working on a data and music project as well, through EllesMusic: the music sector works with non-standardised metadata, and gender should be incorporated as an element of metadata.

Last December, the Congress of Deputies validated Royal Decree-Law 24/2021, which transposed several European directives, including Directive (EU) 2019/1024 on open data and the re-use of public sector information. This directive seeks to broaden the scope of application of the previous regulation, bringing legal guarantees and obligations in line with the current innovation landscape, where technologies such as Artificial Intelligence (AI) could benefit from increased availability of public sector data. This initiative is aligned with the European Union's Data Strategy for the creation of a single data market where information flows freely between States and between sectors.

With this Royal Decree-Law, the provisions of Act 37/2007, of 16 November, on the re-use of public sector information were amended, providing new features regarding obligated parties, types of data to be considered of special interest or procedures for processing requests, among other aspects. As the Directive points out, the aim of this new regulation is to promote the re-use of public sector information in a context of digital transformation, seeking to promote the "intelligent use of data", as well as the "creation of new services and applications based on the use, aggregation or combination of data". It was therefore essential to update the regulatory framework as the previous provisions were "outdated with respect to these rapid changes and, as a result, the economic and social opportunities offered by the re-use of public data may be lost".

These new developments have been analysed by a team coordinated by researchers Julián Valero and Rubén Martínez, as part of the project "Open data and reuse of public sector information in the context of its digital transformation: adapting to the new regulatory framework of the European Union (ref. PID2019-105736GB-I00)", funded by the Ministry of Science and Innovation.

Main findings of the study

Based on these premises, the study undertakes a systematic analysis of the new regulatory framework, highlighting the following conclusions:

• The European regulation is limited in its ability to establish clear and precise obligations to facilitate access to public sector information for re-use. In this regard, the referral to the Member States' regulation constitutes an added difficulty in facilitating a European market for re-use.
• The subjective scope of application of the rules on re-use has been extended to include new subjects to which the rules apply. Consequently, these entities have to adjust the management of the data they generate to the new regulation, which is a major challenge insofar as it does not always coincide with the scope of application of the regulation on common administrative procedure and the legal regime of the public sector, a regulation that has served to boost technological modernisation in this area.
• The new category of high-value data is one of the main novelties of the new regulation. Beyond the measures to be adopted at the European level, the study suggests that the States adopt a broader perspective than that envisaged in the Directive. Thus, it is proposed not only to include certain private subjects but also to establish new sets of data outside those established by the European Union, such as those referring to public sector procurement.
• The Directive also establishes that "Member States should ensure that practical arrangements are in place that help re-users in their search for documents available for re-use". In this sense, the study suggests taking advantage of the current parliamentary procedure of the draft act to establish a specific regulation in Spanish legislation, since these are instruments of great relevance for the achievement of the objectives set by the European Union, especially with regard to Artificial Intelligence.
• It is essential to promote a regulation that adequately addresses the issue of the liability of public sector entities. In particular, the study considers that the current regulation may generate legal uncertainty for re-users, who will not find an adequate legal framework to promote digital transformation initiatives based on the re-use of public sector information.
• Although the new regulation allows public bodies to continue to set conditions that restrict the re-use of data or limit competition, this possibility is conditional on the respect of certain safeguards. This has given an important boost to the use of open licences. However, the fact that there is a wide diversity in the conditions set by each agency creates significant dysfunctions for re-users, which would justify, according to the study, the creation of an open governmental licensing model based on legal regulation.
• A more precise regulation of the administrative procedure to be followed by public bodies when dealing with requests for access for re-use should be established. According to the study, special attention should be paid to the grounds for refusal, as they are too generic in their current wording. It is also considered necessary to review the regulation of administrative silence from the perspective of European legislation, which is particularly demanding with regard to the reasons for refusing access. Finally, it is proposed that an independent control body be set up, so that complaints lodged with this body can replace ordinary administrative appeals, a possibility expressly permitted by the legislation on common administrative procedure.

These are some of the main contributions of the study, the final result of which has materialised in the book "Datos abiertos y reutilización de la información del sector público", published by the Comares publishing house, the first book in Spain to comprehensively study the new legal regime in this area, integrating European regulations and state legislation.

The Commission's drive to promote data spaces within the framework of a European Strategy is based on the firm commitment to a regulatory framework that provides regulatory coherence throughout the Union. In particular, the aim is to establish a solid regulation that offers legal certainty to a model based on respect for rights and freedoms. Thus, initially, two initiatives have been promoted to, on the one hand, establish the regulatory bases of the governance model - already definitively adopted by Regulation (EU) 2022/868 of 30 May - and, on the other hand, to establish harmonised rules on the access and fair use of data throughout the Union.

However, while recognising the importance of the design of this general legal architecture, the effective opening and exchange of data requires a more concrete approach that takes into account the specificities of each sectoral area and, in particular, the difficulties and challenges to be faced. Therefore, taking into account the general regulatory framework referred to above, the Commission has presented the first regulatory initiative for one of these areas, related to health data, which is currently under public consultation and negotiation in the Council of the EU and in the European Parliament, and which is part of the project to create a European health data area.

In particular, beyond facilitating the development of cross-border e-services, the proposal aims to address a triple objective:

• Establish a uniform legal framework to facilitate the development, marketing and use of electronic health record systems by establishing a compulsory self-certification scheme for certain systems, which in any case provides for some exceptions, e.g. general purpose software used in healthcare environments.

• Facilitating patients' electronic access to their own data in the framework of healthcare provision (primary use of health data). In this respect, the proposal seeks to strengthen consistency across Member States in protecting health data irrespective of where the healthcare provision takes place or the type of entity carrying it out.

• Encourage the re-use of such data for other secondary purposes. To this end, a specific governance model is envisaged with a specific body at the head - the so-called European Health Data Space Board - and the deployment of duly coordinated state administrative structures - health data access bodies.

We will look at this last point in more detail below.

The promotion of secondary uses

With regard to the re-use of data for purposes other than health care, the proposed regulation is based on the following evidence: although health data are already being collected and processed using electronic means, in many cases, however, access to them is not facilitated to satisfy other purposes of general interest. For this reason, in general, it is intended to establish a broad regulation that facilitates secondary uses of health data. For example, the elaboration of statistics, the development of training and research activities, such as technological innovation -including the training of algorithms- or personalised medicine.

However, for the purposes of denying access to health data, some secondary uses are expressly declared incompatible, such as:

•  The adoption of decisions detrimental to natural persons, meaning not only those that produce legal effects but also those that significantly affect them. In this respect, changes relating to insurance contracts, such as an increase in the amounts to be paid, are specifically highlighted.

• The carrying out of advertising or marketing activities aimed at healthcare professionals, organisations in the sector or natural persons.

•  Making data available to third parties that are not covered by the data permission granted.

• The development of harmful products and services, including in particular illicit drugs, alcoholic beverages, tobacco products or goods or services that contravene public order or morality.

With regard to the parties obliged to share data, in principle the proposed regulation extends to those who collect and process data with public funding, who must make them available to the competent bodies for access to health data in order to facilitate their re-use. However, given their importance in some States, the regulation also extends its scope of application to private parties providing health services - except in the case of micro-enterprises - and also to professional associations. Specifically, this regulation would affect "any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain data".

Purpose and conditions of access to health data

The proposed Regulation is based on a broad concept of health data, which includes the following categories: 

The regulation is based on a general rule: access to anonymised data as a measure to reduce privacy risks, although a specific regime is also envisaged for personal data. In this case, the request must include an adequate justification and the data will only be provided in pseudonymised form.

As regards the form of access, the particular sensitivity of health data determines that it is proposed that they should be made available through a secure processing environment that complies with the technical and security standards included in the proposal. In particular, the proposal does not allow that, except for non-personal data, the data are transmitted directly to the person who will re-use them.  Furthermore, it provides for processing to take place in secure environments under the control of the access authorities.

Access authorities for health data

From the perspective of the governance model underpinning the proposal, States should have at least one health data access body to provide electronic access to health data for secondary purposes. In the case of multiple bodies due to requirements arising from their political-administrative organisation, one of them will have a coordinating role. Beyond the organisational freedom of the States to choose one or another organisational formula, it is essential that the independence of the coordinating body be guaranteed, without prejudice to the mechanisms of financial or judicial control.

As already indicated, the main purpose of this measure is to ensure a uniform and consistent application of the regulatory framework for access to health data for secondary purposes across the European Union, in particular as regards the protection of personal data in this sector. In this respect, it is proposed that these bodies should be given the powers to verify compliance with these rules and, in particular, to impose sanctions and other measures such as temporary or definitive exclusion from the European Health Data Area of those who do not comply with their obligations.

The harmonisation sought by the proposed Regulation is also envisaged in the establishment of a standardised process for the issuing of permissions to re-use data for secondary purposes. In particular, in cases where anonymised access to the data is not enough, reasons should be given as to why pseudonymised access is necessary. In the latter case, the request must specify the legal basis for requesting access to the data from the perspective of personal data protection law, the secondary purposes for which the data are intended to be re-used, as well as a description of the data and tools necessary for their processing.

Finally, the proposed regulation includes active disclosure obligations addressed to these bodies about the available datasets. This is an essential measure, since the existence of a catalogue of datasets at European level - based on the interconnection of national datasets - would be extremely useful for promoting not only research and innovation but also decision-making at regulatory and political level. Specifically, for each set of available data, the nature of the data, its source and the conditions for making it available will have to be indicated.

In short, this is a certainly innovative initiative to address the regulatory diversity existing in each Member State, which is, however, at an early stage of processing. Precisely, a participation procedure is currently open that allows for the submission of allegations against the initial drafting until 28 July 2022 through a simple procedure accessible via this link.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

The contents and views expressed in this publication are the sole responsibility of the author.

The current Directive 2019/1024 on open data and re-use of public sector information, adopted in June 2019, was established to replace and improve the former Directive 2003/98/EC. Among its objectives was to boost the availability of public sector data for re-use by establishing some minimum harmonisation rules that favour its use as a raw material for innovation in all economic sectors. It should be noted that this directive has been incorporated into Spanish law through Royal Decree-Law 24/2021, of 2 November, transposing several European Union directives.

Among the most significant changes introduced by Directive 2019/1024 was the drawing up of a list of high-value datasets to be highlighted among those held by public bodies.

High-value data: definition and characteristics

The Directive describes high-value data as "documents whose re-use is associated with considerable benefits for society, the environment and the economy, in particular because of their suitability for the creation of new, decent and quality value-added services, applications and jobs, and the number of potential beneficiaries of value-added services and applications based on such datasets".

This definition provides some clues as to how such high-value datasets can be identified. Identification can be carried out through a series of indicators including:

• Potential to generate:
  
  • Significant social or environmental benefits
  • Economic benefits and new revenues
  • Innovative services
• Potential in terms of number of users benefited, with a particular focus on SMEs.
• Ability to be combined with other datasets.

How should high-value data be published?

According to the Directive, the publication of these datasets has to meet the following requirements:

• Be reusable free of charge.
• Available through application programming interfaces (APIs).
• Available in a machine-readable format.
• Feature a bulk download option, where possible.

In addition, they should be compatible with open standard licences.

Which thematic categories are considered high-value data?

The European Data Strategy incorporates high-value data as a common data layer that facilitates, together with data from the private sector, the deployment of sectoral data spaces in strategic areas.

Originally, the directive included in its annex a number of priority themes that could be considered high-value data: geospatial data, earth observation and environmental data, meteorological data, statistical data, business registers or transport data.

However, these categories were very broad. The EU has therefore launched an initiative to establish a list indicating more precisely what types of data are considered high-value and how they should be published. Following an extensive consultation of stakeholders and taking into account the outcome of the impact assessment, the Commission identified, within each of the six data categories, a number of datasets of particular value and the arrangements for their publication and re-use.

The list takes the form of a binding implementing act. The granularity and modality of publication varies from one dataset to another, trying to strike a balance between the potential socio-economic and environmental benefits and the financial and organisational burden to be borne by public data holders. Existing sectoral legislation governing these datasets should also be taken into account.

Open comment period on the draft law "Open Data: Availability of public datasets".

The next step is to get citizens' feedback on the proposed datasets. The European Commission currently has a specific section open on its website, at the end of which any citizen of the European Union can provide their comments to help improve and enrich this initiative. The public consultation will run for four weeks, from 24 May to 21 June 2022.

In order to submit your comments, you need to register using your email address or popular social networks such as Twitter or Facebook.

Remember that in order to express your opinion and for it to be taken into account by the public body, your comment must comply with the established rules and standards. In addition, you can consult the comments already made by other citizens from different countries and which are offered publicly. The website also includes a visualisation that presents data on the number of opinions offered per country or the category to which the participants belong (private companies, academic institutions, research institutions, NGOs, citizens, etc.).

This list will be a really important milestone as, for the first time in many years, it will be possible to establish an explicit and common guide on what are the minimum datasets that should always be available and what should be the conditions for their re-use throughout the European Union.

At the Spanish level, the Data Office, in collaboration with stakeholders, will be in charge of landing this list and specifying other additional datasets, both public and private, based on what is indicated in Royal Decree-Law 24/2021.

Updated 02/29/24

At the end of 2021, an agreement was reached between the European Parliament and Member States to push forward the proposed Data Governance Act. The aim was to create processes and structures to facilitate the exchange of data between all relevant actors.

Shortly thereafter, it was followed by another new regulatory initiative launched by the European Commission: the so-called Data Act. It is a new regulation that aims to promote harmonised rules on access and fair use of data within the framework of the European Strategy. Once the appropriate public consultation has been completed and, in view of the conclusions of the corresponding impact analysis, this proposal has been formulated, which is set to profoundly transform the European regulatory framework on data.

What are the objectives of the new regulation?

The initiative is based on a basic premise: despite the progress made, there is still a general problem regarding the insufficient availability of data in the European Union as a whole. In this sense, it has been noted that this is not simply a problem specific to the national sphere, so that it has seemed necessary to promote a new European regulation whose main objectives are:

• To increase legal certainty with regard to rights relating to access to and use of data, especially in a technological environment of interconnected objects.
• To address imbalances in contractual relations between companies whose subject matter concerns the availability of data.
• Establish the conditions under which private entities should provide data to public bodies in exceptional situations.
• Promote a framework for efficient interoperability of data from a cross-sectoral perspective.
• Establish minimum guarantees for users of data processing services when they change provider.

Let us look at each of these points in detail.

Boosting access to and use of data

One of the main novelties of the Regulation concerns the adoption of measures to facilitate access to data generated by connected objects (IoT). In particular, it has been identified that there are insufficient incentives for data owners to make data available to the users of the objects and services, who are ultimately the ones who generate the data when they use or enjoy them. In this respect, the lack of adequate regulation means that there is clear uncertainty about the rights and obligations that correspond to each of the parties, i.e. manufacturers of the objects, persons using them and, where appropriate, third parties providing services.

The approach is to oblige manufacturers of the objects to share, under appropriate conditions, data generated during the use of products or services - which may even include reasonable compensation - with the users themselves and even with third parties, in particular for the purpose of facilitating after-sales and maintenance services. As a result, rights of access and use are assigned, as opposed to the recognition of exclusive rights arising from the greater ability to control that would initially be vested in manufacturers and designers.

Moreover, specific measures are laid down to strengthen the legal position of those who use the objects, in particular with regard to data generated during the enjoyment of the related products or services. In this respect, the right to information prior to purchase is reinforced, and the user must be informed of the nature and volume of the data to be generated, how he can access the data and how it will be generated, or, inter alia, who will use the data or how to request that it be shared with third parties. Moreover, the manufacturer of the object or service provider is required to guarantee the user access to the data generated, without being able to require any additional information from the user beyond what is strictly necessary to verify the user's status as a user.

Contractual imbalances between companies

As regards business-to-business relations, the Regulation has established measures aimed at ensuring that there is a reasonable balance and, in particular, at avoiding unfair impositions in business-to-business contracts when negotiating conditions relating to access to and use of data. Thus, on the one hand, the cases in which a clause is considered unfair for a micro/small/medium-sized enterprise are specified, as would be the case, for example, when it would be prevented from making a copy of the data it has itself generated or when undue restrictions are imposed on the means of redress in the event of non-compliance. Moreover, it is specified in which circumstances the conditions have been unilaterally imposed in an undue manner, with the onus being on the company that proposed the clause to prove that there has been no such imposition. The mandatory nature of these measures is reinforced by the express prohibition to ignore them even if there is an agreement to that effect between the two parties.

Provision of data to public entities

With regard to relations between companies and public bodies, the Regulation envisages the mandatory provision of certain data to meet exceptional needs linked to emergencies or even situations where the public interest so requires. This is a measure that would not be applicable to smaller companies and that, in any case, would be subject to a series of limits and conditions, among which the following stand out:

• The requirement to demonstrate the exceptional need that justifies making the data available, specifying the purpose of the use and its duration.
• The regulations on open data and re-use of public sector information shall not apply to the data provided.
• If the purpose of the provision relates to personal data, reasonable measures for pseudonymisation shall be required, provided that this is not incompatible with the intended purpose.
• The purpose of making the data available is for the performance of a task of public interest, the existence of a legal provision is required and that the data could not have been obtained by any other means, including their purchase on the market.
• In any case, this regulation does not affect cases in which the provision of the data by the companies takes place within the framework of the fulfilment of legal obligations derived from the exercise of surveillance or verification functions, as would be the case, in particular, with the performance of inspection tasks by the public authorities.

In any case, this regulation does not affect cases in which the provision of data by companies takes place in the framework of the fulfilment of legal obligations derived from the exercise of surveillance or verification functions, as would be the case, in particular, with the performance of inspection tasks by public authorities.

A strong commitment to interoperability

One of the main problems that the new Regulation seeks to address is the high level of fragmentation of data, in particular due to the existence of "silos" that prevent their interconnection in the absence of effective rules on interoperability. In this respect, an obligation is laid down for data space operators to comply with a number of minimum requirements to facilitate interoperability, in particular as regards the specification of technical and legal conditions allowing automated data processing. Specific conditions are also laid down for smart contracts, i.e. software that executes and settles transactions on the basis of pre-determined conditions from the perspective of data provision, including a European declaration of conformity system and even the establishment of standardisation criteria.

Interoperability requirements may be general in scope or, where appropriate, sector-specific, for which a broad legal approach will be essential, taking into account the requirements of the respective regulatory frameworks applicable in each case. To this end, the definitive boost to European data spaces can undoubtedly be of great importance in order to specify the scope of regulation in some areas of great strategic relevance and of unquestionable public interest.

Safeguards against switching providers

Another of the main novelties of the proposal consists of recognising minimum rights for users of data processing services when they change provider, so as to extend their ability to choose and ensure that they can dispose of their data, applications and other digital assets without unjustified restrictions. It also establishes certain minimum contents that must be included in the corresponding contract with providers, including the obligation to facilitate and actively collaborate in the migration process, the exhaustive identification of the categories of exportable data and applications or, among other aspects, the establishment of a minimum period for the recovery of data once the contract is terminated.

Although all these aspects may represent significant improvements in terms of facilitating access to data, the fact is that the proposal has raised some doubts, especially with regard to the mandatory nature of their transfer in B2B and B2G environments, the possible increase in costs that the new data processing conditions would entail or, among other aspects, the possible contradiction with the principle of minimisation in force in the area of personal data protection and, in general, the coherence with the rest of the European regulatory framework. These are undoubtedly important challenges whose regulation will have to take shape in the coming months during the long and intense process that is now beginning.

Download the infographic in PDF here

This infographic is also available in two pages

Content prepared by Julián Valero, professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). Contents and points of view expressed in this publication are the exclusive responsibility of its author.

The favorable regime of access to environmental information

Environmental legislation has traditionally been characterized by establishing a more beneficial legal regime than that which has inspired the general rules on access to information held by the public sector. Indeed, the Aarhus Convention, adopted in 1998, was an important milestone in recognizing the right of access to environmental information under very advanced legal conditions, imposing relevant obligations on public authorities. Specifically, the Convention starts from an inescapable premise: in order for society to enjoy the right to a healthy environment and fulfill its duty to respect and protect it, it must have relevant access to environmental information. To this end, on the one hand, the right to obtain information held by public authorities was recognized and, on the other, an obligation was established for the latter to make certain information public without prior request.

In execution of said international treaty and, specifically, of the obligations assumed by the European Union through Directive 2003/4/EC of the European Parliament and of the Council, of January 28, 2003, on public access to environmental information, Law 27/2006, of July 18,  regulating the rights of access to information, public participation and access to justice in environmental matters, was approved. Unlike the general regime contemplated in Law 19/2013, of December 9, on transparency, access to public information and good governance, Law 27/2006 does not contain any reference to open and reusable formats. However, it does include the following developments:

• establishes the obligation to provide the information even when, without having generated it directly in the exercise of its functions, it is in the possession of the entity from which it is requested;
• requires that the grounds for refusal of the request for access be interpreted in a restrictive manner, so that in case of doubt when interpreting the exceptions provided by law, access to information must be favored;
• for those cases in which the request is not resolved and notified within the established period, the rule of positive silence is applied and, therefore, access will be understood to be granted.

The impact of regulations on open data and reuse of public sector information

As in the previous regulation, Directive (EU) 1024/2019 excludes its application in those cases in which the corresponding regulation of the Member States limits access. This would not be, therefore, the case of the environment sector, since, apart from the cases in which access is not applicable, in general the availability of the information is especially assured. Consequently, except for the legal exceptions to the obligation to provide environmental information, there are no specific restrictions that would be an obstacle to facilitating its reuse.

On the other hand, one of the main novelties of European legislation is a measure that ultimately obliges the Member States to adapt their regulations regarding access to environmental information. Indeed, Chapter V of the Directive establishes a unique regime for the so-called high-value datasets, which, in general, will be available free of charge, machine-readable, provided through APIs and, where appropriate, provided in the form of bulk download. Precisely, this very favorable legal regime is envisaged, among others, for the field of Earth Observation and Environment, although the specific datasets to which it will apply are still pending a decision by the European Commission after the elaboration of an extensive impact analysis whose final result is yet to be finalized.

On the other hand, following the European regulatory model, among the novelties that Royal Decree-Law 24/2021, of November 2, has incorporated into Spanish legislation on the reuse of public sector information, one that stands out is one referring to high-value data. Specifically, Article 3.ter of Law 37/2007 contemplates the possibility that, in addition to the datasets established by the European Commission, others may be added at the national level by the Ministry of Economic Affairs and Digital Transformation, taking into account the selection made by the Data Office Division, so that those specifically referring to the environment could be extended, where appropriate.

The potential for high-value environmental data

As the European regulation itself points out, the reuse of high-value datasets is seen as a tool to facilitate, among other objectives, the creation and dynamization of value-added digital applications and services that have the potential to generate considerable benefits for society, the environment and the economy. Thus, in this area, open data can play an important role in tackling technological innovation to address challenges of enormous relevance such as climate change, deforestation and, in general, the challenges posed by environmental conservation.

On the other hand, the development of digital applications and services can serve to revitalize rural areas and promote tourism models that value the knowledge and protection of natural resources, especially taking into account the rich and varied natural heritage existing in Spain, for which it is essential to have specific datasets, particularly with regard to natural areas.

Ultimately, from the perspective and demands of Open Government, the accessibility of environmental information, according to the standards of high-value data in accordance with the provisions of the regulations on the reuse of public sector information, could have a significant reinforcement by facilitating social control regarding the decisions of public entities and citizen participation. However, for this it is essential to overcome the model on which the regulatory framework on access to environmental information has traditionally been based, since, although at the time it represented a significant advance, the fact is that the 2006 regulation does not include any reference to the possibilities of technological innovation based on open data.

In short, it seems that the time has come to raise a debate about an eventual update of the sectorial regulation on access to environmental information in order to comply with the requirements of the legal regime contemplated in Directive (EU) 1024/2019.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

The contents and points of view reflected in this publication are the sole responsibility of its author.

Why a Royal Decree-Law?

In the plenary session of the Congress of Deputies held on December 2, 2021, Royal Decree-Law 24/2021, of November 2, on the transposition of several European Union directives, including Directive (EU) 2019/1024 of the European Parliament and of the Council, of June 20, 2019, on open data and the reuse of public sector information, was validated. With this new regulation, the provisions of Law 37/2007, of November 16, on the reuse of public sector information have been modified.

What are the main novelties of this regulation?

The content of the new legal regulation is substantially focused on the incorporation of the provisions of the 2019 Directive to the text of the Spanish Law of 2017, although it is necessary to take into account that those precepts that could be directly applied were already in force since the end of the deadline for its transposition in July 2021. However, apart from updating some already outdated legal references -specifically on personal data protection, public sector legal regime and administrative procedure-, on the occasion of the transposition, some relevant novelties have been added that go beyond the mere adaptation of the European regulation. Thus:

• From the point of view of its subjective scope, the legislation will be applicable to all entities to which, according to the terms provided in their regulatory regulations, the regulations governing the common administrative procedure are applicable. This would be the case, for example, of private law entities linked to or dependent on Public Administrations when they exercise administrative powers.
• The reuse of documents to which access is excluded or limited for reasons of protection of sensitive information on critical infrastructures is expressly excluded from the legal regulation.
• As regards high-value data, alongside those established by the European Commission (i.e. geospatial, Earth observation and environment, meteorology, statistics, companies, as well as mobility), additional datasets may also be specified by the Ministry of Economic Affairs and Digital Transformation, specifically through the selection and updating carried out by the Data Office Division with the collaboration of the stakeholders, both public and private. In this regard it is important to recall that, as a general rule, these data will be freely available, machine-readable, provided through APIs and, where appropriate, provided in the form of bulk download.
• When making high-value data available free of charge could have a substantial impact on the budget of bodies and entities governed by public law that must obtain income to finance their public service activity, the Public Administration to which they are linked, or on which they depend, will be competent to exempt them from this obligation. Consequently, such bodies and entities would not be able to take this decision on their own.
• The scope of the reusable public information catalog is projected -at least potentially- beyond the scope of the General State Administration and its public bodies, so that other entities that decide to create their own catalogs that are interoperable with the national one are required to do so. This is an instrument whose practical relevance is reinforced by the fact that, through it, information will be provided on the rights legally provided for reuse, help systems will be offered and datasets will be made available in accessible, easy to locate and reusable formats.
• En cuanto al sometimiento a las normas legales sobre procedimiento de tramitación de solicitudes de reutilización, las sociedades mercantiles, centros de enseñanza, organismos de investigación o entidades que realicen actividades de investigación quedarán exentos.
• Regarding the submission to the legal rules on the procedure for processing requests for reuse, corporations, educational institutions, research organizations or entities that carry out research activities will be exempted.
• From the organizational point of view, each entity is required to designate a unit responsible for ensuring the availability of its information. Among the functions that will correspond to these units are those related to the coordination of reuse activities with existing policies on publications, administrative information and electronic administration; providing information on which bodies are competent in each area; promoting the updating and making information available in appropriate formats; as well as promoting awareness and training activities.

In any case, in the aforementioned parliamentary session, it was unanimously decided to proceed with the processing of the initiative as a bill through the urgency procedure, one of the possibilities provided for in Article 86 of the Constitution when it comes to validating decree-laws. Consequently, a legislative initiative will have to be processed following the regulatory channels established for this type of cases, which will allow the various parliamentary groups to propose amendments that, if approved, would be incorporated into the final text of the legislation on the reuse of public sector information and open data.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

The contents and points of view reflected in this publication are the sole responsibility of its author.

Last September, an international congress was held at the University of Alicante, which addressed some of the main challenges posed by open data and the reuse of public sector information from a legal perspective.

The inaugural conference was given by Kiko Llaneras, who made, from his own journalistic experience, a suggestive presentation on the role played by data in the communication processes during the management of the pandemic. Specifically, he explained that almost 20% of the most read news items during the pandemic were stories based on data. In his opinion, this is a trend that goes beyond circumstantial reasons and is due to a greater interest in this type of methodology, particularly in making the understanding of complex subjects more accessible. The speaker concluded by emphasizing the need to make data available in better conditions in terms of their accessibility, the formats in which they are available, their updating and their integration when they come from different sources.

The first round table of the congress was dedicated monographically to the field of tourism. Despite the efforts and progress that have been made in this essential area of the Spanish economy, the speakers highlighted two challenges still to be addressed with regard to the promotion of open data. On the one hand, the information made available by public entities is fragmented and heterogeneous, not only because of the plurality of the datasets published but, above all, because of the difficulties of integrating their automated processing; difficulties that are increased with regard to data with tourist relevance offered by private sector entities - search engines, social networks, information society service providers which, as is evident, are not subject to legislation on open data and reuse of public sector information. On the other hand, the difficulties encountered by many of the municipalities, largely due to their limited material and human resources, were highlighted when it comes to committing to advanced tourism management based on data management, which requires the support and assistance of the State and the Autonomous Communities in particular if the aim is to encourage the opening of data in this sector.

The second round table addressed the challenges posed by open data and the reuse of information in the field of public sector procurement, with a special focus on the proposal to incorporate this area into the categories of high-value data. Even though the establishment of an unavoidable legal obligation to use open and reusable formats was an important step forward in terms of contractor profiles and procurement platforms, the need to advance in the implementation of this important measure was highlighted during the debate. On the other hand, the limited scope of the legal regulation was noted, since it does not cover the entire contracting process, since it does not reach the phase related to the execution of the contract, which undoubtedly represents a major obstacle when it comes to facilitating not only accountability but also the dynamization of the market in this important economic sector. Finally, among other pending issues, emphasis was placed on the suitability of an eventual establishment of common criteria for document management by the numerous and diverse bodies and entities subject to the Public Sector Contracts Law, so as to pave the way towards a specific standardization in this sector, a necessary condition for the full integration of data when it is intended to reuse them to provide value-added services at the state or European level.

The third round table was devoted to reviewing the singularities in the field of the environment, urban planning and land use planning. In this respect, the environmental sector was highlighted, given its traditional legal regime, especially reinforced in terms of the possibilities of access to information, a regulation that undoubtedly explains why open data has a relevant potential when facing the most complicated challenges, as demonstrated by the existence of interesting specific applications. In general terms, and from a legal point of view, it was emphasized that these are sectors characterized by a significant technical component, so that open data have an undeniable value, particularly in terms of strengthening the possibilities of control by citizens and also in terms of their effective participation in these matters.

Finally, the congress closed with an international round table, which analysed the regulation of open data in several European Union States, showing that the process of transposition of Directive 2019/1024 is being irregular and, in fact, most of the European Union States have not yet approved their own regulations. Furthermore, one of the main new features of the Directive, the identification of high-value data, which is undoubtedly a tool that will play an essential role, has yet to be implemented by the European Commission.

In short, the speeches and debates that took place during the Congress showed the need to make a firm commitment to a public management model in which data and, in particular, its openness and the consequent possibility of its reuse, take on a greater role. All of this is consistent with the possibilities of digital transformation enabled by the technology available to meet the major challenges that lie ahead in the immediate future.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

The contents and views expressed in this publication are the sole responsibility of the author.

The year 2021 is undoubtedly a crucial period for the definitive progress in a regulatory and institutional framework that will enable the promotion of data strategies at both national and European level. As regards the latter, as has been advanced through various media, the main initiative refers to the foreseeable approval of a new data governance framework already announced with the draft Regulation made public in November 2020. As can be seen in this outline, this regulation is set to become one of the cornerstones of European policy on open data.

As a basis for the proposal for a Regulation on data governance, an impact assessment has been carried out beforehand, which has considered various analytical criteria, in addition to assessing the cost-benefit ratio of each of the measures envisaged. Specifically, the impact assessment identified several regulatory options of varying intensity in relation to the four main challenges identified:

• Identifying mechanisms to improve the re-use of public sector data
• Promoting trust in intermediaries
• Facilitating the transfer of data for altruistic purposes
• Fostering horizontal aspects of governance.

The evaluation found that there are barriers related to difficulties in accessing data, mostly related to technical aspects and data quality, but other barriers are also highlighted, such as those related to denial of access or the setting of unfair or prohibitive conditions, both financial and otherwise.

Throughout the process of preparing the impact assessment, evidence has been gathered through different and complementary methodologies, such as case studies and workshops on the possible existence of third-party rights hindering re-use and on governance structures; market studies on the role of intermediaries; and legal analysis, in particular on altruism in the release of data.

The different regulatory options considered ranged from no general measures at all (although they could be considered in relation to specific sectoral areas or, where appropriate, by Member States), to high/low intensity regulatory measures, without ruling out simple coordination based on guidelines and recommendations.

What were the different regulatory options envisaged in each of the above areas and why have some been prioritised over others?

Mechanisms to improve the re-use of public sector data

As a low-intensity measure - finally chosen - it was envisaged that Member States should establish a one-stop shop that would allow re-users to contact public sector bodies and even offer them advice, in particular to facilitate the re-use of publicly owned data subject to third party rights under certain conditions. The more demanding option, which was discarded in the final proposal, was instead to oblige them to set up a single body with decision-making powers, although this would entail significant legal and institutional challenges and more rigidity.

Promoting trust in intermediaries

In this respect, the approach is to seek to strengthen the role of intermediaries in fostering reliable data exchange systems both in business-to-business (B2B) and consumer-to-business (C2B) scenarios. In particular, while the less intensive alternative focused on an EU-wide voluntary labelling/certification scheme for such intermediaries, the more demanding option would have been to make such schemes mandatory. The major difficulties relating to the lack of an appropriate industry forum for the development of such a model and the difficulties in setting neutrality criteria, as well as the risk of fragmentation, led the draft Regulation to incorporate the first of the alternatives.

Facilitating the transfer of data for altruistic purposes

In relation to this objective, the aim was to ensure the availability of more data for the common good by increasing trust in systems inspired by altruism in the provision of data. Thus, a choice was made between requiring States to establish voluntary certification schemes for the implementation of data altruism mechanisms and/or for the entities that offer them or, on the contrary, opting for a model based on the need to have an authorisation to carry out such activities. This authorisation, granted by a public authority in advance and valid in the rest of the Member States, would aim at verifying whether the requirements laid down by law are actually met. The latter alternative was finally chosen in order to strengthen confidence in such entities and arrangements.

Fostering horizontal aspects of governance

The draft Regulation proposes the creation of a formal group of experts - the so-called European Data Innovation Board - in charge of promoting the exchange of national practices and policies based on the information provided by the States themselves, as well as exercising advisory functions, facilitating standardisation and the improvement of interoperability, providing coherence to the proposed governance model as explained in the following image:

However, the creation of a body with its own legal personality was envisaged which, in addition to the above-mentioned functions, would assume the task of supervising the process of granting labels and certifications, as well as the authorisations granted by the Member States. This last alternative was rejected, among other reasons, due to the results of the cost/benefit analysis carried out from the point of view of economic efficiency.

Finally, the document itself envisages a mid-term review mechanism through which to check whether, four years after the entry into force of the Regulation's provisions -three in the case of the objective of strengthening confidence in data sharing- the measures adopted really meet the expected results in terms of a series of specific indicators for each of the objectives and solutions finally proposed. In short, this is an approach that takes on a singular relevance if we consider the dynamism that characterises the data economy, since the regulation proposed with the draft Regulation is destined to be one of the main tools in meeting the objectives formulated in the European Data Strategy.

Content prepared by Julián Valero, professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

Contents and points of view expressed in this publication are the exclusive responsibility of its author.

Papelea solves the doubts and legal and administrative questions of the users. To do this, it collects and improves tens of thousands of pages of public information from administrations in Spain and Mexico. In addition, it connects users with professionals in each legal field, so that they can answer their questions and offer them their services. It receives around one million visits per year from users looking for a solution to their needs.