Updated 02/29/24

At the end of 2021, an agreement was reached between the European Parliament and Member States to push forward the proposed Data Governance Act. The aim was to create processes and structures to facilitate the exchange of data between all relevant actors.

Shortly thereafter, it was followed by another new regulatory initiative launched by the European Commission: the so-called Data Act. It is a new regulation that aims to promote harmonised rules on access and fair use of data within the framework of the European Strategy. Once the appropriate public consultation has been completed and, in view of the conclusions of the corresponding impact analysis, this proposal has been formulated, which is set to profoundly transform the European regulatory framework on data.

What are the objectives of the new regulation?

The initiative is based on a basic premise: despite the progress made, there is still a general problem regarding the insufficient availability of data in the European Union as a whole. In this sense, it has been noted that this is not simply a problem specific to the national sphere, so that it has seemed necessary to promote a new European regulation whose main objectives are:

• To increase legal certainty with regard to rights relating to access to and use of data, especially in a technological environment of interconnected objects.
• To address imbalances in contractual relations between companies whose subject matter concerns the availability of data.
• Establish the conditions under which private entities should provide data to public bodies in exceptional situations.
• Promote a framework for efficient interoperability of data from a cross-sectoral perspective.
• Establish minimum guarantees for users of data processing services when they change provider.

Let us look at each of these points in detail.

Boosting access to and use of data

One of the main novelties of the Regulation concerns the adoption of measures to facilitate access to data generated by connected objects (IoT). In particular, it has been identified that there are insufficient incentives for data owners to make data available to the users of the objects and services, who are ultimately the ones who generate the data when they use or enjoy them. In this respect, the lack of adequate regulation means that there is clear uncertainty about the rights and obligations that correspond to each of the parties, i.e. manufacturers of the objects, persons using them and, where appropriate, third parties providing services.

The approach is to oblige manufacturers of the objects to share, under appropriate conditions, data generated during the use of products or services - which may even include reasonable compensation - with the users themselves and even with third parties, in particular for the purpose of facilitating after-sales and maintenance services. As a result, rights of access and use are assigned, as opposed to the recognition of exclusive rights arising from the greater ability to control that would initially be vested in manufacturers and designers.

Moreover, specific measures are laid down to strengthen the legal position of those who use the objects, in particular with regard to data generated during the enjoyment of the related products or services. In this respect, the right to information prior to purchase is reinforced, and the user must be informed of the nature and volume of the data to be generated, how he can access the data and how it will be generated, or, inter alia, who will use the data or how to request that it be shared with third parties. Moreover, the manufacturer of the object or service provider is required to guarantee the user access to the data generated, without being able to require any additional information from the user beyond what is strictly necessary to verify the user's status as a user.

Contractual imbalances between companies

As regards business-to-business relations, the Regulation has established measures aimed at ensuring that there is a reasonable balance and, in particular, at avoiding unfair impositions in business-to-business contracts when negotiating conditions relating to access to and use of data. Thus, on the one hand, the cases in which a clause is considered unfair for a micro/small/medium-sized enterprise are specified, as would be the case, for example, when it would be prevented from making a copy of the data it has itself generated or when undue restrictions are imposed on the means of redress in the event of non-compliance. Moreover, it is specified in which circumstances the conditions have been unilaterally imposed in an undue manner, with the onus being on the company that proposed the clause to prove that there has been no such imposition. The mandatory nature of these measures is reinforced by the express prohibition to ignore them even if there is an agreement to that effect between the two parties.

Provision of data to public entities

With regard to relations between companies and public bodies, the Regulation envisages the mandatory provision of certain data to meet exceptional needs linked to emergencies or even situations where the public interest so requires. This is a measure that would not be applicable to smaller companies and that, in any case, would be subject to a series of limits and conditions, among which the following stand out:

• The requirement to demonstrate the exceptional need that justifies making the data available, specifying the purpose of the use and its duration.
• The regulations on open data and re-use of public sector information shall not apply to the data provided.
• If the purpose of the provision relates to personal data, reasonable measures for pseudonymisation shall be required, provided that this is not incompatible with the intended purpose.
• The purpose of making the data available is for the performance of a task of public interest, the existence of a legal provision is required and that the data could not have been obtained by any other means, including their purchase on the market.
• In any case, this regulation does not affect cases in which the provision of the data by the companies takes place within the framework of the fulfilment of legal obligations derived from the exercise of surveillance or verification functions, as would be the case, in particular, with the performance of inspection tasks by the public authorities.

In any case, this regulation does not affect cases in which the provision of data by companies takes place in the framework of the fulfilment of legal obligations derived from the exercise of surveillance or verification functions, as would be the case, in particular, with the performance of inspection tasks by public authorities.

A strong commitment to interoperability

One of the main problems that the new Regulation seeks to address is the high level of fragmentation of data, in particular due to the existence of "silos" that prevent their interconnection in the absence of effective rules on interoperability. In this respect, an obligation is laid down for data space operators to comply with a number of minimum requirements to facilitate interoperability, in particular as regards the specification of technical and legal conditions allowing automated data processing. Specific conditions are also laid down for smart contracts, i.e. software that executes and settles transactions on the basis of pre-determined conditions from the perspective of data provision, including a European declaration of conformity system and even the establishment of standardisation criteria.

Interoperability requirements may be general in scope or, where appropriate, sector-specific, for which a broad legal approach will be essential, taking into account the requirements of the respective regulatory frameworks applicable in each case. To this end, the definitive boost to European data spaces can undoubtedly be of great importance in order to specify the scope of regulation in some areas of great strategic relevance and of unquestionable public interest.

Safeguards against switching providers

Another of the main novelties of the proposal consists of recognising minimum rights for users of data processing services when they change provider, so as to extend their ability to choose and ensure that they can dispose of their data, applications and other digital assets without unjustified restrictions. It also establishes certain minimum contents that must be included in the corresponding contract with providers, including the obligation to facilitate and actively collaborate in the migration process, the exhaustive identification of the categories of exportable data and applications or, among other aspects, the establishment of a minimum period for the recovery of data once the contract is terminated.

Although all these aspects may represent significant improvements in terms of facilitating access to data, the fact is that the proposal has raised some doubts, especially with regard to the mandatory nature of their transfer in B2B and B2G environments, the possible increase in costs that the new data processing conditions would entail or, among other aspects, the possible contradiction with the principle of minimisation in force in the area of personal data protection and, in general, the coherence with the rest of the European regulatory framework. These are undoubtedly important challenges whose regulation will have to take shape in the coming months during the long and intense process that is now beginning.

Download the infographic in PDF here

This infographic is also available in two pages

Content prepared by Julián Valero, professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec). Contents and points of view expressed in this publication are the exclusive responsibility of its author.

Since the initial publication of the draft European Regulation on Data Governance, several steps have been taken during the procedure established for its approval, among which some reports of singular relevance stand out. With regard to the impact of the proposal on the right to the protection of personal data, we can highlight those prepared by some European organizations with the aim of offering their opinion on the regulation proposed by the Commission.

• On the one hand, last July the Economic and Social Council made public its opinion, which stresses the importance of safeguarding fundamental rights, warning that "the adequate protection of these rights is threatened by the distorted use of data freely collected under a consent that is not always obtained following simple procedures".
• On the other hand, the European Data Protection Committee and the European Data Protection Supervisor have issued a joint report aiming to provide the European legislator with guidance to ensure that the future Data Governance Regulation "fully dovetails with EU legislation on personal data protection, thus fostering trust in the digital economy and providing the same protection as guaranteed by EU law." What are the main indications included in the report?

Through their corresponding reports, several EU bodies emphasize the need to ensure the protection of personal data in the future Data Governance Regulation.

Conditions for lawfulness of processing

One of the main difficulties when reusing public sector information is its link to individuals who are fully identified or even could be identified. In these cases, we would be dealing with data of a personal nature and, consequently, the regulations aimed at protecting this fundamental right in the scope of the entire European Union would be applicable: the General Data Protection Regulation 2016/679 of 27 April (GDPR).

In general, both the dissemination of data by public entities and, likewise, the processing carried out by reusers must respect the principles provided for in Article 5 GDPR. Specifically, it is necessary to ensure the minimization of the data, respect the time limitation of the processing or, among other obligations, guarantee its accuracy and integrity, as well as confidentiality. Of particular importance is the prohibition on the use of data for purposes incompatible with those that initially justified the collection of the information, especially if we consider that the data will often have been obtained without the consent of the data subject, when processing is justified for the performance of activities in the public interest.

The dissemination and reuse of public sector information must comply with the requirements and obligations set forth in the General Data Protection Regulation (GDPR).

Pseudonymization and anonymization

The joint report of the Committee and the Supervisor emphasizes that the two techniques cannot be confused and, consequently, the applicable safeguards are different in each case. In particular, this distinction has to be considered by the respective public entity when assessing the feasibility of reuse from a data protection perspective.

• Anonymization means that, because there is no link to the natural persons, the data can be used without being subject to data protection regulations.
• In pseudonymization, on the other hand, it would be possible to re-identify the data subject, insofar as additional information is available to enable this. Therefore, in this case, the processing of the information would be subject to data protection regulations.

Consequently, when pseudonymized data are reused, it will be essential to base the processing on one of the conditions of lawfulness provided for in Articles 6 and 9 of the GDPR, to comply with the principles referred to above, to adopt appropriate security measures and also to respect the transparency obligations referred to in Articles 12 to 14 of the GDPR, the latter condition being particularly important to facilitate the exercise of their rights by the data subjects.

In any case, provided that it is compatible with the main purpose for which the data is used, pseudonymization is certainly a reasonable measure even when there is an adequate legal basis to proceed with the processing of personal data without the consent of the data subject, since it is a solution that strengthens his legal position against the use of the data by a third party. This is shown, for example, in the legal regulation that allows the reuse of health data for research purposes, where one of the essential conditions is precisely that the data must be pseudonymized under certain conditions. This makes it possible to guarantee re-identification when necessary for health care reasons and, at the same time, limits the impact of reuse on the legal sphere of the owner of the information.

In cases where pseudo-animation is used, it is also necessary to comply with data protection regulations

Data sharing providers and data donation

This is one of the main new features of the draft Regulation. As regards providers, the joint opinion of the Supervisor and the Committee emphasizes the need to strengthen controls prior to the start of their activity and, on the other hand, to ensure that they provide adequate information to data subjects, with particular attention being paid to the principles of data protection by design and by default, transparency and purpose limitation. It also stresses the importance of ensuring that such providers effectively assist individuals in exercising their rights under Articles 15 to 22 of the GDPR, as well as the desirability of encouraging their adherence to formalized codes of conduct.

As regards the donation of data for altruistic purposes, given that the applicable legal basis for admitting reuse would be consent, the report maintains that it is necessary to improve the proposed regulation so as to establish more precisely the purposes of general interest for which the reuse of data could be used. Otherwise, the report considers that legal certainty and the level of protection of personal data guaranteed by the GDPR would be jeopardized, in particular with regard to the principle that data shall be collected for specified, explicit and legitimate purposes (Article 5 GDPR).

In order to reuse personal data obtained from the donation for altruistic purposes, it will be necessary to have the consent of the person concerned for the specific purpose.

In short, one of the main reasons justifying the Data Governance Regulation is precisely the need to establish a new regulation for those sets of data over which there are third-party rights that hinder their reuse, as is particularly the case with the protection of personal data. Therefore, although it is of great importance to make a firm commitment to promoting the data-driven economy, it should not be forgotten that the European model is based precisely on the protection and defense of fundamental rights and public freedoms, which necessarily implies that the measures contemplated in the GDPR are at the basis of this model, as the European Data Protection Committee and the European Data Protection Supervisor have recalled in their opinions.

Content prepared by Julián Valero, Professor at the University of Murcia and Coordinator of the Research Group "Innovation, Law and Technology" (iDerTec).

The contents and views expressed in this publication are the sole responsibility of the author.

The University of Alicante will host the International Congress on Open Data and Reuse of Public Sector Information. The event will focus on the role of open data and its potential reuse to achieve improvements in several key areas for our country, such as tourism and the economy. It will also address the analysis and legal implications of Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information.

This conference is part of the Project "Challenges of the Ministry PID2019-105736GB-I00DER: Open data and reuse of public sector information in the context of its digital transformation: adapting to the new regulatory framework of the European Union", whose principal investigators are Julián Valero Torrijos and Rubén Martínez Gutiérrez, and the Transparency Agreement between the University of Alicante and the Department of Participation, Transparency, Cooperation and Democratic Quality 2021.

Timetable and agenda

The Congress will take place on 23 and 24 September 2021 in online and face-to-face mode.

The opening will be given by Rosa Pérez Garijo, Councillor for Participation, Transparency, Cooperation and Democratic Quality of the Generalitat Valenciana, and Amparo Navarro Faure, Rector of the University of Alicante.

Next, Kiko Llaneras will be in charge of the inaugural conference with his speech "Open data and the reuse of public sector information: experiences from practice". Kiko Llaneras is known for his articles on data journalism in El País, where he analyses certain aspects of political, social and economic current affairs based on indicators, statistics and surveys, among other data sources.

The congress will then be based on 4 round tables, titled:

• Open Data in Tourism
• Contracting and the economic value of data
• Open Data and the Environment
• Comparative Law. Open Data and RISP in the EU context.

Each of these round tables will be attended by experts and professionals from the public, private and academic sectors. You can see the full programme here (only available in Spanish).

Do you want to participate in the Congress? There is still time to send your papers

The Congress is open to the participation of citizens and companies that want to share their knowledge and experience. Proposals related to the four round tables can be submitted, although free themes will also be accepted as long as they are in line with the objectives of the congress.

Papers must be submitted before 15 July using this form. The application consists of an abstract of a maximum of 400 words detailing the proposal. On the 21st of the same month, the organisers will send notification of acceptance of the papers, which must be defended publicly.

How to attend?

The event is free of charge, but places are limited. In order to attend, this form must be completed before 20 September 2021 at 23:59 hours. Admitted participants will receive confirmation of their registration by email.

When pre-registering, you must indicate whether you wish to attend in person or virtually. Those who choose the online option will receive an email with the link to the video call platform.

If you have any questions, you can write to cursos.deje@ua.es for administrative matters and to ruben.martinez@ua.es for academic matters.

After analyzing the European framework that will shape the world of data in 2021, it is time to focus on our country. The Spanish strategy linked to the world of data is aligned with the European one. As we will see below, a large part of the European measures have been included in the national strategies.

At the end of 2020, two major strategic plans were presented that mark the lines to be followed this year: the Digital Spain Plan 2025 and the IV Open Government Plan of Spain 2020-2024.

Digital Spain Plan 2025

The Digital Agenda for 2025, presented in November, includes among its strategic axes “moving towards a data economy, guaranteeing security and privacy and taking advantage of the opportunities offered by Artificial Intelligence with the objective that, at least, 25% of companies use Artificial Intelligence and Big Data within five years. ”

Among its measurements are:

• The implementation of a National Artificial Intelligence Strategy. This strategy, which was already published in December of last year, includes a series of measures related to the availability of open data, an essential component for the proper functioning and training of Artificial Intelligence systems. Some of these measures are the development of accessible repositories, the provision of assistance to companies in defining open or shared data strategies, or the creation of a multidisciplinary open data working group in the state public sector. It should be noted that in 2019 the Ministry of Science and Innovation published the Spanish R & D & I Strategy in Artificial Intelligence, which highlighted the role of datos.gob.es in making open data available to citizens and had an impact in the need to establish mechanisms so that the administration can safely and ethically exploit the data generated by other administrations and even by private companies, all with the aim of improving public services, guaranteeing social welfare and individual and public safety .

• Creation of a data office. This body, which will have a Chief Data Officer (CDO) in charge, will be in charge of designing and proposing strategies that make public data of the Administrations available to companies and citizens. Among other functions, it will have to establish the necessary measures to promote the sharing and use of public and private data, create environments to safely share data between companies and public administrations in an aligned and coordinated way, invest in the generation of "lakes sectoral data” and propose governance mechanisms.

• Among its ten points, the Digital Spain Plan 2025 includes the impulse of the digitization of Public Administration with the aim of improving its efficiency and effectiveness. In this sense, the Digitalization Plan of Public Administrations 2021 -2025 has been made public, which highlights, among other issues, the intention to evolve the model of access to public and private information to facilitate the development of high-quality services. added value, based on the work carried out by the Aporta Initiative.

• Promotion of shared data spaces. Spain will play an active role in the European strategy "European Cloud Federation". Work will be done to promote private investments in Data Centers and an Iberian space will be promoted, together with Portugal, to promote the development of advanced data computing technologies.

The plan also includes the need to digitize specific areas of the administrations to reinforce their effectiveness and efficiency. Among other issues, a public administration based on secure data will be promoted. The provision of information with an “Open Data” orientation will be promoted, as well as the analysis of consolidated data, or the automation of processes, always with a special focus on data protection. A secure framework for the interconnection and management of data in the field of public health will also be developed.

IV Open Government Plan of Spain 2020-2024

The IV Open Government Plan of Spain 2020-2024 includes 10 commitments assumed by public administrations to “reinforce transparency and accountability, improve participation, establish systems of public integrity, and train and sensitize citizens and staff public employee in matters of Open Government .”

The plan includes different measures related to open data and the reuse of public data, such as:

• The transposition of Directive (EU) 2019/1024 on open data and the reuse of public sector information into the Spanish legal system to provide the necessary legal coverage that would make it possible to expand the scope and scope of reuse. The deadline for adaptation to our regulatory framework ends in June of this year.

• The reform of the law on transparency, access to information and good governance to facilitate compliance with the obligations of active publicity and favor the exercise of the right of access to information.

• Improving the provision of real-time access to dynamic data through appropriate technical means, increasing the provision of valuable public data for reuse.

• The promotion of data sets with high reuse value, through their selection, the definition of common vocabularies and their publication. Likewise, permanent contact will be established with the community of reusers to promote the use and improve the catalog, as well as with the business community and civil society to facilitate access to public information.

Based on these two major strategic plans, the national lines of action in the field of open data will be articulated, which will also be included in the Digital Rights Charter that will be released in 2021 - after an open consultation process -. This letter will guarantee the right of access to public information, and it is indicated that public administrations will be governed by the principle of transparency and data reuse.

You can see a summary of the strategies related to the data that will mark 2021 in Europe and Spain in this link.

As a new year begins, it is time to take a look at the strategic, regulatory and political situation that will affect the world of open data in the coming months.

In this article we will focus on the situation in Europe. If you want to know the Spanish framework, you can read the article " The data strategies that will shape 2021 in Spain".

Europe stresses importance of data to drive recovery and innovation

After a 2020 marked by the global pandemic, 2021 is expected to be the year in which both health and economic recovery begins. In this sense, the European Commission considers data as a fundamental asset to overcome the crisis linked to COVID-19, and will therefore continue to promote its openness and reuse.

Already at the end of 2019, with the presentation of the European Green Deal, the Commission set out the roadmap to follow based on two pillars: digitisation and environmental sustainability. Among other issues, the Green Deal highlights the need to promote accessible and interoperable data, which, combined with digital infrastructure (supercomputers, cloud storage, ultrafast networks) and artificial intelligence solutions, facilitate informed decision-making.

Along the same lines is the white paper on Artificial Intelligence, published in February 2020 with the aim of ensuring an AI ecosystem of excellence and trust, based on regulation and investment. Among other issues, the document emphasises the need to ensure access to reusable data in accordance with the FAIR principles. This data must be comprehensive and representative in order to train AI systems and ensure their reliability.

Objectives and lines of action for 2021

The Commission's objectives for 2021 include boosting Europe's digital sovereignty, i.e. improving its competitiveness beyond its borders. To this end, it has established a European data strategy to drive the data economy and a digital single market, where data is shared between member states. This strategy will be accompanied by considerable investment, as the Recovery Plan for Europe, designed to help repair the economic and social damage caused by the pandemic, indicates that €143.4 billion will be allocated to the "Single Market, Innovation and Digital Economy".

This European data strategy is based on:

• A multi-sectoral data use and access governance framework. The proposal for a regulation of the European Parliament and of the Council on European data governance, published at the end of 2020. This regulation establishes a legally binding framework that provides mechanisms for the re-use of public sector data that usually cannot be exploited due to third party rights or personal data protection. The regulation facilitates the transfer of personal and business data for the common good, establishes the figure of neutral data sharing service providers, and obliges states to establish a single point of information, among other issues. This regulatory proposal is accompanied by an impact assessment that analyses the possible policies to be implemented in this area on the basis of their effectiveness, efficiency, coherence and legal and political feasibility. It states that "the general public is in favour of a comprehensive data strategy and the altruistic transfer of data, as well as the implementation of technical tools that allow citizens to actively participate in the data economy".
• This regulation complements the Directive on open data and re-use of public sector information, which extended the scope of Directive 2003/98/EC and its 2013 reform. During the first quarter of 2021, the implementing act on high-value databases, the re-use of which is associated with considerable benefits for society, the environment and the economy, is expected to be adopted, as set out in this directive.
• Boosting public-private collaboration and investments in data, capabilities and infrastructure, with a focus on data storage, cloud, 5G and interoperability. In this regard, one of the commission's major projects is the pan-European cloud federation. On 15 October, the relevant ministers made a joint declaration called 'Building the next generation cloud for businesses and the public sector in the EU' to combine private, national and EU investment in the deployment of competitive, green and secure cloud infrastructure and services. The main focus is on the deployment of European data spaces in sensitive areas such as health, industry or the environment to help overcome technical and legal obstacles. A first initiative in this field is GaiaX.
•  The empowerment of people, and investment in SMEs and their training, through actions such as the new Connecting Europe Facility (CEF) grants or the Digital Education Action Plan (2021-2027), which among other actions proposes the development of ethical guidelines on artificial intelligence (AI) and the use of data. It also updates the European Digital Skills Framework, including AI and data-related skills, and support for the development of learning resources for schools.

 Finally, other plans and strategies related more generally to data have also been approved during 2020, such as the European Strategy on Open Source Software 2020-2023, the Cybersecurity Strategy or the Berlin Declaration on the digital society and value-based digital governance.

With all these measures, the European Commission seeks to make data one of its priority axes, a valuable asset, which should be reusable, accessible with guarantees and serve as a basis for numerous economic and social activities.

If you want to know how these strategies, plans and regulations are reflected in Spain, we invite you to read the article " The data strategies that will shape 2021 in Spain".

You can see a summary of the data-related strategies that will mark 2021 in Europe and Spain in this link .

In the Action Plan of the International Open Data Conference, capacity development has become a priority within the international open data movement. After all, the need for training tools is essential for leaders responsible for PSI policies, data producers and reusers, public and private sector, and even citizens. For this reason, providing training tools that allow the different agents to advance in the openness and re-use of public data is a priority task.

To this end, eight training units have been developed within the dissemination, awareness raising and training line of Iniciativa Aporta, aimed at all types of public: from citizens who read for the first time about open data to public employees, responsible for open information initiatives who want to expand their knowledge in the field. 

The training units are designed to understand the basic concepts of the open data movement, to know best practices in the implementation of open data policies and their re-use, methodological guidelines for open data, technical regulations such as DCAT-AP and NTI-RISP, in addition to the use of data processing tools, among other aspects.

In the development of resources, two types of learning have been taken into account. Learning by discovery, oriented to extend the knowledge to solve the doubts and reflections raised, and significant learning based on prior knowledge, through the use of practical examples to contextualize and apply the concepts treated.

In addition, the training modules contain complementary materials through links to external pages and documents to be downloaded without connection. In this way, the student is given the opportunity to enhance his knowledge and familiarize himself with relevant sources to obtain reliable and up-to-date information about the open data sector.

All units are distributed under the Creative Commons Share-Alike Attribution Licence (CC-BY-SA) which allows copying, distributing the material in any medium or format and adapting it to create new resources from it.

The training material developed by Iniciativa Aporta consists of eight didactic units that address the following contents of the open data sector: 

1. Basic concepts, benefits and barriers of open data
2. Legal framework
3. Trends and best practices on the implementation of open data practices
4. The re-use of public data on its transformative role
5. Methodological guidelines for open data
6. DCAT-AP and NTI-RISP
7. Use of basic tools for data treatment
8. Best practices in the design of APIs and Linked Data

Each unit is designed in a way the student expands his knowledge on the open data sector. In order to facilitate their understanding, all of them have a similar structure that includes objectives, contents, evaluation activities, practical examples, complementary information and conclusions.

All the training units can be done online, directly from the datos.gob.es or, in its absence, it is also possible to download them on the user's device and even load it on an LMS platform.

Each unit is independent; enabling the student to acquire the necessary knowledge in a specific subject according to their training needs. However, those students who wish to have a more complete view of the PSI sector have the opportunity to perform the complete series of eight training units in order to know in depth the most relevant aspects of open data initiatives.

The training units are available in the "Documentation" section under the category "Training materials" to be carried out through the online portal or to be downloaded. 

Training materials of the Aporta Initiative

 

In June 2019, the European Union published the Directive (EU) 2019/1024 on open data and the re-use of public sector information. This Directive incorporated some new developments in the universe of open data in Europe, such as

• The extension of obligations to the public services, transport and research sector that is totally or partially financed by the public sector.
• Promoting real-time access to dynamic data, using appropriate technical means, incorporating the concept of high-value data.
• The reduction of exceptions to the establishment of tariffs based on marginal costs.
• The increase of transparency in the establishment of exclusive agreements, reducing even more the conditions to carry out this type of agreements.

The incorporation of novelties to the Spanish legal framework

Once the directive has been published, each member country has to transpose it into its own legal system. The deadline for this action is 17 July 2021.

In Spain, work is already underway in this process. In this sense, a public consultation has been launched to find out the opinion of citizens and organizations affected by the future regulation on different aspects:

• The problems that the initiative is intended to solve.
• The need and opportunity for its approval.
• The objectives of the regulation.
• The possible alternative regulatory and non-regulatory solutions.

The full text of the consultation is published on the website of the Ministry of Economic Affairs and Digital Transformation. Those citizens who wish to do so have until 31 July to make their comments.

The aim of this action is to promote public participation in the process of drafting Spanish legislation, a step prior to the preparation of the draft law

From its origins, the open data movement has been focused on opening up public sector data, and even the original statement of open data principles itself refers only to data from public administrations (open government data - OGD). However, this perception has evolved and today it is more common to speak of open data in a more general scope that includes all sectors, as demonstrated for example by the declaration of open data principles promoted more recently by the Open Data Charter, the wording of which is perfectly applicable to any sector.

On the other hand, while we now have a more than respectable and valuable amount of data available in open format from government, there are also some limitations with regard to governance and sustainability models for public data which, together with the remaining challenges of digital transformation in the sector, are to some extent limiting the ultimate availability of data. Data lifecycle management, technical and legal issues, adapting the skills of public employees or growing concerns about potential privacy issues are some of the barriers that public administrations have to face when trying to take their open data projects to the next level.

In this context, other data-producing sectors are also emerging as complementary sources to the hundreds of open data catalogues that governments have been publishing in recent years. These new data come from other publishers outside the public sector - such as the private sector, academia or the so-called third sector - all of them driven by different motivations and by the potential benefits associated with social reputation, innovation or attracting talent, among others. Even citizens themselves have now become a broad source of data, albeit sometimes unwittingly.

Thanks to this greater variety of data producers, the possibilities of enriching information by combining the different sources now available are increasing, but, at the same time, there is also a new need to improve coordination and integration between all parties in order to enable more efficient production and reuse of data and thus obtain the expected improvements in the social, economic and scientific spheres. The current challenge is therefore to find new models and collaborative relationships between the different parties that provide an adequate response to the existing challenges in achieving better management and availability of data, ultimately benefiting all parties and facilitating its reuse to a greater extent.

In order to get a more complete picture of the situation and to understand in more detail who these new data-producing sectors are, what their motivations are and what new models of collaboration are emerging between them, this report is divided into two parts:

In the first part of the report we will take a look at the different data producing sectors - leaving the public sector aside for a moment - and the alternative data sources they offer us, showing their motivations, their particularities and several examples.

In the second part of the report we will focus on analysing what models of collaboration can emerge between the public sector and other sectors to create joint actions to improve the governance, availability and ultimate re-use of data, showing again the differences and similarities between each of them and different examples of how they have been put into practice so far.

From the experimental vision of contests and competitions, to the purely entrepreneurial objective linked to the launch of incubators. From the models related to the legal responsibility point of view of data trusts, to the participative models of data collaboratives. From the actions with a more formative perspective of data fellowships, to the proposals aimed at empowering data cooperatives. All of them are possible models, some of them in a preliminary phase of consolidation but others more tested and refined, that can be more easily adopted. Let's discover them in this report and see how they can be put into practice in different contexts.

The European General Data Protection Regulation (GDPR) full entry into force only one year and a half ago. It has been a worldwide revulsion in terms of how to deal with data management and privacy. However, almost three out of four people ask their governments to further increase regulation on big technology companies to protect their personal data. And it is not only the users of those companies that ask for greater regulation, but even the CEOs of big data platforms such as Mark Zuckerberg (Facebook) join the appeal. In this context, a new generation of regulations regarding personal data is already being developed, whose objective will be, on the one hand, to complement the existing European regulations and, on the other, to fill the current legal in the United States.

The situation in Europe

While in Europe we are still trying to assimilate the potential impact of the GDPR and ensure a greater degree of implementation, the president of the European Commission - Ursula von der Leyen - has requested the Internal Market Commissioner - Thierry Breton - to establish a new European data strategy, committed to innovation through data while protecting the digital identity of people. For the moment, and while this strategy is not completed, we are still waiting for the new digital privacy regulation (ePrivacy) regarding the processing of personal data and the protection of privacy in the electronic communications sector, currently in progress. It is called to complement the GDPR, replacing the current directive - whose latest version has been in force for more than 10 years (since 2009), a whole world in the field in which we move.

This highly anticipated new regulation, which will be directly applicable to all member countries, continues to develop after almost a dozen drafts submitted and two years of negotiations between the different parties contributing to its development. This regulation, also known as the law of cookies for being responsible for the warning messages that appear on the websites we visit, is of vital importance precisely because it affects one of the most used (and sometimes also abused) mechanisms to access to online user data. Although it is still uncertain what the final result will be, during the negotiations we have seen how it shift from a more protectionist initial text, in which the importance of explicit consent was reinforced, including the possibility of configuring our browsers to automatically oppose any treatment of unauthorized data (the famous "do not track" mode), to the current draft that is practically committed to maintaining the status quo with only a few minor changes.

The situation in the United States

If we cross the puddle and take a look at what is happening in the United States - the current reference market for the development of the online platforms that manage our data -, we have started the year with the entry into force of the Consumers Privacy Act (CCPA) in the state of California, and several states also have their own legislative initiatives in the field. A very relevant milestone because it is not only the first complete law of this kind in the country, but also start in the state in which the Silicon Valley is located, which saw the birth of a large part of these big platforms.

While it is true that the CCPA has received some criticism for being behind the GDPR in some aspects, and that the federal legal framework does not finish arriving while the voices that claim it continue, at least a great start number of federal legislative initiatives in the country have started, and they could considerably set the bar in terms of demand - even going beyond the requirements established by the current European legislation. These initiatives include, for example:

• The Consumer Online Privacy Rights Act (COPRA Act), whose objective is to increase control over personal data, prohibiting harmful uses and establishing specific and strict rules for the collection, use and sharing of consumers´ personal data.
• The bill for Augmenting Compatibility and Competition by enabling Service Switching (ACCESS Act), whose main objective is to enable data portability between different platforms, thus fostering competition and innovation in services offered by big companies.
• The bill for Designing Accounting Safeguards To Help Broaden Oversight and Regulations on Data (DASHBOARD Act), whose purpose is to increase transparency regarding the use of personal data by big companies, including an objective economic estimate of the value obtained through said data.
• The program for the end of unauthorized tracking (Do Not Track Act), whose objective is to considerably limit the online tracking of personal data of those who request it, similar to how it is already done with the telephone advertising exclusion records (such as the Robinson List in our country)
• The law to take responsibility for own business (MYOBA Act) aims to end radically with the potential abuses of privacy and personal data by making company CEOs directly and legally responsible for serious breaches of existing regulations.

It is also important to note that, with the aim that all this set of laws in the United States does not mean an obstacle to innovation, in general its scope has been reduced to the big consolidated companies, with a high number of users and large volumes of billing, although specific margins vary from one law to another.

In any case, the great challenge now - both in Europe and in the United States - is on the one hand to clarify the terms and limits of application established in all these laws and see how they are finally consolidated and, on the other hand, to determinate how to achieve convergence between all these initiatives to avoid a legislative mosaic that supposes a headache for globalized companies and also a possible discrimination between the rights of some people and others depending on what legislation applies to them.

Spain is the second country with the highest life expectancy in the world, only behind Japan. Spaniards live 83 years on average. This positive data is stained by a negative one: the low birth rate, which is leading us towards a population aging. This situation means that we need a more efficient health system to continue providing quality health services to citizens.

As in other sectors, the improvement of efficiency goes through the necessary digital transformation, in which data in general - and open data in particular - have a leading role. Open data can help us better understand the situation of patients and, together with technologies such as big data or artificial intelligence systems, facilitate early detection of diseases. In short, they can help improve both the management and the provision of services.

But in an area where patient privacy is essential, we have a series of doubts: What types of data can be opened? What does the legislation say about it?

The report "Open data and health: technological context, stakeholders and legal framework", prepared by Julián Valero, tries to shed some light on this situation. For this, the following objectives are set:

1. Knowing the conditions, limitations and restrictions imposed by current legal regulations.
2. Posing how the guarantees offered by the Law should be adapted to a new reality based on technological innovation.

The report begins by showing the current situation of the Spanish health system, gathering the challenges to be faced, but also the opportunities that come hand in hand with new technological trends, such as Internet of Things or the aforementioned Artificial Intelligence.

Once the context has been explained, the report focuses on the different stakeholders involved in the provision of health services, both public and private, and the main laws and regulations that affect each group. The novelties of the General Data Protection Regulation (GDPR) and its impact on the opening of health data are also addressed.

The report ends with a series of conclusions and recommendations to promote public policies in the field of health that drive improvements in the provision of health services.

You can download the full report below.