Brussels,

DIGITAL EUROPE

DGA - Data Governance Act

The DGA Regulation applies from 24 September 2023
The Data Governance Act (DGA) is a EU Regulation to create a common framework for the governance of digital services and platforms within the EU. The main goal of the DGA is to promote a safer and more transparent digital environment for EU citizens.

The DGA includes several key provisions, such as:

1. A new European Digital Services Board (EDSB) will be created to coordinate and oversee the implementation of the new rules across the EU.

2. A new Digital Services Act Coordinator (DSAC) will be appointed to ensure consistency in the application of the rules across EU member states.

3. New rules for the transparency of online advertising, including requirements for disclosures about targeting criteria, the use of personal data, and the identity of the advertiser.

4. New rules for the transparency and accountability of online platforms, including requirements for greater transparency in content moderation and enforcement of platform policies.

5. Provisions for the protection of fundamental rights online, such as the right to freedom of expression and the right to access information.
Picture
Click to read
The DGA also includes provisions for the enforcement of the new rules, including the establishment of new mechanisms for cooperation between EU member states and the development of sanctions for non-compliance.

-> While Data Governance Regulation (DGA) creates the processes and structures to facilitate data, the Data Act clarifies who can create value from data and under which conditions, 

Key Points

  • conditions for reusing certain protected data held by public sector bodies;
  • rules for companies providing data intermediation services;
  • a framework for data altruism (the sharing of data voluntarily and for no reward);
  • a framework for the European Data Innovation Board (EDIB); and
  • measures to permit the secure flow of non-personal data outside the EU.

1. Reuse of certain categories of publicly held data

Public sector bodies hold vast amounts of data protected by third-party rights (such as trade secrets, personal data or intellectual property) that cannot be used as open data but that could be reused under specific EU or national rules. Whenever such reuse is allowed, public sector bodies will have to comply with the reuse conditions laid down by the DGA. Notably, the reuse conditions should be non-discriminatory, transparent, proportionate, justified and made publicly available.​

Data transfer to non-EU countries
A reuser intending to transfer protected, non-personal data to a non-EU country will have to comply with the specific rules in the DGA.

Fees
Fees for reuse should be transparent, proportionate, non-discriminatory and objectively justified. Public sector bodies granting reuse permits can apply reduced or zero fees, for example, for small and medium-sized enterprises, start-ups, civil society organisations and educational establishments.

Single information point
To ensure data can be found (‘findability’), EU Member States will have to ensure that all relevant information on conditions for reuse and on charges is available and easily accessible through a single information point. The European Commission will, in turn, collate this information at data.europa.eu.

2. Data intermediation services
The DGA regulates the providers of data intermediation services, which are neutral third parties that connect individuals and companies that hold data with others that want to use data. The requirements for such services aim to ensure that such data intermediaries will function as trustworthy organisers of data sharing. To increase trust in data sharing, this approach lays down a model based on the neutrality and transparency of data intermediaries while putting individuals and companies in control of their data.

Entities wishing to provide data intermediation services must:
  • comply with strict requirements to ensure neutrality and avoid conflicts of interest;
  • have structural separation from any other value-added services provided;
  • have price terms independent of whether a potential data holder* or data user* is using other services; and
  • register with a competent authority.

3. Data altruism
Data altruism arises when individuals and companies give their consent or permission to make data that they generate available for use in the public interest, voluntarily and without reward. Such data have enormous potential to advance research and to develop better products and services, including in the fields of health, climate action and mobility. Member States may develop national policies to encourage data altruism and an entity engaged in data altruism can apply to be registered as a ‘data altruism organisation recognised in the Union’. The Commission will maintain an EU-level register of these organisations.

4. European Data Innovation Board
The Commission will set up the EDIB, which will consist of representatives of: The EDIB’s tasks include advising and assisting the Commission in:
  • national authorities designated under the DGA;
  • the European Data Protection Board;
  • the European Data Protection Supervisor;
  • the European Union Agency for Cybersecurity;
  • the EU SME envoy
  • other specific sectors and bodies with specific expertise

The EDIB’s tasks include advising and assisting the Commission in:
  • developing consistent practice in processing requests for data reuse;
  • enhancing the interoperability of data and data-sharing services;
  • developing consistent practice of competent authorities in enforcing requirements applicable to data intermediation service* providers

5. International data flows
As non-personal data may be of considerable economic value, the DGA introduces safeguards to protect such data from unlawful access by non-EU countries’ authorities.