Data Governance: New rules, new roles – better use of data?
Last week the European Commission published its first legislative proposal to materialise the strategy ‘Europe Fit for the Digital Age’. Proposed piece of legislation is a smorgasbord of three different topics – ranging from reuse of sensitive public data through data operators to data altruism. We have seen some inter-service drama in lines of trade policy and technological sovereignty. The regulation is called Data Governance Act.
Quite many let out a sigh of relief when paging through the proposal; the earlier leaked version carried some elements of blatant protectionism that would have dealt a blow not only to trade policy tables but also to European companies running a global business, based on one data policy.
“Inspiration for making sensitive data available has been sought from the Finnish FinData supervisory data authority.”
In terms of progression, this proposal is a step forward. It creates a regulatory backbone for the governance of special categories of public data. When it comes to making available highly sensitive health data in a secure data processing environment, inspiration has been sought from the Finnish FinData supervisory data authority. Naturally, the regulation will only give a backbone for these arrangements and decisions on access to data, and details are to be set on national level. The trick is to put these issues on the agenda of every member state of the Union. It was especially nice to hear from the Commission that Finnish activity on MyData operators and data discussions during Finnish EU presidency have had a strong influence on the regulation.
To me, the most important and transformative chapter of the regulation is the one on Data Sharing Service Providers. Especially on domain of personal data, we see a growing tension of rigid, database-oriented regulation and agile, quickly developing reality. GDPR presumes that data processing and its purposes can be exhaustively foreseen and planned, but new opportunities to use data keep popping up at ever greater pace. We do need MyData operators and other players to keep up the dynamics of data economy: people need user-friendly and trustworthy services to allow new, previously unforeseen uses of data and keep track on who and why is using their data. Companies are likely to use value-added services that make data more usable – to minimise risks and enhance the quality of data.
“We need MyData operators and other players to keep up the dynamics of data economy.”
Objective of the regulation is to identify and clarify the role of Data Sharing Service Providers by setting up a regulatory framework and by doing so, increase their trustworthiness. Here, the scope of regulation needs to be carefully assessed: sharing of data is still at early stage and mutual arrangements between companies should stay out of the scope. Required amount of trust already exists on these arrangements and needs no interference from the regulator unlike services aimed generally to the market.
Commission also realises the importance of dialogue with civil society and businesses. It is a timely move to propose setting up a forum for this dialogue; Data Innovation Board. One of the tasks of the board is to “advise the Commission on the governance of cross-sectoral standardisation”. Standardisation, combined to the idea of (interconnected) data operators, seems to me like a blueprint of the GSM network. And that has been a great European success story. Interesting times, indeed.