New Data Governance Act In Europe Explained
European Commission officially released its Proposal for a Regulation on European Data Governance (so-called Data Governance Act). The proposal, released on the 25th of November, becomes the first major move among the impending series of policies and measures to be adopted in accordance with the announced 2020 European strategy for data.
The new Data Governance Acts aims to encourage the sharing and recycling of data across sectors in the European Union (EU) while it’s also hoped that it would protect the economic interest of Europe as well as the privacy of the European Citizens.
The Data Governance Act is designed structurally along with four major issues:
1 — Recycling of public sector data
The implementation of mechanisms for effective re-use of public sector data beyond the initial purpose at which any of such public data was collected in the first place; the acts suggests that such re-use of public data can actually go towards commercial and non-commercial purposes. The act however states with regards to public sector re-use that for public sectors, there must be adequate mechanisms and structures in place to ensure that there is a protection of rights and interest of third parties. A practical example of this is that public hospitals can share and combine data in individual hospitals to further a particular goal, maybe the pursuit of a vaccine for the coronavirus but ensuring that as they combine the personal details of various and diverse patients, they ensure that they protect the rights and interest of every third party involved.
2 — Data sharing services providers will be “Trusted Intermediaries”
The Data governance act will be enforced in such a way that providers will be obliged to separate data sharing services from other commercial operations and will not be allowed to further monetize the data. Hence, a new specialized category of intermediaries will work only with personal data, as comments indicating this feature in the new act reads thus: “it could be desirable to collate actual data within a personal data storage space, or ‘personal data space’ so that processing can happen within that space”.
3 — European Data Innovation Board
The European Data innovation board will also be set up to smoothen approaches across the Member States, supervise the data sharing services providers who have been obliged by the same act to separate data sharing services from their other commercial operations and to also stand as advisors to the standardization of various sectors especially on cross-sector related issues.
4 — Data Altruism
This part of the act creates a platform for people and companies to provide their data for the furthering of the “common good”, meaning a person or even an organization can volunteer their data for the sake of the general public, for instance, I can decide to donate my data for medical research to help in the pursuit of a vaccine or a cure to a disease. The act allows entities to register as not-for-profit organizations that would solely deal with providing data for the good of the public. With this feature on the act, it is highly likely that we will begin to see the rise of “data unions” or “data NGOs”.
A Few Eyebrows Were Raised
Asides from the four reasons and incentives that I might have highlighted above, there were other parts of the act that has actually raised eyebrows, especially with regards to existing rules already made by the World Trade Organization(WTO).
A leaked version of the Act showed that the act might be directly infringing international regulation when it shows that it aims to exclude foreign companies from accessing the European data processing market from abroad, this is obviously a violation of the World Trade Organization rules, which prevent its members from forcing a foreign business to establish a siege to trade there. Rules in the leaked draft indicate providers of “data sharing services” or even companies engaged in collecting data for “data altruism activities” have to be legally established in Europe, a stance that was somewhat confirmed by Thierry Bretton, Overseer of the commission, when he said in an interview that: “sensitive data should be processed, either in the EU public environment or in a private entity in the EU, to make sure that we have the right legal framework applying to the European data”
A Step Too Far?
One really has to admit there are a lot of exciting and encouraging features in the newly proposed European Data governance act, especially how you consider the fact that it really looks very “pro-data privacy” and progressive coupled with exciting features like data altruism.
However, one has to wonder if it all looks like a step too far from the European union especially when it looks like it might be infringing the WTO rule on data, a rule that has been existing for more than 15 years, or maybe we are the ones who need to take a step back and look at the bigger picture to see that it may not be a step too far and maybe the WTO rule is no longer applicable to the present generation.
Data has become a very important aspect of the internet and technology; as the internet seeps through every aspect of man’s life, data seems to be printed that consumers leave behind, in fact, to truly access or enjoy most digital service, one has to provide some basic data irrespective of it being a public or private service.
Therefore, to improve user experience, some private companies gathered these data, and by studying these “prints” people left behind and they studied the consistent human behavioral patterns so that they can create predictive means of increasing value and attracting more users.
Such companies like the Big Tech giants like Facebook, Google, and the likes, further use these data to provide a wider range of services and products, hence most of them branched into other business categories and markets by leveraging on the competitive bottlenecks these data networks enabled them to create, hence, the supposed monopoly of big tech.
However, as these tech giants expanded their markets into more countries and regions in order to increase their market shares, more and more people including private and governmental institutions in some countries have begun to pushback against these monopolies and their supposed commodification of data and data privacy infringement.
Hence, it is very important to understand that the recent move by the EU is not the first or an isolated method by most countries to protect and regulate their citizen’s data — Pakistan just issued a new data regulation policy that made all the big tech companies in the country threatens to leave while countries like India and Nigeria are all working to censor most of these tech companies and regulate how their citizens use them.
One can’t really be surprised that most countries or regions are beginning to call for more protectionist policies around data privacy when you consider the fact that the ‘culprits’ — the big tech companies accused of these data privacy issues — are all American Tech Companies and contribute massively to the GDP of the American Economy; hence, it is very undeniable that asides other reasons behind these moves, more countries are beginning to get worried about the USA solidifying its power as one of the major world-leading Economy by exploiting the data of their citizens.
However, one still has to interrogate the new Governance Data act, especially with respect to the infringement of the WTO rules on data because even countries like China with arguably one of the most protectionist and conservative data and tech rules, didn’t go this far with their discrimination as China’s discrimination is only done with respect to issuing a license.
Also, beyond the infringement on the WTO rules on data regulation and policies, it will be helpful to look at some of the likely implications of the European Governance Data Act:
Firstly, the law will only make more and more regions want to adopt similar policies that can really stifle globalization. Globalization has really been helped due to the likes of Facebook, Google, and Twitter due to the borderless and seamless transfer of culture, information, and ideologies via these platforms among users located in different parts of the world, hence, laws like the EU data governance law can begin a series of data protectionist laws across regions which may greatly hamper globalization.
It might sound farfetched to directly relate the law with a possible decrease in globalization but it isn’t, take for example the GDPR that others have copied, even though only the EU implemented it and it was first heavily criticized.
The reason is, the move from the European Union can be considered the biggest move by a region against data privacy and regulation and it seems to be passing a message that they are actively trying to protect their citizens, a move that other regional leaders are likely to copy as it would be seen to also make them look progressive.
Secondly, one has to consider the possibility that this law would simply increase the gap between big tech companies and smaller competitors because the physical entity restriction put in place for companies to make use of European data can barely deter large corporations like Google, Facebook, and other big tech companies, hence the law might just be another policy that cripples the growth of highly promising tech startups that want to extend the tentacles of their products to Europe.
Also, very importantly, is the fact that this law somehow commoditizes the usage of personal data. Everyone knows personal data has become a commodity these days but accepting it or legitimizing it seems so much like the objectification of human beings like people are outrightly being treated as products that can be monetized.
As well-intended as most of the EU law is, the law confirms the existence of data as a commodity, especially personal data, and it also, directly and indirectly, legitimizes the monetization of people’s personal data.
The EU data governance law is one that will look to protect the citizens of the European Union, and its features look exciting and highly progressive, however, asides from the obvious infringement on the World Trade Organization data laws, the law treats people (personal data) like algorithms that can simply be exploited (although supposedly lawfully) and used for various purposes, and I think that is merely the EU becoming the enemy you’re fighting regardless of how you paint it; we say Big tech is treating people’s data as a commodity and we also say big tech is monetizing people’s data but what is the difference with these new EU data governance act irrespective of the mechanisms that would be put in place, the law basically treats people data as ‘objects’ that can be transferred, donated, monetized, combined for end goals
I am not against mechanisms that can protect people’s data and there is no way that we would not have to leverage people’s data to make the world a better place, in fact, I’m looking forward to the new Solid project by Tim Berners Lee that seeks to put data powers strictly in the hands of every individual, the solid project seeks to give the public their own ‘pods’ that can make them decide to what extent any entity can use their data and what type of data they would be using, with the solid project the right to how any personal data will be used is strictly in the hands of You and me.
Blockchain Technology also seems to promote the autonomous usage of user data, as it strictly empowers the individual by giving each person autonomy of their data and ensures top privacy. I believe data protection should be data autonomy for those involved, and as well intended as the new EU governance data act looks like, it still commodifies the personal data of people with the owners of the data themselves not in the driving seat, these are people’s data and as much as we need these data to make the world a better place, it is still necessary that people and people exclusively decide how and to what extent their data can be used, the ‘data altruism’ feature in the EU data Governance act, scratches the surface, but it isn’t just good enough, there is no need to stifle companies that use these data to provide remarkable services for your citizens if the laws put in place would only treat people’s data the same way.
Does the New EU Data Governance Act Really Means Data Autonomy for EU Citizens or NOT? was originally published in Data Driven Investor on Medium, where people are continuing the conversation by highlighting and responding to this story.