The Chartered Governance Institute - Irish Region

Irish Region

Read the Data Protection update in the Irish Agenda on The Data Governance Act


The Data Governance Act

The Data Governance Act (DGA) is another prong in the European Union's (EU) strategy for data. The DGA sets out a legal framework to facilitate and enable the safe access to, and sharing of, certain categories of public-sector data for commercial and non-commercial use, other than the original purpose for which data were generated. While the Data Act deals with who can share data and what data they can share, the DGA deals with how data can be shared.

The DGA entered into force on 23 June 2022 and will be applicable across the EU from 24 September 2023. As the DGA is data-centric, it is important to highlight that it will apply in addition to competition laws, the Data Act, the General Data Protection Regulation and any licensing terms agreed at a commercial level between parties.

Key Features

The DGA will establish a legal framework which is designed to increase access to public sector data, for the development of data-driven research and innovation, in an EU wide data marketplace. Data within the scope of the DGA will include personal data and non-personal data (such as trade secrets, intellectual property, health data, mobility data, environmental data, agricultural data and public administration data (DGA Data). 

The key features of the DGA's legal framework include:

  1. the creation of a new business model for data intermediary services (similar to data brokers) who will provide the infrastructures for DGA Data to be hosted, accessed, shared and exchanged. Intermediaries will need to be licensed to hold any DGA Data and will facilitate stakeholders to share DGA Data more easily within the parameters of the DGA;  
  2. the creation of "data pools" to receive and hold DGA Data in a controlled ecosystem as a result of businesses combining, exchanging and sharing such data for defined purposes such as research and innovation;  
  3. facilitating "data altruism" by public bodies and individuals (e.g. volunteering of data created/generated vis-a-vis consumers, end-users and/or public bodies for re-use by those who seek such data for various types of research, product improvement or other specific reasons); 
  4. setting down strict requirements in relation to anonymisation / pseudonymisation techniques and secure processing environments to ensure the protection of DGA Data;
  5. establishment a European Data Innovation Board (EDIB) by the European Commission. The Board will be comprised of various stakeholders from EU bodies who will ensure the sharing of DGA Data occurs in line with best practices.

Impacts on Businesses

Overall, the DGA is a legal framework which will open data to new opportunities for many businesses of all sizes. It will promote the availability of DGA Data for shared benefits and foster trusted data sharing. While DGA Data will originate from public sector bodies, it will be new chance for businesses across many sectors and industries to truly maximise the (re-)use and sharing of data in a single EU wide data marketplace.

The DGA will be a business enabler for data-driven digital transformation, artificial intelligence, research and innovation. Businesses who are open to the opportunity of creating data pools (or managing data pools by way of data intermediation services) will need to start preparing their operational structures and policies now to be ready for the DGA's application from September 2023.

Published by William Fry LLP on 2 December 2022

Search CGI