MyData operators set to accelerate the proposed European Data Governance Act

Published in

Value of trust (by iGrant.io)

5 min readDec 1, 2020

This article is written by Lal Chandran, Lotta Lundin, Dr. David Goodman, Dr. Godwin Caruana and Jan Linquist

On 25 November 2020, the European Commission published its proposal for a regulation on European data governance, known as the Data Governance Act [1], the first of a set of measures in the European strategy for data which was adopted in February 2020 [2]. The proposed Act envisions a single market for data, where data from the public sector, businesses and citizens can be accessed and used to stimulate growth and create value in the European economy. This regulation would facilitate effective and responsible data sharing across the EU and create a win-win scenario for both organisations and citizens regarding the use of personal data.

A MyData operator platform, such as iGrant.io, empowers individuals to control the data they generate — and so is very much aligned with the vision enshrined in the Act.

This article takes a look at the key takeaways from the Data Governance Act and elaborates on how a MyData operator satisfies the functional and governance needs of a transparent and trustworthy data economy.

The key takeaways

The Data Governance Act is an instrument aimed at fostering digitalisation across the EU while protecting its citizens. The Act would promote intermediary services between holders and users of data enabling joint exploitation of data. The key takeaways from the proposed Act are summarised below:

1. FAIR data usage

The data principles for data management and re-use referenced by the Act stipulate that any data should be FAIR — findable, accessible, interoperable and re-usable. The re-use of the data should not be monopolised by any one data user but also available to SMEs.

2. Data sharing services and data altruism

The Act promotes the sharing of data between organisations so that both the organisations involved and the individuals whose personal data is being shared can benefit. It pushes for measures to make it easier for citizens and businesses to re-use data held by public sector entities and promotes data altruism, advocating further data sharing, particularly across sectors and borders. It emphasises using the right data for the right purpose and making it easy to port personal data from one service provider to another should an individual not be happy with the service provided.

3. Safeguard rights and interests of data subjects

Allowing personal data to be collected, used and shared with the help of ‘personal data-sharing intermediaries’, is designed to help individuals exercise their rights under the General Data Protection Regulation (GDPR).

4. Consent based

Citizens should be able to manage their consents. Consent ‘forms’ should be developed to lower the cost of collecting consent and to facilitate portability of data (where the data to be made available is not always held by the individual). Data re-use should be facilitated on the basis of the consent of data subjects or the permission of legal persons through adequate technical means.

In addition, the Act introduces the notion of a ‘personal data space’ where data could be kept without having to be transmitted to third parties.

MyData operator data intermediary services

The Data Governance Act suggests achieving its key targets via trusted data intermediaries providing regulatory intervention of low (rather than high) intensity as the preferred policy option.

A high intensity intervention, in the form of a compulsory scheme with one single data authorisation body (e.g. a Data Protection Authority in each Member State) providing a one-stop shop for all data-related issues, was deemed too expensive and limiting to digitalisation. Choosing this policy option only would have had a prohibitive impact on SMEs and startups.

By complementing the high-end policy with trusted data intermediaries and a harmonised governance framework, the barriers to a well-functioning data-driven economy can be lowered. This is well aligned with the definition of MyData operators [3] as providers of infrastructure for human-centric personal data management. MyData operators provide interoperability at the technical, informational and governance levels to support the flow of personal data across different services. By enabling the sharing of personal data across services, the use of data is transparent and controlled by individuals. As providers of infrastructure for personal data management, MyData operators are key in creating sustainable ecosystems for the fair and ethical use of personal data. The picture below illustrates the various actors in a personal data ecosystem.

Data flows in a MyData Operator ecosystem

MyData operators embrace the Data Governance Act

The MyData operator reference model [4] describes nine core functional elements of operators as illustrated in the figure below (reproduced from [3]). These elements either independently or collectively make it possible to utilise personal data in a transparent and human-centric manner and support interoperability between data operators via open and standardised interfaces.

The Data Governance Act sets out principles of governance for the actors involved within a data exchange ecosystem. The table below summarises the requirements relevant for a MyData operator, like iGrant.io, and explains how they are addressed.

Conclusions

While the GDPR sets the direction for privacy rights and responsibilities for organisations collecting private personal data, no specific encouragement is given for data sharing. The regulation further stifles competition and tends to benefit data sources that control access. The Data Governance Act sets the stage for a healthy European data sharing ecosystem by defining the necessary steps for data governance and setting the guidelines for establishing ‘data intermediaries’.

A well-governed, decentralised and interoperabile MyData Operator ecosystem meets the requirement for a low intensity regulatory framework and is equipped to provide data sharing services while safeguarding people’s privacy. A MyData operator can play the role of a data intermediary which connects different actors and has the potential to contribute to the efficient pooling of data as well as to facilitating bilateral data sharing.