July 1, 2021

Data Sovereignty and the European Data Governance Act

What kind of world do we want to live in tomorrow? The question arises also when it comes to data – both personal and non-personal – and how it should be dealt with. The European Data Governance Act (DGA) now offers the opportunity to define clear rules on how to use data responsibly as it is shared and exchanged between various parties. A recent IDSA Live Session entitled „The European Data Governance Act from a Data Sovereignty Perspective“ focused on the steps and actions required to set up such rules.
Silvia Castellvi

Many experts agree that DGA has the potential to become a global standard for data usage – just like the General Data Protection Regulation (GDPR) has for data privacy. Being a central element of the European Strategy for Data, DGA aims at sustainably establishing the concept of data sovereignty, which in turn will pave the way for European data spaces to emerge on a large scale, making secure and trustworthy data sharing and exchange between organizations and individuals the new normal.

Need for data sovereignty

As more and more data is being shared and exchanged between different parties, rethinking how data should be dealt with is becoming increasingly important. To illustrate the importance of this endeavor, it may be helpful to look back at the year 1948, when the United Nations General Assembly ratified the Universal Declaration of Human Rights. Just like we could ask ourselves what the world today would look like if these human rights had not been declared back then, we can ask ourselves today what the world in 2048 will look like if the issue of data sovereignty is not properly addressed and solved now.

With digital transformation of the global economy and the societies around the world speeding up every day, human rights are increasingly being threatened. This is especially true for global superpowers, like the USA (where very much business rules upon data and how it is dealt with) or China (where power over data is all in the hands of the communist regime). In Europe, however, initiatives like DGA and GDPR focus on the individual citizen or organization and their right to stay in control over their data.

Soft infrastructure as a framework for data sovereignty

The common framework for turning data sovereignty into reality is provided by a distributed soft infrastructure. Based on this soft infrastructure, multiple parties can share and use data in a secure and trustworthy environment, with the data owner always staying in control over their data. The soft infrastructure allows establishing agreements between organizations and individuals on how to share, manage and use data. Such agreements then allow, among other things, to reuse public data efficiently and exchange private data securely. The soft infrastructure for data sovereignty can be compared to GSM, the international standard for second-generation digital cellular networks used by mobile devices, providing an open framework for all actors in the market.

Common standards, rules, and regulations

While the soft infrastructure provides the overall framework, data spaces enable open and fair transfer of data in certain segments. In other words: While there may be an unlimited number of data spaces for certain industries (mobility, healthcare, manufacturing etc.) or even very concrete application areas, the soft infrastructure works as a link embedding each of these data spaces in the context of common standards, rules, and regulations. Each data space provides a secure and trustworthy data ecosystem in which data can be freely shared and exchanged, as long as all parties comply with the rules and regulations agreed upon. Unlike former concepts developed and established for cross-organizational data exchange, which typically favor a centralized approach and exclusive participation, data spaces are open, dynamic and flexible ecosystems aiming at creating fair competition (or at best: coopetition) across Europe’s economy.

Data spaces governance in the European Data Governance Act

To ensure innovation and continuity in the long run, the interest, input, and energy of private and public actors need to be balanced. The DGA is the enabling governance framework for European data spaces to be established.

The DGA enables the creation of the de-facto ‘soft infrastructure’. It proposes a two-tier governance structure: a governance entity required for each data space and an overall governance organization concerned with common aspects of data space interoperability and data sovereignty. Furthermore, the European Commission envisages the development of a general authorization framework for the so called ‘data intermediaries’. Data intermediary is the general term for a party (e.g. a broker, marketplace operator, or facilitator) that organizes the sharing and exchange of data between all actors (both organizations and individuals).

Challenges to address

The main challenge now is to take the Data Governance Act and turn it into a hands-on tool to clearly define responsibilities and accountabilities. To do so, focusing on data sovereignty and the soft infrastructure is mission-critical. This is mainly a matter of coordination, not so much a technical challenge. All parties involved in this process should now agree on a common language so that key terms and concepts can clearly be defined and common goals can be achieved. To drive this endeavor from a regulatory perspective, two central entities should be established: a Data Exchange Board and a Data Innovation Board.

To learn more about the DGA and the design principles for data spaces, visit https://design-principles-for-data-spaces.org/

Author: Silvia Castellvi
Silvia Castellvi is a Senior Consultant at IDSA and OPEN DEI task force 1 Coordinator, Communication and Dissemination Leader.

Stay updated with us