The European Commission is planning to release its Data Governance Act to facilitate data sharing within the EU. The goal is to increase data sharing among businesses, make more public sector data available for reuse, and foster data sharing of personal data, including for “altruistic” purposes. While the goals of the act are commendable, many of the specific policies outlined in a draft would create a new data localization requirement, undermine the EU’s commitments to digital free trade, and contradict its open data principles.
To be clear, the overall proposal has some merit. For example, it is much overdue to create a mechanism that would allow individuals to donate their data voluntarily for scientific research or other beneficial purposes. Similarly, the plan to establish an expert group in the form of a “European Data Innovation Board” made up of representatives from each EU member state would be useful to elevate the importance of data-driven innovation in EU policy circles and establish consistent data sharing policies across the EU (a proposal the Center for Data Innovation has long called for). Finally, the plan calls for establishing standards for ensuring research data will be findable, accessible, interoperable, and reusable—a useful standard to ensure others can make use of data.
Unfortunately, these benefits are overshadowed by the many drawbacks of the proposal.
First, the Commission’s plans would require that all data processing enabled by this law be limited to the EU. This data localization requirement would raise costs for companies that would have to build capacity in the EU and limit their ability to combine and process EU data with non-EU data. Requiring data be stored and processed in the EU will not make the EU any more competitive, it will only encourage other countries to implement similarly protectionist policies and make it harder for EU businesses to access services offered by non-EU companies. Nor will keeping data in the EU better protect it since organizations in the EU must abide by the GDPR even if they process data abroad. And given the EU’s stated desire to produce ethical AI, it is highly misguided: It would make it harder for certain EU nationals, such as recent immigrants, to benefit from AI applications which may require data from non-EU sources.
Second, the proposal would create data intermediaries to facilitate data sharing between businesses and consumers. These data intermediaries would be required to be legally established in the EU or the EEA. Such an obligation would be discriminating against foreign companies, which is anti-competitive and would even violate international trade rules. Indeed, under WTO agreements, restrictions on the use of foreign data processing are considered as a barrier to trade, and countries cannot require providers of data sharing services from abroad to be legally based within their own territory.
Third, the proposal would allow public sector bodies to charge fees for the reuse of their data. This idea is at odds with the open data principles according to which all public data should be made available to the public at no cost without restrictions. While the private sector should of course be able to charge for data, it does not make sense for the public sector to start doing so, especially if fees go beyond cost recovery for producing the data.
As the Commission refines its proposal for the Data Governance Act, it will hopefully ensure this new policy enables more data use without coming at the expense of the free flow of data, free trade, and open data.
Image credits: Flickr user European Parliament.