3.4. Governance within Common European Data Spaces

GENERAL VALUES OF GOVERNANCE

Governance within a common European data space should be based on principles that closely relate to the general values (or pillars) on which the EU was founded. As advocated by the Data Spaces Support Centre, these values should be enshrined in concrete settings and brought to the level of technical implementation within European data spaces to ensure individual and collective control of data and safeguard a human-centric and fair approach. Establishing robust governance mechanisms to achieve this will help gain the trust of the stakeholders involved in a data space. 

The Staff Working Document (SWD) on Data Spaces outlines that data spaces should put in place an appropriate governance structure to ensure fair, transparent, proportionate and non-discriminatory access to, sharing and use of data. That structure should comply with existing provisions of horizontal legislation, e.g., the GDPR, Free Flow of Non-Personal Data Regulation, ePrivacy Directive, Platform to Business Regulation and sectoral EU data-related legislation, e.g., type approval legislation, Payment Services Directive, Electricity Regulation, and Intelligent Transport Systems Directive. Common European data spaces will also comply with the applicable EU legal frameworks on personal data protection and security, fundamental rights, environmental protection, competition law, and other relevant rules of data services in the EU, such as international trade commitments under the World Trade Organisation’s General Agreement on Trade in Services and other trade agreements. In addition, adequate technical, legal and organisational measures should be put in place to prevent unauthorised access to personal and non-personal data.  

LEGAL INFLUENCES ON GOVERNANCE 

The overarching governance context for European data spaces is formulated in the Data Governance Act (DGA), which offers a means for greater societal reuse and access to data, thereby setting the enabling conditions and providing the concrete arrangements in which trustworthy data sharing and/or data pooling can occur. The DGA comprises horizontal measures relevant for all common European data spaces while leaving room for the application of sector-specific rules, where appropriate. This is complemented by the proposal for a Data Act, as mentioned earlier.  

Governance systems are beginning to be elaborated for specific sectoral data spaces, for example the European Health data space will be established by a Regulation and the forthcoming Sustainable and Smart Mobility Strategy will describe the main features and objectives for the common European mobility data space (EMDS), including a defined governance system. It is important that initiatives for implementing sectoral data spaces should be aligned with the general set of rules applicable to all common European data spaces. 

From the above, it is clear that the various legal aspects affecting the creation and operation of common European data spaces are multi-fold, shaping their purposes, goals, business structures and technical features.  As mentioned in the Staff Working Document on common European data spaces, data spaces will need to ensure that “European rules and values, in particular personal data protection, consumer protection legislation and competition law, are fully respected.” Common European data spaces will thus need to operate according to existing laws such as the GDPR and other regulations relating to cybersecurity, competition, intellectual property, fundamental rights, safety, etc., as well as complying with relevant sectoral data-related legislation.  

LEGAL LANDSCAPE OF DATA SPACES

In order to help navigate the legal landscape pertaining to data spaces, the Data Spaces Support Centre (DSSC) has proposed consideration of legal issues across six different areas:

(1) Substantive rights and obligations pertinent to data

(2) Data contracts

(3) Competition law

(4) Organisational aspects

(5) Techno-legal interoperability

(6) Regulatory aspects

Outlined in a Checklist contained in the DSSC Data Spaces Start-up Kit, it is essential to ask which legal aspects are relevant when setting up a particular common European data space, as well as to consider the data and organisational governance model. 

Example: The European Commission Impact Assessment for the European Health Data Space (EHDS) clarifies that it will ensure coherence with relevant EU legislative frameworks, including the GDPR, the DGA, the proposed AI Act, the cybersecurity regulatory framework, the eIDAS (electronic IDentification, Authentication and Trust Services) regulation, the pharmaceutical regulatory framework, the Cross-border Healthcare Directive and the Medical Devices Regulation, as well as international trade commitments. Regarding the provision of a framework for health data reuse, it states that the EHDS will build upon the DGA. However, as a horizontal framework, the DGA cannot address the specificities of sensitive data, such as health or genetic data. Within the EHDS, it will therefore be necessary to consolidate the requirements and technical framework needed to achieve a functioning system in the field of primary and secondary use of health data, complementing the DGA rules with more detailed or more practical rules considering the specific nature of health data. The EHDS will also build upon the Data Act proposal and establish standards and specifications for data portability and interoperability, thus making the portability and access of data linked to devices (medical devices and wellness apps) both technically and practically possible.  

In the case of the Green Deal data space, it will be important to consider the underpinning policies and sectoral data-related legislation, e.g., in the areas of financing, sustainability reporting, energy and mobility, etc., as well as forthcoming updates to the existing legal framework for environmental data sharing, and the Implementing Act on a list of High-Value Datasets.  

Adapting data spaces to the specific needs of discrete ecosystems depends on the given requirements of a domain, sector, or territory. For instance, a data space for the energy industry should take into consideration the specific needs of the stakeholders of that domain (distribution system operators, transmission system operators, etc.), and it should also support the constraints of the smart-grid cyber-physical system (e.g., when building a digital twin, so that data exchange has an effect on grid operation).  

GOVERNANCE TRUST ACROSS SECTORAL BOUNDARIES

Governance (and trust) becomes especially important when working across sectoral boundaries and where there is a need for multiple commons, communities and actors to interact together, for example in use cases across thematic data spaces, such as the future Green Deal data space. Likewise, the pan-EU data space for smart communities, to be interconnected with the Green Deal data space, should take into consideration the multitude and variety of possible cross-domain interactions (e.g., energy, mobility, health, water and waste management, etc.).

The European mobility data space may need to interact and link with, for example, the Tourism data space or the Industrial and Manufacturing data space. There will thus be a need to accommodate different data sources and services, and different layers of data curation, enrichment and analysis, which may be separated by legal, institutional, infrastructural and even funding silos. In this sense, European data spaces should ensure inter data space interoperability (including legal interoperability), allowing for cross-sectoral data exchange and synergies between multiple data space instances or data sharing initiatives, in order to pave the way towards the federation of interoperable data spaces envisaged by the European Strategy for Data.   

The governance in a data space sets the management and guides the process to achieve the vision of the community, that is, to create value for the data space community by facilitating the finding, access, interoperability, and reuse of data irrespective of its physical location, in a trusted and secure environment. For each participant of the community, this implies that the authority and decisions that affect its own data assets should be orchestrated also with the rights and interests of other collaborating participants of the data space.  

A fit-for-purpose data space governance framework should create the conditions for more systematic, sustainable, and responsible data sharing and collaboration. It will thus be important to design a governance system that can incentivise participation and collaboration between diverse actors in a way that fosters trust and inclusion, for example, ask whether a hypothetical Urban data space could lead to an integration of stakeholders and offer a new sphere for creativity, participation, as well as novel formats for engaging those in the urban public sphere who were previously not involved. Similarly, in the context of the Green Deal Data Space, it will be interesting to explore opportunities and governance approaches for the integration of citizen-generated content and contributions, as well as new citizen engagement practices.