3.1. Governance Perspective

GOVERNANCE PERSPECTIVE

As outlined by the Data Spaces Support Centre, common European data spaces can provide a clear framework (from a business, legal and governance, technical and operational perspective) to support data sharing within a data ecosystem. Implementing a common European data space requires not only attention to technical aspects, but also stewardship and strategy for sharing resources. 

The Staff Working Document (SWD) on Common European Data Spaces  describes the vision behind common European data spaces as that of bringing together relevant data infrastructures and governance frameworks in order to facilitate data pooling and sharing. European data spaces should therefore enable a common governance framework to be established for secure data sharing, ensuring sovereignty of the participants over their own data, while allowing that data to be exchanged between information systems, across sectors and across borders. The European Strategy for Data further outlines that European data spaces will include the creation of data governance structures, compatible with relevant EU legislation, which determine, in a transparent and fair way, the rights concerning access to and processing of data.  By setting requirements on the reuse and access of data, and by promoting the establishment of trustworthy data intermediaries, the Data Governance Act supports the establishment of common European data spaces.   It also states that for the purposes of the design, creation and maintenance of a level playing field in the data economy, sound governance is needed in which relevant stakeholders of a common European data space can participate and be represented.  

Data governance cannot be easily separated from the governance of organisations and individuals.  Governance of data spaces involves “the management of the way [the] data space is accessed, controlled, and used; the assessment and control of generating value from [the] data space, and of the redistribution of value between actors; reflection on and involvement in decision-making over [the] data space, who is able to make such decisions and to influence how data and the virtual space is accessed, controlled, used and benefited from”.

Governance is needed to configure and coordinate the necessary actions (and interactions) by different organisations that make a data space work and meet its objectives. The SWD on Common European Data Spaces states that the governance of a common European data space should include adequate and non-discriminatory representation of relevant stakeholders. Consequently, common European data spaces should be clear on the roles different actors play in the design, development and implementation of the data spaces.

Governance mechanisms in European data spaces should also guarantee the rights of the participants and a smooth exchange of data. Furthermore, data space users should be seen as stakeholders, with the principles of user-centricity in technological design being considered. It is necessary to agree on standards and design principles for data spaces that are acceptable to all participants.  

EXAMPLE OF GOVERNANCE OF A DATA SPACE:  HEALTH

The roles of all the stakeholders involved (such as patients, medical organisations and professionals, public authorities, private entities and research organisations) shall be clearly defined in terms of their rights and obligations with regards to adding data to the space, as well as having access to it. These roles shall be based on common requirements to add data to the space and limitations imposed on specific data sets, but shall also take into consideration differences in roles, interests and applicable legal frameworks.

While common European data spaces are being established for those that recognise themselves as belonging to defined communities (such as health, mobility or environment), the users and beneficiaries of data spaces may engage with a range of different data sources and domains to tackle societal challenges that data space content would help address. The aim is that over time, European data spaces would systematically harmonise parts of their technical, operational, functional and legal aspects, leading to the emergence of a more uniform, de-facto ‘soft infrastructure’, including recommended building blocks that would provide the basic capabilities and ensure cross-sectoral data space interoperability. This harmonisation of common aspects should enable users (e.g., citizens, businesses, governments) to stay in control of their data even across different sectors and applications (i.e., across different data spaces). The soft infrastructure is described as a combination of design decisions, rules, agreements and processes concerning how to share, manage and use data, that would include common aspects for all data spaces, including (but not limited) to identity, metadata, consent, legal terms, and security. Such a soft infrastructure would also define the roles required for a data space to work effectively (data provider, data consumer, etc.).  

LEVELS OF GOVERNANCE

Different levels of governance may be required in a common European data space as part of a governance continuum. At a high-level, a broad governance structure is needed for strategy and values-setting and to bring in the participation of a wide range of those who can contribute, use or are affected by the relevant data and associated information systems, and narrower governance structures may be needed for more technical and operational aspects, such as standards-setting and process rules, as well as the management of interoperability assets, such as reference code lists.

In between those levels, an oversight approach is needed to deliver transparency and accountability, founded in the broadly-agreed strategy and demonstrating to all that the governance of the data space is being realised fairly. This would include outlining the terms for participating in the data spaces as a provider or user, as well as the processes of recourse should any actor feel that those in charge of the data space had not respected their needs in a fair way.  

While the realisation of interoperable common European data spaces may present a coordination challenge, an approach to systematically address and govern this challenge is provided by the European Interoperability Framework (EIF) as developed by the European Commission, alongside its related frameworks and assets, where data aspects are also mentioned within its principles and recommendations. The current form of the EIF considers “Interoperability Governance” as a cross-cutting activity alongside the main four levels of legal, organisational, semantic and technical interoperability.  This aspect deals with interoperability framework decisions and institutional arrangements, organisational structures, roles and responsibilities, policies and agreements, as well as the monitoring of interoperability at national and EU levels. In addition, “Integrated public service governance” under the EIF considers how “European public services” should be governed to aid aspects such as integration, seamless execution, reuse of services and data and the development of new services and reusable ‘building blocks’ that can be deployed across IT infrastructures, such as eID.

Common European data spaces could potentially be seen as a ‘European Public Service’, or at least to share similarities with such technical considerations. Importantly, the EIF will be reviewed as part of the currently proposed Interoperable Europe Act, with further details on the current EIF in the JoinUp platform.