The Data Governance Act: A key pillar to a Single Market for data

We speak a lot about the forthcoming Digital Markets Act (DMA), but only to a limited extent about the Data Governance Act (DGA). What is the DGA? Released on November 25, 2020, the DGA is a regulation to establish a single Market for data through data-sharing and data pooling of public and private personal and non-personal data.[1] The regulation defines a framework for data-sharing/pooling by public and private entities but does not impose any obligation to share data. So, why a DGA?

(source: European Commission)

Data is the blood of the digital economy. It enables firms to improve or to create new products and services. Data is necessary to train algorithms and artificial intelligence (AI), the vital organs of the digital economy. However, to unlock the power of AI, one needs lots of data. To unlock the power of new or complementary data-driven services such as a parking map, where a driver can see in real-time free parking spaces, one needs data. Data can be collected either in-house (first-party data) or through third-parties (third-party data). Data collection is costly and requires significant time and investments. So, from a law and economics perspective, data-sharing is an efficient tool as it will avoid the need to invest in the same collection of data, namely it will avoid over-investment in the collection of data, which is a lost surplus for the society, as the latter pays twice for the same resource. So, if data-sharing is beneficial, why public and private parties do not share data?

The answer is simple. Data is an important asset and parameter of competition, which can be legally protected (e.g., protection of personal data, protection of intellectual property rights, commercial confidentiality). Firms might thus not have the ability or incentive to share data. In some circumstances though, data-sharing is possible by enforcing regulations or Court’s decisions (e.g., the data portability right of personal data under the GDPR, the essential facility doctrine under competition law, and some sectorial regulations (e.g., automotive industry)). Nevertheless, data-sharing is not a common practice. For instance, the data portability right (art. 20 GDPR) is still unknown (only 10% of users are aware of such right) [2] and highly criticized by competition experts (unclear data coverage, a controversial scope, impossibility to share real-time data, the rudimentary definition of the technical formal, and transfer from one provider to another is not mandatory).[3] Accordingly, the right has not been designed to promote competition. So, if data-sharing is already legally possible, why a new regulation?

(data-sharing in practice)

Data-sharing is a matter of trust. One needs a clear framework about how data is shared and how data-sharing is accessible and protected. The DGA establishes this framework. In that end, the regulation creates the following rules: (i) a mechanism for re-using certain categories of protected public sector data; (ii) a mandatory notification regime for data-sharing services providers; and (iii) a voluntary registration regime for entities engaged in data altruism, namely voluntary sharing of personal and non-personal data for purposes of general interest (e.g., scientific research). Both the notification and registration regimes will be monitored and implemented by a competent authority with the power to impose administrative and financial penalties in case of non-compliance with the rules, subject to judicial review. Furthermore, a “European Data Innovation Board” will be created. It will be in charge to advise and assist the Commission in developing best practices, and to facilitate the cooperation between Member States’ authorities.

The regulation is thus expected to provide a greater incentive for data-sharing thanks to greater trust. The regulation will also enable the emergence of data intermediaries such as Personal Information Management Systems (PIMS). The latter are intermediaries for consumer data between consumers and online service providers in which a consumer can already access and manage from a unique interface all her/his data shared with providers such as bank, insurance, energy, internet, and mobile providers. However, the regulation does not specify which data can be shared, but only provides that firms must comply with existing laws, in particular data protection and competition laws. In the absence of clear guidelines, firms might be reluctant to share data to avoid an anti-competitive practice. The Commission is well aware of this problem, and will therefore update the Horizontal Co-operation guidelines to provide more guidance on data-sharing and pooling agreements,[4] as recommended by the Crémer et al report.[5] It is worth noting that the Commission will consider data-access or data-sharing as remedies in case of competition concerns in merger control.[6]

However, one question remains: How the Commission will prevent anticompetitive data-sharing through a private blockchain? Indeed, it will be possible to share data via a technical enabler. The latter allows the data supplier to control the use made of the data shared with data users. It can monitor whether data users respect the provisions of the data transfer agreement by tracking the data usage made by using a private blockchain. It can even sanction data users in case of violation of the data transfer agreement.[7] It will be thus possible to monitor in real-time an agreement and to implement an immediate retaliation in case of deviation. Hence, there will be no incentive to deviate from the collusive outcome. Moreover, thanks to the blockchain, the collusion will be undetectable.[8] In sum, the collusion will be sustainable and undetectable by competition authorities.

To conclude, the DGA is an important pillar to foster data-sharing, but should be first and foremost accompanied by more guidance on data-sharing, and an update of the data portability right (as recommended by the Commission)[9] towards a data interoperability right, which is the right of the data subject to obtain and transfer real-time data from one provider to another or directly from one controller to another on behalf of the data subject in an interoperable data format.

(data-sharing after the DGA)

[1] European Commission, press release, Commission proposes measures to boost data sharing and support European data spaces, November 25, 2020 (accessed December 8, 2020). [2] AGCM, Press release, Fact-finding Survey on Big Data, June 8, 2018 (accessed April 28, 2019). [3] Furman, J. et al report, p. 69; Crémer, J. et al report, p. 81; Schallbruch, M. et al report, p. 38. [4] Communication from the commission to the European parliament, the council, the European economic and social committee and the committee of the regions, A European strategy for data, February 19, 2020, p. 14. [5] Crémer, J. et al report, p. 126. [6] Communication from the commission to the European parliament, the council, the European economic and social committee and the committee of the regions, A European strategy for data, February 19, 2020, p. 14. [7] EC, Commission staff working document Guidance on sharing private sector data in the European data economy-Accompanying the document Communication from the Commission to the European Parliament, the Council, the European economic and social Committee and the Committee of the Regions "Towards a common European data space" SWD/2018/125 final, April 25, 2018, p. 11. [8] OECD, Blockchain Technology and Competition Policy-Issues paper by the Secretariat, 26 April 2018.

See also, Schrepel, T., Is Blockchain the Death of Antitrust Law? The Blockchain Antitrust Paradox, Georgetown Law Technology Review / 3 Geo. L. Tech. Rev. 281 (2019), June 11, 2018. [9] Communication from the commission to the European parliament, the council, the European economic and social committee and the committee of the regions, A European strategy for data, February 19, 2020, pp. 20-21.


Thank you for your subscription!