The European Union’s approach to data governance has had an area of influence far and wide. While regulatory pieces are still emerging across the region as a whole, in June 2023, the European Council presidency and European parliament reached a provisional agreement on a new regulation on harmonized rules on fair access to and use of data also known as the “Data Act”, that complements the Data Strategy packaged and the Data Governance Act previously approved. A new report by the Datasphere Initiative, co-authored by Carolina Rossini and Mariana Rozo-Paz, on “Responsibly Unlocking the Value of Data for All in Europe” analyzes the wider implications of these new regulations and others that are taking shape across the continent.
In an online event co-hosted by the Datasphere Initiative and the Centre for IT & IP Law (CiTiP) at KU Leuven University on July 6, 2023, policymakers, businesses, civil society, and academia identified emerging trends in data governance and discussed how European legislation is interacting with the policy approaches of other regions. This blog shares some key takeaways and outlines recommendations for stakeholders across Europe and beyond as they seek to responsibly unlock the value of data for all.
Efforts to design data policies in Europe have revolved around protecting fundamental rights and freedoms.
Europe’s priorities for data governance have revolved around promoting human centricity and sovereignty and the use of data for public good. The region’s strategy has encouraged and fostered the creation of new institutional arrangements around data such as the creation of data spaces, data cooperatives, and data stewardships institutions. The European Union’s governance instruments to protect personal and non-personal data have raised the standards when it comes to privacy, protection, and the sharing and use of data across borders while leading to some restrictions in accessing data outside of the EU.
Challenges remain to create incentives to encourage interoperability, innovation, digital transformation, and competitiveness.
Data governance efforts have developed in a fragmented and siloed manner and the increasing number of sector-specific norms contribute to that. There is a growing emergence of innovative frameworks to govern data from regulatory to self, regulatory, and technical tools.
Europe’s data policies are materializing in different sectors such as sustainability and environment.
Taking the example of European buildings and energy management systems, unlocking data could help manage and track CO2 emissions. This is linked to the capacity to collect that data which is key to European buildings but also European cities. It will be important to monitor how new data legislation in Europe facilitates or restricts the effective use of data for sustainability goals.
Other regions and countries have specific needs and best practices to learn from.
Now that there is more awareness about the societal harms and challenges of governing data in the region. The challenge now is to translate back into governance models that can effectively target these issues and unlock the value of data for all. While the EU’s global leadership on data protection approaches has had an impact, European values are not necessarily relevant to the wider world.
Europe’s efforts are interacting with other policy agendas.
In the United States, new emerging technologies have sparked several conversations about the role and impact of data. Protection of data has traditionally centered on the protection of data for private consumers as they interact with different businesses looking at how especially health information and financial information are protected. While there is growing support for regulatory action in the US, the European regulatory experience has been seen by the private sector as creating important implementation challenges.
While Africa is often seen as a region drawing inspiration from Europe, a number of data policy legislative pieces have been gaining ground in the region. The recently approved Africa Union Data Policy Frameworks highlights how Africa is shaping its own strategy on data governance. However many are discussing the steps for implementation of this framework to realize a regional digital market and a common approach to data governance.
India has looked towards Europe when it comes to governance, in the context of the General Data Protection Regulation however there is a growing hesitance, about over-regulation, that comes with understanding the European approach.
In the G20 and G7 context, it is clear that there are competing ways to approach data policy. India has been building what is being called its digital public infrastructure as showcased during its G20 Presidency which also allows for some ways of thinking about building technologies and interoperability. At the same time, Japan has been pushing the Data Free Flow with Trust throughout its G7 presidency, which has been welcomed by some European countries.
Brazil is set to take over the G20 presidency in the coming months and there are many common factors between Europe and Brazil when it comes to data governance. While not new to Brazil from a historical perspective, Europe’s emphasis on collective impacts and fundamental rights around protecting constitutional rights and freedoms is also reflected in the country’s approach to data. Brazil is currently exploring legislation on AI with more affirmative proposals around rights to reconcile a risk-based approach with a rights-based regulatory framework.
Looking forward to responsibly unlock the value of data for all.
Participants at the event pointed to a myriad of factors that are influencing governments’ ability to responsibly unlock the value of data for all. This is seen as a common challenge that differs in approaches. The following key recommendations shared by event participants surfaced during the discussion which the Datasphere Initiative will be channeling into work on data:
- We should focus more on the matter of data accessibility, rather than the notions of data flows and data transfers, given the fact that data is not necessarily transferred from one place to the other, but often accessed.
- Value is not only about monetization or extraction of value in an economic sense. It’s also the social value creation around data.
- Data governance efforts should not create additional inequalities but try to address some of the inequalities that the economy has created so far.
- Finding the equilibrium between the objectives of openness in data-sharing and the objectives of protection is a constant complex task that needs further experimentation and discussion.
- European approaches to data that may be transposed in other regional environments can have completely different consequences.
- The relationship and the challenges that we have regarding artificial intelligence are moving fast. Responsibility interoperability and multistakeholder dialogue will be key to sufficiently address the opportunities and risks.