Strategy Consulting

A complex regulation context

• The European Union launched the GDPR (General Data Protection Regulation) in May 2018. Many countries in the world took it as a reference and are implementing their own similar regulatory framework.

• The GDPR right to portability (article 20) was supposed to empower people with their data by allowing them to transfer it between their digital services. In practice, the right to portability's potential for innovation has been largely ignored by organizations, which see it as a compliance issue only whereas it is not the case, and people barely use it. The market did not embrace the opportunity.

• In February 2020 the European Union presented its Data Strategy. The data strategy enshrines data-sharing (industrial, personal, non-personal data) as the central element of the EU's action in the digital world during the current Commission's term of office. The Data Strategy goal is to foster the emergence of the Data Spaces.

• The EU is creating sectoral 'European Data Spaces' which will be responsible for coordinating key sectors to facilitate the flow of data. 10 priority Data Spaces have been announced to date, including mobility, finance, health, skills, energy, green deal, administration).

• Concerning the sharing of personal data, the EU recalls that the GDPR, with its values, principles, and rights, are the basic components of the architecture that will be put in place.

• 10 billion euros will be committed (by the EU, the Member States, and the private sector) from 2022 for the establishment of the European data-sharing infrastructure, all sectors combined.

• In November 2020, the European Commission presented the Data Governance Act (DGA), which announces the creation of a new institutional tool for data at the European level. 

• The European governance body will contain a data innovation board made up of public-private partnerships. This board will influence the construction of European Data Spaces and a 'soft infrastructure' for personal data sharing.

• The Data Governance Act enshrines and clarifies the role of data sharing intermediaries, especially concerning personal data, and begins to outline a clear framework for these new tools. For example, they will not be able to perform any role other than that of an intermediary. The Digital Markets Act (DMA), Digital Services Act (DSA), and Data Act (DA), all contribute , along with the DGA, to the creation of a regulatory framework for the Data Spaces.

• Many other countries and jurisdictions outside of Europe are also working on data sharing networks at the moment (US, Canada, UK, Japan, South Korea, Brazil, etc.). New questions arise like cross-jurisdiction sharing and governance.

• Many initiatives in Europe, like GAIA-X, and worldwide are working towards standards for data sharing in all sectors (Finance, Health, Mobility, Education, etc.).