The technological world is moving at a fast pace by developing new products and improving the existing developments. Many of these processes are inevitably connected with usage of data, either personal data or anonymized one. Nevertheless, humanity cannot make important technological advancements without having data to analyze. It does not matter if it is a big tech company or a small start-up, they all often face the same problem – where to get data to continue improving the existing services without harming the data owner. At the end of May 2022, the European Union introduced a new Regulation (EU) 2022/868 on European data governance amending Regulation (EU) 2018/1724 known as Data Governance Act. The aim of the Data Governance Act is to make data (both personal and non-personal) more accessible and available by regulating
the re-use of data that is held by public authorities,
creating trusted and safeguarded space for data sharing through data intermediaries or
for the sharing data for altruistic purposes.
Given that these three above-mentioned concepts are quite substantial and each of them would require a detailed overview, this post will be focused on the qualification required to operate as data intermediary and what such qualification means for your business.
What does data intermediation service mean?
The Data Governance Act defines ‘data intermediation service’ as a service which aims to establish commercial relationships for the purposes of data sharing between on one hand - an undetermined number of data subjects and data holders and on the other hand - data users. The regulation addresses the technical, legal or other aspects of these relationships, including the rights of data subjects in relation to personal data.
In short, data intermediation service is about a neutral man-in-the-middle who connects individuals or companies willing to share their data with other users in need of such data. The aim of the Data Governance Act is to allow individuals and companies to decide by themselves whether they want to share their data with others and under what terms. Whereas the role of the data intermediary in this case is just to namely be the neutral intermediary who allows these two actors to meet each other.
It is important to highlight that the data intermediaries are under an obligation to follow a strict set of rules in order to remain neutral in these relationships and are not allowed to commercialize the data by selling it to third parties or using it to develop some new services or products. However, such intermediaries can use the obtained data solely for improvement of their intermediation services.
For instance, if you are a tech company and among other activities also willing to provide data intermediary services, you should be careful and separate this neutral intermediation service from your main services (in legal and economical senses).
Who falls under the scope of a ‘data intermediary’?
The Data Governance Act provides us with examples as to who can be classified as data intermediary. As mentioned in the Act data marketplaces can be an example of such intermediary service provider. Data marketplaces are undertakings that can make data available to others by being orchestrators of open data sharing ecosystems. Examples of such marketplaces are common European data pools which are established jointly by several legal or natural persons with the intention to license the use of the data in the data pools to all interested parties in a manner that all participants that contribute to the data pools would receive a reward for their contribution.
Who is the European Data Innovation Board and when shall competent authorities be formed?
European Data Innovation Board is a group of experts (among others shall include competent authorities for data intermediation services and the competent authorities for the registration of data altruism organizations of all Member States) which shall be formed in order to successfully implement the data governance framework. The European Data Innovation Board shall assist the European Commission in coordinating national practices and policies on the topics covered in the Act, and in supporting cross-sector data use by adhering to the European Interoperability Framework principles.
The Data Governance Act also sets that each Member State shall establish competent bodies and notify the European Commission by 24 September 2023 providing such subjects covered under the Act time to adjust to the new rules.
What should you do next if your activities can be considered as ‘data intermediation service’? In case your activities fall under the scope of ‘data intermediation service’ you should notify the competent authority that you want to provide such services. The competent authority has to confirm that the notification you submitted contains all the required information. Such notification shall include the following information about the data intermediation services provider:
the name;
its legal status, form, ownership structure, relevant subsidiaries and, where the data intermediation services provider is registered including its registration number;
the address of the main establishment and its branch even if it is located in another Member State;
a website with complete and up-to-date information on the data intermediation service provider and its activities;
contact persons and contact details;
a description of the data intermediation service and an indication under which category such data intermediation services fall according to Article 10 of the Act;
the estimated date for starting the activity.
In case you meet all requirements set in the Data Governance Act for provision of ‘data intermediation service’ and received a confirmation from the relevant authorities that you notification is accepted, you can start providing these activities and should use the label ‘data intermediation services provider recognized in the Union’ in your written and spoken communication, as well as on the logo. Given the number of existing problems and issues related to sharing of data in the European Union, including absence of trust of data owners, data intermediation service under the Data Governance Act is another big step in creating trustworthy and safe environment for data sharing across data holders and potential users. The set of rules and procedures outlined in the Act should provide significant confidence and a safe environment for data owners to share information. It also signifies moving towards the goal of making access to and the re-use of data more open and not simply the privilege of big tech giants.