Privacy & Information Security Law Blog

On May 29, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted formal comments to the European Commission’s Consultation on a European Strategy for Data (the “Strategy”).

CIPL welcomes this initiative by the European Commission given the importance of data sharing to the modern digital economy and new technologies, including artificial intelligence and machine learning applications. This effort is also timely, as the COVID-19 pandemic has further confirmed the need for data sharing in the context of data for social good and to respond to emergencies.

As we previously reported, the aim of the Strategy is to create a single European data space facilitating access to and use of high quality data within the EU and across sectors in line with European rules, including data privacy rules. The Strategy also aims to establish the EU as a competitive leader in the data-driven economy and to create a light touch, agile and iterative framework for data access, use, re-use and sharing. The EU Commission considers numerous issues in the Strategy, ranging from the availability of data and opportunities to use data for social and economic good, to interoperability, data infrastructure and digital literacy, and data protection and cybersecurity.

With respect to data protection, the EU General Data Protection Regulation (“GDPR”) already provides a framework for the use and sharing of personal data between organizations—the definition of “processing” under Article 4(2) includes “disclosure by transmission, dissemination or otherwise making available”—and CIPL highlights the importance of keeping this regulation as well as all other relevant European instruments, directives and regulations in mind when crafting any governance framework for data access, use and sharing.

In its comments, CIPL recommends:

• building the Strategy, including proposed legislation and any governance framework for data sharing, upon demonstrable and enforceable accountability;
• calling within the Strategy for the European Data Protection Board and national data protection authorities to work with organizations to develop a framework for accountable data sharing that can work with the GDPR;
• resolving key GDPR challenges as an important first step in the creation of an accountable data sharing framework;
• enabling harmonization at national and sectoral levels to ensure the success of a common European data space;
• leveraging a data sharing framework based on organizational accountability for all types of data sharing relationships (i.e., B2B, B2G, G2B and G2G);
• articulating a risk-based approach to data sharing that considers the risks as well as the benefits, reticence risk and impact on other human rights;
• developing the European data space with global interoperability and collaboration in mind to create a truly attractive policy environment for Europe’s data economy;
• promoting and incentivizing voluntary sharing arrangements;
• providing for innovative regulatory oversight within the Strategy that includes regulatory sandboxes and data review boards; and
• aligning any proposed frameworks for common European data spaces in strategic sectors with the Strategy’s proposed cross-sectoral horizontal framework.

Read the response to learn about the above recommendations in more detail, along with all of CIPL’s other recommendations on the Strategy.