In this blog, a NewGovernance, iSHARE, INNOPAY, International Data Spaces Association, Meeco, MyData Global, SITRA and The Chain Never Stops – eight organisations of the Data Sovereignty Now movement – explain why the recently published proposal for the EU Data Governance Act is a very good step forward. They also outline their suggestions for further elaboration in order to accelerate the development of a governance framework that will provide true control over personal, business and public data.
Supported by the European Data Strategy, the EU is striving to create a digital single market for the data economy and data sharing that benefits society as a whole. This will be based on European ‘data spaces’ that allow data to flow freely within the EU and across sectors whilst staying true to EU values such as privacy, transparency, self-determination, security and competition. As part of implementing the data strategy, the European Commission published its proposal for a regulation on European data governance, known as the Data Governance Act.
The data sovereignty principle states that people and organisations have the capability of being entirely selfdetermining with regard for their data. A soft infrastructure is a set of standardised functional, legal, technical and operational agreements that make data sharing work in practice. Together, data sovereignty (as the guiding principle) and soft infrastructure (as the practical enabler) are crucial to achieve the goals of the European Data Strategy.
As member organisations of the Data Sovereignty Now (DSN) movement, we applaud this proposed legislation because it contains several essential elements for enabling data sovereignty, including:
- People, businesses and public-sector bodies should have
control over data about them.
- Data and data spaces need to become interoperable across sectors.
- Recognition of current and future data intermediaries (called ‘data sharing services’ in the regulation) such as data operators, gateways and platforms within data ecosystems.
- Balanced pan-European governance, under the leadership of the so-called Data Innovation Board
The data sharing services or data intermediaries have to comply with still-to-be-defined binding requirements. Once created, the requirements for data sharing services will offer a basic level of compliance, legal conditions and last but not least a unified and inclusive data experience across data spaces, for all people, businesses and governmental users of data services. The data intermediaries thus ensure that the rights of data subjects (in
case of personal data) and other rightsholders are respected and that people, businesses and governments in the various data spaces are empowered to re-use data about themselves.
Hidden Gem: Data Innovation Board
Chapter VI of the proposed Data Governance Act mentions the establishment of a Data Innovation Board that will assist and advise the Commission on the strategic matters in data governance, such as enhancing interoperability and developing the actual requirements applicable to data sharing providers. We regard this Data Innovation Board as a ‘hidden gem’ in the proposed regulation since it could act as a launching pad for many critical developments of soft infrastructure in the future.
Furthermore, in our view, the Data Innovation Board – with its strategic focus – should be complemented by another governance body focusing on the more tactical and operational aspects of enabling data sharing and interoperability in practice. This combination of strategic guidance and operational efficiency would ensure accomplishment of the real aims: to create trust in data sharing, and to co-create, organise and stimulate adoption of decentralised access to and exchange of data while maintaining transparency, security and interoperability.
This operational governance body could be called the Data Exchange Board. It should be tasked with agreeing upon the initial requirements for the data sharing services and updating the requirements going forward, driven by the needs of people, markets and public-sector use cases. We recommend building upon the existing science, research and practical experience from interoperable data sharing (e.g. IHAN, IDSA, Data Sharing Coalition, iSHARE and MyData Operators, to name but a few) and merging best practices to organise this on a pan-European scale.
The Data Exchange Board would create the living link between the aims of the regulation and the means and best practices that are emerging in the real-life use cases. We believe that this connection will be essential to drive large-scale adoption of the data sharing services in the coming decade.
Figure 1 – The relationship between the strategic Data Innovation Board and the proposed operational Data Exchange Board, with the European Commission on one side and the practitioners on the other
We believe that the European data governance framework must be designed to establish and provide continuity to the soft infrastructure for data sharing. The still-to-be-established Data Innovation Board will be elemental in achieving this aim. We recommend that this should be further complemented by a Data Exchange Board that will focus more on the tactical and operational level, both in the sunrise of the soft infrastructure and in the future operational growth and innovation phase of the decades ahead.
Our vision on the key steps to achieve data sovereignty through soft infrastructures:
1. Soft infrastructure for data sharing:
Develop functional, legal, technical and operational agreements that support the most pressing use cases of
people, businesses and governments in the various data spaces.
2. Based on existing best practices:
Much of the groundwork on soft infrastructure for data sharing has already been done in the past decade by researchers and business practitioners around the world. The initial version of the requirements for data sharing services should include these best practices.
3. Living form of standardisation:
The soft infrastructures are a living form of standardisation and should be allowed to evolve over time; the common way of dealing with data must continuously respond to market needs and applications.
4. Operational governance:
To include the best practices from the practitioners and enable the continuous evolution of the standardisation, a
sound governance model should be set up which represents public-sector, private-sector and people’s interests.
5. Initial implementation:
The organisations that have created the agreements should roll out and implement the first version of the soft
infrastructure. This will provide referenceable integrations and, importantly, validate market adoption.
6. Roll-out and adoption:
The soft infrastructure should then be extended across all sectors over the coming decade.
We are keen to start the dialogue with policymakers and politicians to achieve this together. Feel free to contact us for more details or to reflect on or discuss how a governance framework can help to achieve data sovereignty and advance the European digital economy.
About the authors of this paper
Brussels-based aNewGovernance brings together public bodies, associations, academics, start-ups and corporates – in total 250 organisations from 53 countries. The association’s aim is to help build Sectoral Data Spaces in their governance and personal data dimensions, as well as the personal cross-sectoral Data Space: to build a governance framework that ensures fair use of data and strict respect of legislations, regulations and guidelines, in order to ensure fair and balanced relationships between individuals and organisations as well as between organisations, based on effective and documented trust.
One ultimate goal for the ecosystem of data sharing should be to create a governance body as a public-private partnership (PPP) for personal and nonpersonal data sharing: a global standard and governance elaborated by multiple parties from across the world, creating new societal and economic value and generating growth globally, not just for a few dominant players.
INNOPAY is an international consultancy firm specialised in digital transactions. We help companies anywhere in the world to harness the full potential of the digital transactions era.
We do this by delivering strategy, product development and implementation support in the domain of Digital Identity, Data Sharing, Open Banking, Payments and Digital CSR. Our services capture the entire strategic and operational spectrum of our client’s business, the technology they deploy, and the way they respond to local and international regulations.
We have grown from strength to strength since our foundation in 2002 and operate from our offices in Amsterdam, Frankfurt and Berlin. Our head office is located in The Netherlands, where we have the #1 market position. We are a founding member of Holland FinTech, a financial technology hub with links to the rest of Europe, the US, the Middle East and Asia. Our team consists of over 50 experienced domain experts who regularly advise a wide range of global organisations.
International Data Spaces Association
The International Data Spaces Association (IDSA) is a non-profit coalition of more than 120 member companies and research institutions that share the vision of data sovereignty, in which all companies can control and realize the full value of their data in secure, trusted, equal partnerships. The cornerstone for realizing this vision is our IDS architecture that allows data providers to define conditions and set restrictions for the use of their data.
Our goal is a global standard for international data spaces (IDS) and interfaces, as well as fostering related technologies and business models that will drive the data economy of the future. Founded jointly by representatives of the business, policy and research sectors, IDSA is supported by member organizations based in 20 countries across the EU and around the world.
iSHARE is a uniform set of agreements or scheme that enables organisations to give each other access to their data. Since they all work with the same identification, authentication and authorisation methods, they do not need to keep making new agreements on these topics every time they want to share data.
Together, the partners who participate in the iSHARE Scheme create a ‘network of trust’ within which they can share data effortlessly. iSHARE is an initiative of the Dutch government’s Logistics Top Sector.
Meeco is a developer and provider of powerful data-enabling technology which combines data vaults, identity and access management, payments, data ontology and distributed ledger to enable the customer-controlled storage, processing and sharing of personal data within & between organisations.
Meeco operates in Australia, Belgium and the UK, and is the recipient of eight international awards for personal data innovation, privacy management, RegTech, FinTech, identity and payments. We are active members of Data Sovereignty Now, MyData.org, Distributed Identity Foundation, Kantara initiative, FinTech Australia and RegTech Association, all reflecting our commitment to co-developing the soft infrastructure that will enable a more trusted and equitable data economy.
MyData Global is an award-winning international non-profit, headquartered in Helsinki, Finland. The purpose of MyData Global is to empower individuals by improving their right to self-determination regarding their personal data. The MyData Declaration outlines the paradigm shifts and the principles that are needed to make this a reality.
Sitra is a future fund and an agent for societal change, with deep roots in the Finnish innovation field. Sitra collaborates with partners from different sectors to research, trial and implement bold new ideas that shape the future. The independent fund has been commissioned with the task of probing the future and promoting qualitative and quantitative economic growth.
This paper has been compiled as a part of Sitra’s IHAN® project, which lays the foundation for a fair data economy in which successful digital services are based on trust and create value for everyone.
The Chain Never Stops
The Chain Never Stops is a Cloud service for Value Networks. It facilitates the valorisation of the digital component and ensures that data access is managed by the originating data owners. Throughout a product value network, organisations can work together to deliver the right product at the right place at the right time including waste management.
Data Sovereignty Now
Data Sovereignty Now is a movement of partners who believe that Data Sovereignty should become the guiding principle in the development of national and European data sharing legislation. Data Sovereignty is the key driver for super-charging the data economy by putting the control of personal and business data back in the hands of the
people and organisations which generate it.