Digital technologies have transformed the economy and society, and at the heart of this transformation is data. In parallel with these developments, the landscape for data legislation continues to evolve in Europe. In 2018, we saw the introduction of the EU GDPR, which includes tough privacy and security laws for personal data, followed by the Cybersecurity Act in 2019 and the Digital Services Act in 2022. Later this year, the European Data Governance Act is set to come into force, and the proposal for a Data Act has also been recently approved. At DMI, data compliance is a key element of the JiVS Information Management Platform, so it’s vital that we keep on top of the latest legislation and regulations. This blog explains in simple terms what these various regulations involve and how they support the European data strategy.
What is the European Strategy for Data?
The EU’s objective is to make Europe a leader in the global data economy, which is to be achieved by harnessing the potential of the ever-increasing volumes of data as well as data-driven innovations, in order to benefit the European economy and society as a whole. It aims to become a leading role model for a society empowered by data to make better decisions by reinforcing business-to-government (B2G) data sharing that will benefit many areas such as healthcare, transport, public services, energy efficiency, and sustainability. However, all of this requires strict legislation, robust infrastructure, cybersecurity mechanisms, and trust that any personal data sharing complies fully with the data protection rules in place. A number of legislative instruments collectively form a strong legal framework designed to support the European strategy for data.
Data Privacy Thanks to EU GDPR
EU GDPR was introduced in March 2018 to protect the personal data of EU citizens, focusing on lawful, fair, and transparent data processing, as well as data minimization, accuracy, purpose and storage limitation, confidentiality, and accountability. Since coming into effect, all companies are aware (or should be!) of the purpose of the GDPR, what steps they need to take to protect personal data, and the hefty fines that are imposed if they don’t. More importantly, companies are aware of the negative impacts that a GDPR violation can have on their reputation in the marketplace.
Stronger Cyber Resilience With the Cybersecurity Act
The Cybersecurity Act came into force in June 2019, in the face of rising cyber-attacks, with the aim of achieving a high level of cybersecurity, cyber resilience, and trust within the EU. It establishes a European cybersecurity certification framework for network and information systems, communications networks, digital products, services, and devices, to ensure they are better protected against cyber threats. The legislation also defines the tasks of the European Union Agency for Cybersecurity (ENISA), which supports national authorities and EU institutions, bodies, offices, and agencies in improving cybersecurity by providing scientific and technical advice and expertise on cybersecurity.
Digital Services Act for a Safer Digital Space and Protected Digital Services
The most recent piece of data legislation to be introduced was the Digital Services Act in November 2022, setting out new rules for all kinds of digital platforms that act as intermediaries connecting consumers with goods, services, and content. Typical platforms include online marketplaces, social networks, content-sharing platforms, and app stores. The legislation is designed to give users better protection and fundamental rights online and implement measures to prevent the use of children’s personal data for targeted advertising, trace sellers on online marketplaces, counter illegal content, prevent disinformation, and provide transparency of the algorithms used to make product recommendations… the list goes on.
Greater Trust in Data Sharing and Stronger Mechanisms Through the European Data Governance Act
The aim of the European Data Governance Act (DGA), which will come fully into effect in September 2023, is to bring further significant benefits to EU citizens and companies by increasing trust in data sharing, strengthening mechanisms to increase data availability, and overcoming technical obstacles for the reuse of data. In short, it will help to create the processes and structures needed to facilitate data sharing by companies, the public sector, and individuals. As a result, more data will be available and data sharing across sectors and EU countries will be easier, creating common European data spaces. What’s more, data-driven insights will enable governments and businesses to improve the lives of EU citizens and support a prosperous economy through the development of better policies, and more innovative products and services.
Harmonization of the Rules for Accessing and Using Data as Defined by the Data Act
Let’s turn our attention to the proposed Data Act. Its purpose will be to establish harmonized rules on fair access to and use of data, fostering data sharing among businesses, and between businesses and governments. In turn, this will enable organizations to harness the full value of data in the European economy. Building on the rules of the GDPR, the Data Act will clarify who can create value from data and under what conditions, providing framework conditions for consumers to easily and securely switch between data-processing service providers. The right to data portability and the use of data will also be extended to all connected IoT devices, giving individuals and businesses more control over their data that is generated through their use of smart objects, machines, and devices. The intention is to encourage more actors to take part in the data economy, by making it easier to transfer data securely between service providers.
Investing in the EU’s Digital Future
Legislation alone is not enough if the EU is to achieve its goal of becoming a leader in the digital, data-driven economy. Areas requiring investment have been ear-marked to underpin the European strategy for data, such as data processing infrastructures, data sharing tools, architectures and governance mechanisms for data sharing, as well as artificial intelligence, cybersecurity, and cloud infrastructures. These investments combined with the extensive legal framework will not only enable the value of data across the EU to be harnessed for the greater good of society and the economy, but also give individuals and businesses peace of mind that their data is managed securely.
To learn more about how DMI’s customers fully meet the requirements of the EU GDPR for their operational and historical data, contact a member of the JiVS team.
Author: Philip Carvalho. Regional Director of Data Migration International