EU Needs to Implement Protections for Business-to-Government Data Exchange in the Data Act Proposal
**Article Title: EU Data Act Compromise Text Sets Safeguards for Public Sector Access to Private Data**
In the ongoing development of the EU Data Act, the Czech Presidency of the Council of the European Union has proposed a revised compromise text that aims to strike a balance between data sharing for the public good and safeguarding commercially sensitive information.
The proposed text ensures that the EU public sector and government sector cannot use stretched definitions of "exceptional need" or "public emergencies" to gather data when convenient for purposes other than those intended. The revised compromise text clarifies under what emergency and exceptional situations public institutions can demand access to data.
The Data Act, as originally drafted, mandated IoT businesses to make their data available to the public sector and government institutions in cases of "exceptional need." However, the revised compromise text creates specific requirements for how the public sector can treat the data, setting clear guidelines for necessity and proportionality, legal basis and oversight, transparency and notification, limitations on use, compensation, and safeguards against misuse.
While the revised compromise text does not specify the maximum timespan public institutions can hold business data, it does provide clarification on how government institutions must safeguard shared data. The Commission is urged to further amend the Data Act to clarify security measures that must be in place to protect data shared with the public sector.
The Data Act acknowledges the benefits of public use of data but insufficiently addressed the potential abuse of data sharing obligations. The revised compromise text reflects a recommendation provided by the Center for Data Innovation to the European Commission for further clarification on what qualifies as a public emergency or exceptional situation and the requirements on how the government can treat the data obtained.
The Data Act, as originally drafted, left what constitutes "exceptional need" up to government discretion on a scenario-by-scene basis. The revised compromise text, however, defines "exceptional need" scenarios as unforeseen and limited in time and scope. It also defines "public emergencies" as natural or human-induced disasters to be defined by procedural law.
The revised compromise text does not provide specific guidance for how to handle any personal data that might be included in such a request. The Commission is encouraged to further amend the Data Act to clarify what personal data can be requested and how it should be protected.
The Data Act, as it stands, does not specify guidelines for how long the public sector and government institutions can have the data. The revised compromise text, while clarifying how government institutions must safeguard shared data, does not specify how broad their requests can be regarding personal data. The Commission is urged to further amend the Data Act to address these concerns.
In conclusion, the revised compromise text of the EU Data Act sets important safeguards for public sector access to private sector data, particularly in emergency or exceptional situations. However, further refinements are necessary to ensure comprehensive protection of commercially sensitive data and personal data. The Commission is encouraged to address these remaining concerns in future amendments to the Data Act.
- The revised compromise text of the EU Data Act outlines specific requirements for how the public sector should handle data, including necessities and proportionality, legal basis and oversight, transparency and notification, limitations on use, compensation, and safeguards against misuse.
- The revised compromise text defines "exceptional need" scenarios as unforeseen and limited in time and scope, and "public emergencies" as natural or human-induced disasters to be defined by procedural law.
- The revised compromise text does not provide specific guidance for how to handle any personal data that might be included in such a request, and the Commission is encouraged to further amend the Data Act to clarify what personal data can be requested and how it should be protected.
- The revised compromise text does not specify guidelines for how long the public sector and government institutions can have the data, and the Commission is urged to further amend the Data Act to address these concerns and to clarify security measures that must be in place to protect data shared with the public sector.
