Reusing data held by public sector bodies under the DGA

Germany

The Data Governance Act should allow data collected with public funds to be reused to benefit society. 

Together with the Data Act, the Data Governance Act (DGA) forms a key pillar of the European Commission's European strategy for data, which was published in February 2020. The European strategy for data aims to create a European data economy and promote data-driven business models and innovative future technologies in the EU.

To achieve these goals, the strategy for data states that common European data spaces will be created and a new standardised legal framework for data will be established. The aim of this is to increase the marketability of data and trust in freely sharing data. The European Union (EU) sees the use of data as an important factor for greater sustainability and hopes that it will stimulate the European economy and society, affecting for example companies, start-ups, the development of new products and services and the realisation of the potential of artificial intelligence (AI), which depends largely on the use of large volumes of data to train it.

The DGA's broad definition of data and access to data

While the Data Act that came into force on 11 January 2024 requires companies to disclose data if a user of a data-generating product requests this, European legislators want to create a legal framework for data sharing in the European Single Market by adopting the DGA, which entered into force on 23 June 2022. Article 2 (1) DGA defines the term "data" broadly

as any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording.

Data as defined in the DGA therefore includes both personal and non-personal data. This broad definition inevitably raises questions of demarcation from the European General Data Protection Regulation (GDPR) and laws on trade secrets (on the relationship between the Data Act and the GDPR: Disharmony between Data Act and GDPR).

According to recital 2 DGA, the stated objectives of the DGA are to provide neutral access to data, ensure interoperability and prevent lock-in effects. The benefits of extensive data utilisation, which are mostly available to tech giants, should also be made available to SMEs and start-ups in particular (see recital 2 DGA). To facilitate access to and utilisation of data, the DGA provides for rules for reusing certain data held by public sector bodies and rules on data altruism. The rules in the DGA regarding what it calls data intermediation services are aimed at ensuring interoperability. A body called the European Data Innovation Board is to be set up to provide support. 

In this article, we will explain the rules for reusing certain data held by public sector bodies under the DGA.

Reusing certain data held by public sector bodies pursuant to Chapter II DGA

The DGA is divided into eight chapters. Chapters II to IV form the core of the DGA but do not have a single target audience. Instead, it consists of self-contained scopes of application that are only connected by a loose common framework. Chapter II DGA, which is our focus in this blog post, concerns the re-use of data held by public sector bodies. 

The DGA aims to ensure that data collected by public sector bodies using public funds will be used to the benefit of society (see recital 6 DGA). Articles 3 to 9 DGA are intended to give non-public sector bodies better opportunities to utilise data held by public sector bodies. However, the DGA does not create any obligation for public sector bodies to permit third parties to reuse "their" data (Article 1 (2) sentence 1 DGA). Instead, the European Regulation clarifies in recital 11 DGA that each EU Member State can decide whether to make data available for re-use and, with regard to the purposes and scope of data access, how to make the data available.

Who is the target audience and what falls within the scope of Chapter II DGA?

The provisions of Chapter II DGA apply to public sector bodies and only to data that are held by a public sector body and are also protected for one of the following reasons: 

  • The data are subject to commercial confidentiality (including trade, professional and company secrets, Article 3 (1) (a) DGA) or "statistical confidentiality" (b);
  • The data are subject to third-party intellectual property rights (c)) or
  • The data are personal data, insofar as these data are not covered by the scope of the Directive on open data and the re-use of public sector information (PSI Directive, (EU) 2019/1024) (d)). 

According to Article 3 (2) DGA, data of public undertakings, public service broadcasters or educational and cultural establishments (recital 12 DGA mentions libraries, archives, museums and theatres as examples) as well as data protected for reasons of public or national security are excluded from the scope of application.

The DGA establishes conditions for reusing data from public sector bodies

If a public sector body authorises re-use of data in its possession, it must ensure compliance with the "conditions" set out in Article 5 DGA. These rules are intended to build trust in the use of data and protect any third-party rights. For example, pursuant to Article 5 (1) DGA, the public sector body must make the conditions for allowing re-use and the procedure to request the re-use publicly available via single information points as defined in Article 8 DGA and, pursuant to Article 5 (2) DGA, must ensure that re-use is non-discriminatory, transparent, proportionate and objectively justified and does not hinder competition. 

To ensure data protection and confidentiality, personal data must be anonymised (Article 5 (3) (a) (i) DGA) and confidential business information or content subject to intellectual property protection must be modified, aggregated or treated by methods of disclosure control (Article 5 (3) (a) (ii) DGA). Article 5 (9) ff. DGA provides for further obligations concerning the transfer of confidential non-personal data or content protected by intellectual property rights to certain third countries. These include assurance of a level of protection. 

The competent public sector bodies pursuant to Articles 7, 9 DGA decide upon request whether to grant permission to reuse the data categories as defined in Article 3 DGA. To manage the tasks that the DGA imposes on public sector bodies, Article 7 (1) DGA requires Member States to designate or establish one or more bodies as competent contact points for different sectors to assist public institutions in fulfilling their obligations and disclosing data. The Member States had to notify the EU Commission of the designated bodies by 24 September 2023 (Article 7 (5) sentence 1 DGA).

Exclusive arrangements prohibited under the DGA

Article 4 (1) DGA generally prohibits exclusive arrangements and similar practices in relation to data held by public sector bodies. This means the DGA prohibits granting exclusive rights and contractually or practically restricting data availability to the exclusion of other facilities to the benefit of one individual. 

The prohibition of exclusive arrangements ensures equal treatment of those interested in the data as well as wide data availability and prevents the data covered by Article 3 (1) DGA from being monopolised to the benefit of individuals. An exception should be allowed if the exclusive permission for re-use is in the general interest, is necessary for the provision of a service or product and is impossible by any other means; in such cases, an exclusive right may be granted by administrative act or by a contractual arrangement compatible with Union and national law, provided that it complies with the principles of transparency, equal treatment and non-discrimination, is limited in duration to 12 months and is publicly available (Article 4 (2) to (5) DGA). 

Arrangements concluded before 23 June 2022 that are subject to the prohibition in Article 4 (1) DGA but do not meet the conditions set out in Article 4 (2) to (5) DGA are to be terminated by the end of the contract and in any event by 24 December 2024 and not renewed (Article 4 (6) DGA, recital 14 DGA).

Public sector bodies may charge fees for re-use

The re-use of data held by public sector entities may be made subject to payment of a fee. According to Article 6 (1) DGA, public sector bodies have the option of charging fees for permission for re-use. The details of how this is organised are left to the Member States (Article 6 (6) sentence 1 DGA). However, Article 6 (2) and (3) DGA stipulate that the fees must not restrict competition and must be transparent, non-discriminatory, proportionate, objectively justified and payable using common payment methods. To ensure that the obligation to pay fees does not stand in the way of the extensive and uniform use of data that the EU envisages, Article 6 (4) DGA requires public sector bodies to create incentives (e.g. fee reductions) to encourage SMEs, start-ups, educational institutions and others to reuse data even if fees are charged.

So will public sector bodies' data soon be widely available?

It remains to be seen what instruments public sector bodies will use and otherwise how they will make their data available for re-use in order to meet the requirements of the DGA, which has been in force since 24 September 2023. Projects related to effective use of data can be found in the strategy for data published by the German government in August 2023 (in German). Technical obstacles, a lack of digital infrastructure, staff shortages and the implementation of the application and processing procedure are practical barriers that need to be overcome in order to realise the vision of the European strategy for data in the day-to-day work of public sector bodies. 

Please also visit our CMS Insight page "Data Law".

For more information on the Data Act contact your CMS client partner or these CMS experts:
Philippe Heinzke, Julia Dreyer, Björn Herbers, Michael Kraus, Tom De Cordier, Italo de Feo, María González Gordon, Johannes Juranek, Ian Stevens.