The European Commission Proposes New EU Data Sharing Rules, Expands Restrictions for International Transfers of Certain Data

November 25, 2020

Brussels, BELGIUM — The European Commission published a new proposal today, the Data Governance Act, to facilitate data sharing among public and private organisations. The legislative proposal also sets out conditions for people to share their data for the public good in the name of “data altruism”.

Today’s proposal seeks to provide legal certainty for companies, the public sector and individuals when they voluntarily share data. It creates a European consent form that individuals may fill out when sharing their data with organisations for health research. It also mandates single points of contact in each Member State so that public bodies can be best advised on what, when, and how data may be shared. 

While today’s proposal does not feature an explicit data localisation requirement, it permits public bodies to do so. The regulation also imposes GDPR-like restrictions to transfer certain non-personal data outside the European Union. Finally, this proposal would allow the European Commission to declare specific third countries “adequate” for the transfer of non-personal, commercial data. It is unclear if and how this complies with the EU’s trade obligations.

The following can be attributed to Alexandre Roure, CCIA Public Policy Senior Manager:

Data sharing drives innovation and social benefits, and this proposal takes steps towards that. We hope EU lawmakers will ensure that new data-sharing rules remain open, non-discriminatory and avoid unjustified data transfer restrictions, in full compliance with EU’s trade commitments.” 

“As our economies become more digital, the ability to move data becomes increasingly important. Unjustified data transfer restrictions in themselves do not increase trust. They do, however, make it more difficult to do business with the rest of the world. Businesses need fewer, not more, restrictions on international data transfers.”

Related Articles

Cybersecurity: EU Cloud Requirements Risk Excluding International Suppliers, Global Businesses Warn

Brussels, BELGIUM – A broad coalition of business associations from around the world is calling on the EU to refrain from adopting new requirements that discriminate against legitimate suppliers of cloud services, which would not only limit Europe’s cloud choice but also undermine effective cybersecurity. The 13 signatories, representing both cloud users and vendors operating…

CCIA Files Comments On FTC Proposal To Expand Jurisdiction On Privacy Rules

Washington –  The Computer & Communications Industry Association submitted comments to the Federal Trade Commission (FTC) Monday in response to the agency’s Advanced Notice of Proposed Rulemaking on whether it should consider new trade rules on the collection, use and transfer of consumer data. CCIA noted that the FTC’s rulemaking and enforcement authority is limited…

CCIA Offers Comments On Implementing California Privacy Protections

Washington – As the California Privacy Protection Agency closed its 15-day public comment period regarding suggested modifications to privacy regulations under the California Privacy Rights Act on November 7,  the Computer & Communications Industry Association offered suggestions today on how to implement the rules in ways that protect consumers, improve clarity and protect innovation.  CCIA…