Data Governance Act
Data Governance Act
Overview
The Data Governance Act (DGA) establishes the framework for voluntary data sharing in the EU. It creates mechanisms to increase trust in data sharing, sets up governance structures for data intermediaries, and promotes data altruism for the common good.[1]
The DGA works alongside the Data Act to form the EU's data strategy, with DGA focusing on governance and trust, while the Data Act addresses data access rights.
Key Pillars
1. Re-use of Public Sector Data
Conditions for re-using protected data held by public bodies:
| Condition | Requirement |
|---|---|
| Technical environment | Secure processing environment |
| Confidentiality preservation | Anonymization, aggregation, or access controls |
| Non-discrimination | Same terms for similar data use |
| Fee transparency | Proportionate, non-exclusive charges |
Applies to data protected by commercial confidentiality, statistical confidentiality, third-party intellectual property, and personal data protection.
2. Data Intermediation Services[2]
Data intermediaries connecting data holders with data users must:
- Notify competent authority before providing services
- Act as neutral brokers: Cannot use data for own purposes
- Separate services: Keep data intermediation separate from other services
- Fair pricing: Transparent and reasonable commercial terms
- Security measures: Appropriate technical security
Types of data intermediaries: Data marketplaces and exchanges, Personal data management services (PIMS), and Data cooperatives.
3. Data Altruism Organizations
Organizations collecting and sharing data for general interest purposes.
Recognition requirements:
- Non-profit, independent of data-using entities
- Transparent about objectives and data use
- Registered in national public register
- Use European data altruism consent form
General interest purposes include healthcare research, climate change mitigation, public mobility improvement, and official statistics production.
4. European Data Innovation Board
Advisory body established to advise on data intermediation and altruism, facilitate interoperability of data-sharing services, coordinate national practices, and develop model contractual terms.
Requirements for Data Holders
Public sector bodies with protected data must:
- Assess re-use requests within reasonable timeframes
- Provide technical access through secure means
- Ensure anonymization or protective measures
- Document conditions for data access
- Charge proportionate fees if applicable
Requirements for Data Intermediaries
Before operating, intermediaries must notify with:
- Legal entity name and status
- Main establishment address
- Website and contact details
- Service description
- Estimated start date
Operating requirements:
- Separate data intermediation from other business lines
- Do not use data for intermediary's own purposes
- Implement appropriate security measures
- Ensure fair, transparent pricing
- Maintain logs of data sharing activities
- Facilitate data portability
Penalties
Member States determine penalties, which vary but must be effective, proportionate, and dissuasive.
Non-compliant intermediaries may be removed from public registers.
Relationship with Other Regulations
| Regulation | Relationship |
|---|---|
| GDPR | DGA operates without prejudice to GDPR; personal data processing must comply with both |
| Data Act | Complementary; Data Act provides access rights, DGA provides governance |
| DSA | Online platforms subject to both; DGA adds data sharing governance |
Developer Implications
If you operate data services:
- Assess if data intermediary: Do you facilitate data sharing between third parties?
- Check notification requirements: Register with competent authority
- Implement separation: Keep data intermediation technically and operationally separate
- Neutral operations: Ensure you don't use brokered data for own purposes
- Consider data altruism: Offer users data donation options