EUROPEAN COMMISSION

Brussels, 19.2.2020

COM(2020) 66 final

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

A European strategy for data

A European strategy for data

1.Introduction

Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and the daily lives of all Europeans. Data is at the centre of this transformation and more is to come. Data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility and through its contribution to the European Green Deal. In a society where individuals will generate ever-increasing amounts of data, the way in which the data are collected and used must place the interests of the individual first, in accordance with European values, fundamental rights and rules. Citizens will trust and embrace data-driven innovations only if they are confident that any personal data sharing in the EU will be subject to full compliance with the EU’s strict data protection rules. At the same time, the increasing volume of non-personal industrial data and public data in Europe, combined with technological change in how the data is stored and processed, will constitute a potential source of growth and innovation that should be tapped.

Citizens should be empowered to make better decisions based on insights gleaned from non-personal data. And that data should be available to all – whether public or private, big or small, start-up or giant. This will help society to get the most out of innovation and competition and ensure that everyone benefits from a digital dividend. This digital Europe should reflect the best of Europe - open, fair, diverse, democratic, and confident.

The EU can become a leading role model for a society empowered by data to make better decisions – in business and the public sector. To fulfil this ambition, the EU can build on a strong legal framework – in terms of data protection, fundamental rights, safety and cyber-security – and its internal market with competitive companies of all sizes and varied industrial base. If the EU is to acquire a leading role in the data economy, it has to act now and tackle, in a concerted manner, issues ranging from connectivity to processing and storage of data, computing power and cybersecurity. Moreover, it will have to improve its governance structures for handling data and to increase its pools of quality data available for use and re-use.

Ultimately, Europe aims to capture the benefits of better use of data, including greater productivity and competitive markets, but also improvements in health and well-being, environment, transparent governance and convenient public services. The measures laid out in this paper contribute to a comprehensive approach to the data economy that aim to increase the use of, and demand for, data and data-enabled products and services throughout the Single Market.

This Communication outlines a strategy for policy measures and investments to enable the data economy for the coming five years. This data strategy is presented at the same time as the Commission’s Communication on “Shaping Europe’s digital future” and a White Paper on artificial intelligence that indicates how the Commission will support and promote the development and uptake of artificial intelligence across the EU.

On the basis of this strategy, the Commission launches a comprehensive consultation on the specific measures that could be taken to keep the EU at the forefront of the data-agile economy, while respecting and promoting the fundamental values that are the foundation of European societies.

2.What is at stake?

Growing data volumes and technological change

The volume of data produced in the world is growing rapidly, from 33 zettabytes in 2018 to an expected 175 zettabytes in 2025 1 . Each new wave of data represents major opportunities for the EU to become a world leader in this area. Furthermore, the way in which data is stored and processed will change dramatically over the coming 5 years. Today 80% of the processing and analysis of data takes place in data centres and centralised computing facilities, and 20% in smart connected objects, such as cars, home appliances or manufacturing robots, and in computing facilities close to the user (‘edge computing’). By 2025 these proportions are likely to be inverted 2 . Aside from the economic and sustainability advantages that this development presents, it opens up additional opportunities for businesses to develop tools for data producers to increase control over their own data.

The importance of data for the economy and society

Data will reshape the way we produce, consume and live. Benefits will be felt in every single aspect of our lives, ranging from more conscious energy consumption and product, material and food traceability, to healthier lives and better health-care.

Data is the lifeblood of economic development: it is the basis for many new products and services, driving productivity and resource efficiency gains across all sectors of the economy, allowing for more personalised products and services and enabling better policy making and upgrading government services. It is an essential resource for start-ups and small and medium-sized enterprises (SMEs) in developing products and services. The availability of data is essential for training artificial intelligence systems, with products and services rapidly moving from pattern recognition and insight generation to more sophisticated forecasting techniques and, thus, better decisions.

Data will also fuel the wide implementation of transformative practices such as the use of digital twins in manufacturing.

Moreover, making more data available and improving the way in which data is used is essential for tackling societal, climate and environment-related challenges, contributing to healthier, more prosperous and more sustainable societies. It will for example lead to better policies to achieve the objectives of the European Green Deal. At the same time, the current environmental footprint of the ICT sector is estimated to be between 5 to 9% of the world’s total electricity use and more than 2% of all emissions, a large part of which is due to data centres, cloud services and connectivity. The EU’s digital strategy ‘Shaping Europe’s digital future’ proposes green transformation measures for the ICT sector.

The EU has everything to play for in the data economy of the future

Currently, a small number of Big Tech firms hold a large part of the world’s data. This could reduce the incentives for data-driven businesses to emerge, grow and innovate in the EU today, but numerous opportunities lie ahead. A large part of the data of the future will come from industrial and professional applications, areas of public interest or internet-of-things applications in everyday life, areas where the EU is strong. Opportunities will also arise from technological change, with new perspectives for European business in areas such as cloud at the edge, from digital solutions for safety critical applications, and also from quantum computing. These trends indicate that the winners of today will not necessarily be the winners of tomorrow. But the sources of competitiveness for the next decades in the data economy are determined now. This is why the EU should act now .

The EU has the potential to be successful in the data-agile economy. It has the technology, the know-how and a highly skilled workforce. However, competitors such as China and the US are already innovating quickly and projecting their concepts of data access and use across the globe. In the US, the organisation of the data space is left to the private sector, with considerable concentration effects. China has a combination of government surveillance with a strong control of Big Tech companies over massive amounts of data without sufficient safeguards for individuals.

In order to release Europe’s potential we have to find our European way, balancing the flow and wide use of data, while preserving high privacy, security, safety and ethical standards.

What has been done so far?

The Commission has already taken a number of steps since 2014. With the General Data Protection Regulation (GDPR) 3 , the EU created a solid framework for digital trust. The upcoming review of the GDPR may provide further useful elements in this regard. Other initiatives that have fostered the development ofthe data economy are the Regulation on the free flow of non-personal data (FFD) 4 , the Cybersecurity Act (CSA) 5 , and the Open Data Directive 6 . The Commission had also engaged in digital diplomacy recognising 13 countries as providing adequate level of protection for personal data.

Sector-specific legislation on data access has also been adopted in some fields to address identified market failures, such as automotive 7 , payment service providers 8 , smart metering information 9 , electricity network data 10 , or intelligent transport systems 11 . The Digital Content Directive 12 contributed to empowering individuals by introducing contractual rights when digital services are supplied to consumers who provide access to their data.

3.The vision

The Commission’s vision stems from European values and fundamental rights and the conviction that the human being is and should remain at the centre. The Commission is convinced that businesses and the public sector in the EU can be empowered through the use of data to make better decisions. It is all the more compelling to seize the opportunity presented by data for social and economic good, as data – unlike most economic resources – can be replicated at close to zero cost and its use by one person or organisation does not prevent the simultaneous use by another person or organisation. That potential should be put to work to address the needs of individuals and thus create value for the economy and society. To release this potential, there is a need to ensure better access to data and its responsible usage.

The EU should create an attractive policy environment so that, by 2030, the EU’s share of the data economy – data stored, processed and put to valuable use in Europe - at least corresponds to its economic weight, not by fiat but by choice. The aim is to create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint. It should be a space where EU law can be enforced effectively, and where all data-driven products and services comply with the relevant norms of the EU’s single market. To this end, the EU should combine fit-for-purpose legislation and governance to ensure availability of data, with investments in standards, tools and infrastructures as well as competences for handling data. This favourable context, promoting incentives and choice, will lead to more data being stored and processed in the EU.

The European data space will give businesses in the EU the possibility to build on the scale of the Single market. Common European rules and efficient enforcement mechanisms should ensure that:

-data can flow within the EU and across sectors;

-European rules and values, in particular personal data protection, consumer protection legislation and competition law, are fully respected;

-the rules for access to and use of data are fair, practical and clear, and there are clear and trustworthy data governance mechanisms in place;there is an open, but assertive approach to international data flows, based on European values.

The steps listed here to enable access to data need to be complemented with a broader industrial strategy for the data-agile economy. Data spaces should foster an ecosystem (of companies, civil society and individuals) creating new products and services based on more accessible data. Public policy can increase demand for data-enabled offerings, both by increasing the public sector’s own ability to employ data for decision-making and public services and by updating regulation and sectoral policies to reflect the opportunities provided by data and ensure that they do not maintain disincentives for productive data use.

The functioning of the European data space will depend on the capacity of the EU to invest in next-generation technologies and infrastructures as well as in digital competences like data literacy. This in turn will increase Europe’s technological sovereignty in key enabling technologies and infrastructures for the data economy. The infrastructures should support the creation of European data pools enabling Big Data analytics and machine learning, in a manner compliant with data protection legislation and competition law, allowing the emergence of data-driven ecosystems. These pools may be organised in a centralised or a distributed way 13 . The organisations contributing data would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or licence fees.

While data is essential for all sectors of the economy and society, each domain has its own specificities and not all sectors are moving at the same speed. Therefore, cross-sectoral actions towards a European data space need to be accompanied by the development of sectoral data spaces in strategic areas such as manufacturing, agriculture, health, and mobility.

4.The problems

Several issues are holding the EU back from realising its potential in the data economy.

Fragmentation between Member States is a major risk for the vision of a common European data space and for the further development of a genuine single market for data. A number of Member States have started with adaptations of their legal framework, such as on use of privately-held data by government authorities 14 , data processing for scientific research purposes 15 , or adaptations to competition law 16 . Others are only starting to explore how to handle the issues at stake. The emerging differences underline the importance of common action in order to leverage the scale of the internal market. Progress will need to be made together on the following issues:

Availability of data: The value of data lies in its use and re-use. Currently there is not enough data available for innovative re-use, including for the development of artificial intelligence. The issues can be grouped according to who is the data holder and who is the data user, but also depend on the nature of data involved (i.e. personal data, non-personal data, or mixed data-sets combining the two 17 ). Several of the issues concern the availability of data for the public good.

-Use of public sector information by business (government-to-business – G2B – data sharing). Opening up government-held information is a long-standing EU policy 18 . This data has been produced with public money and should therefore benefit society. The recently revised Open Data Directive 19 as well as other sector-specific legislation ensures that the public sector makes more of the data it produces easily available for use 20 , in particular by SMEs but also for civil society, and the scientific community, in the framework of independent public policy evaluations. However, governments can do more. High-value datasets are often not available under the same conditions across the EU to the detriment of the use of the data by SMEs that cannot afford this fragmentation. At the same time, sensitive data (e.g. health data) in public databases is often not made available for research purposes, in the absence of capacity or mechanisms that allow specific research actions to be taken in a manner compliant with personal data protection rules.

-Sharing and use of privately-held data by other companies (business-to-business – B2B – data-sharing). In spite of the economic potential, data sharing between companies has not taken off at sufficient scale. This is due to a lack of economic incentives (including the fear of losing a competitive edge), lack of trust between economic operators that the data will be used in line with contractual agreements, imbalances in negotiating power, the fear of misappropriation of the data by third parties, and a lack of legal clarity on who can do what with the data (for example for co-created data, in particular IoT data).

-Use of privately-held data by government authorities (business-to-government – B2G – data sharing). There is currently not enough private sector data available for use by the public sector to improve evidence-driven policy-making 21 and public services such as mobility management or enhancing the scope and timeliness of official statistics 22 , and hence their relevance in the context of new societal developments. The recommendations of an Expert Group 23 created by the Commission, include the creation of national structures for B2G data sharing, the development of appropriate incentives to create a data-sharing culture, and the suggestion to explore an EU regulatory framework to govern the public sector’s re-use for the public interest of privately-held data..

-Sharing of data between public authorities is equally important. It can make a considerable contribution to improving policy making and public services, but also to reduce the administrative burden on companies operating in the Single Market (‘once only’ principle).

Imbalances in market power: Beside the high concentration in the provision of cloud services and data infrastructures, there are also market imbalances in relation to access to and use of data, for example when it comes to access to data by SMEs. A case in point comes from large online platforms, where a small number of players may accumulate large amounts of data, gathering important insights and competitive advantages from the richness and variety of the data they hold. This can affect, in turn, the contestability of markets in specific cases – not only the market for such platform services, but also the various specific markets for goods and services served by the platform, in particular if the platform is itself active on such related markets. The high degree of market power resulting from the ‘data advantage’ can enable large players to set the rules on the platform and unilaterally impose conditions for access and use of data or, indeed, allow leveraging of such ‘power advantage’ when developing new services and expanding towards new markets. Imbalances may also arise in other situations, such as with regard to access to co-generated IoT data from industrial and consumer devices.

Data interoperability and quality: Data interoperability and quality, as well as their structure, authenticity and integrity are key for the exploitation of the data value, especially in the context of AI deployment. Data producers and users have identified significant interoperability issues which impede the combination of data from different sources within sectors, and even more so between sectors. The application of standard and shared compatible formats and protocols for gathering and processing data from different sources in a coherent and interoperable manner across sectors and vertical markets should be encouraged through the rolling plan for ICT standardisation 24 and (as regards public services) a strengthened European Interoperability Framework. 25

Data governance: There have been calls to further reinforce the governance of data use in society and the economy. 26 For these data spaces to become operational, organisational approaches and structures (both public and private) are needed that enable data-driven innovation on the basis of the existing legal framework.

Data infrastructures and technologies: The digital transformation of the EU economy depends on the availability and uptake of secure, energy-efficient, affordable and high-quality data processing capacities, such as those offered by cloud infrastructures and services, both in data centres and at the edge. In this perspective, the EU needs to reduce its technological dependencies in these strategic infrastructures, at the centre of the data economy.

However problems persist on both the supply and demand side of cloud.

On the supply side:

-EU-based cloud providers have only a small share of the cloud market, which makes the EU highly dependent on external providers, vulnerable to external data threats and subject to a loss of investment potential for the European digital industry in the data processing market;

-Service providers operating in the EU may also be subject to legislation of third countries, which presents the risk that data of EU citizens and businesses are accessed by third country jurisdictions that are in contradiction with the EU’s data protection framework. In particular, concerns have been voiced about several Chinese laws related to cybersecurity and national intelligence.

-While third country legislations like the U.S. CLOUD Act are based on public policy reasons such as law enforcement access to data for criminal investigations, the application of foreign jurisdictions’ legislation raises legitimate concerns for European businesses, citizens and public authorities over legal uncertainty and compliance with applicable EU law, such as data protection rules. The EU is acting to mitigate such concerns through mutually beneficial international cooperation, such as the proposed EU-U.S. Agreement to facilitate cross border access to electronic evidence, alleviating the risk of conflict of laws and establishing clear safeguards for the data of EU citizens and companies. The EU is also working at the multilateral level, including in the context of the Council of Europe, to develop common rules on access to electronic evidence, based on a high level of protection of fundamental and procedural rights.

-There is uncertainty about compliance of cloud service providers with important EU rules and standards, for example on data protection.

-Micro-enterprises and SMEs suffer economic detriment because of contract-related problems, e.g. non-conformity with the contract or unfair contract terms. 27

On the demand side:

-There is a low cloud uptake in Europe (1 company in 4, only 1 in 5 for SMEs 28 ). Significant divergences in cloud uptake exist between Member States (from below 10% to up to 65% of businesses using cloud);

-Specifically, cloud uptake in the European public sector is low. This may lead to less efficient digital public services, not only because of the clear potential to cut IT costs by cloud adoption, but also because governments need the scalability of cloud computing to deploy technologies like Artificial Intelligence.

-There is frequently insufficient visibility on the market of smaller, often European, providers of innovative cloud services.

-European businesses often experience problems with multi-cloud interoperability, in particular data portability.

Empowering individuals to exercise their rights: Individuals value the high level of protection granted by the GDPR and ePrivacy legislation. However, they suffer from the absence of technical tools and standards that make the exercise of their rights simple and not overly burdensome. The potential of Article 20 of the GDPR to enable novel data flows and foster competition is recognised in reports for the Commission and Member State governments 29 , not limited to the EU 30 . Yet, as a result of its design to enable switching of service providers rather than enabling data reuse in digital ecosystems the right has practical limitations.

Since increasingly large amounts of data are generated by consumers when they use IoT devices and digital services, consumers may be faced with risks of discrimination, unfair practices and ‘lock-in’ effects. Considerations of consumer and innovation empowerment underlie the provisions on data access and reuse of the Payment Services Directive

In response to this, there are calls to give individuals the tools and means to decide at a granular level what is done with their data (by the MyData movement and others) 31 . This promises significant benefits to individuals, including to their health and wellness, better personal finances, reduced environmental footprint, hassle-free access to public and private services and greater oversight and transparency over their personal data. Those tools and means include consent management tools, personal information management apps, including fully decentralised solutions building on blockchain, as well as personal data cooperatives or trusts acting as novel neutral intermediaries in the personal data economy 32 . Currently such tools are still in their infancy, although they have significant potential and need a supportive environment.

Skills and data literacy: Currently, big data and analytics are top of the list of critical skills shortages. In 2017, there were approximately 496 000 unfilled positions in the area of big data and analytics in the EU27 33 . Moreover, general data literacy in the workforce and across the population is relatively low and participation gaps exist (for example by elderly people). If it is not addressed, the shortage in data experts and the lack of data literacy will affect the EU’s capacity to master the challenges of the data economy and society.

Cybersecurity: In the area of cybersecurity Europe has developed an already comprehensive framework to support Member States, businesses and citizens to tackle cybersecurity threats and attacks, and Europe will continue to develop and improve its mechanisms to protect its data and the services building on it. The safe and widespread use of data-fuelled products and services will also depend on the highest cybersecurity standards. The EU Cybersecurity Certification Framework and the EU Agency for Cybersecurity (ENISA) 34 are expected to play an important role towards that endeavour.

However, the new data paradigm where less data will be stored in data centres, and more data will be spread in a pervasive way closer to the user ‘at the edge’, brings new challenges for cybersecurity. It will be essential to preserve data security when data are being exchanged. Ensuring the continuity of access controls (i.e. how security attributes of data are managed and respected) across data value chains will be a key, but demanding, pre-requisite to foster data sharing and ensure trust among the different actors of European data ecosystems.

5.The strategy

This European data strategy serves to realise the vision for a genuine single market for data and tackles the problems identified through policy measures and funding, building on what has already been achieved in the last few years.

Each of the new legislative measures will be prepared and assessed in full compliance with the Better Regulation principles.

The actions are based on four pillars:

A.A cross-sectoral governance framework for data access and use

Cross-sectoral (or horizontal) measures for data access and use should create the necessary over-arching framework for the data-agile economy, thereby avoiding harmful fragmentation of the internal market through inconsistent actions between sectors and between the Member States. Such measures should nonetheless take into account the specificities of individual sectors and of the Member States.

The Commission’s approach to regulation is to create frameworks that shape the context, allowing lively, dynamic and vivid ecosystems to develop. Because it is difficult to fully comprehend all elements of this transformation towards a data-agile economy, the Commission deliberately abstains from overly detailed, heavy-handed ex ante regulation, and will prefer an agile approach to governance that favours experimentation (such as regulatory sandboxes), iteration, and differentiation.

In line with this principle, a first priority for operationalising the vision is to put in place an enabling legislative framework for the governance of common European data spaces (Q4 2020). Such governance structures should support decisions on what data can be used in which situations, facilitate cross-border data use, and prioritise interoperability requirements and standards within and across sectors, while taking into account the need for sectoral authorities to specify sectoral requirements. The framework will reinforce the necessary structures in the Member States and at EU level to facilitate the use of data for innovative business ideas, both at sector- or domain-specific level and from a cross-sector perspective. It will build on recent initiatives in the Member States 35 and in individual sectors to address one or more of the following issues:

-strengthen the governance mechanisms at EU level and in the Member States relevant for cross-sector data use and for data use in the common sectoral data spaces, involving both private and public players. This could include a mechanism to prioritise standardisation activities 36 and to work towards a more harmonised description and overview of datasets, data objects and identifiers to foster data interoperability (i.e. their usability at a technical level 37 ) between sectors and, where relevant, within sectors 38 . This can be done in line with the principles on Findability, Accessibility, Interoperability and Reusability (FAIR) of data taking into account the developments and decisions of sector-specific authorities;

-facilitate decisions on which data can be used, how and by whom for scientific research purposes in a manner compliant with the GDPR. This is particularly relevant for publicly-held databases with sensitive data not covered by the Open Data Directive;

-make it easier for individuals to allow the use of the data they generate for the public good, if they wish to do so (‘data altruism’), in compliance with the GDPR.

Secondly, the Commission will work on making more high-quality public sector data available for re-use, in particular in view of its potential for SMEs. In order to open up key public sector reference data sets for innovation, it shall start the procedure for the adoption of an Implementing act on high-value data sets (Q1 2021) under the Open Data Directive, making these data sets available across the EU for free, in machine-readable format and through standardised Application Programming Interfaces (APIs). The Commission will look into mechanisms to take into account the particular needs of SMEs. It will also assist the Member States to ensure a timely and accurate transposition of the new rules of the Open Data Directive by 17 July 2021.

Third, the Commission will explore the need for legislative action on issues that affect relations between actors in the data-agile economy to provide incentives for horizontal data sharing across sectors (complementing data sharing within sectors as described in the appendix)). One or more of the following issues could be taken forward in a Data Act (2021):

-Foster business-to-government data sharing for the public interest also in the light of the recommendations included in the report of the Expert Group on Business-to-Government Data Sharing).

-support business-to-business data sharing, in particular addressing issues related to usage rights for co-generated data (such as IoT data in industrial settings), typically laid down in private contracts. The Commission will also seek to identify and address any undue existing hurdles hindering data sharing and to clarify rules for the responsible use of data (such as legal liability). The general principle shall be to facilitate voluntary data sharing.

-only where specific circumstances so dictate 39 , access to data should be made compulsory, where appropriate under fair, transparent, reasonable, proportionate and/or non-discriminatory conditions 40 .

-evaluating the IPR framework with a view to further enhance data access and use (including a possible revision of the Database Directive 41 and a possible clarification of the application of the Trade Secrets Protection Directive 42 as an enabling framework).

Furthermore, the Commission will assess what measures are necessary to establish data pools for data analysis and machine learning.

The Commission will provide more guidance to stakeholders on the compliance of data sharing and pooling arrangements with EU competition law by means of an update of the Horizontal Co-operation Guidelines 43 . The Commission is also prepared to provide additional individual project-related guidance on the compatibility with EU competition rules, if needed. In the exercise of its merger control powers, the Commission will look closely at the possible effects on competition of large-scale data accumulation through acquisitions and at the utility of data-access or data-sharing remedies to resolve any concerns.

In its ongoing review of a number of State Aid guidelines, the Commission will examine the relationship between public support to undertakings (e.g. for digital transformation) and the minimisation of competition distortions through data-sharing requirements for beneficiaries.

The review of the current self-regulatory approach for cloud provider switching 44 could lead to further action, depending on the progress made by market players.

The Commission will also consider jurisdictional issues related to data. These issues create uncertainty for businesses which may face conflicting rules. The EU should not compromise on its principles: all companies which sell goods or provide services related to the data-agile economy in the EU must respect EU legislation and this should not be compromised by jurisdictional claims from outside the EU.

The Commission will consider measures that facilitate the use of data in products and services and increase demand for data-enabled services. Sectoral reviews should identify regulatory and non-regulatory obstacles to the use of data and data-enabled offerings. Increased availability and standardisation of data should also facilitate real-time and cross-border compliance, leading to reductions in administrative burdens and barriers to the Single Market. Furthermore, governments can also foster demand through increased use of data-analytics and automated services in public services and decision making.

The accumulation of vast amounts of data by Big Tech companies, the role of data in creating or reinforcing imbalances in bargaining power and the way these companies use and share the data across sectors is being analysed by the Observatory of the Online Platforms Economy. The issue will not be addressed as part of the Data Act, but under the broader fact-finding around the high degree of market power of certain platforms and also in the context of the Commission’s work on the Digital Services Act package. On the basis of this fact-finding, the Commission will consider how best to address more systemic issues related to platforms and data, including by ex ante regulation if appropriate, to ensure that markets stay open and fair.

Leading by example

The Commission will strive for excellence in the way it organises its own data, uses the data for better policy making, and makes the data it produces and funds available to others, including through the EU Open Data Portal 45 .

The EU will continue to make data resulting from its research and deployment programmes available in line with the principle ‘as open as possible, as closed as necessary’, and will continue to facilitate discovery, sharing of, access to and reuse of data and services by researchers through the European Open Science Cloud (EOSC) 46 .

The EU will also contribute data and infrastructure from the Copernicus earth observation programme to underpinning the European data spaces where relevant. At the same time, enhancing the Copernicus ecosystem through the application of European digital technological solutions will offer new innovation opportunities to the data spaces constituency, both public and private.

The EU will seek to make increased use of data and data analytics in its internal processes and as an input to Commission decision-making and reviews of existing policy

B.Enablers: Investments in data and strengthening Europe’s capabilities and infrastructures for hosting, processing and using data, interoperability

Europe’s data strategy relies on a thriving ecosystem of private actors to create economic and societal value from data. Start-ups and scale-ups will play a key role in developing and growing disruptive new business models that fully take advantage of the data revolution. Europe should offer an environment that supports data-driven innovation and stimulates demand for products and services that rely on data as an important factor of production.

Making rapid progress on data-driven innovation in strategic areas requires investments, both from the private and public sectors. The Commission will use its convening power as well as EU funding programmes to strengthen Europe’s technological sovereignty for the data-agile economy. This will be done through standard setting, tool development, best practices collection on how to deal with personal data (especially around pseudonymization) as well as build-out of next-generation infrastructures for data processing. Where relevant, the investments will be co-ordinated with relevant authorities in Member States and paired, in line with state aid rules, with national and regional funding and with investments through the structural and investment funds.

In the period 2021-2027, the Commission will invest in a High Impact Project on European data spaces and federated cloud infrastructures..

The project will fund infrastructures, data-sharing tools, architectures and governance mechanisms for thriving data-sharing and Artificial Intelligence ecosystems. It will be based on the European federation (i.e. interconnection) of energy-efficient and trustworthy edge and cloud infrastructures (Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service services). It will address the specific needs of industries in the EU, including hybrid cloud deployment models that allow data processing at the edge with no latency (cloud-to-edge). This project will involve and benefit the European ecosystem of data-intensive companies, and will support European companies and the public sector in their digital transformation.

For this project to be credible as a pan-European initiative, it needs an adequate level of investment. The Member States and industry are expected to co-invest with the Commission in the project, which could arrive at a total funding in the order of €4-6 billion, of which the Commission could aim at financing €2 billion, drawing upon different spending programmes, subject to an agreement on the next Multiannual Financial Framework.

This Project needs to be seen in the context of a wider set of strategic EU investments in new technologies that the Commission will present in March 2020 as part of its industrial strategy. They concern in particular funding for edge computing, high-performance computing/quantum computing, cyber-security, low-power processors and 6G networks. These investments are essential for the EU’s data infrastructure of the future, to equip Europe with the right infrastructures, computing power, encryption capacity and cybersecurity tools to process data.

High Impact Project: developing common European data spaces and interconnecting cloud infrastructures

Concretely, the Commission intends to fund the establishment of EU-wide common, interoperable data spaces in strategic sectors. Such spaces aim at overcoming legal and technical barriers to data sharing across organisations, by combining the necessary tools and infrastructures and addressing issues of trust, for example by way of common rules developed for the space. The spaces will include: (i) the deployment of data-sharing tools and platforms; (ii) the creation of data governance frameworks; (iii) improving the availability, quality and interoperability of data – both in domain-specific settings and across sectors. Funding will also support authorities in the Member States in making high value data sets available for re-use in the different common data spaces.

The support for data spaces will also cover data processing and computing capacities that comply with essential requirements in terms of environmental performance, security, data protection, interoperability and scalability.

With focus on the areas where EU level support has clear added value, investments may also cover the interconnection of existing computing capacities at national 47 and European level, including High Performace Computing capacities 48 , and will -where needed- bring together the capacity of data processing resources. The aim is to help common data and world class cloud infrastructures for the public good to emerge, enabling secure data storage and processing for the public sector and research institutions. Similar positive effects are expected from the interconnection with the European Open Science Cloud (EOSC) and the Data and Information Access Services (DIAS) cloud-based platform that provides access to services based on the Copernicus earth observation data.

The private sector, including notably SMEs, also needs data and cloud infrastructures and services that provide the essential features of security, sustainability, interoperability and scalability. This is essential for European businesses to benefit from a complete value chain of data generation, processing, access and re-use 49 . The investment track will bring together private actors with public support to develop common platforms offering access to a large diversity of cloud services for secure data storage and sharing as well as applications ranging from artificial intelligence to simulation, modelling, digital twins and high performance computing (HPC) resources. The platform will cover all the layers of data and computing infrastructure and services and will seize the opportunities offered by latest developments such as edge computing, the deployment of 5G and the uptake of Internet of Things across industrial sectors. It will also help develop a dynamic ecosystem for a data- and cloud-based supply industry in Europe across the value chain.

The cloud federation component of the High Impact Project will foster the gradual rebalancing between centralised data infrastructure in the cloud and highly distributed and smart data processing at the edge. Such a project should therefore interconnect emerging edge computing capacities from the start. Over time, the project should furthermore enable access to top-end high-performance computers and its integration with mainstream data processing services. This will provide a seamless computing continuum to maximize the growth and exploitation of common European data spaces for public, industrial and scientific applications.

In this context, the Commission will foster synergies between the work on European cloud federation and Member States’ initiatives such as Gaia-X 50 . This is necessary to avoid multiplication of fragmented cloud federation and data-sharing initiatives, as the success of such an initiative would depend on pan-European participation and capacity to scale. For this reason, the Commission will facilitate Memoranda of Understanding with Member States by Q3 2020, starting with those having existing cloud federation and data-sharing initiatives.

Enabling access to competitive, secure and fair European cloud services

In order to protect the rights and interests of EU companies and citizens, the Commission, with the support of the relevant authorities of the Member States, will pay particular attention to the adherence of cloud service providers operating on the EU market to EU rules (e.g. General Data Protection Regulation, Free Flow of non-personal Data Regulation and the Cybersecurity Act) and, where relevant, their envisaged implementation through self- and co-regulatory mechanisms and technological means to increase trust, such as security by design and automated compliance. Currently, no comprehensive overview of these EU rules and self-/co-regulatory schemes is available for cloud providers and users. In this context, the Commission will bring together by Q2 2022 a coherent framework around the different applicable rules (including self-regulation) for cloud services, in the form of a ‘cloud rulebook’. In a first instance, the cloud rulebook will offer a compendium of existing cloud codes of conduct and certification on security, energy efficiency, quality of service, data protection and data portability. In the area of energy efficiency earlier action will be considered.

In coherence with the cloud rulebook, the Commission will facilitate the development of common European standards and requirements for the public procurement of data processing services. This will enable the EU’s public sector at European, national, regional and local level to also become a driver of new EU data processing capacities, rather than just a beneficiary of such European infrastructures 51 .

To fully leverage this potential, additional work should be done to connect demand-side organisations in the private and public sector to the new and innovative offering of tailored data processing services, specifically at Platform-as-a-Service and Software-as-a-Service levels. The set-up of a cloud services marketplace for EU users from the private and public sector will be facilitated by the Commission by Q4 2022. The marketplace will put potential users (in particular the public sector and SMEs) in the position to select cloud processing, software and platform service offerings that comply with a number of requirements in areas like data protection, security, data portability, energy efficiency and market practice. Participation in the marketplace for service providers will be made conditional on the use of transparent and fair contract conditions, which the current market does not always provide, specifically to micro-enterprises and SME users 52 . The marketplace can facilitate public sector procurement of alternative solutions, and take-up by the public sector can support the marketplace due to its significant aggregate demand.

While a number of Member States are already developing similar marketplace initiatives at national level, the advantage of an EU-level cloud services marketplace is two-fold: first, it can resolve the current problem of market asymmetry between hyperscale global actors that often offer integrated solutions containing applications also provided by smaller (EU) players. Second, it can generate clarity about the compliance of cloud services with relevant rules. This will ensure a better match between the EU offer and demand stemming notably from public administrations, services of general public interest and SMEs.

Support progress on data technologies

The Horizon Europe programme will continue to support technologies that are crucial for the next stages of the data economy, such as privacy preserving technologies and technologies underpinning industrial and personal data spaces. Several Horizon Europe candidate partnerships, such as the partnership for Artificial intelligence, data and robotics and the European Open Science Cloud partnership, that are in preparation can help steer the investments in this area.

C.Competences: Empowering individuals, investing in skills and in SMEs

Empowering individuals with respect to their data

Individuals should be further supported in enforcing their rights with regard to the use of the data they generate. They can be empowered to be in control of their data through tools and means to decide at a granular level about what is done with their data (‘personal data spaces’). This could be supported by enhancing the portability right for individuals under Article 20 of the GDPR, giving them more control over who can access and use machine-generated data, for example through stricter requirements on interfaces for real-time data access and making machine-readable formats compulsory for data from certain products and services, e.g. data coming from smart home appliances or wearables. In addition, rules for providers of personal data apps or novel data intermediaries such as providers of personal data spaces could be considered, guaranteeing their role as a neutral broker 53 . These issues can be further explored in the context of the Data Act mentioned above. The Digital Europe programme will also support the development and roll-out of ‘personal data spaces’.

Investments in skills and general data literacy

The funding dedicated to skills under the Digital Europe programme will contribute to narrowing the gap in terms of big data and analytics capacities. The programme will make funding available to expand the digital talent pool with in the order of 250 000 people who will be able to deploy the latest technologies in businesses throughout the EU. Given the importance of data in the digital economy, many of these are likely to be related to data.

Overall, by 2025, the EU and the Member States should have halved the current gap of 1 million digital specialists, including by putting a focus on increasing the participation of women.

The idea of a network of data stewards from across data-intensive organisations (both businesses and the public sector), put forward by the expert group on Business-to-Government data sharing, will be further explored.

In terms of general data literacy, the Reinforced Skills agenda will set out a pathway showing how EU and Member State action can increase the proportion of the EU population with basic digital skills, from the current 57% to 65% by 2025.

Big data and learning analytics offer new opportunities to capture, analyse and use data to improve education and training. The updated Digital Education Action Plan will reinforce better access to and use of data as one of its key priorities, in order to make education and training institutions fit for the digital age and equip them with the capabilities needed for making better decisions and improving skills and competences.

Dedicated capacity building for SMEs

The forthcoming European SME strategy will define measures to build capacity for SMEs and start-ups. Data is an important asset in this context, since starting or scaling a company based on data is not very capital intensive. SMEs and start-ups often require legal and regulatory advice to fully capture the many opportunities ahead from data-based business models.

The Horizon Europe and Digital Europe programmes as well as the structural and investment funds will create opportunities for SMEs in the data economy, to have better access to data and to develop new services and applications based on data, inter alia through incubation schemes.

D.Common European data spaces in strategic sectors and domains of public interest

In complement to the horizontal framework, as well as to the funding and the actions on skills and empowerment of individuals under A, B and C 54 , the Commission will promote the development of common European data spaces in strategic economic sectors and domains of public interest. These sectors or domains are those where the use of data will have systemic impact on the entire ecosystem, but also on citizens.

This should lead to the availability of large pools of data in these sectors and domains, combined with the technical tools and infrastructures necessary to use and exchange data, as well as appropriate governance mechanisms. While not having a one-size-fits-all approach, common governance concepts and models can be replicated in the different sectors.

The horizontal framework will – where appropriate – be complemented by sectoral legislation for data access and use, and mechanisms for ensuring interoperability. Differences between the sectors will depend on the maturity of the discussions on and problems identified with data availability in the sector. A further relevant factor is the degree of public interest and involvement in a given sector, which may be higher in areas such as health and lower in areas such as manufacturing. The potential cross-sector use of data between sectors also needs to be taken into account. The data spaces will be developed in full compliance with data protection rules and according to the highest available cyber-security standards.

Data spaces need to be complemented by policies that stimulate the use of data and demand for services enriched with data. Work on sectoral data spaces will be complemented by sectoral measures across the data value chain.

Building on the ongoing experience with the research community with the European Open Science Cloud, the Commission will also support the establishment of the following nine common European data spaces:

·A Common European industrial (manufacturing) data space, to support the competitiveness and performance of the EU’s industry, allowing to capture the potential value of use of non-personal data in manufacturing (estimated at € 1,5 trillion by 2027).

·A Common European Green Deal data space, to use the major potential of data in support of the Green Deal priority actions on climate change, circular economy, zero-pollution, biodiversity, deforestation and compliance assurance. The “GreenData4All” and ‘Destination Earth’ (digital twin of the Earth) initiatives will cover concrete actions.

·A Common European mobility data space, to position Europe at the forefront of the development of an intelligent transport system, including connected cars as well as other modes of transport. Such data space will facilitate access, pooling and sharing of data from existing and future transport and mobility databases.

·A Common European health data space, which is essential for advances in preventing, detecting and curing diseases as well as for informed, evidence-based decisions to improve the accessibility, effectiveness and sustainability of the healthcare systems.

·A Common European financial data space, to stimulate, through enhanced data sharing, innovation, market transparency, sustainable finance, as well as access to finance for European businesses and a more integrated market.

·A Common European energy data space, to promote a stronger availability and cross-sector sharing of data, in a customer-centric, secure and trustworthy manner, as this would facilitate innovative solutions and support the decarbonisation of the energy system.

·A Common European agriculture data space, to enhance the sustainability performance and competitiveness of the agricultural sector through the processing and analysis of production and other data, allowing for precise and tailored application of production approaches at farm level.

·Common European data spaces for public administration, to improve transparency and accountability of public spending and spending quality, fighting corruption, both at EU and national level, and to address law enforcement needs and support the effective application of EU law and enable innovative ‘gov tech’, ‘reg tech’ and ‘legal tech’ applications supporting practitioners as well as other services of public interest

·A Common European skills data space, to reduce the skills mismatches between the education and training system on the one hand and the labour market needs on the other.

The annex presents in more detail each of the sector- and domain-specific common European data spaces, with background on the sector-specific policies and legislation underpinning the creation of such spaces in the different sectors and domains, and proposing sector-specific actions that are tangible, sizable, focused on data, and accompanied by a clear and realistic timeline.

The Commission may consider launching, in a sequential way, additional common European data spaces in other sectors.

6.An open, but proactive international approach

The vision of a common European data space implies an open, but assertive approach to international data flows, based on European values. Today’s European companies operate in a connected environment that goes beyond the EU’s borders, so that international data flows are indispensable for their competitiveness. Building upon the strength of the Single Market’s regulatory environment, the EU has a strong interest in leading and supporting international cooperation with regard to data, shaping global standards and creating an environment in which economic and technological development can thrive, in full compliance with EU law.

At the same time, European companies operating in some third countries are increasingly faced with unjustified barriers and digital restrictions. The EU will continue to address these unjustified obstacles to data flows in bilateral discussions and international fora – including the World Trade Organisation – while promoting and protecting European data processing rules and standards, in full compliance with EU legislation. The Commission will be particularly vigilant to protect and assert the rights, obligations and interests of Europeans and companies, in particular as regards data protection, security and fair and trustworthy market practices. The Commission is convinced that international cooperation must be based on an approach that promotes the EU’s fundamental values, including protection of privacy. The EU must ensure, therefore, that any access to EU citizen’s personal data and European commercially sensitive data is in compliance with its values and legislative framework. In that context, transfers and sharing of data between trusted countries should be promoted. As regards personal data, international transfers are done via adequacy decisions and other existing transfer tools which guarantee that the protection travels with the data no matter where the data is. Additionally, and without prejudice to the EU’s framework for the protection of personal data, free and safe flow of data should be ensured with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. This would allow the EU to have an open but assertive international data approach based on its values and strategic interests.

The Commission will continue to improve its capacity to analyse the EU’s strategic interest with regard to further facilitating international data flows. To this end, the Commission will create a European analytical framework for measuring data flows (Q4 2021). This should be a durable framework that provides the tools to conduct a continuous analysis of data flows and the economic development of the EU’s data processing sector, including a robust methodology, economic valuation and data flows collection mechanisms. It will serve to better understand patterns of data flows and centres of gravity, both within the EU and between the EU and the rest of the world, and can be a basis for adequate policy responses by the Commission, if necessary. It should also help to drive adequate investments to overcome possible infrastructure gaps preventing data flows. The Commission will therefore seek in due course cooperation with relevant financial and international organisations on the data flow measurement framework (e.g. EIB, EBRD, OECD, IMF).

The EU should take advantage of its effective data regulatory and policy framework to attract the storage and processing of data from other countries and regions, and to increase the high-value-added innovation that arises from these data spaces. Companies from around the world will be welcome to avail of the European data space, subject to compliance with applicable standards, including those developed relative to data sharing. The The Connecting Europe Facility (CEF 2) programme as well as t the new external instruments, the Neighbourhood, Development and International Cooperation Instrument and the Instrument for Pre-accession Assistance, will support the connectivity of third countries with Europe, which will in turn increase the attractivness of data interchange between the EU and the relevant partner countries.

In parallel, the EU will also actively promote its standards and its values with its partners around the world 55 . It will work in multilateral fora to fight abuses such as the disproportionate access of governments to data, for example access to personal data that is not in line with the EU’s data protection rules. In order to promote the European model around the world, the EU will work with trusted partners sharing the same standards and values, to support others who wish to give their citizens greater control over their data, in line with values they share with Europe. For instance, the EU will support Africa in creating an African data economy for the benefit of its citizens and businesses.

7.Conclusion

This Communication puts forward a European data strategy whose ambition is to enable the EU to become the most attractive, most secure and most dynamic data-agile economy in the world – empowering Europe with data to improve decisions and better the lives of all of its citizens. It enumerates a number of policy measures and investments needed to achieve this goal.

The stakes are high, since the EU’s technological future depends on whether it manages to harness its strengths and seize the opportunities offered by the ever-increasing production and use of data. A European way for handling data will ensure that more data becomes available for addressing societal challenges and for use in the economy, while respecting and promoting our European shared values.

In order to secure its digital future, the EU has to seize its window of opportunity in the data economy.

APPENDIX to the Communication ‘A European strategy for data’

Common European data spaces in in strategic sectors and domains of public interest

The Communication ‘A European strategy for data’ announces the creation of sector- and domain-specific data spaces.

This document gives additional background on the sector-specific policies and legislation underpinning the creation of such spaces in the different sectors and domains.

1.Common European industrial (manufacturing) data space

Europe has a strong industrial base, and manufacturing in particular is an area where the generation of and use of data can make a significant difference to the performance and competitiveness of European industry. A 2018 study estimated the potential value of use of non-personal data in manufacturing at € 1,5 trillion by 2027 56 .

In order to unleash this potential, the Commission will:

·Address issues related to the usage rights on co-generated industrial data (IoT data created in industrial settings), as part of a wider Data Act (Q4 2021).

·Gather key players from the manufacturing sector to agree – in a manner compliant with competition rules as well as principles of fair contracts – the conditions under which they would be ready to share their data and how to further boost data generation, notably via smart connected products (Q2 2020 onwards). Where data generated by individuals are concerned, their interests should be fully taken into account in such a process and compliance with data protection rules must be ensured.

2.Common European Green Deal data space

Europe’s Green Deal has set out the ambitious goal for Europe to become the world's first climate-neutral continent by 2050. The Commission’s Communication clearly underlines the importance of data for achieving this goal. A European green data space can exploit the major potential of data in support of the Green Deal priority actions on climate change, circular economy, zero-pollution, biodiversity, deforestation and compliance assurance.

In this context the Commission will:

·Initiate a ‘GreenData4All’ initiative. This consists in evaluating and possibly reviewing the Directive establishing an Infrastructure for Spatial Information in the EU (INSPIRE), together with the Access to Environment Information Directive (Q4 2021 or Q1 2022). It will modernise the regime in line with technological and innovation opportunities, making it easier for EU public authorities, businesses and citizens to support the transition to a greener and carbon-neutral economy, and reducing administrative burden.

·Roll out re-usable data-services on a large scale to assist in collecting, sharing, processing and analysing large volumes of data relevant for assuring compliance with environmental legislation and rules related to the priority actions set in the Green Deal.(Q4 2021)

·Establish a common European data space for smart circular applications making available the most relevant data for enabling circular value creation along supply chains. A particular focus will be concentrated at the outset on the sectors targeted by the Circular Economy Action Plan, such as the built environment, packaging, textiles, electronics, ICT and plastics. Digital ‘product passports’ will be developed, that will provide information on a product’s origin, durability, composition, reuse, repair and dismantling possibilities, and end-of-life handling. Development of architecture and governance (2020), sectoral data strategies (2021), adoption of a sustainable product policy with product passport (2021) and resource mapping and waste shipments tracking (2021).

·Initiate a pilot for early implementation of the data strategy in the context of the ‘zero pollution ambition’ to harvest the potential of an already data-rich policy domain with data on chemicals, air, water and soil emission, hazardous substances in consumer products, etc. which is underexploited and where early results can benefit consumers and the Planet directly (Q4 2021).

·Launch the ‘Destination Earth’ initiative

3.Common European mobility data space

Transport and mobility are at the forefront of the debate on data sharing, an area where the EU has many assets. This concerns the automotive sector, where connected cars critically depend on data, as well as other transport modes. Digitisation and data in all modes of transport and in logistics will be an essential component of further work on the ‘European Transport System’ and in particular in the upcoming ‘Smart and Sustainable Transport Strategy’ (Q4 2020). This will include actions in all transport sectors as well as for cross-modal data sharing logistics and passengers ecosystems.

Automotive

Today, modern vehicles generate around 25 gigabytes of data every hour and autonomous cars will generate terabytes of data that can be used for innovative mobility-related services and for repair and maintenance services. Innovation in this area requires that car data are shared, in a secure and well-framed way, in line with competition rules amongst many different economic players. The access to in-vehicle data is regulated since 2007 in the EU vehicle approval legislation 57 to ensure fair access to certain car data by independent repairers. This legislation is now being updated to take into account the increasing use of connectivity (3G-4G, so-called remote diagnostics) 58 , that the rights and interests of the car-owners generating the data are respected and compliance with data protection rules is ensured.

The full transport system

Passenger transport activity is projected to grow by 35% during 2015-2050. Freight traffic for inland modes is expected to grow faster than for passenger at 53% by 2050 59 . Digitalisation and data play an increasing role in supporting transport sustainability. Several legislative frameworks already contain data-sharing obligations, which establishes a list of datasets (including datasets concerning public transport). Moreover, the Digital Transport and Logistics Forum is working on a concept of ‘federated platforms’ to define what needs to be done at the EU level to facilitate data-sharing/re-use by connecting different public and private platforms. Furthermore, networks of national access points to make data available exist in the Member States where the data are made available with a view to serving road safety, traffic and multi-modal travel information services, with data generated by the public and the private sector. Wide availability and use of data in public transport systems has the potential to make them more efficient, green and customer friendly. Data use to improve transport systems is also a central feature of smart cities.

The Commission will:

·Review the current EU type approval legislation for motor vehicles (currently focused on wireless data sharing for repair and maintenance), to open it up to more car data based services (Q1 2021). The review will inter alia look at how data is made accessible by the car manufacturer, what procedures are necessary to obtain it in full compliance with data protection rules and the role and rights of the car owner.

·Review the Directive on harmonised river information services 60 and the Directive on Intelligent Transport Systems 61 , including its delegated regulations to further contribute to data availability, reuse and interoperability (both in 2021) and establish a stronger coordination mechanism to federate the National Access Points established under the ITS Directive through a EU wide CEF Programme Support Action (2020).

·Amend the proposal for a Regulation on the Single European Sky 62 to include new provisions on data availability and market access of data service providers in order to promote the digitalisation and automation of air traffic management (2020). This will improve safety, efficiency and capacity in air traffic.

·Review the regulatory framework for interoperable data-sharing in rail transport in 2022.

·Establish common data sets as foreseen in the Regulation on Maritime Single Window 63 and, subject to its final adoption, in the Regulation on electronic freight transport information regulations 64  (the first such act to be adopted by Q3 2021 and Q4 2022 respectively) to facilitate digital exchange and data reuse between businesses and administration.

4.Common European health data space 

The current regulatory and research models rely on access to health data, including individual level data from patients. Strengthening and extending the use and re-use of health data is critical for innovation in the healthcare sector. It also helps healthcare authorities to take evidence-based decisions to improve the accessibility, effectiveness and sustainability of the healthcare systems. It also contributes to the competitiveness of the EU’s industry. Better access to health data can significantly support the work of regulatory bodies in the healthcare system, the assessment of medical products and demonstration of their safety and efficacy.

Citizens have the right in particular to access and control their personal health data and to request their portability, but implementation of this right is fragmented. Working towards making sure that every citizen has secure access to their Electronic Health Record (EHR) and can ensure the portability of his/her data – within and across borders – will improve access to and quality of care, cost effectiveness of care delivery and contribute to the modernisation of health systems.

Citizens also need to be reassured that, once they have given consent for their data to be shared, the healthcare systems uses such data in an ethical manner and ensure that the given consent can be withdrawn at any time.

Health is an area where the EU can benefit from the data revolution, increasing the quality of healthcare, while decreasing costs. Progress will often depend on the willingness of Member States and healthcare providers to join forces and find ways to use and combine data, in a manner compliant with the GDPR, under which health data merit specific protection. While the GDPR has created a level playing field for the use of health personal data, fragmentation remains within and between Member States and the governance models for accessing data are diverse. The landscape of digital health services remains fragmented, especially when provided cross-border.

The Commission will:

·Develop sector-specific legislative or non-legislative measures for the European health data space, complementing the horizontal framework of the common data space. Take measures to strengthen citizens’ access to health data and portability of these data and tackle barriers to cross-border provision of digital health services and products. Facilitate the establishment, in accordance with Article 40 of the GDPR, of a Code of Conduct for processing of personal data in health sector. These actions will build upon an ongoing mapping of the use of personal health data in Member States and the results of the Joint Action in the context of the Health programme (2020-2023) 65 .

·Deploy the data infrastructures, tools and computing capacity for the European health data space, more specifically support the development of national electronic health records (EHRs) and interoperability of health data through the application of the Electronic Health Record Exchange Format. Scale up cross-border exchange of health data; link and use, through secure, federated repositories, specific kinds of health information, such as EHRs, genomic information (for at least 10 million people by 2025), and digital health images, in compliance with the GDPR. Enable the exchange of electronic patient summaries and ePrescriptions between 22 Member States participating in the eHealth Digital Service Infrastructure (eHDSI) by 2022; start cross-border electronic exchanges through eHDSI of medical images, laboratory results and discharge reports and enhance the virtual consultation model and registries of European Reference Networks; support big data projects promoted by the network of regulators. These actions will support prevention, diagnosis and treatment (in particular for cancer, rare diseases and common and complex diseases), research and innovation, policy-making and regulatory activities of Member States in the area of public health.

5.Common European financial data space

In the financial sector, EU legislation requires financial institutions to disclose a significant amount of data products, transactions and financial results. Moreover, the revised Payment Services Directive marks an important step towards open banking, where innovative payment services can be offered to consumers and businesses on the basis of the access to their bank account data. Going forward, enhancing data sharing would contribute to stimulating innovation as well as achieving other important policy objectives at EU level.

The Commission will set out concrete initiatives on this in its upcoming Digital Finance Strategy in Q3 2020 along the following considerations:

·The Commission will further facilitate access to public disclosures of financial data or supervisory reporting data, currently mandated by law, for example by promoting the use of common pro-competitive technical standards. This would facilitate more efficient processing of such publicly accessible data to the benefit of a number of other policies of public interest, such as enhancing access to finance for European businesses through more integrated capital markets, improving market transparency and supporting sustainable finance in the EU.

·On the basis of recent market developments on open finance, the Commission will continue to ensure full implementation of the revised Payment Services Directive and explore additional steps and initiatives building on this approach.

6.Common European energy data space

In the energy sector, several Directives establish customer access to and portability of their meter and energy consumption data on a transparent, non-discriminatory basis and in compliance with data protection law. The specific governance frameworks are to be defined at the national level. Legislation also introduced data-sharing obligations for electricity network operators. Regarding cybersecurity, work is ongoing to address energy-specific challenges, notably: real-time requirements, cascading effects and the mix of legacy technologies with smart/state-of-the-art technology .

The availability and cross-sector sharing of data, in a secure and trustworthy manner can facilitate innovative solutions and support the decarbonisation of the energy system. The Commission will address these issues as part of the smart sector integration strategy to be adopted in the second quarter of this year as announced in the Communication on the European Green Deal.

The Commission will:

·Adopt implementing act(s) 66 setting out the interoperability requirements and non-discriminatory and transparent procedures for access to data, building on existing national practices on the basis of the Electricity Directive 2019/944 (2021/2022).

·Consider actions for improving the interoperability in smart buildings and products, with a view to improve their energy efficiency, optimise local consumption and broaden the integration of renewable energy sources (Q4 2020).

7.Common European agricultural data space

Data is one key element to enhance the sustainability performance and competitiveness of the agricultural sector. Processing and analysing production data, especially in combination with other data on the supply chain and other types of data, such as earth observation or meteorological data, allows for precise and tailored application of production approaches at farm level. A code of conduct for sharing of agricultural data by contractual agreement was developed in 2018 by EU stakeholders, involving – among others – the farming as well as the machinery sector.

A common data space for agricultural data based on existing approaches towards data sharing could lead to a neutral platform for sharing and pooling agricultural data, including both private and public data. This could support the emergence of an innovative data-driven ecosystem based on fair contractual relations as well as strengthen the capacities for monitoring and implementing common policies and reducing administrative burden for government and beneficiaries. In 2019, Member States have joined forces and signed a declaration of cooperation ‘A smart and sustainable digital future for European agriculture and rural areas’ 67 , which recognises the potential of digital technologies for the agricultural sector and rural areas and supports the setting up of data spaces.

The Commission will:

·Take stock with Member States and stakeholder organisations of experiences gained with the stakeholder code of conduct on agricultural data sharing by contractual agreement, also on the basis of the current market for digital farm solutions and their requirements in terms of data availability and use (Q3/Q4 2020).

·Take stock of agricultural data spaces in current use, including funded under the Horizon 2020 programme, with stakeholders and Member State organisations and take decision on an EU approach (Q4 2020/Q1 2021).

8.Common European data spaces for public administrations

Public administrations are big producers and also users of data in different areas. The data spaces for public administrations will reflect this. Actions in this areas will focus on law and public procurement data and other areas of public interest such as data use for improving law enforcement in the EU in line with EU law, including the principle of proportionality and data protection rules.

Public procurement data are essential to improve transparency and accountability of public spending, fighting corruption and improving spending quality. Public procurement data is spread over several systems in the Member States, made available in different formats and is not easily possible to use for policy purposes in real-time. In many cases, the data quality needs to be improved.

Similarly, seamless access to and easy reuse of EU and Member State legislation, jurisprudence as well as information on e-justice services is critical not only for the effective application of EU law but also enables innovative ‘legal tech’ applications supporting practitioners (judges, public officials, corporate counsel and lawyers in private practice).

The Commission will:

·Elaborate a data initiative for public procurement data covering both the EU dimension (EU datasets, such as TED 68 ) and the national ones (Q4 2020). It will be complemented by a procurement data governance framework (Q2 2021);

·Issue guidance on common standards as well as interoperable frameworks for legal information 69 held at European and national level, in close cooperation with Member States (Q1 2021);

·work with Member States to ensure that data sources related to the implementation of the EU budget are Findable, Accessible, Interoperable and Reusable (FAIR).

9.Common European skills data space

The skills of its people are Europe’s strongest asset. In a global race for talent, the European education and training systems and labour markets need to quickly adapt to new and emerging skills needs. This requires high-quality data on qualifications, learning opportunities, jobs and the skill sets of people. Over the past years, the Commission has put in place a range of open standards, reference frameworks and semantic assets to increase data quality and interoperability 70 . As announced in the Digital Education Action Plan 71 , the Commission also developed the Europass Digital Credentials framework to issue credentials to learners in a secure and interoperable digital format.

The Commission will:

·Support Member States in the development of digital credential transformation plans and in the preparation of re-usable data-sets of qualifications and learning opportunities (2020-2022);

·Establish a governance model for the on-going management of the Europass Digital Credentials Framework in close cooperation with Member States and key stakeholders (by 2022).

10.European Open Science Cloud

In addition to the creation of nine Common European data spaces, work will continue on the European Open Science Cloud, which provides seamless access and reliable re-use of research data to European researchers, innovators, companies and citizens through a trusted and open distributed data environment and related services. The European Open Science Cloud is therefore the basis for a science, research and innovation data space that will bring together data resulting from research and deployment programmes and will be connected and fully articulated with the sectoral data spaces.

The Commission will:

·Deploy European Open Science Cloud operations to serve EU researchers by 2025; Steer the underpinning development of a stakeholder-driven EOSC governance structures, possibly in connection with the launch of the corresponding EOSC European partnership by end 2020;

·In the medium term, open up, connect and articulate EOSC beyond the research communities, with the wider public sector and the private sector from 2024 onwards.

(1)

IDC, 2018.

(2)

Gartner, 2017.

(3)

Regulation (EU) 2016/679.

(4)

Regulation (EU) 2018/1807.

(5)

Regulation (EU) 2019/881.

(6)

Directive (EU) 2019/1024.

(7)

Regulation 715/2007 as amended by Regulation 595/2009.

(8)

Payment Service Directive Directive 2015/2366.

(9)

Directive 2019/944 for electricity, Directive 2009/73/EC for gas meters.

(10)

Commission Regulation (EU) 2017/1485, Commission Regulation (EU) 2015/703.

(11)

Directive 2010/40/EU.

(12)

Directive (EU) 2019/770.

(13)

In the latter case the data are not moved to a central place in order to analyse them together with other data assets. The analytical tools come to the data, not the other way around. This makes it easier to keep the data secure and to ensure control over who accesses what data for what purposes.

(14)

For example the French ‘LOI n° 2016-1321 du 7 octobre 2016 pour une République numérique’, allowing the public sector to access certain (private sector) data of general interest or the Finnish Forest Act obliging forest owners to share information related to the management of the forest with the public sector.

(15)

 For example the Finnish law on secondary use of health and social data, creating a data permit authority.

(16)

Discussions on adapting the competition rules to make them better equipped for the data economy are for example ongoing in Germany. See also the report for the Commission on ‘Competition policy for the digital era’.

(17)

For adding legal certainty, the European Commission issued practical guidance for businesses on how to process mixed datasets in May 2019; see COM(2019)250 https://ec.europa.eu/digital-single-market/en/news/practical-guidance-businesses-how-process-mixed-datasets

(18)

Since the adoption of Directive 2003/98/EC on the re-use of public sector information.

(19)

Directive (EU) 2019/1024, repealing Directive 2003/98/EC as revised by Directive 2013/37/EU.

(20)

The European open data portal contains examples of a range of companies from across the EU that have benefited from open data, and some of them would not exist without the data availability. https://www.europeandataportal.eu/en/using-data/use-cases .

(21)

For example in new areas such as platform work.

(22)

The scope of the work on B2G does not include the use of data for law enforcement purposes. Any action in this area should comply with data protection and privacy legislation.

(23)

see here: https://ec.europa.eu/digital-single-market/news-redirect/666643 .

(24)

  https://ec.europa.eu/digital-single-market/en/news/rolling-plan-ict-standardisation .

(25)

  https://ec.europa.eu/isa2/eif_en ; see: COM(2017)134 final. 

(26)

E.g. in a recent series of workshops undertaken by the Commission on the concept of ‘common European data spaces’ https://ec.europa.eu/digital-single-market/en/news/report-european-commissions-workshops-common-european-data-spaces . 

(27)

Study on the economic detriment from unfair and unbalanced cloud computing contract terms.

(28)

  https://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises .

(29)

Cf. e.g. Cremer/deMontjoye/Schweitzer, Competition policy for the digital era; Furman, Unlocking digital competition, report for the UK government; German Datenethikkommission.

(30)

See introduction of a new Consumer Data Right in Australia, https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0 and the consultation in on data portability in Singapore.

(31)

  https://mydata.org/ ;   https://www.decodeproject.eu/ ; https://solid.mit.edu/ , https://radicalxchange.org/  

(32)

See report of German Datenethikkommission, p. 133 and Staff Working Document, p. 8.

(33)

IDC 2019.

(34)

Regulation (EU) 2019/881 – European Cybersecurity Act.

(35)

Finnish Health and Social Data Permit Authority (https://www.findata.fi/en/), French Health Data Hub ( https://www.health-data-hub.fr/ ), German Forschungsdatenzentrum ( https://www.forschungsdatenzentrum.de/en ).

(36)

The idea is not to create a body that develops new standards, but rather to be able to prioritise between existing and future standards to be developed.

(37)

See also the FAIR data principles: https://www.force11.org/group/fairgroup/fairprinciples .

(38)

For instance, the 2017 Tallinn Ministerial Declaration on e-Government calls on governments to “increase the findability, quality and technical accessibility of data in key base registers.”

(39)

A data access right should only be sector-specific and only given if a market failure in this sector is identified/can be foreseen, which competition law cannot solve. The scope of a data access right should take into account legitimate interests of the data holder and needs to respect the legal framework.

(40)

Variations of this principle apply in particular with respect to certain motor vehicle repair and maintenance information to be made accessible under Regulation 715/2007 as well as for information resulting from testing of chemicals on vertebrate animals under Regulation 1907/2006 (REACH).

(41)

Directive 96/9/EC.

(42)

Directive (EU) 2016/943.

(43)

2011/C 11/01.

(44)

  https://swipo.eu/ The approach is based on the Free flow of data regulation, Regulation (EU) 2018/1807.

(45)

  https://data.europa.eu/euodp/en/data/ .

(46)

  https://ec.europa.eu/research/openscience/index.cfm?pg=open-science-cloud . See also COM (2016) 178 final and SWD(2018)83.

(47)

Such as the French “Cloud de Confiance” initiative or the Polish Common State IT Infrastructure Programme (WIIP)

(48)

Notably the capacities supported under the EuroHPC initiative.

(49)

For example as expressed by the industry support to the German Gaia-X project.

(50)

An initiative to stimulate cloud federation from the German perspective, presented by the German government on 29 October 2019. The purpose of the project is to cater for European standards and reference architectures to create EU-based ‘virtual hyperscale providers’.

(51)

Examples of similar public procurement programmes in this area can be drawn from third countries, e.g. the American ‘FedRAMP’ government procurement program. It provides a standardised approach to security assessment, authorisation, and continuous monitoring for cloud products and services across federal agencies.

(52)

See: ‘Study on the economic detriment to SMEs arising from unfair and unbalanced cloud computing contracts’, https://ec.europa.eu/info/sites/info/files/dg_just_cloud_computing_final_report_web_final.pdf .

(53)

Secure and universally usable digital identities are also crucial to enabling individuals’ access to and control over their data.

(54)

The list of sectoral data spaces is not exhaustive and can be extended.

(55)

Following examples such as the adoption of rules modelled on the GDPR by Brazil and Kenya.

(56)

Deloitte 2018.

(57)

Regulation (EC) 715/2007.

(58)

As required by Article 61 of Regulation (EU) 2018/858.

(59)

In-depth analysis in support of Commission Communication COM(2018) 773 ‘A Clean Planet for all: A European long-term strategic vision for a prosperous, modern, competitive and climate neutral economy’.

(60)

Directive 2005/44/EC.

(61)

Directive 2010/40/EU.

(62)

 COM(2013) 410 final.

(63)

Regulation (EU) 2019/1239.

(64)

The negotiations with the co-legislators are concluded, adoption is foreseen mid-2020.

(65)

  https://ec.europa.eu/health/funding/programme_en .

(66)

Article 24 Directive (EU) 2019/944.

(67)

The declaration has been signed by 25 Member States. For further information on the declaration, see https://ec.europa.eu/digital-single-market/en/news/eu-member-states-join-forces-digitalisation-european-agriculture-and-rural-areas.

(68)

Tenders Electronic Daily.

(69)

E.g. on the use of the ELI and ECLI identifiers and on publishing law online with an official translation in order to support the further use of machine translation.

(70)

E.g. Europass Learning Model; European Qualifications Framework for lifelong learning (EQF); European Skills, Competences, Qualifications and Occupations (ESCO), Digital Competence Framework (DigComp).

(71)

COM(2018)22 final.