EUROPEAN COMMISSION

Brussels, 25.11.2020

SWD(2020) 295 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT REPORT

Accompanying the document

Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on European data governance



(Data Governance Act)

{COM(2020) 767 final} - {SEC(2020) 405 final} - {SWD(2020) 296 final}

Table of contents

1.Introduction: Political and legal context

2.Problem definition

2.1.What is the problem?

2.2.What are the problem drivers?

2.3.How will the problem evolve?

3.Why should the EU act?

3.1.Legal basis

3.2.Subsidiarity: Necessity of EU action

3.3.Subsidiarity: Added value of EU action

4.Objectives: What is to be achieved?

4.1.General objective

4.2.Specific objectives

5.What are the available policy options?

5.1.What is the baseline from which options are assessed?

5.2.Description of the policy options

5.3.Options discarded at an early stage

6.What are the impacts of the policy options?

6.1.Economic impact

6.2.Social and environmental impact

6.3.Impact on SMEs

6.4.Member States’ and stakeholders’ views

7.How do the options compare?

8.Preferred option

9.How will actual impacts be monitored and evaluated?

9.1.Monitoring of the specific objectives

9.2.Monitoring of the preferred option

Annex 1: Procedural information

1.Lead DG, Decide Planning/CWP references

2.Organisation and timing

3.Consultation of the RSB

4.Evidence, sources and quality

Annex 2: Stakeholder consultation

Annex 3: Who is affected and how?

1.Practical implications of the initiative

2.Summary of costs and benefits

Annex 4: Analytical methods

Annex 5: Subsidiarity grid

Annex 6: Governance framework in third countries

1.Introduction: Political and legal context

This Impact Assessment accompanies the proposal for a Regulation of the European Parliament and of the Council 1 on data governance. It is the first of a set of measures announced in the 2020 European Strategy for Data 2 . The instrument aims to stimulate the availability of data for use and to strengthen data governance mechanisms in the EU. It would facilitate the following situations:

·the sharing of data among businesses, against remuneration or because of other benefits they derive from sharing;

·making public sector data available for reuse, in situations where such data is subject to the rights of others 3 ;

·allowing the reuse of personal data with the help of a ‘personal data space’, designed to help individuals exercise their rights under the General Data Protection Regulation (GDPR);

·making data reusable for altruistic purposes.

1.1Technological, economic and societal context

An evolving technological landscape

In our increasingly connected world, more and more data is being generated, originating in factories or on farms, in cars or household appliances. The availability of such data is a critical enabler for data-driven innovation, including the development of more personalised and cheaper products, not least using artificial intelligence (AI) and related technologies.

Europe has missed the first wave of innovation based on data, mainly data collected from individuals over the Web 2.0. But a second wave of innovation is emerging from objects connected to the Internet-of-Things (IoT). It is expected that the volume of data produced annually in the world will grow from the 33 zettabytes in 2018 to 175 zettabytes by 2025 4 . The European Strategy for Data indicates that opportunities arise both from the increasing data volumes that are generated in fields in which the EU has a strong basis (such as manufacturing) and the changing technological landscape for data use will offer opportunities for European companies in the data economy.

The importance of data for the economy

In her 2020 State of the Union address, President von der Leyen stated that ‘A real data economy […] would be a powerful engine for innovation and new jobs.’ According to a study by the International Data Corporation (IDC) for the European Commission, the data economy was estimated to be worth over EUR 324.86 billion at the end of 2019 5 , representing 2.6% of the Gross Domestic Product (GDP) of the EU-27. The slow-down caused by the COVID crisis in 2020 is expected to be followed by a rebound.

Data is the basis for new digital products and services. It is essential for training AI systems. An example is the self-driving car: in addition to the data generated by the car itself, additional third-party data are required for this type of system to operate securely, irrespective of weather conditions, visibility or road-surface quality 6 . Moreover, the use of data drives productivity and resource efficiency gains across all sectors of the economy. Research by the Organization for Economic Cooperation and Development (OECD) suggests that companies that invest in data-driven innovation and data analytics exhibit faster productivity growth than those that do not by approximately 5% to 10% 7 .

Data is a critical resource for startups and SMEs, in particular as a business can be set up with very low initial capital. Over 99% of data supplier companies and over 98.8% of data user companies in the EU are SMEs 8 . Some 85% of new jobs created in the data economy over the last years have been created by SMEs 9 .

Some 93% of the EU executives surveyed in a recent study by McKinsey believe that better access to data would be important to their organisation (with approximately 40% designating this as very important). More than 50% would be willing to share their data if they either received access to similar data from competitors in return or were paid for the data 10 . It is important to note that the term ‘data sharing’ does not imply that all data will be available for free for all, but may include situations of data exchanged against reward.

Societal impact of data

A better use of data can lead to improvements in health and well-being, a better environment, strengthened climate action, more efficient public services and safer societies. As demonstrated during the COVID-19 crisis, data is an essential asset for tackling emergencies such as pandemics. More generally, in the health sector, data can help develop better and more personalised treatments. McKinsey estimates that data and digital technologies could lead to savings of approximately EUR 120 11 billion a year in the EU health sector.

In the mobility sector, as well as saving more than 27 million hours of public transport users’ time 12 , up to EUR 20 billion a year could be saved in labour costs of car drivers thanks, amongst others, to real-time navigation that reduces time stuck in traffic 13 . In turn, this has benefits in terms of tackling climate change, due to reduced CO2 emissions and air pollution.

Data is also at the core of the open marketplaces that facilitate the collaborative or sharing economy. An example of such marketplaces is Dawex 14 , which acts as orchestrator between data holders and data users and facilitates the exchange of data between companies and organizations. It is estimated that this saves up to 7% of household budget spending and reduces waste by 20% 15 .

1.2Political context

Already in March 2019, the European Council conclusions stated that ‘the EU needs to go further in developing a competitive, secure, inclusive and ethical digital economy with world-class connectivity. Special emphasis should be placed on access to, sharing of and use of data, on data security and on AI, in an environment of trust’ 16 .

The European Strategy for Data of 19 February 2020 responded to such political calls to strengthen Europe’s position globally by making better use of data-driven innovation. In particular, it calls for the creation of common European data spaces.

In its conclusions of 2 October 2020 17 , the European Council welcomed the data strategy. It stressed the need to make high-quality data more readily available and to promote and enable better sharing and pooling of data, as well as interoperability. It also welcomed the creation of common European data spaces in strategic sectors.

The European Strategy for Data was welcomed by the Member States in the Council Conclusions of 9 June 2020. They called on the European Commission ‘to present concrete proposals on data governance and to encourage the development of common European data spaces for strategic sectors of the industry and domains of public interest’ 18 .

In his opinion on the Data Strategy, the European Data Protection Supervisor (EDPS) underlined the political relevance of working towards common European data spaces: ‘one of the objectives of the Data Strategy should be to prove the viability and sustainability of an alternative data economy model - open, fair and democratic. Unlike the current predominant business model, characterised by unprecedented concentration of data in a handful of powerful players, as well as pervasive tracking, the European data space should serve as an example of transparency, effective accountability and proper balance between the interests of the individual data subjects and the shared interest of the society as a whole’ 19 .

As stated by President von der Leyen in her State of the Union speech, ‘Europe must now lead the way on digital – or it will have to follow the way of others, who are setting these standards for us.’ The EU must seize the opportunity of this pivotal moment and ensure that it is at the forefront of the second wave of innovation based on data. This urgency is confirmed by the COVID-19 crisis, which has demonstrated the importance of data for an effective response to a global health crisis. Effective responses can only be identified if as much evidence (data) is available as possible to test out as many hypotheses as possible.

It is also essential that the EU acts quickly because data will play a key role in the economic recovery, not least because of its importance for small and medium-sized enterprises (SMEs) and startups. The Communication ‘Europe’s moment: Repair and Prepare for the Next Generation’ 21 gives a prominent place to measures that accelerate the development of the data economy, including legislative action on data sharing and governance, which is the subject of this impact assessment.

1.3 Legal context

1.3.1 Horizontal legislation

The current initiative covers different types of data intermediaries, handling both personal and non-personal data. Therefore, the interplay with the legislation on personal data is particularly important. With the General Data Protection Regulation 22 and ePrivacy Directive 23 , the EU has put in place a solid and trusted legal framework for the protection of personal data and a standard for the world. The legislative framework for the common data spaces would work within the rules of the existing legislation on the protection of personal data. In particular, it would remain the responsibility of each party to identify the suitable legal basis for the processing of personal data within a common European data space.

The proposal will build on the mechanisms present in the existing legislation, in particular the portability right under Article 20 GDPR, that give individuals more control over how their data is used. Article 20 of the GDPR gives data subjects the right to move their data (e.g. their social media data, mobility or health data) to another service, or to allow a third party to access that data. This right has a strong potential for reuse of personal data, as identified, amongst others, in the report on competition policy and the digital era prepared for Commissioner Vestager in 2019 24 . Additionally, this right would give individuals the possibility to make some of their data, such as their mobility or health data, available for the common good, if they wish to do so.

Similarly, the initiative would not amend existing competition law provisions, and would be designed in full compliance with Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU), which prohibit anti-competitive agreements and the abuse of dominant market power, respectively.

The initiative would also be in full compliance with the EU’s international obligations, notably in the multilateral agreements in the World Trade Organisation and in its regional trade agreements.

The current proposal would complement the Directive on open data and the reuse of public sector information (Open Data Directive) 25 . The Open Data Directive deals with data for which public sector bodies have all the relevant rights. It does not, however, cover public sector data subject to the rights of others (e.g. personal data, data protected by intellectual property rights or trade secrets). Due to these third party rights, such data cannot be made available as open data, i.e. with as little usage restrictions as possible. By facilitating the secure access to such datasets, this proposal encourages the exploitation of data whose reuse is not regulated by the existing Directive. As a consequence, the Implementing Act on High-Value Datasets under the Open Data Directive, which is expected to be adopted in 2021 26 , will also be fully complementary with this initiative.

1.3.2 Sectoral legislation

Sector-specific legislation on data access is in place to address identified market failures in fields such as automotive 27 , payment service providers 28 , smart metering information 29 , electricity network data 30 , intelligent transport systems 31 and electronic freight transport information 32 . The legal instrument for the common European data spaces would support the use of data made available under such rules without altering them or creating new sectoral obligations.

1.3.3 Relationship with other planned initiatives

The current legislative initiative has logical and coherent links with the other initiatives announced in the European Strategy for Data. It aims at improving voluntary data sharing within and across common European data spaces. This would be achieved by supporting the emergence of data intermediaries that could organise data spaces as trusted third parties and provide relevant technologies. In addition, it would support the development of technical and legal standards relating to the means of the data exchange which, in turn, will enhance trust in data sharing.

The current initiative is a first step in the two-step approach announced in the European Strategy for Data. The initiative will address the urgent need to facilitate data sharing through an enabling governance framework. In a second step, the Commission will address issues about who controls or ‘owns’ the data, i.e. the material rights on who can access and use what data under which circumstances. The introduction of such rights will be examined in the context of the Data Act (2021) 33 . Diverging interests of the stakeholders and different views on what is fair in this respect make these issues subject to intense debate, which warrants taking more time.

While offering an alternative model to the data handling practices of the Big Tech platforms, the current legislative initiative is also clearly distinct from the Digital Market Act (DMA) and the Digital Services Act (DSA). The DMA, foreseen for Q4 2020, will combine two elements to ensure the proper functioning of the internal market by promoting effective competition in digital markets: (i) a set of clear-cut prohibitions and obligations to address known unfair practices of online platforms with a gatekeeping role, resulting from, among other factors, their control of large amounts of data; and (ii) a market investigation regime which would allow tackling existing and emerging market failures in digital markets, including in relation to data access and use. The DSA, also foreseen for Q4 2020, intends to clarify the responsibilities and obligations of digital services, and in particular online platforms, based on, amongst other elements, an evaluation of the e-Commerce Directive.

The interplay with the other initiatives announced in the Data Strategy is illustrated in the image below:

Overview of envisaged data actions. Source: European Commission

The European Strategy for Data also proposes the creation of sectoral data spaces in areas such as mobility and health, and announces sector-specific initiatives, including legislative action for the specific sectors. The Commission is, for example, working on a review of the current EU type approval legislation for motor vehicles. The initiative aims at ensuring fair and safe access to vehicle data and ultimately to offer better access to more services based on car data. This initiative is envisaged for 2021.

The image below shows the interplay of the horizontal framework with the sectoral initiatives.

Source: European Commission

The development of common European data spaces will be supported financially under the Digital Europe programme and the Connecting Europe Facility2. The current legislative initiative and the financing from these programmes will mutually reinforce each other.

2.Problem definition

Source: European Commission

2.1.What is the problem?

As described in Chapter 1, the economic and societal potential of data use is enormous, in terms of new products and services based on novel technologies, more efficient production, and tools for combatting societal challenges. The problem that this initiative addresses is that this potential is not realised due to limited data sharing in the EU. A number of obstacles (low trust in data sharing, issues related to the reuse of public sector data and data collection for the common good, technical obstacles) stand in the way of data sharing becoming more prevalent. These problem drivers are described in section 2.2.

The importance of data sharing

In order to leverage the value of data in the economy and society, more economic operators and organisations promoting societal interests need to be able to use data. This will include data held by others, as it is not cost-efficient if every company or organisation collects similar or even identical data in parallel to others. Digital data can be copied at virtually no cost, and can be used simultaneously by different actors for an unlimited numbers of times. These characteristics distinguish data from traditional economic resources. In order to harness such potential, more data needs to be shared among operators and organisations, including against monetary and other rewards, to have a sufficient amount of data available for innovation in the market. Given the fact that the availability of resources feeding data-driven innovation benefits the entirety of the data-driven economy in the EU, the socioeconomic benefits will positively impact all the vertical sectors directly or indirectly linked to the ever-growing EU data economy.

According to the OECD, data access and reuse could generate social and economic benefits worth up to 1.5% of GDP in the case of publicly held data, and between 1% and 2.5% of GDP when also including privately held data 34 . Data access and sharing can increase the value of data to holders (direct impact), but it can also help create 10 to 20 times more value for data users (indirect impact), and 20 to 50 times more value for the wider economy and society (induced impact) 35 .

An unfulfilled potential

Difficulties in accessing and using data held by others have been reported repeatedly. According to the OECD, ‘individuals, businesses, and governments often face barriers to data access, which may be compounded by reluctance to share’ 36 .

In the recent public online consultation on the Data Strategy, almost 80% of companies reported problems in data access. When asked about the nature of such difficulties, 72.1% of these companies reported ‘technical aspects relating to both data interoperability and transfer mechanisms’ and 43.5% the ‘impossibility to find data of the relevant quality’ (multiple choices possible). Other issues relate to outright denial of data access (65%) or prohibitive prices or other conditions (41.7%). This suggests that technical difficulties are an important barrier to data sharing.

A 2018 report by Deloitte 37 highlights the considerable potential for increasing the level of data sharing, in particular of machine-generated non-personal data, in Europe over the next decade. The report suggests that only between 43% and 58% of the potential of data sharing along a value chain is realised and only 20% and 40% of the potential of sharing between sectors 38 . The report estimates that leveraging this potential would create, in monetary terms, EUR 35 billion of value in agriculture by raising yields; reduce costs from road vehicle damage, maintenance and repairs by EUR 40 billion; and generate efficiencies in resource management and prevent drug counterfeiting in the healthcare sector, saving EUR 14 billion. It could create as much as EUR 1.3 trillion of value in manufacturing by improving productivity by 2027. The untapped potential of data sharing is confirmed by a recent study on ecosystems (focusing on health, construction and automotive and mobility) carried out by McKinsey 39 .

Why would companies and individuals share their data?

What are the incentives for companies to share their data? Direct monetisation is currently not the main reason for data sharing. Respondents to a survey conducted by the MIT Technology Review indicate that data sharing helps to obtain greater speed and visibility across supply chains, and to support faster and more innovative product development 40 . Incentives for companies to share data include increased access to data of other contributors in exchange for giving access to their own data, analytical results derived from the shared data, the availability of services such as predictive maintenance services or licence fees, as well as reduced time and costs of product marketing.

The incentive for individuals to share data can vary. It can come from the wish to contribute to research on rare diseases or to make local transport more efficient (in the case of data altruism). It can also be driven by possibilities to obtain better advice on their personal situation or more personalised or cheaper services in exchange for the use of the data.

The role of platforms in the data economy

The consumer-oriented data economy has given rise to the development of intermediaries that cover the entire value chain, from data collection (collection through websites, smartphones or connected objects such as thermostats) to storage and processing (cloud infrastructures) and services. This has led to economies of scope and scale in terms of data (i.e. the capacity to not only have large volumes of data at their disposal but also data on a variety of human activities), resulting in huge advantages in rolling out additional data-driven services, including in the field of AI.

As European industry begins to interconnect factories, suppliers and other business partners and clients, to deliver better, more personalised products in a more efficient (and thus cheaper) manner, questions related to the organisation of such data flows arise. According to many bilateral interactions with stakeholders, there is a high level of distrust in integrated tech service providers as platforms for industrial data exchange. Large players like Airbus, Siemens, GE or MAN therefore sometimes opt for creating their own platforms. However, these can be exposed to similar criticism from their business partners (notably SMEs, but also suppliers), who may be in a weaker bargaining position to determine data use by such platforms.

The current initiative thus represents an important first step in creating a new model for the data economy. This has the potential to meet new market demands and allow the EU to become more competitive in the data-driven world economy, while maintaining its data sovereignty and its full compliance with its international obligations in trade agreements. Such a model is necessary as an alternative to the current business model dominated by Big Tech platforms. It would be built on a division of functions and the development of common European data spaces as collaborative ecosystems in which data would be usable by a broader range of organisations (public and private) based on a collective governance of data sharing. These data spaces will constitute the core tissue of an interconnected and competitive data economy in the EU.

2.2.What are the problem drivers?

2.2.1. Low trust in data sharing

Based on the views expressed in the series of stakeholder consultations organised by the European Commission on data sharing, companies do not necessarily trust that, if they share data, the reuser will use it in line with the contractual agreement. For example they fear that their data could be made available to third parties.

As shown in a 2017 Commission consultation, 20% of companies do not engage in data sharing because of this fear 41 . Some companies fear that they might lose their competitive advantage within their market or in prospective markets if they engage in data sharing. The OECD also reports that this is one of the major concerns for both organisations and individuals with regard to data-sharing constellations 42 . Furthermore, in the 2020 consultation, several companies highlighted the difficulty they face when trying to access datasets of other companies, which may be reluctant to share data due to this fear 43 . For example, one insurance company explained that: ‘Companies are reluctant to share data since it is the fundamental basis of their competitive advantage. Therefore, it is critical to introduce appropriate safeguards to develop a trusted environment.’ Some emerging technologies can track and trace data use within a data ecosystem. This can improve trust, but the use of these technologies in more open ecosystems is not yet widespread 44 .

The lack of trust leads to high transaction costs, related to finding a suitable data-sharing partner; negotiating, drafting and monitoring the contract, and; developing interoperability solutions for transferring, transforming and cleaning the data 45 . This has been highlighted by stakeholders (especially SMEs) since 2017 46 . The OECD confirms that these high transaction costs might heavily affect those in a weaker position, notably individuals (consumers) and SMEs 47 .

Bringing the offer and demand for data together in new market places is a pre-requisite to solving the problem. These new market places are, however, at risk of not being able to scale up sufficiently due to the lack of sufficient trust in them. It is clear that this can happen only upon the condition of a sufficient level of trust in intermediaries for market actors to buy-in 48 . Without this, it is unlikely that they will be able to scale up.

Both existing companies and start-ups propose data marketplaces, platforms or trusts and personal data intermediaries as a means to improve findability of relevant data, lower the costs of transacting in data and propose exploitation of shared resources 49 . These data intermediaries can reduce transaction costs, for example by proposing standardised clauses in data-sharing contracts, providing a platform for data sharing, offering solutions for data interoperability, and helping data holders who may not have the necessary skills to ensure compliance with data protection law 50 . These facilitators generally aim to remain neutral in the data exchange that they accommodate, meaning that they do not accumulate data or monetise on the data exchanged 51 .

Personal data intermediaries are a specific category of data intermediaries. They seek to empower individuals to exercise their rights under data protection law and manage their own personal data 52 . Already in 2016, the EDPS highlighted the potential of these solutions 53 . The 2020 online consultation showed that close to 80% of the 201 citizens responding consider that ‘it should be made easier for individuals to give access to existing data held about them, in line with the GDPR’. In the same group of citizens, 43% considered that this could be achieved through practical solutions that allow individuals to exercise control, such as mobile and online dashboards or apps 54 .

2.2.2. Issues related to the reuse of public sector data and collecting data for the common good

Data sharing is hampered by an absence of appropriate structures and processes, notably to facilitate data altruism and the reuse of publicly held data that is subject to the rights of others.

a)Limited data-handling capacity and reuse culture in the public sector

The GDPR has increased awareness on personal data protection in companies, data subjects, the public sector and academia alike 55 . While this is a very positive development, the increased awareness is not always matched by a high level of expertise in the public sector on the rules and exceptions. The consultation supporting the review of the Public Sector Information Directive showed that public sector bodies had difficulties in managing risks related to the reuse of data subject to the rights of others, especially personal data 56 . In addition, public sector bodies have signalled 57 that dealing with requests to reuse this specific category of data represents a major issue for them, as they lack the technical and legal capacity to process these requests.

The potential value of this type of data held by the public sector (such as health data or micro-statistics) is often high for machine learning and research. The challenge is to find ways to make it possible to extract knowledge from the data, while fully preserving privacy or other rights that may be attached to the data. Technical mechanisms exist that allow controlled processing of data that is subject to the rights of others (‘safe reading rooms’). Some Member States (notably France, Finland and Germany) have established specific bodies underpinned by legislation that offer such technical mechanisms, creating secure and privacy-enhancing conditions for the reuse of such data.

In spite of these initiatives, the overall capacity of the public sector across the EU to handle these types of requests remains low, since public sector bodies are often not equipped to make the data available for use in a way that is compliant with data protection rules. At the same time, offers to public sector bodies (cities, hospitals) from large companies to collaborate on projects involving data can lead to situations in which the company gets de facto an exclusive access to the data 60 .

b)Lack of means to manage consent-based sharing of personal data at scale

Individuals are increasingly willing to share their personal data for the common good and research 61 . This is confirmed by a 2017 public consultation that gathered more than 1 400 replies, in which 81% of respondents believed that ‘sharing of health data could be beneficial to improve treatment, diagnosis and prevention of diseases across the EU’ 62 . In addition, in the 2019 Eurobarometer 63 , six in ten respondents indicated that they would be willing to securely share some of their personal information to improve public services.

Pilot initiatives for individuals to give access to 64 their data for altruistic reasons do exist. They remain, however, limited in scale. One example is a citizen-driven model of collaborative governance and management of health data called Salus Coop 65 . Other examples are the pilot projects in La Rochelle, Nantes and Lyon. Nantes has used data made available by citizens to develop an energy transition scheme for the city. La Rochelle intends to improve mobility services and public transport through insights gained from such data. Lyon aims to help socially excluded families and to simplify the life of citizens who do not speak French 66 .  During the COVID-19 crisis, the German Robert Koch Institut developed the Corona Datenspende-App, allowing individuals to provide their fitness tracker and smart watch data to help determine patterns of the spread of the virus 67 . Such opportunities were already identified in the Villani Report 68 , which recognised the potential of ‘civic data sharing’, i.e. data contributed by individuals for the benefit of public services or research.

Despite these efforts, researchers, innovators and public sector organisations lack the means to collect personal data at scale, based on the consent of the data subject or following the exercise of their right to data portability provided by the GDPR. This is confirmed by the 2020 public consultation, which showed that almost 70% of participating citizens considered there are not enough mechanisms to give their consent to the processing of their data or they simply do not know about them (18.4%). Therefore, personal data sharing for the common good remains underdeveloped and it is difficult to establish sufficiently large data pools 69 .

There are currently no clear rules and processes in place in a large majority of the Member States that address the issue of data altruism. For health data, only Denmark has already put in place a data altruism mechanism and Germany plans to roll it out in 2023, while 15 EU Member States are viewing the idea favourably 70 .

A key barrier is that there are currently no mechanisms to examine and attest whether the organisations behind such schemes are trustworthy and actually use the data for the proclaimed altruistic purposes 71 .

2.2.3 Technical obstacles to data reuse

a)Interoperability problems for data use across sectors

The 2019 workshops on common European data spaces 72 highlighted a series of issues regarding standardisation within the different sectors. For instance, in industrial and agricultural settings, data and service providers have selected architectures, ways to describe the data and data formats for their platforms, which make it difficult to exchange data.

This problem is even stronger at the cross-sectoral level. The value of data is often derived from combining datasets from diverse sources, possibly coming from different sectors. A 2018 study by Deloitte estimated that, depending on the sector, between 24% and 36% of the benefits of data sharing will come from sharing between the sectors 73 . Standards are an important tool for this to happen, both from a technical and legal point of view. However, commonly accepted standards are failing to emerge in domains where stakeholders have conflicting interests.

The OECD states that ‘one of the most frequently cited barriers to data sharing and reuse is the lack of common standards, or the proliferation of incompatible standards’ 74 . This is confirmed by the 2020 public consultation, where 91.5% of the respondents agreed that standardisation is necessary to improve interoperability and ultimately data reuse across sectors. Some 91.1% of respondents agreed that future standardisation activities need to better address the use of data across sectors of the economy or domains of society 75 .

b)Limited findability of data that is fit for a given purpose and the related uncertainty about data quality

Companies often struggle to find or obtain the data that they need. In the public online consultation on the Data Strategy, almost 80% of companies reported problems in data access. When asked about the nature of such difficulties, 43.5% of those companies signalled the ‘impossibility to find data of the relevant quality’ (multiple choices possible). 76 In the course of targeted consultation activities undertaken in 2019 77 , stakeholders confirmed that findability of data is one of the main barriers to trading data. For example, stakeholders in the environmental field stated that, while there is no shortage of environmental data, these data are not easily findable, comparable and accessible, that there is a need for harmonised standards and work on data quality, and that these issues could be addressed through the common data spaces 78 . The measurable cost of not having research data compliant with standards developed by the FAIR initiative (aiming to make research data findable, accessible, interoperable and reusable) 79 is estimated at EUR 10.2 billion per year in Europe 80 .

Next to findability or discovery of existing data, information about the quality of data is key. It allows the reuser to assess whether certain data is fit for the given purpose. This is especially important for big data analytics and AI, including machine learning, to avoid bias in the results. A low level of data quality can have particularly severe consequences in certain sensitive domains, such as health or critical infrastructures 81 . A 2018 study on data sharing between companies in Europe on behalf of the Commission confirmed the importance of data quality: 73% of the 129 companies surveyed indicated that poor or insufficient data quality hampers data sharing 82 . In the 2020 online consultation, stakeholders also signalled this problem 83 . As an example, the Netherlands Vehicle Authority (RDW) commented that: ‘The main condition to ensure the reuse of a dataset is availability in general, quality of data, quality of meta-data, findability, actuality and accuracy.’

2.3.How will the problem evolve?

According to the OECD, with the increasing use of AI and the Internet of Things (IoT) the supply of, and demand for, data will increase even in traditionally less data-intensive fields, and this to a level that very few organisations will be able to meet alone 84 . Therefore, even in the absence of EU action, the use of data and data sharing are expected to grow, but would encounter the following limitations:

1. Consolidation of market actors’ power: without measures to overcome the generalised low trust and uncertainty related to data sharing, the high transaction costs (see 2.2.1) are unlikely to change. Big Tech platforms already enjoy a high degree of market power in several digital markets. In the absence of measures, including this initiative, they could enter the data-sharing market and offer services as data intermediaries 85 without substantial competition - an evolution that some industrial players, for example in the banking sector 86 , fear. Smaller companies would then be confronted with a business dilemma of not being able to offer new data-based services or products, or of sharing data through such Big Tech platforms even if this means losing some of the value of the data to the platforms. Some stakeholders consider the significant amounts of data held by Big Tech platforms to be the single biggest barrier to entry in the digital economy 87 .

2. Full economic and societal value derived from data remains untapped: limited data availability would lead to less innovation in the EU and a slower development of AI, as underlined in the Villani Report 88 . It is likely that the public sector in some Member States would facilitate the use of data that cannot be made available as open data, while others would not, thus creating a growing gap between the Member States. Data altruism would take off through more standalone initiatives, but this would not lead to data pools of the necessary scale and cross-border dimension.

3. Lack of cross-border data-driven innovation, products and services: cross-sector standardisation efforts would be slow or could be dominated by large players who are already working across the different sectors, as indicated in the support study for this Impact Assessment 89 . Without a harmonised set of rules, Member States would continue to legislate in highly diverging ways, which would lead to an even more fragmented landscape. This would make it difficult for companies to develop pan-European products and services, and research results would not be representative for the whole of the EU.

4. Dependency on third countries: data research and the development of AI systems would move abroad 90 , where rules are less stringent. The EU could experience a brain drain of professionals, researchers and companies 91 moving their operations to third countries. The ambition to foster data infrastructures that would make Europe more autonomous, as announced in the Data Strategy, is also relevant for limiting the dependency on third countries.

3.Why should the EU act?

3.1.Legal basis

This initiative is part of the 2020 European Strategy for Data that aims to reinforce the Single Market for Data. With a growing digitalisation of the economy and society, there is a risk of Member States increasingly legislating data-related issues in an uncoordinated way, which would intensify fragmentation in the internal market. Setting up the governance structures and mechanisms that will create a coordinated approach to using data across sectors and Member States would help stakeholders in the data economy to capitalise on the scale of the internal market. This would be in full respect of the provisions on anti-competitive practices and the ban on the abuse of dominant market power, as laid out in Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU). Thus, Article 114 TFEU is identified as the relevant legal basis for this initiative.

3.2.Subsidiarity: Necessity of EU action 

In the EU, the key sectors of the economy span across borders, with the suppliers, producers and clients established in different Member States. Data flows form an intrinsic part of digital activity and mirror these EU-wide supply chains and collaborations. Any initiative aiming to organize such data flows must address the EU single market in its entirety.

Companies active in the data economy should be able to benefit from the size of the internal market by rolling out EU-wide products and services. Datasets available in individual Member States often do not have the richness and diversity to allow big data pattern detection or machine learning. In addition, data-based products and services developed in one Member State may need to be customised to the preferences of customers in another, and this requires local data. Data needs to be able to flow easily through EU-wide and cross-sector value chains, making it easier to launch a cross-border service or to replicate an existing data-based service from one Member State to another.

As they become increasingly aware of the importance of data sharing, including the reuse of data held by public sector bodies, Member States have started to legislate on different aspects of the data economy 92 . This creates a risk of legislative and administrative fragmentation. France, Germany and Finland, for example, are setting up administrative structures and processes to allow the reuse of publicly held data, the use of which is subject to the respect of rights of others. In Denmark, the Statistical Office has the role of granting permits for research to be carried out using several data sources, including smart metering information 93 . Other Member States have not taken any legislative action in this field. EU action would offer a common vision to these national endeavours and ensure that the barriers and bottlenecks which are common across the entire EU economy can be tackled in a coherent manner across the internal market.

EU-level intervention is ultimately best suited to increase the levels of data reuse across the economy, as it can lay down the elements that ensure comparable access and use conditions in all data spaces. It is unlikely that national intervention would be equally efficient.

3.3.Subsidiarity: Added value of EU action

Considering the importance of economies of scale for the development of data technologies and services, coordinated action at EU level can bring greater value to the European economy and society than action by individual Member States. A Single Market for Data would ensure that data from the public sector, businesses and citizens can be accessed and used in the most effective and responsible manner possible, while businesses and citizens keep control of the data they generate and investments made into their collection are respected. Companies would be able to market their products and services in all Member States. Companies and research organisations would advance representative scientific developments and market innovation in the EU as a whole, which is particularly important in situations where EU coordinated action is necessary, like the COVID-19 crisis.

Furthermore, only concerted action by the Member States can ensure that a European model of data sharing, with trusted data intermediaries for B2B data sharing and for personal data spaces, can take off. Mutual recognition of certification/labelling mechanisms and of a trust scheme for data altruism will make it possible to collect and use the data at the necessary scale. A ‘light touch’ enabling legislation, as proposed in this initiative, will ensure that the Member States move in the same direction and at the same speed.

In the 2020 consultation, 86.4% of the respondents agreed that data governance mechanisms are needed to capture the potential of data, in particular for cross-sector data use 94 . This shows a clear added value and relevance of EU intervention to establish a coordinated approach to data sharing.

4.Objectives: What is to be achieved?

4.1.General objective

The general objective of this intervention is to leverage the potential of data for the economy and society. This would be brought about by facilitating a higher level of data sharing across the entire EU Digital Single Market.

The economy would be boosted by increased innovation and competitiveness. Such benefits would, for example, materialise in terms of better and personalised products for customers and of important efficiency gains in industry. Society as a whole would benefit from evidence-based policies and from the availability of more data that would help to address societal challenges (e.g. combating climate change, improving healthcare systems, addressing the challenges of ageing societies across the EU).

This initiative would lay the foundations to tackle the problem drivers identified in Chapter 2, and ensure that the Member States’ actions on data are aligned. It would benefit the different common European dataspaces, by:

-increasing trust in data sharing;

-strengthening mechanisms that increase data availability;

-overcoming technical obstacles to the use of data.

The initiative would underpin a new, ‘European’ approach for data that would work as an alternative to an integrated platform model, dominated by Big Tech but potentially also by any other player with a high degree of market power. The policy interest behind the advancement of such a model is to truly empower individuals to exercise their rights under the GDPR and to give companies more control over the data that they generate and over its value.

Overview: Intervention logic. Source: European Commission

4.2.Specific objectives

4.2.1 Reinforcing trust in data sharing

Trust is a key prerequisite for data sharing. Therefore, the first specific objective of the initiative is to create trust in data sharing as such. Common European dataspaces should become environments in which businesses and individuals can trust that the data they exchange or pool is secure and processed in compliance with applicable legislation as well as with the conditions they set on the use of such data. Where such a data space is organised by a specific intermediary, businesses and individuals should be able to trust those. When businesses prefer not to make recourse to an intermediary, they would benefit from a framework composed of technical standards and their related governance (‘data-sharing schema’) as an alternative means to create trust.

Increased trust in data sharing and the citizens’ and companies’ assurance that their ‘sensitive data’ (personal data, commercially sensitive information) is processed in line with relevant legislation and the limitations they set in contractual obligations, would serve as an incentive to share the data with selected partners. Such assurances should also apply with respect to demands to access data by governmental authorities, including from third countries that do not comply with due process requirements. The considerations that are at the heart of the CJEU judgment in case C-311/18 95 (Schrems II), examining the impact of broad investigative powers of intelligence authorities and invalidating the Privacy Shield are very relevant in this context.

4.2.2 Making more public sector data available for reuse and facilitating the collection of data to be used for the common good

The second specific objective is to make more data available for reuse for businesses, in particular SMEs and start-ups, public administrations and researchers, by addressing the problems caused by mainly the lack of institutional capacities and expertise in the public sector, as well as by the lack of mechanisms for collecting data for the common good.

Actions should focus on data that could be made available for reuse by others on the basis of the existing legislative framework and where data holders could agree to this. This concerns i) data held by public sector bodies that cannot be made accessible as ‘open data’ 96 but could be used under legal and technical restrictions/processed in trusted and secure environments, and ii) data that individuals would agree to make available for reuse 97 for research, official statistics or other altruistic or innovative purposes. Targeted measures would address situations in which more technical, legal and organisational support would be necessary to make such data available.

4.2.3 Overcoming technical obstacles: improving data findability, data quality and data interoperability across sectors and countries

Interoperability of data is a precondition for using the data in different contexts. Therefore, the third specific objective is to improve data interoperability to increase data sharing across sectors, Member States and different types of organisations.

First, interoperability and generic standards could allow data to be reused across sectors and Member States more smoothly. Second, businesses, researchers and other actors should be able to easily find the data they need and ascertain that the quality of such data is fit for purpose.

Concerns about data quality affect all sorts of data-sharing situations, including for public interest purposes. This, together with the issues around interoperability, stand in the way of increasing data sharing.

5.What are the available policy options?

In Chapter 2 the following problem drivers were identified: lack of trust in data sharing, issues related to the reuse of public sector data and collecting data for the common good, and technical obstacles to data reuse.

The specific objectives defined in Chapter 4 aim to overcome these issues by: reinforcing trust in data sharing, making more data available for use in the common European data spaces, and overcoming technical obstacles.

In order to achieve the specific objectives, four intervention areas were identified:

-mechanisms to enhance the reuse of public sector data that cannot be made available as open data: these would ensure that more data from public sector databases becomes available for use in a trusted way, and would increase the findability of such data;

-measures addressing data intermediaries, both in situations of B2B and C2B data sharing: this intervention area would increase trust in data sharing;

-measures to facilitate data altruism: these would ensure that more data becomes available for the common good, and would increase trust in altruism schemes;

-mechanisms to coordinate and steer horizontal aspects of data governance: these would contribute to overcoming technical problems, in particular issues related to interoperability.

The work of the support study for this Impact Assessment was split into four separate streams, corresponding to these four intervention areas. A cost-benefit analysis and a multi-criteria analysis was carried out for each of the areas.

The study gathered evidence through case studies and workshops (on the use of data subject to the rights of others and on possible structures of data governance) as well as market research (on data intermediaries) and legal analyses (in particular on data altruism).

5.1.What is the baseline from which options are assessed?

In the baseline scenario 98 , existing horizontal EU practices such as the exchange of good practices between sectors and Member States would continue. An EU study predicts 99 that in the absence of policy and legal frameworks supporting the data economy, the value of the data economy, i.e. the overall impact of the exchange of data on the economy, would still increase from its current 2.6% of EU GDP, but only to 3.9% of EU GDP.

On a more granular level, in the baseline scenario Member States would remain free to take their own approach with regards to the reuse of data held by public bodies and the use of which is subject to the rights of others. As a result, it is uncertain whether such data would become more available for reuse for research and development purposes. More likely, the currently observed difficulties in allowing the reuse of datasets containing personal data 100 would remain unchanged. Likewise, interoperability issues across sectors and Member States would likely persist while data holders would have no incentive to ensure their data is of the highest possible quality and accuracy. Fragmentation as regards access to, and combination of, data of sufficient quality would continue. 

5.2.Description of the policy options

A number of possible policy options of different strengths can be considered. In addition to the ‘no action’ scenario, they vary from putting in place an EU-level coordination mechanism underpinned by non-binding acts to fully-fledged legislation. The legislative intervention in turn can be split into measures of lower and higher intensity, measured against the extent to which they deviate from the organisational and legal status quo. The range of options can be expressed as follows:

·Policy option 0: No horizontal action at EU level – baseline scenario

·Policy option 1: Coordination at EU level and soft regulatory measures

·Policy option 2: Regulatory intervention with low intensity

·Policy option 3: Regulatory intervention with high intensity

The measures under all policy options would be combined with investments in common European data spaces foreseen under the Digital Europe programme (DEP) and the Connecting Europe Facility 2 (CEF). More specifically, the European Commission plans to invest EUR 2 billion to foster the development of data processing infrastructures, tools, architectures and mechanisms for data sharing and to federate energy-efficient and trustworthy cloud infrastructures and related services. In particular, the Commission will co-finance technical solutions (common standards, profiles and technical specifications) for federating European cloud capacities in order to ensure portability, trust, data protection, security and interoperability. Such funding is independent from this initiative, since it will support the creation of a technical infrastructure for the development of common European data spaces, without directly affecting the legal and governance arrangements for data sharing. On the other hand, the effects and the efficiency of the spending will be augmented by the impact of the legislation, which aims at reinforcing trust in data sharing and increasing the overall amount of data being shared.

The assessment does not take into account the interplay with further legislative measures, in particular the Data Act, which will deal with the issue of fairness in data access and use, and the rights and obligations of persons and organisations on data.

5.2.1 Policy option 0: Baseline scenario - No horizontal action at EU level

In the baseline scenario, no horizontal action is taken at EU level on data governance and interoperability of common European data spaces. However, action may be taken at sectoral or Member State level.

5.2.2 Policy option 1: Coordination at EU level and soft regulatory measures only

EU coordination and soft measures have been used in the area of data sharing over the past decade, with limited impact. Under this scenario, the Commission would adopt a Recommendation or guidelines. An exchange of good practices could be organised between the Member States on an ad hoc basis. Investment actions would support the deployment of data infrastructures that can underpin the common European data spaces in specific sectors.

5.2.3 Policy options 2 and 3: Regulatory intervention with low or high intensity

Policy options 2 and 3 consider regulatory intervention of low and high intensity respectively. Both policy options have similar objectives, but may lead to a different level of impact in terms of costs, benefits and administrative burden.

Both regulatory options are presented together in the following sections in order to clarify the difference between them.

A)Mechanisms for the enhanced reuse of public sector data

This intervention would allow for more data to be made available for reuse. It builds on the experience of some Member States in the areas of statistics 101 , mobility 102 and health 103 , which have spurred further data-driven innovation in their countries 104 . The regulatory intervention would require that Member States ensure that public sector bodies set in place the organisational structures and mechanisms to enhance the use of public sector data, the reuse of which is conditional on the respect of rights of others, and which therefore cannot be made available for reuse under the Open Data Directive. This concerns public sector databases that include information on individuals or company information (e.g. information on financial systems, or on the approval of pharmaceutical drugs). Very few public sector bodies currently have mechanisms in place that allow certain types of data analyses (e.g. data mining) on such data.

The policy options considered are as follows.

·Under the low intensity option, individual public sector bodies allowing the reuse of data subject to the rights of others would need to allow such reuse in line with a set of harmonised conditions. Member States would have to establish one single entry point (one-stop shop) through which reusers can contact public registers holding the data. The one-stop shop would provide advice to reusers. Member States would have to comply with a broad obligation to have capacity and services in place to facilitate further compatible uses of the data. They would be free to decide upon the exact form of these mechanisms, taking into account differences between individual sectors.

In practice this would mean that a reuser from Member State A could contact the single entry point in country B to see how to get access to a certain type of data. The single entry point would channel the request to the relevant public sector body or bodies. These public sector bodies would receive technical and legal support for making re-use possible, but would remain responsible for the operations. Member States would have to invest in this support system.

·The high intensity option would oblige Member States to create one single data authorisation body as a central decision-making point. It would be competent to decide on all further compatible uses.

In practice this would mean that reusers would be served by a single organisation that would offer technical solutions for querying the data (e.g. safe digital reading rooms, or mechanisms to bring algorithms to the data) and would, where relevant, issue permits for data re-use. This would require national legislation to be in place underpinning the operations of the organisation, including in terms of compliance with data protection legislation. It could also imply a change in the way in which public registries are managed.

Both options would include a prohibition for exclusive arrangements for data held by the public sector and set out the conditions under which situations having de facto the effect of granting exclusive access would be lawful. This would avoid discriminatory practices, and in particular the risk that powerful players in the market get exclusive access to the data (e.g. health data) 105 . Neither option would create a right to re-use. They would both build on situations where re-use of the public data is allowed in the Member States for commercial or non-commercial purposes.

In the design of the options, a number of dimensions were considered, such as centralisation of the decision-making on who can use what type of public register data as compared to the responsibility of individual bodies, and how to assist potential reusers (other than by centralising the decision-making).

Under both options, Member States would have to ensure that these mechanisms comply with a number of harmonised, compulsory criteria that would ensure trust in the mechanisms, also across borders. Member States would be required to provide a secure data processing environment to allow innovative processing of data to which access can be granted under conditions controlled by the public sector (a ‘safe reading room for data’). Whenever data is being transferred to a reuser, assurances should be in place that ensure compliance with the GDPR and preserve the commercial confidentiality of the data. Both options would benefit from the use of the technical infrastructures and tools developed with the support of the DEP and CEF programmes to ensure interoperability between the solutions offered by Member States.

B)A certification/labelling framework for data intermediaries 

In order to lower transaction costs for data sharing or pooling within common European data spaces, businesses and/or individuals may want to have recourse to data-sharing intermediaries 106 . In light of distrust in platform business models 107 , novel service providers are emerging but with limited brand recognition. Their business model is based on transaction fees or regular subscriptions. It excludes own use of the data the exchange of which they offer to facilitate.

The emergence of data intermediaries (providers of data-sharing services), such as ‘data marketplaces’, is largely supported by stakeholders. Almost 60% of respondents to the 2020 online consultation considered that they are useful enablers in the data economy 108 . Both in reply to the online consultation and in a workshop on data intermediaries held in May 2020 109 , stakeholders mentioned that this new type of facilitator would increase opportunities for cross-sectoral innovation. They underlined the importance of the neutrality of data intermediaries as a tool for businesses’ and individuals’ data sovereignty, contrary to what has been seen until today with existing data aggregators 110 .

A certification or labelling framework would allow novel data intermediaries to increase their visibility as trustworthy organisers/orchestrators of data sharing or pooling. Legislation would define a set of core criteria that should be met by all certified/ labelled intermediaries in order to demonstrate their neutrality: absence of conflict of interest, no competition with data users (e.g. no development of own data apps in competition with others, so as to avoid any risks of self-preferencing) and commitment to not discriminate between companies that would like to offer data services (openness obligation). Two types of intermediaries would be covered by this scheme: those addressing business users and those addressing individuals (providers of ‘personal data spaces’). Furthermore, they should be able to ensure through technical and organisational measures that the data are transferred in compliance with the stated preferences of the company or individual.

The two policy options considered are as follows.

·Under the lower intensity option, labelling/certification would be voluntary for actors involved in data sharing. The awarded labels would be equally valid in all Member States.

In practice, the provision of data intermediary services remains an unregulated activity. Data intermediaries could obtain a label or certificate in order to show that their business model is in line with a series of requirements set at the EU level. The label/certificate would not be a requirement for offering data intermediary services in the EU.

·Under the higher intensity option, the certification of providers of data-sharing services would be compulsory. A compulsory scheme would ensure that all data intermediaries operating in the Union would comply with the requirements. Certification would be complementary to existing certification frameworks (e.g. under the GDPR and the Cybersecurity Act).

In practice, data intermediary services would have to comply with the requirements of the certification scheme before they would be able to start operating and offering data-sharing services. This would make data sharing a regulated activity.

Under both options, the labels/certificates could be awarded by public authorities or by private conformity assessment bodies, based on criteria developed at the European level.

Self-regulation was discarded, as a) there is no natural industry forum for this emerging market and b) it was deemed that the stakeholders involved would not be able to agree upon strict criteria of neutrality. Self-regulation would also potentially lead to the emergence of different solutions in different sectors and countries, thus increasing fragmentation. Currently there is no such self-regulatory certification scheme in place.

C)Measures facilitating data altruism

In order to address the lack of means to manage consent-based sharing of personal data and the availability of data in general, the regulatory intervention would require Member States to enable data altruism by putting in place the necessary laws and processes that allow companies and individuals to make their data available for the wider common good based on consent. As the 2020 online consultation showed, a large proportion of respondents (87%) consider that there are not sufficient mechanisms in place for altruistic data sharing, while 83.3% see the need for such enabling tools and mechanisms to be able to share their data for the common good 111 . Thus, it is the lack of tools, not of willingness, that hampers data sharing for the common good.

The two options considered are as follows.

·The lower intensity option would require that Member States have in place certification schemes for data altruism mechanisms and/or organisations offering such mechanisms. Certification would be voluntary. Certificates would be issued by private certification bodies, or by a public authority. Certification would be complementary to existing certification frameworks.

In practice, an organisation engaging in data altruism could apply for certification to show that it is a trusted intermediary (this would be voluntary). The application would be handled by a public authority or a private certification body.

·The higher intensity option would require Member States to have in place an authorisation scheme for data altruism mechanisms and/or organisations offering such mechanisms. Organisations that seek to perform activities facilitating data altruism would have to comply with the requirements and seek authorisation before launching their operations. The authorisation would be compulsory, and would be handled and issued by a designated national authority (which could be an existing body). The authorisation could be general (allowing data activities to start upon notification) or ex ante (approval by the competent authority is a prior requirement for starting the activities). The granted authorisations would be equally valid in all Member States. Member States’ authorities would monitor compliance. As such, a mandatory authorisation regime would act as a filter and an entry barrier for entities that wish to start providing such mechanisms. It would create an intervention that is of higher intensity than a voluntary certification scheme.

In practice, data altruism activities in the EU could only be carried out by organisations that have sought an authorisation from a public authority.

At the core of both options is the wish to ensure that data altruism mechanisms (operated by public sector organisations, NGOs and other private sector organisations) are truly altruistic. The scheme should prevent attempts to describe a data-sharing activity as altruistic, when in fact the consent to commercial usages is ‘hidden’ in long and hard-to-understand consent statements. Furthermore, organisations engaging in data altruism should be able to ensure through technical and organisational measures that the data are used in compliance with the stated preferences of the company or individual.

In line with the rights conferred by the GDPR, these mechanisms for data altruism would be based on consent under Article 7 GDPR and build on the portability right provided by Article 20 GDPR. In line with the GDPR, they should also provide for individuals to withdraw consent for the processing of their data.

Both options also foresee the development of a European data altruism portability and consent form similar to those existing in the field of blood, tissue and organ donation, which could be tailored to specific sectors and types of data, to be able to easily give and withdraw consent.

For the higher intensity option, only a public authorisation scheme would qualify. This would be justified given the importance of trust and the nature of acts of data altruism, where people and companies are making their data (sometimes sensitive data) available for the common good (e.g. improving traffic conditions, contributing to health research). For the lower intensity regulatory intervention, both certification by a public authority and by private conformity assessment bodies are possible. For this lower intensity intervention, the Impact Assessment study focused on certification by private conformity assessment bodies, in view of assessing the impact of two clearly contrasting options, representing the key parameters at stake.

As for the labelling/certification of data intermediaries under B), centralising the authorisation in a European body was discarded due to reasons of costs and political feasibility.

D)Mechanism to coordinate and steer horizontal aspects of governance (European Data Innovation Board)

A European Data Innovation Board would be created to coordinate efforts in Member States and at European level to support data-driven innovation, to lower transaction costs and prevent further sectoral fragmentation.

It would coordinate national efforts to make more public sector data available, play a role in the certification or labelling of trusted providers of data-sharing services and take a lead in governing standardisation and the prioritisation on standardisation around data sharing, in particular across sectors. The achievements on prioritisation would feed into the Commission’s ICT rolling plan for standardisation.

The two options considered are as follows.

·In the lower intensity option, the European Data Innovation Board would be a formal Expert Group, with a secretariat provided by the Commission. It would include among its members representatives of the sectoral data spaces and other interested parties, aiming for a balanced representation of the different sectors (avoiding duplication with existing expert groups).

It would be responsible for facilitating the exchange of national practices and policies on data altruism and the use of public data that cannot be made available as open data, and advising on the prioritisation of standards for cross-sector data reuse for the Commission’s rolling plan for ICT standardisation, and on the establishment and maintenance of a schema of standards (technical and legal) related to problems common to all data-sharing situations irrespective of a sector 112 . It would also be tasked with facilitating the exchange of national best practices on voluntary labels for trusted providers of data-sharing services. As a Commission expert group, it would include experts from authorities from each Member State. It would not interfere with the roles and powers of the Member State authorities, given that it would only advise the Commission and support it in facilitating the exchange of national practices.

In practice, the European Data Innovation Board would advise and support the Commission on matters related to data sharing, focusing on cross-sector issues.

·In the higher intensity option, the European Data Innovation Board would be a self-standing European body with legal personality, in which representation of sectoral data spaces would be ensured. It would be supported by a secretariat. In addition to the above functions, it would supervise the award process of voluntary labels and, where relevant, authorisations performed by the designated Member State authorities. In this sense, the relationship between the Board and the Member State authorities would be closer, as they would be overseen by this European level body. It would keep a register of the organisations that obtained a label or authorisation. These functions go beyond the power of a Commission expert group and can only be entrusted to an independent body.

In practice, the European Data Innovation Board would advise the Commission, but also carry out activities autonomously, including supervisory functions.

In designing the options, the possibility of setting up an informal Commission expert group was also examined. It was found that the political importance of the subject matter warrants the establishment of a formal group or a self-standing independent body. The examples that served as inspiration both for the form and the tasks of the body are either formal expert groups (e.g. European Union Ecolabelling Board) or independent bodies (e.g. European Data Protection Board - EDPB, European Union Agency for Cybersecurity - ENISA).

Bringing the required functions under the remit of the EDPB was also explored. The EDPB deals with the specific issue of personal data protection. Data sharing additionally requires expertise in competition law, and in sector-specific data access and usage regimes, as well as a technical knowledge of technical sharing mechanisms and standards. Also, the composition of the decision-making instance in the EDPB, currently composed of representatives of national data protection authorities, would need to be modified or at least complemented, which would require amending the legislative text of the GDPR. Therefore, this possibility was not discussed further.

Summary table

Policy options 2 and 3 for regulatory intervention with lower and higher intensity

Source: European Commission

Relation with sectoral initiatives: The relation between the horizontal framework and the sectoral initiatives is shown in the image at the end of Chapter 1. The horizontal framework will provide the building bricks for individual data spaces so that they can be established faster. The governance of the individual data spaces should, however, reflect the needs of the sector and the set-up of the stakeholder ecosystem and thus be defined by the sector itself and not be prescribed by the horizontal framework.

A specific data space may have its own standards (which can be either EU standards or standards devised by stakeholders). Existing governance frameworks, such as the eHealth network in the area of health, will not be affected. The European Data Innovation Board will include representatives of individual common European data spaces as they emerge. The horizontal framework would leave room for sector-specific lex specialis rules.

5.3.Options discarded at an early stage

No options were discarded from the outset.

6.What are the impacts of the policy options?

6.1.Economic impact

The Impact Assessment support study considered as the baseline the total economic value of the data economy for the EU-27 in 2020, which is EUR 325 billion (2.6% of GDP). This number takes into account a correction linked to COVID-19’s impact on the overall EU economy.

The graphs below illustrate the expected evolution, compared to the baseline scenario, of the direct economic value of data under the lower and higher intensity scenarios, as well as the preferred option of a package of lower and higher intensity interventions (see Chapter 8). The fact that the results of the top-down (based on contribution to GDP) and bottom-up (validation calculation based on cost-benefit analyses) approaches 113 are almost identical confirms the solidity of the methodology.

The graph shows the compared economic impact of the different policy packages for the indicated years. Policy package 1 includes low intensity regulatory intervention in all four areas, policy package 2 contains high intensity regulatory intervention in all areas, while policy package 3 denotes the preferred, mixed option. Source: SMART 2019/0024

In 2028, the value of the data economy would increase from EUR 533.5 billion 114 (3.87% of GDP) under the baseline scenario:

-to between EUR 540.5 and 544.0 billion if the lower intensity regulatory intervention was introduced (from 3.92% to 3.94% of GDP);

-to between EUR 542.7 and 547.3 billion if the higher intensity regulatory intervention was introduced (from 3.93% to 3.97% of GDP).

The impacts are calculated until 2025 on the basis of the value of the data economy as projected by the International Data Corporation (IDC) for the baseline. The IDC forecast projects a growth of the data economy of approx. 8% per year 115 . The IDC forecast for the growth of the EU data economy, however, ends in 2025. In order to calculate impacts beyond 2025, the support study took a conservative approach and calculated the impacts on the basis of the GDP growth rate forecast of the OECD (1.5% per year) 116 . For this reason, the impacts beyond 2025 are based on a much lower per annum growth rate.

At first sight, the gains (of between EUR 7 and EUR 10.5 billion for the lower intensity option and between EUR 9.2 and EUR 13.8 billion for the higher intensity option) seem relatively small compared to the overall size of the data economy that is taken as the baseline for the calculation. It should, however, be borne in mind that they are based on a conservative approach, focusing on the direct impact, and only to a very limited extent on the indirect impact, of the set of measures under consideration. Indeed, the calculations in the support study do not cover the full range of potential impacts of the measures on the economy and society. This also explains the large gap between the impact, as calculated in the impact assessment study, and more general studies that look at the potential of data sharing for the economy and society. Examples are the estimated EUR 1.3 trillion in increased productivity by 2027 in manufacturing through IoT data 117 , or savings of approximately EUR 120 118 billion a year in the EU health sector. Ultimately, as estimated by the OECD, the economic value of improved data sharing could amount to up to 2.5% of GDP 119 .

This broader potential should be kept in mind when assessing the effects of the measures. The initiative is a necessary first step in the process of creating common European data spaces. It can make data markets in different sectors function better by creating trust. However, the full range of benefits from the measures rely on actors in the common data spaces seizing the opportunities offered by these building blocks. The measures taken by the initiative would act as a catalyst to increase data sharing across the EU 120 . This would lead to the creation of more efficient services and new products based on data, including AI. This catalyst effect would not only benefit the data economy, but the EU economy and society as a whole.

The Commission has announced that it intends to invest EUR 2 billion in data infrastructures through the DEP and CEF programmes. These investments in the creation of a European data sharing and processing infrastructure will lower the cost for technically implementing the policy options proposed in the current instrument. At the same time the proposed legislation will reinforce the impact of the investment by increasing trust and making more data accessible. The exact effect of the envisaged investments on the different options are hard to establish, and have not been taken into account into the calculations.

The support study to this Impact Assessment shows that SMEs in particular stand to benefit from the initiative: in addition to benefits from higher interoperability, standardisation and simplified access to public sector data, they would benefit from the certification/labelling schemes. The one-off costs of certification/labelling (EUR 20 000-50 000 for a voluntary label, and EUR 35 000-75 000 for a compulsory certification) for data intermediaries would be countered by the high gains in both client base and revenue (25-50% increase) 121 .

Member States would incur costs to establish the necessary mechanisms to provide services and to carry out the different tasks, in particular in relation to the measures to facilitate the use of public sector data that cannot be available as ‘open data’. However, as outlined below, the direct economic gains alone would outweigh these costs under both scenarios 122 . Besides, Member States would recuperate a large part of the investments through fees for the different services related to reuse, and data holders would benefit from significant cost reductions.

A harmonised horizontal governance framework across the EU would create a level playing field for all the Member States. The initiative would ensure a minimum level of harmonisation across the EU, while leaving a certain leeway for the Member States in terms of how to organise public registries and authorisation mechanisms, building on existing structures. It would create certainty for data users across the EU and for those who want to make data available, and increase trust in data intermediaries and in mechanisms for making more data available for use. Even though some differences between the Member States would remain (e.g. in terms of the supply of public sector data), overall the measures would be an important step towards a more harmonised framework and the creation of a real internal market for data.

The positive impacts of the initiative are expected to be spread across the EU rather than benefiting specific countries. Data-focused start-ups are emerging across the EU, in larger and in smaller Member States. For example, in Romania and Bulgaria the share of data companies’ total revenues in 2019 as part of the total revenues of all companies was 3.5% and 3.9% respectively, which is similar to France (3.8%) 123 . Highly harmonised conditions for reuse would help reusers from all Member States, regardless of their size or economy.

6.1.1. Baseline scenario

In the absence of EU intervention, the data economy would continue to grow to an estimated EUR 533.5 billion in 2028 124 . Without an alternative European model, there would be a risk of platformisation and the hegemony of the Big Tech companies in this field. There would only be a moderate increase in data use, which would limit the capacity for productivity gains in all sectors, in particular in the traditional sectors that are currently undergoing a major paradigm shift due to data-driven innovation.

Industry-driven initiatives paired with national initiatives to support data sharing in sectors that are key to the particular Member State (e.g. industrial manufacturing in Germany and France, logistics or agriculture in the Netherlands, forestry in Finland) would emerge, but remain limited in terms of impact. Companies would remain wary of data sharing: they would either encounter significant costs in doing it themselves, or face the choice of relying on integrated tech vendors (which would have stronger negotiating power) or on start-ups (with no brand recognition and capacity to become a relevant player in facilitating data sharing).

Individuals may come across initiatives, for example driven by the research communities, asking them to make available data on altruistic grounds, but would not be provided with trusted means to do so. Similarly, researchers would be faced with uncertainty when collecting consent on this basis and would thus be more reticent to make use of this mechanism, resulting in losses in advances in science.

Overall, this would lead to a scenario in which large, integrated tech companies that have already collected large volumes of data would further strengthen their position to decide on data access. They would become centre points of additional ecosystems as they expand into new activities such as health, insurance or finance. Furthermore, they would be able to reinforce their position by acquiring additional data or start-ups that are dependent on them. This would have an impact on the quality of machine-leaning outcomes (e.g. facial recognition algorithms), and result in concerns regarding data quality and bias.

6.1.2. Coordination at EU level and soft regulatory measures

The impact of this policy option depends on the uptake of the Commission’s Recommendations or guidelines by Member States. Experience with the two existing soft law measures related to data sharing 125 shows that, due to their non-binding character, they have been taken up with different intensities and at a different pace by actors in the data economy and Member States. Therefore, this policy option would be unlikely to provide the swift and harmonised action necessary for the EU to become a key player in this emerging market. Soft measures alone cannot be relied upon to prevent the further development of regulatory divergences between Member States. Additionally, coordination at EU level would also be achieved under policy options 2 and 3.

Mechanisms to enhance the reuse of public sector data subject to the rights of others

The impacts of this policy option would rely on the willingness of Member States to set up structures (such as a one-stop shop akin to the Health Data Hub, or a single data authorisation body like Findata), which would also be subject to a set of uniform conditions. According to a workshop organised in the context of the support study, only an estimated nine to 13 Member States would likely implement such recommendations 126 . In addition, the level of ambition of such guidelines or recommendations would likely be inversely proportional to the number of Member States adopting them. Ensuring that similar requirements in relation to the use of such public sector data are available throughout the EU is a matter of legislation and cannot be achieved by soft law.

Certification/labelling framework for data intermediaries

Stakeholders interviewed in the context of the support study generally considered that this policy option would have little added value compared to the baseline scenario. Developing requirements for any label in this emerging market would be difficult as it was deemed that industry would not be able to agree upon strict criteria of neutrality. Moreover, soft measures would not guarantee a fair and representative selection of certification criteria/requirements for the various types of data intermediaries active in the EU. This policy option could lead to the adoption of different labels in the Member States and sectors and, thus, to further fragmentation.

Measures facilitating data altruism

Similarly to the baseline scenario, individuals would not have trusted means to share their data on altruistic grounds. The Commission could host expert exchanges and publish guidance to support individuals and researchers, who would also face uncertainty. Such guidance would, however, not provide sufficient assurances to consumers or researchers for concrete use-cases.

Some interviewed Member States considered that an EU-level coordination mechanism for data altruism mechanisms would reduce their workload by avoiding multiple bilateral discussions, but would not necessarily accelerate the discussions. In addition, they considered that only the Member States that are already actively pursuing data altruism mechanisms would likely participate. Private sector interviewees considered that coordination at EU level could take very long and not result in concrete action. As adoption of the measures would be voluntary, this could widen the data altruism gap between different Member States and companies.

Last, but not least, protecting individuals against data altruism mechanisms that are not truly altruistic is a matter of legislation and cannot be guaranteed by soft-law measures.

European level mechanisms for coordination of standardisation

The costs of an informal group of 10 experts participating in four 3-day meetings per year would amount to around EUR 24 000 per year. In addition, the employers of the participating experts would incur costs. The costs related to the adoption of standards would be borne by industry, as this option does not entail any mandatory standards 127 .

However, it was found that the creation of an informal expert group for governance aspects of data sharing would be unlikely to have any effects at all, due to its informal nature. Indeed, according to the study team’s estimates, it would increase the number of data users only by 0.1% 128 .

 Multi-criteria analysis

A multi-criteria analysis (see Chapter 7) was not performed for this policy option because, as indicated above, its effectiveness is limited and dependent on uptake by Member States (and hence it is not quantifiable). Furthermore, during the interviews and workshops conducted with stakeholders in the context of the support study, shortcomings were identified for each intervention area.

6.1.3. Policy option 2: Lower intensity legislation

This policy option entails the softer and less expensive options in all four intervention areas. The measures are expected to yield considerable benefits in the form of enhanced reuse of public sector data, elevated trust in data intermediaries and data altruism, as well as better coordination in the field of standardisation. Compared to the baseline scenario, it would also directly contribute to the growth of the data economy by between EUR 7 and EUR 10.5 billion in 2028 129 .

Mechanisms to enhance the reuse of public sector data subject to the rights of others – one-stop shop

Under this option, public sector bodies which grant permissions for the reuse of data subject to the rights of others would need to be technically equipped in a way that ensures that privacy and confidentiality are fully preserved. Member States would have to set up a one-stop shop for reusers and support mechanisms to provide public sector bodies with the necessary legal and technical expertise.

This option would foster trust through transparency between data reusers and data holders, as well as trust among the general public – particularly if the one-stop shop provides expert guidance to citizens on their rights under data protection laws.

Benefits to public sector bodies, researchers and businesses as reusers include:

·Time and resources saved in identifying the data holder with the desired data and in accessing already interoperable data across sectors;

·Increased fairness in access to such data, i.e. all reusers would have equal access to valuable information on how to acquire permission to re-use that data, which would likely result in an increase in such reuse;

·Access to expert guidance, potentially resulting in time and resources savings related to legal training;

·Access to data of a higher quality (since holders would have an incentive to ensure quality knowing that the data would be reused) and potentially to better tailored data (since data holders would have a clearer views of reusers’ needs).

Benefits to individual public sector bodies (as data holders) would include:

·Access to expert guidance, potentially resulting in time and resources savings related to legal training;

·Access to technical guidance on how to allow data reuse, resulting in a decreased risk of data breach and the associated costs;

·Time and resources saved by not providing, and maintaining, a secure data processing environment;

·Access to an increased amount of research resulting from a higher demand for such data – leading to better policymaking.

In order to determine and calculate the costs and benefits of this intervention area, national experiences with such mechanisms (e.g. Findata, Centre d’accès sécurisé aux données, Forschungsdatenzentren) were taken into account.

Voluntary certification/labelling scheme

Data intermediaries would bear the cost of obtaining and maintaining the certification or label as well as implementation costs to ensure compliance with the requirements. However, as this would be a purely voluntary mechanism, SMEs would not be disproportionately burdened. Data reusers might be impacted by indirect transaction and implementation costs, as the certified intermediaries might increase the user charges to cover the cost of certification.

The benefits mainly include the increased trust between actors, leading to further efficiency gains, time savings, increase of the client base and data transactions and therefore increase in revenues, allowing data intermediaries to scale up, both regarding gains in client base and revenue. As an indirect benefit, there would be a competition increase for data intermediaries in both the B2B and C2B markets 131 .

Certification/labelling would have a cumulative benefit in terms of company growth 132 . Increased trust in the market could also lead to an increase in funding, as investors would consider it safer to invest in certified companies. Data holders would have the opportunity to monetise more from data sharing while more individuals would be willing to share their personal data through the certified platforms.

Since certification would be voluntary, the positive impacts of this policy option depend on the number of data intermediaries that decide to obtain certification. Given that this is an emerging market, stakeholders indicated that they favour a voluntary scheme, as it would provide an opportunity to see what works and what does not, without disturbing data markets 133 .

The contrast between the seemingly low overall impacts and the high benefits for the individual intermediaries is justified by the narrow scope of the specific intervention measures. Even though the individual benefits are high, the total impact on the overall value of the data economy remains low.

Voluntary certification framework for data altruism services

An obligation on Member States to implement a voluntary certification scheme for data altruism mechanisms would create trust, and would result in more data being made available for the common good. As certification could be done also by public sector bodies, costs could be subsidised for certain entities depending on size, for example for an SME (if for-profit approaches are also allowed) or NGO. In addition, NGOs could receive an approximately 10% discount for authorisation. Alternatively, certification could be acquired without any fees, for free.

A certification mechanism would allow a new category of entities in the data ecosystem to flourish (e.g. data charities, data cooperatives for the common good, certification entities and the development of a new non-for-profit business opportunity for existing NGOs). It is expected that by the year 2028 there would be around 1 250 intermediaries facilitating data altruism, with around 5 million citizens and 500 companies participating in such schemes 135 . This policy option would ultimately streamline data altruism and reduce organisational, technical and legal costs in the long run.

As for the altruistic individuals and companies, this would ensure that their data is secure and the mechanism is legally compliant and resilient to cyberattacks, thereby increasing transparency of and trust in data altruism. Internationally, this could offer an opportunity for the EU to be a front-runner in privacy-enhanced and secure data altruism and to set global standards, attracting foreign researchers and innovators to the EU. The benefits of this policy option relate to providing an easy and transparent way to access data from various fields, contributing to research and development as well as improving decision-making. This only includes to a very limited extent the downstream societal benefits, such as faster research, better cures for diseases or improved mobility, due to the lack of available data to quantify this.

European Data Innovation Board as an expert group

Costs related to the creation of a formal expert group including all the Member States would stem mainly from organising and participating in the meetings as well as the related activities.

As for the benefits, traditional businesses would benefit from an increased adoption of standards by the standardisation organisations, leading to a reduction in costs for acquiring, integrating and processing data. Estimates from individual case studies show that adoption of standards for data sharing results in increased data-sharing activities. Benefits are calculated on the assumption that through interoperability made possible by standardisation, 800 companies would save 15% of EUR 50 million operational costs over 5 years 137 .

6.1.4. Policy option 3: Higher intensity legislation

As the analysis carried out in the support study shows, opting for the higher intensity regulatory intervention is expected to produce the highest costs, due to the establishment of mechanisms that would generate more expenses. However, it would also potentially create the highest net benefits. Compared to the baseline scenario, it would contribute to the growth of the data economy by between EUR 9.2 and EUR 13.8 billion in 2028 139 . For this option, the legal and political feasibility as well as its efficiency were also thoroughly considered.

A single data authorisation body in each Member State to enhance the reuse of public sector data subject to the rights of others

The costs of a single authorisation body would be higher than in policy option 2, due to the need to create a standalone body, which would perform more activities than under policy option 2. It would employ an estimated 25 FTEs once fully running, with each FTE costing approximately EUR 75 000 and requiring 1 to 2 weeks of training 140 . 

In addition to the benefits described for policy option 2, dealing with one single authorisation body would lead to substantial savings for reusers. One stakeholder estimates that not having to pre-process data from different holders would save them several days of work each time. Not having to submit separate data access applications for a given research project would save about half the overall time spent applying.

As data holders, public sector bodies would gain time and resources as a result of lower costs for data processing and management (EUR 1 253.4 million /year).

A compulsory certification/labelling framework for data intermediaries

Compared to the lower intensity policy option, costs are expected to be higher. This would make a compulsory certification/labelling framework potentially problematic for smaller data intermediaries.

The benefits of this policy option remain similar to policy option 2, with 25%-50% expected increase in revenues and client base and up to 50% business development time acceleration, which is related to the increased trust between the actors that would result from compulsory certification.

The certification could be done by a public authority or a private conformity assessment body. While setting up an accreditation process for this new field of activity for private conformity assessment bodies would be time-consuming, certification by an existing public authority could be preferable in view of a quick start of the functioning of the scheme.

Compulsory authorisation framework for data altruism services

A compulsory authorisation framework for data altruism schemes could ensure generalised trust in data altruism within society. However, the public sector would incur costs for creating a national authorisation scheme as part of the one-stop shops.

All organisations (including those that collect data for their own use as well as those that purely serve as intermediaries) would need to cover costs due to the mandatory authorisation. As authorisation would be done by public sector bodies, costs could be subsidised for certain entities depending on size, for example for an SME (if for-profit approaches are also allowed) or NGO. In addition, NGOs could receive a discount of approximately 10% for authorisation. Alternatively, authorisation could be acquired without any fees, for free.

At the same time, the benefits would be considerably higher than for policy option 2. Thanks to increased trustworthiness, security and awareness of the data altruism schemes, SMEs, NGOs and citizens would be more likely to be willing to share data. It is estimated that by 2028, there would be more than 7 million citizens and more than 700 companies taking part in data altruism, ‘donating’ their data. The authorisation and the trust it brings (regarding their compliant and trustworthy data handling and processing) would relieve citizens and companies from the burden of verifying the legitimacy of the operations and purposes of the organisations, and it would also bring a considerable benefit for these users in the form of time and effort savings. Under this policy option, benefits include an easy and transparent way to access data from various fields, contributing to research and development as well as improved decision-making 143 . As for policy option 2, the figure in the table below only includes to a limited extent the downstream societal benefits due to the lack of quantifiable data.

European Data Innovation Board as a self-standing entity

This option would help achieve the objective of increasing data sharing by facilitating the development of relevant cross-industry standards. However, as for policy option 2, its success depends on the ability to ensure the participation of companies in defining and adopting standards.

The cost of setting up and running an independent body are higher than that of a formal expert group. The budget of comparable bodies (such as the European Data Protection Board) amount to EUR 3.5 million per year, which is more than 10 times higher than that of a formal expert group. Other costs are highly variable and are difficult to estimate, such as the costs of documentation and education, guidelines, toolkits, tutorials or webinars.

Under this scenario, the benefits to traditional businesses arise from an increased adoption of standards by the standardisation organisations, and the resulting reduction in costs for acquiring, integrating and processing data. This figure in the table below is calculated on the assumption that through interoperability made possible by standardisation, 900 companies would save 15% of EUR 50 million operational costs over 5 years. This underlines the importance of interoperability. The small difference in benefits between the lower and the higher intensity regulatory intervention is explained by the marginal increase in the number of companies taking up standards: it is estimated that 800 and 900 companies would be concerned respectively for the lower and higher intensity options, as the existence of a more formal and stronger body would only marginally increase the uptake of standards by industry. The form of the mechanism enhancing standardisation would not have a decisive impact on the benefits as long as there is such a mechanism in place with the necessary industry representation.

6.2.Social and environmental impact

The study team contracted to carry out the impact assessment support study was unable to quantify the environmental and social benefits of the different policy options due to the lack of available data. However, based on their research and interviews with stakeholders, they provided a qualitative assessment of the likely impact of the different options.

6.2.1. Baseline scenario

The baseline scenario will see a slower realisation of the potential benefits of data. In the absence of coordinated EU action for the reuse of data subject to rights of others in the Member States and data altruism mechanisms, the societal and environmental benefits would be limited. Thus, the potential value of data altruism in the EU, in particular for scientific research and improved public policy and services, would not be unlocked  146 .

6.2.2. Coordination at EU level and soft regulatory measures

As mentioned above, the impact of this option is contingent upon uptake by Member States.

If all Member States decide to set up structures to facilitate the reuse of publicly held data subject to the rights of others, environmental and social benefits could be similar to those under policy options 2 and 3. However, this is unlikely to materialise.

The certification of intermediaries via an industry-driven self-regulatory certification framework may incentivise individuals to share their personal data. However, as explained above, this option is expected to have little added value as compared to the baseline.

Indirectly, the creation of an informal Expert Group could lead to new discoveries for health, environmental efficiency and other new products.

6.2.3. Policy option 2: Lower intensity legislation

The creation of measures to facilitate the reuse of publicly held data subject to the rights of others would result in positive social and environmental impacts due to the increased availability and reuse of such data.

The societal benefits of setting up a voluntary certification/labelling framework would be twofold: on the one hand, society would benefit as the potential of the European data market would be unlocked through certification, while on the other hand data flows through intermediaries serving societal purposes (i.e. health, research) would increase. 

This policy option would lead to positive societal benefits from data altruism mechanisms, from personalised medicine and treatment to finding new forms of renewable energy. The availability of data would allow researchers to gather the necessary data at the necessary scale for insights and conclusions to be representative and solid. Data altruism would also help public authorities in taking evidence-based decisions as well as improving the efficiency of their public services thanks to representative insights from individuals. Another important societal benefit is that individuals would have more opportunities to make their data available for the common good, and would be confident that reuse of the data takes place in line with EU data protection legislation. Indeed, at a more general level, the proposed measures will contribute to generate trust in data sharing, and ensure that European companies and citizens are in control of the data they generate.

Beyond the direct impacts of data sharing, these measures would indirectly benefit both society and the environment. The creation of new products and services based on data would lead to, for example, better healthcare and mobility, as well as energy savings. At the same time, more data use would lead to more energy consumption, which underlines the importance of making data processing and data centres more energy efficient, as indicated in the European Digital Strategy 147 .

6.2.4. Policy option 3: Higher intensity legislation

The environmental and societal benefits of a single data authorisation body would mirror those presented in policy option 2, as would the establishment of a compulsory certification/labelling framework.

This policy option would also create similar societal benefits to policy option 2 for data altruism. However, due to the trust in public authorisation schemes, it would increase trust and security in data altruism schemes, which may lead to more individuals making their data available for the common good.

Finally, increased data sharing would also lead to the abovementioned indirect benefits to society and the environment.

6.3.Impact on SMEs

This initiative would have an impact on SMEs, both in their capacity as data intermediaries as well as data reusers. In general, more data availability through an increase of trust in data sharing will benefit SMEs proportionally more than large organisations, as it is critical to their survival.

However, as a Commission consultation shows, 40% of SMEs 148 struggle to access the data they need to develop data-driven products and services, because of a lack of financial resources and because they do not have the power to negotiate with data holders. In the absence of EU action, SMEs would continue to suffer from the imbalance between them and large reusers that have the resources to reuse data and adapt to change. As such, SMEs are the main beneficiaries of the proposed instrument.

Many data intermediaries are SMEs. The instrument would give a boost to such SMEs and startups in the data economy. The one-off costs for certification/labelling (EUR 20 000-50 000 for a voluntary label, and EUR 35 000-75 000 for a compulsory certification) for data intermediaries and renewal costs would be countered by the high gains in both client base and revenue (25-50% increase), as well as by a higher possibility to attract investors 149 .

Conversely, a more level playing field and reduced legal uncertainty created through EU action would allow SMEs and startups to flourish in the EU data market. Taking into account the associated costs, the majority of stakeholders consulted (including SMEs) 150  agreed on the perceived benefits of such scheme (especially if certification/labelling is voluntary).

As regards the reuse of public data subject to the rights of others, businesses have to navigate through the same challenges related to finding and accessing datasets as researchers. SMEs, many of which have a business model that is based on the use of public sector data, do not always dispose of the resources and awareness needed to face these challenges, resulting in an unequal access to data that is subject to the rights of others and therefore reduced innovation and business opportunities. This impact is cumulative, since in effect larger companies are in a better position than small ones to innovate and to develop new products and services.

During a workshop organised in the context of the support study, stakeholders indicated that an industry driven self-regulatory certification framework could give big industry players a stronger role, which would potentially influence the outcome of the discussions taking place in the stakeholder forum 151 . However, at the same time, the market is not mature enough for a compulsory certification scheme, as it would likely prevent many new businesses from entering the market.

In conclusion, SMEs would benefit both as data intermediaries and as data users. As data intermediaries, they would primarily benefit from the voluntary labelling scheme. As the scheme would be voluntary, it would not pose a general market barrier. Such a voluntary framework is specifically supported by SMEs, as evidenced in the report on SME Panel Consultation 152 (end 2018-early 2019), as well as the workshop on certification/labelling in May 2020 153 . As data users, SMEs would benefit from the easier availability of more data (public, personal and non-personal). The importance of the economies of scale of data sourcing and processing would not diminish – but with easier access, and by facilitating the balance of supply and demand for such data and the value derived from it (e.g. by supporting data marketplaces), smaller companies would have better access to the value of big data.

6.4.Member States’ and stakeholders’ views

As described in Annex 2, the consultation process sought to collect the views of EU Member States and stakeholders by means of an online consultation and several workshops and meetings.

The analysis contributed to the assessment and the choice of the preferred option on the basis of the four different intervention areas. The consultation actions tried to reach out to various stakeholders from the public and the private sectors and citizens.

The public online consultation was the main consultation action targeting the citizens, and in total 201 citizens took part, all from the EU. Most of the views were aligned with those of the other stakeholders in general. They expressed strong support for the overall strategy on data and the development of common European data spaces. Their positive assessment of the initiatives on the reuse of data subject to the rights of others for research and innovation purposes, as well as on data altruism, was very strong, especially for the purpose of health-related research, as well as aspects relating to the city/municipality/region of the individuals (including mobility, environment).

These findings should be qualified by the fact that individuals would be willing to share their data for research and for the common good if the right privacy-preserving and secure conditions are put in place. This finding is in line with the result of the 2017 public online consultation 154 .

Member States were consulted both as policymakers and as data users. Regarding public authorities of the Member States, a workshop on a common European data space for the public services took place on 10 September 2019. The discussions showed that stakeholders welcome the funding of actions that would facilitate the participation of the public sector in a common European data space, cater for many flows (G2G, B2G, C2G, as well as G2B, and G2C) and span a spectrum from bulk data transfer, to moving algorithms all the way to the Once-Only-Principle. They also concluded that a data space that would allow a one-stop shop for ‘data use permits’ across the public sector, could put an end to data duplication and facilitate reuse of data by others, including the public administration itself.

In the online consultation, public authorities appeared as strong supporters of developing governance mechanisms supporting standardisation activities for interoperability purposes (especially application programming interfaces (APIs) and metadata). Even more than the rest of stakeholders, they considered that EU or national government bodies have a role to play in prioritisation and coordination of standardisation, and in the clarification of the legal rules. Finally, they appeared as strong supporters of public authorities making a broader range of data that is subject to the rights of others available for R&I purposes and for the public interest.

Industry organisations, including SMEs and business associations, agreed that the European Union needs an overarching data strategy to enable the digital transformation of the society (99% of business respondents to the 2020 online consultation). However, they are particularly affected by the problem of accessing data, highlighting technical problems (interoperability and transfer mechanisms) or simply denied access.

During the workshops conducted in 2019 on common European data spaces, feedback from representatives of the private sector showed the sectors have different levels of maturity and needs, but that there is in general a need for ensuring fair competition on data markets. In the data economy in general, one can observe big companies keeping control over large quantities of data. In the workshops, companies confirmed common data spaces should allow more data to be shared with all types of European actors (including SMEs) and across sectors, allowing new market dynamics to be created. The idea of a voluntary certification scheme for data intermediaries was supported by SMEs during the course of the workshop on certification/labelling held in May 2020 155 .

Academic and research institutions would benefit directly from the decisions on secondary use of data and data altruism, as they could considerably lower their compliance costs related to using data. Unsurprisingly, this stakeholder category agree with facilitating the reuse of data subject to the rights of others for research and innovation purposes, and support the data altruism concept. Academic and research institutions see potential for the use of such data in areas that are similar to those where citizens think their ‘donated’ data could be useful: health-related research and for aspects relating to the city/municipality/region of the individuals (including mobility, environment).

The European Data Protection Supervisor (EDPS)

On 16 June 2020 the European Data Protection Supervisor adopted Opinion 3/2020 156 on the European strategy for data. The approach of the EDPS towards the strategy in general is positive, considering that the implementation of the strategy will be an opportunity to set an example for an alternative data economy model (see complete reference in Chapter 1).

The opinion raises several practical issues that should be taken into account when moving forward with a possible legislative framework. For example, the EDPS considers that companies participating in data spaces should be subject to a ‘vetting’ process and data traceability tools and obligations could facilitate the role of data controllers when personal data are processed with a space. The EDPS also considers that the notion of data altruism and its interplay with the GDPR should be clearly defined (since it depends on the consent of the data subject and the portability right under article 20 GDPR). It underlines that exceptions for research on personal data cannot lead to a broad exemption of the scientific sector from GDPR obligations. GDPR obligations.

Inception Impact Assessment

Stakeholders also provided feedback to the Inception Impact Assessment (published on the Better Regulation Portal between 3 and 31 July 2020). The contributions reflected the replies to the online questionnaire, as well as the papers. The feedback dealt with all aspects and measures foreseen in the initiative. Most of the contributions expressed support to the initiative and contained general comments, underlying the importance of fair, transparent and non-discriminatory access to data, of voluntary data sharing (from private entities but also from individuals) and of standards and interoperability.

7.How do the options compare?

In line with the European Commission’s Better Regulation Guidelines 157 and its toolbox 158 , most importantly tool 63, the Impact Assessment study carried out a multi-criteria analysis (MCA) 159 in order to take full account of the complexity of the subject matter and the level of granularity of the analyses carried out.

As mentioned in section 6.1.2, the option of soft measures only was not analysed further as part of the multi-criteria analysis, given that such measures would not provide for a uniform structural enabling framework that is essential to achieving both the general and the specific objectives in a timely manner. Therefore, the table below contains an analysis of the lower and higher intensity regulatory interventions.

Source: European Commission, based on the support study SMART 2019/0024

Source: European Commission, based on the support study SMART 2019/0024

For efficiency, effectiveness and coherence, the scores are given on the expected magnitude of impact as explained above: ++ being strongly positive, + positive, and – negative. For legal/political feasibility and proportionality, + means that the assessment is positive, and – means that it is negative.

8.Preferred option

Based on the evidence presented above, a mixed package of lower and higher intensity regulatory interventions is the preferred option. Although, based on the cost-benefit and multi-criteria analyses, for three of the intervention areas the lower intensity option is more favourable, the higher intensity intervention for data altruism would yield higher economic and societal benefits, while incurring fewer costs.

For the enhanced reuse of public sector data, the lower intensity regulatory option would cause a one-off cost of EUR 10.6 million for the establishment of the mechanisms and the single entry point, with an annual maintenance cost of EUR 600 000 per year for Member States. This would be contrasted by the EUR 41.8 million as direct benefits, the EUR 684 million per year benefit of cost savings and the benefits to reusers in the amount of EUR 49.2 million/year. This option would be more favourable than the higher intensity regulatory intervention, which would produce EUR 21.2 million establishment and EUR 12.2 million maintenance costs for Member States, which would be partially counterbalanced by the EUR 1 253.4 million per year in cost savings and EUR 212.7 million per year in the form of revenues from application fees 160 .

For increasing trust in data intermediaries, in a voluntary certification/labelling framework would cost around EUR 20 000-50 000 to obtain the certificate/label, with an annual maintenance cost of EUR 20 000-35 000. The benefits would materialise in the form of a 25%-50% expected increase in revenues and client base and up to 50% business development time acceleration. Compared to this, a compulsory certification framework would generate an amount of EUR 35 000-75 000 one-off cost for obtaining the certificate, with a yearly EUR 20 000-50 000 as a recurrent cost for maintaining it. With the benefits very similar to the lower intensity regulatory option (25%-50% expected increase in revenues and client base and up to 50% business development time acceleration), the more favourable option would be option 2 161 . However, this option could be considered as an alternative given its structuring function for the European market for data intermediaries, which would lead to higher trust in these intermediaries.

To obtain a certificate under a voluntary certification mechanism for data altruism services would cost approximately EUR 20 000-50 000, with the recurrent costs of between EUR 20 000-35 000 for maintaining it. However, benefits would only be around EUR 22 million. A compulsory authorisation would produce a one-off cost ranging between EUR 3 420 – 10 500 to obtain the authorisation if the public sector decides to apply fees, with an annual recurrent maintenance cost of EUR 5 000. Higher trust is expected to lead to an increase in altruistic data sharing. This would create much higher benefits in the order of EUR 300 million, making it a more favourable option 162 .

The creation of the European Data Innovation Board in the form of a formal Commission expert group would trigger a yearly cost of EUR 280 000, while yielding around EUR 1 billion in benefits through standardisation. In contrast, the set-up of an independent body would cost EUR 3.5 million, more than ten times the amount for an expert group, while at the same time, benefits would remain around 1.2 billion for the year 2028 163 . Thus, the less costly expert group would achieve the same goals, with more efficiency.

Packaging the lower intensity options together with the higher intensity regulatory option for data-altruism allows for a targeted and proportional intervention, taking into account the different impacts of the individual policy options on the intervention areas, which will lead to a significant improvement over the baseline scenario. It is broadly acceptable to stakeholders and can be realistically enacted within a reasonable timeframe, which is critical given the expected value of the initiative in post COVID-19 recovery programmes.

This leads to a preferred option that is based on the following elements (schematically captured in the image at the end of this section):

·Mechanisms for enhanced reuse of certain public sector data: a lower intensity regulatory intervention would prescribe for Member States to provide services to facilitate the reuse of publicly held data that is subject to the rights of others in accordance with a set of conditions, without determining the exact institutional and administrative form.

·Certification/labelling framework for data intermediaries: the lower intensity regulatory intervention would create a voluntary certification/labelling mechanism, where the designated authorities would handle the application process and award the labels/certificates to the compliant data intermediaries.

·Measures facilitating data altruism: the higher intensity regulatory intervention would provide for a compulsory European authorisation scheme as a requirement to offering services facilitating data altruism. The processing and issuing of authorisations would be handled by designated authorities.

·European Data Innovation Board: as part of a lower intensity regulatory intervention, it would function as a formal expert group, with a secretariat provided by the Commission. Its functions would include facilitating standardisation and the enhancement of interoperability, and the facilitation of the exchange of national practices.

Source: European Commission

8.1. Estimated impact of the preferred option

164 The Impact Assessment support study indicates that, while in the baseline scenario the data economy and the economic value of data sharing are expected to grow to an estimated EUR 533.5 billion (3.87% of the GDP) by 2028, this would increase to between EUR 540.7 and EUR 544.4 billion (3.92% to 3.95% of the GDP) under the preferred option.

At the same time, this policy option would make it possible to create an alternative European model for data sharing to the current business model for Big Tech platforms, through the emergence of neutral data intermediaries. This initiative can make the difference for the data economy by creating trust in data sharing as a precondition for the development of common European data spaces, where individuals and companies are in control of the data they generate, and are comfortable with the way in which the data are used in innovative ways.

Indeed, as indicated in section 6.1, the actual impact of this initiative is likely to be far greater than the benefits that can be directly attributed to its different elements. By increasing trust in data sharing, the initiative would function as a catalyst for the data economy. It would facilitate data sharing across the EU, unleashing the power of data-based innovation and supporting the creation of new services and products and more efficiency in industry. It would also contribute to new tools for tackling societal challenges, such as climate change, and to better policymaking.

9.How will actual impacts be monitored and evaluated?

Due to the dynamic nature of the data economy, monitoring the evolution of impacts constitutes a key part of the intervention. To ensure that the selected policy measures actually deliver the intended results and to inform possible future revisions, the Commission would set up the monitoring and evaluation process described below.

The European Data Innovation Board would bring together evidence about the situation in the Member States and in the different sectors. It would compile best practice examples based on feedback from Member States on their implementation measures, and the relative strengths and weaknesses of these measures. Member States would be asked to report regularly on the efficiency and impact of the different strands of action in their data market.

This would help the Commission to closely monitor the uptake of the measures in Member States and amongst stakeholders, also in view of compliance. If necessary, the Commission would launch infringement procedures.

Through the Support Centre for Data Sharing, which is planned to be established under the DEP, evidence from stakeholders will be gathered on the market efficiency and effectiveness of measures taken under this initiative to enhance the reuse of public sector data, data altruism and a labelling scheme for data intermediaries.

The monitoring is divided into two operational parts: monitoring of the specific objectives identified in the section 4.2 and monitoring of the individual components that constitute the preferred policy option described the Chapter 8. For both parts, the tables below present operational objectives corresponding to the identified specific policy objectives/preferred option, indicators that would be used to monitor progress as well as sources of information.

9.1.Monitoring of the specific objectives

Source: European Commission (also of the table just below)

9.2.Monitoring of the preferred option

Glossary

Annex 1: Procedural information

1.Lead DG, Decide Planning/CWP references

The legislative proposal on the governance of common data spaces was prepared under the lead of the Directorate-General Communication Networks, Content and Technology. In the DECIDE Planning of the European Commission, the process is referred to under item PLAN/2020/7446. The Commission Work Programme for 2020 includes a legislative action on data, under the header “10. A European approach to AI”.

2.Organisation and timing

An Inter-Service Steering Group (ISSG) assisted DG Communication Networks, Content and Technology in the preparation of the Impact Assessment and legal proposal. It included Commission services of 18 Directorate-Generals, together with the Commission’s Legal Service and Secretariat General.

Work for the preparation of this initiative started with the design of the European Strategy on data, adopted in February 2020, which announced measures for a cross-sectoral governance framework for data access and use. Discussions were initiated during the Inter-Service Consultation in view of the strategy (January 2020). Subsequently, the ISSG contributed to the initiative preparation in March 2020 (discussion on the consultation strategy and the Inception Impact Assessment), and in July 2020 (discussion on the draft Impact Assessment).

An Inception Impact Assessment was published on 3 July 2020 and was open to feedback from all stakeholders on the Better Regulation Portal for a period of 4 weeks.

The draft Impact Assessment report and all supporting documents were submitted to the Regulatory Scrutiny Board (RSB) on 20 July, in view of a hearing on 9 September 2020. After a negative opinion, the report got improvements, mainly through the strengthening of the narrative and the clarification of the problem definition and expected impacts. The second opinion delivered by the Board on 5 October 2020 was positive with reservations. The report was further improved on the basis of the comments provided.

An Inter-Service Consultation took place, with all services that are members of the inter-service group on data, and closed on 28 October 2020.

3.Consultation of the RSB

The Impact Assessment report was reviewed by the Regulatory Scrutiny Board on 9 September 2020. Based on the Board's recommendations 165 , the Impact Assessment has been revised in accordance with the following points:

The Regulatory Scrutiny Board delivered a second opinion that was positive, provided that the following recommendations were taken into account in the report.

4.Evidence, sources and quality

Evidence-collection process

Extensive work was carried out during the previous Commission’s mandate to identify the problems that are currently preventing Europe from realising the full economic and societal potential of data-driven innovation, in particular by ensuring greater access to and use of data. This work resulted in earlier Commission policy documents 166 , the consultation of stakeholders and extensive exploratory study work 167 . The analyses have identified technical barriers (interoperability, safety and security requirements), legal obstacles (uncertainty about access and use rights in relation with the data, the costs of compliance with existing legal obligations as well as costs of licensing), organisational challenges, the difficulty to control downstream use, the fear of misappropriation and the limited availability of skilled labour.

Through an Impact Assessment support study (SMART 2019/0024), additional evidence was gathered in terms of the specific costs and benefits of the concrete elements of the instrument. These costs, benefits and burden reduction/simplification potential were identified and quantified for each of the measures proposed in the initiative (secondary use of sensitive data held by the public sector, data altruism, governance aspects of data sharing, and certification options for data intermediaries). The contractors analysed each of these elements, combining desk research with surveys, interviews and focus groups with representatives of businesses.

The findings of the EC-funded European Data Market study measuring the size and trends of the EU data economy (SMART 2016/0063) also fed into the preparation of the initiative. Based on alternative development paths driven by different macroeconomic and framework conditions, the study monitors several indicators. This included the number of data workers, data companies and their revenues, data user companies and their spending for data technologies, the market of digital products and services, the data economy and its impacts on the European economy, and medium-term forecast scenarios of all the indicators, based on alternative market trajectories.

Stakeholders' consultation process

Recent stakeholder consultation processes provided input: the 2017 public consultation on building a European data economy, the 2018 public consultation on the revision of the Directive on the reuse of public sector information, and the 2018 SME panel consultation on the B2B data sharing principles and guidance.

In addition, a series of 10 workshops on common European data spaces took place in 2019 and an additional one in May 2020. The stakeholders generally supported the creation of common European data spaces, and considered that they should provide for the clarification and harmonisation of data governance models and practices, as well as for the necessary infrastructures for the sharing of good quality and interoperable data.

Together with the adoption of the European Strategy on data, an online public consultation, targeting all stakeholders, was launched on 19 February 2020. It ran until 31 May 2020. The consultation explicitly indicated it was launched in view of preparing the current initiative, and addressed the items covered in the initiative with relevant sections and questions. The feedback on the Inception Impact Assessment also targeted all types of stakeholders, as did the Eurobarometer on the impact of digitisation.

Annex 2: Stakeholder consultation

INTRODUCTION

The stakeholders’ consultation process aimed at understanding how stakeholders consider that data governance mechanisms and structures can best maximise the social and economic benefits of data usage in the EU. This provided valuable input for the preparation of the proposal for a Regulation on the governance of common European data spaces.

The proposal also builds on past consultation actions, such as the 2017 public consultation on building a European data economy, the 2018 public consultation on the revision of the Directive on the reuse of public sector information, and the 2018 SME panel consultation on the B2B data sharing principles and guidance.

The consultation actions conducted between July 2019 and June 2020 covered general and horizontal issues, such as the design and main features of the common European data spaces, relevant data governance mechanisms, as well as more specific horizontal questions (standardisation, secondary use of data, data altruism and data intermediaries). Some consultation actions covered the specificities of sectors, and the conditions to facilitate such spaces in domains of public interest. Therefore, the consultation process targeted all types of stakeholders (Member States and public authorities, academic and research institutions, industry stakeholders/businesses including SMEs, as well as individuals) across the EU, and across sectors. Different types of stakeholders are interested in the initiative for different reasons:

·Member States are interested in the initiative from a policy perspective, given the potential of data for the economy and society. Their public authorities are directly concerned by the proposed measures on unlocking and reusing more public sector data. EU level coordination would facilitate the work of public sector bodies in streamlining how data can be used and who can access it.

·Academic and research institutions as well as researchers will directly benefit from the measures on secondary use of data and data altruism, which will considerably lower their compliance costs related to using data.

·Industry stakeholders/ businesses, including SMEs, in the different sectors (e.g. agriculture, finance/banking, energy, transport, sustainability/environment, public services, smart manufacturing and data market places) will in particular benefit from the opportunities provided by easier cross-sectoral data use. They will also be providers of data and as such need to be aware of the rules and limitations on data sharing.

·Individuals will be empowered to allow use of data related to them for the public good (e.g. people with rare or chronic diseases allowing for use of data in order to help cure or improve treatment of those diseases) (‘data altruism’) and more in general by the opportunities to get more control over their data, e.g. through personal data spaces.

The consultation actions foreseen in the Consultation Strategy, discussed in an inter-service group in March 2020, were carried out. However, due to the COVID-19 outbreak, some actions were modified (i.e. workshops turned into webinars).

Online consultation

A public online consultation was published on the day of adoption of the European strategy for data 168 (19 February 2020) and closed on 31 May 2020. The consultation explicitly indicated it was launched in view of preparing the current initiative, and addressed the items covered in the initiative with relevant sections and questions. It targeted all types of stakeholders. In addition to issues related to the governance of common European data spaces, it gathered input on the EU-wide list of high-value datasets that the Commission will draw up under the Open Data Directive, and explored issues related to cloud computing. Furthermore, it contained some generic questions on the European data strategy

In total, 806 contributions were received, of which 219 were on behalf of a company, 119 from a business association, 201 from EU citizens, 98 on behalf of academic / research institutions, and 57 from public authorities. Consumers’ voices were represented by 7 respondents, and 54 respondents were non-governmental organisations (including 2 environmental organisations). Amongst the 219 companies / business organisations, 43.4% were SMEs. Overall, 92.2% of the replies came from the EU-27. Very few respondents indicated whether their organisation had a local, regional, national or international scope.

230 position papers were submitted, either attached to questionnaire answers (210) or as stand-alone contributions (20). The papers provided different views on the topics covered by the online questionnaire, in particular in relation to the governance of common data spaces. They provided opinions on the key principles for those spaces, and expressed a high level of support for the prioritisation of standards as well as the data altruism concept. They also indicated the need for safeguards in developing measures related to data intermediaries.

Inception Impact Assessment

As foreseen by the Better Regulation guidelines, an Inception Impact Assessment was published on the Better Regulation portal on 3 July 2020, and was open for feedback for 4 weeks. It also targeted all types of stakeholders. The Commission received 107 contributions on the Better Regulation Portal 169 , mainly from businesses (35%) and associations representing businesses (29%). Other types of stakeholders participated, although in a smaller proportion: non-governmental organisations (11%), academic/research institutions (6%), consumer organisations (3%), EU citizens (2%), trade unions (2%) and others (9%). Some of these stakeholders had also contributed to the public online consultation.

Expectedly, the contributions reflected the replies to the online questionnaire, as well as the papers. Most of the contributions expressed support to the initiative and contained general comments, underlying the importance of fair, transparent and non-discriminatory access to data, of voluntary data sharing (from private entities but also from individuals) and of standards and interoperability. The feedback dealt with all aspects and measures foreseen in the initiative. Stakeholders highlighted some concerns and strong needs they have as regards access to and re-usability of data. They also indicated the need for guidance to accompany any legislation.

Other consultation actions

-Series of workshops on “common European data spaces”

In order to explore with the relevant experts the framework conditions for creating common European data spaces in the identified sectors, a series of 10 workshops was organised between July and November 2019.

Gathering in total more than 300 stakeholders, mainly from the private and the public sectors, the workshops covered different sectors (agriculture, health, finance/banking, energy, transport, sustainability/environment, public services, smart manufacturing) as well as more cross-cutting aspects (data ethics, data market places). The different DGs concerned were involved in these workshops. A report is available online .

-The latest Eurobarometer on the impact of digitisation

This general survey on the daily lives of Europeans includes questions on people’s control on and sharing of personal information. The report, published on 5 March 2020, provides information on the willingness of European citizens to share their personal information and under which conditions.

-Workshop on labels for or certification of providers of technical solutions for data exchange

Around 100 participants from businesses (including SMEs), European institutions and academia attended this webinar, on 12 May 2020. Its aim was to examine whether a labelling or certification scheme could boost the business uptake of data intermediaries by enhancing trust in the data ecosystem. A report is available online .

-BDVA Survey

The survey (May-July 2020) designed by the Big Data Value Association (BDVA) aimed to capture the current state of data-sharing practices by businesses, research institutions, governmental or non-governmental organisations. The objective was to understand the predominance of data sharing and exchange activities, the value that such practices bring to organisations and the difficulties faced by stakeholders, as well as to gather insights into what needs to be done to increase participation in data sharing, in view of the ever increasing need for greater access to data.

-The Opinion of the European Data Supervisor on the European strategy for data

On 16 June 2020, the European Data Protection Supervisor adopted Opinion 3/2020 on the European strategy for data. The approach of the EDPS towards the strategy in general is positive, considering that the implementation of the strategy will be an opportunity to set an example for an alternative data economy model.

-Position of the Member States

The European Strategy for Data was welcomed by the Member States in the Council Conclusions of 9 June 2020, specifically calling the European Commission “to present concrete proposals on data governance and to encourage the development of common European data spaces for strategic sectors of the industry and domains of public interest” 170 . On 9 July 2020, the Digital Single Market Strategic Group, composed of Member States representatives, was also presented initial ideas for the legislative framework on the common European data spaces and expressed a strong support to the improvement of data governance at EU level.

RESULTS OF THE CONSULTATION PROCESS

ØOn the challenges around data sharing

The 2017 consultation process on ‘Building a European Data Economy’ investigated the magnitude of data-sharing limitations and the relevance of measures envisaged by the Commission to foster a thriving EU data economy (synopsis report available online ). Through the online questionnaire, meetings and workshops, virtually all stakeholders confirmed that more data should be made available for reuse in B2B contexts. Most stakeholders also shared the view that the European Commission should be cautious when taking any measures to make more data available for reuse, stressing that the main issue is how to maximise and organise access to and reuse of data, rather than questions about data access rights.

On the basis of the business-to-business data-sharing principles and guidance that the Commission issued in the April 2018 data package, further consultation actions, including an online consultation (October 2018 to January 2019), provided the views of 979 SMEs (report available online ). Some 39% of responding SMEs encountered difficulties in accessing data from other companies.

The 2020 online consultation confirmed this statement, with almost 80% of the 512 respondents to the question indicating that they have encountered difficulties in using data from other companies. These difficulties relate to technical aspects (data interoperability and transfer mechanisms), denied data access, and prohibitive prices or other conditions considered unfair or prohibitive. Some companies also fear that they might lose their competitive advantage within their market or in prospective markets if they engage in data sharing. In this online consultation, some companies highlighted the reluctance of other companies to share data due to this fear, as well as more technical problems such as data quality and granularity. At the same time, the position papers received showed that many stakeholders consider that data sharing should remain voluntary.

The 2019 workshops on the common European data spaces revealed that companies often struggle to find or obtain the data that they need, including from different markets. The findability issue was also raised during the workshop on labels for/certification of providers of technical solutions for data exchanges in May 2020.

ØOn the need for common European data spaces and data governance mechanisms

Throughout the various 2019 and 2020 consultation actions, stakeholders strongly supported common European data spaces as a concept. During the 2019 workshops, they stated that common European data spaces should help to establish data governance models leading to more standardised approaches for data sharing, and should provide the necessary infrastructures, including pan-European sustainable cloud federations, for the sharing of good quality and interoperable data.

Stakeholders considered that such data spaces could become the key instance for clarifying data control rights and rules on data access and use. This particularly relates to areas where control rights are an important concern because of sensitive data at stake (e.g. health), or because of existing competition between the different actors within these sectors (e.g. agriculture, transport, energy). In the workshops and in the position papers several stakeholders expressed the concern that Big Tech platforms could move into their sectors, and would get an undue advantage based on the use of data.

The results of the online consultation, conducted from February to May 2020, confirmed those trends. From the 772 respondents to the question, 90% considered that data governance mechanisms are needed to capture the enormous potential of data, in particular for cross-sector data use, and 86% supported the development of common European data spaces in strategic industrial sectors and domains of public interest. In the papers received, stakeholders described in more detail the key principles that they consider should underpin the data spaces: open to all/ non-discriminatory, voluntary, preserving ‘sovereignty’ of the data provider, agile, decentralised, based on trust and transparency, ethical framework, human-centric, industry-led and inclusive, accountable. They indicated that any legislation should be accompanied by clear guidance, and that an EU level coordination body should be established to maximise the benefits of data.

From the 554 respondents to the question, 91% of stakeholders considered standardisation to be necessary, in view of improving interoperability and ultimately data reuse across sectors. Only a very small share (1,6%) of all respondents considered that EU or national government bodies should take no role in standardisation. Public funding was considered necessary to open standards and for testing, and EU and national bodies are expected to take an active role in the prioritisation and coordination of standardisation needs, as well as the creation and updating of standards.

The papers received provided additional input: whereas many stakeholders consider that interoperability (both legal and technical) is a key challenge for EU businesses, there are concerns that the implementation costs will unfairly impact SMEs and may ultimately fall on consumers. They explained that standards should be market-led and global, building on existing standards (e.g. ISO), and that the role of the EU is to coordinate the prioritisation of standards and ensure that they are not imposed by big market players.

The 2019 workshops also revealed that interoperability and data quality issues could be addressed through the common data spaces. For instance, in the workshop on labels for or certification of providers of technical solutions for data exchange, it was highlighted that an obligation for interoperability with other providers of data-sharing services would be difficult to certify in the absence of standards for interoperability. Participants in various workshops also stated that there is a need for a structured prioritisation of standards on data, especially in view of increasing the opportunities for cross-sectoral reuse.

ØOn the secondary use of public sector data

On enhancing the secondary use of public sector data that is subject to rights of others (personal data, trade secrets and other commercially confidential data), the Commission has interacted with national organisations that have set up technical mechanisms allowing controlled processing of such data, for instance in the fields of statistics (Germany), mobility (Finland) and health (France). This provided a better understanding of how privacy-preserving technologies can help to allow the extraction of certain insights from the data under controlled conditions while preserving information privacy.

In the online consultation question about making a broader range of ‘sensitive’ public sector data available for R&I purposes for the public interest, more than three quarters of respondents to the question considered that public authorities should do more, especially mentioning the anonymisation of specific data for concrete use-cases, and the clarification of the legal rules. Unsurprisingly, the vast majority (87%) of respondents from academic and research organisations agreed on the need to facilitate the reuse of sensitive data for research and innovation purposes. In open questions, stakeholders also suggested that public authorities should support the adoption of private portals for the reuse of data, enabling third party trust and quality services. Sensitive data needs robust governance and can benefit from third parties as gatekeepers. In particular regarding health data, research ethics committees or ethics review boards should be involved.

Papers received confirmed that stakeholders consider that public authorities should do more to make data that is subject to the rights of others available for reuse for R&I purposes, but this should be strictly regulated. Decisions to allow reuse should be based on the public interest (which needs to be defined) and use-case specific risk assessment. Anonymization is important, but it could prevent the data from being reusable. Transparency is essential (how the data will be shared, processed, etc.). Data made available should follow a minimization principle (i.e. defined temporal scope and sensitive data should only be made available when needed).

The European Data Protection Supervisor underlined in his Opinion that the contours of scientific research versus commercial innovation are not clear-cut. Therefore, exceptions for research on personal data cannot lead to a broad exemption of the scientific sector from GDPR obligations.

ØOn data altruism

In a workshop organised on 24 May 2019, experts discussed issues related to data donation in healthcare. A number of experts questioned the use of the term ‘data donation’, as it could suggest an irreversible process and could presuppose ‘data ownership’ (as a result, this initiative now uses the term ‘data altruism’). However, according to the GDPR, consent by data subjects to processing of personal data pertaining to them can be withdrawn at any time, including when such processing is based on altruistic motivations of the data subject. Experts also suggested that better support structures and services are needed for data altruism to become widely accepted and used, including interoperability and standards. More success stories and good practices (e.g. models and incentives for data altruism) are also needed to improve understanding of the governance and support requirements.

In the online consultation, a large proportion of respondents considered that law and technology should enable citizens to make available their data for the public interest, without any direct reward. Citizens, particularly, would be willing to make such data available, especially for health-related research and for aspects relating to the locality they live in (e.g. mobility, environment). More than 60% of all respondents considered that there are no sufficient tools and mechanisms to ‘donate’ their data. On the mechanisms to support ‘data altruism’, respondents favoured a European approach to obtaining consent, in compliance with the GDPR as well as the establishment of technical infrastructures such as personal data intermediaries (see below) and information campaigns. In open questions, stakeholders suggested more supporting mechanisms (model contractual clauses or data sharing agreements; mechanisms (e.g. blockchain) to ensure data chain of custody in order to capture where and how the data was used; information and transparency ensured by the public sector with regard to the protection of "contributed" data, e.g. the use of technical safeguards such as pseudonymisation).

The papers received confirmed the high level of support for putting individuals in control of their own data: solutions are needed to reconcile privacy rights with the use of data for the common good. Trust is key, and a clear legal basis defining how individuals can make data available for altruistic purposes in full compliance with the GDPR would be welcome. Transparency is also critical: the individual should know what their data is being used for. Individuals should not be ‘nudged’ into sharing more data than they normally would by labelling such sharing ‘data altruism’. Individuals should remain free not to ‘donate’. The term ‘altruism’ was sometimes considered misleading. Lack of representativeness could be an issue. Finally, several stakeholders considered that personal data should not be monetised.

In its Opinion, the EDPS made the comment that the GDPR already provides principles and rules on consent, hence giving the possibility for the ‘data altruism’ concept. Therefore, the initiative should clearly define the scope, including various purposes.

ØOn data intermediaries

In the online consultation, almost 60% of respondents to this section considered that emerging novel intermediaries, such as ‘data marketplaces’, are useful enablers to the data economy, while almost 22% don’t know or remain neutral to the question. In open questions and papers received, stakeholders confirmed such intermediaries play an important role in providing fluidity of the data economy, but said a strict accountability framework is needed. A data intermediary could verify the connected datasets of a particular individual, which would increase the reliability and therefore relevance of the data for the recipient. However, an intermediary also adds additional contracts and costs.

Some stakeholders indicated that a uniform and binding definition of data trustee systems should be created and corresponding specifications for certification processes should be developed. There is also the view that the EU should support the development of data platforms and marketplaces allowing private and public sectors alike to sell, trade and access quality datasets.

A workshop organised on “labels for or certification of providers of technical solutions for data exchange” in May 2020 showed strong interest in the topic with almost 100 participants. Participants were mostly companies or initiatives active in the field of data intermediation or sharing both in B2B situations and supporting individuals (personal information management services). They stressed the importance of trust in data sharing and explored mechanisms for creation of such trust, namely neutral data intermediation services but also trust frameworks or data sharing ‘schemas’ that would lay down relevant technical and legal rules to be respected in data sharing situations. This could ensure ‘data sovereignty’ by businesses in data-sharing situations and empowerment of individuals with respect to use of their data.

Conclusion: consideration of stakeholders’ feedback in the impact assessment

The consultation of stakeholders on the general issues of data sharing (obstacles across borders and sectors, and possible solutions at EU level for enhancing data sharing) has been an ongoing process from 2017 onwards. The concept of common European data spaces has been explored for the preparation of the European strategy for data, notably with workshops of horizontal and sectoral nature held in 2019 and 2020. These results were completed with input from all stakeholders on more technical questions such as governance mechanisms or standardisation, as well as input on specific types of action as data altruism or the enhanced use of certain public sector data.

All consultation actions revealed a strong support for the development of common European data spaces, and the human-centric approach to data sharing in general, as presented in the European Strategy on data.

Annex 3: Who is affected and how?

1.Practical implications of the initiative

The planned legislative framework will have a range of practical implications for different groups of stakeholders from the entire data value chain: data holders (public bodies), data reusers (businesses and the research community), data intermediaries (public bodies, patients association, health insurance schemes, and research organisations) and data (co-)producers (individuals and other public sector authorities).

The initiative will benefit public sector bodies (e.g. health institutions, transport authorities, statistical offices) in a number of ways. EU level coordination will facilitate their work by clarifying how data can be used and who can access it, as well as by facilitating the sharing of legal and technical expertise. With more data available for reuse, the public sector will be able to deliver more efficient public services and make more informed decisions, leading to better policies. This will help enhance public-service delivery and facilitate the identification of emerging governmental and societal needs. It can help improve forecasting and the reliability of infrastructures (such as in transportation and utilities).

In the context of the secondary use of data subject to rights of others, two broad categories of data holders and public data intermediaries can be differentiated: statistical offices and health- and social-related data holders/ intermediaries. In terms of data holders: as regards statistical offices (and other public authorities responsible for the development, production and dissemination of statistics), the European Statistical System keeps an up-to-date list that currently contains 286 entities, of which 27 are related to health (and therefore excluded from this count to avoid double-counting). As a result, the number of data holders in the EU27 when it comes to statistical microdata can be estimated to be around 260. As regards health- and social-related data, there are roughly 530 data holders in the health and social domains. In total, therefore, there are around 800 impacted data holders. In terms of public data intermediaries, there are around 110 public data intermediaries in total 171 (except those with a federal structure). 

Academic and research institutions will benefit from the increased availability for reuse of public sector data, the reuse of which can be essential for research purposes for the common good, (e.g. health, location, or social media data) for research and innovative purposes through the proposed measures on the secondary use of data and data altruism. The possibility to reuse new datasets can help review and replicate scientific results, and foster new instruments and methods of data-intensive exploration and scientific experimentation. Academic and research institutions will benefit from the availability of support structures in Member States. In particular, this initiative will help researchers reuse publicly held data subject to conflicting rights under secure and privacy-enhanced environments in a similar way across the EU. This will contribute to the scientific developments and innovation in the EU as a whole, particularly important in situations where EU coordinated action is necessary, like the COVID-19 crisis.

An estimated number of reusers of statistical microdata can be derived from Eurostat’s list of recognised research entities, which lists a total of 666 recognised research entities in the EU27. The total number of data reusers for health and social data overlaps with the research entities recognised by Eurostat: 48 of these conduct research in inter alia social sciences, while 22 conduct research in a health-related domain. However, it also includes a large number of private companies – that number is estimated to be 147 000 companies 172 . Thus, there are roughly 150 000 data reusers impacted in total.

Based on the input collected from the interviews organised through the IA support study, providing high-quality metadata and documentation for scientific datasets requires 5 to 10% of the total project budget, which represents a substantial expenditure. Other sources estimate that the production of metadata and the contextual descriptions of datasets could span an estimated 2 to 3 weeks from an average of a 2-year research grant application (OpenAire 2019).

Industry stakeholders and/ businesses (including SMEs and start-ups) across the economy (e.g. agriculture, finance/banking, energy, transport, sustainability/environment, public services, smart manufacturing and data market places) will in particular benefit the measure taken in this initiative to facilitate cross-sectoral data use at the scale of the EU. They will also be providers of data and as such will be affected by the rules and limitations on data sharing. They will provide information and insights on the type of data governance mechanisms (organisational, technical, legal) needed to capture the potential of data in particular for cross-sector data use, in different data-sharing configurations. Through enhancing interoperability at the technical level and making available generic enabling standards, the initiative will lower transaction costs of data sharing and facilitate cross-sector data sharing. The benefits of standardisation translate into lower technical adaptation costs for a larger range of companies as well as public authorities, lower barriers to enter markets or to develop entirely novel products or services. Such benefits should in particular benefit SMEs that normally cannot influence standardisation prioritisation. SMEs would also substantially benefit from wider availability of public sector data as they typically cannot create large data pools themselves. 

Enhanced access to data for reuse will create new business opportunities for smaller and larger firms. Better access to open government data, for instance, will allow entrepreneurs to develop innovative commercial and social goods and services. An example is RowdMap, an analytics company that uses open data to help healthcare plans, physician groups and hospital systems identify, quantify, and reduce low-value care. In July 2017, the company was acquired for USD 70 million by Cotiviti, a provider of analytics-driven payment accuracy solutions.

In the era of the Internet of Things, data collection by sensors will provide consumers with innovative smart products and services that will increasingly replace traditional products. Also, the data collected in this industry will be of particular utility to private actors in very different business sectors and to public entities. Hence, data collected by smart products will become an important input both for other businesses and for the public authorities.

In addition, the initiative supports the emerging offer of data intermediaries that can make the data economy more fluid, i.e. entities that enable any kind of data holder (persons, business, public sector bodies, academic or not-for profit organisations) to share their data of all types with other organisations, and which may provide additional value-added services. Enhanced data access and sharing will enable many business opportunities for data intermediaries, mobile apps and personal information management systems.

The planned initiative will lower transactions costs in data sharing by supporting the offer of data intermediaries. Companies providing data-sharing services may face an additional burden in terms of certification or labelling, but only if such certification or labelling would become compulsory. Such burden would need to be balanced against the advantages such certification or labelling would provide to them in terms of increased business resulting from more market participants trusting them.

An estimation of the total number of data intermediaries active in the European market could include 100-150 organisations, while the number of data users or data holders affected could entail any European company or individual wishing to buy or sell data through the intermediaries. The companies present big differences in the scale of client base. In particular, Siemens’ Mindsphere counted more than 6 100 customers in March 2020; the client base of the personal data operator Peercraft includes approximately 100.000 uses, while Dawex’ client base include more than 10 000 organisations. Finally, the example of the data trust UK Biobank holds data from about 0.5m people and it includes the number of 946 researchers using its data in its annual accounts of 2018. This would therefore give a ratio of roughly 50 000:1:1 000 (data holders: data intermediary: data reusers).

The initiative will bring enormous benefits to individuals, for example through improved mobility, more personalised medicine, reduced energy consumption and more effective responses to tackle pressing societal challenges, such as climate change and recovering from today’s health pandemic. It will be easier for individuals to allow the use of their data for the public good (e.g. people with rare or chronic diseases allowing for use of data in order to help cure or improve treatment of those diseases) (‘data altruism’). The framework will also empower individuals interested in reusing the data for their own benefit (e.g. for personalised dashboards, services, etc.). Other benefits to the European economy would include: lower switching costs for users when changing providers; lower entry-barriers for firms in digital markets; increased personalisation of goods and services; and increased innovation driven by valuable user-level insights. In addition, access to a greater variety of data to train models and test results could contribute to the ethical and effective use of AI.

The proposed framework envisages structures, mechanisms, technical guidance and standards so that individuals can exercise their rights in a simple and not overly burdensome way and organisations, including research ones, can create value for society while respecting the privacy of individuals.

The wider benefits to society are manifested in cost reduction, quality improvement and greater choice for consumers. Benefits such as reduced healthcare costs, improved levels of care and reduced environmental degradation that are derived from more intelligent and efficient systems accrue to society as a whole, not just particular sectors or groups of consumers.

2.Summary of costs and benefits

The figures cited in the tables below illustrate the costs under the preferred option in relation to its specific elements for different types of stakeholders. They are based on the quantitative model developed as part of the Support study by Deloitte.

The overall methodology used by the study to estimate the baseline scenario, as well as the impacts of the policy options, are provided in Annex 4.

Annex 4: Analytical methods

1.Overall methodology of the study

For each of the sub-tasks, the Study to support an Impact Assessment on enhancing the use of data in Europe (VIGIE 2020-0694) was carried out in three Phases (inception, data collection, and analysis). With regard to the collection of data, the following key methodological and analysis tool were implemented 174 :

-Desk research;

-Interviews with stakeholders;

-Case studies;

-Workshops with key stakeholders;

-Analysis of the public consultation 175 launched by the European Commission

-Targeted questionnaires to legal experts.

An overview of these data collection tools is provided below.

2.Data analysis activities

A market analysis was carried out for sub-task 1.4 (‘Data intermediaries’) to better understand the business environment and data based value chains as well as to identify the key players and key positions on the market.

A legal analysis was carried out for all sub-tasks, with a more in-depth assessment for sub-task 1.2 (‘Establishing an EU wide “Data Altruism” scheme’).

The cost-benefit analysis was elaborated individually for each of the sub-tasks. The evaluation process considered the costs and benefits for the different (main) stakeholders associated with each task. The stakeholders were divided into the following categories: data holders, data co-producers, data reusers, and data intermediaries. Impacts on society, environment, economy and fundamental rights are also taken into account.

The key steps in the CBA are outlined in the figure below.

It is in general possible to calculate the project economic performance measured by the following indicators 176 :

¾Economic Net Present Value (ENPV): The ENPV is defined as the difference between the discounted total socio-economic benefits and the discounted total costs. The ENPV is comparable with the Net Present Value in financial analysis, but it also takes into account the broader socio-economic effects. A positive (economic) net present value indicates that the projected benefits/earnings generated by a project or investment (in present euros) exceeds the anticipated costs (also in present euros). Generally, an investment with a positive ENPV/NPV will be a profitable one and one with a negative ENPV/NPV will result in a net loss. This concept is the basis for the Net Present Value Rule, which dictates that the only investments that should be made are those with positive NPV values.

¾Economic Rate of Return (ERR): The ERR is defined as the rate that produces a zero value for the ENPV; it is comparable with the ROI (Return on investment) respectively the IRR (Internal rate of Return) in financial analysis. It is another metric commonly used as an ENPV/NPV alternative. Calculations of ERR/IRR rely on the same formula as ENPV/NPV does, except with slight adjustments. ERR/IRR calculations assume a neutral ENPV/NPV (a value of zero) and one instead solves for the discount rate. The discount rate of an investment when ENPV/NPV is zero is the investment’s ERR/IRR, essentially representing the projected rate of growth for that investment. Because ERR/IRR is necessarily annual – it refers to projected returns on a yearly basis – it allows for the simplified comparison of a wide variety of types and lengths of investments.

¾Benefit/Cost-ratio (B/C-ratio): The Benefit-Cost ratio is defined as the ratio between the sum of the discounted economic benefits and the sum of the discounted costs. By putting together the outcomes of the several factors analysed and calculated, it is possible to compute and interpret these three pillars of economic analysis. The different expressions are defined as follows.

The economic performance indicators were calculated for each task as well as for each stakeholder, to the extent possible. To do so, assumptions were defined considering the limited availability of quantitative data.

Any CBA is based on a number of assumptions (statistical input as well as certain estimations made by the various stakeholders) that could be critical to the outcome of the analysis. As part of the risk and sensitivity analysis, the critical assumptions were identified and their effects on the outcome determined. Various sensitivity/scenario and risk analyses were performed to analyse the robustness and sensitivity of the results with regard to critical variables.

Impacts that could not be monetized were evaluated in a qualitative manner.

Quality standards for impact modelling

Specific data on costs and benefits is often scarce, inconclusive, and patchy. Any CBA is based on a number of assumptions (statistical input as well as certain estimations made by the various stakeholders) that could be critical to the outcome of the analysis, e.g. qualitative information to fill existing gaps. Oftentimes, these assumptions are based on expert judgment. This means that the data used in the underlying formulas is based on the best data available, challenged and refined (where necessary) by the experts of the consortium for this assignment.

Therefore, in practice, the assumptions used for the CBA are subject to an internal, in-depth peer review process. As part of this process, different assumptions are introduced in the model to compare the different outcomes. Thus, the critical assumptions are identified and their effects on the outcome are determined. This means the risk and sensitivity analysis indicates variances of economic effects as a result of changes of operational figures. Various sensitivity/scenario and risk analyses were performed to analyse the robustness and sensitivity of the results with regard to critical variables.

Figure – Abstract for subtask 1.1

The extent to which an effective sensitivity analysis can be conducted is closely linked to the quality of the CBA. Each of abovementioned calculations was carried out within a Microsoft Excel model that was built specifically for this assignment. Deloitte’s Excel models generally follow the FAST standard 177 , consisting of practical, structured design rules for financial modelling.

·Flexible: Model design and modelling techniques must allow models to be both flexible in the immediate term and adaptable in the longer term. Models must allow users to run scenarios and sensitivities and make modifications over an extended period as new information becomes available - even by different modellers. A flexible model is not an all-singing, all-dancing template model with an option switch for every eventuality. Flexibility is born of simplicity.

·Appropriate: Models must reflect key business assumptions directly and faithfully without being overbuilt or cluttered with unnecessary detail. The modeller must not lose sight of what a model is: a good representation of reality, not reality itself. Spurious precision is distracting, verging on dangerous, particularly when it is unbalanced. For example, over-specifying tax assumptions may lead to an expectation that all elements of the model are equally certain and, for example, lead to a false impression, if the revenue forecast is essentially guesswork.

·Structured: Rigorous consistency in model layout and organisation is essential to retain a model’s logical integrity over time, particularly as a model’s author may change. A consistent approach to structuring workbooks, worksheets and formulas saves time when building, learning, or maintaining the model.

·Transparent: Models must rely on simple, clear formulas that can be understood by other modellers and non-modellers alike. Confidence in a financial model’s integrity can only be assured with clarity of logic structure and layout. Many recommendations that enhance transparency also increase the flexibility of the model to be adapted over time and make it more easily reviewed.

Multi-criteria analysis

In line with the EC’s Better Regulation Guidelines, a Multi-Criteria Analysis (MCA) was carried out, in parallel to the Cost-Benefit Analysis, to identify the preferred policy option for each sub-task.

The MCA is a largely qualitative analysis of the policy options, based on ratings and rankings with quantitative data supporting the assessment. For this reason, MCAs accompany Cost Benefit Analyses and Economic Modelling but do not replace them. As part of the Multi-Criteria-Analysis, the most significant impacts were assessed as a comparison to the baseline scenario:

·Economic impacts;

·Societal impacts; and

·Environmental impacts.

The impacts on Fundamental Rights was used as exclusion criterion.

The following criteria were taken into to assess these impacts:

·Effectiveness, i.e. the extent to which different options would achieve the objectives;

·Efficiency, i.e. comparing the benefits of the options versus the costs (incl. additional and reduced compliance costs);

·Coherence with the overarching objectives of EU policies;

·Legal and political feasibility;

·Compliance of the options with the proportionality principle.

The proportionality principle was used as an exclusion criteria.

The sources of information were also defined, i.e. existing data (i.e. secondary data from other studies or databases), new data (i.e. primary data) derived from interviews, as well as the workshops.

The same assessment criteria were used for all policy options. Using the same criteria ensures comparability across the policy options, which is imperative for the comparison of the options.

When carrying out the assessments, the expected timing of the impacts (one-off, short term, long term) was taken into account, considering changes in the baseline scenario for the specific time-frame considered.

While the impacts were assessed from the point of view of society as a whole, impacts on different groups of society (e.g. data holders, data intermediaries, data reusers) were differentiated.

The picture bellows summarises the key steps leading to a full Multi-Criteria-Analysis.

Annex 5: Subsidiarity grid

Annex 6: Governance framework in third countries

Over the last few years, several countries around the world have put in place mechanisms to boost their data economies by enhancing trust in data sharing. Some of the elements foreseen in this initiative take inspiration from experiences in other countries in the field of data intermediaries and certification schemes for data intermediaries.

Japan: certification schemes for information banks

The Japanese government has tried to increase trust towards Japanese ‘information banks’ - systems for securely accessing personal data with the data subject’s consent 183 - by releasing guidelines on the functions of certification schemes.

Certification is based on government guidelines 184 compiled in June 2018 for information banking services to use personal information while protecting the privacy of individuals. Certification remains voluntary. As part of the certification process, an internal auditing body checks what is done with the personal data. Under the system, information banks allow client firms to tap into their databases only after obtaining consent from data-supplying individuals. In addition, the individuals can select the types of data to be used and grant specific firms access to their data.

In July 2019, the Information Technology Federation of Japan certified FeliCa Pocket Marketing Inc. and Sumitomo Mitsui Trust Bank as information banks 185 .

Endorsement by the federation is not compulsory to commercialise personal data, but it does enhance the credibility of companies as safe data providers.

The Aeon Co. unit and the trust bank have started operations using personal data that they hold. FeliCa, which offers reward points and e-money unique to municipalities trying to reinvigorate their local economies, plans to provide its individual customers’ data to local retailers and small firms to help them set up business strategies. Sumitomo Mitsui Trust aims to capitalise on its database in the healthcare field.

Republic of Korea: data vouchers as intermediaries

The Korea Data Agency 186 started the ‘data voucher’ programme to promote data-based innovative businesses and the surrounding data ecosystem. Data vouchers can be used to purchase and process a dataset by small companies that have difficulties in using data, and promoting the data and AI industries by expanding transactions of purchased and processed data.

They play an intermediary role between the companies that hold the data and the companies that need the data. They are part of the Korean Government’s (Ministry of Science and ICT) initiative to support SMEs in accessing data. The programme is popular, with on average 1 000 data purchases and 640 data processing activities supported annually. Some 2 795 companies applied for the voucher programme last year 187 .

On 11 May 2020, the South Korean Financial Services Commission (FSC) launched a financial data exchange programme to facilitate data transactions between buyers and sellers from financial institutions, fintech firms, retailers and telcos. It will serve as a platform to match data providers and recipients as needed. The FSC will also consider introducing a data voucher programme to help set appropriate data prices and support data purchases 188 .

Australia: public sector designation of trusted data-sharing platform

This example shows that governments can act as or create a trusted third party for data-sharing relationships. In 2017, the Australian government initiated the ‘Data Integration Partnership for Australia’ (DIPA) as an investment to maximise the use and value of the government’s data assets 189 .

DIPA is a whole-of-government collaboration including more than 20 Commonwealth agencies. It improves technical data infrastructure and data integration capabilities across the Australian public service. The agencies make available important data assets such as in the health, education and social welfare sectors, allowing policymakers to gain insights that were not possible before. Sectoral hubs of expertise, independent entities that are funded by the Commonwealth and denominated Accredited Integrating Authorities, enable the integration of those longitudinal data assets. Individual privacy and the security of sensitive data are preserved, as DIPA only provides access to controlled, de-identified, and confidentialised data for policy analysis and research purposes.

(1)

The final form of the legal act will be determined by the content of the instrument.

(2)

  COM/2020/66 final .

(3)

“Data the use of which is dependent on the rights of others” or “data subject to the rights of others” covers data that might be subject to data protection legislation, intellectual property, or contain trade secrets or other commercially sensitive information.

(4)

Reinsel D., Gantz J., and Rydning J., (2018). The Digitization of the World. From Edge to Core , International Data Corporation White Paper No. US44413318.

(5)

European Commission (2020a).  Final Study Report of the Updated European Data Market Study , SMART 2016/0063.

(6)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies , OECD Publishing, Paris.

(7)

OECD (2015). Data-driven innovation: big data for growth and well-being , OECD Publishing, Paris.

(8)

European Commission (2020a).  Final Study Report of the Updated European Data Market Study , SMART 2016/0063.

(9)

 European Commission, Entrepreneurship and Small and medium-sized enterprises (SMEs) .

(10)

European Commission (2020). Shaping the digital transformation in Europe, study prepared by McKinsey.

(11)

 McKinsey (2020).  Shaping the digital transformation in Europe .

(12)

Huyer E. (2020). The economic impact of open data: opportunities for value creation in Europe , European Data Portal Study.

(13)

Idem.

(14)

See Dawex website for more info.

(15)

Rademaekers K. et al. (2017). Environmental potential of the collaborative economy , European Commission.

(16)

Council of the European Union Conclusions (22 March 2019).

(17)

Council of the European Union Conclusions (2 October 2020).

(18)

 Council of the European Union Conclusions (9 June 2020).

(19)

European Data Protection Supervisor (2020). Opinion 03/2020 on the European strategy for data .

(20)

Exscalate4COV webpage .

(21)

  COM(2020) 456 final .

(22)

  OJ L 119, 4.5.2016 , p. 1-88.

(23)

  OJ L 201, 31.7.2002 , p. 37-47.

(24)

Crémer J., de Montjoye Y.-A. and Schweitzer H. (2019). Competition policy for the digital era , Report prepared for Commissioner Vestager.

(25)

  OJ L 172, 26.6.2019, p. 56–83.

(26)

 See COM/2020/66 final .

(27)

  OJ L 188 18.7.2009 , p. 1 as amended by OJ L 151, 14.6.2018, p. 1 .

(28)

  OJ L 337, 23.12.2015 , p. 35-127.

(29)

  OJ L 158, 14.6.2019 , p. 125-199; OJ L 211, 14.8.2009 , p. 94-136.

(30)

  OJ L 220, 25.8.2017 , p. 1-120; OJ L 113, 1.5.2015 , p. 13-26.

(31)

  OJ L 207, 6.8.2010 , p. 1-13.

(32)

  OJ L 249, 31.7.2020, p. 33–48

(33)

See COM/2020/66 final .

(34)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies , OECD Publishing, Paris.

(35)

Idem.

(36)

Idem.

(37)

 Deloitte (2018). Realising the economic potential of machine-generated, non-personal data in the EU , Report for Vodafone Group.

(38)

Horizontal data sharing is defined as sharing between organisations involved in the same commercial or non-commercial point of the value chain, e.g. businesses selling the same product in the same market place. Vertical data sharing is defined as sharing between organisations who have a customer or supplier relationship, directly or indirectly.

(39)

 McKinsey (2020).  Shaping the digital transformation in Europe .

(40)

McCauley D. (2020). The global AI agenda , MIT Technology Review Insights.

(41)

European Commission (2017). Synopsis report consultation on the ‘building a European data economy’ initiative .

(42)

Idem.

(43)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(44)

E.g. the Connector Architecture of the International Data Spaces Association, part of the Gaia-X initiative.

(45)

Deloitte (2018). Realising the economic potential of machine-generated, non-personal data in the EU , Report for Vodafone Group.

(46)

European Commission (2017). Synopsis report consultation on the ‘building a European data economy’ initiative .

(47)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies , OECD Publishing, Paris.

(48)

Idem; Joint Research Centre, Business-to-business data sharing: An economic and legal analysis, 2020.

(49)

  COM/2017/09 final ; SWD/2017/02 final ; the importance of data sharing platforms or institutions is discussed in the French, UK and German data or AI strategies: Villani, Donner un sens à l’intelligence artificielle, 2018, Hall/Pensenti, Growing the artificial intelligence strategy in the UK, 2017, Report German Datenethikkommission, 2019; and in the following reports: OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies ; Open Data Institute, Designing trustworthy data institutions, 2020.

(50)

Joint Research Centre, Business-to-business data sharing: An economic and legal analysis, 2020.

(51)

This will avoid the problem of platformisation that profits from network effects and economies of scope. There is a risk that these neutral entrants may realise that it could be necessary to leave their neutral position and monetise on the data exchanged through their service by offering added value services in other markets. This would lead to problems of data aggregation analysed in consumer platforms discussions. See also JRC (2020); COM/2020/66 final .

(52)

European Commission (2016). An emerging offer of "personal information management services" - Current state of service offers and challenges ; Ctrl+Shift (2014). Personal Information Management Services: An analysis of an emerging market ;

(53)

European Data Protection Supervisor (2016). EDPS Opinion on Personal Information Management Systems , Opinion 9/2016.

(54)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(55)

  COM/2020/264 final .

(56)

European Commission (2018a). Synopsis report of the public consultation on the revision of the Directive on the reuse of public sector information .

(57)

Idem. 

(58)

Centre d’accès sécurisé aux données website .

(59)

FINDATA website .

(60)

European Commission (2018d). Study to support the review of Directive 2003/98/EC on the re-use of public sector information , study prepared by Deloitte.

(61)

Recital 33 of the GDPR ; Halvorson G. C., Permanente K. and Novelli W. D. (2014). Data altruism: honouring patients’ expectations for continuous learning , Institute of Medicine Commentary, Washington, DC.

(62)

European Commission (2018b). Synopsis report of the public consultation on Digital transformation of health and care in the context of the Digital Single Market .

(63)

European Commission (2019c). Special Eurobarometer 503: Attitudes towards the impact of digitalisation on daily lives .

(64)

The notion of ‘donation’ should be used with care as it may suggest that consent for the processing of data can no longer be withdrawn, which would be counter to Article 7(3) GDPR .

(65)

SalusCoop website .

(66)

CNIL (2017) La plateforme d’une ville , CAHIERS IP N.5.

(67)

Corona-Datenspende website .

(68)

Villani, C., (2018). For a meaningful artificial intelligence: towards a French and European strategy , Report from a parliamentary mission from 8 September 2017 to 8 March 2018.

(69)

BBVA (2019).The case for a regulation on data sharing by users to increase European competitiveness, Policy Paper sent to DG CNECT.

(70)

EU Health Consortium (2020). Assessment of the EU Member States’ rules on health data in the light of the GDPR.

(71)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(72)

European Commission (2019b). Reports of the workshops on common European data spaces .

(73)

Deloitte (2018). Realising the economic potential of machine-generated, non-personal data in the EU , Report for Vodafone Group.

(74)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies .

(75)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(76)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(77)

European Commission (2019b). Reports of the workshops on common European data spaces .

(78)

Idem.

(79)

FORCE11 (2020). The FAIR data principles .

(80)

PwC (2018), Cost of not having FAIR research data, Study prepared for DG RTD.

(81)

That applies also for public procurement, which ensures the functioning of many critical public services such as health, education, construction, mobility, security, defence, emergency response, etc.

(82)

 Everis (2018). Study on data sharing between companies in Europe , Study prepared for DG CNECT.

(83)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(84)

 OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies .

(85)

Tombal T. (2020). Economic Dependence and Data Access , International Review of Intellectual Property and Competition Law, Vol. 51.

(86)

 Padilla J. (2020).  Big Tech “banks”, financial stability and regulation , Financial Stability Review, Issue 38.

(87)

Furman (2019). Unlocking digital competition - Report of the Digital Competition Expert Panel .

(88)

 Villani, C., (2018). For a meaningful artificial intelligence: towards a French and European strategy , Report from a parliamentary mission from 8 September 2017 to 8 March 2018.

(89)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(90)

Bughin J., Seong J. et al. (2019). Tackling Europe’s gap in digital and AI , McKinsey Global Institute, Discussion Paper.

(91)

Delcker J. (2018). Merkel warns of AI brain drain to foreign tech companies , Politico.

(92)

See on this and the European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(93)

Statistics Denmark, Data for research .

(94)

European Commission (2020b). Outcome of the online consultation on the European strategy for data . 

(95)

  ECLI:EU:C:2019:1145 .

(96)

  OJ L 172, 26.6.2019 , p. 56-83.

(97)

Article 20 of the General Data Protection Regulation .

(98)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(99)

European Commission (2020a). Final Study Report of the Updated European data market study , SMART 2016/0063.

(100)

European Data Portal (2018). The PSI directive and GDPR .

(101)

  RatSWD (German Data Forum).

(102)

Aholainen J., Finnish solutions for opening up fare data , TRAFICOM; European Data Portal (2017). Smart mobility in Finland .

(103)

Cuggia M. and Combes S. (2019). The French health data hub and the German medical informatics initiatives: two national projects to promote data sharing in healthcare , Yearbook of Medical Informatics.

(104)

SITRA website .

(105)

Similar arrangements have been tested and worked well in the context of re-use based on the Open Data Directive. The need for a similar provision for data not covered by the open data Directive was already signalled in the evaluation report of the Directive.

(106)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies , OECD Publishing, Paris, pp. 36-39; The ODI (2020). How do we create trustworthy and sustainable data institutions? Blog piece.

(107)

Bradbury D. (2020). Distrust of Big Tech is contact tracing’s biggest hurdle , InfoSec Blog; Hutchinson A. (2020). New report shows universal distrust in social media as a news source , SocialMediaToday; CISION PR Newswire (2019). Brand reputation at risk from consumers' data distrust .

(108)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(109)

European Commission (2020c). Report of the workshop on labels for/certification of providers of technical solutions for data exchange .

(110)

Barclays, BBVA, Deutsche Bank AG, HSBC, ING Group and Banco Santander (2019). Advancing the EU data framework: user data sharing, Policy Paper sent to DG CNECT.

(111)

European Commission (2020b). Outcome of the online consultation on the European strategy for data .

(112)

Examples of such standards are: description of actors in a data sharing ecosystem, identification of persons, legal entities and connected objects, authentication, permissions on data use (consent in the case of personal data), portability of permissions (consent).

(113)

For more information on these approaches, see: European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(114)

For more information on these approaches, see: European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(115)

European Commission (2020a).  Final Study Report of the Updated European Data Market Study , SMART 2016/0063.

(116)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies , OECD Publishing, Paris.

(117)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(118)

 McKinsey (2020).  Shaping the digital transformation in Europe .

(119)

OECD (2019). Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies .

(120)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(121)

Idem.

(122)

Idem.

(123)

E.g. in Romania, and Bulgaria the share of data companies’ total revenues in 2019 were 3.5% and 3.9% respectively, similarly to Member States such as France (3.9%). Source: The European Data Market Monitoring Tool .

(124)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(125)

SWD(2018) 125 final; OJ L 134, 31.5.2018, p. 12-18.

(126)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(127)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(128)

Idem.

(129)

Idem.

(130)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(131)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(132)

European Commission (2020c). Report of the workshop on labels for/certification of providers of technical solutions for data exchange .

(133)

Idem.

(134)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(135)

Idem.

(136)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(137)

Idem.

(138)

Idem.

(139)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(140)

Idem.

(141)

Idem.

(142)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(143)

Idem.

(144)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(145)

Idem.

(146)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(147)

European Commission (2020). The European Digital Strategy .

(148)

European Commission (2019a). SME panel consultation B2B data sharing - Final Report .

(149)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(150)

European Commission (2020c). Report of the workshop on labels for/certification of providers of technical solutions for data exchange ; European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(151)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(152)

European Commission (2019a). SME panel consultation B2B data sharing - Final Report .

(153)

European Commission (2020c). Report of the workshop on labels for/certification of providers of technical solutions for data exchange ; European Commission (2020, forthcoming).

(154)

 European Commission (2018b). Synopsis report of the public consultation on Digital transformation of health and care in the context of the Digital Single Market .

(155)

European Commission (2020c). Report of the workshop on labels for/certification of providers of technical solutions for data exchange .

(156)

 EDPS (2020). Opinion 03/2020 on the European strategy for data .

(157)

  SWD/2017/350 .

(158)

Idem.

(159)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(160)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(161)

Idem.

(162)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(163)

Idem.

(164)

European Commission (2020). Support Study to this Impact Assessment, SMART 2019/0024, prepared by Deloitte.

(165)

 url to be added when created

(166)

  COM/2017/9 ; COM/2018/232 .

(167)

 Everis (2018). Study on data sharing between companies in Europe , Study prepared for DG CNECT.

European Commission (2018c). Study on emerging issues of data ownership, interoperability, (re-)usability and access to data, and liability , study prepared by Deloitte.

European Commission (2017). Synopsis report consultation on the ‘building a European data economy’ initiative . European Commission (2019a). SME panel consultation B2B data sharing - Final Report .

European Commission (2018d). Study to support the review of Directive 2003/98/EC on the re-use of public sector information , study prepared by Deloitte.

(168)

  COM/2020/66 final .

(169)

  https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12491-Legislative-framework-for-the-governance-of-common-European-data-spaces  

(170)

 Council of the European Union Conclusions (9 June 2020).

(171)

It is unlikely that a given Member State would have more than one public data intermediary for the same domain, since the reason behind their existence is to streamline procedures.

(172)

This estimation was reached using:

a)the number of people employed in the healthcare industry (800,000 in 2012 in the EU). See the website of the European Commission on Healthcare Industries.

b)the number of active businesses in the EU (27,5 million in 2017), and

c)the number of employed persons in the EU (150 million persons in 2017). See Eurostat, Business demography statistics . These figures were used to reach an average number of employees per active business (150,000,000/27,500,00=5,45); from which the number of healthcare businesses was derived (800,000/5,45=146788.99) and rounded-up.

(173)

These numbers show the aggregate amount for the entire EU27, including the costs for all Member States.

(174)

The data collected through the implementation of the above tools will be analysed through the application of the following analytical methods and processes: Legal analysis; Triangulation; Analysis of costs and benefits; and Multi-Criteria Analysis.

(175)

  https://ec.europa.eu/digital-single-market/en/news/online-consultation-european-strategy-data

(176)

Source: European Commission, 2014: Guide to Cost-Benefit Analysis of Investment Projects – Economic appraisal tool for Cohesion Policy 2014 – 2020.

(177)

See: http://www.fast-standard.org/wp-content/uploads/2016/06/FAST-Standard-02b-June-2016.pdf

(178)

  Protocol (No 2) - On the Application of the Principles of Subsidiarity and Proportionality.

 

(179)

 Council of the European Union Conclusions (9 June 2020).

(180)

European Union: The EU in brief .  

(181)

Council of the European Union Conclusions (22 March 2019).

(182)

 Council of the European Union Conclusions (9 June 2020).

(183)

 D. A. Consortium (2018 ). Pilot testing begins on an “information bank,” a new system for storing personal data , News Release.

(184)

 Ministry of Economy, Trade and Industry (2018).  Release of the Guidelines of Certification Schemes Concerning Functions of Information Trust ver. 1.0 .

(185)

 Jiji (2019). Japan grants certification for first time to 'information banks' , The Japan Times.

(186)

  Korea Data Agency .

(187)

Information provided by the EEAS Delegation to Seoul.

(188)

 Pulse (2020). Korea to launch financial data exchange in March .

(189)

 Australian Government, Department of the Prime Minister and Cabinet (2017). Data Integration Partnership for Australia .