Towards a European Data Economy: A Quick Overview of EU Data Acts and EU common data spaces.
The new tools of the EU data strategy
As the digital landscape continues to evolve, the European Union (EU) is determined to establish itself as a prominent data economy alongside global players like China and the United States. The EU envisions an internal data market where information can flow freely across countries and sectors. However, while pursuing this goal, the EU Commission wants to preserve the core European values and fundamental rights. This blog post provides an overview of the EU's proposed data acts, highlighting their significance in addressing the challenges and opportunities presented by the data-driven economy. The legal framework concerning the data economy in Europe is fragmented, lacking a cohesive narrative that effectively connects various regulations. This fragmentation inadvertently hinders the intended objective of fostering data sharing and instead creates data silos. The EU Commission has devised a strategic plan that aims to level the playing field, foster data sharing and competition, and cultivate a thriving data economy. The plan includes the introduction of five key proposals, collectively known as the "Big Five": Data Governance Act, Data Act, Data Market Act, Digital Service Act, and Artificial Intelligence Act.
Data Governance Act (DGA):
The DGA seeks to facilitate public data sharing between government entities, private sectors, and citizens by establishing common European data spaces. By encouraging data sharing in a trusted and secure environment, the DGA aims to unlock the potential of data-driven innovation while upholding privacy and data protection.
Data Markets Act (DMA):
The DMA addresses the issue of dominant digital platforms controlled by "gatekeepers" that benefit from strong network effects. Its primary objective is to introduce more competition into these platforms, ensuring fair and non-discriminatory conditions for businesses. The DMA leverages competition law to regulate very large specific companies and promote a level playing field for market participants.
Digital Service Act (DSA):
The DSA focuses on services provided on top of digital platforms, like those targeted by the DMA. It operates on the principle that what is illegal offline should also be illegal online. The DSA establishes guidelines to combat the dissemination of illegal content or misinformation. It mandates platforms to enable users to report illegal content, dispute blocked or suspended content and provides users with transparency regarding targeted advertising upon request.
Artificial Intelligence Act (AIA):
With the AIA, the EU seeks to strike a balance between citizen security and the development of new AI solutions. This act employs a risk-based approach, classifying different uses of AI as an unacceptable risk, high risk, limited risk, or minimal risk. It primarily focuses on AI systems that pose a high risk to fundamental rights and safety, ensuring transparency and accountability in their operation.
Data Act (DA):
The DA establishes common rules for data usage and access across all economic sectors. It primarily focuses on non-personal data within business-to-business (B2B), business-to-customer (B2C), and business-to-government (B2G) interactions. The act aims to encompass a wide range of IoT systems responsible for data collection, including connected vehicles, household IoT devices, virtual assistants, and others.
Fostering data sharing: Data Spaces
The European strategy for data aims to create a single market for data that will support both Europe’s global competitiveness and its data sovereignty. Creating common European data spaces will allow data from across the EU, both from the public sector and businesses, to be exchanged in a trustworthy manner and at a lower cost, thereby boosting the development of new data-driven products and services. Data spaces are composed of both the secure technological infrastructure and the governance mechanisms.
Technologies at the service of data sharing
Privacy Enhancing Technologies (PETs) are a set of tools and techniques designed to protect individuals' privacy while using digital services and handling personal data. These technologies aim to ensure that data is collected, stored, processed, and shared in a privacy-preserving manner while still allowing for the necessary functionalities and services.
Differential Privacy is one of the PETs that can be utilized in various contexts to protect personal data while allowing for data analysis and insights. In the context of the European Data acts proposals, the proposal where Differential Privacy could potentially be employed is the Data Governance Act (DGA).
By applying Differential Privacy techniques to data shared within the common European data spaces, organizations and individuals can contribute their data while maintaining a high level of privacy protection. Differential Privacy adds noise or randomness to the data analysis process, making it difficult to identify individual-level information while still allowing for meaningful insights to be derived from the aggregated data.
However, it is important to note that while Differential Privacy can provide a strong privacy guarantee, its implementation should be carefully designed and properly configured to balance privacy protection and data utility. The specific details regarding the application of Differential Privacy in the DGA would depend on the regulations and guidelines set forth in the act itself and any accompanying technical specifications or standards that may be developed.
In conclusion, by setting fair rules for data sharing and use, the EU aims to position itself as a global leader in the data economy, ensuring that Europe's values and citizens' rights remain at the forefront of this transformative journey.