In May 2022 we presented the following comments
in the course of consultations held by the European Commission.
- The Data Act is another legislative initiative (after the Data Governance Act), which is part of the European Data Strategy, and aims at building a data-based economy and society and creating a single market that will allow the free movement of data within the EU. We support the idea expressed by the European Commission on the need to ensure balance between the flow and broad use of data and a high level of privacy, security and ethics. We consider it essential to ensure appropriate balance between efficiency in the flow and use of data in the proposed regulation, while respecting the values relating to citizens’ rights.
- The Foundation considers it appropriate to regulate the possibility of the public sector’s use of the data collected by the business sector. Provision should be made for the possibility of the public sector bodies and EU institutions, agencies or bodies to use the data held by enterprises in specific cases of exceptional need to access the data, with full consideration of the principle of transparency. The proposed regulation provides for certain solutions to safeguard the transparency of the mechanism for obtaining information between the public sector and businesses, including Article 17(2)(f) and Article 31(3)(g).
- The draft of the Data Act provides that upon request, a data holder shall make the data available to the public sector body or to an EU institution, agency or body demonstrating an exceptional need to use the requested data (Article 14(1)). The regulation establishes the obligation for the public sector entity to make the content of the requests public online without undue delay (Article 17(2)(f)).
- In order to ensure greater efficiency of the proposed solutions, we postulate the creation of a register, publicly available online, containing requests for the provision of data from the public sector (at the Member State level). The register could be maintained by a Member State authority responsible for the application and enforcement of the proposed regulation. We propose that the scope of the register should include all requests for data access by public sector bodies submitted under Chapter V.
- The tasks of the body responsible for the implementation and enforcement of the proposed regulation in a Member State include ensuring the online public availability of requests for access to data submitted by public sector bodies in the case of public emergencies under Chapter V; (Article 31(3)(g)). In addition to the scope of the above-mentioned tasks, the authority would therefore find other conclusions not related to the premise of public emergency, i.e. requests submitted (pursuant to Article 15(c)(1) and (2)) in view of the circumstances where the lack of available data prevents the public sector body or EU institution, agency or body from carrying out a specific task in the public interest that has been explicitly provided by law, and
○ the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure timely availability of data; or
○ obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden on the data holders or other enterprises.
- We trust that the security of the obligation to publish the content of requests for data provision should apply to all requests submitted by the public sector pursuant to Article 14(1).