European privacy regulators warned EU legislators today about privacy risks posed by a key piece of legislation on data-sharing.
In a joint opinion published today on the Data Governance Act, the European Data Protection Supervisor (EDPS) — in charge of overseeing EU institutions — and the European Data Protection Board (EDPB) — which gathers EU privacy watchdogs — said the text lacked precision and clarity.
“The EDPB and EDPS consider that the EU legislator should ensure that the wording of the DGA clearly and unambiguously state that this act will not affect the level of protection of individuals’ personal data, nor will any rights and obligations set out in the data protection legislation be altered,” the opinion reads.
The Data Governance Act is the first plank of a broader data strategy that aims to create a single market for data across the EU.
The data protection chiefs also draw attention to the so-called “data altruism” provision, which will allow for individuals and public sector entities to donate their data for the public good, and the creation of “data intermediaries” — brokers of data that will act as neutral clearinghouses for data sharing that will not be allowed to profit off their clients’ data.
They suggest legislators should ensure that the future data regulation is fully in line with the GDPR.
Wojciech Wiewiórowski, the EU’s data protection supervisor, previously said he had some doubts about the “precision of the notions which are used in the Data Governance Act.”
The Commission proposal has drawn a lot of criticism from stakeholders as being unclear. The first compromise text drafted by the Portuguese presidency and obtained by POLITICO added new definitions and clarified terms such as “data sharing service provider” and “data altruism,” using the GDPR as a reference.
Data rights groups have sounded the alarm over some aspects of the DGA, which they say could undermine Europe’s legacy on data protection.