‘Open yet sovereign’: Europe proposes a new data regime to boost its digital economy
The European Union has proposed new rules to allow companies access to public and personal data, an effort to compete with U.S. and Asian giants and encourage innovation in areas like climate change and health.
The rules proposed by the European Commission, the bloc’s executive body, would grant businesses and research organizations access to data normally blocked off due to privacy, commercial confidentiality, or intellectual property rights. It will also make it easier for people to donate their data for non-commercial research.
The bloc’s tough data protection rules, called the General Data Protection Regulation or GDPR, would still apply, and companies and public agencies would need to implement technical solutions to ensure privacy is respected. Personal data, for instance, would need to be anonymized before companies were granted access.
“With the ever-growing role of industrial data in our economy, Europe needs an open yet sovereign single market for data,” said Internal Market Commissioner Thierry Breton, adding the regulation would “help Europe become the world’s number one data continent.”
The EU hopes that by giving companies access to more data, it will support businesses to build new services and products but also help researchers tackle societal challenges.
Under the proposal unveiled Wednesday, companies won’t be required to have their headquarters in Europe or forced to keep data in the region, but they would have to appoint local representatives to handle participation in the program.
Companies would also have to implement legal or technical measures to avoid having to comply with abusive or unlawful requests for data held in Europe from third country authorities, EU officials said. Both the U.S. and China impose rules on their companies that can require them to hand over data even if it’s stored abroad.
Any requests for data access to be considered lawful would have to be protected by an international agreement or respect European principles, including that the purpose for access is well-specified, an EU official said. Companies could also impose double encryption as a protective measure, the official said.