Let’s resume our analysis of the EU Regulation known as the Data Governance Act, examining the data intermediation and data altruism services and the implications with the data protection regulation.
2- Data Intermediation Services
In the original version of the proposed regulation, the provision of specific data sharing services – both personal and non-personal – had raised serious concerns about the proper balance between DGA and GDPR. In its final version, the DGA replaced such services with data intermediation services which involve data sharing.
It follows that the provision:
- by the data subject to the data user, will have as its object the personal data of the data subject allowing, in particular, the exercise of the data subject’s rights;
- by the data controller to the data user, may have as its object both personal data and non-personal data but will still have to be done on the basis of Union or national law, i.e., in compliance with the requirements of the GDPR with regard to personal data.
Article 10 of the DGA distinguishes data intermediation services into three categories:
- intermediation services between data holders and potential data users
- intermediation services between data subjects that seek to make their personal data available and potential data users
- services of data cooperatives i.e., services that help data subjects or sole proprietorships, micro-enterprises, small and medium-sized enterprises in the transparency and management of consent to processing.