Data Governance Act Representative
EDPO provides high-quality representative services pursuant to the Data Governance Act (DGA)
The DGA, in application since 24 September 2023, aims to facilitate data sharing across the EU. Notably, the DGA creates legal obligations for providers of Data Intermediation Services and Data Altruism Organizations. These include the obligation to designate a legal representative in one of the Member-States where data intermediation and/or data altruism services are being provided (unless the provider of those services is established in the EU).
Non-compliance with the law may result in fines, cessation of the provision of services, removal from relevant public registers and/or reputational damage. It is crucial for non-EU providers of these services to comply with these new requirements to avoid any legal or financial consequences.
Are you interested in appointing EDPO as your legal representative for the DGA? Sign-up using the form below or contact us!
Do you need to appoint a Data Governance Act representative in the EU?
You need to appoint a Data Governance Act representative if:
- You are not established in the EU; and
- You provide or intend to provide data intermediation services in one of the Member States of the EU; and/or
- You engage or intend to engage in data altruism activities in one of the Member States of the EU.
Frequently Asked Questions
What is the DGA?
The DGA is part of the European strategy for data, and seeks to promote data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles to the reuse of data. It includes provisions to support the creation and development of European data spaces in certain areas such as health, environment or finance.
In practice, the DGA has mechanisms that i) promote the re-use of certain data in the public sector; ii) ensure data intermediaries act in a trustworthy manner to promote data sharing or pooling; iii) make it easier for individuals or businesses to make their data available for altruistic purposes; iv) provide general measures to facilitate data sharing across sectors and borders.
What is the territorial scope of the DGA?
There is no specific article in the DGA that defines its territorial scope. However, the DGA outlines certain criteria which determine when data intermediation services and data altruism organizations located outside the EU can be considered as providing services within the EU, and consequently, need to designate a legal representative in the EU.
Who does the DGA apply to?
The DGA applies to i) public sector bodies, ii) data intermediation services and iii) data altruism organizations.
What is a legal representative?
A legal representative is a natural or legal person established in the EU that is explicitly designated to act on behalf of a data intermediation services provider or a data altruism organization, which may be addressed by the respective competent authorities in addition to or instead of the data intermediation services provider or data altruism organizations, with regard to obligations under the DGA, including with regard to initiating enforcement proceedings against a non-compliant data intermediation services provider or entity not established in the EU.
What are data intermediation services?
Data intermediation services are services which aim to establish commercial relationships for the purposes of data sharing between data subjects and data holders on the one hand, and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data.
Data intermediation services include services of data cooperatives, which are services that are offered by an organizational structure constituted by data subjects, one-person undertakings or SMEs who are members of that structure, having as its main objectives to support its members in the exercise of their rights with respect to certain data (e.g., by helping them make informed choices before they consent to data processing or by negotiating terms and conditions for data processing on their behalf).
What are examples of data intermediation services?
Below are some examples of data intermediation services as provided on the website of the European Commission:
“With its Data Intelligence Hub, Deutsche Telekom offers a data marketplace in which companies can securely manage, provide and monetize good quality information, for example production data, in order to optimise processes or entire value chains. Telekom takes the role of a neutral trustee and guarantees data sovereignty through decentralised data management. Currently more than 1,000 users from over 100 different companies are active on the platform.
DAWEX is a French company that describes itself as a ‘global data marketplace’. Dawex does not purchase or sell data but brings together companies interested in monetising and re-using data, and fosters transparency between data suppliers and users by ensuring that they communicate and conduct the transaction directly on its platform. Dawex developed a series of tools to help both data suppliers and users to understand, assess and communicate about the data. Visualisation tools (e.g. heat maps, tree maps) provide data users with different information about a complete dataset that can be securely shared before a transaction is completed. Sampling tools automatically generate representative data samples based on algorithms to avoid any bias. Data users and data suppliers communicate using a messaging tool embedded in the platform. Additionally, Dawex supports the negotiation of the contractual agreement by model terms that can be automatically generated.
API-AGRO is an agricultural data-sharing hub which uses the Dawex technology. This technology fosters an agricultural ecosystem involving numerous actors and a neutral intermediary (the Api-Agro platform) where there is a clear separation between the intermediation role and other activities related to the use of the data. Api-Agro does not monetise the data, but functions as a neutral third party that connects data holders and data users.”
What are examples of services that are NOT data intermediation services?
The following non-exhaustive list of services are excluded from the definition of data intermediation services:
- services that obtain data from data holders and aggregate, enrich or transform the data for the purpose of adding substantial value to it and license the use of the resulting data to data users, without establishing a commercial relationship between data holders and data users;
- services that focus on the intermediation of copyright-protected content;
- services that are exclusively used by one data holder in order to enable the use of the data held by that data holder, or that are used by multiple legal persons in a closed group, including supplier or customer relationships or collaborations established by contract, in particular those that have as a main objective to ensure the functionalities of objects and devices connected to the Internet of Things;
- data sharing services offered by public sector bodies that do not aim to establish commercial relationships.
What are data altruism organizations?
Data altruism organizations are i) legal persons, ii) carrying out data altruism activities; iii) operating on a not-for-profit basis, iv) legally independent from any entity that operates on a for-profit basis, v) carrying out their altruism activities through a structure that is functionally separate from its other activities, vi) that seek to support objectives of general interest by making available relevant data based on data altruism.
Data altruism is defined as the voluntary sharing of data on the basis of the consent of data subjects to process their personal data, or permissions of data holders to allow the use of their non-personal data without seeking or receiving a reward that goes beyond compensation related to the costs that they incur where they make their data available for objectives of general interest.
What are examples of data altruism organizations?
Below are some examples of data altruism organizations as described on the website of the European Commission:
“MyData Global aims to ‘empower individuals by improving their right to self-determination regarding their personal data.’ While the overall goal extends beyond data altruism, the organisation provides a trusted interface for members to give consent to the use of their personal data for specific purposes.
The Smart Citizen platform allows citizens to share data on noise levels and pollution in their home collected through sensors. This provides essential information to map noise and air quality, and for researchers and governments to develop targeted solutions to these issues.
The German Corona-Datenspende-App was set up to collect data (e.g. heart rate, body temperature, blood pressure, sleeping patterns) from fitness bracelets and smartwatches. By monitoring this data, researchers could identify at an early stage possible Covid-19 hotspots.”
What is the sanction for not designating a legal representative?
Data intermediation services providers
The DGA clearly states that if a data intermediation services provider is not established in the Union and fails to designate a legal representative, the competent authority for data intermediation services shall have the power to postpone the commencement of or to suspend the provision of the data intermediation service until the legal representative is designated.
In addition, the competent authority for data intermediation services has the power to impose, through administrative procedures, dissuasive financial penalties, which may include periodic penalties and penalties with retroactive effect, to initiate legal proceedings for the imposition of fines, or both.
Data altruism organisations
The competent authority for data altruism organisations has the power to require the cessation of infringements immediately or within a reasonable time limit and it can take measures with the aim of ensuring compliance.
Non-compliance with the DGA may result in i) the loss of the right to use the label ‘data altruism organisation recognised in the EU in any written and spoken communication; ii) the removal from the relevant public national register of recognised data altruism organisations and the public EU register of recognised data altruism organisations.