Shaping European Data Governance: The Future of Digitalisation According to the European Union

The idea that society should benefit from data that has been generated using public funds has been part of European Union (EU or Union) policy for a long time. A typical example is the collection of energy efficiency certificates (EPC) for buildings across jurisdictions. Directive (EU) 2019/1024, as well as sector-specific legislation, ensures that the public sector makes the data it produces easily available for use and re-use. That being said, certain categories of data in public databases is often not made available, not even for research or innovative activities. This data includes commercially confidential data, data subject to statistical confidentiality, and data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation.

Due to the sensitivity of this data, certain technical and legal procedural requirements must be met before it can be made available. This ensures the safeguard of rights others have over such data. Such requirements are usually time- and knowledge-intensive to fulfill. Unfortunately, this procedural process has led to the underutilization of such data across Europe. While some Member States are setting up structures, processes and sometimes legislate to facilitate this type of re-use, the practices are inconsistent

There are a number of techniques that enable, and even guarantee, privacy-friendly analyses of databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Specific examples are the use of borrower identifiers and property identifiers etc. based on the Eurostat or other statistical standards. The application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal data and commercially confidential business data for research, innovation, and statistical purposes. In many cases, this implies that the data use and re-use can only be done in a secure processing environment. There is experience at the Union level with such secure processing environments that are used for research on statistical microdata on the basis of Commission Regulation (EU) 557/2013, which used EPC type of data. In general, insofar as personal data is concerned, processing of personal data should rely upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679. The categories of data held by public sector bodies that should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024. This directive excludes data that is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights, such as information on the building owners.

Personal data falls outside the scope of Directive (EU) 2019/1024 to that extent that the access regime excludes or restricts access to such data for reasons of data protection, privacy, and the integrity of the individual, in particular in accordance with data protection rules.

The promotion of the availability of datasets across Europe to develop new products and services is key for the EU green plan. Our team is particularly concerned with the access to data relating to energy performance certificates (EPC). If this is not available in an open-source platform and matched with credit data from the financial sector the green agenda will take longer to implement and deliver.

Several strong examples of data availability already exist in Europe. EPCs such as ADEME in France or CENED in the Lombardy Region in Italy are readily available for those who wish to see and use the data and their availability has already led to research and innovation. More needs to be done following such positive examples.