One of the main points of the proposed DGA is the Council’s aim to define a new business model for data intermediation services that would serve as trusted environments for organisations or individuals to share data.
The Council highlights that data intermediation services will help:
support voluntary data sharing between companies
facilitate the fulfillment of data sharing obligations set by law
organisations share data without fear of it being misused or losing competitive advantage
individuals exercise their rights under the GDPR
enable individuals to gain control over their data and allow them to share it with trusted companies
The Council also explains that the control that individuals will gain over how they share their data will be managed via novel personal information management tools, such as personal data spaces or data wallets. These are apps that share such data based on the data subject’s consent. Data intermediation service providers will be prohibited from profiting from the data that they handle, however they will be able to charge a fee for their services. The DGA also provides for certifications to identify compliant providers of data intermediation services.
Additionally, the DGA would introduce safeguards against the unlawful transfer of non-personal data similar to how personal data transfers are regulated under the GDPR. The European Commission would be able to adopt adequacy decisions for countries that have the appropriate safeguards in place to protect non-personal data to an EU standard. The Commission may also develop a set of contractual clauses for scenarios where non-personal data is transferred to a third country, as explained by onetrust.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now