On March 10th, 2021, the EDPB and EDPS adopted a joint opinion on the proposal for a Data Governance Act (DGA). The EDPB and EDPS consider that the EU legislator should ensure that the wording of the DGA clearly and unambiguously state that this act will not affect the level of protection of individuals’ personal data, nor will any rights and obligations set out in the data protection legislation be altered.
Concerning the reuse of personal data held by public sector bodies, the EDPB and EDPS recommend aligning the DGA with the existing rules on the protection of personal data laid down in the GDPR and with the Open Data Directive. Furthermore, it should be clarified that the reuse of personal data held by public sector bodies may only be allowed if it is grounded in EU or Member State law. Such laws should include a list of clear compatible purposes for which further processing may be lawfully authorised or constitutes a necessary and proportionate measure in a democratic society to safeguard the objectives referred to in Article 23 of the GDPR.
On data sharing service providers, the joint opinion highlights the need to ensure prior information and controls for individuals, taking into account the principles of data protection by design and by default, transparency and purpose limitation. Furthermore, the modalities upon which such service providers would effectively assist individuals in exercising their rights as data subjects should be clarified.
For more information and to see the press release of the EDPB and EDPS opinion, click here.