The scope of the DGA covers all types of data, including personal data and industrial or non-personal data. As regards personal data, the General Data Protection Regulation (GDPR) applies anyway and prevails over the provisions of the DGA, in case of conflict.
The joint opinion of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), published on 11 March 2021, underlines the importance of ensuring that the new data governance rules fully respect the principles of personal data protection established by the GDPR. The opinion puts forward a number of recommendations, in particular in regards to transparency, data security and the rights of data subjects.
In particular, it is recommended that data intermediaries and altruistic organisations provide clear information on the use of data and put in place robust security measures.
It is also necessary to ensure the interoperability of data systems aimed at removing technical barriers that could hinder the exchange and use of data (subject to compliance with the requirements of the DGA and the provisions of the GDPR with regard to personal data) and to ensure that the consent of individuals for data altruism is free and informed.
Finally, the opinion highlights concerns about data transfers outside the EU, recommending specific provisions to ensure a level of protection equivalent to that of the GDPR.
These recommendations aim to strengthen the protection of personal data while facilitating data sharing and re-use in the EU, thus ensuring a more robust and reliable data governance framework.