Data Strategy Briefing — February 19, 2020

Executive briefing: The European Commission’s 19 February 2020 European Data Strategy set out a single market vision for trusted data circulation across Member States, backed by sector-specific data spaces, cloud-to-edge interoperability, and a new governance framework for intermediaries that trade or steward data assets. The strategy is the policy spine for later instruments such as the Data Governance Act (DGA), the proposed Data Act, and forthcoming sectoral rules for health, mobility, and energy data.

The communication pairs investment plans (EUR 4–6 billion for common European data spaces, with at least EUR 2 billion earmarked for a federated cloud-to-edge infrastructure) with regulatory guardrails intended to preserve fundamental rights while enabling cross-border reuse. It prioritises high-quality industrial, public-sector, and scientific datasets, anticipates stricter oversight for data-sharing service providers, and signals new obligations for firms monetising European data or operating platforms inside the EU digital single market.

Data spaces and interoperability

The Commission plans “common European data spaces” in priority sectors where cross-border pooling can accelerate innovation without eroding trust. The initial roadmap covers manufacturing and industrial data, the European Green Deal (environment and climate), mobility and transport, health, financial services, energy, agriculture, public administration, and skills. Each space is expected to use harmonised vocabularies, metadata, and APIs so companies and governments can exchange data while respecting confidentiality, intellectual property, and trade secrets.

To keep sovereignty with data holders, the strategy calls for a federated cloud-to-edge infrastructure built on open standards, portability, and reversibility. It foresees common reference architectures, security baselines aligned to ENISA guidance, and certification schemes that mirror GDPR concepts of privacy by design. Interoperability is also framed as a procurement and standards effort: the EU will co-fund open-source building blocks, promote standard contractual clauses for data sharing, and leverage public-sector reuse rules from the Open Data Directive to expand high-value datasets.

Health and mobility illustrate the practical ambitions. The strategy announces a European Health Data Space to enable secondary use of electronic health records, genomics, and registries for research and public health while embedding strict access controls. In mobility, the Commission references efforts such as delegated regulations under the ITS Directive to ensure vehicle, traffic, and infrastructure data can be shared securely with mobility-as-a-service platforms, urban planners, and safety regulators.

Governance and stewardship model

The strategy previewed the Data Governance Act, proposed later in 2020, to create a legal category for “data intermediation services” that broker business-to-business or business-to-government sharing without acquiring ownership. These providers will face registration, structural separation between brokerage and data use, and security obligations, overseen by national competent authorities and a European Data Innovation Board (EDIB) that coordinates standards and cross-border cooperation.

It also encouraged data altruism schemes where individuals and organisations voluntarily permit reuse for the public good. Under the DGA, recognised data altruism organisations must register, follow transparency rules, and use harmonised consent forms to reduce friction for cross-border research. The strategy anticipates that trustworthy intermediaries and altruism frameworks will reduce fragmentation, making it easier for SMEs and public bodies to access data without negotiating bespoke bilateral agreements.

Governance extends to technical stewardship. The Commission highlights the need for common rulebooks covering access control, licensing, liability allocation, and dispute resolution. It expects standard-setting bodies and industry alliances to define interoperability profiles (e.g., data models, identifiers, logging requirements) while EU funding supports reference implementations. The EDIB is tasked with advising on these rulebooks, ensuring alignment with competition law and privacy safeguards.

Compliance impacts and obligations

Organizations operating in or targeting the EU should map the strategy’s legislative follow-through to their compliance roadmap. Key implications include:

• New regulatory perimeter for intermediaries: Data intermediation services (including data marketplaces and industrial data-sharing platforms) must register and meet neutrality, security, and separation-of-duties requirements under the DGA. Firms that both broker and exploit data will need structural safeguards to avoid conflicts of interest.
• Business-to-government (B2G) data sharing expectations: The strategy commits the Commission to propose minimum B2G frameworks where public authorities have an exceptional need, such as crisis response. Later consultations and the Data Act proposal outline compensation principles, confidentiality protections, and transparency obligations, indicating future duties for holders of high-value datasets during emergencies.
• Business-to-business (B2B) access and cloud switching: The proposed Data Act (COM(2022) 68) operationalises the strategy by granting users of connected products and related services rights to access and share the data they generate, imposing fairness rules on contract terms, and mandating cloud/edge service switching with caps on exit fees. Vendors should assess portability tooling, API maturity, and lock-in risks ahead of enforcement.
• Fundamental rights and confidentiality safeguards: The strategy reiterates that GDPR, ePrivacy rules, trade secret protections, and competition law apply to data-sharing arrangements. Privacy-preserving techniques (pseudonymisation, differential privacy, secure processing environments) are encouraged to balance reuse with confidentiality obligations.
• Certification and conformity signals: Forthcoming labels for data intermediaries and potential cybersecurity certification schemes for cloud providers will create market signals. Early alignment with ISO/IEC 27001, ISO/IEC 27701, and EUCS discussions can reduce later remediation.

The Commission also flags public-sector reuse obligations. Under the Open Data Directive’s high-value dataset implementing act, public bodies must publish specific geospatial, earth observation, meteorological, statistical, company, and mobility datasets free of charge and via APIs. That requirement complements the Data Strategy by enlarging the commons of reliable base data for innovators, especially in climate, urban planning, and logistics.

Timeline and implementation signals

Although the strategy is a 2020 communication, many elements are now live or advancing through co-legislation. The DGA entered into force in June 2022 with application dates from September 2023, and Member States are establishing national competent authorities and the EDIB. The Data Act proposal is in trilogue with expected obligations phased in after a transition period once adopted. Sector-specific initiatives—such as the European Health Data Space proposal (COM(2022) 197), mobility data access workstreams, and energy data exchange pilots—are moving in parallel, and each will pull through the governance model announced in the strategy.

For companies, the practical signals are to inventory EU-facing data-sharing services, validate neutrality and security controls, and prepare contractual playbooks for B2G requests and B2B access rights. Participation in standards groups and national sandbox projects can also shape interoperability profiles that will likely influence certification and procurement rules.

Sources

• European strategy for data (COM(2020) 66 final) — Official communication outlining the EU vision, investment agenda, and common European data spaces.
• Regulation (EU) 2022/868 (Data Governance Act) — Establishes data intermediation services, data altruism registration, and the European Data Innovation Board to operationalise the strategy’s governance model.
• A European strategy for data — Commission press release summarising the pillars and signalling follow-on legislation, including the DGA and Data Act.