Data Strategy Briefing — February 19, 2020
The European Commission released its European Data Strategy, outlining a single market vision, common data spaces, and governance reforms to unlock value while safeguarding rights.
Executive briefing: The European Commission presented its European Strategy for Data on . The strategy aims to create a single European data space built on trust and European values, driving digital innovation while protecting fundamental rights. It proposes legislative measures, investments, and governance mechanisms to unlock the value of industrial and public sector data across the economy.
Core pillars and legislative roadmap
The strategy revolves around four pillars: establishing a cross-sectoral governance framework, enabling data access and reuse, investing in data infrastructures and skills, and empowering individuals with data portability and control. Legislative initiatives announced in the strategy include the Data Governance Act (DGA), the Data Act, an industrial strategy for data spaces, and potential rules for cloud service providers. The Commission envisions sectoral data spaces (health, mobility, manufacturing, agriculture, energy, finance, public administration, skills, and the European Green Deal) supported by interoperable standards and trusted intermediaries.
Early proposals include a mechanism for business-to-government (B2G) data sharing for the public interest, modelled after cases such as mobility data use in urban planning. The Commission plans to explore fair access obligations for gatekeeper platforms, aligning with competition policy tools.
Governance and trust mechanisms
To build trust, the strategy proposes data governance frameworks that include data cooperatives, data marketplaces, and neutral data intermediaries subject to clear obligations. The subsequent DGA introduced notification requirements and transparency obligations for data-sharing providers, while the future Data Act aims to clarify rights to access and use data generated by connected products. Organisations must prepare for obligations around consent, purpose limitation, and anonymisation when sharing data across entities.
The strategy stresses adherence to GDPR, the ePrivacy Directive, and the Free Flow of Non-Personal Data Regulation. It calls for standard contractual clauses, certification schemes (e.g., EU Cloud Rulebook), and codes of conduct to facilitate cross-border data flows while protecting individuals.
Infrastructure and technology investments
The Commission plans to mobilise more than EUR 6 billion in combined public and private investments for cloud and data infrastructure, including support for edge computing, federated cloud services, and high-performance computing (HPC). Initiatives such as the EuroHPC Joint Undertaking, GAIA-X, and quantum communication infrastructure are highlighted as foundational components. Organisations should anticipate opportunities to participate in innovation projects funded under the Digital Europe Programme, Horizon Europe, and the Connecting Europe Facility.
The strategy recognises the importance of standardisation, referencing work by CEN-CENELEC, ETSI, ISO/IEC, and the International Data Spaces Association. Technical architectures must support interoperability, portability, and open APIs to avoid vendor lock-in.
Sectoral data spaces
Each data space has distinct regulatory and operational implications. The European Health Data Space will demand robust health data governance, interoperability standards like HL7 FHIR, and alignment with GDPR Article 9 processing conditions. The mobility data space will integrate traffic, public transport, and logistics data, requiring harmonisation with ITS Directive updates and eCall regulations. Manufacturing data spaces will support Industry 4.0 through semantic standards and secure data sharing among supply chain partners.
The agriculture data space aims to ensure farmers retain control over farm data, building on initiatives like the EIP-AGRI. Energy data spaces will support smart grid management and demand response, aligning with the Clean Energy Package. Public administration data spaces will expand access to high-value datasets under the Open Data Directive, while the Green Deal data space focuses on environmental and climate data to support sustainability targets.
Business implications and opportunities
Companies must evaluate their role in data ecosystems: data holders, data users, intermediaries, or infrastructure providers. Contractual arrangements should address data ownership, usage rights, liability, and compliance with competition rules. Data monetisation strategies must consider obligations to share data under fair, reasonable, and non-discriminatory (FRAND)-like terms when mandated by future legislation.
The strategy encourages SMEs to leverage data through innovation hubs and cloud marketplaces. It also promotes open-source tools and interoperable data formats. Organisations should invest in data literacy, AI capabilities, and privacy engineering to capitalise on new data availability while maintaining trust.
Compliance and risk management
Compliance teams should anticipate new reporting obligations related to data sharing arrangements, certification participation, and cooperation with supervisory authorities. Data protection officers must reassess lawful bases for processing when sharing data across borders or sectors. Cybersecurity teams should adopt zero-trust architectures, encryption, and monitoring to secure data flows, aligning with the NIS Directive and upcoming NIS2 requirements.
Risk assessments should account for data localisation rules in certain sectors, intellectual property rights, trade secrets protection, and potential conflicts between national and EU-level requirements. Organisations operating globally must harmonise the European data strategy with other jurisdictions’ data policies, such as the U.S. CLOUD Act, China’s Data Security Law, and cross-border transfer frameworks like APEC CBPR.
Action plan
- Immediate: Map existing data assets, sharing agreements, and participation in industry data initiatives. Identify gaps in data governance that could impede participation in EU data spaces.
- 30–60 days: Engage legal and compliance teams to assess the impact of forthcoming legislation (DGA, Data Act). Update data sharing templates, consent mechanisms, and privacy notices to align with anticipated requirements.
- 60–90 days: Develop an investment roadmap for data infrastructure upgrades, interoperability standards adoption, and workforce training. Explore funding opportunities under EU programmes and national initiatives.
- Continuous: Participate in stakeholder consultations, standardisation efforts, and sectoral alliances shaping data spaces. Monitor legislative developments and adjust governance frameworks as rules are finalised.
Organisations that prepare early for the European Data Strategy can unlock cross-sector innovation, comply with upcoming regulations, and build trusted data partnerships across the Single Market.
International alignment and competitiveness
The strategy acknowledges global competition, noting initiatives like the U.S. Federal Data Strategy, Japan’s Society 5.0, and Singapore’s trusted data sharing frameworks. European firms must navigate conflicts between EU data sovereignty goals and requirements from partners operating under different legal regimes. The Commission plans to pursue adequacy-like arrangements for non-personal data and to integrate data policy into trade agreements, as seen in the EU-Japan Economic Partnership Agreement’s data chapter.
To remain competitive, European businesses should participate in standard-setting bodies shaping semantics, APIs, and data governance certifications. Engagement with organisations such as the International Data Spaces Association, GAIA-X Association for Data and Cloud (AISBL), and the European Committee for Standardization will influence future compliance obligations. Organisations can also leverage European Investment Bank financing and national recovery funds to modernise data infrastructure in line with strategic autonomy goals.
Follow-up: Flagship deliverables such as the Data Governance Act (effective September 2023) and the Data Act (published in December 2023 with application dates in 2025) now put the strategy’s data-sharing pillars into binding EU law.
Sources
- European strategy for data (COM(2020) 66 final) — European Commission; Official communication outlining the EU’s vision for a single market for data, planned legislation, and common European data spaces.
- A European strategy for data — European Commission; Press release summarising the European Data Strategy pillars and announcing upcoming legislative proposals.