Data Strategy Briefing — June 9, 2020
EU ministers adopted conclusions on Europe's data strategy, tasking national programmes with building interoperable data spaces, trustworthy governance, and SME enablement across the single market.
Executive briefing: On , the Council of the European Union adopted conclusions on the European data strategy (8714/20). The conclusions endorse the Commission’s February 2020 strategy and call for swift action to establish common European data spaces, promote data sharing, and ensure competitiveness. Member states urge the Commission to develop a legislative framework that balances innovation with fundamental rights, competition, and cybersecurity.
Key priorities
The Council highlights the creation of sectoral data spaces (health, mobility, manufacturing, energy, agriculture, finance, public administration, Green Deal, and skills) and calls for a framework for data governance and interoperability. It supports investment in high-performance computing, cloud infrastructure, and edge technologies to underpin data availability. The conclusions emphasise developing the Data Governance Act (DGA), Data Act, and other instruments to facilitate business-to-government and business-to-business data sharing.
Member states stress the importance of cybersecurity, data protection, and trusted data intermediaries. They call for data altruism mechanisms, standardisation, and certification to build trust in data sharing ecosystems.
Data sovereignty and strategic autonomy
The Council underscores the need for Europe to strengthen digital sovereignty by reducing dependence on non-EU providers, encouraging development of federated cloud services, and supporting initiatives such as GAIA-X. Member states encourage coordination with the European Investment Bank to fund infrastructure projects and with standardisation bodies to develop open, interoperable solutions.
The conclusions emphasise the importance of international cooperation with like-minded partners while protecting strategic interests. They call for resilience of supply chains, cybersecurity, and protection of intellectual property.
Legal framework and governance
The Council invites the Commission to propose legislation clarifying data access rights, re-use conditions, and data altruism structures. It supports the development of common European rules for data intermediaries, voluntary certification schemes, and an EU cloud services marketplace. The conclusions encourage member states to align national strategies with the EU framework, ensuring consistent rules across the Single Market.
Governance structures should involve stakeholders across sectors, including SMEs, research organisations, and civil society. The Council highlights the need for transparent governance, accountability, and mechanisms to resolve cross-border disputes.
SMEs, skills, and innovation
The conclusions stress supporting SMEs and start-ups by providing access to data, funding, and innovation hubs. Member states call for skills development programmes to address digital and data literacy gaps, including training for data scientists, engineers, and policy experts. The Council supports initiatives to encourage data sharing in research, public services, and industry collaborations.
Innovation ecosystems should leverage digital innovation hubs, testing facilities, and sandboxes to experiment with data-driven services. The Council recognises the role of open data, public sector information, and research data in fostering innovation.
International cooperation and trade
The Council encourages the EU to pursue data-related provisions in trade agreements, promote interoperable frameworks with partners, and collaborate on global standards. It emphasises maintaining high levels of data protection and security in international data flows, aligning with GDPR and adequacy decisions.
Member states call for coordination with the OECD, G7, and G20 on data governance and digital taxation. They support the development of global principles for data sharing and responsible AI.
Action plan for organisations
- Immediate: Monitor forthcoming EU legislation (DGA, Data Act) and Council guidance. Map current data assets, sharing agreements, and participation in data spaces.
- 30–60 days: Engage in stakeholder consultations, industry alliances, and standardisation efforts to influence data governance frameworks. Assess readiness to comply with future interoperability and certification requirements.
- 60–90 days: Develop investment plans for data infrastructure, cloud, and edge capabilities. Align digital strategies with EU funding opportunities and public-private partnerships.
- Continuous: Track policy developments, coordinate with national authorities, and update data governance models to align with EU priorities on sovereignty, security, and innovation.
Proactive engagement with the Council’s data strategy conclusions positions organisations to benefit from European data spaces while meeting emerging regulatory expectations.
Public sector data and high-value datasets
The Council urges rapid implementation of the Open Data Directive and publication of high-value datasets, including geospatial, earth observation, meteorological, statistical, and mobility data. Member states should modernise public sector data infrastructures, adopt APIs, and ensure machine-readable formats. Collaboration with the European Statistical System and research infrastructures supports data quality and comparability.
The conclusions encourage public-private partnerships to leverage public sector data for societal challenges such as climate change, health, and smart cities. Strong governance must protect privacy, intellectual property, and security when releasing data.
Cybersecurity and resilience
Recognising the importance of secure data ecosystems, the Council calls for alignment with the EU Cybersecurity Act, NIS Directive, and forthcoming NIS2 proposal. Member states should invest in security certification, incident response capabilities, and threat intelligence sharing. The conclusions highlight the need for secure-by-design architectures and risk management covering supply chains and cloud providers.
ENISA and national cybersecurity agencies play a role in providing guidance and supporting sector-specific security requirements for data spaces. Organisations should integrate cybersecurity into data governance, including identity management, encryption, and access controls.
Monitoring, metrics, and governance review
The Council requests regular reporting on the implementation of the data strategy, including progress indicators, investment levels, and adoption of data spaces. The Commission should provide updates to the Council and European Parliament, enabling adjustments to policy instruments. Member states are encouraged to establish national monitoring frameworks to track participation by SMEs, public sector bodies, and research organisations.
Organisations should prepare to contribute data for monitoring, share best practices, and participate in evaluation exercises. Transparency in reporting builds trust and demonstrates the value of European data initiatives.
Implications for compliance and risk management
Companies must review data governance policies to align with anticipated regulations on data sharing, interoperability, and certification. Risk assessments should cover data localisation, cross-border transfers, competition law, and intellectual property. Legal teams should monitor antitrust implications when sharing data with competitors or participating in consortiums.
Compliance functions should coordinate with privacy officers, security teams, and business units to develop policies for data access, consent management, and dispute resolution. Documentation of governance structures, risk mitigation, and stakeholder engagement will be critical during regulatory reviews.
Actionable steps for technology leaders
Chief data officers and CIOs should evaluate current data architectures, identify gaps in interoperability, and plan migrations to scalable, standards-based platforms. Investments in metadata management, data catalogues, and API gateways support participation in data spaces. Organisations should pilot edge computing and federated learning solutions to align with EU strategies for decentralized data processing.
Engaging with GAIA-X, International Data Spaces Association, and other consortia helps align technical solutions with European specifications. Technology leaders should champion data ethics frameworks and ensure AI deployments respect EU values.
Follow-up: Council priorities translated into the binding Data Governance Act in 2022 and the Data Act in 2023, while the European Data Innovation Board and sectoral data spaces ramped up during 2024.
Sources
- Council adopts conclusions on the EU’s data strategy and the white paper on artificial intelligence — Council of the European Union; Announces Council approval of conclusions directing member states to deliver interoperable European data spaces and trusted data governance frameworks.
- Council conclusions on shaping Europe’s digital future and the European Data Strategy — Council of the European Union; Full text of the Council conclusions outlining actions on common European data spaces, interoperability, and trustworthy data sharing.