Frequently Asked Questions

Questions about the Support Centre for Data Sharing

Can data be shared on this website?

No, SCDS is not intended as a technology platform for data, but just to collect the information you need to share data, using platforms of your own or run by third parties.

Who is behind the Support Centre for Data Sharing?

Find out who is behind SCDS in the about us page.

Legal questions

Does EU law protect data publishers in case something goes wrong?

This can be the case, depending on the role that a data publisher plays. If a data publisher only publishes his/her own data, then the publisher can limit their liability to a large extent through contractual terms and conditions. While these don't protect against every possible risk - one e.g. cannot disclaim liability for data that is intentionally defective or has been manipulated to intentionally cause harm - in most cases terms and conditions can limit risks and liabilities.

In addition, EU law has liability exemptions for certain types of online services that can apply to data publishers who try to disseminate or aggregate someone else's datasets, e.g. by hosting third party datasets on a website, or by providing interfaces that connect to APIs from third party datasets. These protections are however very tightly defined - generally speaking, a publisher who wants to appeal to these protections may not select the data sources being published (i.e. no curation), it may not have any knowledge of any data being published unlawfully through its services, and it must act expediently to address any unlawfulness of data being published as soon as it becomes aware of it. It's worth considering carefully which data can / should be published.

What license should be used when sharing data?

A licence is basically just the statement of the terms under which you're willing to share your data. Since there are many reasons for sharing your data, and many reasons to apply constraints, there is no single standard licence or contract which is perfect for all use cases. So, choosing a licence will always imply some homework in checking that the terms are right for your situation.

However, one of the objectives of our project is to deliver a modular licence that allows you to automatically generate a licence based on a predefined series of questions. As soon as this service is available, you'll find it on the pages of this website.

Do businesses need lawyers to share data?

Not necessarily, although we'd always recommend seeking out some legal advice. Using our modular licence (see above) or any other standard licence developed for data sharing does not mean you've necessarily made the perfect - or even a good - choice. E.g. if you are sharing intellectual property that you are not authorised to redistribute, you'll be violating someone's intellectual property rights, whatever licence you use! Similarly, if you choose to make your data freely available to anyone without constraints - which can be a good choice in some cases - you may wish to consider that it can be impossible to 'take your data back' in the future if you feel that you've made a mistake afterwards.

What are the most important regulations for data sharing?

Arguably the most commonly recurring concerns are copyrights and data protection law. Copyright applies automatically to any creative work, and lasts a very long time - usually 70 years after the death of the last contributing creator. Data sets can be subject to copyright themselves, or contain copyrighted works. In this case, the permission of the rights holder(s) is generally required before doing anything with the protected work.

Data protection law is usually governed in the EU by the General Data Protection Regulation (GDPR), which defines strict principles and obligations to protect personal data against abuses. If a data set contains personal data, the GDPR usually must be adhered to. While this does not imply that data sharing is impossible, it does mean that greater diligence is required: a clear legal basis for sharing personal data must be available, the purposes for use of the data must be defined, and transparency towards the persons involved must be ensured.

What are the legal risks of data sharing?

These depend mainly on the nature of the data and on applicable laws. If you share data that doesn't belong to you (e.g. another party holds the copyrights or you were contractually prohibited to share the data), you may face a legal claim - inside or outside of a court procedure - demanding that you stop sharing the data, that you delete it, that you pay damages or a fine, or that you must contact your business partners to inform them of the incident. The nature of the claim and the likelihood of success will depend on the case, but it is always worth double checking whether you're allowed to carry through with your data sharing plans.

How can privacy for individual citizens be protected when sharing data?

European Union and national laws protect their citizens' right to privacy. The EU General Data Protection Regulation (GDPR, 2016/679) is one of the most known single piece of legislation in this space. SCDS does not focuses on the topics specific to the protection of the data describing individuals, and assumes that - when data sharing includes personal data - it takes place in the full respect of the applicable law.

Do national or international laws apply to cross-border data sharing?

National laws will always apply to at least some extent, since you will always be required to adhere to your national laws on liability, transparency, and contracts, to name but a few topics. Some of these have been harmonised to a certain extent at the EU level, and they may occasionally also have been subject to broader international standardisation (as is e.g. the case for copyright law). Some basic familiarity with these laws is therefore strongly recommended.

Technical questions

Are API's necessary to share data?

No. For example, API's are not necessary to access the data from a statistical census of the population that is run every 10 years and whose results by definition are definitive, and never change until the next statistical census is run.

However there is data that changes often and / or is very granular, and you don't want to "download" the whole thing, but only what you need. In that case, not using API's to offer the data for sharing substantially reduces the opportunities to take advantage from its value. For example, if you want to provide public transport passengers with a journey planner service that calculates a realistic expected arrival time, it is almost inevitable to use API's to ensure quasi-real time access to the relevant traffic data.

What technologies can be used for data sharing?

As with every aspect of society and business that can be enhanced by technology, there is no single solution but rather a wide spectrum of options. When talking about data sharing, we may argue that technology is not even the top issue these days, in respect to less explored matters like business models, the modalities by which data is shared, their legal terms, and the possible ethical implications. Data sharing can take place in the simplest of ways and in the most complex. On one side, you and your partner may share data as a Microsoft Excel file on a USB memory stick, as a once-only event, one-sided even. On the other, your needs may rather suggest that you to use less conventional vehicles, like a public ledger on a blockchain. SCDS focuses mostly on supporting you with sharing dynamic data: data that changes often, possibly in large volume, for which a USB stick, or downloading a file from a website would not really work. This is why our website's technical aspects section describe mostly matters related to API's (Application Programming Interfaces), that are one of the most common technology model for the distribution of dynamic data.

Can data sources always be traced and identified?

Yes. This is one of the subjects that we will be reporting about at SCDS. Around the second half of 2020 we will publish a dedicated report, but in the meantime do not miss the opportunity to contribute to the subject on our forum, when they are launched later this year.

What kind of data can be shared?

Whatever data that is valuable to someone is worth considering sharing. And, like beauty is in the eye of the beholder, the value of data is in the eye of the re-user, rather than in your! You may not be able to even imagine the value of the data you’re "sitting on" until someone builds a beautiful service, app, or an entire company on it. You don't believe us? Listen to Malcom Gladwell describe the story of The Basement Tapes.

In what kind of format should data be shared?

As for "What technologies can be used for data sharing?", there is no single good answer. However, we definitely have a recommendation for you: do not re-invent the wheel! It is highly unlikely that your data is so original that nobody else ever tried formalised it into a data format: this is why these days the names of data formats such as Adobe PDF or Microsoft Excel have become almost synonym in common language to the data they capture: respectively human-readable digital versions of documents and spreadsheets. Also, always favour formats that are:

- machine-readable: suitable to be processed by a computer straight away without further preparation, and
- open: formats defined by a published specification usually maintained by a standards organisation, and which can be used and implemented by anyone.

By doing so, you will be able to share your data to the largest possible potential audience, without burden them with the extra effort of converting it first, or forcing them to buy dedicated commercial software required to process a closed format. Most central and local bodies of governments today do the same when publishing data in the open, as it is a legal requirement for them in the European Union! Read more at

Business cases for data sharing

Are data scientists necessary to share data?

No. As long as its quality is good, raw, unprocessed data can be of great value to others, without any kind of processing for which you would need a data scientist. See also our answer to "What kind of data can be shared?".

At the same time, it is common that some processing by a data scientist is needed before you can share, e.g. to remove from the data the parts you are not authorised to redistribute, or a degree of detail that may violate the privacy of any people described by that data.

Is it expensive to share data?

From a technical perspective, not necessarily. See our answer to "What technologies can be used for data sharing?". The simpler technology choices - when suitable for what you want to achieve - are usually the most cost-effective, too.

These days the more significant costs, in both effort and monetary terms, are likely more related to the general lack of literacy and skills around data sharing. As, for the time being, there are no consolidated ways to do data sharing, and every time "feels like the first time", including steep learning curves, uncertainty around the legal frameworks within which you need to move, lots of opportunities to - unfortunately - make mistakes, and more risk that needs to be managed than you'd like. This is also why SCDS was created in the first place: to reduce uncertainty and document yours and others' experience.

Do businesses need a Data Protection Officer?

Data sharing activity does not make businesses and organisations' obligations different in respect to the law. In the European Union the role of Data Protection Officer - and the requirement to have one in your organisation - is specified by the EU General Data Protection Regulation (GDPR).

You couldn't find what you were looking for? Use our Support Form to get in contact with us.