Skip to main content

Frequenty Asked Questions (FAQ)

Questions about the Support Centre for Data Sharing

Who is behind the Support Centre for Data Sharing?

Find out who is behind SCDS in the about us page.

What is the difference between the European Data Portal and the Support Center for Data Sharing?

The European Data Portal is an EU-funded project aimed at the promotion of open data across Europe. It supports the Member States and beyond publishing more and better data, while informs the European citizens about its availability and opportunities arising from it. Find out more at www.europeandataportal.eu. However, publishing data in the open is not always an option, as it can be confidential, include personal data of people, or intellectual property that needs to be protected. This data can be in the hands of governments as well as private businesses and other organisations. The Support Centre for Data Sharing project (SCDS) - also funded by the EU - is a project aimed at supporting data sharing among these organisation, whether for business or social impact purposes. We achieve this by documenting best practices, developing original research, offering legal and technical guidance, and facilitating the community of practitioners to come together and share and discuss their experience.

What is the aim of the Support Centre for Data Sharing?

Find out what the aim of SCDS is in the about us page.

Can data be shared on this website?

No, SCDS is not intended as a technology platform for data, but just to collect the information you need to share data, using platforms of your own or run by third parties.

Business cases for data sharing

Do businesses need a Data Protection Officer?

Data sharing activity does not make businesses and organisations' obligations different in respect to the law. In the European Union the role of Data Protection Officer - and the requirement to have one in your organisation - is specified by the EU General Data Protection Regulation (GDPR).

Is it expensive to share data?

From a technical perspective, not necessarily. See our answer to "What technologies can be used for data sharing?". The simpler technology choices - when suitable for what you want to achieve - are usually the most cost-effective, too. 

These days the more significant costs, in both effort and monetary terms, are likely more related to the general lack of literacy and skills around data sharing. As, for the time being, there are no consolidated ways to do data sharing, and every time "feels like the first time", including steep learning curves, uncertainty around the legal frameworks within which you need to move, lots of opportunities to - unfortunately - make mistakes, and more risk that needs to be managed than you'd like. This is also why SCDS was created in the first place: to reduce uncertainty and document yours and others' experience.

Are data scientists necessary to share data?

No. As long as its quality is good, raw, unprocessed data can be of great value to others, without any kind of processing for which you would need a data scientist. See also our answer to "What kind of data can be shared?".

At the same time, it is common that some processing by a data scientist is needed before you can share, e.g. to remove from the data the parts you are not authorised to redistribute, or a degree of detail that may violate the privacy of any people described by that data.

Legal Questions

Do national or international laws apply to cross-border data sharing?

National laws will always apply to at least some extent, since you will always be required to adhere to your national laws on liability, transparency, and contracts, to name but a few topics. Some of these have been harmonised to a certain extent at the EU level, and they may occasionally also have been subject to broader international standardisation (as is e.g. the case for copyright law). Some basic familiarity with these laws is therefore strongly recommended. 

How can privacy for individual citizens be protected when sharing data?

European Union and national laws protect their citizens' right to privacy. The EU General Data Protection Regulation (GDPR, 2016/679) is one of the most known single piece of legislation in this space. SCDS does not focuses on the topics specific to the protection of the data describing individuals, and assumes that - when data sharing includes personal data - it takes place in the full respect of the applicable law.

What are the legal risks of data sharing?

These depend mainly on the nature of the data and on applicable laws. If you share data that doesn't belong to you (e.g. another party holds the copyrights or you were contractually prohibited to share the data), you may face a legal claim - inside or outside of a court procedure - demanding that you stop sharing the data, that you delete it, that you pay damages or a fine, or that you must contact your business partners to inform them of the incident. The nature of the claim and the likelihood of success will depend on the case, but it is always worth double checking whether you're allowed to carry through with your data sharing plans. 

What are the most important regulations for data sharing?

Arguably the most commonly recurring concerns are copyrights and data protection law. Copyright applies automatically to any creative work, and lasts a very long time - usually 70 years after the death of the last contributing creator. Data sets can be subject to copyright themselves, or contain copyrighted works. In this case, the permission of the rights holder(s) is generally required before doing anything with the protected work. 

Data protection law is usually governed in the EU by the General Data Protection Regulation (GDPR), which defines strict principles and obligations to protect personal data against abuses. If a data set contains personal data, the GDPR usually must be adhered to. While this does not imply that data sharing is impossible, it does mean that greater diligence is required: a clear legal basis for sharing personal data must be available, the purposes for use of the data must be defined, and transparency towards the persons involved must be ensured. 

Does EU law protect data publishers in case something goes wrong?

This can be the case, depending on the role that a data publisher plays. If a data publisher only publishes his/her own data, then the publisher can limit their liability to a large extent through contractual terms and conditions. While these don't protect against every possible risk - one e.g. cannot disclaim liability for data that is intentionally defective or has been manipulated to intentionally cause harm - in most cases terms and conditions can limit risks and liabilities.

In addition, EU law has liability exemptions for certain types of online services that can apply to data publishers who try to disseminate or aggregate someone else's datasets, e.g. by hosting third party datasets on a website, or by providing interfaces that connect to APIs from third party datasets. These protections are however very tightly defined - generally speaking, a publisher who wants to appeal to these protections may not select the data sources being published (i.e. no curation), it may not have any knowledge of any data being published unlawfully through its services, and it must act expediently to address any unlawfulness of data being published as soon as it becomes aware of it. It's worth considering carefully which data can / should be published.

What license should be used when sharing data?

A licence is basically just the statement of the terms under which you're willing to share your data. Since there are many reasons for sharing your data, and many reasons to apply constraints, there is no single standard licence or contract which is perfect for all use cases. So, choosing a licence will always imply some homework in checking that the terms are right for your situation.

However, one of the objectives of our project is to deliver a modular licence that allows you to automatically generate a licence based on a predefined series of questions. As soon as this service is available, you'll find it on the pages of this website.

Is data sharing anti-competitive behaviour?

As such, data sharing will not intrinsically create a situation that violates competition law - indeed, competition can benefit from data sharing between companies. A risk can occur however if data sharing is set up in an exclusionary manner, under constraints that allow the data sharing companies to obtain or maintain a dominant market position, which they subsequently abuse.

Whether data sharing will be considered abuse of a dominant market position depends on many factors, including what the market exactly is, what the market position of the companies is (both individually and collectively) and whether they have significant market power, what the impact of data sharing on the market is, and to what extent competitors are able to (continue to) compete fairly.

Therefore, data sharing is not intrinsically anti-competitive; rather, competition law concerns will result from the market circumstances and the conditions applied to data sharing. "

Do businesses need lawyers to share data?

Not necessarily, although we'd always recommend seeking out some legal advice. Using our modular licence (see above) or any other standard licence developed for data sharing does not mean you've necessarily made the perfect - or even a good - choice. E.g. if you are sharing intellectual property that you are not authorised to redistribute, you'll be violating someone's intellectual property rights, whatever licence you use! Similarly, if you choose to make your data freely available to anyone without constraints - which can be a good choice in some cases - you may wish to consider that it can be impossible to 'take your data back' in the future if you feel that you've made a mistake afterwards.

Technical Questions

In what kind of format should data be shared?

As for "What technologies can be used for data sharing?", there is no single good answer. However, we definitely have a recommendation for you: do not re-invent the wheel! It is highly unlikely that your data is so original that nobody else ever tried formalised it into a data format: this is why these days the names of data formats such as Adobe PDF or Microsoft Excel have become almost synonym in common language to the data they capture: respectively human-readable digital versions of documents and spreadsheets. Also, always favour formats that are:

- machine-readable: suitable to be processed by a computer straight away without further preparation, and  
- open: formats defined by a published specification usually maintained by a standards organisation, and which can be used and implemented by anyone. 

By doing so, you will be able to share your data to the largest possible potential audience, without burden them with the extra effort of converting it first, or forcing them to buy dedicated commercial software required to process a closed format. Most central and local bodies of governments today do the same when publishing data in the open, as it is a legal requirement for them in the European Union! Read more at https://ec.europa.eu/digital-single-market/en/european-legislation-reuse-public-sector-information.

What kind of data can be shared?

Whatever data that is valuable to someone is worth considering sharing. And, like beauty is in the eye of the beholder, the value of data is in the eye of the re-user, rather than in your! You may not be able to even imagine the value of the data you’re "sitting on" until someone builds a beautiful service, app, or an entire company on it. You don't believe us? Listen to Malcom Gladwell describe the story of The Basement Tapes.

Can data sources always be traced and identified?

Yes. This is one of the subjects that we will be reporting about at SCDS. Around the second half of 2020 we will publish a dedicated report, but in the meantime do not miss the opportunity to contribute to the subject on our forum, when they are launched later this year.

What technologies can be used for data sharing?

As with every aspect of society and business that can be enhanced by technology, there is no single solution but rather a wide spectrum of options. When talking about data sharing, we may argue that technology is not even the top issue these days, in respect to less explored matters like business models, the modalities by which data is shared, their legal terms, and the possible ethical implications. Data sharing can take place in the simplest of ways and in the most complex. On one side, you and your partner may share data as a Microsoft Excel file on a USB memory stick, as a once-only event, one-sided even. On the other, your needs may rather suggest that you to use less conventional vehicles, like a public ledger on a blockchain. SCDS focuses mostly on supporting you with sharing dynamic data: data that changes often, possibly in large volume, for which a USB stick, or downloading a file from a website would not really work. This is why our website's technical aspects section describe mostly matters related to API's (Application Programming Interfaces), that are one of the most common technology model for the distribution of dynamic data.

Are API's necessary to share data?

No. For example, API's are not necessary to access the data from a statistical census of the population that is run every 10 years and whose results by definition are definitive, and never change until the next statistical census is run. 

However there is data that changes often and / or is very granular, and you don't want to "download" the whole thing, but only what you need. In that case, not using API's to offer the data for sharing substantially reduces the opportunities to take advantage from its value. For example, if you want to provide public transport passengers with a journey planner service that calculates a realistic expected arrival time, it is almost inevitable to use API's to ensure quasi-real time access to the relevant traffic data. 

General Questions

Can data sharing be forced?

Legislation can force you to share data. In your tax declaration, for example, you or your business share your personal financial information with your government. SCDS however focuses on those scenarios where data sharing is more of an opportunity to improve society or business, rather than a legal obligation.

Can anyone share data?

Anyone can share data, whether they are bodies of government, businesses and organisations, or individuals.

Is it ethical to share data?

Morals and ethics are subjective, however, generally speaking, we believe that there is nothing intrinsically unethical in sharing data. We recognise that - depending on the kinds of data and the kinds of uses it enables - the implications of sharing data on ethics may be significant. SCDS, however, develops the legal aspects of sharing than the ethical ones.

What is the state of data sharing in the European Union?

For the state of data sharing in the open, please see the European Data Portal's yearly Open Data Maturity Landscaping Report. For non-open data sharing, to the best of our knowledge, no similar study has been performed yet.

Where can I find examples of data sharing models?

Take a look at our data sharing practice examples.

Are there already defined models for data sharing?

This is a very new space and to the best of our knowledge, there aren't yet a consolidated terminology or taxonomy for data sharing. Many institutions in industry and academia, however, have started describing this space more formally over the last few years. For example, our sister EU project European Data Portal describes a few models in their Business-to-Government Data Sharing report. Many have explored the "data trust" model as a way to participate in the ownership of intellectual property (read for example this article from the Guardian about Data Trust, or this article on Medium about Civic Trust) or the ""data cooperative"" model, as a structure that enable the creation of data stores for mutual benefit of its members (read for example this article about health data or this article about open data coorporation). In the meantime, we suggest caution: whatever term is being used, always investigate the design and dynamics of the model, to understand what is really meant by that. Still today, in our research, we need to do the same.

You couldn't find what you were looking for? Use our Support Form to get in contact with us.