The Data Governance Act (hereafter: DGA) is part of the digital strategy of the European Commission, it aims to set the standards for the future regulation of the “digital economy’’. With the DGA, the European Commission wants to increase the amount of data available for re-use within the EU by allowing public sector data to be used for purposes different than the ones for which the data was originally collected. The DGA protects also non personal data and data that goes outside the EU.
Even for non-personal data, there is an obligation to protect data when it meets areas outside the EU, for example when EU data is being transferred to third countries. The Commission can implement acts to protect the data by ensuring the third countries provide legal protection, supervisory, and enforcement arrangements. The GDPR has all the necessary safeguards regarding the processing of personal data, with the DGA similar safeguards are put into existence to protect non-personal data when access is requested by third countries. The third countries will need to ensure similar data protection as in EU law.
Additionally, under article 5 (11) the DGA mandates the Commission to make model contract clauses that public sector bodies can use when allowing the reuse of data in third countries.
The Commission announced a procurement procedure to find a contractor to help them draft model contract clauses for reuse of protected, publicly held data outside the EU. This will be a study supporting the drafting and development of model contractual clauses under the Data Governance Act on the reuse outside the EU of protected data held by the public sector.
CNECT is looking for a contractor that:
- can bring technical and legal expertise on the reuse of non-personal protected data,
- can compile a comprehensive set of clauses that public bodies may rely on when requesting the reuse of data outside the EU,
- can identify and assess the impact of the reuse of such data outside the EU.