The Data Governance Act (DGA) has yet to be passed. However, in the trialogue of 30 November 2021, the Council and the European Parliament agreed on a compromise. In this four-column document, the compromise can be found in the fourth column. After an agreement in the trilogue, an EU legal act is usually also adopted in this agreed version.
Chapter III of the DGA deals with the "data intermediation services". The term is defined in Art. 2 (2a) DGA:
‘data intermediation service’ means a service, which aims to establish commercial relationships for the purpose of data sharing between an undetermined number of data subjects and data holders, on the one hand, and data users on the other hand, through technical, legal or other means, including for the exercise of data subjects' rights in relation to personal data. The following shall, inter alia, not be considered to be data intermediation services:
(a) services that obtain data from data holders, aggregate, enrich or transform the data for the purpose of adding substantial value to it and license the use of the resulting data to data users, without establishing a commercial relationship between data holders and data users;
(b) services that focus on the intermediation of copyrightprotected content;
(c) services, exclusively used by one data holder in order to enable the use of data they hold, or used by multiple legal entities in a closed group, including supplier or customer relationships or contractually-defined collaborations, in particular those that have as a main objective the ensuring of functionalities of objects and devices connected to the internet-of-things;
(d) public sector bodies that offer data sharing intermediation services without aiming to establish commercial relationships for the purpose of data sharing
The Tiles on this page show the obligations arising from this chapter. There are 52 obligations in total:
- The data intermediaries have 31 additional obligations [Tiles DGAi.02 to DGAi.32].
- The newly created national supervisory authority(ies) have 15 obligations [Tiles DGAi.33 to DGAi.48]
- The EU Commission has 2 duties [Tiles DGAi.49 to DGAi.50].
- The EU Member States have 3 duties [Tiles DGAi.51 bis DGAi.53].
Note: The 68 obligations of the GDPR continue to exist alongside this.