Background
Data strategies across Europe are published and updated continuously. Their number is increasing. Any such strategies have a key denominator: facilitating data sharing, overcoming data silos, digitalize public sectors, whilst protecting individuals’ rights and upholding control.
Most initiatives focus on technical layers facilitating data exchange. However, any such technical layers find their limitations where the applicable legal framework defines boundaries. E.g., GDPR prevents any data processing for which there is no upfront and exhaustively determined purpose and related legal grounds. Five years since GDPR, private and public sector has established individual approaches on adhering to GDPR requirements. Nonetheless, any such determination is individual to the controller responsible for such data processing. In other words: where strategies impose the overarching objective to enhance data sharing, to increase collaboration, to utilize existing data for the good of society.
The working group's approach
GDPR allows for Codes of Conduct, facilitating the implementation of GDPR’s provisions. Codes of Conduct – once being approved by authorities – particularize GDPR alongside a legally binding effect. Subsequently, any party adherent to such Code of Conduct can be assured that their activities are not in conflict with GDPR.
To facility data sharing, a common understanding of several key terms which are deemed to be easy to recognize. Such terminology probably relates to aspects such as processing purposes, (categories of) personal data and (categories of) recipients of personal data.
While the general aspects are considered easy to be determined, defining a common definition of such terms requires significant efforts. Such efforts will require the involvement of multiple stakeholders across Europe. At best, such a common understanding will evolve internationally, as both data spaces and industry are not limited to European-wide sharing, especially in the context of research activities.
Alongside the material development, the consequences of a Code of Conduct must be evaluated. Such a Code of Conduct must uphold potentials for innovation and individual approaches. The Code of Conduct shall allow stakeholders to follow the common definitions, where it is deemed advantageous. Where stakeholders prefer other approaches and definitions as more suitable, stakeholders must remain the possibility of any such individual approach.
The Role of SRIW
Selbstregulierung Informationswirtschaft e.V. (SRIW) has been involved in several project since establishment more than a decade ago. Its focus lies in operationalizing data protection and consumer protection. Across its projects, SRIW has recognized that a common language on key terminology is a missing link in operationalizing data sharing activities. Otherwise, different parties within a data sharing endeavour may assign data sharing policies to any such data yet cannot be assured that the actual processing is coherent and compliant with those aspects originally determined and translated in associated policies.
For in-depth information on the working group read the concept paper.