Data Governance Act: infringement proceedings against Germany

The EU Commission has sent a pink slip to Germany because the federal government is said to have failed to fulfill its obligations adequately under the Data Governance Act (DGA). According to the regulation adopted in 2022, member states must designate the competent authorities to carry out the tasks prescribed in the act and demonstrate their authority to do so. Here, the Brussels government institution sees deficits in the Federal Republic of Germany and 17 other member states. It has therefore requested these countries, which also include France, Italy, Austria and Poland, to provide it with information within two months and to rectify the deficiencies identified by initiating infringement proceedings.

If the countries contacted do not respond to the reminder, the Commission can initiate the second stage of the procedure and send them a "reasoned opinion". Subsequently, they may face legal action, high sanctions and fines. The DGA has been applicable since September 24, 2023, which means that the countries that have been warned are well behind schedule.

The aim of the Data Governance Act is to increase trust in the sharing of data, create new regulations on the neutrality of data marketplaces via trustees and brokers and facilitate the reusability of certain public sector information. In principle, the legislation will make it easier for citizens and businesses to voluntarily provide their data "for the public good". Legitimate areas for this "data altruism" include scientific research, healthcare, combating climate change and improving mobility.

Federal Network Agency only responsible for DGA aspects so far

The authorities responsible for the DGA application, to be designated by the member states, are responsible for the registration of data altruistic organizations and monitor compliance with the regulations by providers of data brokerage services. The relevant authority for the registration of such "intermediaries" in Germany is the Federal Network Agency, as experts from the law firm Noerr explained in mid-March. Data altruistic organizations can also register with the regulatory authority. However, nothing is yet known about the establishment of a national public database used for this purpose.

To facilitate the re-use of data held by public sector bodies in the internal market in line with the open data principle, the Commission has set up the European Register of Protected Public Sector Data (ERPD). In this register, the data available at the central national information points to be set up by the Member States can be accessed. The register currently comprises 1347 data records, which so far only come from the Netherlands and the Czech Republic. The Noerr lawyers write: "No central information point is yet known for Germany." Furthermore, the EU countries must also designate a competent body to provide general support to the public administration regarding the disclosure of data. The German government has not yet done this either, as can be seen from a list published by the Commission in mid-April.

(bme)