Data intermediation services providers

Share

Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 establishes, among other things, a framework for the notification and supervision of the provision of data intermediation services.

Data intermediation services are those that establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data.

In particular, the Regulation applies to the following types of data intermediation services:

  1. intermediation services between data holders and potential data users,including making available the technical or other means to enable such services; those services may include bilateral or multilateral exchanges of data or the creation of platforms or databases enabling the exchange or joint use of data, as well as the establishment of other specific infrastructure for the interconnection of data holders with data users.
  2. intermediation services between data subjects that seek to make their personal data available or natural persons that seek to make non-personal data available, and potential data users, including making available the technical or other means to enable such services, and in particular enabling the exercise of the data subjects’ rights provided in Regulation (EU) 2016/679.
  3. services of data cooperatives, which are data intermediation services offered by an organisational structure constituted by data subjects, one-person undertakings or SMEs who are members of that structure, having as its main objectives to support its members in the exercise of their rights with respect to certain data, including with regard to making informed choices before they consent to data processing, to exchange views on data processing purposes and conditions that would best represent the interests of its members in relation to their data, and to negotiate terms and conditions for data processing on behalf of its members before giving permission to the processing of non-personal data or before they consent to the processing of personal data.

However, the following services are explicitly excluded from the definition of a data intermediation service:

  1. services that obtain data from data holders and aggregate, enrich or transform the data for the purpose of adding substantial value to it and license the use of the resulting data to data users, without establishing a commercial relationship between data holders and data users.
  2. services that focus on the intermediation of copyright-protected content.
  3. services that are exclusively used by one data holder in order to enable the use of the data held by that data holder, or that are used by multiple legal persons in a closed group, including supplier or customer relationships or collaborations established by contract, in particular those that have as a main objective to ensure the functionalities of objects and devices connected to the Internet of Things.
  4. data sharing services offered by public sector bodies that do not aim to establish commercial relationships..

Data intermediation service providers are subject to the control and supervision of the competent authority for data intermediation services, and must comply with the obligations set out in Regulation (EU) 2022/868.

These obligations concern, in particular, the duty to notify their activity, any changes thereto and the cessation of activities to the competent authority; where applicable, the designation of a legal representative in the Union in accordance with Article 11; the conditions for the provision of data intermediation services laid down in Article 12; and the provisions on access and international transfers under Article 31.

In addition, data intermediation service providers that so wish may voluntarily request the competent authority to confirm that they comply with the requirements of the Data Governance Act, in particular those laid down in Articles 11 and 12 of the Regulation.

Such confirmation entitles the data intermediation service provider to use, in its oral and written communications, the designation “Recognised Data Intermediation Service Provider in the Union”, as well as to use a common logo to be established by the Commission.

Access to administrative procedures