How data should help social insurance institutions to cope with crisis

NH – 02/2023

In the course of the COVID-19-pandemic, it was possible to show what influence the evaluation of data can have on the management of a crisis situation. At the beginning of 2022, the European Commission submitted a Proposal for a regulation, which, among other things, is to regulate the exchange of data between public bodies, as well as between companies and public bodies; small and micro-enterprises are excluded. It has now established and defined framework conditions for this procedure. A prerequisite for the exchange of data is that the data is required, for example, to deal with a public emergency or a public body can no longer perform the legally stipulated tasks in the public interest without this information.

Use of data

Provided that one of these criteria is met, a public body may make a data request. Certain components must be taken into account here. In addition to proof of extraordinary requirement and purpose, the intended use and duration of use must also be described. In addition, there is the legal basis and a deadline within which the data must be provided. The extent and frequency of use of the data are also taken into account. It should be noted that only non-personal data should be affected in the ideal case. As soon as a public body issues a data request, it must be published online.

Public bodies as data holders

As public bodies can also be data holders, they also have rights and obligations to observe. In the case of data subject to extraordinary requirement, the time limit shall be 15 working days. Data may only be used for the purposes stated in the request. Where the processing of personal data is necessary, technical and organisational measures must be taken to protect the rights and freedom of data subjects.

Data exchange between public bodies

The Data Act explicitly allows public bodies to exchange data with each other, provided there is still a public interest in doing so. This also applies to third parties who are entrusted with technical inspections or tasks that can be publicly reviewed. The data holder must be notified of such exchange of data.

Cross-border cooperation

As part of the introduction of this regulation, each Member State must appoint one or more competent authorities to monitor compliance with the legal requirements and to act as a point of contact for questions and concerns. This authority shall also be responsible for coordinating cross-border data requests and requests for administrative assistance. Here, the authority is considered the first point of contact in the data request procedure. Once the authority receives the request, it shall advise the public sector body of the Member State concerned on the necessity and administrative effort of the request. This is primarily about reducing administrative effort and costs. The costs incurred by the authority in doing so shall be borne by the requesting public body.


The European Commission's proposal has already been discussed by the European Central Bank, the European Economic and Social Committee (EESC) and the European Committee of the Regions (CoR) and opinions have been drafted. Now the responsible committees in the European Parliament, in charge of the Committee on Industry, Research and Energy (ITRE), have to work out a joint proposal before it can be put to a vote in the Parliament. When exactly this proposal will be voted on is still unknown.