European Data Act
How data should help social insurance institutions to cope with crisis
NH – 02/2023
In the course of the COVID-19-pandemic, it was
possible to show what influence the evaluation of data can have on the
management of a crisis situation. At the beginning of 2022, the European
Commission submitted a Proposal
for a regulation, which, among other things, is to regulate the
exchange of data between public bodies, as well as between companies and public
bodies; small and micro-enterprises are excluded. It has now established and
defined framework conditions for this procedure. A prerequisite for the
exchange of data is that the data is required, for example, to deal with a
public emergency or a public body can no longer perform the legally stipulated
tasks in the public interest without this information.
Use of data
that one of these criteria is met, a public body may make a data request.
Certain components must be taken into account here. In addition to proof of
extraordinary requirement and purpose, the intended use and duration of use
must also be described. In addition, there is the legal basis and a deadline
within which the data must be provided. The extent and frequency of use of the
data are also taken into account. It should be noted that only non-personal
data should be affected in the ideal case. As soon as a public body issues a
data request, it must be published online.
Public bodies as data holders
As public bodies can also be data holders, they also have rights and obligations
to observe. In the case of data subject to extraordinary requirement, the time
limit shall be 15 working days. Data may only be used for the purposes stated
in the request. Where the processing of personal data is necessary, technical
and organisational measures must be taken to protect the rights and freedom of
Data exchange between public bodies
The Data Act explicitly allows public bodies to
exchange data with each other, provided there is still a public interest in
doing so. This also applies to third parties who are entrusted with technical
inspections or tasks that can be publicly reviewed. The data holder must be
notified of such exchange of data.
part of the introduction of this regulation, each Member State must appoint one
or more competent authorities to monitor compliance with the legal requirements
and to act as a point of contact for questions and concerns. This authority
shall also be responsible for coordinating cross-border data requests and
requests for administrative assistance. Here, the authority is considered the
first point of contact in the data request procedure. Once the authority
receives the request, it shall advise the public sector body of the Member
State concerned on the necessity and administrative effort of the request. This
is primarily about reducing administrative effort and costs. The costs incurred
by the authority in doing so shall be borne by the requesting public body.
The European Commission's proposal has already been
discussed by the European Central Bank, the European Economic and Social
Committee (EESC) and the European Committee of the Regions (CoR) and opinions
have been drafted. Now the responsible committees in the European Parliament,
in charge of the Committee on Industry, Research and Energy (ITRE), have to
work out a joint proposal before it can be put to a vote in the Parliament.
When exactly this proposal will be voted on is still unknown.