In times of crisis, companies stand ready to do their part and help public bodies by sharing data to tackle public emergencies, as evidenced during the Covid-19 pandemic. However, to function, mandatory data sharing between private companies and governments needs clear and transparent conditions for all parties involved.
Chapter V of the Data Act proposal was developed on this basis, setting an obligation for companies to make any data available to public bodies, but does so by loosely referring to various cases of ‘exceptional need.’ The proposed framework includes collecting data to prevent, respond to, and recover from a public emergency but also fulfilling one of the public sector body’s tasks where the lack of data would prevent it from doing so. The latter can be interpreted as any activity carried out by a public institution.
The proposed rules would mean that any public body, at EU, national, regional or local level, could request any type of data, including personal data, from any data holder, for any reason. We believe these rules do not respect the requirements set out in the EU’s Charter of Fundamental Rights. With such a broad scope, there is a risk that personal or sensitive data will be leaked or misused.
Public emergencies are by nature time sensitive. They require a clear and structured legal framework to prepare for secure transfers that fully respect data protection. However, contrary to other parts of the Data Act, Chapter V covers any type of data, without any differentiation, limitation or exception. The data’s intended use and its duration are also left to be defined by the public bodies themselves. The proposal also fails to recognise existing frameworks for data sharing and reporting obligations.
We strongly encourage Council and Parliament to implement the necessary safeguards and limits to protect the rule of law in Europe. We welcome the Parliament’s attempts to set certain limits, such as restricting Chapter V to non-personal data, limiting public authorities’ power to freely ask for data when it is simply convenient and regardless of proportionality, and by setting rules for certain information to be specified in the requests. But this will not be enough.
We recommend – at least – the following:
• Only public emergencies can give rise to data access. Article 15(c) must be deleted.
• Personal data cannot be in scope of Chapter V. No exceptions.
• Categories of public bodies that can request data must be expressly designated.
• Access requests conditions must be strengthened, with transparency regarding data use and protective measures.
We trust that EU policymakers will take the time to build a clear and proportionate framework that does not allow unrestricted access to any data on shaky grounds, but will on the contrary protect fundamental rights and the rule of law.
Your Contact:
Janine Barten
Advisor Digital Finance and Innovation
e.:janine.barten@wsbi-esbg.org
t.:+32 2 211 11 27
related
European Banking Authority (EBA) on ESG risk management
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the European Banking Authority (EBA). ESBG insists on the need for consitency with CSRD and CSDDD, the addressees of this guideline should also
Enhancing Transparency in Bank Disclosures: ESBG delivers comprehensive response to the EBA’s Pillar 3 data hub consultation
On 14 December 2023, the European Banking Authority (EBA) published a discussion paper on the Pillar 3 data hub processes and its possible practical implications.
IASB Exposure Draft (ED) on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle challenges in financial reporting for instruments with both
ESBG’s response to the EFRAG Comment Letter on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle
ESBG advocates for increased clarity and streamlining of supervisory reporting requirements
On 14 March, ESBG submitted its response to the European Banking Authority (EBA) consultation on ITS amending Commission Implementation Regulation (EU) 2021/451 regarding supervisory reporting
WSBI-ESBG advocates for robust implementation of the BCBS Pillar 3 framework for climate-related financial risks
On 14 March, WSBI-ESBG submitted its response to the Basel Committee on Banking Supervision (BCBS) consultation on its Pillar 3 disclosure framework for climate-related financial risks
ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation
ESBG submitted its response to the European Commission’s consultation on the SFDR review, aiming to enhance transparency in sustainability-related disclosures within the financial services sector
ESBG response to the EBA’s consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF
The guidelines on the “travel rule” delineate the actions that Payment Service Providers (PSPs), Intermediary PSPs
ESBG responds to the SRB consultation on the future MREL policy
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the Single Resolution Board (SRB) in December 2023 on the future of the Minimum Requirement for own funds
ESBG’s response to the Commission’s consultation on the GDPR
The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation