My favourites

Chapter II – Re-use of certain categories of protected data held by public sector bodies (Art. 3-9)

Art. 3 DGA - Categories of data arrow_right_alt

Art. 4 DGA - Prohibition of exclusive arrangements arrow_right_alt

Art. 5 DGA - Conditions for re-use arrow_right_alt

Art. 6 DGA - Fees arrow_right_alt

Art. 7 DGA - Competent bodies arrow_right_alt

  1. For the purpose of carrying out the tasks referred to in this Article, each Member State shall designate one or more competent bodies, which may be competent for particular sectors, to assist the public sector bodies which grant or refuse access for the re-use of the categories of data referred to in Article 3(1). Member States may either establish one or more new competent bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions laid down in this Regulation.
  2. The competent bodies may be empowered to grant access for the re-use of the categories of data referred to in Article 3(1) pursuant to Union or national law which provides for such access to be granted. Where they grant or refuse access for the re-use, Articles 4, 5, 6 and 9 shall apply to those competent bodies.
  3. The competent bodies shall have adequate legal, financial, technical and human resources to carry out the tasks assigned to them, including the necessary technical knowledge to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3(1).
  4. The assistance provided for in paragraph 1 shall include, where necessary:
    1. providing technical support by making available a secure processing environment for providing access for the re-use of data;
    2. providing guidance and technical support on how to best structure and store data to make that data easily accessible;
    3. providing technical support for pseudonymisation and ensuring data processing in a manner that effectively preserves the privacy, confidentiality, integrity and accessibility of the information contained in the data for which re-use is allowed, including techniques for the anonymisation, generalisation, suppression and randomisation of personal data or other state-of-the-art privacy-preserving methods, and the deletion of commercially confidential information, including trade secrets or content protected by intellectual property rights;
    4. assisting the public sector bodies, where relevant, to provide support to re-users in requesting consent for re-use from data subjects or permission from data holders in line with their specific decisions, including on the jurisdiction in which the data processing is intended to take place and assisting the public sector bodies in establishing technical mechanisms that allow the transmission of requests for consent or permission from re-users, where practically feasible;
    5. providing public sector bodies with assistance in assessing the adequacy of contractual commitments made by a re-user pursuant to Article 5(10).
  5. Each Member State shall notify the Commission of the identity of the competent bodies designated pursuant to paragraph 1 by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent bodies.
Close tabsclose
  • 26

Recital 26

In order to provide incentives for the re-use of specific categories of data held by public sector bodies, Member States should establish a single information point to act as an interface for re-users that seek to re-use that data. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. The single information point should be able to rely on automated means where it transmits enquiries or requests for re-use. Sufficient human oversight should be ensured in the transmission process. For that purpose existing practical arrangements such as open data portals could be used. The single information point should have an asset list containing an overview of all available data resources including, where relevant, those data resources that are available at sectoral, regional or local information points, with relevant information describing the available data. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated under sectoral Union or national law. Those competent bodies should provide assistance to public sector bodies with state-of-the-art techniques, including on how to best structure and store data to make data easily accessible, in particular through application programming interfaces, as well as make data interoperable, transferable and searchable, taking into account best practices for data processing, as well as any existing regulatory and technical standards and secure data processing environments, which allow data analysis in a manner that preserves the privacy of the information.

The competent bodies should act in accordance with the instructions received from the public sector body. Such an assistance structure could assist the data subjects and data holders with management of the consent or permission for re-use, including consent and permission to certain areas of scientific research where in keeping with recognised ethical standards for scientific research. The competent bodies should not have a supervisory function, which is reserved for supervisory authorities under Regulation (EU) 2016/679. Without prejudice to the supervisory powers of data protection authorities, data processing should be carried out under the responsibility of the public sector body responsible for the register containing the data, which remains a data controller as defined in Regulation (EU) 2016/679 insofar as personal data are concerned. Member States should be able to have one or more competent bodies, which could act in different sectors. The internal services of public sector bodies could also act as competent bodies. A competent body could be a public sector body assisting other public sector bodies in allowing re-use of data, where relevant, or a public sector body allowing re-use itself. Assisting other public sector bodies should entail informing them, upon request, about best practices on how to fulfil the requirements laid down in this Regulation such as the technical means to make a secure processing environment available or the technical means to ensure privacy and confidentiality where access to re-use of data within the scope of this Regulation is provided.

Art. 8 DGA - Single information points arrow_right_alt

Art. 9 DGA - Procedure for requests for re-use arrow_right_alt