13 May 2024
A Blueprint to Innovation
The European Union (EU) has embarked on a transformative journey with recent legislative initiatives aimed at fostering data sharing across sectors. The concept of Common European Data Spaces (EU data spaces) lies at the heart of this visionary strategy, centered on the establishment of a framework that promotes collaboration while upholding privacy, security, and regulatory standards.
The European Union Agency for Cybersecurity, ENISA, published a Report that delves into the design principles underpinning the protection of personal data within EU data spaces and illustrates these concepts through practical use cases in the pharmaceutical domain.
Our managing partner, Maria Raphael, member of the ENISA AHWG on Data Protection Engineering, was one of the contributors to this report, amongst other exceptional experts on the field.
Common European Data Spaces
EU data spaces represent a pivotal shift towards a unified data ecosystem where both public and private data can be shared securely and responsibly.
The European Strategy for Data, introduced in 2020, underscores the significance of a single European data space—a concept transcending geographical boundaries, where data flows seamlessly, fostering growth and value creation. Within this strategy, the Data Governance Act (DGA) lays down foundational principles for EU data spaces, emphasizing the importance of privacy, security, and cross-sector collaboration.
Design Principles & Interoperability
In the context of engineering personal data protection within EU data spaces the DGA advocates for robust governance frameworks that align with existing Union policies on data protection, cybersecurity, and intellectual property rights. It calls for the implementation of tools that enable secure data sharing, respecting access rights and compliance obligations over time.
Interoperability stands as a cornerstone of EU data spaces, requiring data sharing services to promote compatibility across sectors and formats. This interoperability extends to personal data, where intermediaries play a crucial role in anonymizing or pseudonymizing data, facilitating data sharing agreements, and safeguarding individuals' rights.
Scope & Aim of this Report
This report elucidates into the design and implementation of EU data spaces, focusing particularly on the engineering of personal data protection. Its primary objectives are to outline the key design principles for safeguarding personal data and to showcase the practical implementation of personal data protection within the context of an envisaged EU data space in the pharmaceutical sector. The aim is to provide valuable insights and guidance to policymakers, regulators, and data protection experts.
This report builds upon ENISA's ongoing efforts in Data Protection Engineering and is a collaborative effort with the ENISA Ad Hoc Working Group on Data Protection Engineering.
The comprehensive report by ENISA on Engineering Personal Data Protection in EU Data Spaces can be accessed here.