I’ve been involved in open data for about 15 years. Back then we had a vibrant European wide network of activists and civic organisations around open data, partially triggered by the first PSI Directive that was the European legal fundament for our call for more open government data.

Since 2020 a much wider and fundamental legal framework than the PSI Directive ever was is taking shape, with the Data Governance Act, Data Act, AI Regulation, Open Data Directive, High Value Data implementing regulation as building blocks. Together they create the EU single market for data, adding data as fourth element to the list of freedom of movement for people, products and capital within the EU. This will all take shape as the European common dataspace(s), built from a range of sectoral dataspaces.

In the past years I’ve been actively involved in these developments, currently helping large government data holders in the Netherlands interpret the new obligations and above all new opportunities for public service that result from all this.

Now that the dataspaces are slowly taking shape, what I find missing from most discussions and events is the voice of civic organisations and activists. It’s mostly IT companies and research institutions that are involved. While for the Commission social impact (climate, health, energy and agricultural transitions e.g.) is a key element in why they seek to implement these new laws, for most parties involved in the dataspaces that is less of a consideration, and economic and technological factors are more important. Not even government data holders themselves are represented much in how the European data space will turn out. Even though everyone single one of us and every public entity by default is a part of this common market.

I would like to strengthen the voice of civil society and activists in this area, to together influence the shape these dataspaces are taking. So that they are of use and value to us too. To use the new (legal) tools to strengthen the commons, to increase our agency.

Most of the old European open data network however over time has dissolved, as we all got involved in national level practical projects and the European network as a source of sense of belonging and strengthening each others commitment became less important. And we’ve moved on a good number of years, so many new people have come on to the scene, unconnected to that history, with new perspectives and new capabilities.

So the question is: who is active on these topics, from a civil society perspective, as activists? Who should be involved? What are the organisations, the events, that are relevant regionally, nationally, EU wide? Can we connect those existing dots: to share experiencs, examples, join our voices, pool our efforts?

Currently I’m doing a first scan of who is involved in which EU country, what type of events are visible, organisations that are active etc. Starting from my old network of a decade ago. I will share lists of what I find at Our Common Data Space.

Let me know if you count yourself as part of this European network. Let me know the relevant efforts you are aware of. Let me know which events you think bring together people likely to want to be involved.

I look forward to finding out about you!

Open Government Data Camp in Warsaw 2011. An example of the vibrancy of the European open data network, I called it the community’s ‘family christmas party’, at the time. Above the schedule of sessions created collectively by the participants, with many local initiatives and examples shared with the EU wide network. Below one of those sessions, on local policy making and open data.

Some good movement on EU data legislation this month! I’ve been keeping track of EU data and digital legislation in the past three years. In 2020 I helped determine the content of what has become the High Value Data implementing regulation (my focus was on earth observation, environmental and meteorological data), and since then for the Dutch government I’ve been involved in translating the incoming legislation to implementing steps and opportunities for Dutch government geo-data holders.

AI Act

The AI Act stipulates what types of algorithmic applications are allowed on the European market under which conditions. A few things are banned, the rest of the provisions are tied to a risk assessment. Higher risk applications carry heavier responsibilities and obligations for market entry. It’s a CE marking for these applications, with responsibilities for producers, distributors, users, and users of output of usage.
The Commission proposed the AI Act in april 2021, the Council responded with its version in December 2022.

Two weeks ago the European Parliament approved in plenary its version of the AI Act.
In my reading the EP both strengthens and weakens the original proposal. It strengthens it by restricting certain types of uses further than the original proposal, and adds foundational models to its scope.
It also adds a definition of what is considered AI in the context of this law. This in itself is logical as, originally the proposal did not try to define that other than listing technologies in an annex that were deemed in scope. However while adding that definition, they removed the annex. That, I think weakens the AI Act and will make future enforcement much slower and harder. Because now everything will depend on the interpretation of the definition, meaning it will be a key point of contention before the courts (‘my product is out of scope!’). Whereas by having both the definition and the annex, the legislative specifically states which things it considers in scope of the definition at the very least. As the Annex would be periodically updated, it would also remain future proof.

With the stated positions of the Council and Parliament the trilogue can now start to negotiate the final text which then needs to be approved by both Council and Parliament again.

All in all this looks like the AI Act will be finished and in force before the end of year, and will be applied by 2025.

Data Act

The Data Act is one of the building blocks of the EU Data Strategy (the others being the Data Governance Act, applied from September, the Open Data Directive, in force since mid 2021, and the implementing regulation High Value Data which the public sector must comply with by spring 2024). The Data Act contains several interesting proposals. One is requiring connected devices to not only allow users access to the (real time) data they create (think thermostats, solar panel transformers, sensors etc.), as well as allowing users to share that data with third parties. You can think of this as ‘PSD2-for-everything’. PSD2 says that banks must enable you to share your banking data with third parties (meaning you can manage your account at Bank A with the mobile app of Bank B, can connect your book keeping software etc.). The Data Act extends this to ‘everything’ that is connected. Another interesting component is that it allows public sector bodies in case of emergencies (floods e.g.) to require certain data from private sector parties, across borders. The Dutch government heavily opposed this so I am interested in seeing what the final formulation of this part is in the Act. Other provisions make it easier for people to switch platform services (e.g. cloud providers), and create space for the European Commission to set, let develop, adopt or mandate certain data standards across sectors. That last element is of relevance to the shaping of the single market for data, aka the European common data space(s), and here too I look forward to reading the final formulation.

With the Council of the European Union and the European Parliament having reached a common text, what rests is final approval by both bodies. This should be concluded under the Spanish presidency that starts this weekend, and the Data Act will then enter into force sometime this fall, with a grace period of some 18 months or so until sometime in 2025.

There’s more this month: ITS Directive

The Intelligent Transport Systems Directive (ITS Directive) was originally created in 2010, to ensure data availability about traffic conditions etc. for e.g. (multi-modal) planning purposes. In the Netherlands for instance real-time information about traffic intensity is available in this context. The Commmission proposed to revise the ITS Directive late 2021 to take into account technological developments and things like automated mobility and on-demand mobility systems. This month the Council and European Parliament agreed a common text on the new ITS Directive. I look forward to close reading the final text, also on its connections to the Data Act above, and its potential in the context of the European mobility data space. Between the Data Act and the ITS Directive I’m also interested in the position of in-car data. Our cars increasinly are mobile sensor platforms, to which the owner/driver has little to no access, which should change imo.

A good session with a delegation from Moldova, visiting Geonovum. We discussed standardisation in cadastral and utility network data, and how the process of creating standards from consensus over large stakeholder networks works. I presented about the implementation of the EU data strategy and corresponding EU (sectoral) data space(s). Also discussed the changes that entails for Geonovum as a national level geo-information standards body as part of the standards work is shifting to the European level.

In 2012 I did some work in Moldova, with the e-governance agency, and facilitating at the Apps4Moldova competition. Since then I’ve encountered the Moldovan e-gov team at various other locations I worked at for the World Bank.

This looks like a very welcome development: The European Commission (EC) is to ask for status updates of all international GDPR cases with all the Member State Data Protection Authorities (DPAs) every other month. This in response to a formal complaint by the Irish Council for Civil Liberties starting in 2021 about the footdragging of the Irish DPA in their investigations of BigTech cases (which mostly have their EU activities domiciled in Ireland).

The GDPR, the EU’s data protection regulation, has been in force since mid 2018. Since then many cases have been progressing extremely slowly. To a large extent because it seems that Ireland’s DPA has been the subject of regulatory capture by BigTech, up to the point where it is defying direct instructions by the EU data protection board and taking an outside position relative to all other European DPA’s.

With bi-monthly status updates of ongoing specific cases from now being requested by the EC of each Member State, this is a step up from the multi-year self-reporting by MS that usually is done to determine potential infringements. This should have an impact on the consistency with which the GDPR gets applied, and above all on ensuring cases are being resolved at adequate speed. The glacial pace of bigger cases risks eroding confidence in the GDPR especially if smaller cases do get dealt with (the local butcher getting fined for sloppy marketing, while Facebook makes billions of person-targeted ads without people’s consent).

So kudos to ICCL for filing the complaint and working with the EU Ombudsman on this, and to the EC for taking it as an opportunity to much more closely monitor GDPR enforcement.

Een paar weken geleden had ik een gesprek van een uur met Bart Ensink van Little Rocket over mijn werk en mijn bedrijf The Green Land. Dat gesprek is als zesde aflevering van de Datadriftig podcast nu te beluisteren. We ‘kwamen elkaar tegen’ in de interactie op een draadje op Mastodon in december. Little Rocket is een ebusiness bedrijf en maakt voor hun zakelijke klanten data bruikbaarder. Het is gevestigd in Enschede, dus bracht ik een bezoek aan de stad waar ik tot 6 jaar geleden woonde, en dook Enschede en de Universiteit Twente vaker op in het gesprek.

Today I heard the EU High Value Data list in its first iteration is finally decided upon. In September 2020 we submitted our advice on what data to include in the thematic areas of geographic data, statistics, mobility, company information, meteorology, earth observation and environment. Last week the Member States submitted their final yes/no vote, and the final text was approved. The EC will now finalise the text for publication, and it should be published before the end of the year. It will enter into force 20 days after publication and government data holders have 16 months until April/May 2024 to ensure compliance. It’s been a long path, and this first list could have been better concerning company information. Yet, when it comes to geographic data (addresses, buildings, land parcels, topography), meteorology and that same company information, it draws a line under two decades of discussion, court cases and studies to help dismantle the revenue model of charging at the point of use. Such charges are a threshold to market entry, and are generally lower than the tax revenue otherwise gained from the activities it’s a threshold to.

It’s easy to just move ahead and think about how this is not enough, what still needs doing, how to implement this etc. But it’s good to acknowledge that when I first started working on open government data in 2008 I heard the stories of those who had been at it for many years since well before the first PSI Directive was agreed in 2003. Some of those people have by now been retired for quite some time already, and I worked on it standing on their shoulders. The implementation act for EU high value data sets is a big step, even if in the field we thought it a no-brainer for decades already.