Legal Dimension

This section of the Rulebook gives an overview of the regulatory framework and describes IDSA's approach of compliance with regulatory requirements and contractual agreements.

6.1 Regulatory framework

The lack of a general legal status (access regime) for data, partial application of IP rights and trade secret protection and the restrictions of personal data protection result in a fragmented and incomplete regulatory framework. To address these shortcomings in data sharing and reuse, the EU Commission presented the "European strategy for data" in February 2020 describing the vision of a common European data space. The Commission has proposed different regulations (Digital Markets Act (DMA), Digital Services Act (DSA), AI Act on harmonised rules for data governance, data access and use as part of the EU's digital strategy.

Beside other regulations the Data Governance Act (DGA) entered into force on 23 June 2022 and will be applicable from September 2023 after a 15-months grace period. On 23 February 2022, the Commission proposed a regulation on harmonised rules for fair access and use of data, the Data Act Proposal (DA-E). With both acts the Commission aims to make more data available for use, by setting up rules on who can use and access what data for which purposes across all economic sectors in the EU.

The DGA aims to make more data available by regulating the reuse of publicly/held, protected data, by promoting data sharing through the regulation of novel data intermediaries and by encouraging the sharing of data for altruistic purposes. It aims to make public sector data more widely available for local businesses, researchers and communities for the development of innovative data-driven services. A specific focus is on the public sector data which is subject to legal restrictions and thus out of the scope of the Open Data Directive. Therefore, the proposal covers public sector data which is legally protected on the grounds of: (a) commercial confidentiality including the trade secrets; (b) statistical confidentiality; (c) intellectual property rights of third parties; (d) protection of personal data. This objective of providing access to data that is not accessible as open data may be seen as indicative of the emergence of a distinct regime for the data held by public bodies. The public sector bodies enabling the use of such protected data are required to be technically equipped to ensure that data privacy and confidentiality are fully preserved. The proposal does not interfere with the substantive rights on data as it refrains from prescribing a right of access or reuse but lays out certain harmonized rules and conditions guiding member states for establishing mechanisms for the reuse of publicly held data.

The DA-E aims to ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all by providing consumers and businesses access to the data of their devices. The DA-E is regarded to be an essential building block of the European data spaces. It is guided by the understanding that B2B contractual agreements do not fully guarantee adequate access to data for SMEs or start-ups. A contractual framework is needed, providing clarity on rights and remedies regarding accessing, processing, sharing, and storing of data in order to limit misuse. The proposal acknowledges the importance of a harmonised data governance regime in achieving competitiveness, innovation and sustainable growth in all sectors and making the Union's transition to a green digital economy a success. The proposal introduces interventions to the current legal landscape of B2B data sharing and access in two dimensions: first, contracts as voluntary agreements and second, statutory access rights or obligations to make data available together with the general rules to be complied while performing these obligations or exercising the rights.

Beside these specific Acts, further legal aspects to consider when sharing data, including antitrust/competition, data protection and security, copyright, patents/Intellectual property. The regulatory development may have more impact on the concept and operationalization of data spaces in the future and needs to be monitored to ensure compliance.

The operationalisation of data governance and the establishment of data spaces require a robust methodology both to navigate through the existing regulatory patchwork (scattered in various legal instruments) and to implement the upcoming legislative agenda of the EU*.* Providing guidance to future-proof specific problems entails an assessment and combination of various regulatory tools, contractual models, design principles, and organizational structures. To this end, the below four-pillar data governance framework outlines a "legal anatomy" of data governance consisting of the following:

  1. the substantive rights and obligations related to data transactions (rights to data)

  2. the contractual dimension

  3. the organizational aspects

  4. the technical implementation.

Beside the own responsibility of participants in a decentralized organization, IDSA discusses and aligns on legal matters with other initiatives. Coordination with other initiatives on the legal dimension is all the more important as often (and by its nature) most legislation needs to be translated into practical approaches and solutions - and a common understanding of the legal terms is necessary to create a trustworthy and reliable EU data sharing landscape.

Therefore, IDSA has established a legal framework task force to discuss regulatory developments and legal topics as well as to organize the collaboration and contribution of IDSA members regarding the legal dimension.

The analysis of the relevant legal frameworks pertaining to data transactions reveals that there are many gaps and overlaps in the current legal landscape mostly because, i) significant parts of the data do not have a standard legal status as intangible assets, and ii) these legal regimes do not address the needs of the data economy or the specificities of data transactions.

As legislation only provides the general framework for data sharing, the legal dimension of a data space includes a contractual framework so that the different participants can agree on specified rules that fit their data sharing context. In a decentralized organization where participants are free to choose their contract partner and freely agree on contract terms, the contractual framework means a suggested model of terms that can be amended according to the needs (template approach).

Considering IDSA's focus on other dimensions and the importance of alliance with other initiatives, IDSA takes an "adopting & consolidation approach" to the contractual framework. Therefore, IDSA did not invent an own set of legal agreements for IDS participants to be used instead opting to suggest an already established contractual framework modified regarding IDS specifics.

SITRA's rulebook for a fair data economy provides tools for networks where organizations can share data and create services. The rulebook model includes contractual templates and tools for building a data sharing network. It sets out legal, business, technical, security, and administrative rules as well as ethical guidelines to be observed by organizations in data sharing networks. The rulebook model consists, among other things, of contractual templates, a set of control questions and a draft code of conduct that can be used to create a customized rulebook for a data network. Sitra published the first version of the rulebook for a fair data economy in 2020 and has updated it several times since. The rulebook model is backed by Sitra's longterm work on the fair data economy and a large group of experts from companies and other organizations who have made valuable contributions to the rulebook model.

The basic principles of the Sitra rulebook align well with the goals of this IDSA Rulebook:


IDS has made sovereignty of the data owner its most important design principle. In the Rulebook data provider has sovereignty over its data. The instrument for the data provider to exercise its sovereignty is through the data terms of use, in which the data provider can decide to whom it grants access and under what conditions it releases the data for use by others in the data network. Trust Enabling trust is the first of the foundational IDS concepts. Trust is encompassed in the Sitra Rulebook primarily through the balance between the sovereign data providers and data users building new business with the data. For instance, seizing the provision of data is allowed, the termination period can be set to fit the needs of the business or even initial fixed terms can be agreed upon. By default, the data already distributed may still be used by the data user after termination, but the provision of new data is seized. The balance is also found in the clauses defining the boundary between data and derived material in a way that it fits the context and needs of the data provider and the data user. The Sitra rulebook also includes clauses on auditing and extensive tools for ensuring that data security and ethical principles are taken into account in the design of data networks.

Considering the IDS dimensions, the SITRA templates are a valuable basis to create the contract framework for data sharing based on IDS principles and specifications. IDSA follows a "narrow" approach regarding the suggested contract templates as the idea is to provide a general framework that should be amended according to the specific needs.

6.3 Contract templates for IDS

Based on the SITRA templates IDSA will start drafting additional components for contract templates for IDS (that will be published after this Rulebook). Such templates will be attached to this Rulebook and regularly updated reflecting new developments.

The IDS contract framework will not duplicate all components of the SITRA rulebook. The full set of SITRA rulebook templates are intended to be used in the creation and set-up of a data space, including governance models of the data ecosystem. These may not be necessary for the purposes of the IDSA Rulebook. Therefore, the IDS contract framework will focus on additional components and guidance highlighted in different use cases of data sharing implemented under the IDS specifications. These may include domain-specific dataset terms of use templates or more detailed components for cross-continent data sharing or privacy. If the IDS contract framework requires modifications to the SITRA rulebook's terms and conditions, they will be proposed also to Sitra's workgroup to maintain compatibility and to avoid different versions of terms and conditions.

Last updated

© 2016 – 2024 | All Rights Reserved | International Data Spaces Association