(A.) Policy and legislation
A.1) Policy objectives
Digital technologies are transforming the economy and society, and data is at the centre of this transformation. Data-driven innovation will be essential for the modernisation of Europe and the data economy which has the potential of bringingenormous benefits for citizens, for example in support to medicine, mobility, Green Deal.The key role of data is reflected in many chapters of the rolling plan outlining the respective sector specific aspects. On top of that, and addressed in this chapter, data is of foundational and horizontal relevance.
As stated in the Communication “A European strategy for data”, policy initiatives aim to “create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint ... [and]where EU law can be enforced effectively, and where all data-driven products and services comply with the relevant norms of the EU’s single market”.
The right to the protection of personal data is guaranteed by the EU Charter of fundamental rights and, together with the single market, is one of the EU founding principles. The European Commission is committed to ensuring fairness in how the value from using data is shared among businesses, consumers and accountable public bodies.
The GDPR and the new ePrivacy Regulation, expected to replace the ePrivacy Directive, provide the basic legal framework for respecting the European Charter in terms of data protection. The collection and use of personal data in compliance with the rules on the one hand, and the availability of non-personal data on the other hand, are necessary conditions to maximise the benefits from innovation and competition.
The European strategy for data is essential to govern new technologies and create business opportunities, while respecting fairness and the EU fundamental rights. Standards are one of the key elements of the data strategy instruments to support its implementation enabling international competition in a geopolitical context and on the basis of European values and rights.
The following tasks are especially in the focus of policy initiatives and of needs for a thriving data economy:
- Availability of data
- Imbalances in market power
- Data interoperability and quality
- Data governance
- Data infrastructures and technologies
- Data lifecycle: collection, record keeping, archival and long-term preservation of information
(A.2) EC perspectiveand progress report
The main initiatives already adopted to date are:
- Regulation (EU) 2016/679 (GDPR) andePrivacy Directive 2002/58/EC (to be replaced with ePrivacy Regulation), with regard to the processing of personal data - dealt with in chapter 3.0.3 on e-Privacy
- Regulation (EU) 2018/1807 on the free flow of non-personal data- dealt with in chapter 3.1.3 on Big Data, Open Data and Public sector information that covers data other than personal data as defined in the GDPR and introduces requirements on Member States not to introduce restrictions on their territory on the processing of non-personal data, with few exceptions;
- Regulation (EU) 2019/881 on the Cybersecurity Act (CSA)- dealt with in chapter 3.0.2 on Cybersecurity;
- Directive (EU) 2019/1024 on open data and re-use of public sector information -dealt with in chapter3.1.3 on Big Data, Open Data and Public sector information and in chapter 3.2.4 on eGovernment;
Building on what has already been achieved in recent years, the European Strategy forData aims to achieve a genuine single market for data by providing for the introduction of policy measures and funding.
The four key instruments of the European Strategy for Data
The European Strategy for Data aims to identify rules to balance rights and obligations for online and offline services to respect the rights of the European Charter.
In particular, the European Strategy for Data has four key instruments at its core aiming at creating a fair and trusted environment, regulate market power and drive innovation with data as raw material:
- The Data Governance Actaims to foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU;
- the Digital Market Act (DMA)aims to regulate large online platforms that qualify as gatekeepers, i.e. operators who control access to a certain market or platform;
- The Open Data Directive - this is dealt with in detail in chapter 3.1.3 on Big Data, Open Data and Public sector information
- The Data Act which is under development and intended to ensure fairness in the allocation of data value among the actors.
These four key instruments are complemented by other legal acts and policies. These include the Digital Services Act which addresses the context of the provision of digital services to citizens and businesses; the proposal aims to balance the responsibilities of users, platforms and public authorities by defining a common European framework that gives greater legal certainty to digital service providers while ensuring respect for European values.
The European Interoperability Framework (EIF) recommends that a long-term preservation policy is formulated for records and information in electronic form held by public administrations for the purpose of documenting procedures and decisions, to keep their legibility, reliability and integrity for as long as need be accessed.
Data lifecycle, including data collection, record keeping, archival and - when necessary - long term preservation of information, supports society’s demand for trustworthy records and legal certainty associated with Data Strategy key instruments and application of AI algorithms.
The following section A.3 provides all relevant references.
- New European interoperability framework - Promoting seamless services and data flows for European public administrations
- COM(2020) 66 final Communication from the Commission “A European strategy for data”
- Proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)
- Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Regulation (EU) 2018/1807 on a framework for the free flow of non-personal data in the European Union
- Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)
- Directive (EU) 2019/1024 on open data and the re-use of public sector information
- Proposal for a Regulation on European data governance (Data Governance Act)
- Proposal for a regulation on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC
- Proposal for a Regulation on contestable and fair markets in the digital sector (Digital Markets Act)
- Decision (EU) 2015/2240 on interoperability solutions and common frameworks for European public administrations, businesses and citizens (ISA2 programme) as a means for modernising the public sector (ISA2)
- Council recommendation of 14 November 2005 on priority actions to increase cooperation in the field of archives in Europe
(B) Requested actions
Action 1 SDOs to identify and inform about standards that are available or under way and that are of relevance in supporting the digital transformation at the level of data-innovation and of the data economy.
Action 2 SDOs to collaborate on developing a programme for addressing standardisation needs around all the data lifecycle, from data collection to record keeping, archiving and long term preservation of information and start the respective standardisation activities.
Action 3 In the context of the MSP, start an analysis on the role of open source software complementing standardisation for the data economy, e.g. with APIs, protocols, service delivery and other platforms.
Action 4 SDOs to identify and inform about standards that are available or under way and that are of relevance in supporting the interoperability of data as well as data sharing services between different sectors and domains.
Action 5 SDOs to develop standards in support of the Data Governance Act, the Digital Services Act and the Digital Markets Act, taking into account the results of ISA2 program.
(C) Activities and additional information
(C.1) Related standardisation activities
CEN and CENELEC
CEN/TC 468 ‘Preservation of digital information’
CEN/TC 468 works on standardisation of the functional and technical aspects of the preservation of digital information. It will develop standards aiming at achieving a European harmonization on best digital preservation practices: interoperability, integrity, portability of information during its lifecycle, etc. The development of these standards will follow the principles of Security by Design and Privacy by Design, in order to ensure highest security requirements and privacy protection for European citizens. One of the main objectives for the TC will be to coordinate and share national approaches and knowledge, in order to identify similarities and common views that will help to elaborate, through consensus, a European approach to the subject matter. As such, digital preservation can be part of the eIDAS-ecosystem, relying on a framework for eIDAS-based trust services and for European Digital Identities and preserving evidence.
CEN-CLC/WS DS ‘Digital sovereignty’
This workshop, proposed by AFNOR, VDE/DKE and IEEE, aims at defining the concept of digital sovereignty with its associated terminology and framework. It will allow to identify and anticipate future associated standardisation requirements supporting the implementation of a European approach on Sovereignty, including promoting an open market through the development of interoperability standards.
ETSI TS 119 511 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques
ETSI TS 119 512 Electronic Signatures and Infrastructures (ESI); Protocols for trust service providers providing long-term data preservation services
ISO 14721:2012 Space data and information transfer systems — Open archival information system (OAIS) — Reference model
ISO 20614:2017 Information and documentation — Data exchange protocol for interoperability and preservation
ISO 15489 Information and documentation — Records management (multipart)
ISO 20104:2015 Space data and information transfer systems — Producer-Archive Interface Specification (PAIS)
ISO 20652:2006 Space data and information transfer systems — Producer-archive interface — Methodology abstract standard
ISO/IEC JTC 1
ISO/IEC JTC 1/SC 32 Data management and interchange
Standards for data management within and among local and distributed information systems environments
ISO/IEC JTC 1/SC 7 Software and systems engineering
ISO/IEC 25012 “Data quality model” defines a quality model for data in structured format, which can be used to establish requirements, to define measures or to plan and perform data quality assessments.The concept of “data quality” refers to the usefulness of the information derived from data.
ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance
ISO/IEC 38500:2015 Information technology - Governance of IT for the Organization
ISO/IEC TS 38501:2015 Information technology - Governance of IT - Implementation Guide
ISO/IEC TR 38502:2017 Information technology - Governance of IT - Framework and Model
ISO/IEC TR 38504:2016Governance of information technology — Guidance for principles-based standards in the governance of information technology
ISO/IEC 38505-1:2017 Information technology — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data
ISO/IEC 38505-2:2018 Information technology — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management
Standards under development:
ISO/IEC FDIS 38503 Information technology — Governance of IT — Assessment of the governance of IT
ISO/IEC PRF TS 38505-3 Information technology — Governance of data — Part 3: Guidelines for data classification
ISO/IEC WD TS 38508 Information technology— Governance of IT— Governance implications of the Use of Shared Digital Service Platform among Ecosystem Organizations
ISO/IEC JTC 1 SC 27 WG 5 Identity management and privacy technologies: Please see the chapter on cybersecurity
Relevant standards for data security and privacy are developed. Please see the respective chapters on “Cybersecurityand on “Privacy” in this Foundational Drivers section.
The OASIS Open Data Protocol (Odata) standards support querying and sharing and re-use of data across disparate applications and multiple stakeholders. OASIS OData standards have been approved as ISO/IEC 20802-1:2016 and ISO/IEC 20802-2:2016.
The OASIS ebXML RegRep standards define service interfaces, protocols and information model for an integrated registry and repository. The repository stores digital content while the registry stores metadata that describes the content in the repository.
JSON-LD 1.1 (2020-07-16)
Open Digital Rights Language (ODRL) Version 2.2.(2018-02-15)
Shapes Constraint Language (SHACL)(2017-07-20)
Web Annotation Data Model (2017-02-23)
Data on the Web Best Practices (2017-01-31)
Provenance (Overview with links to standards of the provenance familiy 2013-04-30)
RDF-DEV CG developing RDFstarextends RDF with a compact way of annotating triples (and creates interoperability with property graphs)
See Data Activity Page for an overview.
(C.2) Other activities related to standardisation
The European Interoperability Framework (EIF)
The European Interoperability Framework (EIF) adopted on 23 March 2017 provides specific guidance on how to set up interoperable digital public services. EIF is undertaken in the context of the Commission priority to create a Digital Single Market in Europe. It offers public administrations 47 concrete recommendations on how to improve governance of their interoperability activities, establish cross-organisational relationships, streamline processes supporting end-to-end digital services, and ensure that both existing and new legislation do not compromise interoperability efforts.
A related on going framework is under development i.e. the Smart Cities and Communities European Interoperability Framework (EIF4SCC). EIF4SCC aims to support local administrations and other actors with challenges that relate to providing interoperability services to citizens and businesses. The Framework intends to support primarily local administrations and, in particular, local policy makers. This work in progress is jointly managed by DG DIGIT as part of the ISA² Programme (2016-2020), and by DG CONNECT in the framework of the Living-in.eu movement.
Important information should be kept accessible and reusable for years to come, regardless of the system used to store it. eArchiving provides core specifications, software, training and knowledge to help people preserve and reuse information over the long-term.
The Digital Information LifeCycle Interoperability Standards Board (DILCIS Board) develops, publishes and supports standards which provide practicalinteroperability in digital archiving. SIARD (Software Independent Archiving of Relational Databases) v2.2, August 31, 2021) https://dilcis.eu/content-types/siard
E-ARK Project (European Archival Records and Knowledge Preservation)
E-ARK was a multinational big data research project that improved the methods and technologies of digital archiving, in order to achieve consistency on a Europe-wide scale. https://www.eark-project.com/
SWIPO (Switching Cloud Providers and Porting Data), is a multi-stakeholder association facilitated by the European Commission, in order to develop voluntary Codes of Conduct for the proper application of the EU Free Flow of Non-Personal Data Regulation / Article 6 “Porting of Data”. See https://swipo.eu
Gaia-X is the European Association for Data and Cloud AISBL founded with the goal to develop technical solutions and regulatory frameworks and ensure that necessary central facilities as well key federation services to guarantee the envisaged data infrastructure are made available. Seehttps://www.gaia-x.eu/
The official portal for European data https://data.europa.eu/en