The future of personal data sharing and ownership in the EU

The European Union has been a driving force in reshaping how personal data is managed and shared, pushing the agenda for greater user empowerment and data access. At the core of this transformation is the idea that data is a resource to be shared and used responsibly, not owned or siloed by a single entity. 

This focus on data access empowers users to manage, control, and transfer their data across platforms, rather than giving ownership to any single entity. This shift supports the EU’s broader vision of a more connected, data-driven economy, and is backed by several regulations, as this blog explores.

Companies that embrace this shift towards increased data access and user empowerment will be better positioned to build trust, foster collaboration, and innovate in the growing data economy. However, those that fail to align with these changes risk falling behind as data becomes a more valuable asset in shaping the digital future. 

This blog explores the landscape of data ownership and sharing in Europe, key regulations driving open data access in the EU, and what companies need to do to stay ahead of the curve. 

In recent years, the EU has rolled out initiatives aimed at giving individuals greater control over their personal data while promoting transparency in its use. At the core of these efforts is the European Data Strategy, which outlines plans to create a single European data market. This strategy seeks to enhance data access across borders and sectors, enabling innovation and economic growth, while safeguarding privacy and security in line with GDPR.

One of the key components of the strategy is the creation of Common European Data Spaces, which aim to provide secure, transparent, and legally compliant environments for businesses, governments, and individuals to share and access data. These spaces are sector-specific, tailored to industries like healthcare, finance, mobility, and energy. They are also designed to facilitate more efficient data exchange within and across borders, further bolstering Europe’s digital economy.

The Data Act sets out a comprehensive framework for the access, sharing, and use of data across the EU. It ensures that businesses, public bodies, and individuals can securely share data, while protecting privacy, intellectual property, and trade secrets. The law also introduces mechanisms for resolving data-related disputes and establishing clearer rights for data usage, making data exchange more predictable and transparent.

By streamlining data access across sectors like healthcare, finance, and energy, the Data Act supports innovation, enhances collaboration, and ensures that data is used in ways that benefit both the economy and society.

Explore how secure data sharing can help your organisation

Data access allows users to manage and transfer their data. Data ownership, however, suggests a more powerful position where individuals control how their data is used, shared, or even monetised.  

Companies that view data as a shared asset and leverage it in an ethical, compliant, and consent-driven way can unlock new insights and collaborate more effectively. This approach drives innovation in ways that were previously impossible.

The EU has introduced several key regulations to secure data handling, empower users with greater control over their personal information, and promote secure data sharing. In this section, we’ll explore the most important regulations shaping data ownership and access in the EU: 

• Electronic Identification and Trust Services (eIDAS): Introduced in 2014, eIDAS laid the foundation for secure digital interactions across the EU by establishing standards for electronic identification (eID) and trust services, such as electronic signatures and seals. While it doesn’t directly address data ownership, eIDAS ensures that actions like signing a document electronically or logging in to a government portal using a digital ID are trusted and recognised across all EU member states. With the introduction of eIDAS 2.0, the framework further strengthens cross-border trust and data sharing, creating a reliable environment for sectors like healthcare, finance, and public services. 

• General Data Protection Regulation (GDPR): Introduced in 2018, GDPR revolutionised personal data handling by granting individuals rights like access, correction, deletion, and portability of their data. While GDPR set the scene of data protection, other regulations went into more detail about how it should be done. GDPR is crucial for safeguarding data privacy, empowering users with control over their personal data, and enhancing accountability in data sharing, particularly across platforms. 

• Data Act: Introduced in 2022, the Data Act is designed to make it easier and more secure for businesses to share data across sectors like healthcare, manufacturing, and finance. It sets clear rules about who owns data, how it can be accessed, and how it can be used—especially non-personal data such as machine data from IoT devices or data stored in cloud services. The Data Act ensures that businesses can share data securely with each other with clear guidelines on how the data should be used and protected. This regulation helps make data sharing more transparent and fosters fair competition. 

• Data Governance Act (DGA): Adopted by the EU in 2022, the Data Governance Act establishes frameworks for trusted data intermediaries. This facilitates the creation of data sharing mechanisms that ensure both data providers and recipients comply with EU privacy and security standards. DGA enables individuals, organisations and governments to securely share data for societal benefits, such as research or environmental purposes. It also promotes a more transparent, interoperable, and secure data sharing environment across Europe.

• Common European Data Space: Introduced as part of the European Data Strategy, it is an initiative designed to create a unified, secure framework for data sharing across the EU. Data spaces will provide the infrastructure and tools needed to manage data access, while maintaining privacy and security across borders and sectors. By 2025, the EU plans to establish data spaces in sectors like health, energy, and agriculture. This helps ensure that data can be shared freely and securely between businesses, governments, and individuals to building a connected, data-driven economy in Europe.

Financial Data Access regulation (FiDA) regulation has been originally proposed to enable secure, federated data exchange. The exact scope of the regulation is still subject to ongoing discussions as the EU shifts focus to more targeted initiatives like the Data Act and Data Governance Act. While the future of FiDA is still uncertain, its concepts highlight the direction the EU is heading, emphasising secure, user-controlled data exchanges. 

• Create clear data collection policies: This includes providing transparent information to users about how their data will be used, and ensuring users can easily give or withdraw consent.  

• Implement strong data management systems: Businesses should invest in tools that facilitate prompt responses to data portability, access, and deletion requests in line with GDPR requirements. This involves setting up automated systems to manage user requests, track consent, and ensure actions are processed within the required timeframes. Digital identity tools can play a crucial key role in supporting businesses in verifying and authenticating individuals requesting data access. Those tools also help organisations in obtaining explicit owner consent for the specific use of their personal data, which provides 'out-of-the-box compliance' to data sharing processes. 

• Adopt secure and transparent data sharing practices: In line with the Data Act, businesses should establish clear protocols for sharing non-personal data with third parties. This includes using secure data sharing technologies to ensure proper consent and maintain security. 

• Stay informed on regulations: Keep up with emerging regulations, such as the European Digital Strategy. To stay proactive, businesses should adopt data sharing technologies that prioritise user control and security, integrating them into their operations. 

Read more: Complete guide to data sharing for businesses from itsme^®

The EU's Data Strategy and regulations emphasise giving individuals more control over their data, making data sharing a key element of regulatory compliance. By adopting secure data sharing practices, businesses can conveniently meet these requirements.

Moreover, secure data sharing practices help businesses by reducing redundancies and lowering costs related to data exchange, and optimise resource allocation. This can be seen in industries such as healthcare, HR, and finance, which are already leveraging shared data to unlock insights and create value in ways that would be difficult or impossible otherwise.

In the financial services industry, sharing real-time transaction data through secure platforms enables banks, fintech companies, and credit agencies to improve fraud detection, streamline loan approvals, and offer personalised financial services. 

In Belgium, DIBBS platform, an app designed to help students find work opportunities, leverages itsme^®'s data sharing offering to access student attestations securely stored in Athumi's data vault. This integration allows students to seamlessly share verified evidence of their student status when applying for vacancies, without the need for manual verification or physical documentation.

Enhance your organisation's compliance, customer satisfaction and growth with data sharing