On 19 February 2020, the new European Commission published two Communications relating to its five-year digital strategy: one on shaping Europe’s digital future, and one on its European strategy for data (the Commission also published a white paper proposing its strategy on AI; see our previous blogs here and here).  In both Communications, the Commission sets out a vision of the EU powered by digital solutions that are strongly rooted in European values and EU fundamental rights.  Both Communications also emphasize the intent to strengthen “European technological sovereignty”, which in the Commission’s view will enable the EU to define its own rules and values in the digital age.  The Communications set out the Commission’s plans to achieve this vision.

Communication on shaping Europe’s digital future

The Commission’s strategy on shaping Europe’s digital future seeks to achieve three key objectives:

  1. Ensuring that technology works for people, making a difference to people’s daily lives and shaping technology in a way that respects European values;
  2. A fair and competitive economy, with a frictionless EU single market where companies of all sizes can compete on equal terms, and consumers can be confident their rights are respected; and
  3. An open, democratic, and sustainable society, in which citizens are empowered both online and offline, and where digital transformation enhances democratic values, respects human rights, and contributes to a sustainable economy.

The key action points that the Commission plans to take in respect of each of the three objectives include the following (amongst others):

  • In order to ensure that technology works for people, the Commission intends to:
    • Follow up on the steps set out in the White Paper on AI (see our previous blog here) on safety, liability, fundamental rights and data.
    • Publish an updated Action Plan on 5G and 6G.
    • Propose 5G Corridors for connected and automated mobility.
    • Undertake a review of the Security of Network and Information Systems (NIS) Directive.
    • Update the Digital Education Action Plan to boost digital literacy and competences at all levels of education, and reinforce the Skills Agenda and Youth Guarantee to strengthen digital skills.
    • Propose initiatives to improve labor conditions of platform workers.
  • To promote a fair and competitive economy, the Commission intends to:
    • Publish a European Data Strategy (see below), to be followed by the announcement of a legislative framework for data governance and a possible Data Act.
    • Complete its ongoing review of EU competition rules for the digital age, and launch a sector inquiry.
    • Continue it ongoing consideration of ex ante rules on markets where large platforms act as gate-keepers, including in the context of the Commission’s proposed Digital Services Act package.
    • Publish a new Consumer Agenda, to empower consumers to make informed choices and play active roles in digital transformation.
  • In furtherance of its goal to advance an open, democratic and sustainable society, the Commission intends to:
    • Adopt new rules on harmonizing the responsibilities of online platforms (including in relation to content) and information service providers, as part of the Digital Services Act package.
    • Revise the eIDAS Regulation to promote the use of trusted digital identities in the private sector.
    • Propose a circular electronics initiative to ensure that devices are designed for durability, maintenance, dismantling, reuse and recycling, and including a right to repair or upgrade to extend the lifecycle of electronic devices and to avoid premature obsolescence.

Communication on a European strategy for data

The Commission’s European data strategy Communication articulates the EU’s aspiration to be a role model of a society powered by data to make better decisions — in both the private and public sectors.  The Commission notes that it has already taken a number of steps to create a solid framework for digital trust — including the implementation of the GDPR, the Regulation on the free flow of non-personal data, the Cybersecurity Act, the Open Data Directive, the Digital Content Directive, and a number of sector-specific legislative instruments that include provisions on data access.

The Commission identifies several challenges that are holding back the EU from realizing its potential in the data economy, including: a lack of available data, imbalances of market power, the lack of common data formats and protocols for data interoperability, the EU’s technological dependencies on certain “strategic infrastructures,” barriers to individuals being able to exercise their data reuse rights under the GDPR, a lack of digital skills, and cybersecurity risks.

To address these challenges, the Communication proposes a four-pillar strategy that includes:

  • A cross-sectoral governance framework for data access and use that will cover, among other measures, new EU mechanisms and guidance on data sharing.  Key actions the Commission proposes to take include:
    • Proposing a legislative framework for the governance of common European data spaces;
    • Adopting an implementing act on high-value datasets under the Open Data Directive to open up key public sector reference data sets for innovation;
    • Proposing a Data Act to support (and in certain cases potentially to mandate) business-to-government or business-to-business data sharing;
    • Evaluating the IPR framework with a view to further enhancing data access and use.
  • Investments in data and strengthening of the EU’s capabilities and infrastructures for hosting, processing, and using data.  Key actions the Commission proposes to take include:
    • Investing in a High Impact project on European data spaces;
    • Funding the establishment of EU-wide common interoperable data spaces;
    • Facilitating the development of common European standards and requirements for the public procurement of data processing services;
    • Launching a European cloud services marketplace;
    • Creating an EU (self-) regulatory cloud rulebook.
  • Greater investment in digital skills and in SMEs.  Key actions the Commission proposes to take include:
    • Updating the Digital Education Action Plan;
    • Issuing a European SME Strategy;
    • Exploring enhancing the portability right for individuals under GDPR Article 20.
  • The development of common European data spaces in strategic sectors and domains of public interest.  These sectors include manufacturing, mobility, health, financial services, energy, and agriculture.

The Commission adds that it intends to take “an open, but assertive approach to international data flows, based on European values.”  This will include efforts to address unjustified barriers and restrictions to cross-border data flows in third countries, and to ensure that any access to EU citizens’ personal data, and European commercially sensitive data, is in compliance with EU values and the EU legislative framework, including the GDPR.

Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this context, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Marty Hansen Marty Hansen

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients…

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under EU and U.S. law, UK law, the World Trade Organization agreements, and other trade agreements.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Photo of Nicholas Shepherd Nicholas Shepherd

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing…

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing laws, and other privacy and cybersecurity laws worldwide. Nick counsels on topics that include adtech, anonymization, children’s privacy, cross-border transfer restrictions, and much more, providing advice tailored to product- and service-specific contexts to help clients apply a risk-based approach in addressing requirements in relation to transparency, consent, lawful processing, data sharing, and others.

A U.S.-trained and qualified lawyer with 7 years of working experience in Europe, Nick leverages his multi-faceted legal background and international experience to provide clear and pragmatic advice to help organizations address their privacy compliance obligations across jurisdictions.