Providers of data intermediation services

El Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724it establishes, inter alia, a reporting and monitoring framework for the provision of data intermediation services.

Data intermediation services are services whose purpose is to establish commercial relations for the exchange of data between an indeterminate number of data subjects and data subjects, on the one hand, and data users, on the other, through technical, legal or other means, including services intended for the exercise of the rights of the interested parties in relation to personal data.

Specifically, the Regulation applies to the following: data brokering services:

  1. intermediation services between data subjects and potential data usersincluding the provision of technical or other means to enable such services; these services may include bilateral or multilateral data exchange or the creation of platforms or databases to enable the exchange or sharing of data, as well as the establishment of other specific infrastructure for the interconnection of data subjects with data users;
  2. intermediation services between data subjects who wish to provide their personal data or natural persons who wish to provide non-personal data and potential data usersincluding the provision of the technical or other means necessary to enable such services, and in particular to enable the exercise of the rights of data subjects provided for in Regulation (EU) 2016/679;
  3. Data Cooperative Servicesthese are the data intermediation services offered by an organisational structure made up of interested parties, sole proprietors or SMEs belonging to that structure, the main objectives of which are to assist its members in exercising their rights with regard to certain data, including assistance with regard to informed decision-making prior to consent to data processing, to exchange views on the purposes of data processing and the conditions that best represent the interests of its members in relation to their data, and to negotiate contractual conditions for data processing on behalf of its members before granting permission for the processing of non-personal data or before giving consent for the processing of personal data;

However, they remain expressly excluded from the definition of intermediation service For data the following services:

  1. services that obtain data from data subjects and that add, enrich or transform in order to add substantial value to them and grant licenses data users for the use of the resulting data, without establishing a commercial relationship between data subjects and data users;
  2. services dedicated to the intermediation of Copyrighted Content;
  3. the services used exclusively by one sole holder data to enable the use of data held by that data subject, or data used by multiple legal persons in a closed groupincluding also those used in relations with suppliers or customers or contractually established partnerships, in particular those aimed primarily at ensuring the functionalities of objects and devices connected to the Internet of Things;
  4. data exchange services offered by public sector bodies without the intention of establishing commercial relations;

Providers of data intermediation services are subject to the control and supervision of the relevant data intermediation services competent authority, and must comply with the obligations of Regulation (EU) 2022/868, both with regard to the obligation to notify their activity, changes and cessation to the competent authority, and, where appropriate, designate legal representative in the Union in accordance with Article 11, as well as the conditions for the provision of data intermediation services of Article 12, and the provisions on international access and transfers of Article 31.

Furthermore, data intermediation service providers who so wish may request the competent authority to confirm that the provider complies with the requirements of the DGA Regulation, in particular with the requirements of Articles 11 and 12 of the Regulation. This confirmation shall enable the data intermediation service provider to use, in its oral and written communications, the designation ‘Union-recognised data intermediation service provider’, as well as to use a common logo to be established by the Commission.

Access to administrative procedures