# From Regulation to Practice Legal and Ethical Tensions in Europe's Evolving Data Landscape

- Type: Literature
- Source: Zenodo (CERN European Organization for Nuclear Research)
- Date: 2026-07-14
- Original: https://doi.org/10.5281/zenodo.21363150
- Canonical: https://overview.legal/posts/132118
- Topics: Supervisory Authorities

## Summary

Abstract Europe is trying to build a research commons out of its fragmented administrative and health datasets, but it is doing so through instruments that pull in different directions: a Data Strategy that celebrates data flows, a Data Governance Act that institutionalises “altruism,” and a Data Act that keeps business‑to‑government access on a tight, exceptional leash. My presentation follows the data journey from registry or claims database, through data altruism organisations or DA‑based req

## Full text

Abstract Europe is trying to build a research commons out of its fragmented administrative and health datasets, but it is doing so through instruments that pull in different directions: a Data Strategy that celebrates data flows, a Data Governance Act that institutionalises “altruism,” and a Data Act that keeps business‑to‑government access on a tight, exceptional leash. My presentation follows the data journey from registry or claims database, through data altruism organisations or DA‑based requests, into cross‑border infrastructures like the European Health Data Space, showing at each step how lawful reuse, proportionality, and sovereignty are interpreted and contested in practice. The terrain for researchers and custodians is not as a stable “framework,” but as an evolving field of negotiation: some things will become easier (standardised legal bases for certain secondary uses, more explicit pathways for cross‑border access), others will remain complex (multi‑level consent, B2G outside emergencies, group harms), and much will depend on how institutions operationalise these laws in day‑to‑day decisions. “From Regulation to Practice Legal and Ethical Tensions in Europe’s Evolving Data Landscape” Marlon Domingus, July 14 2026 Paradox: Europe has “more data than ever and less certainty than ever about how it may be reused.” The EU Data Strategy imagines data as a key factor of production, calling for “a genuine single market for data” that enables “data to flow within the EU and across sectors” while fully respecting European values and rules. My perspective is an inquiry into whether the new infrastructure of the Data Governance Act (DGA), the Data Act (DA), and the emerging European Health Data Space actually resolve, or merely redistribute, the tensions between innovation, protection, and accessibility in population-based research. The story of three shifts: 1. From ad hoc sharing to structured “data altruism The DGA formalises the idea that individuals and organisations might voluntarily make data available for objectives of general interest as “data altruism.” It defines this as the “voluntary sharing of data on the basis of the consent of data subjects to process personal data pertaining to them, or permissions of data holders to allow the use of their non-personal data without seeking or receiving a reward.” This move is sometimes celebrated as a way to escape the narrowness of transactional consent under the GDPR, but commentators note that it also introduces a new layer of complexity: data altruism organisations, harmonised consent forms, and public registers that must somehow remain both trustworthy and comprehensible to ordinary citizens. 2. From emergency access to routinised business‑to‑government flows The Data Act is presented by the Commission as an instrument to “unlock industrial data, benefiting the EU economy and society” by ensuring “fair access to and use of data” and by creating mechanisms for public authorities to request data in situations of “exceptional need.” Yet critical analyses suggest that, in practice, the DA’s business‑to‑government provisions remain narrow, tied to extraordinary circumstances (e.g. public emergencies) and framed by strong compensation and proportionality requirements, meaning they are unlikely on their own to deliver the stable data pipelines that population health research infrastructures require. 3. From siloed databases to sectoral “data spaces” The planned European Health Data Space (EHDS) aspires to move “from fragmented data sources to a common European framework that supports primary and secondary use of health data.” In public health, recent analyses emphasise that robust population health information infrastructures depend not only on technical interoperability, but also on legal clarity and governance capacity—especially around linkage of administrative, clinical, and registry data to produce actionable intelligence. Your narrative can show how the DGA and DA are being retrofitted into this health data vision, sometimes awkwardly, as general-purpose instruments asked to carry sector-specific hopes. Do these instruments collectively amount to a genuine legal architecture for linking administrative and population data “for public good,” or are they still a patchwork that leaves frontline scientists, data custodians, and ethics committees to improvise workarounds? Insights 1. Data altruism as a response to consent fatigue Recent work on data altruism and consent in health research notes that GDPR consent, especially for secondary use of health data, often proves “ill-suited to the realities of long-term research, dynamic re‑use, and large‑scale data linkage.” Data altruism can be read as a legislative acknowledgement of this failure: it tries to shift from individualised, point‑in‑time consent to a more collective, mission‑oriented model of authorisation. This is not just a technical fix, but a re‑imagining of relational autonomy in European data law: patients and citizens are invited to position themselves as contributors to a research commons, under the stewardship of vetted data altruism organisations, rather than as isolated rights‑holders asked to sign yet another form. Empirical reviews show much of the literature on data altruism is critical, warning that without clear safeguards, it risks becoming “consent‑by‑another‑name,” re‑introducing familiar opacity and power asymmetries under a more benevolent label. What would it take to make data altruism more than symbolic? 2. The DA’s “exceptional need” as a poor fit for routine population research A growing critical strand argues that the DA’s business‑to‑government (B2G) chapter “fails to create rules and principles that boost the sharing of data, introducing only a few mandatory sharing rules for exceptional situations.” The concept of “exceptional need” is tied to, for example, responding to public emergencies or fulfilling a specific legal mandate of a public body, and even then subject to strict proportionality and necessity tests, with compensation and confidentiality safeguards. This sits uneasily with the everyday reality of population-based research, which needs stable, predictable, and longitudinal access to administrative data, not just ad hoc emergency feeds. You could frame this as a temporal mismatch: legislation imagines data as something summoned in crises; epidemiology and social science require infrastructures that persist between crises. Unless complemented by sector‑specific regimes (such as the EHDS) and more generous interpretations of “public interest” and “exceptional need,” the DA risks offering “empty promises” for research‑driven B2G data sharing. 3. Lawful reuse and proportionality as the real bottlenecks While both the DGA and DA introduce new mechanisms, the legality of linking administrative and population data for research still leans heavily on classical concepts from EU data protection and fundamental rights law: lawful basis for processing, compatible purpose, proportionality, and data minimisation. Recent analyses of population health information infrastructures underline that “a clear legal mandate, clarified purposes, and proportionate governance arrangements” are often more decisive than any specific technical standard when it comes to enabling linkage. You can develop this into a key insight: the future of European data research will be shaped less by glamorous notions like “data spaces” and more by how these older principles are interpreted in practice—by ethics committees, supervisory authorities, and data custodians sitting with concrete linkage proposals on their desks. 4. Data sovereignty re‑imagined: from state borders to institutional stewardship The abstract mentions “data sovereignty”; contemporary EU discourse uses this term in two quite different ways: - As “digital sovereignty,” concerned with Europe’s autonomy vis‑à‑vis foreign cloud providers and platforms, emphasising control over critical data infrastructures.- As a more micro‑level concern with the rights and expectations of data subjects and communities, especially in health and population research, where concerns about stigmatisation and group harms loom large. Linking administrative and population data forces these two registers of sovereignty together. Dual notion of sovereigntyA national health data centre that sits on cloud infrastructure, for example, must reconcile macro‑level sovereignty (keeping strategic datasets under European jurisdiction) with micro‑level sovereignty (ensuring that individuals and communities retain meaningful control over how their data are mobilised in research). Observations - “The new EU data legislation promises a single market for data and a flourishing research commons, yet its most concrete sharing obligations often remain confined to moments of ‘exceptional need,’ precisely where population-based research requires long‑term, ordinary access.” - “Data altruism can be read as a legislative experiment in moving from transactional consent to a more solidaristic, mission‑based form of authorisation—but as current critiques show, it will only make a difference if matched by robust governance and genuine public understanding.”

---
Generated by overview.legal · https://overview.legal/posts/132118 · 2026-07-18
