Description
discussed previously follow detailed instruction
Unformatted Attachment Preview
EN
3.6.2022
Official Journal of the European Union
L 152/1
I
(Legislative acts)
REGULATIONS
REGULATION (EU) 2022/868 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 30 May 2022
on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
After consulting the Committee of the Regions,
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
(1)
The Treaty on the Functioning of the European Union (TFEU) provides for the establishment of an internal market
and the institution of a system ensuring that competition in the internal market is not distorted. The establishment
of common rules and practices in the Member States relating to the development of a framework for data
governance should contribute to the achievement of those objectives, while fully respecting fundamental rights. It
should also guarantee the strengthening of the open strategic autonomy of the Union while fostering international
free flow of data.
(2)
Over the last decade, digital technologies have transformed the economy and society, affecting all sectors of activity
and daily life. Data is at the centre of that transformation: data-driven innovation will bring enormous benefits to
both Union citizens and the economy, for example by improving and personalising medicine, providing new
mobility, and contributing to the communication of the Commission of 11 December 2019 on the European Green
Deal. In order to make the data-driven economy inclusive for all Union citizens, particular attention must be paid to
reducing the digital divide, boosting the participation of women in the data economy and fostering cutting-edge
European expertise in the technology sector. The data economy has to be built in a way that enables undertakings,
in particular micro, small and medium-sized enterprises (SMEs), as defined in the Annex to Commission
Recommendation 2003/361/EC (3), and start-ups to thrive, ensuring data access neutrality and data portability and
interoperability, and avoiding lock-in effects. In its communication of 19 February 2020 on a European strategy for
data (the ‘European strategy for data’), the Commission described the vision of a common European data space,
meaning an internal market for data in which data could be used irrespective of its physical storage location in the
Union in compliance with applicable law, which, inter alia, could be pivotal for the rapid development of artificial
intelligence technologies.
(1) OJ C 286, 16.7.2021, p. 38.
(2) Position of the European Parliament of 6 April 2022 (not yet published in the Official Journal) and decision of the Council of 16 May
2022.
(3) Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises
(OJ L 124, 20.5.2003, p. 36).
L 152/2
EN
Official Journal of the European Union
3.6.2022
The Commission also called for the free and safe flow of data with third countries, subject to exceptions and
restrictions for public security, public order and other legitimate public policy objectives of the Union, in line with
international obligations, including on fundamental rights. In order to turn that vision into reality, the Commission
proposed establishing domain-specific common European data spaces for data sharing and data pooling. As
proposed in the European strategy for data, such common European data spaces could cover areas such as health,
mobility, manufacturing, financial services, energy or agriculture, or a combination of such areas, for example
energy and climate, as well as thematic areas such as the European Green Deal or European data spaces for public
administration or skills. Common European data spaces should make data findable, accessible, interoperable and
re-usable (the ‘FAIR data principles’), while ensuring a high level of cybersecurity. Where there is a level playing field
in the data economy, undertakings compete on quality of services, and not on the amount of data they control. For
the purposes of the design, creation and maintenance of the level playing field in the data economy, sound
governance is needed in which relevant stakeholders of a common European data space need to participate and be
represented.
(3)
It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised
framework for data exchanges and laying down certain basic requirements for data governance, paying specific
attention to facilitating cooperation between Member States. This Regulation should aim to develop further the
borderless digital internal market and a human-centric, trustworthy and secure data society and economy. Sectorspecific Union law can develop, adapt and propose new and complementary elements, depending on the
specificities of the sector, such as the Union law envisaged on the European health data space and on access to
vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law, which
includes rules relating to the sharing of or access to data across borders or across the Union, for example
Directive 2011/24/EU of the European Parliament and of the Council (4) in the context of the European health data
space, and relevant legislative acts in the field of transport, such as Regulations (EU) 2019/1239 (5) and
(EU) 2020/1056 (6) and Directive 2010/40/EU (7) of the European Parliament and of the Council in the context of
the European mobility data space.
(4) Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in crossborder healthcare (OJ L 88, 4.4.2011, p. 45).
(5) Regulation (EU) 2019/1239 of the European Parliament and of the Council of 20 June 2019 establishing a European Maritime Single
Window environment and repealing Directive 2010/65/EU (OJ L 198, 25.7.2019, p. 64).
(6) Regulation (EU) 2020/1056 of the European Parliament and of the Council of 15 July 2020 on electronic freight transport
information (OJ L 249, 31.7.2020, p. 33).
(7) Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of
Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport (OJ L 207, 6.8.2010, p. 1).
3.6.2022
EN
Official Journal of the European Union
L 152/3
This Regulation should therefore be without prejudice to Regulations (EC) No 223/2009 (8), (EU) 2018/858 (9) and
(EU) 2018/1807 (10) as well as Directives 2000/31/EC (11), 2001/29/EC (12), 2004/48/EC (13), 2007/2/EC (14),
2010/40/EU, (EU) 2015/849 (15), (EU) 2016/943 (16), (EU) 2017/1132 (17), (EU) 2019/790 (18) and
(EU) 2019/1024 (19) of the European Parliament and of the Council and any other sector-specific Union law that
regulates access to and re-use of data. This Regulation should be without prejudice to Union and national law on
the access to and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal
offences or the execution of criminal penalties, as well as international cooperation in that context.
This Regulation should be without prejudice to the competences of the Member States with regard to their activities
concerning public security, defence and national security. The re-use of data protected for such reasons and held by
public sector bodies, including data from procurement procedures falling within the scope of Directive 2009/81/EC
of the European Parliament and of the Council (20), should not be covered by this Regulation. A horizontal regime
for the re-use of certain categories of protected data held by public sector bodies, the provision of data
intermediation services and of services based on data altruism in the Union should be established. Specific
characteristics of different sectors may require the design of sectoral data-based systems, while building on the
requirements of this Regulation. Data intermediation services providers that meet the requirements laid down in
this Regulation should be able to use the label ‘data intermediation services provider recognised in the Union’. Legal
persons that seek to support objectives of general interest by making available relevant data based on data altruism at
scale and that meet the requirements laid down in this Regulation should be able to register as and use the label ‘data
altruism organisation recognised in the Union’. Where sector-specific Union or national law requires public sector
bodies, such data intermediation services providers or such legal persons (recognised data altruism organisations) to
comply with specific additional technical, administrative or organisational requirements, including through an
authorisation or certification regime, those provisions of that sector-specific Union or national law should also
apply.
(8) Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing
Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to
statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community
Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European
Communities (OJ L 87, 31.3.2009, p. 164).
(9) Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of
motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending
Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018, p. 1).
(10) Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of
non-personal data in the European Union (OJ L 303, 28.11.2018, p. 59).
(11) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society
services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) (OJ L 178, 17.7.2000, p. 1).
(12) Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of
copyright and related rights in the information society (OJ L 167, 22.6.2001, p. 10).
(13) Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property
rights (OJ L 157, 30.4.2004, p. 45).
(14) Directive 2007/2/EC of the European Parliament and of the Council of 14 March 2007 establishing an Infrastructure for Spatial
Information in the European Community (INSPIRE) (OJ L 108, 25.4.2007, p. 1).
(15) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial
system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European
Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission
Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
(16) Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how
and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1).
(17) Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law
(OJ L 169, 30.6.2017, p. 46).
(18) Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the
Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92).
(19) Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public
sector information (OJ L 172, 26.6.2019, p. 56).
(20) Directive 2009/81/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of procedures for the
award of certain works contracts, supply contracts and service contracts by contracting authorities or entities in the fields of defence
and security, and amending Directives 2004/17/EC and 2004/18/EC (OJ L 216, 20.8.2009, p. 76).
L 152/4
EN
Official Journal of the European Union
3.6.2022
(4)
This Regulation should be without prejudice to Regulations (EU) 2016/679 (21) and (EU) 2018/1725 (22) of the
European Parliament and of the Council and to Directives 2002/58/EC (23) and (EU) 2016/680 (24) of the
European Parliament and of the Council and the corresponding provisions of national law, including where
personal and non-personal data in a data set are inextricably linked. In particular, this Regulation should not be read
as creating a new legal basis for the processing of personal data for any of the regulated activities, or as amending the
information requirements laid down in Regulation (EU) 2016/679. The implementation of this Regulation should
not prevent cross-border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679. In the event
of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in
accordance with such Union law, the relevant Union or national law on the protection of personal data should
prevail. It should be possible to consider data protection authorities to be competent authorities under this
Regulation. Where other authorities function as competent authorities under this Regulation, they should do so
without prejudice to the supervisory powers and competences of data protection authorities under Regulation
(EU) 2016/679.
(5)
Action at Union level is necessary to increase trust in data sharing by establishing appropriate mechanisms for
control by data subjects and data holders over data that relates to them, and in order to address other barriers to a
well-functioning and competitive data-driven economy. That action should be without prejudice to obligations and
commitments in the international trade agreements concluded by the Union. A Union-wide governance framework
should have the objective of building trust among individuals and undertakings in relation to data access, control,
sharing, use and re-use, in particular by establishing appropriate mechanisms for data subjects to know and
meaningfully exercise their rights, as well as with regard to the re-use of certain types of data held by the public
sector bodies, the provision of services by data intermediation services providers to data subjects, data holders and
data users, as well as the collection and processing of data made available for altruistic purposes by natural and legal
persons. In particular, more transparency regarding the purpose of data use and conditions under which data is
stored by undertakings can help increase trust.
(6)
The idea that data that has been generated or collected by public sector bodies or other entities at the expense of
public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 and
sector-specific Union law ensure that the public sector bodies make more of the data they produce easily available
for use and re-use. However, certain categories of data, such as commercially confidential data, data that are subject
to statistical confidentiality and data protected by intellectual property rights of third parties, including trade secrets
and personal data, in public databases are often not made available, not even for research or innovative activities in
the public interest, despite such availability being possible in accordance with the applicable Union law, in particular
Regulation (EU) 2016/679 and Directives 2002/58/EC and (EU) 2016/680. Due to the sensitivity of such data,
certain technical and legal procedural requirements must be met before they are made available, not least in order to
ensure the respect of rights others have over such data or to limit the negative impact on fundamental rights, the
principle of non-discrimination and data protection. The fulfilment of such requirements is usually time- and
knowledge-intensive. This has led to the insufficient use of such data. While some Member States are establishing
structures, processes or legislation to facilitate that type of re-use, this is not the case across the Union. In order to
facilitate the use of data for European research and innovation by private and public entities, clear conditions for
access to and use of such data are needed across the Union.
(21) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
(22) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons
with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of
such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(23) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and
the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201,
31.7.2002, p. 37).
(24) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or
prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing
Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).
3.6.2022
EN
Official Journal of the European Union
L 152/5
(7)
There are techniques enabling analyses on databases that contain personal data, such as anonymisation, differential
privacy, generalisation, suppression and randomisation, the use of synthetic data or similar methods and other
state-of-the-art privacy-preserving methods that could contribute to a more privacy-friendly processing of data.
Member States should provide support to public sector bodies to make optimal use of such techniques, thus making
as much data as possible available for sharing. The application of such techniques, together with comprehensive data
protection impact assessments and other safeguards, can contribute to more safety in the use and re-use of personal
data and should ensure the safe re-use of commercially confidential business data for research, innovation and
statistical purposes. In many cases the application of such techniques, impact assessments and other safeguards
implies that data can be used and re-used only in a secure processing environment that is provided or controlled by
the public sector body. There is experience at Union level with such secure processing environments that are used for
research on statistical microdata on the basis of Commission Regulation (EU) No 557/2013 (25). In general, insofar as
personal data are concerned, the processing of personal data should be based upon one or more of the legal bases for
processing provided in Articles 6 and 9 of Regulation (EU) 2016/679.
(8)
In accordance with Regulation (EU) 2016/679, the principles of data protection should not apply to anonymous
information, namely information which does not relate to an identified or identifiable natural person, or to
personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.
Re-identification of data subjects from anonymised datasets should be prohibited. This should not prejudice the
possibility to conduct research into anonymisation techniques, in particular for the purpose of ensuring
information security, improving existing anonymisation techniques and contributing to the overall robustness of
anonymisation, undertaken in accordance with Regulation (EU) 2016/679.
(9)
In order to facilitate the protection of personal data and confidential data and to speed up the process of making
such data available for re-use under this Regulation, Member States should encourage public sector bodies to create
and make available data in accordance with the principle of ‘open by design and by default’ referred to in Article
5(2) of Directive (EU) 2019/1024 and to promote the creation and the procurement of data in formats and
structures that facilitate anonymisation in that regard.
(10)
The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall
outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and
statistical confidentiality and data that is included in works or other subject matter over which third parties have
intellectual property rights. Commercially confidential data includes data protected by trade secrets, protected
know-how and any other information the undue disclosure of which would have an impact on the market position
or financial health of the undertaking. This Regulation should apply to personal data that fall outside the scope of
Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data
protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The
re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/943,
which sets out the framework for the lawful acquisition, use or disclosure of trade secrets.
(11)
This Regulation should not create an obligation to allow the re-use of data held by public sector bodies. In particular,
each Member State should therefore be able to decide whether data is made accessible for re-use, also in terms of the
purposes and scope of such access. This Regulation should complement and be without prejudice to more specific
obligations on public sector bodies to allow re-use of data laid down in sector-specific Union or national law. Public
access to official documents may be considered to be in the public interest. Taking into account the role of public
access to official documents and transparency in a democratic society, this Regulation should also be without
prejudice to Union or national law on granting access to and disclosing official documents. Access to official
documents may in particular be granted in accordance with national law without imposing specific conditions or
by imposing specific conditions that are not provided by this Regulation.
(25) Commission Regulation (EU) No 557/2013 of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European Parliament
and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission
Regulation (EC) No 831/2002 (OJ L 164, 18.6.2013, p. 16).
L 152/6
(12)
EN
Official Journal of the European Union
3.6.2022
The re-use regime provided for in this Regulation should apply to data the supply of which forms part of the public
tasks of the public sector bodies concerned under law or other binding rules in the Member States. In the absence of
such rules, the public tasks should be defined in accordance with common administrative practice in the
Member States, provided that the scope of the public tasks is transparent and subject to review. The public tasks
could be defined generally or on a case-by-case basis for individual public sector bodies. As public undertakings are
not covered by the definition of public sector body, the data held by public undertakings should not be covered by
this Regulation. Data held by cultural establishments, such as libraries, archives and museums as well as orchestras,
operas, ballets and theatres, and by educational establishments should not be covered by this Regulation since the
works and other documents they hold are predominantly covered by third party intellectual property rights.
Research-performing organisations and research-funding organisations could also be organised as public sector
bodies or bodies governed by public law.
This Regulation should apply to such hybrid organisations only in their capacity as research-performing
organisations. If a research-performing organisation holds data as a part of a specific public-private association with
private sector organisations or other public sector bodies, bodies governed by public law or hybrid researchperforming organisations, i.e. organised as either public sector bodies or public undertakings, with the main
purpose of pursuing research, those data should also not be covered by this Regulation. Where relevant,
Member States should be able to apply this Regulation to public undertakings or private undertakings that exercise
public sector duties or provide services of general interest. The exchange of data, purely in pursuit of their public
tasks, among public sector bodies in the Union or between public sector bodies in the Union and public sector
bodies in third countries or international organisations, as well as the exchange of data between researchers for
non-commercial scientific research purposes, should not be subject to the provisions of this Regulation concerning
the re-use of certain categories of protected data held by public sector bodies.
(13)
Public sector bodies should comply with competition law when establishing the principles for re-use of data they
hold, avoiding the conclusion of agreements which might have as their objective or effect the creation of exclusive
rights for the re-use of certain data. Such agreements should be possible only where justified and necessary for the
provision of a service or the supply of a product in the general interest. This may be the case where the exclusive
use of the data is the only way to maximise the societal benefits of the data in question, for example where there is
only one entity (which has specialised in the processing of a specific dataset) capable of providing the service or
supplying the product which allows the public sector body to provide a service or supply a product in the general
interest. Such arrangements should, however, be concluded in accordance with applicable Union or national law
and be subject to regular review based on a market analysis in order to ascertain whether such exclusivity continues
to be necessary. In addition, such arrangements should comply with the relevant State aid rules, as appropriate, and
should be concluded for a limited duration which should not exceed 12 months. In order to ensure transparency,
such exclusive agreements should be published online, in a form that complies with relevant Union law on public
procurement. Where an exclusive right to re-use data does not comply with this Regulation, that exclusive right
should be invalid.
(14)
Prohibited exclusive agreements and other practices or arrangements pertaining to the re-use of data held by public
sector bodies which do not expressly grant exclusive rights but which can reasonably be expected to restrict the
availability of data for re-use that have been concluded or were already in place before the date of entry into force of
this Regulation should not be renewed after the expiry of their term. In the case of indefinite or longer-term
agreements, they should be terminated within 30 months of the date of entry into force of this Regulation.
(15)
This Regulation should lay down conditions for re-use of protected data that apply to public sector bodies designated
as competent under national law to grant or refuse access for re-use, and which are without prejudice to rights or
obligations concerning access to such data. Those conditions should be non-discriminatory, transparent,
proportionate and objectively justified, while not restricting competition, with a specific focus on promoting access
to such data by SMEs and start-ups. The conditions for re-use should be designed in a manner promoting scientific
research so that, for example, privileging scientific research should, as a rule, be considered to be nondiscriminatory. Public sector bodies allowing re-use should have in place the technical means necessary to ensure
the protection of rights and interests of third parties and should be empowered to request the necessary
information from the re-user. Conditions attached to the re-use of data should be limited to what is necessary to
preserve the rights and interests of third parties in the data and the integrity of the information technology and
communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve
the interests of the re-user without leading to a disproportionate burden on the public sector bodies. Conditions
3.6.2022
EN
Official Journal of the European Union
L 152/7
attached to the re-use of data should be designed to ensure effective safeguards with regard to the protection of
personal data. Before transmission, personal data should be anonymised, in order not to allow the identification of
the data subjects, and data containing commercially confidential information should be modified in such a way that
no confidential information is disclosed. Where the provision of anonymised or modified data would not respond to
the needs of the re-user, subject to fulfilling any requirements to carry out a data protection impact assessment and
consult the supervisory authority pursuant to Articles 35 and 36 of Regulation (EU) 2016/679 and where the risks
to the rights and interests of data subjects have been found to be minimal, on-premise or remote re-use of the data
within a secure processing environment could be allowed.
This could be a suitable arrangement for the re-use of pseudonymised data. Data analyses in such secure processing
environments should be supervised by the public sector body, so as to protect the rights and interests of third parties.
In particular, personal data should be transmitted to a third party for re-use only where a legal basis under data
protection law allows such transmission. Non-personal data should be transmitted only where there is no reason to
believe that the combination of non-personal data sets would lead to the identification of data subjects. This should
also apply to pseudonymised data which retain their status as personal data. In the event of the reidentification of
data subjects, an obligation to notify such a data breach to the public sector body should apply in addition to an
obligation to notify such a data breach to a supervisory authority and to the data subject in accordance with
Regulation (EU) 2016/679. Where relevant, the public sector bodies should facilitate the re-use of data on the basis
of the consent of data subjects or the permission of data holders on the re-use of data pertaining to them through
adequate technical means. In that respect, the public sector body should make best efforts to provide assistance to
potential re-users in seeking such consent or permission by establishing technical mechanisms that permit
transmitting requests for consent or permission from re-users, where practically feasible. No contact information
should be given that allows re-users to contact data subjects or data holders directly. Where the public sector body
transmits a request for consent or permission, it should ensure that the data subject or data holder is clearly
informed of the possibility to refuse consent or permission.
(16)
In order to facilitate and encourage the use of data held by public sector bodies for the purposes of scientific
research, public sector bodies are encouraged to develop a harmonised approach and harmonised processes to
make that data easily accessible for the purposes of scientific research in the public interest. That could mean, inter
alia, c
