Data is at the centre of the digital transformation of our economy and society, and data-driven innovation can bring enormous benefits to citizens and businesses.
EU Regulation 2022/868 is the ‘Data Governance Act’ or ‘DGA’. It aims to increase trust in data sharing, make more data available for general use and make it easier to re-use public sector data for the benefit of society. Among its functions, it sets out rules for reliable, safe and secure data sharing by entities called Data Intermediation Services Providers and Data Altruism Organisations.
The DGA is applied in Ireland through S.I. 734 of 2024, the European Union (Data Governance Act) (No. 2) Regulations 2024.
The CCPC is the competent authority for the DGA. This means it registers, monitors and supervises Data Intermediation Services Providers and Data Altruism Organisations established in Ireland.
Who are data intermediation services providers?
Data is very valuable and making it more generally available should encourage innovation. However, its value also means that it should be shared in a safe and reliable way. Data intermediation services providers are a neutral third party that connect individuals and companies that hold data on one side with those who want to use that data on the other. These parties then create a commercial agreement between them and the data intermediation services provider facilitates the data sharing. Data intermediation services providers can operate on a for-profit basis.
If you operate a data intermediation service as defined in Article 2(11) of the DGA and you are established in Ireland, you must submit a notification to the CCPC before you start your service. Alternatively, if you are established outside of the EU but want to base yourself in Ireland and operate your service you must appoint a legal representative in Ireland before you submit a notification to us.
Examples of data intermediation services
You are a data intermediation services provider and required to register with the CCPC if you are a:
- Data marketplace
- orchestrator of data sharing ecosystems, for instance in the context of common European data spaces
- Service aimed at data subjects. Such data intermediation services seek to enhance the agency of data subjects, and in particular individuals’ control over data relating to them, which is stored in personal data filing systems, such as customer databases
- Data cooperative, which can seek to strengthen the position of individuals in making informed choices before consenting to data use, for example. Data cooperatives are organisations consisting of data subjects, one-person undertakings or SMEs
There are exceptions. You are not a data intermediation provider and therefore not required to register with the CCPC if you:
- Share data that is subject to copyright
- Aggregate or transform the data to add value to it and do not require a commercial relationship between the data holder and data user
- Provide exclusive services to a “closed group”, including supplier or customer relationships
- Are a data altruism organisation
Notification for data intermediation services
Data intermediation services providers in Ireland are required to notify the CCPC. Once the CCPC has reviewed and confirmed the notification is complete, your services can start.
The notification must include the following information:
- the name of the data intermediation services provider
- the data intermediation services provider’s legal status, CRO registration number or other relevant registration number, ownership structure and relevant subsidiaries
- the address of the data intermediation services provider’s main establishment in the Ireland and, where applicable, of any secondary branch in another Member State
- a public website where complete and up-to-date information on the data intermediation services provider and the activities can be found, including the name, the legal status, the address and the description of services of the data intermediation services provider
- the data intermediation services provider’s contact persons and contact details
- a description of the data intermediation service the data intermediation services provider intends to provide, and an indication of the categories listed in Article 10 under which such data intermediation service falls
- the estimated date for starting the activity, if different from the date of the notification
- If the data intermediation services provider is established outside of the EU, the name, address and contact details of the legal representative in Ireland
You can also request a Standardised Declaration of a duly and fully complete notification from the CCPC. The CCPC will provide the Standardised Declaration within one week of receipt of a completed notification. At this point the CCPC will ensure you are listed on the EU Register for data intermediation services providers.
Once you have notified the CCPC you can provide data intermediation services in all EU Member States. You must provide data intermediation services in line with the requirements under Article 12 of the DGA.
Email dataregulation@ccpc.ie for more information or to start your notification process.
Who are data altruism organisations?
Data altruism is about individuals and companies voluntarily sharing data, based on consent and with no compensation. This type of data sharing aims to serve wider society and the public interest. Data altruism organisations form part of this initiative and are not-for-profit organisations that facilitate this type of data sharing.
Data altruism organisations established in Ireland can choose to register with the CCPC and become recognised. Once on the register, they must meet the transparency and safeguarding requirements of the Data Governance Act. Recognised data altruism organisations must submit an annual activity report to the CCPC.
Registration of data altruism organisations
If you are a data altruism organisation established in Ireland registration with the CCPC is voluntary. If you are based outside of the EU and want to be registered, you must appoint a legal representative in Ireland before you submit your registration.
To be eligible to register as a recognised data altruism organisation, you must meet the requirements under Article 18 of the DGA:
- carry out data altruism activities
- be a legal person established pursuant to national law to meet the objectives of general interest as provided for in S.I. 734 of 2024, the European Union (Data Governance Act) (No. 2) Regulations 2024
- operate on a not-for-profit basis and be legally independent from any entity that operates on a for-profit basis
- carry out its data altruism activities through a structure that is functionally separate from its other activities
- comply with the rulebook referred to Article 22(1), at the latest 18 months after the date of entry into force of the delegated acts referred to in that paragraph
An application for registration must include the following information:
- the name of the entity
- the entity’s legal status, form and, where the entity is registered in a public national register, registration number
- the statutes of the entity, where appropriate
- the entity’s sources of income
- the address of the entity’s main establishment in the Union, if any, and, where applicable, any secondary branch in another Member State or that of the legal representative
- a public website where complete and up-to-date information on the entity and the activities can be found, including as a minimum the information referred to in points (a), (b), (d), (e) and (h)
- the entity’s contact persons and contact details
- the objectives of general interest it intends to promote when collecting data
- the nature of the data that the entity intends to control or process, and, in the case of personal data, an indication of the categories of personal data
- any other documents which demonstrate that the requirements of Article 18 are met.
The CCPC will evaluate a completed registration form and your compliance with Article 18 of the DGA, and list you on the CCPC public register within 12 weeks of receipt of a completed application.
Email dataregulation@ccpc.ie for more information or to start your notification process.
Register
Data intermediation services providers and recognised Data Altruism Organisations are listed on a central EU register. The CCPC also publishes a register.
Access the EU Data intermediation services providers
Access the EU Data Altruism Organisations
Use of a common logo and label
The European Commission has introduced common logos in order to help stakeholders easily identify registered entities under the DGA.
Data intermediation services providers: Following or as part of the notification process, a data intermediation services provider can request that the CCPC approve its use of the common logo designed by the EU and the label, “data intermediation services provider recognised in the Union”
Data altruism organisations: Once on the public register, a data altruism organisation can use the EU logo and the EU label “data altruism organisation recognised in the Union.” The EU issued logos and labels are a mark of trust, showing the that the entity shares data safely. To use the common logo and the label you must prove compliance with the conditions in the DGA.
Further informationis available, including a manual on how to use the logos and where to download logos.
Contact the CCPC for further information on dataregulation@ccpc.ie.
Handling of complaints
The CCPC is the body that handles complaints against data intermediaries and data altruism organisations under the Data Governance Act. If you believe there has been a breach of the DGA you can submit a complaint. The CCPC processes all complaints and advises the complainant of the decision and their rights under the DGA.
How to ensure compliance
The Data Governance Act sets out conditions for data intermediation services and data altruism organisations. These rules ensure that data sharing facilitate by these organisations remain neutral and increase trust in data sharing.
Data intermediation services providers and data altruism organisations should familiarise themselves with their obligations under the DGA
The CCPC monitors the compliance of Irish-based data intermediation services providers and recognised Data Altruism organisations.
Contact us
If you have any queries or wish to submit a complaint in relation to the DGA or believe that any of these rules has been breached, please contact us on
dataregulation@ccpc.ie
