Data Governance Act and Italian adaptation law

Legislative Decree No. 144 of 2024, published on October 10, 2024 and entering into force on October 25, 2024, adapts Italian legislation to the provisions of Regulation (EU) 2022/868, known as the Data Governance Act (DGA).

The DGA Regulation aims to improve the conditions for data sharing in the EU by creating a harmonised framework for the exchange and governance of data; it regulates the conditions for the re-use of certain categories of data held by public bodies.

The regulation delegates to the Member States:

  • the designation of one or more bodies competent for the application of certain of its provisions
    • the national authority competent for data intermediation services and for the registration of data altruism organisations 
    • the bodies competent for specific sectors assisting public bodies granting or refusing access to the categories of data identified in Article 3 DGA
  • the identification and determination of fines for the violation of certain requirements (Articles 7, 13 and 23, DGA).

For more on the DGA, see the bulletins of November 11, 2021 and June 23, 2022.

Main aspects of the decree

The main aspects of the decree are as follows:

1. Designation of the Competent Authority: The Agenzia per l’Italia Digitale (AgID) has been designated as the competent authority for the implementation of the DGA in Italy. This includes

  • the management of notifications for data intermediation services and
  • the registration of organisations for data altruism.

2. Transparency and Non-Discrimination: Public sector bodies must ensure that the re-use of data takes place in a transparent and non-discriminatory way. This means that the conditions for re-use must be public and accessible to all.

3. Notification and Registration: Organisations offering data intermediation services must

  • notify their activities to AgID and
  • register with it.

4. Facilitating Data Altruism: AgID is responsible for registering organisations dedicated to data altruism, thus promoting the voluntary and non-profit sharing of data for purposes of general interest, such as scientific research and healthcare.

5. Sanctioning discipline: The decree introduces a specific sanctioning discipline for violations of data transfer obligations. Fines may range from a minimum of EUR 10,000 up to a maximum of EUR 100,000, or up to 6 % of the total annual worldwide turnover of the previous year for companies.

Condividi

Post Recenti

EDPB: Data processing supply chain – 3

The Foodinho case

A verbal communication can be a “processing”