The regulatory environment for data

Global Publication February 2021


The EU Commission has for some time now been pursuing a Digital Single Market (DSM) strategy. This is a multi-faceted regulatory agenda announced in May 2015 to promote online security and commerce. The measures include new and proposed legislation and other measures relating to cybersecurity, geo-blocking, online platforms, the collaborative economy, and standard setting, with a strong consumer protection focus.


The three Digital Single Market pillars

Its three pillars are:

  • Better access for consumers and businesses to digital goods and services across Europe.
  • Creating the right conditions and a level playing field for digital networks and innovative services to flourish.
  • Maximizing the growth potential of the digital economy.


More specific measures and initiatives have been proposed and implemented in support of the three pillars, including the following (discussed below):

  • Ensuring free-flow of data within the EU.
  • Increasing availability of data for re-use.
  • Ensuring a fair and competitive digital economy.

In February 2020, the EU Commission followed this up by publishing a European Data Strategy aimed at establishing a successful and sustainable digital economy. To support the development of this initiative, the Commission has proposed the following legislative measures in order to facilitate and encourage data access, sharing and re-use:

  • Legislative framework for the governance of common European data spaces: Designed to facilitate access and use of data, both at sector- or domain-specific level from a cross-sector, cross-border basis, and specifying which data can be used, how and by whom for scientific research purposes in a manner compliant with the General Data Protection Regulation (GDPR). It will prioritize interoperability and standardization to enabling dataset sharing.
  • New Data Act: Revising the IPR framework (such as addressing issues related to usage rights for co-generated data to encourage data sharing), and ensuring that laws on database rights and trade secrets are fit for the digital economy.
  • Update to the Horizontal Co-operation Guidelines: Providing clarity on the application of competition / antitrust law with regard to data sharing and pooling.

The European Commission also intends to:

  • Promote the development of common European data spaces in strategic economic sectors and domains of public interest.
  • Under the Open Data Directive, make a wider range of public sector information available, including high-value data sets.


Do other jurisdictions have similar initiatives?


  • Canada does not have a nation-wide regulatory regime governing industrial non-personal data.
  • Such data is regulated by an array of provincial and territorial legislation, which reflect some themes of EU regulations.


  • China’s data legal regime has been developed rapidly. Before the issuance of the PRC Cybersecurity Law in November 2017, high level regulatory requirements concerning data privacy and data protection were set out in various laws, regulations and rules.
  • As the data regime in China is evolving, a number of regulations and rules have been issued or are being drafted to provide a higher level of clarity and more guidance on data-related matters.
  • Industry specifications issued by the relevant regulators play an important role in filling in the gaps and provide important guidance as to the implementation and enforcement of the statutory requirements.
  • In addition, national security and public interest are a top priority for China’s digital economy. Free-flow of data is protected and facilitated only if such activity will not put China’s national security or the public interest at risk.
  • The draft Data Security Law was released for public comment on July 3, 2020. This law aims to regulate and protect industrial and non-personal data activities and is expected to be formalized eventually.


  • Singapore launched the Smart Nation initiative in November 2014 to “harness the power of networks, data and infocomm technologies to improve living, create economic opportunity and build a closer community.”
  • The Smart Nation initiative comprises three pillars: Digital Government, Digital Economy, and Digital Society. To support development, open data is made available on government portals such as (which is a free and open data portal where anyone can access datasets on topics ranging from education, environment and health to transport). By releasing data, the Singaporean government aims to unlock economic value, enable quality research and deepen public participation and engagement.
  • The Public Sector (Governance) Act 2018 provides a framework for when data sharing is permitted across government agencies. Public servants' data access rights are based on security clearance and authorisation. The Act also criminalizes the sharing of personal data without authorization and the use of data for self-benefit, or for the re-identification of anonymized data without authorization.