ENISA: Report "Engineering Personal Data Protection in EU Data Spaces" published.

The implementation of the European Data Strategy and the construction of the EU Spaces of Free Movement envisaged by Regulation 2022/868 (Data Governance Act, applicable since last September), a true single market for data, open to data from all over the world, continues. The DGA regulates - as a fundamental prerequisite for the implementation of its three pillars (re-use of data held by public entities, data brokering services and data altruism) - the so-called 'secure processing environment'.

A few days ago, the European Union Agency for Cyber Security (ENISA) published the report 'Engineering Personal Data Protection in EU Data Spaces', which adds the crucial piece of design principles related to the protection of personal data in European data spaces. In particular, the report emphasises that data protection engineering is not just a compliance tool, but enables, among other things, the strengthening of data protection principles, the effectiveness of data subjects' rights, the minimisation of risks of misuse of information during data sharing and the reduction of the risk of data breaches. Of great practical value are the recommendations and guidelines on important aspects, such as those on the contractual framework of data sharing practices; on transparency in information sharing between data owners and data users; and on the proper identification of responsibilities and obligations.