Data constitutes a strategic asset for the EU internal market, since it carries information that can be exploited by a plurality of actors to generate economic, political, and competitive advantages. Datasets may be processed and analyzed in order to extract insights relevant for decision-making, business operations, public policy, and scientific research. In this sense, control over data and over the conditions of its access and reuse may translate into asymmetries of power between market participants and other stakeholders.
The notion of “Data Spaces” refers to a socio-technical and legal construct articulated around three interrelated dimensions, namely policy, legal, and technical components. Data spaces may be understood as governance frameworks intended to structure the lawful and technically feasible sharing of data for specified purposes. Within this broad category, distinctions are commonly drawn between industrial data spaces, individual data spaces, and EU-promoted data spaces, each of which pursues distinct objectives and is embedded in different regulatory and institutional configurations.
The term “Common European Data Spaces” (CEDS) designates a policy and legal framework developed by the EU in the context of the European strategy for data, with a view to facilitating the reuse of sectoral data across both public and private sectors. This framework comprises a set of regulatory instruments and policy initiatives aimed at enabling data sharing while, at least in principle, ensuring compliance with existing legal constraints.
By way of illustration, the European Health Data Space seeks to establish a harmonized framework for the access to, use of, and exchange of electronic health data across the EU. It aims to strengthen individuals’ access to and control over their personal data, while simultaneously enabling the secondary use of certain categories of data for purposes of public interest, policy-making, and scientific research.
At the same time, CEDS are being developed within a complex and evolving framework of EU and national legal regimes, characterized by the recent adoption of multiple legislative instruments. This regulatory environment raises uncertainties as to the extent to which these initiatives will, in practice, be capable of ensuring smooth and effective data sharing and reuse, in particular where such data are subject to trade secret protection, data protection rules, or other sector-specific legal constraints.
The processing and analysis of substantial volumes of data necessitates reliance on large-scale data centers, high-performance computing infrastructure, assets that remain predominantly under the control of non-European undertakings. This dependency is compounded by significant resource consumption, especially in terms of electricity and water, and the lack of primary resources. An additional issue is represented by the absence of companies specialized in microchip technology.
Against this background, EU policy has been oriented towards mitigating structural dependencies on foreign actors, who have historically maintained a de facto monopoly over data by virtue of their superior infrastructural capabilities.
The emergence of new AI models — especially large language models (LLMs) — has rendered the question of data ownership increasingly pressing. The constitution of large datasets, alongside the requisite technical infrastructure, has accordingly been a longstanding policy priority for the EU, to which considerable resources have been allocated.
Notwithstanding the substantial investment channeled into the development of Data Spaces, a number of significant issues remain unresolved, such as:
- How should the concept of “Data Spaces” be understood from a legal and governance perspective, and what differentiates the various types of data spaces?
- What legal issues arise from the intersection between the Data Spaces and existing regulations, such as GDPR ad the AI Act?
- What legal, technical, and institutional obstacles arise in the implementation of CEDS?
- What risks and benefits do these initiatives entail for citizens and other stakeholders?
- What further regulatory, technical, or governance measures may be necessary to facilitate their effective and socially beneficial implementation?
To analyze this issues and others, we seek to create a special issue in an academic journal, containing between five and twenty full-length articles. The targeted journals, among others, are:
- BioLaw Journal
- Computer Law & Security review (Elsevier)
- Data & Policy
- European Data Protection Law Review
- European Journal of Privacy Law and Technology
- International Data Privacy Law
- Journal of Law, Market and Innovation
- Yearbook of Antitrust and Regulatory Studies
Interested authors should send an abstract of max. 250 words and a short bio to c.gallese (at) tilburguniversity.edu