European Union Agency for Cybersecurity (ENISA) – Engineering Personal Data Protection in EU Data Spaces

March 1, 2024

The recent EU legislative initiatives promoting data sharing are sectoral and cross-sectoral instruments that aim to make data available by regulating the reuse of publicly and privately held data, including personal data. They also facilitate data sharing by creating of novel intermediaries and sharing environments where the parties involved can pool data and facilities in a trusted and secure way.


Common European data spaces (EU data spaces) are a novel concept introduced in the European strategy for data and elaborated further within the Data Governance Act (DGA). It is envisioned that they will facilitate innovation, economic growth and digital transformation and revolve around creating a framework for data sharing that respects privacy, security and other applicable regulatory considerations while promoting cross-sector collaboration and interoperability.


The European Union Agency for Cybersecurity (ENISA) released a report which attempts to contextualise the main design principles regarding protection of personal data and demonstrate how to engineer personal data protection through two use cases of an envisioned EU data space in the pharmaceutical domain.


Find the report here.