Rethinking the Institutional Framework for the EU Data Regulations: Towards an Enhanced Administrative Integration

Regulating data has emerged as a strategic priority for the European Union over the past decade, with the General Data Protection Regulation (GDPR) forming the cornerstone of its legal framework. Building on this foundation, the 2020 European Data Strategy has initiated a broad legislative agenda, resulting in key instruments such as the Data Governance Act, the Data Act, and the European Health Data Space Regulation. While these measures aim to facilitate data sharing across the EU through uniform rules, they adopt a decentralised governance model largely inspired by the GDPR, whose provisions continue to apply whenever personal data are processed. Against this background, the central objective of this paper is to assess whether the governance model underpinning the data regulations is adequate to ensure their effective implementation. To this end, the paper critically evaluates how these instruments imitate and incorporate features of the GDPR, while also identifying key institutional differences. By conceptualising this relationship as one of selective ‘mimesis’ and integration, the paper highlights governance weaknesses stemming from these institutional choices. Drawing on lessons from the implementation of the GDPR, it anticipates similar – if not worse – problems under the new framework. To mitigate these risks, the paper puts forward a dual-track reform: (i) the establishment of a European Data Agency to ensure coherent implementation; and (ii) procedural reforms to enhance cross-sector collaboration and address persisting shortcomings in the GDPR’s governance model.