46 Amendments of Paolo BORCHIA related to 2020/0340(COD)
Amendment 124 #
Proposal for a regulation
Recital 3
Recital 3
(3) It is necessary to improve the conditions for data sharing in the European internal market, by creating a harmonised framework for data exchanges and by giving specific attention to data intermediaries and data holder in order to create a fruitful cooperation among them. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Directive 2004/48/EC of the European Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the European Parliament and of the Council (37 ), Directive 2010/40/EU of the European Parliament and of the Council (38 ) and Delegated Regulations adopted on its basis, and any other sector-specific Union legislation that organises the access to and re-use of data. This Regulation should be without prejudice to the access and use of data for the purpose of international cooperation in the context of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. A horizontal regime for the re-use of certain categories of protected data held by public sector bodies, the provision of data sharing services and of services based on data altruism in the Union should be established. Specific characteristics of different sectors may require the design of sectoral data-based systems, while building on the requirements of this Regulation. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing servicdata intermediaries or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector- specific Union legal act should also apply. _________________ 25 See: Annexes to the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 final). 26For example, Directive 2011/24/EU in the context of the European Health Data Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2020/1056, in the context of the European Mobility Data Space. 27Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. 59) 31Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities. (OJ L 87, 31.03.2009, p. 164) 32Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) 33Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. (OJ L 167, 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). 36Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 38 Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. (OJ L 207, 6.8.2010, p. 1)
Amendment 131 #
Proposal for a regulation
Recital 4
Recital 4
(4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to create a Union-wide governance framework for data access and use, in particular regarding the re-use of certainspecific types of data held by the public sector, the rules governing the provision of services by data sharing providerintermediaries to business users and to data subjects, as well as the collection and, processing and regulation of data made available for altruistic purposes by natural and legal persons.
Amendment 136 #
Proposal for a regulation
Recital 5 a (new)
Recital 5 a (new)
(5 a) Particular attention must be given to micro and small and medium enterprises whose access to data is limited. Structures adopted by Member States must focus on overcoming barriers to access as well as use of data.
Amendment 141 #
Proposal for a regulation
Recital 6
Recital 6
(6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal anonymous data and commercially confidential business data foronly for specific cases such as research, innovation and statistical purposes. In many cases this implies that the data use and re-use in this context can only be done in a secure processing environment set in place and supervised by the public sector. There is experience at Union level with such secure processing environments that are used for research on statistical microdata on the basis of Commission Regulation (EU) 557/2013 (39 ). In general, insofar as personal data are concerned, the processing of personal data should rely upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679. _________________ 39Commission Regulation (EU) 557/2013 of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European Parliament and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission Regulation (EC) No 831/2002 (OJ L 164, 18.6.2013, p. 16).
Amendment 143 #
Proposal for a regulation
Recital 7
Recital 7
(7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Commercially confidential data includes data protected by trade secrets, highly- sensitive data, confidentiality obligations and agreements and any other unauthorised information that could harm commercial interest of the business. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, shouldmust take place without prejudice to Directive (EU) 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. _________________ 40 OJ L 157, 15.6.2016, p. 1–18
Amendment 146 #
Proposal for a regulation
Recital 9
Recital 9
(9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. This may be the case when exclusive use of the data is the only way to maximise the societal benefits of the data in question, for example where there is only one entity (which has specialised in the processing of a specific dataset) capable of delivering the service or the product which allows the public sector body to provide an advanced digital service in the general interest. Such arrangements should, however, be concluded in compliance with public procurement rules and be subject to regular review based on a market analysis in order to ascertain whether such exclusivity continues to be necessary. In addition, such arrangements should comply with the relevant State aid rules, as appropriate, and should be concluded for a limited period, which should not exceed threewo years. In order to ensure transparency, such exclusive agreements should be published online, regardless of a possible publication of an award of a public procurement contract.
Amendment 164 #
Proposal for a regulation
Recital 16
Recital 16
(16) In cases where there is no implementing act adopted by the Commission in relation to a third country declaring that it provides a level of protection, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, which is essentially equivalent to that provided by Union or national law, the public sector body should only transmit protected data to a re-user, if the re-user undertakes obligations in the interest of the protection of the data. The re-user that intends to transfer the data to such third country should commit to comply with the obligations laid out in this Regulation even after the data has been transferred to the third country. To ensure the proper enforcement of such obligations, the re-user should also accept the jurisdiction of the Member State of the public sector body that allowed the re-use for the judicial settlement of disputesnot transmit protected data to a re-user.
Amendment 170 #
Proposal for a regulation
Recital 17
Recital 17
(17) Some third countries adopt laws, regulations and other legal acts which aim at directly transferring or providing access to non-personal data in the Union under the control of natural and legal persons under the jurisdiction of the Member States. Judgments of courts or tribunals or decisions of administrative authorities in third countries requiring such transfer or access to non-personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. In some cases, situations may arise where the obligation to transfer or provide access to non-personal data arising from a third country law conflicts with a competing obligation to protect such data under Union or national law, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law. In the absence of international agreements regulating such matters, transfer or access should only be allowed under certain conditions, in particular that the third-country system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and the reasoned objection of the addressee is subject to a review by a competent court in the third country, which is empowered to take duly into account the relevant legal interests of the provider of such data.
Amendment 173 #
Proposal for a regulation
Recital 18
Recital 18
(18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisations should take all reasonable and legal measures to prevent access to the systems where non-personal data is stored, including encryption of data or corporate policies.
Amendment 179 #
Proposal for a regulation
Recital 19
Recital 19
(19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environmental and agricultural practices, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Amendment 187 #
Proposal for a regulation
Recital 21
Recital 21
(21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies, also creating and implementing training courses, sensitising in order to share the final aim to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including secure data processing environments, which allow data analysis in a manner that preserves the privacy of the information. Such support structure could support the data holders with management of the consent, including consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data processing should be performed under the responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors promoting and enhancing the synergies between them in order to create a data driven environment.
Amendment 192 #
Proposal for a regulation
Recital 22
Recital 22
(22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries should be controlled and authorised only by public bodies within the Member States. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharing services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data holders and data users, excluding data sharing services that are meant to be used by a closed group of data holders and users. Providers of cloud services should be excluded, as well as service providers that obtain data from data holders, aggregate, enrich or transform the data and licence the use of the resulting data to data users, without establishing a direct relationship between data holders and data users, for example advertisement or data brokers, data consultancies, providers of data products resulting from value added to the data by the service provider. At the same time, data sharing service providers should be allowed to make adaptations to the data exchanged, to the extent that this improves the usability of the data by the data user, where the data user desires this, or improve the interoperability of digital platforms, such as to convert it into specific formats. In addition, services that focus on the intermediation of content, in particular on copyright-protected content, should not be covered by this Regulation. Data exchange platforms that are exclusively used by one data holder in order to enable the use of data they hold as well as platforms developed in the context of objects and devices connected to the Internet-of-Things that have as their main objective to ensure functionalities of the connected object or device and allow value added services, should not be covered by this Regulation. ‘Consolidated tape providers’ in the sense of Article 4 (1) point 53 of Directive 2014/65/EU of the European Parliament and of the Council42 as well as ‘account information service providers’ in the sense of Article 4 point 19 of Directive (EU) 2015/2366 of the European Parliament and of the Council43 should not be considered as data sharing service providers for the purposes of this Regulation. Entities which restrict their activities to facilitating use of data made available on the basis of data altruism and that operate on a not-for-profit basis should not be covered by Chapter III of this Regulation, as this activity serves objectives of general interest by increasing the volume of data available for such purposes. _________________ 42Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L 173/349. 43Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.
Amendment 202 #
Proposal for a regulation
Recital 24
Recital 24
(24) Data cooperatives seek to strengthen the position of individuals in making informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it is important to acknowledge that the rights under Regulation (EU) 2016/679 can only be exercised by each individual and cannot be conferred or delegated to a data cooperative. Data cooperatives could also provide a useful means for one-person companies, micro, small and medium-sized enterprises, especially in the agrifood sector, that in terms of knowledge of data sharing, are often comparable to individuals.
Amendment 219 #
Proposal for a regulation
Recital 27
Recital 27
(27) In order to ensure the compliance of the providers of data sharing servicintermediaries with the conditions set out in this Regulation, such providers should have a place of establishment in the Union. Alternatively, where a provider of data sharing services not established in the Union offers services within the Union, it should designate a representative. Designation of a representative is necessary, given that such providers of data sharing services handle personal data as well as commercially confidential data, which necessitates the close monitoring of the compliance of such service providers with the conditions laid out in this Regulation. In order to determine whether such a provider of data sharing services is offering services within the Union, it should be ascertained whether it is apparent that the provider of data sharing services is planning to offer services to persons in one or more Member States. The mere accessibility in the Union of the website or of an email address and of other contact details of the provider of data sharing services, or the use of a language generally used in the third country where the provider of data sharing services is established, should be considered insufficient to ascertain such an intention. However, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering services in that other language, or the mentioning of users who are in the Union, may make it apparent that the provider of data sharing services is planning to offer services within the Union. The representative should act on behalf of the provider of data sharing services and it should be possible for competent authorities to contact the representative. The representative should be designated by a written mandate of the provider of data sharing services to act on the latter's behalf with regard to the latter's obligations under this Regulation.
Amendment 224 #
Proposal for a regulation
Recital 29 a (new)
Recital 29 a (new)
(29 a) In that regard, it is of particular importance to create a data economic environment that enables equal access to data to both SMEs and big companies. This Regulation should avoid monopolistic implementations and structures that could disadvantage micro companies and SMEs.
Amendment 225 #
Proposal for a regulation
Recital 29 b (new)
Recital 29 b (new)
(29 b) Competitively sensitive information should also take into account the possibility of issuing fake data to destabilise the market, which could be due to third parties having an interest in these unfair competition practices. For this purpose, processes to verify the authenticity of the data must be activated.
Amendment 260 #
Proposal for a regulation
Recital 41
Recital 41
(41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of standards and specifications (such as the Core Vocabularies44 and the CEF Building Blocks45 ), without prejudice to standardisation work taking place in specific sectors or domains. Work on technical standardisation may include the identification of priorities for the development of standards and establishing and maintaining a set of technical and legal standards for transmitting data between two processing environments that allows data spaces to be organised without making recourse to an intermediary. The Board should cooperate with sectoral bodies, networks or expert groups, or other cross- sectoral organisations dealing with re-use of data. Regarding data altruism, the Board should assist the Commission in the development of the data altruism consent form, in consultation with the European Data Protection Board. Moreover, it should assist the Commission in defining policies and strategies with the aim of avoiding any cases of data manipulation and the creation of "false data", which could cause serious damage to various sectors. _________________ 44 https://joinup.ec.europa.eu/collection/sema ntic-interoperability-community- semic/core-vocabularies 45 https://joinup.ec.europa.eu/collection/conn ecting-europe-facility-cef
Amendment 265 #
Proposal for a regulation
Recital 41 a (new)
Recital 41 a (new)
(41 a) With reference to 'false data', the Board could evaluate the possibility of creating a "data passport" containing certified or certifiable data, in order to exclude any attempt to falsify the data.
Amendment 271 #
Proposal for a regulation
Recital 44 a (new)
Recital 44 a (new)
(44 a) This Regulation shall be enacted in full coherence and consistency with other existing EU legislation, such as the General Data Protection Regulation, as well as ongoing proposals which contain provision on data processing, such as the Digital Service Act (DSA), the Digital Market Act (DMA) or the e-Privacy Regulation.
Amendment 287 #
Proposal for a regulation
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
(2 a) This Regulation should not affect the level of protection of individual with regard to the processing of personal data under the provisions of Union and national law and does not alter any obligations and rights set out in the data protection legislation.
Amendment 290 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital and non- digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording;
Amendment 292 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1 a) 'highly sensitive data' means data protected by IP, trade secret, and non- personal data whose disclosure to third country authorities may pose threats to national and public security;
Amendment 300 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3 a (new)
Article 2 – paragraph 1 – point 3 a (new)
(3 a) ‘consent’ of the data subject means any freely given, specific, informed, clear and unambiguous indication of the data subject's wishes by which data holders, by a legal statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them;
Amendment 301 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3 b (new)
Article 2 – paragraph 1 – point 3 b (new)
(3 b) 'data subject' means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Amendment 313 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘data sharing’ means the provision by a data holder of data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary; and operationalised through data exchange between the parties engaged.
Amendment 318 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7 a (new)
Article 2 – paragraph 1 – point 7 a (new)
(7 a) ‘data exchange’ means and encompasses all the activities performed by the data holder, the data user and the data sharing service provider, for the purpose of exchanging data, under open data or commercial licenses, for free or against remuneration.
Amendment 321 #
Proposal for a regulation
Article 2 – paragraph 1 – point 8 a (new)
Article 2 – paragraph 1 – point 8 a (new)
(8 a) ‘processing’ means any operation or set of operations which is performed on data or on sets of data in electronic format, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Amendment 338 #
Proposal for a regulation
Article 2 – paragraph 1 – point 15 a (new)
Article 2 – paragraph 1 – point 15 a (new)
(15 a) 'data sovereignty' means a form of management of the cyber space that provides for the possession by the Member State of the networks and data transmitted through them.
Amendment 356 #
Proposal for a regulation
Article 4 – paragraph 5
Article 4 – paragraph 5
(5) The period of exclusivity of the right to re-use data shall not exceed three yearswo years, subject to approval by the competent body referred to in Article 7(1). Where a contract is concluded, the duration of the contract awarded shall be as aligned with the period of exclusivity.
Amendment 384 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
(5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third partieird parties' IP rights, trade secrets or commercially sensitive information. Re-users may challenge such decisions and request additional verifications.
Amendment 388 #
Proposal for a regulation
Article 5 – paragraph 5 a (new)
Article 5 – paragraph 5 a (new)
(5 a) A public sector body shall only make commercially confidential data available for re-use if it is able to do so in a manner which protects the legitimate commercial interests of third parties in the commercially confidential data.
Amendment 433 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
(1) Member States shall designate one or more competent bodies, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task and in verifying the characteristics of portability and interoperability of data.
Amendment 453 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
Article 8 – paragraph 2 a (new)
Amendment 509 #
Proposal for a regulation
Article 11 – paragraph 1 – point 4 a (new)
Article 11 – paragraph 1 – point 4 a (new)
(4 a) the data intermediary may offer additional specific services to data holders facilitating the exchange of the data, such as aggregation, curation, pseudonymisation and anonymisation; with the aim of improving the quality or conversion of data to data holders or data users, or other related services, and those tools shall be used only at the explicit request or approval of the data holder in the framework of business-to-business agreements;
Amendment 538 #
Proposal for a regulation
Article 13 – paragraph 3
Article 13 – paragraph 3
(3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10 or 11, it shall notify that provider of those findings and give it the opportunity to state its views, within a reasonable time limitmaximum of six months.
Amendment 541 #
Proposal for a regulation
Article 13 – paragraph 4 – introductory part
Article 13 – paragraph 4 – introductory part
(4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3 either immediately or within a reasonable time limitmaximum of six months and shall take appropriate and proportionate measures aimed at ensuring compliance. In this regard, the competent authorities shall be able, where appropriate:
Amendment 586 #
Proposal for a regulation
Article 17 – paragraph 3
Article 17 – paragraph 3
(3) An entity that is not established in the Union, but meets the requirements in Article 16, shall appoint a legal representative in one of the Member Statesestablish a company located and registered in one of the Member States in the Union with an adequate number of employees, where it intends to collect data based on data altruism. For the purpose of compliance with this Regulation, that entity shall be deemed to be under the jurisdiction of the Member State where the legal representativecompany is located.
Amendment 588 #
Proposal for a regulation
Article 17 – paragraph 4 – point c
Article 17 – paragraph 4 – point c
(c) the statutes of the entity, where appropriate;
Amendment 614 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) about the location of any processing outside the Union. In addition, the non-profit entities will request an authorisation to data holders with approval regarding all the information pursuant in accordance with paragraph 4 of Article 17. The authorisation should be issued by competent authorities designated pursuant to Article 20.
Amendment 640 #
Proposal for a regulation
Article 21 – paragraph 5 – point b a (new)
Article 21 – paragraph 5 – point b a (new)
(b a) In the case that the entity wishes to make the request again, an appropriate period of at least 12 months must pass. If the entity runs into criminal problems of a certain entity, neither the company nor the persons responsible in other companies will no longer be able to apply for registration.
Amendment 642 #
Proposal for a regulation
Article 21 – paragraph 6
Article 21 – paragraph 6
(6) If an entity included in the register of recognised data altruism organisations has its main establishment or legal representative in a Member State but is active in other Member States, the competent authority of the Member State of the main establishment or where the legal representative is located and the competent authorities of those other Member States shall cooperate and assist each other as necessary and they shall also comply with the rules of the most restrictive Member States in which they operate. Such assistance and cooperation may cover information exchanges between the competent authorities concerned and requests to take the supervisory measures referred to in this Article.
Amendment 656 #
Proposal for a regulation
Article 23 – title
Article 23 – title
Requirements and procedures relating to competent authorities
Amendment 661 #
Proposal for a regulation
Article 23 – paragraph 6
Article 23 – paragraph 6
(6) The competent authorities of a Member State shall provide the Commission and competent authorities from other Member States, on reasoned request, with the information necessary to carry out their tasks under this Regulation. Where a national competent authority considers the information requested to be confidential in accordance with Union and national rules on national security, commercial and professional confidentiality, the Commission and any other competent authorities concerned shall ensure such confidentiality. reporting directly to the government of the Member States.
Amendment 694 #
Proposal for a regulation
Article 27 – paragraph 1 – point b a (new)
Article 27 – paragraph 1 – point b a (new)
(b a) to advise and assist the Commission in developing consistent guidelines for increase a data literacy and that looks at the technology transfer from research, thanks to an expansion of the resources available to those involved in data literacy training, associations, cooperatives and in general to innovation brokers.
Amendment 701 #
Proposal for a regulation
Article 27 – paragraph 1 – point d a (new)
Article 27 – paragraph 1 – point d a (new)
(d a) In addition, it should assist the Commission in defining policies and strategies with the aim of avoiding any cases of data manipulation and the creation of "false data", which could cause serious damage to various sectors. With reference to 'false data', the Board could evaluate the possibility of creating a "data passport" containing certified or certifiable data, in order to exclude any attempt to falsify the data.
Amendment 721 #
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
(1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of recognised data altruism organisations, as the case may be, shall take all reasonable technical, legal and organisational measures in order to prevent transfer or access to non-personal sensitive data held in the Union where such transfer or access would create a conflict with Union law or the law of the relevant Member State, unless the prohibiting such transfer or access are in line with paragraph 2 or 3.