22 Amendments of Sergio GUTIÉRREZ PRIETO related to 2017/0228(COD)
Amendment 41 #
Proposal for a regulation
Recital 1
Recital 1
(1) The digitisation of the economy is accelerating. Information and Communications Technology (ICT) is no longer a specific sector but the foundation of all modern innovative economic systems and societies. Electronic data is at the centre of those systems and can generate great value when analysed or combined with services and products. At the same time, cybersecurity represents one of the major threats to our societies. Securing network and information systems in the European Union is essential for the further development of the online economy, as well as for ensuring that there is trust in the digital economy as a whole. Consequently, this Regulation and the ENISA Regulation [2017/0225(COD)] need to be fully consistent with one another.
Amendment 58 #
Proposal for a regulation
Recital 6
Recital 6
(6) For reasons of legal certainty and the need for a level playing field within the Union, a single set of rules for all market participants is a key element for the functioning of the internal market. IConsidering that the free movement of data is a fundamental element for the realization of the Digital Single Market and in order to remove obstacles to trade and distortions of competition resulting from divergences between national laws and to prevent the emergence of further likely obstacles to trade and significant distortions of competition, it is therefore necessary to adopt uniform rules applicable in all Member States.
Amendment 74 #
Proposal for a regulation
Recital 10
Recital 10
(10) Under Regulation (EU) 2016/679, Member States may neither restrict nor prohibit the free movement of personal data within the Union for reasons connected with the protection of natural persons with regard to the processing of personal data. This Regulation establishes the same principle of free movement within the Union for non-personal data except when a restriction or a prohibition would be justified for security reasons. Regulation 2016/679 and this Regulation regulate respectively personal and non- personal data. In the case of closely linked mixed data, which cannot be separated either technically or economically, this Regulation should as a whole, without prejudice to Regulation 2016/679. In those cases where a set of mixed data includes personal data that may directly affect the protection of physical persons, and put at stake the fundamental rights and freedoms thereof, Regulation 2016/679 will apply.
Amendment 78 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10a) Whereas data that is neither personal nor non-personal does not exist by definition, new technological advancements in big data analytics have opened up for the possibility to turn anonymised non-personal data into personal data by comparing and aggregating large quantities of non- personal data. In this case, the line between personal data and non-personal data is not fixed but rather depends upon technological developments and new uses of technologies. In these instances, where non-personal data has become personalised, the data should be treated as such and the provisions laid down in Regulation (EU) 2016/679 should apply accordingly.
Amendment 82 #
Proposal for a regulation
Recital 10 b (new)
Recital 10 b (new)
(10b) The growing availability of Internet of Things (IoT) and the development of machine learning and Artificial Intelligence (AI) goes hand in hand with the proliferation of devices that collect non-personal data. These new technologies are already used in farm productivity, translation, manufacturing robots and navigation systems among others. However, data collected within certain industries could contain both personal and non-personal data and should be treated under the Regulation (EU) 2016/679 and this regulation respectively.
Amendment 83 #
Proposal for a regulation
Recital 10 c (new)
Recital 10 c (new)
(10c) The Commission should provide clear and easily accessible guidelines on the legal treatment of mixed data sets in order for especially SMEs to handle the interaction between this Regulation and Regulation (EU) 2016/679.
Amendment 91 #
Proposal for a regulation
Recital 12
Recital 12
(12) Data localisation requirements represent a clear barrier to the free provision of data storage or other processing services across the Union and to the internal market. As such, they should be banned unless they are justified based on thimperative grounds of public security, as defined by Union law, in particular Article 52 of the Treaty on the Functioning of the European Union, and satisfy the principle of proportionality enshrined in Article 5 of the Treaty on European Union. In order to give effect to the principle of free flow of non-personal data across borders, to ensure the swift removal of existing data localisation requirements and to enable for operational reasons storage or other processing of data in multiple locations across the EU, and since this Regulation provides for measures to ensure data availability for regulatory control purposes, Member States should not be able to invoke justifications other than public security.
Amendment 93 #
Proposal for a regulation
Recital 12 a (new)
Recital 12 a (new)
(12a) The concept of ‘public security’, is understood within the meaning of Article 52 of the TFEU and as interpreted by the European Court of Justice. The concept of ‘public security’ covers both the internal and external security of a Member State. Public security presupposes the existence of a genuine and sufficiently serious threat affecting one of the fundamental interests of society, such as a threat to the functioning of institutions and essential public services and the survival of the population, as well as by risk of a serious disturbance to foreign relations or the peaceful coexistence of nations, or a risk of military interest.
Amendment 94 #
(12a) The concept of “public security” within the meaning of Article 52 of the TFEU, encompasses the internal and external security of Member States. As established by the case law of the CJEU, the concept of imperative grounds of public security involves not only the existence of impairment of public safety, but also that such impairment presents a particularly high level of seriousness.
Amendment 114 #
Proposal for a regulation
Recital 21
Recital 21
(21) In order to take full advantage of the competitive environment, professional users should be able to make informed choices and easily compare the individual components of various data storage or other processing services offered in the internal market, including as to the contractual conditions of porting data upon the termination of a contract. In order to align with the innovation potential of the market and to take into account the experience and expertise of the providers and professional users of data storage or other processing services, the detailed information and operational requirements for data porting should be defined by market players through self-regulation, encouraged and facilitated by the Commission, in the form of Union codes of conduct which may entail model contract terms. Nonetheless, if such codes of conduct are not put in place and effectively implemented within a reasonable period of time, the Commission should review the situation. based on Commission non- binding guidelines, in the form of Union codes of conduct which may entail model contract terms. When drafting the guidelines, the Commission may take into account “Cloud Service Level Agreement Standardisation Guidelines” and the activities performed within the Cloud Stakeholders’ Platform initiative. The Commission shall ensure that all relevant stakeholders, including small and medium enterprises and start-ups are consulted in the process. Nonetheless, if such codes of conduct are not put in place and effectively implemented or do not sufficiently meet the objectives of the proposed Regulation, the Commission should review the situation within two years after the entry into force of this Regulation and introduce, if appropriate, a statutory right to data portability.
Amendment 128 #
Proposal for a regulation
Recital 28
Recital 28
(28) The Commission should periodically review this Regulation, in particular with a view to determining the need for modifications in the light of technological or market developments, especially with regards to the development of artificial intelligence, machine learning, Internet of Things, big data analysis among others.
Amendment 150 #
Proposal for a regulation
Article 3 – paragraph 1 – point 1 a (new)
Article 3 – paragraph 1 – point 1 a (new)
1a. ‘mixed data set’ means a data set composed of both personal and non- personal data.
Amendment 173 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Member States shall makeprovide the public with the details of any data localisation requirements applicable in their territory publicly availablevia an online via a single information point which they shall keep up-to-date.
Amendment 177 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. This Regulation shall not affect the powers ofprevent competent authorities tofrom requesting and receiveing access to data for the performance of their official duties in accordance with Union or national law. Access to data by competent authorities may not be refused on the basis that the data is stored or otherwise processed in another Member State.
Amendment 178 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Where a competent authority has exhausted all applicable means to obtain access to the datadoes not receive access to the data after having contacted the provider of the data storage or processing service, it may request the assistance of a competent authority in another Member State in accordance with the procedure laid down in Article 7, and the requested competent authority shall provide assistance in accordance with the procedure laid down in Article 7, unless it would be contrary to the public order of the requested Member State.
Amendment 193 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. The Commission shall encourage and facilitateprepare non-binding guidelines on the development of self- regulatory codes of conduct at Union level, in order to define guidelines oncluding best practices in facilitating the switching of providers and to ensure that they provide professional users with sufficiently detailed, clear and transparent information before a contract for data storage and processing is concluded, as regards the following issues:
Amendment 203 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. The Commission shall ensure that the codes of conduct are developed in close cooperation with all relevant stakeholders, including associations of small and medium-sized enterprises and start-ups, users and providers of cloud services.
Amendment 209 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
Amendment 218 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. No later than [53 years after the date mentioned in Article 10(2)], the Commission shall carry out a review of this Regulation and present a report on the main findings to the European Parliament, the Council and the European Economic and Social Committee. The Commission shall review the implementation of this Regulation in particular in respect of:
Amendment 223 #
Proposal for a regulation
Article 9 – paragraph 1 – point a (new)
Article 9 – paragraph 1 – point a (new)
(a) The application of this Regulation to mixed data sets especially taking into account the development of new technologies such as Internet of Things, artificial intelligence, big data analysis and the process of deanonymising data.
Amendment 226 #
Proposal for a regulation
Article 9 – paragraph 1 – point b (new)
Article 9 – paragraph 1 – point b (new)
(b) The use of the public security exception by Member States as defined in Article 4(1).
Amendment 229 #
Proposal for a regulation
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2a. By 6 months after the date of publication of this Regulation the Commission shall provide guidelines on the legal treatment of mixed data sets and the interaction between this Regulation and Regulation (EU) 2016/679.