21 Amendments of Anneleen VAN BOSSUYT related to 2017/0228(COD)
Amendment 44 #
Proposal for a regulation
Recital 2
Recital 2
(2) Data value chains are built on different data activities: data creation and collection; data aggregation and organisation; data storage and processing; data analysis, marketing and distribution; use and re-use of data. The effective and efficient functioning of data storage and other processing is a fundamental building block in any data value chain. However, such effective and efficient functioning and the development of the data economy in the Union are hampered, in particular, by two types of obstacles to data mobility and to the internal market.
Amendment 47 #
Proposal for a regulation
Recital 3
Recital 3
(3) The freedom of establishment and the freedom to provide services under the Treaty on the Functioning of the European Union apply to data storage or other processing services, including porting of data. However, the provision of those services is hampered or sometimes prevented by certain national requirements to locate data in a specific territory.
Amendment 52 #
Proposal for a regulation
Recital 4
Recital 4
(4) Such obstacles to the free movement of data storage or other processing services and to the right of establishment of data storage or other processing providers originate from requirements in the national laws of Member States to locate data in a specific geographical area or territory for the purpose of storage or other processing. Other rules or administrative practices have an equivalent effect by imposing specific requirements which make it more difficult to store or otherwise process data outside a specific geographical area or territory within the Union, such as requirements to use technological facilities that are certified or approved within a specific Member State. Legal uncertainty as to the extent of legitimate and illegitimate data localisation requirements further limits the choices available to market players and to the public sector regarding the location of data storage or other processing.
Amendment 56 #
Proposal for a regulation
Recital 5
Recital 5
(5) At the same time, data mobility in the Union is also inhibited by private restrictions: legal, contractual and technical issues hindering or preventing users of data storage or other processing services from porting their data from one service provider to another or back to their own IT systems, not least upon termination of their contract with a service provider.
Amendment 60 #
Proposal for a regulation
Recital 7
Recital 7
(7) In order to create a framework for the free movement of non-personal data in the Union and the foundation for developing the data economy and enhancing the competitiveness of European industry, it is necessary to lay down a clear, comprehensive and predictable legal framework for storage or other processing of data other than personal data in the internal market. A principle-based approach providing for cooperation among Member States as well as self-regulation should ensure that the framework is flexible so that it can take into account the evolving needs of users, providers and national authorities in the Union. In order to avoid the risk of overlaps with existing mechanisms and hence to avoid higher burdens both for Member States and businesses, detailed technical rules should not be established.
Amendment 62 #
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to legal or natural persons who provide data storage or other processing services to users residing or having an establishment in the Union, including those who provide services in the Union without an establishment in the Union.
Amendment 84 #
Proposal for a regulation
Recital 11
Recital 11
(11) This Regulation should apply to data storage or other processing in the broadest sense, encompassing the usage of all types of IT systems, whether located on the premises of the user or outsourced to a data storage or other processing service provider. It should cover data processing of different levels of intensity, from data storage (Infrastructure- as-a-Service (IaaS)) to the processing of data on platforms (Platform-as-a-Service (PaaS)) or in applications (Software-as-a- Service (SaaS)). These different services should be within the scope of this Regulation, unless data storage or other processing is merely ancillary to a service of a different type, such as providing an online marketplace intermediating between service providers and consumers or business users.
Amendment 92 #
Proposal for a regulation
Recital 12
Recital 12
(12) Data localisation requirements represent a clear barrier to the free provision of data storage or other processing services across the Union and to the internal market. As such, they should be banned unless they are justified based on the grounds of public security, as defined by Union law, in particular Article 52 of the Treaty on the Functioning of the European Union, and satisfy the principle of proportionality enshrined in Article 5 of the Treaty on European Union. In order to give effect to the principle of free flow of non-personal data across borders, to ensure the swift removal of existing data localisation requirements and to enable for operational reasons storage or other processing of data in multiple locations across the EU, and since this Regulation provides for measures to ensure data availability for regulatory control purposes, Member States should not be able to invoke justifications other than public security.
Amendment 108 #
Proposal for a regulation
Recital 17
Recital 17
(17) Natural or legal persons who are subject to obligations to provide data to competent authorities can comply with such obligations by providing and guaranteeing effective and timely electronic access to the data to competent authorities, regardless of the Member State in the territory of which the data is stored or otherwise processed. Such access may be ensured through concrete terms and conditions in contracts between the natural or legal person subject to the obligation to provide access and the data storage or other processing service provider.
Amendment 113 #
Proposal for a regulation
Recital 20
Recital 20
(20) The ability to port data without hindrance is a key facilitator of user choice and effective competition on markets for data storage or other processing services. The real or perceived difficulties to port data cross- border also undermine the confidence of professional users in taking up cross-border offers and hence their confidence in the internal market. Whereas natural persons and consumers benefit from existing Union legislation, the ability to switch between service providers is not facilitated for users in the course of their business or professional activities.
Amendment 121 #
Proposal for a regulation
Recital 24
Recital 24
(24) Enhancing trust in the security of cross-border data storage or other processing should reduce the propensity of market players and the public sector to use data localisation as a proxy for data security. It should also improve the legal certainty for companies on applicable security requirements when outsourcing their data storage or other processing activities, including to service providers in other Member States.
Amendment 122 #
Proposal for a regulation
Recital 25
Recital 25
(25) Any security requirements related to data storage or other processing that are applied in a justified and proportionate manner on the basis of Union law or national law in compliance with Union law in the Member State of residence or establishment of the natural or legal persons whose data is concerned should continue to apply to storage or other processing of that data in another Member State. These natural or legal persons should be able to fulfil such requirements either themselves or through contractual clauses in contracts with providers.
Amendment 125 #
Proposal for a regulation
Recital 26
Recital 26
(26) Security requirements set at national level should be necessary and proportionate to the risks posed to the security of data storage or other processing in the area in scope of the national law in which these requirements are set.
Amendment 126 #
Proposal for a regulation
Recital 27
Recital 27
(27) Directive 2016/114841 provides for legal measures to boost the overall level of cybersecurity in the Union. Data storage or other processing services constitute one of the digital services covered by that Directive. According to its Article 16, Member States have to ensure that digital service providers identify and take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use. Such measures should ensure a level of security appropriate to the risk presented, and should take into account the security of systems and facilities, incident handling, business continuity management, monitoring, auditing and testing, and compliance with international standards. These elements are to be further specified by the Commission in implementing acts under that Directive. _________________ 41 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).
Amendment 138 #
Proposal for a regulation
Article 2 – paragraph 1 – introductory part
Article 2 – paragraph 1 – introductory part
1. This Regulation shall apply to the storage or other processing of electronic data other than personal data in the Union, which is
Amendment 152 #
Proposal for a regulation
Article 3 – paragraph 1 – point 2
Article 3 – paragraph 1 – point 2
Amendment 153 #
Proposal for a regulation
Article 3 – paragraph 1 – point 2 a (new)
Article 3 – paragraph 1 – point 2 a (new)
2a. ‘processing’ means any operation or set of operations which is performed on data or on sets of data in electronic format, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Amendment 154 #
Proposal for a regulation
Article 3 – paragraph 1 – point 4
Article 3 – paragraph 1 – point 4
4. ‘provider’ means a natural or legal person who provides data storage or other processing services;
Amendment 156 #
Proposal for a regulation
Article 3 – paragraph 1 – point 6
Article 3 – paragraph 1 – point 6
6. ‘competent authority’ means an authority of a Member State that has the power to obtain access to data stored or processed by a natural or legal person for the performance of its official duties, as provided for by national or Union law;
Amendment 162 #
8. ‘professional user’ means a natural or legal person, including a public sector entity, using or requesting a data storage or other processing service for purposes related to its trade, business, craft, profession or task.
Amendment 184 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. Where a request for assistance entails obtaining access to any premises of a natural or legal person including to any data storage or other processing equipment and means, by the requested authority, such access must be in accordance with Union or Member State procedural law.