BETA

Activities of Miapetra KUMPULA-NATRI related to 2022/0047(COD)

Plenary speeches (1)

Data Act (debate)
2023/03/14
Dossiers: 2022/0047(COD)

Shadow reports (1)

REPORT on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)
2023/02/28
Committee: ITRE
Dossiers: 2022/0047(COD)
Documents: PDF(1 MB) DOC(434 KB)
Authors: [{'name': 'Pilar DEL CASTILLO VERA', 'mepid': 28390}]

Amendments (219)

Amendment 97 #
Proposal for a regulation
Recital 1
(1) In recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation in products connected to the Internet of Things in particular has increased the volume and potential value of data for consumers, businesses and society. High -quality and interoperable data from different domains increase competitiveness and innovation and ensure sustainable economic growth. The same dataset may potentially be used and reused for a variety of purposes and to an unlimited degree, without any loss in its quality or quantity, while respecting users’ choices and applicable legislation to protect them.
2022/11/14
Committee: ITRE
Amendment 99 #
Proposal for a regulation
Recital 2
(2) Barriers to data sharing prevent an optimal allocation of data to the benefit of society. These barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and abuse of contractual imbalances with regards to data access and use.
2022/11/14
Committee: ITRE
Amendment 103 #
Proposal for a regulation
Recital 4
(4) In order to respond to the needs of the digital economycontribute to the digital transition of the Union, a comprehensive harmonisation at Union level is needed to ensure fairness in the allocation of value from data among all actors in the data economy as well asto avoid fragmentation resulting from national legislation, and therefore to create trust in the data sharing environment. Moreover, to foster access to and use of data. and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.
2022/11/14
Committee: ITRE
Amendment 105 #
Proposal for a regulation
Recital 4
(4) In order to respond to the needs of the digital economy, protect consumers and to remove unjustified barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.
2022/11/14
Committee: ITRE
Amendment 109 #
Proposal for a regulation
Recital 5
(5) This Regulation ensures that users of a product or related service in the Union including data subjects and consumers, can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties and for the purposes of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for users, micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC and for all other types of enterprises, including start- ups. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.
2022/11/14
Committee: ITRE
Amendment 130 #
Proposal for a regulation
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components or operating systems or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation with the exception of prototypes. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.This Regulation applies to products placed on the marketin the Union and thus does not apply to products in development stage such as prototypes.
2022/11/14
Committee: ITRE
Amendment 136 #
Proposal for a regulation
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps.
2022/11/14
Committee: ITRE
Amendment 140 #
Proposal for a regulation
Recital 15 a (new)
(15 a) The use and access to sensitive data generated by a product regulated by a specific sectoral rules is without prejudice to those rules.
2022/11/14
Committee: ITRE
Amendment 148 #
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any softwaincluding data pre -process that calculates derivative data from such data as such software process may be subject to intellectual property rights.ed using the product’s own computing capacity
2022/11/14
Committee: ITRE
Amendment 158 #
Proposal for a regulation
Recital 18
(18) The user of a product should be understood as the legal or natural person, such as a business or, consumer or public sector body , which has purchased, rented or leased the product. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service.
2022/11/14
Committee: ITRE
Amendment 166 #
Proposal for a regulation
Recital 20
(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all personeach user can have access to data they it generates can have access to data they generated only to such data. In case several manufacturers or related services providers have sold, rent out or leased products or services integrated together to the same user, the user should turn to each of the manufacturers or related service providers with who it has a contractual agreement. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism and joint consent that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.
2022/11/14
Committee: ITRE
Amendment 169 #
Proposal for a regulation
Recital 20
(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all personseach user can have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should swiftly inform the user how the data may be accessed.
2022/11/14
Committee: ITRE
Amendment 170 #
Proposal for a regulation
Recital 21
(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers or the user. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. TheyProducts may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer or in an environment chosen by the user or the authorised. Where either option is available, the user or third party shall choose their preferred method.
2022/11/14
Committee: ITRE
Amendment 181 #
Proposal for a regulation
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided by the data holder to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679.
2022/11/14
Committee: ITRE
Amendment 185 #
Proposal for a regulation
Recital 24
(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be fair and transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.
2022/11/14
Committee: ITRE
Amendment 188 #
Proposal for a regulation
Recital 25
(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, cContractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options (such as “allow once” or “allow while using this app or service”), including the option to withdraw permission.
2022/11/14
Committee: ITRE
Amendment 189 #
Proposal for a regulation
Recital 25
(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, contractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase, rent or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options (such as “allow once” or “allow while using this app or service”), including the prominent option to withdraw permission.
2022/11/14
Committee: ITRE
Amendment 190 #
Proposal for a regulation
Recital 25 a (new)
(25 a) Data users should have the priority on benefitting from the value created by the use of the product. Data holders should ensure that non-personal they receive from the connected product are primarily used for the fulfilment of their contractual obligations to the user. This is without the prejudice of the data holders capability to use the non-personal data generated to improve the functioning of the connected product or related service, to develop new products or services or to enrich, manipulate or aggregate it with other data.
2022/11/14
Committee: ITRE
Amendment 191 #
Proposal for a regulation
Recital 26
(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, EU consumer law applies, Directive 2005/29/EC, which applies against unfair commercial practices, and Directive 93/13/EEC which applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises
2022/11/14
Committee: ITRE
Amendment 202 #
Proposal for a regulation
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The request should also be valid regardless of whether the request is put forward by the user or an authorised third party acting on users behalf, such as authorised data intermediation service in the meaning of the Regulation (EU) 2022/868. The data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product.
2022/11/14
Committee: ITRE
Amendment 215 #
Proposal for a regulation
Recital 31
(31) Data generated by the use of a product or related service should only be made available to a third party such as authorised data intermediation service in the meaning of the Regulation (EU) 2022/868 at the request of the user. This Regulation accordingly complements the right provided under Article 20 of Regulation (EU) 2016/679. That Article provides for a right of data subjects to receive personal data concerning them in a structured, commonly used and machine- readable format, and to port those data to other controllers, where those data are processed on the basis of Article 6(1), point (a), or Article 9(2), point (a), or of a contract pursuant to Article 6(1), point (b). Data subjects also have the right to have the personal data transmitted directly from one controller to another, but only where technically feasible. Article 20 specifies that it pertains to data provided by the data subject but does not specify whether this necessitates active behaviour on the side of the data subject or whether it also applies to situations where a product or related service by its design observes the behaviour of a data subject or other information in relation to a data subject in a passive manner. The right under this Regulation complements the right to receive and port personal data under Article 20 of Regulation (EU) 2016/679 in several ways. It grants users the right to access and make available to a third party to any data generated by the use of a product or related service, irrespective of its nature as personal data, of the distinction between actively provided or passively observed data, and irrespective of the legal basis of processing. Unlike the technical obligations provided for in Article 20 of Regulation (EU) 2016/679, this Regulation mandates and ensures the technical feasibility of third party access for all types of data coming within its scope, whether personal or non-personal. This Regulation also allows direct data sharing from users to third parties. This Regulation precludes the data holder or the third party from directly or indirectly charging consumers or data subjects a fee, compensation or costs for sharing data or for accessing it. This Regulation does not directly or indirectly incentivise the commercialisation or trade of personal data It also allows the data holder to set reasonable compensation to be met by third parties, but not by the user, for any cost incurred in providing direct access to the data generated by the user’s product. If a data holder and third party are unable to agree terms for such direct access, the data subject should be in no way prevented from exercising the rights contained in Regulation (EU) 2016/679, including the right to data portability, by seeking remedies in accordance with that Regulation. It is to be understood in this context that, in accordance with Regulation (EU) 2016/679, a contractual agreement does not allow for the processing of special categories of personal data by the data holder or the third party.
2022/11/14
Committee: ITRE
Amendment 220 #
Proposal for a regulation
Recital 33
(33) In order to prevent the exploitation of users, third parties to whom data has been made available upon request of the user should only process the data for the purposes agreed with the user and share it with another third party only if, as clearly unequivocally informed to the user in timely manner, this is necessary to provide the service requested by the user.
2022/11/14
Committee: ITRE
Amendment 223 #
Proposal for a regulation
Recital 34
(34) In line with the data minimisation principle, the third party should only access additional information that is necessary for the provision of the service requested by the user. Having received access to data, the third party should process it exclusively for the purposes agreed with the user, without interference from the data holder. It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access. TData holder or the third party should not make the exercise of the rights or choices of users unduly difficult including by offering choices to users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or free choices of the user, including by means of a digital interface with the user. in this context,or a part thereof, including its structure, design, function or manner of operation. In this context, the data holders and third parties should not rely on so-called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them. These manipulative techniques can be used to persuade users, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and free choice. Common and legitimate commercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. TData holders and third parties should comply with their obligations under relevant Union law, in particularcluding the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.
2022/11/14
Committee: ITRE
Amendment 245 #
Proposal for a regulation
Recital 41
(41) In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
2022/11/14
Committee: ITRE
Amendment 251 #
Proposal for a regulation
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient, in business-to-business relations. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises, for the costs incurred and investment required for making the data available.
2022/11/14
Committee: ITRE
Amendment 256 #
(43) In duly justified cases, including the need to safeguard consumer participation and competition or to promote innovation in certain markets, Union law or national legislation implementing Union law may impose regulated compensation for making available specific data types.
2022/11/14
Committee: ITRE
Amendment 276 #
Proposal for a regulation
Recital 52
(52) Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed on micro, small and medium-sized enterprises. This concerns ‘take-it-or- leave-it’ situations where one party supplies a certain contractual term and the micro, small or medium-sized enterprise cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party and accepted by the micro, small or medium-sized enterprise or a term that is negotiated and subsequently agreed in an amended way between contracting parties should not be considered as unilaterally imposed. All contractual agreements shall be in line with Fair, Reasonable and Non- Discriminatory (FRAND) principles.
2022/11/14
Committee: ITRE
Amendment 278 #
Proposal for a regulation
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional casesPublic sector bodies are faced with several interrelated challenges spanning from pandemics and climate change to urban planning and mobility. Privately held data has a high potential to help solving these problems in the public interest. By informing decision making, providing for new scientific insights and resolving policy issues, private held data enablse more targeted interventions and improvement of public service delivery, bringing about significant savings for the public budget. This is why situations it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies such as public health or climate emergencies, in other exceptional cases such as purposes of legitimate public interest explicitly provided by under Union or national law. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
2022/11/14
Committee: ITRE
Amendment 283 #
Proposal for a regulation
Recital 56 a (new)
(56 a) The business-to-government data sharing should be driven by the over- arching principles outlined in the High Level Expert Group on Business-to- Government. These principles are: proportionality of the use of private-sector data, data use limitation, “do no harm”, compensation, non-discrimination, limitation mitigation, transparency and societal participation, accountability and fair and ethical data use.
2022/11/14
Committee: ITRE
Amendment 289 #
Proposal for a regulation
Recital 57
(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency ishould be determined according to the respective procedures in the Member States or of relevant international organisations.
2022/11/14
Committee: ITRE
Amendment 298 #
Proposal for a regulation
Recital 58
(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specificor exercising a task in the legitimate public interest that has been explicitly provided in lawas provided for in national law. The tasks, aimed at improving the efficient provision of public services and evidence-based public policymaking as well as gaining enforcement of existing laws or regulations, can include but should not be limited to, improving traffic and mobility, environmental sustainability, affordable housing, city planning as well as facilitating the development, production and dissemination of official statistics. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation. This covers situations where the existence of a reporting obligation fort the provision of the data in scope of the request exists but is in itself insufficient to guarantee the availability of data of the necessary quality, granularity, and timeliness or where the said obligation is otherwise not fit for the specific use purpose sought.
2022/11/14
Committee: ITRE
Amendment 311 #
Proposal for a regulation
Recital 62 a (new)
(62 a) The data made available to the public sector bodies should be in a structured and commonly used format, accompanied with a relevant metadata that facilitates the use of the data with only minimal adaptations necessary to make them useable by the public sector or Union institution body.
2022/11/14
Committee: ITRE
Amendment 320 #
Proposal for a regulation
Recital 66
(66) When reusing data provided by data holders, public sector bodies and Union institutions, agencies or bodies should respect both existing applicable legislation and contractual obligations to which the data holder is subject. . Public administration authorities should coordinate their requests for data and pursue best efforts to ensure that businesses are obliged to supply the same data only once. Where the disclosure of trade secrets of the data holder to public sector bodies or to Union institutions, agencies or bodies is strictly necessary to fulfil the purpose for which the data has been requested, confidentiality of such disclosure should be ensured to the data holder.
2022/11/14
Committee: ITRE
Amendment 328 #
Proposal for a regulation
Recital 69 a (new)
(69 a) Unnecessarily high “data egress fees”, or data transfer costs have the potential to restrict competition and cause lock-in effects for the customers of data processing services, by reducing incentives to choose a different or additional service provider. Therefore, the gradual withdrawal of the charges associated with switching data processing services should specifically include withdrawing any “egress fees” charged by the data processing services to a customer.
2022/11/14
Committee: ITRE
Amendment 332 #
Proposal for a regulation
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type. Services can only be expected to facilitate functional equivalence for the functionalities that both the originating and destination services offer. This Regulation doesn't instate an obligation of facilitating functional equivalence for data processing services of the PaaS and/or SaaS service delivery model. Meta- data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching.
2022/11/14
Committee: ITRE
Amendment 339 #
Proposal for a regulation
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. These standards should be developed in open, technology neutral and inclusive way line with Chapter II of the Regulation (EU) No 1025/2012. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services in consultation with the European Data Innovation Board as outlined in the Article 30 of the Regulation (EU) No 2022/868.
2022/11/14
Committee: ITRE
Amendment 343 #
Proposal for a regulation
Recital 80 a (new)
(80 a) The number of devices connected to the Internet, both in enterprise networks and consumer households, including machines, sensors, and cameras that make up the Internet of Things (IoT), continues to grow at a steady pace. Since it is expected that by the end of the decade a number of connected devices across the Union will be extremely high, providing for digital identity of IoT devices and their secure authentication is becoming an urgent priority. International Data Corporation estimates that the number of connected IoT devices is expected to reach 41.6 billion by 2025. While an increasing number of devices is connected to the internet, security and resilience are not sufficiently built in by design, leading to insufficient cybersecurity. Ensuring secure digital identities for IoT devices needs to be a continuous, automated process but this needs to start at the point of manufacture and continue throughout the device lifecycle. Connected devices create a data-rich network which means improved functionality and potential revenue growth for organisations, but they also come with significant business and compliance risks. These begin to outweigh the strategic benefits unless businesses and governments prioritise securing digital identities. By extending the concept of digital identity and attestation of attributes to IoT devices, the European Digital Identity Framework can help mitigate cybersecurity risks and add value to the data exchanged by adding a new trust layer to network and information systems, communications networks, digital products, services and devices used by citizens, organisations and businesses.
2022/11/14
Committee: ITRE
Amendment 345 #
Proposal for a regulation
Recital 81 a (new)
(81 a) In order to further enhance coordination in thee nforcement of this Regulation, the European Data Innovation Board should foster the mutual exchange of information amongst competent authorities as well as advise and assist the Commission in matters falling under this Regulation that fall within the competences of Article 30 of Regulation (EU) 2022/868. A subgroup for stakeholder involvement referred to in Article 29(2)(c) of that Regulation should participate in the consultation on a continual basis.
2022/11/14
Committee: ITRE
Amendment 348 #
Proposal for a regulation
Recital 82
(82) In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for the infringements of their rights under this Regulation by lodging complaints with competent authorities. Those authorities should be obliged to cooperate to ensure the complaint is appropriately handled and resolved swiftly. In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to the Regulation (EU) 2017/2394 of the European Parliament and of the Council68 and Directive (EU) 2020/1828 of the European Parliament and of the Council69 . _________________ 68 Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1). 69 Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
2022/11/14
Committee: ITRE
Amendment 359 #
Proposal for a regulation
Article 1 – paragraph 1 a (new)
1 a. This Regulation covers personal and non-personal data, including the following types of data or in the following contexts: (a) Chapter II applies to data concerning the performance, use and environment of products and relatedservices. (b) Chapter III applies to anyprivate sector data subject to statutory data sharing obligations. (c) Chapter IV applies to any private sector data accessed and used on the basis of contractual agreements between businesses. (d) Chapter V applies to any privatesector data with a focus on non-personal data. (e) Chapter VI applies to any dataprocessed by data processing services. (f) Chapter VII applies to any non- personal data held in the Union by providers of data processing services.
2022/11/14
Committee: ITRE
Amendment 362 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
(a) manufacturers of products and suppliers of related services placed on the market in the Union and the Union based users of such products or services;
2022/11/14
Committee: ITRE
Amendment 379 #
Proposal for a regulation
Article 1 – paragraph 3
3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect the applicability of Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC, including the powers and competences of supervisory authorities. Insofar as the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement the right of data portability under Article 20 of Regulation (EU) 2016/679. In the event of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data shall prevail. However, insofar as the processing of personal data made available to a data recipient pursuant to Article 5 of the Data Act is restricted in line with Articles 3 to 6, these provisions should be understood as taking precedence over Article 6 of Regulation (EU) 2016/679. This Regulation does not create a legal basis for the processing of personal data and no provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications.
2022/11/14
Committee: ITRE
Amendment 385 #
Proposal for a regulation
Article 1 – paragraph 4 a (new)
4 a. This Regulation complements and does not affect the applicability of Union law aiming to promote the interests of consumers and to ensure a high level of consumer protection, to protect their health, safety and economic interests, including Directive 2005/29/EC of the European Parliament and of the Council, Directive2011/83/EU of the European Parliament and of the Council and Directive93/13/EEC of the European Parliament and of the Council. No provision in this Regulation should be applied or interpreted in such a way as to diminish or limit a high level of consumer protection.
2022/11/14
Committee: ITRE
Amendment 388 #
Proposal for a regulation
Article 1 – paragraph 4 a (new)
4 a. Dataholders shall not be obliged to provide access to data to any natural or legal person, entity or body outside the Union, unless otherwise provided by the Union law or the implementing national legislations.
2022/11/14
Committee: ITRE
Amendment 395 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
(1 a) ‘personal data’ means personal data as defined in Article 4, point(1), of Regulation (EU) 2016/679;
2022/11/14
Committee: ITRE
Amendment 397 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
(1 b) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU)2016/679;
2022/11/14
Committee: ITRE
Amendment 398 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
(1 b) 'non-personal data' means data other than personal data;
2022/11/14
Committee: ITRE
Amendment 401 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 c (new)
(1 c) non-personal data’ means data other than personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679.
2022/11/14
Committee: ITRE
Amendment 413 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 d (new)
(1 d) ‘consent’ means consent as defined in article 4, point (11), of Regulation (EU) 2016/679;
2022/11/14
Committee: ITRE
Amendment 417 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2
(2) ‘product’ means a tangible, movable item, including where incorporated in an immovable item, that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data via a publicly availablen electronic communications service and whose primary function is not the storing and, processing of datar transmission of data nor is it primarily designed to display or play content, or to record and transmit content;
2022/11/14
Committee: ITRE
Amendment 428 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4 a (new)
(4 a) ‘consumer’ means any natural person who, in contracts covered by this Directive, is acting forpurposes which are outside his trade, business, craft or profession;
2022/11/14
Committee: ITRE
Amendment 432 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person, including a data subject, that owns, rents or leases a product or receives a related services;
2022/11/14
Committee: ITRE
Amendment 434 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person that owns, rents or leases a product or receives a services;, or related services, or the data subject
2022/11/14
Committee: ITRE
Amendment 440 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, the ability, to make available certain data; When in possession of personal data, only a controller as defined by Article 4.7 of Regulation (EU) 2016/679 can be a ‘data holder’
2022/11/14
Committee: ITRE
Amendment 443 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6 a (new)
(6 a) 'data subject' means data subject as referred to in Article 4, point (1), of Regulation (EU) 2016/679;
2022/11/14
Committee: ITRE
Amendment 449 #
Proposal for a regulation
Article 2 – paragraph 1 – point 8 a (new)
(8 a) ‘added value service’ means any service provided to the consumer or data subject that can be enabled or improved by access and use of data generated by the use of the product or related service, including personalised services which mean services that, based on the processing of data of the consumer or data subject, offer individualised services to the consumer or data subject such as diet plans, route planning, fitness training, electricity consumption optimisation. They do not include purposes of direct marketing or advertising, credit scoring or determining eligibility to insurances, to calculate or modify insurance premiums or the services of a data broker, even if the data broker shares data with others that provide personalised services;
2022/11/14
Committee: ITRE
Amendment 455 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters, including those exacerbated by climate change, and major man-made disasters, such as major cybersecurity incidents, negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic and financial stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s); and which is determined according to the respective procedures under Union or national law.
2022/11/14
Committee: ITRE
Amendment 459 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10 a (new)
(10 a) ‘official statistics’ means statistics within the meaning of ‘European statistics’ under Regulation (EC) No 223/2009’.
2022/11/14
Committee: ITRE
Amendment 465 #
Proposal for a regulation
Article 2 – paragraph 1 – point 15
(15) 'open interoperability specificationstandards’ mean ICT technical specifications, as defined in Regulation (EU) No 1025/2012, which are performance oriented towards achieving interoperability between data processing servicesfor repeated or continuous application, publicly available for implementation and use on reasonable terms (including for a reasonable fee or free of charge), adopted through an inclusive, collaborative, consensus-based and transparent process from which materially affected and interested parties cannot be excluded;
2022/11/14
Committee: ITRE
Amendment 469 #
Proposal for a regulation
Article 2 – paragraph 1 – point 16
(16) ‘smart contract’ means a computer program stored in an electronic ledger system wherein the outcome of the execution of the program is recorded on the electronic ledger;deleted
2022/11/14
Committee: ITRE
Amendment 472 #
Proposal for a regulation
Article 2 – paragraph 1 – point 17
(17) ‘electronic ledger’ means an electronic ledger within the meaning of Article 3, point (53), of Regulation (EU) No 910/2014;deleted
2022/11/14
Committee: ITRE
Amendment 477 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
(20 a) ‘metadata’ means a structured description of the contents of the data facilitating the discovery and use of this data, as well as any other data collected for the purposes of the provision of the service, including configuration parameters, security settings, logs, and other information regarding the use of the service by the final users. As for data generated by the use of connected products, the relevant metadata means the metadata that the data holder uses for its own purpose.
2022/11/14
Committee: ITRE
Amendment 478 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
(20 a) ‘common European data spaces’ mean purpose- or sector-specific or cross -sectoral interoperable frameworks of common standards and practices to share or jointly process data for, inter alia, development and provision of new products and services, scientific research or civil society initiatives.
2022/11/14
Committee: ITRE
Amendment 483 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 b (new)
(20 b) ‘data intermediation service’ means data intermediation service as referred to in Article 2, point (8), of Regulation(EU) 2022/868;
2022/11/14
Committee: ITRE
Amendment 485 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 c (new)
(20 c) 'operator within data spaces' mean legal persons, such as data holders, data users, and data intermediation service providers, that facilitate or engage in data sharing within and across the common European data spaces;
2022/11/14
Committee: ITRE
Amendment 492 #
Proposal for a regulation
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use that are accessible to the data holder are free of charge and, are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user in a structured, commonly used and machine-readable format. Data shall be provided in the form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.
2022/11/14
Committee: ITRE
Amendment 494 #
Proposal for a regulation
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, free of charge, safely, easily, securely and, where relevant and appropriate, directly accessible to the user. in a structured, commonly used and machine readable format. This shall be done without endangering their functionality and in accordance with data security requirements as laydown by Regulation 2016/679.
2022/11/14
Committee: ITRE
Amendment 495 #
Proposal for a regulation
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user. This should be done without endangering their functionality nor going against data security requirements from Regulation 2016/679, product regulations or technical standardisation
2022/11/14
Committee: ITRE
Amendment 500 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
1 b. Products and related services shall be designed and manufactured in such a manner that data subjects, irrespective of their legal title over the product, are offered the possibility to use the products covered by this Regulation anonymously or in the least privacy-intrusive way possible, such as by anonymising the data.
2022/11/14
Committee: ITRE
Amendment 502 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
1 a. Consumers shall have the right to obtain a copy of the data generated by their use of the product and related services, from the data holder without hindrance, in a structured, commonly used and machine-readable format.
2022/11/14
Committee: ITRE
Amendment 503 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
1 a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.
2022/11/14
Committee: ITRE
Amendment 504 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
1 a. The data holder shall not be liable towards the user for any direct or indirect damages arising from, relating to and/or in connection with data made accessible.
2022/11/14
Committee: ITRE
Amendment 510 #
Proposal for a regulation
Article 3 – paragraph 2 – introductory part
2. Before concluding a contract for the purchase, rent or lease of a product or a related service, consumers should be presented with granular, meaningful consent options for data processing, within the meaning of Article4 (11) of Regulation (EU) 2016/679, differentiating between data that is essential for the functioning of the product and a related and other types of data. In addition, at least the following information shall be provided to the user, in a clear and comprehentimely, prominent and comprehensible and easily accessible format:
2022/11/14
Committee: ITRE
Amendment 516 #
Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)
(a a) the categories of data transmitted to the data holder by the use of a product or a related service
2022/11/14
Committee: ITRE
Amendment 521 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
(c) how the user may access those data delivered in a usable format and in a simple, clear and free manner for the user ;;
2022/11/14
Committee: ITRE
Amendment 522 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
(c) how the user may access those data and a copy of those data, free of charge;
2022/11/14
Committee: ITRE
Amendment 528 #
Proposal for a regulation
Article 3 – paragraph 2 – point c b (new)
(c b) (cb) The technical means to access the data, such as Software Development Kits or application programming interfaces , and their terms of use and quality of service shall be sufficiently described to enable the development of such means of access
2022/11/14
Committee: ITRE
Amendment 529 #
Proposal for a regulation
Article 3 – paragraph 2 – point c a (new)
(c a) the data holder shall provide information on the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, which shall be described in a publicly available and consistent manner.
2022/11/14
Committee: ITRE
Amendment 541 #
Proposal for a regulation
Article 3 – paragraph 2 – point e
(e) whether the seller, renter or lessor is the data holder and, if not, the identity of the data holder, such as its trading name, contact details and the geographical address at which it is established;
2022/11/14
Committee: ITRE
Amendment 544 #
Proposal for a regulation
Article 3 – paragraph 2 – point f
(f) the means of communication which enable the user to contact the data holder quickly and communicate with that data holder efficiently in a durable method;
2022/11/14
Committee: ITRE
Amendment 548 #
(g) how the user may request that the data are shared with a third-party, free of charge;
2022/11/14
Committee: ITRE
Amendment 553 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
2 a. The data holder shall not make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a neutral manner, or coerce, deceive or manipulate the user in any way, or subvert or impair the autonomy, decision-making or free choices of the user, including by means of a digital interface or a part thereof, including its structure, design, function or manner of operation
2022/11/14
Committee: ITRE
Amendment 558 #
Proposal for a regulation
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by itsthe use of a product or related service without undue delay easily, in a structured, commonly used and machine-readable format, free of charge and, where applicable, continuously and in real-time. accompanied with relevant metadata. Data shall be provided in the form in which they have been generated by the product including data generated by the use of a product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata and support tools necessary to interpret and use the data in order to achieve the intended purpose- This shall be done on the basis of a simple request through electronic means where This shall be done on the basis of a simple request through electronic means where technically feasible.
2022/11/14
Committee: ITRE
Amendment 559 #
Proposal for a regulation
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product or related service, the data holder shall make available to the user the data generated by itsthe use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible, that are accessible to the data holder, as well as the relevant metadata, without undue delay, free of charge, easily, securely, in a structured, commonly used and machine- readable format, and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. The manufacturer, where technically supported, shall provide on- device access in a non-discriminatory manner. Where on-device and off-device access are available, the user or third party shall choose their preferred method.
2022/11/14
Committee: ITRE
Amendment 573 #
Proposal for a regulation
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. Such measures shall be utilized in a limited manner and only when theshared data includes trade secrets as defined by the EU or national law. The data holder shall prove the existence of trade secrets when it invokes measures to preserve the confidentiality of the shared data.
2022/11/14
Committee: ITRE
Amendment 605 #
Proposal for a regulation
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. hat are accessible to the data holder, as well as the relevant metadata, to a third party, without undue delay, free of charge to the user, in an interoperable, structured, commonly used and machine- readable format, of the same quality as is available to the data holder and, where applicable, continuously and in real-time and done on the basis of secure access mechanisms. Such data shall be digitally processable and interpretable and shall at least provide basic context, metadata and time stamp.
2022/11/14
Committee: ITRE
Amendment 608 #
Proposal for a regulation
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user such as authorised data intermediation service in the meaning of the Regulation (EU) 2022/868, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder, free of charge to the user via a well-formed application programming interface and, where applicable, continuously and in real- time.
2022/11/14
Committee: ITRE
Amendment 632 #
Proposal for a regulation
Article 5 – paragraph 5
5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time. The data holder shall not use any data generated by the use of the product or related service to monitor the interactions between users and third parties except for objectively justified security considerations
2022/11/14
Committee: ITRE
Amendment 636 #
Proposal for a regulation
Article 5 – paragraph 6 a (new)
6 a. The data holder shall not make the usability of the product or related service dependent on the user allowing it to process data not required for the functionality of the product or provision of the related service.
2022/11/14
Committee: ITRE
Amendment 650 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
(a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the end-users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user or a part thereof, including its structure, design, function or manner of operation;
2022/11/14
Committee: ITRE
Amendment 651 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
(a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a non- neutral manner, or coerce, deceive or manipulate the user in any way, byor subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user or a part thereof, including its structure, design, function or manner of operation;
2022/11/14
Committee: ITRE
Amendment 655 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is strictly necessary to provide the service requested by the user;
2022/11/14
Committee: ITRE
Amendment 657 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
(c) make the data available it receives available to another third party, in raw, aggregated or derived form, unless this is necessary to provide the service requested by the user; and after the user has explicitly been made aware of this in a clear, easily accessible and prominent way;
2022/11/14
Committee: ITRE
Amendment 672 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
2 a. A third party should only use personal data for one of the following specific purposes: (a) the provision of aftermarket services, such as the maintenance and repair of the product or related service or the provision of an aftermarket service that may be in competition with a product or related service provided by the data holder; (b) the provision of an added value service explicitly requested by the consumer or data subject; (c) specific data intermediation services recognised in the Union or specific services provided by data altruism organisations recognised in the Union under the conditions and requirements of Chapters III and IV of Regulation (EU) 2022/868; (d) purposes of non-profit organisations in the public interest; (e) research and innovation in the public interest.
2022/11/14
Committee: ITRE
Amendment 675 #
Proposal for a regulation
Article 6 a (new)
Article 6 a Prohibited contractual clauses for business to consumer contracts 1. Contractual terms by data holders, third parties or data recipients concerning the access to, sharing and use of data or the liability and remedies for the breach or the termination of data-related obligations shall be prohibited if their object or effect is to; (a) process personal data generated by the use of a product or service by any data subject other than the user, including use by data holders and third parties, where the data makes it possible to make inferences about private lives or would otherwise entail high risks for the rights and freedoms of the individuals concerned; (b) bundle data usage by data holders or third parties, for example for purposes both necessary for the operation of the product or the related service together with purposes which are unnecessary, such as use for marketing or development of new products; (c) unrestrictedly use personal data generated by the use of a product or related services for purposes such as direct marketing or advertising, credit scoring, to determine eligibility to health insurance or to calculate or modify insurance premiums; (d) derogate from remedies resulting from non-conformity of a product or a service caused by the trader's breaches of the Data Act.
2022/11/14
Committee: ITRE
Amendment 676 #
Proposal for a regulation
Article 7 – paragraph 1
1. The obligations of this Chapter shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.deleted
2022/11/14
Committee: ITRE
Amendment 678 #
Proposal for a regulation
Article 7 – paragraph 1
1. The obligations of this Chapter related to business-to-business data sharing shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.
2022/11/14
Committee: ITRE
Amendment 689 #
Proposal for a regulation
Article 8 – paragraph 3
3. A data holder shall not discriminate between comparable categories of data recipients, that are comparable in terms of activity, size, type of business relationship, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient considers the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder to demonstrate that there has been no discrimination.
2022/11/14
Committee: ITRE
Amendment 696 #
Proposal for a regulation
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonablein business-to- business relations shall be reasonable. This Regulation precludes the data holder or the third party from directly or indirectly charging consumers or data subjects a fee, compensation or costs for sharing data or for accessing it.
2022/11/14
Committee: ITRE
Amendment 699 #
Proposal for a regulation
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonable and shall not exceed the costs directly related to making the data available.
2022/11/14
Committee: ITRE
Amendment 704 #
Proposal for a regulation
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, aAny compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
2022/11/14
Committee: ITRE
Amendment 717 #
Proposal for a regulation
Article 10 – paragraph 1
1. Data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8 and 9 and 13.
2022/11/14
Committee: ITRE
Amendment 723 #
Proposal for a regulation
Article 11 – paragraph 1
1. The data holder mayshall apply appropriate technical and organisational protection measures, including smart contracts and encryption, to prevent unauthorised access to the data, including metadata, and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
2022/11/14
Committee: ITRE
Amendment 724 #
Proposal for a regulation
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively obtain a copy or provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
2022/11/14
Committee: ITRE
Amendment 734 #
Proposal for a regulation
Article 12 – paragraph 2 a (new)
2 a. Any contractual term in a data sharing agreement between data holders and data recipients which, to the detriment of the data subjects undermines the application of their rights to privacy and data protection, derogates from it, or varies its effect, shall not be binding on that party.
2022/11/14
Committee: ITRE
Amendment 738 #
Proposal for a regulation
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC shall not be binding on the latter enterprise if it is unfair.provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro, small or medium enterprise;
2022/11/14
Committee: ITRE
Amendment 740 #
Proposal for a regulation
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC or which has been unilaterally imposed by an enterprise which is the sole source of crucial data they hold in some ecosystem shall not be binding on the latterrecipient enterprise if it is unfair.
2022/11/14
Committee: ITRE
Amendment 753 #
Proposal for a regulation
Article 13 – paragraph 8 a (new)
8 a. The Commission shall conduct a regular market investigation to review and, if necessary, revise the unfair contractual terms listed in paragraphs 3 and 4 of this Article.
2022/11/14
Committee: ITRE
Amendment 756 #
Proposal for a regulation
Chapter V – title
V MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES AND UNION INSTITUTIONS, AGENCIES OR BODIES BASED ON EXCEPTIONAL NEED
2022/11/14
Committee: ITRE
Amendment 758 #
Proposal for a regulation
Article 14 – title
Obligation to make data available based on exceptional need
2022/11/14
Committee: ITRE
Amendment 761 #
Proposal for a regulation
Article 14 – paragraph 1
1. Upon request, a data holder shall make data, including relevant metadata, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need or a legitimate public interest to use the data requested.
2022/11/14
Committee: ITRE
Amendment 764 #
Proposal for a regulation
Article 14 – paragraph 1
1. Upon request, a data holder shall make data, including metadata, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.
2022/11/14
Committee: ITRE
Amendment 769 #
Proposal for a regulation
Article 15 – title
Exceptional needConditions to use data
2022/11/14
Committee: ITRE
Amendment 776 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
(a) where the data requested is necessary to respond toprevent or respond to or recover from a public emergency;
2022/11/14
Committee: ITRE
Amendment 780 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from a public emergency;deleted
2022/11/14
Committee: ITRE
Amendment 789 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specificor exercising tasks in the public interest that hasve been explicitly provided by law; and
2022/11/14
Committee: ITRE
Amendment 791 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
(1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market raton reasonable prices or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or
2022/11/14
Committee: ITRE
Amendment 802 #
Proposal for a regulation
Article 16 – paragraph 1 a (new)
1 a. This Chapter shall be without prejudice to further specific sectoral rules pertaining to the types of data for which rules have been laid down in Union or national law.
2022/11/14
Committee: ITRE
Amendment 803 #
Proposal for a regulation
Article 16 – paragraph 2
2. The rights from this Chapter shall not be exercised to obtain information or take decisions concerning identifiable individuals. The rights from this Chapter shall not be exercised by public sector bodies and Union institutions, agencies and bodies in order to carry out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or for customs or taxation administration. This Chapter does not affect the applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.
2022/11/14
Committee: ITRE
Amendment 816 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
(c) explain the purpose of the request, the choice of data providers, the intended use of the data requested, and the duration of that use;
2022/11/14
Committee: ITRE
Amendment 820 #
Proposal for a regulation
Article 17 – paragraph 1 – point d a (new)
(d a) specify the geographical limits that apply to the request for data;
2022/11/14
Committee: ITRE
Amendment 833 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
(e b) specify the third parties it intends to share the obtained data with;
2022/11/14
Committee: ITRE
Amendment 834 #
Proposal for a regulation
Article 17 – paragraph 2 – point a
(a) be made in writing and be expressed in clear, concise and plain language understandable to the data holder;
2022/11/14
Committee: ITRE
Amendment 836 #
Proposal for a regulation
Article 17 – paragraph 2 – point a a (new)
(a a) be submitted through the competent authority in the Member State where the public sector body, Union institution, agency, or body is established, and be evaluated by the competent authority of the Member State where the data holder is established.
2022/11/14
Committee: ITRE
Amendment 845 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
(d) in case of requests made pursuant to Article 15, point (a), concern, insofar as possible, non- personal data;
2022/11/14
Committee: ITRE
Amendment 849 #
Proposal for a regulation
Article 17 – paragraph 2 – point d a (new)
(d a) in case of requests made pursuant to Article 15, point (b), concern personal data only in case the dataprocessing has a specific basis in Union or Member State law;
2022/11/14
Committee: ITRE
Amendment 858 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply. The third party shall not use the data it receives to develop a product or a service that competes with the product or service from which the accessed data originate, or share the data with another third party.
2022/11/14
Committee: ITRE
Amendment 864 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2 a (new)
The third party shall not use the data it receives from a public sector body or a Union institution, agency or body as a result of the outsourcing of technical inspections or other functions pursuant to paragraph 4, to develop a product or a service that competes with the product or service from which the accessed data originate or share the data with another third party for that purpose
2022/11/14
Committee: ITRE
Amendment 872 #
Proposal for a regulation
Article 18 – paragraph 1
1. A data holder receiving a request for access to data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay, taking into account provision of time and necessary technical, organisational and legal measures.
2022/11/14
Committee: ITRE
Amendment 887 #
Proposal for a regulation
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to anonymise or pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data.
2022/11/14
Committee: ITRE
Amendment 891 #
Proposal for a regulation
Article 19 – paragraph 1 – introductory part
1. A public sector body or a Union institution, agency or body having received data pursuant to a request made under Article 14 or statistical or research organisation receiving data pursuant to a request made under Article 21(1) shall:
2022/11/14
Committee: ITRE
Amendment 900 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
(b a) have in place appropriate and proportionate technical and organisational measures to manage cyber risks that could affect the confidentiality, integrity, or availability of the requested data;
2022/11/14
Committee: ITRE
Amendment 903 #
Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)
(b b) disclose to the responding data holder when a cybersecurity incident has occurred that is affecting the confidentiality, integrity, or availability of the requested data that are in the possession of a public sector body or a Union institution, agency, or body as soon as possible and no later than 72 hours after having determined that the incident has occurred.
2022/11/14
Committee: ITRE
Amendment 923 #
Proposal for a regulation
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceedcover the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
2022/11/14
Committee: ITRE
Amendment 930 #
Proposal for a regulation
Article 20 – paragraph 2 a (new)
2 a. Where the public-sector body or the Union institution, agency or body wishes to challenge the level of compensation requested by the data holder, the matter shall be brought to the competent authority referred to in Article 31 of the Member State where the data holders is established.
2022/11/14
Committee: ITRE
Amendment 931 #
Proposal for a regulation
Article 20 – paragraph 2 a (new)
2 a. Where the public sector body or the Union institution, agency or body wishes to challenge the level of compensation requested by the data holder, the matter shall be brought to the competent authority referred to in Article 31 of the Member State where the data holder is established.
2022/11/14
Committee: ITRE
Amendment 934 #
Proposal for a regulation
Article 21 – paragraph 1
1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested, or to national statistical institutes, the members of the European System of Central Banks, and Eurostat for the compilation of official statistics.
2022/11/14
Committee: ITRE
Amendment 952 #
Proposal for a regulation
Article 22 – paragraph 4 a (new)
4 a. Where a public sector body intends to request data under Article 15 (b) of this Chapter from a data holder established in another Member State the request shall be evaluated in line by the competent authority of the Member State where the data holder is established.
2022/11/14
Committee: ITRE
Amendment 954 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider. In particularorder to provide for effective services switching, providers of data processing service shall remove commercial, technical, contractual and organisational obstacles, which inhibitdiscourage customers from:
2022/11/14
Committee: ITRE
Amendment 957 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service; , or a mutually agreed longer notice period on a contractual basis provided that both parties are able to equally influence the contractual content.
2022/11/14
Committee: ITRE
Amendment 959 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
(c) porting its data, and metadata created by the customer and by the use of the originating service, and/or the customer’s applications and other digital assets to another provider of data processing services;
2022/11/14
Committee: ITRE
Amendment 969 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
(1) assist and, where technically feasible, complete the switching process, including reasonably assisting a third- party entity managing the switching process on behalf of the customer;
2022/11/14
Committee: ITRE
Amendment 971 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
(2) ensure full continuity or sufficient continuity in compliance with the contractual arrangements related to continuity in the provision of the respective functions or services.
2022/11/14
Committee: ITRE
Amendment 972 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) provide the customer and third parties authorised by the customer, at their request, access to the resources necessary to support the switching process.
2022/11/14
Committee: ITRE
Amendment 974 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
(b) an exhaustive specification of all data and application categories exportable during the switching process, including, where technically feasible, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;
2022/11/14
Committee: ITRE
Amendment 979 #
Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)
(c a) clear description of the different operations required for switching process and clear indication of the corresponding charges imposed on the customer;
2022/11/14
Committee: ITRE
Amendment 983 #
Proposal for a regulation
Article 25 – paragraph 1
1. From [the date X+3yrsof entry into force of this Regulation] onwards, providers of data processing services shall not impose any charges on the customer who are consumers for the switching process.
2022/11/14
Committee: ITRE
Amendment 985 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
1 a. From [date X + 3 yrs] onwards, providers of data processing services shall not impose any charges on the customer in the context of business-to-business relations for the switching process.
2022/11/14
Committee: ITRE
Amendment 986 #
Proposal for a regulation
Article 25 – paragraph 2
2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer in business-to-business relations for the switching process.
2022/11/14
Committee: ITRE
Amendment 989 #
Proposal for a regulation
Article 25 – paragraph 4
4. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor switching charges imposed by data processing service providers on the market to ensure that the withdrawal of switching charges as described in paragraph 1a of this Article will be attained in accordance with the deadline provided in the same paragraph.
2022/11/14
Committee: ITRE
Amendment 990 #
Proposal for a regulation
Article 26 – title
Technical aspects of switching and interoperability
2022/11/14
Committee: ITRE
Amendment 991 #
Proposal for a regulation
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure thatprovide assistance and take all necessary measures in their power, including in cooperation with the data processing service provider of the destination service, to facilitate the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoyswith the aim of achieving functional equivalence in the use of the new service.
2022/11/14
Committee: ITRE
Amendment 993 #
Proposal for a regulation
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfacescan be required by the data recipient to make open interfaces designed to facilitate switching between services of the same service type publicly available and free of charge.
2022/11/14
Committee: ITRE
Amendment 994 #
Proposal for a regulation
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfaces publicly available and free of charge for the purposes of portability and interoperability.
2022/11/14
Committee: ITRE
Amendment 997 #
Proposal for a regulation
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format. The exporting data processing service shall ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, can enjoy functional equivalence in the use of the new service.
2022/11/14
Committee: ITRE
Amendment 1000 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
4 a. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall make APIs available for the purpose of interoperability. These APIs shall ensure, where technically feasible, that third-party services can enjoy the same functional equivalence as first-party services.
2022/11/14
Committee: ITRE
Amendment 1001 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
4 a. Providers of data processing services should not be required to make their services less secure to ensure functional equivalence nor providers of non-infrastructure services be required to meet specifications that do not support security features of their service, unless incases where such change introduces higher security and cybersecurity standards.
2022/11/14
Committee: ITRE
Amendment 1006 #
Proposal for a regulation
Article 27 – paragraph 1
1. Providers of data processing services shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer orand governmental access to such non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
2022/11/14
Committee: ITRE
Amendment 1010 #
Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2
The addressee of the decision mayshall ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, or may impinge on national security or defence interests of the Union or its Member States.
2022/11/14
Committee: ITRE
Amendment 1011 #
Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 3
The European Data Innovation Board established under Regulation [xxx – DGA](EU) 2022/868 shall advise and assist the Commission in developing guidelines on the assessment of whether these conditions are met.
2022/11/14
Committee: ITRE
Amendment 1017 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Operators ofwithin data spaces shall comply with, the following essential requirements applicable to the services offered by the operator, to facilitate interoperability of data, data sharing mechanisms and services:
2022/11/14
Committee: ITRE
Amendment 1019 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Operators ofwithin data spaces shall comply with, the following essential requirements, applicable to the services offered by the operator, to facilitate interoperability of data, data sharing mechanisms and services:
2022/11/14
Committee: ITRE
Amendment 1020 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Operators ofData holders and Operators within Common European data spaces shall comply with, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services:
2022/11/14
Committee: ITRE
Amendment 1021 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
OData holders and operators ofwithin data spaces shall comply with, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services:
2022/11/14
Committee: ITRE
Amendment 1022 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a
(a) the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described in a machine-readable format to allow the recipient to find, access and use the data;
2022/11/14
Committee: ITRE
Amendment 1026 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format, where that is necessary for the good functioning of the product or service and is technically feasible;
2022/11/14
Committee: ITRE
Amendment 1027 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d
(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.
2022/11/14
Committee: ITRE
Amendment 1030 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d
(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.
2022/11/14
Committee: ITRE
Amendment 1033 #
Proposal for a regulation
Article 28 – paragraph 2
2. The Commission, in consultation with the European Data Innovation Board in line with the Articles 29and 30 (f)and 30(h) of the Regulation (EU)No 2022/868 is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by further specifying the essential requirements referred to in paragraph 1.
2022/11/14
Committee: ITRE
Amendment 1035 #
3. Operators ofwithin data spaces and data holders that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.
2022/11/14
Committee: ITRE
Amendment 1036 #
Proposal for a regulation
Article 28 – paragraph 3
3. OData holders and operators ofwithin data spaces that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.
2022/11/14
Committee: ITRE
Amendment 1037 #
Proposal for a regulation
Article 28 – paragraph 3 a (new)
3 a. The operators within a particular data space shall agree on the rules by which the accountabilities regarding these requirements are defined between the operators.
2022/11/14
Committee: ITRE
Amendment 1041 #
Proposal for a regulation
Article 28 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article and are developed inan and are developed in an open, transparent, technology-neutral, and inclusive manner in accordance with the Chapter II of Regulation (EU) No 1025/2012.
2022/11/14
Committee: ITRE
Amendment 1045 #
Proposal for a regulation
Article 28 – paragraph 6
6. The Commission, in consultation with the European Data Innovation Board in line with the Articles 29 and 30(f)and 30(h) of the Regulation (EU) 2022/868 may adopt guidelines laying down interoperability specifications for the functioning of common European data spaces, such as architectural models and technical standards implementing legal rules and arrangements between parties that foster data sharing, such as regarding rights to access and technical translation of consent or permission.
2022/11/14
Committee: ITRE
Amendment 1046 #
Proposal for a regulation
Article 29 – title
Interoperability and portability for data processing services
2022/11/14
Committee: ITRE
Amendment 1048 #
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
1. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall:
2022/11/14
Committee: ITRE
Amendment 1050 #
Proposal for a regulation
Article 29 – paragraph 1 – point a
(a) be performance oriented towards achieving interoperability and portability between different data processing services that cover the same service type;
2022/11/14
Committee: ITRE
Amendment 1051 #
Proposal for a regulation
Article 29 – paragraph 1 – point b
(b) enhance interoperability and portability of digital assets between different data processing services that cover the same service type;
2022/11/14
Committee: ITRE
Amendment 1052 #
Proposal for a regulation
Article 29 – paragraph 1 – point b
(b) enhance portability of data and of digital assets between different data processing services that cover the same service type;
2022/11/14
Committee: ITRE
Amendment 1054 #
Proposal for a regulation
Article 29 – paragraph 1 – point c
(c) guarantefacilitate, where technically feasible, functional equivalence between different data processing services that cover the same service type.
2022/11/14
Committee: ITRE
Amendment 1057 #
Proposal for a regulation
Article 29 – paragraph 2 – introductory part
2. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall address:
2022/11/14
Committee: ITRE
Amendment 1062 #
Proposal for a regulation
Article 29 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to define the scope of a specific service type and to draft European standards applicable to specific service types of data processing services.
2022/11/14
Committee: ITRE
Amendment 1063 #
Proposal for a regulation
Article 29 – paragraph 5
5. For the purposes of Article 26(3) of this Regulation, the Commission in consultation with the European Data Innovation Board in line with the Articles 29 and 30(f) and 30(h) of Regulation (EU) 2022/868 shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability of data processing services in central Union standards repository for the interoperability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.
2022/11/14
Committee: ITRE
Amendment 1065 #
Proposal for a regulation
Article 29 – paragraph 5
5. For the purposes of Article 26(3) of this Regulation, the Commission shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability and portability of data processing services in central Union standards repository for the interoperability and portability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.
2022/11/14
Committee: ITRE
Amendment 1067 #
Proposal for a regulation
Article 30 – title
30 Essential requirements regarding smart contracts for data sharing
2022/11/14
Committee: ITRE
Amendment 1069 #
Proposal for a regulation
Article 30 – paragraph 1 – point a
(a) robustness and access control: ensure that the smart contract has been designed to offer rigorous access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties;
2022/11/14
Committee: ITRE
Amendment 1072 #
Proposal for a regulation
Article 30 – paragraph 1 – point c
(c) data archiving and continuity: foresee, if a smart contract must be terminated or deactivated, a possibility to archive transactional data, the smart contract logic and code to keep the record of the operations performed on the data in the past (auditability); andeleted
2022/11/14
Committee: ITRE
Amendment 1075 #
Proposal for a regulation
Article 30 – paragraph 1 – point d
(d) access control: a smart contract shall be protected through rigorous access control mechanisms at the governance and smart contract layers.deleted
2022/11/14
Committee: ITRE
Amendment 1082 #
Proposal for a regulation
Article 30 – paragraph 2
2. The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of an agreement to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements under paragraph 1 and, on the fulfilment of the requirements, issue an EU declaration of conformity.deleted
2022/11/14
Committee: ITRE
Amendment 1085 #
Proposal for a regulation
Article 30 – paragraph 4
4. A smart contract that meets the harmonised standards or the relevant parts thereof drawn up and published in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements under paragraph 1 of this Article to the extent those standards cover those requirements.deleted
2022/11/14
Committee: ITRE
Amendment 1087 #
Proposal for a regulation
Article 30 – paragraph 5
5. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential the requirements under paragraph 1 of this Article.deleted
2022/11/14
Committee: ITRE
Amendment 1089 #
Proposal for a regulation
Article 30 – paragraph 6
6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross-border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).deleted
2022/11/14
Committee: ITRE
Amendment 1093 #
Proposal for a regulation
Article 30 a (new)
Article 30 a Digital Identity of Internet of Things devices 1. Internet of Thing (IoT) data generating devices, such as machines, sensors, websites or cloud servers, can have a digital identity and electronic attestation of attributes within the meaning of the Regulation (EU) 910/2014 (European Digital Identity Framework). Digital identity of IoT devices shall allow for identification of a device, and for establishment of a relationship between a device and its owner. 2. The European Digital Identity Wallet (EDIW) within the meaning of Article 6a of the Regulation (EU) 910/2014 (European Digital Identity Framework) shall allow for issuing of electronic attestation of attributes of IoT devices that can be associated with the user of the EDIW at his/her request. 3. The Commission shall be empowered by delegated acts to adopt minimum data sets for the digital identity of certain categories of IoT devices and for their electronic attestation of attributes.
2022/11/14
Committee: ITRE
Amendment 1095 #
Proposal for a regulation
Article 31 – paragraph 1
1. Each Member State shall designate one or more competent authorities as responsible for the application and enforcement of this Regulation, with designated responsible competent authority coordinating the work of the competent authorities. Member States may establish one or more new authorities or rely on existing authorities.
2022/11/14
Committee: ITRE
Amendment 1102 #
Proposal for a regulation
Article 31 – paragraph 2 – point c
(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have, sufficient technical and human resources and expertise experience in the field of consumer protection, data and electronic communications services.
2022/11/14
Committee: ITRE
Amendment 1104 #
Proposal for a regulation
Article 31 – paragraph 2 – point c
(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have technical and human resources and experience in the field of data and electronic communications services.
2022/11/14
Committee: ITRE
Amendment 1105 #
Proposal for a regulation
Article 31 – paragraph 3 – introductory part
3. Member States shall ensure that the respective tasks and powers of the competent authorities designated pursuant to paragraph 1 of this Article are clearly defined and shall at least include:
2022/11/14
Committee: ITRE
Amendment 1106 #
Proposal for a regulation
Article 31 – paragraph 3 – point a a (new)
(a a) coordinating the relevant cooperation with other authorities;
2022/11/14
Committee: ITRE
Amendment 1107 #
Proposal for a regulation
Article 31 – paragraph 3 – point b
(b) handling complaints arising from alleged violations of this Regulation, and investigating, to the extent appropriate, the subject matter of the complaint and regularly and meaningfully informing the complainant of the progress and the outcome of the investigation swiftly within a reasonable period, in particular if further investigation or coordination with another competent authority is necessary;
2022/11/14
Committee: ITRE
Amendment 1110 #
Proposal for a regulation
Article 31 – paragraph 3 – point d
(d) imposing, through administrative or juridical procedures, dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines;
2022/11/14
Committee: ITRE
Amendment 1111 #
Proposal for a regulation
Article 31 – paragraph 3 – point e
(e) monitoring technological developments of relevance for the making available and use of data with a view of better enforcing this Regulation; ;
2022/11/14
Committee: ITRE
Amendment 1114 #
Proposal for a regulation
Article 31 – paragraph 3 – point f
(f) cooperating with competent authorities of other Member States to ensure the consistent swift and effective application of this Regulation, including the exchange of all relevant information by electronic means, in a timely manner without undue delay;
2022/11/14
Committee: ITRE
Amendment 1117 #
Proposal for a regulation
Article 31 – paragraph 3 – point h
(h) cooperating with all relevant competent authorities and the European Data the European Data Innovation Board to ensure that the obligations of Chapter VIthis Regulation are enforced consistently with other Union legislation and self-regulation applicable to providers of data processing service;ctor specific data governance rules and regulations
2022/11/14
Committee: ITRE
Amendment 1120 #
Proposal for a regulation
Article 31 – paragraph 4
4. Where a Member State designates more than one competent authority, the competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 3 of this Article, cooperate with each other, including, as appropriate, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679, to ensure the consistent application of this Regulation. In such cases, relevant Member States shall designate a coordinating, responsible competent authority.
2022/11/14
Committee: ITRE
Amendment 1121 #
Proposal for a regulation
Article 31 – paragraph 6
6. When carrying out their tasks and exercising their powers in accordance with this Regulation, the competent authorities shall be independent and remain free from any external influence, whether direct or indirect, and shall neither seek nor take instructions from any other public authority or any private party.
2022/11/14
Committee: ITRE
Amendment 1126 #
Proposal for a regulation
Article 31 a (new)
Article 31 a Role of the European Data Innovation Board The European Data Innovation Board should foster the mutual exchange of information amongst competent authorities as well as advise and assist the Commission in matters of this Regulation falling under the competences of the Board in line with Article 30 of Regulation (EU) 2022/868
2022/11/14
Committee: ITRE
Amendment 1127 #
Proposal for a regulation
Article 32 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant , collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights or the obligations under this Regulation have been infringed.
2022/11/14
Committee: ITRE
Amendment 1129 #
Proposal for a regulation
Article 32 – paragraph 3
3. Competent authorities shall cooperate early in the process to handle and resolve complaints, including by effectively and in a timely manner, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.
2022/11/14
Committee: ITRE
Amendment 1130 #
Proposal for a regulation
Article 32 – paragraph 3
3. Competent authorities shall cooperate to handle and resolve complaints, including by effectively and in a timely manner, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.
2022/11/14
Committee: ITRE
Amendment 1131 #
Proposal for a regulation
Article 32 a (new)
Article 32 a Representation Without prejudice to Directive (EU) 2020/1828 or to any other type of representation under national law, recipients of intermediary services shall at least have the right to mandate a body, organisation or association to exercise the rights conferred by this Regulation on their behalf, provided the body, organisation or association meets all of the following conditions: (a) it operates on a not-for-profit basis; (b) it has been properly constituted in accordance with the law of a Member State; (c) its statutory objectives include a legitimate interest in ensuring that this Regulation is complied with.
2022/11/14
Committee: ITRE
Amendment 1132 #
Proposal for a regulation
Article 32 b (new)
Article 32 b Right to an effective judicial remedy against a competent authority 1. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy against a legally binding decision of a competent authority concerning them. 2. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy where the competent authority does not handle a complaint swiftly or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 32. 3. Proceedings against a competent authority shall be brought before the courts of the Member State of the habitual residence, place of work or establishment of the user or their representative organisation. 4. Where proceedings are brought against a decision of a competent authority which was preceded by an opinion or a decision of the Board in the consistency mechanism, the supervisory authority shall forward that opinion or decision to the court.
2022/11/14
Committee: ITRE
Amendment 1133 #
Proposal for a regulation
Article 32 c (new)
Article 32 c Right to an effective judicial remedy against a controller or processor 1. Without prejudice to any available administrative or non-judicial remedy, including under Directive (EU) 2020/1828 and the righto lodge a complaint with a competent authority pursuant to Article 32b,each user shall have the right to an effective judicial remedy where he or she considers that their rights under this Regulation have been infringed as a result of the non-compliance with this Regulation. 2. Proceedings against a data holder, third party or data recipient shall be brought before the courts of the Member State where the user has their habitual residence, place or work or establishment.
2022/11/14
Committee: ITRE
Amendment 1135 #
Proposal for a regulation
Article 33 – paragraph 1
1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive, including administrative fines against enterprises of a minimum of 20 000 000EUR or 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
2022/11/14
Committee: ITRE
Amendment 1139 #
Proposal for a regulation
Article 33 – paragraph 2
2. Member States shall by [date of application of the Regulation] notify the Commission , the European Data Protection Board and the European Data Innovation Boardof those rules and measures and shall notify it them without delay of any subsequent amendment affecting them. The Commission shall regularly update and maintain an easily accessible public register of those measures.
2022/11/14
Committee: ITRE
Amendment 1143 #
The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. These non-binding contractual terms shall be openly freely available in easily usable electronic format.
2022/11/14
Committee: ITRE
Amendment 1144 #
Proposal for a regulation
Article 34 – paragraph 1
The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such contractual terms shall be in line with Fair, Reasonable and Non- Discriminatory(FRAND) principles.
2022/11/14
Committee: ITRE
Amendment 1145 #
Proposal for a regulation
Article 34 – paragraph 1 a (new)
The Commission shall, after consulting the European Data Protection Board, issue guidelines on the definition of products to ascertain which devices are included or excluded from the scope of this Regulation in line with the definition of product under Article 2 of this Regulation.
2022/11/14
Committee: ITRE
Amendment 1147 #
Proposal for a regulation
Article 35 – paragraph 1 a (new)
The right of the maker of a databaseas provided for in Article 7(1) of Directive 96/9/EC shall not be exercised by data holders in such away that it prevents them from making data available to public sector bodies, or Union institutions, agencies or bodies, subsequent to a request made under Article 14 of this Regulation.
2022/11/14
Committee: ITRE
Amendment 1153 #
Proposal for a regulation
Article 41 – paragraph 1 – point e a (new)
(e a) evaluation of the impacts of this Regulation to the development of business practices and monetisation practices of the European data economy and possible needs for reviewing the Regulation.
2022/11/14
Committee: ITRE