Activities of Felix REDA related to 2017/0228(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on a framework for the free flow of non-personal data in the European Union PDF (871 KB) DOC (128 KB)
Amendments (29)
Amendment 77 #
Proposal for a regulation
Recital 10
Recital 10
(10) Under Regulation (EU) 2016/679, Member States may neither restrict nor prohibit the free movement of personal data within the Union for reasons connected with the protection of natural persons with regard to the processing of personal data. This Regulation establishes the same principle of free movement within the Union for non-personal data except when a restriction or a prohibition would be justified for public security reasons as defined by Union law, in particular Article 52 of the Treaty on the Functioning of the European Union.
Amendment 79 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10a) This Regulation should apply to non-personal data. Where a natural person is directly or indirectly identifiable following the Regulation 2016/679 (GDPR), a data set cannot be considered non-personal. Furthermore, mixed data sets should be considered mixed where personal and non-personal data are inextricably linked. Therefore such data sets should be considered as personal data and only the GDPR applies. This Regulation should neither impose an obligation to store personal and non- personal data separately nor an obligation to unbundle mixed data sets.
Amendment 112 #
(20) The ability to port data without hindrance is a key facilitator of user choice and effective competition on markets for data storage or other processing services. The real or perceived difficulties to port data cross-border also undermine the confidence of professional users in taking up cross- border offers and hence their confidence in the internal market. Whereas natural persons and consumers benefit from existing Union legislation, the ability to switch between service providers is not facilitated for users in the course of their business or professionalother activities.
Amendment 115 #
Proposal for a regulation
Recital 21
Recital 21
(21) In order to take full advantage of the competitive environment, professional users should be able to make informed choices and easily compare the individual components of various data storage or other processing services offered in the internal market, including as to the contractual conditions of porting data upon the termination of a contract. In order to align with the innovation potential of the market and to take into account the experience and expertise of the providers and professional users of data storage or other processing servicesimplement the right to data portability, the detailed information and operational requirements for data porting, including the porting of data by the providers on behalf of the user, should be defined by market players through self- regulation, encouraged and facilitated by the Commission, in the form of Union codes of conduct which may entail model contract terms. These codes of conduct should stipulate that vendor lock-in is not an acceptable business practice, shall make use of open standards and open specifications and provide for trust increasing technologies like encryption. Nonetheless, if such codes of conduct are not put in place and effectively implemented within a reasonablethe set period of time, or if there is cause for concern, the Commission should review the situation.
Amendment 119 #
Proposal for a regulation
Recital 21 a (new)
Recital 21 a (new)
(21a) Where data storage or other processing of data is carried out, users should be allowed to receive data in a structured, commonly used, machine- readable and interoperable format, and to transmit it or have it transmitted directly from one to another data storage or processing service. Service providers should provide the data in interoperable formats, making use of open standards and open specifications that enable data portability.
Amendment 120 #
Proposal for a regulation
Recital 24
Recital 24
(24) Enhancing trust in the security of cross-border data storage or other processing should reduce the propensity of market players and the public sector to use data localisation as a proxy for data security. It should also improve the legal certainty for companies on applicable security requirements when outsourcing their data storage or other processing activities, including to service providers in other Member States. For that purpose Member States need to avoid intrusive legislation that would put into question the security, integrity, or authenticity of the data, such as government back-doors, while the service providers should deploy state of the art available technologies to implement security-by-design and privacy- by-design policies and practices. Ease of switching providers and data portability are also trust-increasing factors and need to be ensured.
Amendment 132 #
Proposal for a regulation
Recital 29
Recital 29
(29) This Regulation is without prejudice to other applicable EU law regarding treatment of data, respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, and should be interpreted and applied in accordance with those rights and principles, including the rights to the protection of personal data (Article 8), the freedom to conduct a business (Article 16), and the freedom of expression and information (Article 11).
Amendment 133 #
Proposal for a regulation
Recital 29 a (new)
Recital 29 a (new)
(29a) This Regulation is without prejudice to Directive [XX] on certain aspects concerning contracts for the supply of digital content.
Amendment 134 #
(29b) As public sector entities, such as Union and Member States’ authorities and administrations, are particularly affected by this Regulation, they should take a lead role in the application of the free flow of data in order to encourage the uptake of the free flow of data also among businesses.
Amendment 136 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
This Regulation seeks to ensure the free movement of data other than personal data within the Union by laying down rules relating to data localisation requirements, the availability of data to competent authorities and data porting for professional users.
Amendment 144 #
Proposal for a regulation
Article 2 – paragraph 1 a (new)
Article 2 – paragraph 1 a (new)
1a. In the case of mixed data sets, where personal and non-personal data are inextricably linked, Regulation (EU) 2016/679 applies to the whole data set.
Amendment 148 #
Proposal for a regulation
Article 3 – paragraph 1 – point 1 a (new)
Article 3 – paragraph 1 – point 1 a (new)
1a. ‘mixed data set’ means a data set composed of personal and non-personal data which are inextricably linked.
Amendment 158 #
Proposal for a regulation
Article 3 – paragraph 1 – point 7
Article 3 – paragraph 1 – point 7
7. ‘user’ means a natural or legal person, including a public sector entity, using or requesting a data storage or other processing service;
Amendment 161 #
Proposal for a regulation
Article 3 – paragraph 1 – point 8
Article 3 – paragraph 1 – point 8
Amendment 167 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Location of data for storage or other processing within the Union shall not be restricted to the territory of a specific Member State, and storage or other processing in any otherData localisation requirements within the Union which restrict data storage or other processing to the territory of a specific Member State shall not be prohibited or restricted, unless it isunless, on an exceptional basis, they are justified on imperative grounds of public security, in compliance with the principle of proportionality.
Amendment 179 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Where a competent authority has exhausted all applicable means to obtain access to the data, it may request the assistance of a competent authority in another Member State in accordance with the procedure laid down in Article 7, and the requested competent authority shall provide assistance in accordance with the procedure laid down in Article 7, unless it would be contrary to the public order of the requested Member State.
Amendment 185 #
Proposal for a regulation
Article 6 – title
Article 6 – title
Amendment 186 #
Proposal for a regulation
Article 6 – paragraph -1 (new)
Article 6 – paragraph -1 (new)
-1. Users shall have the right to receive the data they submitted for storage or other processing in a structured, commonly used and machine-readable format; and the right to transmit those data to another provider without hindrance from the provider.
Amendment 188 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. The Commission shall encourage and facilitate the development of self- regulatory codes of conduct at Union level, in order tothat define guidelines onand best practices in facilitating the switching of providers and to ensure thdirect transmission of data from one provider to another upon request of the user, in order to facilitate they provide professional users users’ right to data portability and to ensure that users are provided with sufficiently detailed, clear and transparent information before a contract for data storage and processing is concluded, taking due account of open standards to enable interoperability as regards the following issues:
Amendment 194 #
Proposal for a regulation
Article 6 – paragraph 1 – point -a (new)
Article 6 – paragraph 1 – point -a (new)
(-a) best practices facilitating the switching of providers or porting data to a user’s own IT systems, using structured, commonly used, machine-readable and interoperable formats, including open standard formats where required or requested by the service provider receiving the data; and allowing sufficient time for users to switch or port the data; and
Amendment 197 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) the processes, technical requirements, timeframes and charges that apply in case a professional user wants to switch to another provider or port data back to its own IT systems, including the processes and location of any data back-up, the available data formats and supports, the required IT configuration and minimum network bandwidth; the time required prior to initiating the porting process and the time during which the data will remain available for porting; and the guarantees for accessing data in the case of the bankruptcy of the provider; and
Amendment 204 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. The codes of conduct referred to in paragraph 1 of this Article shall provide for removal of barriers that limit the data mobility, promote the use of open standards and open specifications and provide for trust-increasing technologies.
Amendment 205 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
2. The Commission shall encourage pProviders toshall effectively implement the right to data portability referred to in paragraph -1 and the codes of conduct referred to in paragraph 1 within one yearsix months after the start of application of this Regulation.
Amendment 210 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The Commission shall review the development and effective implementation of suchmeasures to ensure the right to data portability, the codes of conduct, and the effective provision of information by providers no later than twoone years after the start of application of this Regulation. Where the self-regulatory code of conduct has not reduced the number of existing barriers to the porting of data, the review shall, as appropriate, be followed by a further legislative proposal.
Amendment 219 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. No later than [53 years after the date mentioned in Article 10(2)], the Commission shall carry out a review of this Regulation and presenof publication of this Regulation, the Commission shall submit a report on the main findings to the European Parliament, the Council and the European Economic and Social Committee. evaluating the implementation of this Regulation, in particular in respect of:
Amendment 224 #
Proposal for a regulation
Article 9 – paragraph 1 – point a (new)
Article 9 – paragraph 1 – point a (new)
(a) the effects of this Regulation to public sector entities, and the acceptance and uptake in the private sector;
Amendment 225 #
Proposal for a regulation
Article 9 – paragraph 1 – point b (new)
Article 9 – paragraph 1 – point b (new)
(b) the implementation by Member States of Article 4(1), in particular the public security exception;
Amendment 227 #
Proposal for a regulation
Article 9 – paragraph 1 – point c (new)
Article 9 – paragraph 1 – point c (new)
(c) the effective implementation of the right to data portability referred to in Article 6(-1);
Amendment 228 #
Proposal for a regulation
Article 9 – paragraph 1 – point d (new)
Article 9 – paragraph 1 – point d (new)
(d) the development and effective implementation of the codes of conduct referred to in Article 6(1) and the effective provision of information by providers.