144 Amendments of Krzysztof HETMAN related to 2022/0047(COD)
Amendment 101 #
Proposal for a regulation
Recital 7 a (new)
Recital 7 a (new)
(7a) This Regulation complements and is without prejudice to the Union and national laws providing for the access to and enabling to use data for statistical purposes, in particular regulation 223/2009 on European Statistics and its related legal acts as well as national legal acts related to official statistics.
Amendment 109 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
Amendment 113 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, andsensor-generated data or data captured by embedded applications, and data recorded by a device without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.
Amendment 113 #
Proposal for a regulation
Recital 7 a (new)
Recital 7 a (new)
(7 a) This Regulation complements and is without prejudice to the Union and national laws providing for the access to and enabling to use data for statistical purposes, in particular regulation 223/2009 on European Statistics and its related legal acts as well as national legal acts related to official statistics.
Amendment 118 #
Proposal for a regulation
Recital 7 a (new)
Recital 7 a (new)
(7 a) This Regulation complements and is without prejudice to the Union and national laws providing for the access to and enabling to use data for statistical purposes, in particular Regulation 223/2009 on European Statistics and its related legal acts as well as national legal acts related to official statistics.
Amendment 120 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate products including physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product if such data are collected. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.
Amendment 126 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
Amendment 128 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, andsensor-generated data or data captured by embedded applications, and data recorded by a device without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.
Amendment 132 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
Amendment 134 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate products including physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product if such data are collected. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.
Amendment 151 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, andsensor-generated data or data captured by embedded applications, and data recorded by a device without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.
Amendment 177 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate products including physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product if such data are collected. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.
Amendment 180 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processing service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset. However, in order to avoid imposing overly broad obligations, a service should not be considered data processing service where enabling on- demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature is merely a minor and purely ancillary feature of another service. For example, this should not apply to online platforms within the meaning of the Digital Services Act where data storing is merely a minor and purely ancillary feature of another service such as social networks or online marketplaces
Amendment 193 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processing service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset. However, in order to avoid imposing overly broad obligations, a service should not be considered data processing service where enabling on- demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature is merely a minor and purely ancillary feature of another service. For example, this should not apply to online platforms within the meaning of the Digital Services Act where data storing is merely a minor and purely ancillary feature of another service such as social networks or online marketplaces.
Amendment 213 #
3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect the applicability of Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC, including the powers and competences of supervisory authorities. Insofar as the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement the right of data portability under Article 20 of Regulation (EU) 2016/679. In the event of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data shall prevail.
Amendment 218 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1a) ‘data generated by the use of a product or a related service’ means any data recorded intentionally by the user or as a by-product of the user’s action, as well as data generated or recorded without any action by the user among others in stand by mode or while the product is switched off. This includes sensor-generated data, data captured by embedded applications and diagnostics data.
Amendment 222 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1 a) ‘data generated by the use of a product or a related service’ means any data recorded intentionally by the user or as a by-product of the user’s action, as well as data generated or recorded without any action by the user among others in standby mode or while the product is switched off. This includes sensor-generated data, data captured by embedded applications and diagnostics data;
Amendment 223 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
Article 2 – paragraph 1 – point 1 b (new)
(1b) Diagnostic data is data that is the product of diagnostics functions or algorithms which provide information on the correct functioning and performance of the product and potential malfunctions
Amendment 226 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
Article 2 – paragraph 1 – point 1 b (new)
(1 b) 'diagnostic data' is data that is the product of diagnostics functions or algorithms which provide information on the correct functioning and performance of the product and potential malfunctions;
Amendment 241 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who: i) has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, orto make available data generated by products or related services, or ii) in the case of non-personal data and through control of the technical design of the product and related services, has the ability, to make available certain data;
Amendment 242 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who: (i) has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, orto make available data generated by products or related services, or (ii) in the case of non-personal data and through control of the technical design of the product and related services, has the ability, to make available certain data;
Amendment 255 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data processing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which as its main feature enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature;
Amendment 255 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data processing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which as its main feature enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature;
Amendment 259 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
Amendment 264 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user, including the user with special needs.
Amendment 266 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 267 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1 b. The user may grant or withdraw at any time consent for the data holder to the use of their data or to the third party nominated by the data holder.
Amendment 273 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20a) 'official statistics' means European statistics according to Regulation 223/2009 and statistics considered official according to national legislation.
Amendment 274 #
i) The data holder shall provide information on the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, which shall be described in a publicly available and consistent manner.
Amendment 275 #
Proposal for a regulation
Article 3 – paragraph 2 – point c – point ii (new)
Article 3 – paragraph 2 – point c – point ii (new)
ii) The technical means to access the data, such as Software Development Kits or application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable the development of such means of access.
Amendment 280 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2 a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.
Amendment 281 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. In case when filing a request via electronic channels is not possible or limited by a disability, the data holder shall enable other forms of request that are appropriate for persons with communication problems.
Amendment 282 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user, including the user with special needs.
Amendment 285 #
Proposal for a regulation
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 286 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 286 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. The right to request the data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the rights protected under Directive (EU)2016/943.
Amendment 290 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1b. The user may grant or withdraw at any time consent for the data holder to the use of their data or to the third party nominated by the data holder
Amendment 299 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 301 #
Proposal for a regulation
Article 3 – paragraph 2 – point c a (new)
Article 3 – paragraph 2 – point c a (new)
(ca) The data holder shall provide information on the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, which shall be described in a publicly available and consistent manner.
Amendment 302 #
Proposal for a regulation
Article 3 – paragraph 2 – point c b (new)
Article 3 – paragraph 2 – point c b (new)
Amendment 310 #
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party. The right to request the data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the rights protected under Directive (EU)2016/943.
Amendment 313 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.
Amendment 317 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. In case when filing a request via electronic channels is not possible or limited by a disability, the data holder shall enable other forms of request that are appropriate for persons with communication problems.
Amendment 320 #
Proposal for a regulation
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
1a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 327 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 331 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processing service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset. However, in order to avoid imposing overly broad obligations, a service should not be considered data processing service where enabling on- demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature is merely a minor and purely ancillary feature of another service. For example, this should not apply to online platforms within the meaning of the Digital Services Act where data storing is merely a minor and purely ancillary feature of another service such as social networks or online marketplaces
Amendment 338 #
Proposal for a regulation
Article 8 – paragraph 6
Article 8 – paragraph 6
6. Unless otherwise provided by Union law, including Article 6 of this Regulation, or by national legislation implementing Union law, an obligation to make data available to a data recipient shall not oblige the disclosureWhile the obligation to make data available as provided by Union law, including Articles 4(3), 5(8), Article 6 and Article 19(2) of this Regulation, or by national legislation implementing Union law, shall be effective, this Regulationshall not question the protection of trade secrets as such and that the access is only granted under measures that warrant for the protection of trade secrets within the meaning of Directive (EU) 2016/943.
Amendment 343 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, anyAny reasonable compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. These costs include the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Article 8(3) shall apply accordingly.
Amendment 350 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to discriminate or hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
Amendment 360 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC or which has been unilaterally imposed by an enterprise which is the source of the data they hold shall not be binding on the latter enterprise, the data recipient or user, respectively, if it is unfair.
Amendment 372 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, anyAny reasonable compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. These costs include the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Article 8(3) shall apply accordingly.
Amendment 380 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect the applicability of Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC, including the powers and competences of supervisory authorities. Insofar as the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement the right of data portability under Article 20 of Regulation (EU) 2016/679. In the event of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data shall prevail.
Amendment 381 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.; or
Amendment 382 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2 a (new)
Article 15 – paragraph 1 – point c – point 2 a (new)
(2 a) obtaining data is necessary for official statistics purposes;
Amendment 386 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to discriminate or hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
Amendment 386 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. This Chapter shall not affect obligations laid down in Union or national law for the purposes of reporting, complying with information requests or demonstrating or verifying compliance with legal obligations including official statistics purposes.
Amendment 393 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC or which has been unilaterally imposed by an enterprise which is the source of the data they hold shall not be binding on the latter enterprise, the data recipient or user, respectively, if it is unfair.
Amendment 404 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1 a) ‘data generated by the use of a product or a related service’ means any data recorded intentionally by the user or as a by-product of the user’s action, as well as data generated or recorded without any action by the user among others in standby mode or while the product is switched off. This includes sensor-generated data, data captured by embedded applications and diagnostics data.
Amendment 407 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
Article 2 – paragraph 1 – point 1 b (new)
(1 b) ‘diagnostic data’ means data that is the product of diagnostics functions or algorithms which provide information on the correct functioning and performance of the product and potential malfunctions;
Amendment 409 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data.
Amendment 419 #
Proposal for a regulation
Article 19 – paragraph 1 – point c
Article 19 – paragraph 1 – point c
(c) destroy the data as soon as they are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed. Official statistics authorities are exempted from the latter obligation.
Amendment 425 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.; or
Amendment 426 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2 a (new)
Article 15 – paragraph 1 – point c – point 2 a (new)
(2a) obtaining data is necessary for official statistics purposes;
Amendment 428 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. This Chapter shall not affect obligations laid down in Union or national law for the purposes of reporting, complying with information requests or demonstrating or verifying compliance with legal obligations including official statistics purposes..
Amendment 431 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received. The notification should include the identity and the contact details of individuals or organisations receiving the data pursuant to paragraph 1, the purposes of data processing and the period for which the data will be stored.
Amendment 432 #
Proposal for a regulation
Article 21 – paragraph 4 a (new)
Article 21 – paragraph 4 a (new)
4 a. After receiving a notification based on art. 21 par. 4, the data holder has the right to object to transmitting or making available data that was received from him or her within 10 days.
Amendment 435 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure, in terms of factors on their service side, that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider. In particular, providers of data processing service shall remove commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 436 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days, the contractual agreement of the service, without prejudice to any financial commitments made by the customer regarding the service;
Amendment 438 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contractand made available to the customer in advance of that customer accepting terms and conditions of the service priori to signing up to the service of the provider. Without prejudice to Directive (EU) 2019/770, that contracte information to be provided to the customer and the terms and conditions of the service shall include at least the following:
Amendment 440 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly byby the customer or which is uniquely relate to theat customers own usage of the service, to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall execute and provide clear information concerning:
Amendment 441 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who: (i) has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, orto make available data generated by products or related services, or (ii) in the case of non-personal data and through control of the technical design of the product and related services, has the ability, to make available certain data;
Amendment 442 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point -1 (new)
Article 24 – paragraph 1 – point a – point -1 (new)
(-1) the estimated, fastest possible in terms of factors on the side of the provider of the data processing service from which the switching is to take place, duration of the process for the customer to transition from the data processing service,including any operational, technical or organisational steps necessary for both the service provider and the customer to undertake, in order to complete the switching process;
Amendment 443 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) assist andance with the switching process that the provider can supply including, where technically feasible, completeion of the switching process from the provider’s side;
Amendment 444 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) any risks to continuity in the provision of the respective functions or services from the provider’s side during the switching process and commitment to make every effort on provider’s side to ensure full continuity in the provision of the respective functions or services.
Amendment 445 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;
Amendment 447 #
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. Where the mandatoryprovider of the data processing service becomes aware that the estimated transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible for the provider, the provider of data processing services shall notify the customer within 714 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report justifying and indicating an alternative shortest possible transition period, which may not exceed 6 months. In accordance with paragraph 1 of this Article, full service continuity shall be ensured, where technically feasible, continue throughout the alternative transition period against reduced charges, referred to in Article 25(2) if the delay is due to factors on the side of the provider of a data processing service from which the switching is to take place.
Amendment 448 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3yrs] onwards, providers of data processing services shall not impose any charges on the customer for the switching process., unless the process is prolonged due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 449 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. From [date X]onwards, providers of data processing services shall, before the customer signs up to the service, provide clear information in the terms and conditions of the service, about the costing parameters for mandatory operations that the provider of data processing services must perform in relation to porting and switching.
Amendment 450 #
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned., unless the process is prolonged due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 452 #
Proposal for a regulation
Article 19 – paragraph 1 – point c
Article 19 – paragraph 1 – point c
(c) destroy the data as soon as they are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed. Official statistics authorities are exempted from the latter obligation.
Amendment 452 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that the customer, after switching to aprovide capabilities, adequate information, documentation, technical support and, where appropriate, tools, to perform porting and switching, allowing for functional equivalence in the use of the new service coveringof the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service.
Amendment 453 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated and where technically feasible, export all data generated directly by the customer or which is uniquely related to that customers own usage of the service, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format for the relevant service type.
Amendment 459 #
Proposal for a regulation
Article 29 – paragraph 5 a (new)
Article 29 – paragraph 5 a (new)
5 a. All switching, porting and interoperability standards or specifications, as well as implementation of all measures of this regulation, shall ensure compliance with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC,legislation on cyber security, consumer protection, product safety, trade secrets or intellectual property rights, as well as with the accessibility requirements.
Amendment 463 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data processing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which as its main feature enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature;
Amendment 464 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received. The notification should include the identity and the contact details of individuals or organisations receiving the data pursuant to paragraph 1, the purposes of data processing and the period for which the data will be stored.
Amendment 466 #
Proposal for a regulation
Article 21 – paragraph 4 a (new)
Article 21 – paragraph 4 a (new)
Amendment 469 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure, in terms of factors on their service side, that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider. In particular, providers of data processing service shall remove commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 472 #
Proposal for a regulation
Article 31 – paragraph 2 – point b
Article 31 – paragraph 2 – point b
(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected; it refers particularly to the official statistics authorities and the activity and decisions of the competent authorities designated according to paragraph 1 shall not affect their professional independence.
Amendment 475 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days, the contractual agreement of the service, without prejudice to any financial commitments made by the customer regarding the service;
Amendment 479 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20 a) official statistics means European statistics according to Regulation 223/2009 and statistics considered official according to national legislation.
Amendment 490 #
Proposal for a regulation
Article 41 – paragraph 1 – point b a (new)
Article 41 – paragraph 1 – point b a (new)
(b a) the exclusion of trade secrets in Article 4 (3) and Article 5 (8);
Amendment 495 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contractand made available to the customer in advance of that customer accepting terms and conditions of the service priori to signing up to the service of the provider. Without prejudice to Directive (EU) 2019/770, the information to be provided to the customer and the terms and conditions of the service shall include at least the following:
Amendment 498 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user, including the user with special needs.
Amendment 500 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly byby the customer or which is uniquely relate to theat customers own usage of the service, to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall execute and provide clear information concerning:
Amendment 505 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 507 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1 b. The user may grant or withdraw at any time consent for the data holder to the use of their data or to the third party nominated by the data holder
Amendment 507 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point -1 (new)
Article 24 – paragraph 1 – point a – point -1 (new)
(-1) the estimated, fastest possible in terms of factors on the side of the provider of the data processing service from which the switching is to take place, duration of the process for the customer to transition from the data processing service,including any operational, technical or organisational steps necessary for both the service provider and the customer to undertake, in order to complete the switching process;
Amendment 510 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) assist andance with the switching process that the provider can supply including, where technically feasible, complete the switching process from the provider’s side;
Amendment 515 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) any risks to continuity in the provision of the respective functions or services from the provider’s side during the switching process and commitment to make every effort on provider’s side to ensure full continuity in the provision of the respective functions or services.
Amendment 526 #
Proposal for a regulation
Article 3 – paragraph 2 – point c – point i (new)
Article 3 – paragraph 2 – point c – point i (new)
i) The data holder shall provide information on the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, which shall be described in a publicly available and consistent manner.
Amendment 527 #
Proposal for a regulation
Article 3 – paragraph 2 – point c – point ii (new)
Article 3 – paragraph 2 – point c – point ii (new)
ii) The technical means to access the data, such as Software Development Kits or application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable the development of such means of access.
Amendment 531 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;
Amendment 542 #
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. Where the mandatoryprovider of the data processing service becomes aware that the estimated transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible for the provider, the provider of data processing services shall notify the customer within 714 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report justifying and indicating an alternative shortest possible transition period, which may not exceed 6 months. In accordance with paragraph 1 of this Article, full service continuity shall be ensured, where technically feasible, continue throughout the alternative transition period against reduced charges, referred to in Article 25(2). if the delay is due to factors on the side of the provider of a data processing service from which the switching is to take place.
Amendment 549 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3yrs] onwards, providers of data processing services shall not impose any additional charges on the customer for the switching process. unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 555 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2 a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.
Amendment 556 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. From [date X]onwards, providers of data processing services shall, before the customer signs up to the service, provide clear information in the terms and conditions of the service, about the costing parameters for mandatory operations that the provider of data processing services must perform in relation to porting and switching.
Amendment 564 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. In case when filing a request via electronic channels is not possible or limited by a disability, the data holder shall enable other forms of request that are appropriate for persons with communication problems.
Amendment 566 #
Proposal for a regulation
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 568 #
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned. unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 575 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken in advance to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. The right to request the data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the rights protected under Directive (EU) 2016/943.
Amendment 578 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that the customer, after switching to aprovide capabilities, adequate information, documentation, technical support and, where appropriate, tools, to perform porting and switching allowing for functional equivalence in the use of the new service coveringof the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service.
Amendment 590 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generatedand where technically feasible, export all data generated directly by the customer or which is uniquely relate to that customers own usage of the service, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format. for the relevant service type.
Amendment 615 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1 a. The data holder may reject the request for data if access to the data is restricted by Union law or national law.
Amendment 643 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party. The right to request the data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the rights protected under Directive (EU) 2016/943.
Amendment 648 #
Proposal for a regulation
Article 29 – paragraph 5 a (new)
Article 29 – paragraph 5 a (new)
5 a. All switching, porting and interoperability standards or specifications, as well as implementation of all measures of this regulation, shall ensure compliance with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC,legislation on cyber security, consumer protection, product safety, trade secrets or intellectual property rights, as well as with the accessibility requirements.
Amendment 651 #
Proposal for a regulation
Article 31 – paragraph 2 – point b
Article 31 – paragraph 2 – point b
(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected;. It refers particularly to the official statistics authorities and the activity and decisions of the competent authorities designated according to paragraph 1shall not affect their professional independence.
Amendment 692 #
Proposal for a regulation
Article 8 – paragraph 6
Article 8 – paragraph 6
6. Unless otherwise provided by Union law, including Article 6 of this Regulation, or by national legislation implementing Union law, an obligation to make data available to a data recipient shall not oblige the disclosureWhile the obligation to make data available as provided by Union law, including Articles 4(3), 5(8), Article 6 and Article 19(2) of this Regulation, or by national legislation implementing Union law, shall be effective, this Regulation shall not question the protection of trade secrets as such and that the access is only granted under measures that warrant for the protection of trade secrets within the meaning of Directive (EU) 2016/943.
Amendment 706 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, anyAny reasonable compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. These costs include the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Article 8(3) shall apply accordingly.
Amendment 725 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to discriminate or hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
Amendment 739 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC or which has been unilaterally imposed by an enterprise which is the source of the data they hold shall not be binding on the latter enterprise, the data recipient or user, respectively, if it is unfair.
Amendment 794 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.; or
Amendment 795 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2 a (new)
Article 15 – paragraph 1 – point c – point 2 a (new)
(2 a) obtaining data is necessary for official statistics purposes;
Amendment 801 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. This Chapter shall not affect obligations laid down in Union or national law for the purposes of reporting, complying with information requests or demonstrating or verifying compliance with legal obligations including official statistics purposes.
Amendment 884 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data.
Amendment 905 #
Proposal for a regulation
Article 19 – paragraph 1 – point c
Article 19 – paragraph 1 – point c
(c) destroy the data as soon as they are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed. Official statistics authorities are exempted from the latter obligation.
Amendment 945 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received. The notification should include the identity and the contact details of individuals or organisations receiving the data pursuant to paragraph 1, the purposes of data processing and the period for which the data will be stored.
Amendment 946 #
Proposal for a regulation
Article 21 – paragraph 4 a (new)
Article 21 – paragraph 4 a (new)
4 a. After receiving a notification based on Article 21(4), the data holder has the right to object to transmitting or making available data that was received from him or her within 10 days.
Amendment 953 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure, in terms of factors on their service side, that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider. In particular, providers of data processing service shall remove commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 958 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days, the contractual agreement of the service, without prejudice to any financial commitments made by the customer regarding the service;
Amendment 962 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contractand made available to the customer in advance of that customer accepting terms and conditions of the service priori to signing up to the service of the provider. Without prejudice to Directive (EU) 2019/770, that contracte information to be provided to the customer and the terms and conditions of the service shall include at least the following:
Amendment 963 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly byby the customer or which is uniquely relate to theat customers own usage of the service, to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall execute and provide clear information concerning:
Amendment 966 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point -1 (new)
Article 24 – paragraph 1 – point a – point -1 (new)
(-1) the estimated, fastest possible in terms of factors on the side of the provider of the data processing service from which the switching is to take place, duration of the process for the customer to transition from the data processing service, including any operational, technical or organisational steps necessary for both the service provider and the customer to undertake, in order to complete the switching process;
Amendment 968 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) assist andance with the switching process that the provider can supply including, where technically feasible, completeion of the switching process from the provider’s side;
Amendment 970 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) any risks to continuity in the provision of the respective functions or services from the provider’s side during the switching process and commitment to make every effort on provider’s side to ensure full continuity in the provision of the respective functions or services.
Amendment 975 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;
Amendment 981 #
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. Where the mandatoryprovider of the data processing service becomes aware that the estimated transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible for the provider, the provider of data processing services shall notify the customer within 714 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report justifying and indicating an alternative shortest possible transition period, which may not exceed 6 months. In accordance with paragraph 1 of this Article, full service continuity shall be ensured, where technically feasible, continue throughout the alternative transition period against reduced charges, referred to in Article 25(2) if the delay is due to factors on the side of the provider of a data processing service from which the switching is to take place.
Amendment 982 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3yrs] onwards, providers of data processing services shall not impose any additional charges on the customer for the switching process., unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 984 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. From [date X] onwards, providers of data processing services shall, before the customer signs up to the service, provide clear information in the terms and conditions of the service, about the costing parameters for mandatory operations that the provider of data processing services must perform in relation to porting and switching.
Amendment 988 #
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned. unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;
Amendment 992 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that the customer, after switching to aprovide capabilities, adequate information, documentation, technical support and, where appropriate, tools, to perform porting and switching, allowing for functional equivalence in the use of the new service coveringof the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service.
Amendment 998 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated and where technically feasible, export all data generated directly by the customer or which is uniquely relate to that customers own usage of the service, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format for the relevant service type.
Amendment 1066 #
Proposal for a regulation
Article 29 – paragraph 5 a (new)
Article 29 – paragraph 5 a (new)
5 a. All switching, porting and interoperability standards or specifications, as well as implementation of all measures of this regulation, shall ensure compliance with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC, legislation on cyber security, consumer protection, product safety, trade secrets or intellectual property rights, as well as with the accessibility requirements.
Amendment 1099 #
Proposal for a regulation
Article 31 – paragraph 2 – point b
Article 31 – paragraph 2 – point b
(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected; It refers particularly to the official statistics authorities and the activity and decisions of the competent authorities designated according to paragraph 1 shall not affect their professional independence.
Amendment 1151 #
Proposal for a regulation
Article 41 – paragraph 1 – point b a (new)
Article 41 – paragraph 1 – point b a (new)
(b a) the exclusion of trade secrets in Article 4(3) and Article 5(8);