214 Amendments of Damian BOESELAGER related to 2022/0047(COD)
Amendment 100 #
Proposal for a regulation
Recital 2
Recital 2
(2) Barriers to data sharing prevent an optimal allocation of data to the benefit of society. These barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, the economic value of data sets, the costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and abuse of contractual imbalances with regards to data access and use.
Amendment 101 #
Proposal for a regulation
Recital 3
Recital 3
(3) In particular in sectors characterised by the presence of micro, small and medium-sized enterprises, there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds it in the system or due to a lack of interoperability between data, between data services or across borders.
Amendment 102 #
Proposal for a regulation
Recital 4
Recital 4
(4) In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or is entitled to access the data transmitted by connected products or generated during the provision of related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.
Amendment 106 #
Proposal for a regulation
Recital 5
Recital 5
(5) This Regulation ensures that users of a productmanufacturers of connected products and providers of related services must design the products and services in a way that users of a connected products or related services in the Union can always access, in a timely manner, the data generatransmitted by the use of that product orat connected product or generated during the provision of a related service and that those users can use the data for any lawful purpose, including by sharing ithem with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders, in cases where users cannot access such data directly, data holders make available to the user, upon request, any data transmitted to them by a connected product or data generated during the provision of a related service. It also imposes the obligations on data holders to make data available to data recipients, at the request of the user, in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensu. This Regulation also ensures that, where there is an exceptional need and where certain safeguards are being adheresd thato, data holders should make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder or data recipients to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services. transmitted by a connected product or generated during the provision of a related service. Instead, it recognizes that, based on operational, economic, security or other considerations, users may agree to grant access and use permissions over data transmitted by connected products or generated during the provision of related services to data holders, which may often be manufacturers, and which may contractually agree with the user to perform one or more related services, including the storage, management and curation of data transmitted by the connected product.
Amendment 111 #
Proposal for a regulation
Recital 6
Recital 6
(6) Data generation is a function of the rdesult of the actions of at least two actors, the designer or manufacturign of a connected product, in particular the inclusion of sensors and processing software within the device, of the actions of the user and, depending on the operating modalities, of the provision of one or more related service. In addition, many connected products, for example in the civil infrastructure, energy generation or transport sectors are recording data about their environment or interaction with other elements of that infrastructure without any actions by the user ofr a product andny third party. Such data may often be non-personal in nature and valuable for the user ofr that product. Itird parties, which can use it to improve their operations, the overall functioning of a network or system or by making it available to create new products or services. This gives rise to questions of fairness in the digital economy, because the data recordgenerated and transmitted by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival goodfor the user, as well as for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use.
Amendment 120 #
Proposal for a regulation
Recital 9 a (new)
Recital 9 a (new)
(9 a) This Regulation acknowledges that in some situations a user can benefit from the legal protection of consumer law, but by acting in a non-professional capacity a natural person should also benefit from the protections offered by the rules on fairness in data sharing contracts applicable to enterprises. A typical example would be the prosumers, who as natural persons do acquire equipment under the consumer protection framework but use it to generate electricity and sell excess back to the grid operator without being in the framework of a trade, business, craft or profession, thus generating non-personal data that should be opened for sharing under fair terms. To that regard, when acting under another role than consumer, users that are natural persons should benefit from the opportunities and legal certainty offered to enterprises.
Amendment 121 #
Proposal for a regulation
Recital 11
Recital 11
Amendment 126 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their design and components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehiclesSuch connected products are found in all aspects of the economy and society, including in private, civil or commercial infrastructure, vehicles, ships, aircraft, home equipment and consumer goods, medical and health devices, or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scop or energy production and transmission facilities. Transmissible data obtained, generated or collected by a connected product should always be accessible to the owner of the product, or a third party to whom the owner of the product has transferred certain rights to the product based on a rental or lease contract. The owner or such third party shall be referred to as the user for the purpose of this Rregulation. Such data are potentiallThese access rights shall in no way valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in questionter or interfere with the fundamental rights of data subjects, who may be interacting with connected product, to personal data generated by the product. Manufacturers' design choices, the users’ demands and, where relevant, sectoral legislation to address sector-specific needs and objectives determine which data is transmissible from the connected product.
Amendment 135 #
Proposal for a regulation
Recital 15
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phonontent, or data obtained, generated or collected by the connected product or transmitted to it for the purpose of storage or processing on behalf of third parties, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital mapsongst others for the use by an online service should not be covered by this Regulation.
Amendment 141 #
Proposal for a regulation
Recital 16
Recital 16
(16) It is also necessary to lay down rules applying to connected products that incorporate or are interconnected with a service in such a way that the absence of the service would prevent theproviders of related services that are interconnected with a connected product and that are necessary in order for the connected product fromto performing its functions. Such related services can be part of the sale, rent or lease agreement, or such one or more of its functions and which involve the transfer of data between the connected product and the provider the related services. Where a provider of related services receives data from a connected product or has access to data generated during the provision of the related services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnectednd has the right to use this non-personal data, in accordance with Article 4(6), it should be considered a data holder. The provision of related services may themselves generate data of value to the user independently of the data collection capabilities of the product. Such data may represent the digitalisation of user actions and events and should accordingly be accessible to the user. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, including particular through facilitating the maintenance and repair of the products in question or the development of products or services. Information derived or inferred from this data by the data holder or another third party after it has been transmitted from the connected product, should not be considered within scope of this Regulation. This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the provision of a related service is necessary to maintain the functional operation of the connected product, supply of service forms part of the sale, rent or lease contract, this Regulation should apply.
Amendment 149 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include alsotransmitted by a connected product or generated during the provision of a related service include data obtained, recorded or otherwise generated by the product according to the users intentions and data generated as a by- product of the user’s action, such as diagnostics data, and data generated without any action by the user, such asin particular data about the connected product’s environment or interactions, including when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. and be compiled in a comprehensible, structured, commonly used and machine-readable format and including the relevant metadata, but not pertain to data that is demonstrated to be subject to intellectual property rights. The description about what data is transmissible by the connected product may refer to the specific data, where relevant, that is subject to intellectual property rights. Where data is transferred in an encrypted format, the user should be provided with all necessary means to decrypt such data and make it accessible.
Amendment 153 #
Proposal for a regulation
Recital 18
Recital 18
(18) The user of a connected product should be understood as the legal or natural person, such as a business or consumer, which has purchased, rented or leased the product. Depending on the legal title under which he uses it, sacquired the connected product or receives related services, or to whom the owner of the connected product has transferred, on the basis of a rental or lease agreement, temporary rights to use the connected product or receive related services. Such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generatransmitted by that connected product and generated by the provision of any related service.
Amendment 160 #
Proposal for a regulation
Recital 19
Recital 19
(19) In practice, not all data generated by products ortransmitted by connected products or generated during the provision of related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet of Things. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers, who are often simultaneously data holders, are currently often able to determine, through their control of the technical design of the product orconnected product or the terms of the related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that connected products are designed and manufactured and related services are provided in such a manner that data generated by their usethat is transmissible by them to others are always easily accessible to the user.
Amendment 167 #
Proposal for a regulation
Recital 20
Recital 20
(20) In case several persons or entities own a connected product or are party to a lease or rent agreement and benefit from access to a related service, reasonableall necessary efforts should be made in the design of the connected product or related service or the relevant interface so that all persons can have access to data they generate. Users of connected products that generate data typicallmay require a user account to be set up. This allows for identification of the user by the manufacturerparty managing the data transmission, storage and processing, as well as a means to communicate to exercise and process data access requests to the user. Manufacturers or designers of a connected product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that dany data holder. Data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the connected product or related service, the manufacturerparty managing the data transmission, storage and processing should inform the user how the data may be accessed.
Amendment 171 #
Proposal for a regulation
Recital 21
Recital 21
(21) PConnected products may be designed to make certain data directly available fromby means of an on- device data access or storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third partydata collected, obtained or otherwise generated by the connected product are transmitted to. Such server may be based on the user’s own local server capacity or that of a data holder, a third party, including the manufacturer or vendor, or a cloud service provider, who functions as data holder. Theymay be considered a data holder, if the receipt, storage, processing or sharing of data transmitted by the connected product are important to the operation of such product. Such servers may be designed to permit the user or a third partydata recipient to process the data on the connected product or on a computing instance of the manufacturera third party.
Amendment 174 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer and professional environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a connected product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulationconnected product.
Amendment 182 #
Proposal for a regulation
Recital 24
Recital 24
(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holders should be a controllers under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the userdata subject’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holders to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holders to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that casetransmitted to it from the connected generated by the use of a product or generated during the provision of a related service. Instead, the basis for the manufactura data holder to use non-personal data transmitted to it should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or leasdata holder, in its role as a provider of related services, and the user. Where the manufacturer or vendor of the connected product is also a provider of related services, this agreement may combined with the sale agreement relating to the connected product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service sagreement between the user and a data holder shall clearly and comprehensively address the nature and access modalities of data transmitted from the connected product to the data holder or generated during the provision of the related services, as well as the duration of the agreement and modalities to terminate the agreement prematurely. Where a data hould be transparent to the user, including as regards the purpose for which the data holder intends to use the dataer intends to share data with third parties for the fulfilment of its contractual obligations, it shall inform the user of the nature and volume of the shared data and, where relevant, contractually bind the third party not to use the data for any other purpose. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by thea data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by thea data holder on well- defined public policy grounds.
Amendment 186 #
Proposal for a regulation
Recital 24 a (new)
Recital 24 a (new)
Amendment 187 #
Proposal for a regulation
Recital 25
Recital 25
(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturersor providers of related services available to users, the ability of users to bargain for access to data transferred by the connected product or generated during the provision of related services is limited due to the bargaining power of the manufacturer or provider of related service. In such circumstances, contractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or providers of related services, making it difficult for users to obtain value from the data generated by the equipment they purchase or leaseown. Consequently, there is limited potential for innovative smaller businesses to offer data- based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should Furtherefmore build on recent developments in specific secto, data holders, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use ofhould not use any data transmitted to them from the connected product or generated during the productvision orf related services in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This wcould, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options, where possible (such as “allow once” or “allow while using this app or service”), including the option to withdraw permission.
Amendment 193 #
Proposal for a regulation
Recital 26
Recital 26
(26) In contracts between a data holder and a consumer as a user of a connected product or related service generating data, Directive 93/13/EEC applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises
Amendment 196 #
Proposal for a regulation
Recital 27
Recital 27
(27) The dData holders may require appropriate user or device identification to verify the user’s entitlement to access the data. In the case of personal data processed by a processor on behalf of the controller, the data holder should ensure that the access request is received and handled by the processor.
Amendment 198 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third partydata recipient offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should ensure that the data made available to the third partydata recipient is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of theconnected product or relatedthe provision of related functional services. Any trade secrets or intellectual property rights should be respected in handling the data. It is important to preserve incentives to invest in products wiThe user should also be able to make available data transmitted from the connected product or generated during the provision of related services to data users through the use of data intermediation services, data altruism organisations or arm's length transactions, which may or may not involve remuneration or other economic arrangements. Data intermediation services, as defined in the [DGA] can fulfil a variety of purposes in the functionalities based on theacilitating of data sharing, including acting as an agent to connect use ofrs, data from sensors built into that productrecipients and third parties seeking to access data or act as a data recipient in the form of a data market or exchange. Intellectual property rights should be respected when handling the data. The aim of this Regulation should accordingly be understood as to fostering the development of new, innovative connected products or related services, stimulateing innovation on aftermarkets, but also stimulateas enabling the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing productliquid and efficient markets on which non-personal data can be exchanged, for entirely novel purposes unrelated to the originating connected product or related service.
Amendment 208 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third partydata recipient to whom data is made available may be an natural or legal person, enterprise, a research organisation or, a not-for-profit organisation or an intermediary, including data intermediation services or data altruism organisations as defined in Regulation [XX…DGA]. In making the data available to the third party, thea data recipient, a data holder should not abuse its position to seek a competitive advantage in markets where the data holder and third partydata recipient may be in direct competition. The dData holders should not therefore use any data generatransmitted by the use of theconnected product or related service in order to derive insights about the economic situation of the third partydata recipient or its assets or production methods or the use in any other way that could undermine the commercial position of the third party on the markets it is active ondata recipient on the markets it is active on. Upon the agreement of the user, data recipients should be able to transfer the data access rights granted by the user to third parties, including in exchange for compensation. Data holders shall make available data to this third party on the same terms as to the initial data recipient.
Amendment 212 #
Proposal for a regulation
Recital 30
Recital 30
(30) The use of a product or related service may, in particular when the user is a natural person, generate data that relates to an identified or identifiable natural person (the data subject). Processing of such data is subject to the rules established under Regulation (EU) 2016/679, including where personal and non-personal data in a data set are inextricably linked64 . The data subject may be the user or another natural person. Personal data may only be requested by a controller or a data subject. A user who is the data subject is under certain circumstances entitled under Regulation (EU) 2016/679 to access personal data concerning them, and such rights are unaffected by this Regulation. Under this Regulation, the user who is a natural person is further entitled to access all data transmitted by the connected product or generated byduring the productvision of related services, personal and non- personal. Where the user is not the data subject but an enterprise, including a sole trader, and not in cases of shared household use of the product, the user will be a controller within the meaning of Regulation (EU) 2016/679. Accordingly, such a user as controller intending to request personal data generated by the use of a product or related service is required to have a legal basis for processing the data under Article 6(1) of Regulation (EU) 2016/679, such as the consent of the data subject or legitimate interest. This user should ensure that the data subject is appropriately informed of the specified, explicit and legitimate purposes for processing those data, and how the data subject may effectively exercise their rights. Where the data holder and the user are joint controllers within the meaning of Article 26 of Regulation (EU) 2016/679, they are required to determine, in a transparent manner by means of an arrangement between them, their respective responsibilities for compliance with that Regulation. It should be understood that such a user, once data has been made available, may in turn become a data holder, if they meet the criteria under this Regulation and thus become subject to the obligations to make data available under this Regulation. _________________ 64 OJ L 303, 28.11.2018, p. 59–68.
Amendment 214 #
Proposal for a regulation
Recital 31
Recital 31
(31) Data generated by the use of a producttransmitted by a connected product or generated during the provision orf related services should only be made available to a third party at the request of the user. This Regulation accordingly complements the right provided under Article 20 of Regulation (EU) 2016/679. That Article provides for a right of data subjects to receive personal data concerning them in a structured, commonly used and machine-readable format, and to port those data to other controllers, where those data are processed on the basis of Article 6(1), point (a), or Article 9(2), point (a), or of a contract pursuant to Article 6(1), point (b). Data subjects also have the right to have the personal data transmitted directly from one controller to another, but only where technically feasible. Article 20 specifies that it pertains to data provided by the data subject but does not specify whether this necessitates active behaviour on the side of the data subject or whether it also applies to situations where a product or related service by its design observes the behaviour of a data subject or other information in relation to a data subject in a passive manner. The right under this Regulation complements the right to receive and port personal data under Article 20 of Regulation (EU) 2016/679 in several ways. It grants users the right to access and make available to a third party to any data generated by the use of a product ordata recipient to any data transmitted by a connected product or generated during the provision of a related service, irrespective of its nature as personal data, of the distinction between actively provided, extrapolated or passively observed data, and irrespective of the legal basis of processing. Unlike the technical obligations provided for in Article 20 of Regulation (EU) 2016/679, this Regulation mandates and ensures the technical feasibility of third party access for all types of data coming within its scope, whether personal or non-personal. It also allows the data holders to set reasonable compensation to be met by third partiedata recipients, but not by the user, fornot exceeding the any cost incurred in providing direct access to the data generated by the user’s connected product. If a data holder and third party are unable to agree terms for such direct access, the data subject should be in no way prevented from exercising the rights contained in Regulation (EU) 2016/679, including the right to data portability, by seeking remedies in accordance with that Regulation. It is to be understood in this context that, in accordance with Regulation (EU) 2016/679, a contractual agreement does not allow for the processing of special categories of personal data by the data holder or the third party.
Amendment 218 #
Proposal for a regulation
Recital 32
Recital 32
(32) Access to any data stored in and accessed from terminal equipment is subject to Directive 2002/58/EC and requires the consent of the subscriber or user within the meaning of that Directive unless it is strictly necessary for the provision of an information society service explicitly requested by the user or subscriber (or for the sole purpose of the transmission of a communication). Directive 2002/58/EC (‘ePrivacy Directive’) (and the proposed ePrivacy Regulation) protect the integrity of the user's terminal equipment as regards the use of processing and storage capabilities and the collection of information. Internet of Things equipment is considered terminal equipment if it is directly or indirectly connected to a public communications network.
Amendment 219 #
Proposal for a regulation
Recital 33
Recital 33
(33) IAs far is personal data is concerned, in order to prevent the exploitation of users, third partie of connected products who are natural persons, data recipients to whom data has been made available upon request of the user should only process the data for the purposes agreed with the user and share it with another third party only if this is necessary to provide the service requested by the user, or explicitly agreed with the user.
Amendment 222 #
Proposal for a regulation
Recital 34
Recital 34
(34) IAs far as personal data is concerned, in line with the data minimisation principle, the third partydata recipient should only access additional information that is necessary for the provision of the service requested by the user. Having received access to data, the third partydata recipient should process it exclusivelyonly in accordance with for the purposes agreed with the user, without interference from thea data holder. It should be as easy for the user to refuse or discontinue access by the third partydata recipient to the data as it is for the user to authorise access. The third partydata recipient should not coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision- making or choices of the user of the connected product, including by means of a digital interface with the user. iIn this context, third partiesdata recipient should not rely on so- called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for themthey would not otherwise have taken. These manipulative techniques can be used to persuade users of connected products and related services, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive usersthem by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision- making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and choice. Common and legitimate commercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. Third parties should comply with their obligations under relevant Union law, in particular the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.
Amendment 225 #
Proposal for a regulation
Recital 35
Recital 35
(35) The third partyData holders and data recipients should also refrain from using the data to profile individuals unless these processing activities are strictly necessary to providefor the functioning of the service requested by the user. The requirement to delete personal data when no longer required for the purpose agreed with the user of the connected product complements the right to erasure of the data subject pursuant to Article 17 of Regulation 2016/679. Where the third party isdata recipient a provider of a data intermediation service within the meaning of [Data Governance Act], the safeguards for the data subject provided for by that Regulation apply. The third party may use the data to develop a new and innovative product or related service but not to develop a competing product.
Amendment 229 #
Proposal for a regulation
Recital 36
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumeamounts of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data a specific regime should apply to sharing data with these companies. This means that an undertaking providing core platform services that has been designated as a gatekeeper shoulders made subject to such obligations, to include such gatekeep not solicit, coerce or manipulate users into sharing data with them, and in particular, should use its customer access, bargaining power uandertakings as beneficiaries of the data access right. This means that an undertaking providing core platf information across multiple products or service markets. It should therefore not make the commercial terms, including pricing, of any products orm services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a product or relatedoffered to the user conditional or otherwise commercially dependent upon whether, or to which degree, the user agrees to make available data, transmitted from the connected object or generated during the provision of related services, to the undertaking providing platform services or by a virtual assistant based on the provisions of Chapter II of this Regulationany of its affiliates. As an example, it should not offer the user a reduction in price or additional services in one digital service, in return for the user making available data in context of the same, or another service. An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub- contract the service provision to a gatekeeper. However, this does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation does not prevent these companies from obtaining data through other lawful means.
Amendment 233 #
Proposal for a regulation
Recital 37
Recital 37
(37) Given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterpriseIt is overly burdensome for micro and small enterprises to follow the obligations for data holders with respect to making available data to data recipients. That is not the case, however, where a micro or small enterprise is sub- contracted to manufacture or design a productconnected product or provide a related service. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the other requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services.
Amendment 238 #
Proposal for a regulation
Recital 38
Recital 38
(38) This Regulation contains general access rules, whenever a data holder is obliged by law to make data available to a data recipient. Such access should be based on fair, reasonable, non-discriminatory and transparent conditions to ensure consistency of data sharing practices in the internal market, including across sectors, and to encourage and promote fair data sharing practices even in areas where no such right to data access is provided. These general access rules do not apply to obligations to make data available under Regulation (EU) 2016/679. Voluntary data sharing remains unaffected by these rules.
Amendment 241 #
Proposal for a regulation
Recital 39
Recital 39
(39) Based on the principle of contractual freedom, the parties should remain free to negotiate the precise conditions for making data available in their contracts, within the framework of the general access rules for making data availablelaid out in this Regulation and the [DGA].
Amendment 243 #
Proposal for a regulation
Recital 40
Recital 40
Amendment 244 #
Proposal for a regulation
Recital 41
Recital 41
(41) In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the responsibility of data holders to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or provides different compensation, if those differences are justified by objective reasonsa contractual term is not discriminatory. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 248 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation in line with the costs incurred when legally obliged to make data available to thea data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium- sized enterprises, for the costs incurred and investment required for making the data available.
Amendment 257 #
Proposal for a regulation
Recital 44
Recital 44
Amendment 260 #
Proposal for a regulation
Recital 45
Recital 45
(45) Direct costs for making data available are the costs necessary for data reproduction, dissemination via electronic means and storage but not of data collection or production. Direct costs for making data available should be limited to the share attributable to the individual requests, taking into account that the necessary technical interfaces or related software and connectivity will have to be set up permanently by the data holder. Long-term arrangements between data holders and data recipients, with the explicit permission of the user, for instance via a subscription model, could reduce the costs linked to making the data available in regular or repetitive transactions in a business relationship.
Amendment 262 #
Proposal for a regulation
Recital 46
Recital 46
Amendment 263 #
Proposal for a regulation
Recital 47
Recital 47
(47) Transparency is an important principle to ensure that the compensation requested by thea data holder is reasonable, or, in case the data recipient is a micro, small or medium-sized enterprise, that the compensation does not exceed the costs directly related to making the data available to thea data recipient and is attributable to the individual request. In order to put the data recipient in the position to assess and verify that the compensation complies with the requirements under this Regulation, the data holder should provide to the data recipient the information for the calculation of the compensation with a sufficient degree of detail.
Amendment 265 #
Proposal for a regulation
Recital 48
Recital 48
(48) Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing. In cases where parties cannot agree on fair, reasonable and non-discriminatory terms of making data available, dispute settlement bodies should offer a simple, fast and low- cost solution to the parties. The availability of a dispute body should not, however, prevent a data recipient to seek legal action to enforce a provider of related functional service’s obligation to make data available to the data recipient at the user of the connected product’s request.
Amendment 270 #
Proposal for a regulation
Recital 51
Recital 51
(51) Where one party is in a stronger bargaining position, there is a risk that that party could leverage such position to the detriment of the other contracting party when negotiating access to data and make access to data commercially less viable and sometimes economically prohibitive. Such contractual imbalances particularly harm micro, small and medium-sized enterprises without a meaningful ability to negotiate the conditions for access to data, who may have no other choice than to accept ‘take- it-or-leave-it’ contractual terms. Therefore, unfair contract terms regulating the access to and use of data or the liability and remedies for the breach or the termination of data related obligations should not be binding on micro, small or medium-sized enterprises when they have been unilaterally imposed on them.
Amendment 273 #
Proposal for a regulation
Recital 52
Recital 52
(52) Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed on micro, small and medium-sized enterprises. This concernsHowever in some ‘take-it-or- leave-it’ situations where one party supplies a certain contractual term and the micro, small or medium-sized enterpriseother party cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party and accepted by the micro, small or medium-sized enterpriseother party or a term that is negotiated and subsequently agreed in an amended way between contracting parties should not be considered as unilaterally imposed.
Amendment 277 #
Proposal for a regulation
Recital 53
Recital 53
(53) Furthermore, the rules on unfair contractual terms should only apply to those elements of a contract that are related to making data available or supressing data access, that is contractual terms concerning the access to and use of data as well as liability or remedies for breach and termination of data related obligations. Other parts of the same contract, unrelated to making data available or supressing data access, should not be subject to the unfairness test laid down in this Regulation.
Amendment 279 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary forarising from an imminent public emergency or from a situation where the public sector bodiesy or Union institutions, agenciesy or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-fundy is acting on the basis of EU, or Member State law and has identified a specific data set, which is unavailable to it and which is demonstrably necessary to fulfil a specific task in the public interest that has been explicitly provided by law, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data, which an enterprise is currently collecting or has previously obtained, collected or otherwise generated and which it retains at the time of the request, to respond to the situation of exceptional need. Research- performing organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 288 #
Proposal for a regulation
Recital 57
Recital 57
(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data willmay outweigh the interests of the data holders to dispose freely of thesome specific data they hold. In such a case, data holders shouldand subject to conditions and other safeguards set out in this Regulation or other EU or Member State regulation, data holders may be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations.
Amendment 295 #
Proposal for a regulation
Recital 58
Recital 58
(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body, acting on the basis of EU or Member State law, should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to and the legal basis for requiring the access to that data. Such exceptional need may include the timely compilation of official statistics when data is not otherwise available or when the burdand necessary for the fulfilment on statistical respondents will be considerably reducedf a specific task in the public interest. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation. Data holders should inform users of connected products if their data access and use rights are affected by the request by the public sector body or the Union institution, agency or body.
Amendment 299 #
Proposal for a regulation
Recital 59
Recital 59
(59) This Regulation should not apply to, nor pre-empt, existing mandatory or any existing or future voluntary arrangements for the exchange of data between private and public entities. Obligations placed on data holders to provide data that are motivated by needs of a non-exceptional nature, notably where the range of data and of data holders is known and where data use can take place on a regular basis, as in the case of reporting obligations and internal market obligations, should not be affected by this Regulation. Requirements to access data to verify compliance with applicable rules, including in cases where public sector bodies assign the task of the verification of compliance to entities other than public sector bodies, should also not be affected by this Regulation.
Amendment 306 #
Proposal for a regulation
Recital 61
Recital 61
(61) A proportionate, limited and predictable framework at Union level is necessaryshould complement EU or Member State law for the making available of data by data holders, in cases of exceptional needs, to public sector bodies and to Union institutions, agencies or bodies both to ensure legal certainty and to minimise the administrative burdens placed on businesses. To this end, data requests by public sector bodies and by Union institutions, agencies and bodies to data holders should be based on EU or Member State law, specific, transparent and proportionate in terms of their scope of content and their granularity. The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to perform its tasks in the public interest. The request should also respect the legitimate interests of the businesses to whom the request is made. The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or Union institution, agency or body where those data are needed to respond to a public emergency. To ensure transparency, data requests including secondary requests for access to the data under the once-only principle, made by public sector bodies, and by Union institutions, agencies or bodies should be made public without undue delay by the entity requesting the data and online public availability of all requests justified by a public emergency should be ensured.
Amendment 308 #
Proposal for a regulation
Recital 62
Recital 62
(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks in the public interest explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Regulation [DGA], as well as Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. PWhere permitted by EU or Member State law, public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56), as long as the data holder is informed in a timely manner and all bodies respect the same rules on transparency as the original requester of the data.
Amendment 310 #
Proposal for a regulation
Recital 62 a (new)
Recital 62 a (new)
(62 a) A public sector body, Union institution, agency, body or undertaking, or a third party receiving data under this Chapter should take all necessary measures to avoid that public undertakings, enterprises connected with the public sector body, Union institution, agency, body or undertaking, or any third party receiving data can use the data to improve its competitive position vis-à-vis the data holder, or, where relevant, the user, or enter a market in which the data holder, or, where relevant, the user, is present.
Amendment 313 #
(63) Data holders should have the possibility to either ask for a modification of the request made by a public sector body or Union institution, agency and body or its cancellation in a period of 510 or 1520 working days depending on the nature of the exceptional need invoked in the request. In case of requests motivated by a public emergency, justified reason not to make the data available should exist if it can be shown that the request is similar or identical to a previously submitted request for the same purpose by another public sector body or by another Union institution, agency or body or if the data holder is not currently collecting or has not previously collected, obtained or otherwise generated the requested data and does not retain it at the time of the request. A data holder rejecting the request or seeking its modification should communicate the underlying justification for refusing the request to the public sector body or to the Union institution, agency or body requesting the data. In case the sui generis database rights under Directive 96/6/EC of the European Parliament and of the Council66 apply in relation to the requested datasets, data holders should exercise their rights in a way that does not prevent the public sector body and Union institutions, agencies or bodies from obtaining the data, or from sharing it, in accordance with this Regulation. _________________ 66 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).
Amendment 314 #
Proposal for a regulation
Recital 64
Recital 64
Amendment 317 #
Proposal for a regulation
Recital 65
Recital 65
(65) Data made available to public sector bodies and to Union institutions, agencies and bodies on the basis of exceptional need should only be used for the purpose for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes. The data should be destroyed once it is no longer necessary for the purpose stated in the request, unless agreed otherwise, and the data holder should be informed thereof. Public sector bodies and to Union institutions, agencies and bodies should ensure, including through the application of proportionate security measures, where applicable in accordance with Union and national law, that any protected nature of data is preserved and unauthorised access is avoided.
Amendment 324 #
Proposal for a regulation
Recital 67
Recital 67
(67) When the safeguarding of a significant public good is at stake, such as is the case of responding to public emergencies, the public sector body or the Union institution, agency or body should not be expected to compensate enterprises for the data obtained as long as the request is limited in time and scope, proportionate to the state of the public emergency. Public emergencies are rare events and not all such emergencies require the use of data held by enterprises. The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies or Union institutions, agencies or bodies having recourse to this Regulation. However, as cases of an exceptional need other than responding to a public emergency might be more frequent, including cases of prevention of or recovery from a public emergency, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in comply. This regulation should not affect existing EU or Member State arrangements ing with the request and the reasonable margin required for making the data available to thehich data is shared free of charge, or prevent public sector body or to theies, Union institutions, agencyies or body. The compensation sies, and data hould not be understood as constituting payment for the data itself and as being compulsoryers from entering into voluntary data sharing agreements free of charge.
Amendment 327 #
Proposal for a regulation
Recital 68
Recital 68
(68) The public sector body or Union institution, agency or body may share the data it has obtained pursuant to the request with other entities or persons when this is needed to carry out scientific research activities or analytical activities it cannot perform itself, providing that those activities are strictly necessary to respond to the emergency need. It shall inform the data holder of such sharing in a timely manner. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the compilation of official statistics. Such research activities should however b where they are compatible with the purpose for which the data was requested and the data holder should be informed about the further sharing of the data it had provided. Individuals conducting research or research organisations with whom these data may be shared should act either on a not-for- profit basis or in the context of a public- interest mission recognised by the State. Organisations upon which public or commercial undertakings have a decisivesignificant influence allowing such undertakings to exercise control because of structural situations, which could result in preferential access to the results of the research, should not be considered research organisations for the purposes of this Regulation.
Amendment 333 #
Proposal for a regulation
Recital 76
Recital 76
(76) Open interoperability specifications and standards developed in accordance with paragraph 3 and 4 of Annex II of Regulation (EU) 1025/201221 in the field of interoperability and portability enable a seamless multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy. AsWhere market- driven processes havedo not demonstrated the capacity tosuccessfully establish technical specifications or standards that facilitate effective cloud interoperability at the PaaS (platform-as-a- service) and SaaS (software-as-a-service) levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards, particularly for service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications. The Commission, by way of delegated acts, can mandate the usThe Commission should be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of European standards for interoperability or open interoperability specifications for specific service types through a reference in a central Union standards repository for the interoperability of data processing services. European standards and open interoperability specifications will only be referenced if in compliance with the criteria specified in this Regulation, which have the same meaning as the requirements in paragraphs 3 and 4 of Annex II of Regulation (EU) No 1025/2021 and the interoperability facets defined under the ISO/IEC 19941:2017the interoperability of data processing services in central Union standards repository for the interoperability of data processing services, where these satisfy the criteria specified in this Regulation, notably to be developed on the basis of open decision-making accessible to all interested parties in the market, or markets affected by those technical specifications.
Amendment 334 #
Proposal for a regulation
Recital 77
Recital 77
(77) Third countries may adopt laws, regulations and other legal acts that aim at directly transferring or providing governmental access to non-personal data located outside their borders, including in the Union. Judgments of courts or tribunals or decisions of other judicial or administrative authorities, including law enforcement authorities in third countries requiring such transfer or access to non- personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. In other cases, situations may arise where a request to transfer or provide access to non- personal data arising from a third country law conflicts with an obligation to protect such data under Union law or national law, in particular as regards the protection of fundamental rights of the individual, such as the right to security and the right to effective remedy, or the fundamental interests of a Member State related to national security or defence, as well as the protection of commercially sensitive data, including the protection of trade secrets, and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law. In the absence of international agreements regulating such matters, transfer or access should only be allowed if it has been verified that the third country’s legal system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and that the reasoned objection of the addressee is subject to a review by a competent court in the third country, which is empowered to take duly into account the relevant legal interests of the provider of such data. Wherever possible under the terms of the data access request of the third country’s authority, thea provider of data processing services should be able to inform the customa data holder whose data are being requested in order to verify the presence of a potential conflict of such access with Union or national rules, such as those on the protection of commercially sensitive data, including the protection of trade secrets and intellectual property rights and the contractual undertakings regarding confidentiality.
Amendment 335 #
Proposal for a regulation
Recital 78
Recital 78
(78) To foster further trust in the data, it is important that safeguards in relation to Union citizens, the public sector and businesses are implemented to the extent possible to ensure control over their data. In addition, Union law, values and standards should be upheld in terms of (but not limited to) security, data protection and privacy, and consumer protection. In order to prevent unlawful access to non-personal data, data holders and providers of data processing services subject to this instrument, such as cloud and edge services, should take all reasonable measures to prevent access to the systems where non-personal data is stored, including, where relevant, through the encryption of data, the frequent submission to audits, the verified adherence to relevant security reassurance certification schemes, and the modification of corporate policies.
Amendment 336 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. Taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA], the Commission should be able to adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri shcould also be part of the technical specifications for semantic interoperability. Furthermore, taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA], the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services.
Amendment 342 #
Proposal for a regulation
Recital 80
Recital 80
(80) To promote the interoperability of smart contracts in data sharing applications, it ismay be necessary to lay down essential requirements for smart contracts for professionals who create smart contracts for others or integrate such smart contracts in applications that support the implementation of agreements for sharing data. In order to facilitate the conformity of such smart contracts with those essential requirements, it ismay be necessary to provide for a presumption of conformity for smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council.
Amendment 347 #
Proposal for a regulation
Recital 82
Recital 82
(82) In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for the infringements of their rights under this Regulation by lodging complaints with competent authorities. Those authorities should be obliged to cooperate to ensure the complaint is appropriately handled in a timely manner and resolved. In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to the Regulation (EU) 2017/2394 of the European Parliament and of the Council68 and Directive (EU) 2020/1828 of the European Parliament and of the Council69 . _________________ 68 Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1). 69 Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
Amendment 349 #
Proposal for a regulation
Recital 85
Recital 85
(85) In order to take account of technical aspects of data processing services, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of supplementing this Regulation to introduce a monitoring mechanism on switching charges imposed by data processing service providers on the market, to further specify the essential requirements for operators of data spaces and data processing service providers on interoperability and to publish the reference of open interoperability specifications and European standards for the interoperability of data processing services. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 201670 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. _________________ 70 OJ L 123, 12.5.2016, p. 1.
Amendment 350 #
Proposal for a regulation
Recital 87
Recital 87
(87) This Regulation should not affect specific provisions of acts of the Union adopted in the field of data sharing between businesses, between businesses and consumers and between businesses and public sector bodies that were adopted prior to the date of the adoption of this Regulation. To ensure consistency and the smooth functioning of the internal market, the Commission should, where relevant, evaluate the situation with regard to the relationship between this Regulation and the acts adopted prior to the date of adoption of this Regulation regulating data sharing, in order to assess the need for alignment of those specific provisions with this Regulation. This Regulation should be without prejudice to rules addressing needs specific to individual sectors or areas of public interest. Such rules may include additional requirements on technical aspects of the data access, such as interfaces for data access, or how data access could be provided, for example directly from the product or via data intermediation services. Such rules may also include limits on the rights of data holders to access or use user data, or other aspects beyond data access and use, such as governance aspects. This Regulation also should be without prejudice tocan be complemented by more specific rules in the context of the development of common European data spaces.
Amendment 354 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a product or: (a) on the design of connected products to allow access to data generated by a product or generated during the provision of related service availables to the user of that product or service, on the; (b) on data holders making data available by data holdersdata they received from a connected product or generated during the provision of a related service to users or to data recipients, andt the request onf the user; (c) on fair contractual terms for sharing data; (d) on the making data available byof data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for in the performance of a task carried out in the public interest: ublic interest: (e) on facilitating switching between data processing services; (f) on introducing safeguards against unlawful international access to non- personal data, and; (g) on providing for the development of interoperability standards and common specifications for data to be transferred and used.
Amendment 361 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) manufacturers ofand vendors of connected products, and supplis well as providers of related services placed on the market in the Union and the users of such connected products or related services;
Amendment 368 #
Proposal for a regulation
Article 1 – paragraph 2 – point b
Article 1 – paragraph 2 – point b
(b) users of connected products or data holders that make data available to data recipients in the Union;
Amendment 371 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodies that request users or data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request;
Amendment 378 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect the applicability of Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC, including the powers and competences of supervisory authoritiese obtaining, collection, or generation of personal data through the use of a product or related service requires a legal basis pursuant to data protection law. This Regulation does not create a legal basis for the processing of personal data, nor does it affect any of the rights and obligations set out in Regulations (EU) 2016/679 or (EU) 2018/1725 or Directives 2002/58/EC or (EU) 2016/680. The legitimate interest, as laid down in Article 6 paragraph 1 point f of Regulation (EU) 2016/679, of the manufacturer of a product or the provider of a related service shall not constitute a legal basis for this. This Regulation is without prejudice to Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC, including the powers and competences of supervisory authorities. In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail. Insofar as the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement the right of data portability under Article 20 of Regulation (EU) 2016/679.
Amendment 384 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e-evidence proposals [COM(2018) 225 and 226] once adopted, competition law and antitrust investigations, and international cooperation in thatese areas. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
Amendment 386 #
Proposal for a regulation
Article 1 – paragraph 4 a (new)
Article 1 – paragraph 4 a (new)
4 a. This Regulation shall not be interpreted as recognising or creating a legal basis for manufacturers or vendors of connected products to access data generated by connected products that they have sold, or as conferring any new right onto manufacturers, data holders or data recipients to use data transmitted by a connected product or generated during the provision of a related service.
Amendment 391 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording; content, or data obtained, generated or collected by the connected product or transmitted to it on behalf of others for the purpose of storage or processing, shall not be covered by this Regulation.
Amendment 394 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
Amendment 416 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2
Article 2 – paragraph 1 – point 2
(2) ‘connected product’ means a tangible, movable item, including where incorporated in item that, through its technical design and features, including sensors and immovable item, that obtains, generates or collects,n-device software, obtains, collects or otherwise generates transmissible data concerning its use or environment, and that is able to communicate data via a publicly available electronic communications service and whose primary function is not the storing and processing of data on behalf of third parties;
Amendment 425 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3
Article 2 – paragraph 1 – point 3
(3) ‘related service’ means a digital service, including software, which is incorporated in or inter-necessary in order for the connected with a product in such a way that its absence would prevent the product from performing one of its functions;to perform one or more of its functions and which involves the transmission of data from the connected product to the provider of that service
Amendment 426 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
(4) ‘virtual assistants’ means software, including when incorporated in a connected product, that can process demands, tasks or questions including based on audio, written input, gestures or motions, and based on those demands, tasks or questions provides access their own and third party services or control their own and third party deviceo services or control the functions of connected products;
Amendment 430 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person that owns, rents or leases a, including a data subject, that owns a connected product or receives a related service, or to whom the owner of the connected product has transferred, on the basis of a rental or lease agreement, temporary rights to use the connected product or receives a related services;
Amendment 435 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person, who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, theoffers a related service to the user, which involves access to data transmitted from a connected product or generated during the provision of a related service, and who has, in the case of non-personal data, the contractually agreed ability, to make available certainuse such data;
Amendment 444 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘data recipient’ means a legal or natural person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a product or related service, to whom theincluding a data intermediation service, or data altruism organisation, as defined in Regulation … [DGA] to whom the user or, following a request of the user or a data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation implementing Union law data transmitted by a connected product or generated during the provision of a related service;
Amendment 448 #
Proposal for a regulation
Article 2 – paragraph 1 – point 8
Article 2 – paragraph 1 – point 8
(8) ‘enterprise’ means a natural or legal person which in relation to contracts and practices covered by this Regulation is acting for purposes which are related to that person’s trade, business, craft or profession; In cases where the acts of a natural person are of a nature that go beyond consumer behaviour but do not meet the regular character of a trade, business, craft or profession, such as prosumers, they are to be assimilated to enterprises and benefit from the rights conferred upon them by this Regulation;
Amendment 458 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation, such as public health emergencies, emergencies resulting from natural disasters, as well as human-induced major disasters, negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s) and which is determined and officially declared according to the respective procedures under Union or national law;
Amendment 461 #
Proposal for a regulation
Article 2 – paragraph 1 – point 11
Article 2 – paragraph 1 – point 11
(11) ‘processing’ means any operation or set of operations which is performprocessing as defined oin data or on sets of data in electronic format, whether or not by automated means, such as collection, recording, organisation, structuring, storage, aArticle 4, point (2), of Regulation (EU) 2016/679 with regard to personal daptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction or Article 3, point (2), of Regulation (EU) 2018/1807 with regard to non-personal data;
Amendment 464 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data processing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resourstorage and computing resources, including related services, of a centralised, distributed or highly distributed nature;
Amendment 466 #
Proposal for a regulation
Article 2 – paragraph 1 – point 15
Article 2 – paragraph 1 – point 15
(15) ‘open interoperability specifications’ mean ICT technical specificationsstandards’, as defined in Regulation (EU) No 1025/2012, mean technical specifications, which are performance oriented towards achieving interoperability between data processing services and which are adopted through an inclusive, collaborative, consensus- based and transparent process from which materially affected and interested parties cannot be excluded;
Amendment 470 #
Proposal for a regulation
Article 2 – paragraph 1 – point 16
Article 2 – paragraph 1 – point 16
Amendment 473 #
Proposal for a regulation
Article 2 – paragraph 1 – point 17
Article 2 – paragraph 1 – point 17
Amendment 475 #
Proposal for a regulation
Article 2 – paragraph 1 – point 19
Article 2 – paragraph 1 – point 19
(19) ‘interoperability’ means the ability of two or more data-based services, including data spaces or, communication networks, systems, products, applications or components to store, process, exchange and use data in order to perform their functions;
Amendment 487 #
Proposal for a regulation
Article 3 – title
Article 3 – title
Amendment 497 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. PConnected products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user in such a manner that transmissible data obtained, collected or otherwise generated by the connected product are, by default, easily, securely and, where technically feasible, directly accessible and retrievable to the user, in a structured, commonly used and machine-readable format, including the relevant metadata.
Amendment 511 #
Proposal for a regulation
Article 3 – paragraph 2 – introductory part
Article 3 – paragraph 2 – introductory part
2. Before concluding a contract for the purchase, rent or lease of a product or a related ser of a connected product, the vendor shall provicde, at least the following information shall be provided to the usto a prospective buyer, in a clear and comprehensible format:
Amendment 513 #
Proposal for a regulation
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
(a) the nature and volume of the data likely to be generated by the use of the product or related service, format, estimated volume, collection frequency, and in- device storage duration of data, which the connected product is capable of obtaining, collecting or otherwise generating;
Amendment 517 #
Proposal for a regulation
Article 3 – paragraph 2 – point b
Article 3 – paragraph 2 – point b
(b) whether the data is likely to be generatedconnected product is capable of generating data continuously and in real-time;
Amendment 525 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
Article 3 – paragraph 2 – point c
(c) how the user may accessaccess and, where relevant, retrieve those data;
Amendment 533 #
Proposal for a regulation
Article 3 – paragraph 2 – point d
Article 3 – paragraph 2 – point d
Amendment 538 #
Proposal for a regulation
Article 3 – paragraph 2 – point e
Article 3 – paragraph 2 – point e
Amendment 542 #
Proposal for a regulation
Article 3 – paragraph 2 – point f
Article 3 – paragraph 2 – point f
Amendment 546 #
Proposal for a regulation
Article 3 – paragraph 2 – point g
Article 3 – paragraph 2 – point g
Amendment 550 #
Proposal for a regulation
Article 3 – paragraph 2 – point h
Article 3 – paragraph 2 – point h
Amendment 552 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
Amendment 556 #
Proposal for a regulation
Article 4 – title
Article 4 – title
The right of users to access and use data generated by the use of productss and obligations of users and data holders to access and make available data transmitted by connected products or generated during the provision orf related services
Amendment 562 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where datait cannot be directly accessed by the user from the product, the data holders shall make available to the user theany data generated by its use of atransmitted to them by the connected product, or generated during the provision of related services without undue delay, free of charge and, where applicable, continuously and in real-time, in a comprehensive, structured, commonly used and machine-readable format and including the relevant metadata. This shall be done on the basis of a simple request through electronic means where technically feasible.
Amendment 568 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
2. The dData holders shall not require the user to provide any information beyond what is necessary to verify the quality as a user pursuant to paragraph 1. The dData holders shall not keep any information on the user’s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and the maintenance of the data infrastructure.
Amendment 581 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. TWhen sharing data mentioned under point b of Article 3(2a), trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties.
Amendment 587 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
Amendment 592 #
Proposal for a regulation
Article 4 – paragraph 5
Article 4 – paragraph 5
5. Where the user is not a data subject, any personal data generated by the use oftransmitted from a product or related service shall only be made available by thea data holder to the user where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 are fulfilled.
Amendment 593 #
Proposal for a regulation
Article 4 – paragraph 6
Article 4 – paragraph 6
6. The dData holders shall only use any non-personal data generatransmitted byto the use of a product orm from a connected product or generated during the provision of a related service on the basis of a contractual agreement with the user. The dWhere such contractual agreement is unilaterally imposed, in the sense of Article 13(5), Article 13 shall apply to the agreement. Data holders shall not use such data generatransmitted byto the use of the product orm from the connected product or generated during the provision of related service to derive insights about the economic situation, assets and production methods of or the use by the user that could undermine the commercial position of the user in the markets in which ithe user is active.
Amendment 597 #
Proposal for a regulation
Article 4 – paragraph 6 a (new)
Article 4 – paragraph 6 a (new)
6 a. Data holders shall not make available non-personal data transmitted to them from the connected product, referred to in point (a) of Article 3(2a), with third parties for commercial or non- commercial purposes other than the fulfilment of their contractual obligations to the user. Where relevant, data holders shall contractually bind third parties not to market, monetise or further share data received from them.
Amendment 598 #
Proposal for a regulation
Article 4 – paragraph 6 b (new)
Article 4 – paragraph 6 b (new)
6 b. Where the contractual agreement between the user and a data holder allows for the use of data transmitted from the connected product, referred to in point (a) of Article 3(2a), the data holder shall be able to use that data for any of the following purposes: (a) improving the functioning of the connected product or related services; (b) developing new products or services; (c) enriching or manipulating it or aggregating it with other data, including with the aim of making available the resulting data set with third parties, as long as such derived data set does not allow the identification of the specific data items transmitted to the data holder from the connected product, or allow a third party to derive these data items from the data set.
Amendment 599 #
Proposal for a regulation
Article 4 – paragraph 6 c (new)
Article 4 – paragraph 6 c (new)
6 c. Data holders shall be able to commercially incentivise the user to make available data transmitted from the connected object exclusively to them, but shall not make the offer of a related services, or its commercial terms, including pricing, contingent on such agreement by the user, or coerce, deceive or manipulate in any way the user to make available data on a exclusive basis.
Amendment 600 #
Proposal for a regulation
Article 4 – paragraph 6 d (new)
Article 4 – paragraph 6 d (new)
6 d. A vendor of a connected product shall not make the sale of such product dependent on the user concluding an agreement with it for the provision of related services.
Amendment 601 #
Proposal for a regulation
Article 4 – paragraph 6 e (new)
Article 4 – paragraph 6 e (new)
6 e. Data holders shall not use data transmitted to it from the connected product or generated during the provision of related services to derive insights about the economic situation, assets and production methods of or the use by the user that could undermine the commercial position of the user in the markets in which it is active.
Amendment 611 #
1. Upon request by a user, or by a party acting on behalf of a user, theor, in the case of personal data, upon request of the data subject, data holders shall make available the data generatransmitted byto the use of a product orm from the connected product or generated during the provision of a related service to a third partydata recipient, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time.
Amendment 617 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper, pursuant to Article […] of [Regulation XXX on contestable and fair markets in the digital sector (Digital Markets Act)73 ], shall not be an eligible third party under this Article and therefore shall not: _________________ 73 OJ […].
Amendment 618 #
Proposal for a regulation
Article 5 – paragraph 2 – point a
Article 5 – paragraph 2 – point a
(a) solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation,user in any manner to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1);
Amendment 619 #
Proposal for a regulation
Article 5 – paragraph 2 – point a a (new)
Article 5 – paragraph 2 – point a a (new)
(a a) solicit a data holder to make available data, that they have the rights to use and make available to under Article 4(6);
Amendment 620 #
Proposal for a regulation
Article 5 – paragraph 2 – point b
Article 5 – paragraph 2 – point b
(b) solicit or commercially incentivise a user to request the data holder to make data available to one of its services pursuant to paragraph 1 of this Article;
Amendment 621 #
Proposal for a regulation
Article 5 – paragraph 2 – point c
Article 5 – paragraph 2 – point c
(c) receive data from a user that the user has obtained pursuant to a request under Article 4(1).make the commercial terms, including pricing, of any products or services offered to the user conditional or otherwise commercially dependent upon whether, or to which degree, the user agrees to make available data, transmitted from the connected object or generated during the provision of related services, to the undertaking providing platform services or any of its affiliates;
Amendment 623 #
Proposal for a regulation
Article 5 – paragraph 2 – point c a (new)
Article 5 – paragraph 2 – point c a (new)
(c a) coerce, deceive or manipulate in any other way the user, including by subverting or impairing its autonomy, decision-making or choices in order to receive such data from the user or a data holder.
Amendment 626 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. The user or third partye data recipient shall not be required to provide any information beyond what is necessary to verify the quality as user or as third partydata recipient pursuant to paragraph 1. The dData holders shall not keep any information on the third partydata recipient’s access to the data requested beyond what is necessary for the sound execution of the third partydata recipient’s access request and for the security and the maintenance of the data infrastructure.
Amendment 628 #
Proposal for a regulation
Article 5 – paragraph 3 a (new)
Article 5 – paragraph 3 a (new)
Amendment 629 #
Proposal for a regulation
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The third partydata recipient shall not deploy coercive means or abuse evident gaps in the technical infrastructure of thea data holder designed to protect the data in order to obtain access to data.
Amendment 633 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
5. The dData holders shall not use any non- personal data generated by the use of the product ortransmitted to it from the connected product or generated during the provision of a related service to derive insights about the economic situation, assets and production methods of or use by the third partydata recipient that could undermine the commercial position of the third partydata recipient on the markets in which ithe third party is active, unless the third partydata recipient has consented to such use and has the technical possibility to withdraw that consent at any time.
Amendment 635 #
Proposal for a regulation
Article 5 – paragraph 6
Article 5 – paragraph 6
6. Where the user is not a data subject, any personal data generated by the use of a connected product or related service shall only be made available where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 are fulfilled.
Amendment 639 #
Proposal for a regulation
Article 5 – paragraph 7
Article 5 – paragraph 7
7. Any failure on the part of thea data holder and the third partydata recipient to agree on arrangements for transmitting the data shall not hinder, prevent or interfere with the exercise of the rights of the data subject under Regulation (EU) 2016/679 and, in particular, with the right to data portability under Article 20 of that Regulation.
Amendment 644 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third partiedata recipients to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third partydata recipient and all specific necessary measures agreed between the concerned data holder and the third partydata recipient are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the user and the data holder and the third partydata recipient.
Amendment 645 #
Proposal for a regulation
Article 6 – title
Article 6 – title
Obligations of third partiedata recipients receiving data at the request of the user
Amendment 647 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A third partydata recipient shall process the data made available to it pursuant to Article 5 only for the purposes and under the conditions agreed with the user, and subject to the rights of the data subject insofar as personal data are concerned, and shall delete the data when they are no longer necessary for the agreed purpose, unless agreed differently with the user.
Amendment 648 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. The third partydata recipient shall not:
Amendment 661 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) make the data available it receives to another third party, in raw, aggregated or derived form, unless this isunless this is explicitly permitted by the user, or necessary to provide the service requested by the user;
Amendment 664 #
Proposal for a regulation
Article 6 – paragraph 2 – point d
Article 6 – paragraph 2 – point d
Amendment 666 #
Proposal for a regulation
Article 6 – paragraph 2 – point e
Article 6 – paragraph 2 – point e
Amendment 667 #
Proposal for a regulation
Article 6 – paragraph 2 – point f
Article 6 – paragraph 2 – point f
Amendment 677 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The obligations of this ChapterArticle 5(1) shall not apply to data generated by the use ofconnected products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise and where a micro or small enterprise is not subcontracted to manufacture or design a product or provide a related service.
Amendment 683 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
Amendment 686 #
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
1. Where a data holder is obliged to make data available to a data recipient under Article 5 or under other Union law or national legislation implementing Union law, it shall agree, where applicable, with a data recipient the modalities for making the data available and shall do so under fair, reasonable and non-discriminatory terms and in a transparent manner in accordance with the provisions of this Chapter and Chapter IV.
Amendment 688 #
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. A data holder shall agree with a data recipient the terms for making the data available. Any contractual termagreement concerning the access to and use of the data or the liability and remedies for the breach or the termination of data related obligations shall not be binding if it fulfils the conditions of Article 13 or if it excludes the application of, derogates from or varies the effect of the user’s rights under Chapter II.
Amendment 690 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. A data holder shall not discriminate with respect to the modalities of data sharing between comparable categories of data recipients, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient considers the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder to demonstrate that there has been no discrimination.
Amendment 691 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
Amendment 693 #
Proposal for a regulation
Article 8 – paragraph 6
Article 8 – paragraph 6
6. Unless otherwise provided by Union law, including Articles 4(3), 5(8) and Article 6 of this Regulation, or by national legislation implementing Union law, an data holder’s obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets within the meaning of Directive (EU) 2016/943.
Amendment 697 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonable. not exceed the costs related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 702 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
Amendment 712 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can verify that the requirements of paragraph 1 and, where applicable, paragraph 2 are met.
Amendment 715 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. DUsers, data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the fulfilment of the data holder’s obligation to make data available to the data recipient, upon the request of the user, the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8 and 9.
Amendment 721 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The user or data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third partieaccess and use data transmitted from the product or generated during the provision of related services, or provide such data to data recipients pursuant to Article 5 or any right of a third partydata recipient under Union law or national legislation implementing Union law as referred to in Article 8(1).
Amendment 729 #
Proposal for a regulation
Article 11 – paragraph 2 – introductory part
Article 11 – paragraph 2 – introductory part
2. A data recipient that has, for the purposes of obtaining data, provided inaccurate or false information to the data holder, deployed deceptive or coercive means or abused evident gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holduser’s authorisation, shall without undue delay, unless the data holder or the user instruct otherwise:
Amendment 730 #
Proposal for a regulation
Article 11 – paragraph 2 – point a
Article 11 – paragraph 2 – point a
(a) destroy the data made available by the data holder and any copies thereof;
Amendment 732 #
Proposal for a regulation
Article 11 – paragraph 3 – introductory part
Article 11 – paragraph 3 – introductory part
3. Paragraph 2, point (b), shall not apply in either of the following cases:f it would be disproportionate in light of the interests of the user .
Amendment 735 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
3. This Chapter shall only apply in relation to obligations to make data available under Union law or national legislation implementing Union law, which enter into force after [date of application of the Regulation]. As regards obligations for the provision of related services, which have entered into force before [date of application of the Regulation], their provisions shall be aligned with this Regulation within two years after the date of application of this Regulation.
Amendment 736 #
Proposal for a regulation
Chapter IV – title
Chapter IV – title
IV UNFAIR TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
Amendment 737 #
Proposal for a regulation
Article 13 – title
Article 13 – title
Unilaterally imposed unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise
Amendment 741 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise one a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/ECctor onto another shall not be binding on the latter enterpriseactor if it is unfair.
Amendment 742 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. A contractual term is unfair if it is of such a nature that objectively impairs the ability of the party upon whom the term has been unilaterally imposed to protect its legitimate commercial or non- commercial interest in the data in question, if its use grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing.
Amendment 745 #
Proposal for a regulation
Article 13 – paragraph 4 – point b
Article 13 – paragraph 4 – point b
(b) allow the party that unilaterally imposed the term to access and use data of the other contracting party in a manner that is significantly detrimental to the legitimate commercial or non-commercial interests of the other contracting party;
Amendment 746 #
Proposal for a regulation
Article 13 – paragraph 4 – point c
Article 13 – paragraph 4 – point c
(c) prevent the party upon whom the term has been unilaterally imposed from using the data contributed or generated by that party, including data transmitted from a connected product, as defined under Article 3(2a), during the period of the contract, or to limit the use of such data to the extent that that party is not entitled to use, captureextract, access or control such data or exploit the value of such data in a proportionate manner, unless it has presented that party with an explicit choice between concluding the agreement without limitation to its rights and the option to be compensated proportionately in exchange for foregoing those rights;
Amendment 747 #
Proposal for a regulation
Article 13 – paragraph 4 – point e a (new)
Article 13 – paragraph 4 – point e a (new)
(e a) prevent the party upon whom the term has been unilaterally imposed from terminating the agreement within a reasonable time period.
Amendment 750 #
Proposal for a regulation
Article 13 – paragraph 7
Article 13 – paragraph 7
7. This Article does not apply to contractual terms defining the main subject matter of the contract or to contractual terms determining the price to be paid.
Amendment 759 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Upon a specific request, a data holder shall make datanon-personal data, which it is currently collecting or has previously obtained, collected or otherwise generated and which it retains at the time of the request, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.
Amendment 765 #
Proposal for a regulation
Article 14 – paragraph 1 a (new)
Article 14 – paragraph 1 a (new)
1 a. The basis for the exceptional need to request data referred to in paragraph 1 shall be laid down by Union law; or Member State law.
Amendment 772 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use non-personal data within the meaning of this Chapter shall be deemed to exist in anyeither of the following circumstances:
Amendment 775 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
Article 15 – paragraph 1 – point a
(a) where the data requested is limited in time and scope and necessary to respond to an imminent public emergency;
Amendment 779 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
Amendment 787 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
Article 15 – paragraph 1 – point c – introductory part
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; andis acting on the basis of EU or Member State law and has identified specific data, which is unavailable to it and which is demonstrably necessary to fulfil a specific task in the public interest that has been explicitly provided by law, and where, in the absence of EU, Member State obligations to make data available without compensation, the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates.
Amendment 790 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
Article 15 – paragraph 1 – point c – point 1
Amendment 793 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
Amendment 805 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The rights from this Chapter shall not be exercised byis Chapter does not apply to public sector bodies and Union institutions, agencies and bodies in order to carry out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or for customs or taxation administration. This Chapter does not affect the applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.
Amendment 814 #
Proposal for a regulation
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) demonstrate the specific exceptional need for which the data are requested;
Amendment 828 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) specify when the data is expected to be deleted by the public sector body, Union institution, agency or body.
Amendment 837 #
Proposal for a regulation
Article 17 – paragraph 2 – point a a (new)
Article 17 – paragraph 2 – point a a (new)
(a a) be specific with regards to the type of data and correspond to data which the data holder is currently collecting or has previously collected, obtained or otherwise generated and which it retains at the time of the request,
Amendment 846 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 852 #
Proposal for a regulation
Article 17 – paragraph 2 – point f
Article 17 – paragraph 2 – point f
(f) be made publicly available online without undue delin ten working days.
Amendment 854 #
Proposal for a regulation
Article 17 – paragraph 3
Article 17 – paragraph 3
3. A public sector body or a Union institution, agency or body shall not make data obtained pursuant to this Chapter available for reuse within the meaning of Directive (EU) 2019/1024 and Regulation (EU) 2022/868. Directive (EU) 2019/1024 shall not apply to the data held by public sector bodies obtained pursuant to this Chapter.
Amendment 857 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to agree to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in viewfor the purpose of completing the tasks in Article 15 or to make the data available to a third party strictly for those purposes, in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. Where relevant, it shall bind the third party contractually not to use the data for any other purposes and not to share it with other third parties. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply, including, where relevant, to those third parties.
Amendment 861 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2
Article 17 – paragraph 4 – subparagraph 2
Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph to a third party, it shall notify the data holder from whom the data was received without undue delay.
Amendment 863 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2 a (new)
Article 17 – paragraph 4 – subparagraph 2 a (new)
A public sector body, Union institution, agency, body or undertaking, or a third party receiving data under this Chapter shall not: (a) use the data to develop a product or a service that competes with the product or service from which the accessed data originates; (b) use it to enhance an existing product or service which is competing with the product or service from which the accessed data originates; (c) derive insights about the economic situation, assets and production or operation methods of the data holder, or share the data with another third party for that purpose.
Amendment 875 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 510 working days following the receipt of a request for the data necessary to respond to a public emergency and within 1520 working days in other cases of exceptional need, defined under point (b) of Article 15, on either of the following grounds:
Amendment 877 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
Article 18 – paragraph 2 – point a
(a) the data is unavailableholder is not currently collecting or has not previously collected, obtained or otherwise generated the requested data and does not retain it at the time of the request ;
Amendment 883 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
Amendment 895 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
Amendment 898 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) ensure, including through the application of proportionate security measures, where applicable in accordance with Union and national law, that any protected nature of data is preserved and unauthorised access is avoided.
Amendment 922 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. DUnless specified otherwise in EU or Member State law, data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge.
Amendment 928 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 932 #
Proposal for a regulation
Article 21
Article 21
Amendment 1004 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. PData holders and providers of data processing services shall take all reasonablappropriate technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
Amendment 1007 #
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. Any decision or judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a data holder or provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.
Amendment 1008 #
Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part
Article 27 – paragraph 3 – subparagraph 1 – introductory part
In the absence of such an international agreement, where a data holder or provider of data processing services is the addressee of a decision of a court or a tribunal or a decision of an administrative authority of a third country to transfer from or give access to non-personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only following review by the relevant competent bodies or authorities, pursuant to this Regulation to assess if, in addition to the provisions of any relevant national or Union law, the following conditions have been met:
Amendment 1015 #
Proposal for a regulation
Article 28 – title
Article 28 – title
Essential requirements regarding interoperability of data spaces
Amendment 1016 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Amendment 1023 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a
Article 28 – paragraph 1 – subparagraph 1 – point a
(a) the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described to allow the reparticipieants to find, access and use the data;
Amendment 1024 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b
Article 28 – paragraph 1 – subparagraph 1 – point b
(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists shall be described in a publicly available and consistent manner;
Amendment 1025 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real- time in a machine-readable format and, where relevant, the means and terms for compensation for such access;
Amendment 1029 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d
Article 28 – paragraph 1 – subparagraph 1 – point d
(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.
Amendment 1031 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 2
Article 28 – paragraph 1 – subparagraph 2
Amendment 1032 #
Proposal for a regulation
Article 28 – paragraph 2
Article 28 – paragraph 2
2. The Commission is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by further specifying the essential requirements for harmonised standards referred to in paragraph 1, taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA].
Amendment 1034 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
Amendment 1043 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. The Commission shallmay, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary, with respe. Prior to adopting those implementing acts to any or all of the requirements laid down in paragraph 1 of this Article. Those implementing acts shallhe Commission shall seek advice from and take into account relevant positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA] and be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 1044 #
Proposal for a regulation
Article 28 – paragraph 6
Article 28 – paragraph 6
Amendment 1068 #
Proposal for a regulation
Article 30 – paragraph 1 – introductory part
Article 30 – paragraph 1 – introductory part
1. The vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deploymentoffering contractual party of a smart contracts for others in the context of an agreement to make data available shall comply with the following essential requirements:
Amendment 1079 #
Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)
Article 30 – paragraph 1 – point d a (new)
(d a) transparency of commercial terms: the smart contract offering shall comprehensively describe the commercial terms underlying the agreement, including any conditional commercial terms, such as future changes of commercial terms conditional upon environmental and performance factors
Amendment 1080 #
Proposal for a regulation
Article 30 – paragraph 1 – point d b (new)
Article 30 – paragraph 1 – point d b (new)
(d b) The obligations under Article 13 of this Regulation, if applicable.
Amendment 1083 #
Proposal for a regulation
Article 30 – paragraph 2
Article 30 – paragraph 2
2. The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deploymentoffering party of a smart contracts for others in the context of an agreement to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements under paragraph 1 and, on the fulfilment of the requirements, issue an EU declaration of conformity.
Amendment 1084 #
Proposal for a regulation
Article 30 – paragraph 3
Article 30 – paragraph 3
3. By drawing up the EU declaration of conformity, the vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deploymentoffering party of a smart contracts for others in the context of an agreement to make data available shall be responsible for compliance with the requirements under paragraph 1.
Amendment 1091 #
Proposal for a regulation
Article 30 – paragraph 6
Article 30 – paragraph 6
Amendment 1096 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. Each Member State shall designate one or more competent authorities as responsible for the application and enforcement of this Regulation. Member States may establish one or more new authorities or rely on existing authorities. , including those designated for data intermediation services in Article 13 of Regulation …[DGA].
Amendment 1098 #
Proposal for a regulation
Article 31 – paragraph 2 – point b
Article 31 – paragraph 2 – point b
(b) for specific sectoral data exchangeaccess issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected; in particular with regard to data access requirements under Article 3 of this Regulation, the competence of sectoral authorities shall be respected, unless a conflict of competences inhibits the ability of the competent authorities under this Regulation to enforce the rights and obligations of this Regulation;
Amendment 1101 #
Proposal for a regulation
Article 31 – paragraph 2 – point c
Article 31 – paragraph 2 – point c
(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have experience in the field of data, including non-personal data, and electronic communications services.
Amendment 1113 #
Proposal for a regulation
Article 31 – paragraph 3 – point e
Article 31 – paragraph 3 – point e
(e) monitoring technological and commercial developments of relevance for the making available and use of data;
Amendment 1122 #
Proposal for a regulation
Article 31 – paragraph 7 a (new)
Article 31 – paragraph 7 a (new)
7 a. Competent authorities shall cooperate with competent authorities of other Member States to ensure a consistent and efficient application of this Regulation. Such mutual assistance shall include the exchange of all relevant information by electronic means, without undue delay, in particular to carry out the tasks referred to in paragraph (3), points (b), (c) and (d);
Amendment 1123 #
Proposal for a regulation
Article 31 – paragraph 7 b (new)
Article 31 – paragraph 7 b (new)
7 b. Entities falling within the scope of this Regulation shall be subject to the jurisdiction of the Member State where the entity is established. In case the entity is established in more than one Member State, it shall be deemed to be under the jurisdiction of the Member State in which business footprint, as measured by the number of employees registered or revenues generated in that Member State is largest.
Amendment 1124 #
Proposal for a regulation
Article 31 – paragraph 7 c (new)
Article 31 – paragraph 7 c (new)
7 c. An entity falling within scope of this Regulation that offers products or services in the Union but is not established in the Union, nor has designated a legal representative therein, shall be under the jurisdiction of all Member States, where applicable, for the purposes of ensuring the application and enforcement of this Regulation. Any competent authority may exercise its competence, provided that the entity is not subject to enforcement proceedings for the same facts by another competent authority.
Amendment 1137 #
Proposal for a regulation
Article 33 – paragraph 1 a (new)
Article 33 – paragraph 1 a (new)
1 a. Member States shall take into account the following non-exhaustive criteria for the imposition of penalties for infringements of this Regulation: (a) the nature, gravity, scale and duration of the infringement; (b) any action taken by the infringing party to mitigate or remedy the damage caused by the infringement; (c) any previous infringements by the infringing party; (d) the financial benefits gained or losses avoided by the infringing party due to the infringement, insofar as such benefits or losses can be reliably established; (e) any other aggravating or mitigating factors applicable to the circumstances of the case.
Amendment 1140 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
The Commission shall develop and recommend non-binding model contractual terms on data access and use and standard contractual clauses for cloud computing contracts to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such model contractual terms shall address at least the following elements: (a) right to early termination of the contract and to switch operator and modalities to effect such switch; (b) right for the user of a connected product to suppress use of data transmitted from the connected product; (c) data retention and storage policies; (d) readability of the data for the user, including information on metadata and decryption.
Amendment 1148 #
Proposal for a regulation
Article 41 – paragraph 1 – point a
Article 41 – paragraph 1 – point a
(a) ofurther specifying categories or types of data to be made accessible;
Amendment 1149 #
Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)
Article 41 – paragraph 1 – point a a (new)
(a a) the use of data by users, including making them available to third parties as well as the development of the modalities of data sharing, including competitive dynamics in data spaces and data intermediation services;
Amendment 1164 #
Proposal for a regulation
Article 42 – paragraph 2 a (new)
Article 42 – paragraph 2 a (new)
The obligation resulting from Article 3(1) shall apply to products and related services placed on the market from ... [12 months after the date of application of this Regulation].