59 Amendments of Moritz KÖRNER related to 2022/0047(COD)
Amendment 119 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10 a) Data collected or generated by defence products or services or in the context of defence-related activities, including data collected or generated by dual-use products such as satellites, aircraft and drones when used in a defence context, should be excluded from the scope of this Regulation as the disclosure of such data would create strategic vulnerabilities for European security and defence.
Amendment 122 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Product- design data, that relate exclusively to the inner functioning and design of a product and do not present a significant interest to the user, for example data generated or collected as a by product of the interaction between components of sub-components of a system, should be excluded from the scope of this Regulation, provided the product manufacturer can show sharing such data brings no significant benefits to the user in reasonably foreseeable use cases such as the maintenance and repair of the product.
Amendment 127 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. Product design data, that relate exclusively to the inner functioning and design of a product,should be excluded from the scope of this Regulation insofar as such data brings no significant benefits to the user in reasonably foreseeable uses cases.
Amendment 137 #
Proposal for a regulation
Recital 24 a (new)
Recital 24 a (new)
(24 a) After the data has been made available to a user or data recipient according to the provisions of this Regulation, the data holder should not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user or by the third party.
Amendment 166 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 174 #
Proposal for a regulation
Recital 58
Recital 58
(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interestresponse to or recovery from a public emergency and the data holders that provide those data in response to such request;
Amendment 216 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e-evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not affect data collected or generated by defence activities, products, or services or by products or services deployed and used for defence purposes, and it shall not affect product design data, insofar as the product manufacturer has demonstrated that such data is of no significant interest to the user. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
Amendment 223 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1 a) “product design data” are data that relate exclusively to the internal functioning of the system and design of the product, for instance in relation to interfaces and interactions between internal components or sub-components of the system;
Amendment 247 #
Proposal for a regulation
Article 2 – paragraph 1 – point 9
Article 2 – paragraph 1 – point 9
(9) ‘public sector body’ means national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies;
Amendment 252 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s) and which is determined according to the respective procedures under Union or national law;
Amendment 256 #
Proposal for a regulation
Article 2 – paragraph 1 – point 14
Article 2 – paragraph 1 – point 14
(14) ‘functional equivalence’ means the maintenance of a minimum level of functionality in the environment of a new data processing service after the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the destination service will deliver the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contract, , insofar as the originating and the destination data processing services cover (in part or in whole) the same service type;
Amendment 271 #
Proposal for a regulation
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
(a) the nature and volumtype of the data likely to be generated by the use of the product or related service;
Amendment 272 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
Article 3 – paragraph 2 – point c
(c) how the user may access, retrieve, and request the deletion of those data;
Amendment 282 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge, easily, securely, in as structured, commonly used and machine-readable format and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible.
Amendment 288 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product or a related service that competes with the product or the related service from which the data originate.
Amendment 300 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper, pursuant to Article […] of [Regulation XXX on contestable and fair markets in the digital sector (Digital Markets Act)73 ], shall not be an eligible third party under this Article and therefore shall not: _________________ 73 OJ […].
Amendment 301 #
Proposal for a regulation
Article 5 – paragraph 2 – point a
Article 5 – paragraph 2 – point a
(a) solicit or commercially incentivise a user or a data recipient in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1) or that the data recipient has obtained pursuant to this Article;
Amendment 302 #
Proposal for a regulation
Article 5 – paragraph 2 – point c
Article 5 – paragraph 2 – point c
Amendment 305 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time.
Amendment 323 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is necessary to provide the service requested by the user beyond the provisions of that Regulation;
Amendment 327 #
Proposal for a regulation
Article 6 – paragraph 2 – point d
Article 6 – paragraph 2 – point d
Amendment 328 #
Proposal for a regulation
Article 6 – paragraph 2 – point e
Article 6 – paragraph 2 – point e
(e) use the data it receives to develop a product or related service that competes with the product or the related service from which the accessed data originate or share the data with another third party for that purpose;
Amendment 331 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. The third party shall implement adequate organizational, technical and cybersecurity measures to preserve the integrity of the data and to ensure its protection against unauthorised disclosure.
Amendment 334 #
Proposal for a regulation
Article 7 – paragraph 2 a (new)
Article 7 – paragraph 2 a (new)
2 a. The data holder shall not be liable towards the user for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user after the data has been made available.
Amendment 355 #
Proposal for a regulation
Article 11 – paragraph 2 – point b a (new)
Article 11 – paragraph 2 – point b a (new)
(b a) inform the user of the unauthorised use or disclosure of the data and measures taken to put an end to the unauthorised use or disclosure of the data.
Amendment 357 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
1 a. The data holder shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the data recipient after the data has been made available.
Amendment 367 #
Proposal for a regulation
Article 14 – paragraph 2 a (new)
Article 14 – paragraph 2 a (new)
2 a. This Chapter is without prejudice to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.
Amendment 370 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be deemed to exist in anywhere all of the following circumstancesonditions are met:
Amendment 373 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
Article 15 – paragraph 1 – point a
(a) where the data requested is strictly necessary to respond to a public emergency;
Amendment 375 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from a public emergency and is limited in time and scope;
Amendment 378 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
Article 15 – paragraph 1 – point c – introductory part
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitlresponding to the public emergency or from assisting the recovery pfrovided by law; andm a public emergency;
Amendment 379 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
Article 15 – paragraph 1 – point c – point 1
(1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or.
Amendment 380 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
Amendment 392 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
Article 17 – paragraph 1 – point c
(c) explain the purpose of the request, the intended use of the data requested, and the duration of that use, and which third parties the data may be disclosed to;
Amendment 394 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) where the request is made by a public sector body to a data holder established in another Member State, confirm that the public sector body has notified the competent authority of that Member State in conformity with Article 22(3);
Amendment 396 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(e b) where the data requested concerns personal data, consult the competent supervisory authority under Article 51 of Regulation (EU)2016/679 or under Article 52 under Regulation (EU) 2018/1725, abide by its recommendations, and confirm the conformity of the request with Regulation (EU)2016/679 or Regulation (EU) 2018/1725.
Amendment 400 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 applylso apply to such third parties.
Amendment 401 #
Proposal for a regulation
Article 17 – paragraph 4 a (new)
Article 17 – paragraph 4 a (new)
4 a. The third party shall not use the data it receives from a public sector body or a Union institution, agency or body to develop a product or a related service that competes with the product or related service from which the data originate.
Amendment 407 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the applicable rules on personal data protection shall be fully complied with. The data holder shall take reasonable efforts to pseudonymise the datapersonal data made available, insofar as the request can be fulfilled with pseudonymised data.
Amendment 411 #
Proposal for a regulation
Article 18 – paragraph 6 a (new)
Article 18 – paragraph 6 a (new)
6 a. A data holder complying with a request to make data available pursuant to this article shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing or the unauthorised disclosure of the data by the public sector body or a Union institution, agency or body, after the data has been made available.
Amendment 416 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) implement, insofar as the processing of personal data is necessary, technical, cybersecurity, and organisational measures that safeguard the rights and freedoms of data subjects;
Amendment 417 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) implement adequate administrative, technical and cybersecurity measures to prevent the unauthorised disclosure of the data;
Amendment 418 #
Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)
Article 19 – paragraph 1 – point b b (new)
(b b) inform without undue delay the data holder when a security incident has occurred that is affecting the confidentiality,integrity, or availability of the data it holds that was provided by the data holder;
Amendment 420 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate technical, cybersecurity, and organizational measures to preserve the confidentiality of those trade secrets and to ensure the security of the data and the prevention of its unauthorised disclosure.
Amendment 423 #
1. Data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge.
Amendment 426 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 429 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations or national statistical institutes and Eurostat in view of carrying out scientific research or analytics compatible withfor the purpose for which the data was requested, or to national statistical institutes and Eurostat for the compilation of official statistics.
Amendment 430 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received, providing all necessary information regarding the identity of the data recipient and the activities to be carried out by the data recipient, and shall ensure all organizational,technical, and cybersecurity measures to preserve the integrity of the data and to prevent its unauthorised disclosure.
Amendment 437 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service;
Amendment 439 #
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall be clear and transparent to the customer and shall include at least the following:
Amendment 441 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
Amendment 446 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
Article 24 – paragraph 1 – point c
(c) a minimum period for data retrieval of at least 360 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2.
Amendment 451 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service. This provision applies to the original provider only insofar as the measures are related to the services,contractual agreements or commercial practices of the original provider.
Amendment 456 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article
Amendment 457 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. The Commission shallmay, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary, with respect to any or all of the requirements laid down in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). Common specifications shall be developed in an open, transparent, technology-neutral manner, in consultation with industry and relevant stakeholders.
Amendment 458 #
Proposal for a regulation
Article 29 – paragraph 4
Article 29 – paragraph 4
4. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft European standards applicable to specific service types of data processing services.
Amendment 460 #
Proposal for a regulation
Article 30 – paragraph 5
Article 30 – paragraph 5
5. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential the requirements under paragraph 1 of this Article.
Amendment 461 #
Proposal for a regulation
Article 30 – paragraph 6
Article 30 – paragraph 6
6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross- border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). Common specifications shall be developed in an open, transparent, technology-neutral manner, in consultation with industry and relevant stakeholders.