104 Amendments of Christophe GRUDLER related to 2020/0340(COD)
Amendment 113 #
Proposal for a regulation
Recital 2
Recital 2
(2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . The data economy has to be built in a way to enable companies, especially micro, small and medium sized enterprises (SMEs) to thrive, ensuring data access neutrality, portability and interoperability. In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law, which can be pivotal for the rapid development of Artificial Intelligence technologies. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. In order to turn that vision into reality, it proposes to establish domain- specific common European data spaces, as the concrete arrangements in which data sharing and data pooling can happen. As foreseen in that strategy, such common European data spaces can cover areas such as health, mobility, manufacturing, financial services, energy, or agriculture or thematic areas, such as the European green deal or European data spaces for public administration or skills. _________________ 23Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions on the European Green Deal. Brussels, 11.12.2019. (COM(2019) 640 final) 24 COM (2020) 66 final.
Amendment 130 #
Proposal for a regulation
Recital 4
Recital 4
(4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to create a. A Union-wide governance framework for data accessshould have the objective of building trust among individuals and companies for data access, control, sharing, use and re-use, in particular regarding the re-use of certain types of data held by the public sector, the provision of services by data sharing providers to business users and to data subjects, as well as the collection and processing of data made available for altruistic purposes by natural and legal persons.
Amendment 147 #
Proposal for a regulation
Recital 10
Recital 10
(10) Prohibited exclusive agreements and other practices or arrangements between data holders and data re-userpertaining to the re-use of data held by public sector bodies which do not expressly grant exclusive rights but which can reasonably be expected to restrict the availability of data for re-use that have been concluded or have been already in place before the entry into force of this Regulation should not be renewed after the expiration of their term. In the case of indefinite or longer-term agreements, they should be terminated within three years from the date of entry into force of this Regulation.
Amendment 149 #
Proposal for a regulation
Recital 11
Recital 11
(11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, pThe conditions for re-use should be designed in a manner promoting scientific research, e.g. privileging research should be considered non-discriminatory. Public sector bodies allowing re-use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effortburden for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-userAlternatively, on- premise or remote re-use of the data within a secure processing environment could be permitted. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could make the use of such secure processing environment conditional on the signature by the re- user of a confidentiality agreement that prohibits the disclosure of any information that jeopardises the rights and interests of third parties that the re- user may have acquired despite the safeguards put in placeis also applies to pseudonymised data which remain personal data in the sense of Regulation (EU)2016/679. In the event of reidentification of data subjects, the obligation to report such a data breach to the public sector body should apply in addition to the obligation to report such a data breach to a supervisory authority and to the data subject in accordance with Regulation (EU) 2016/679. The public sector bodies, where relevant, should facilitate the re-use of data on the basis of consent of data subjects or permissions of legal persons on the re-use of data pertaining to them through adequate technical means. In this respect, the public sector body shcould support potential re- users in seeking such consent by establishing technical mechanisms that permit transmitting requests for consent from re-users, where practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly. When transmitting the request to consent, the public sector body should ensure that the data subject is clearly informed of the possibility to refuse such a request.
Amendment 153 #
Proposal for a regulation
Recital 11
Recital 11
(11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and, objectively justified, while not restricting and in line with competition law. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-user, on- premise or remote re-use of the data within a secure processing environment could be permitted. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could make the use of such secure processing environment conditional on the signature by the re-user of a confidentiality agreement that prohibits the disclosure of any information that jeopardises the rights and interests of third parties that the re-user may have acquired despite the safeguards put in place. The public sector bodies, where relevant, should facilitate the re-use of data on the basis of consent of data subjects or permissions of legal persons on the re-use of data pertaining to them through adequate technical means. In this respect, the public sector body should support potential re-users in seeking such consent by establishing technical mechanisms that permit transmitting requests for consent from re-users, where practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly.
Amendment 164 #
Proposal for a regulation
Recital 3
Recital 3
(3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Directive 2004/48/EC of the European Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the European Parliament and of the Council (37 ), Directive 2010/40/EU of the European Parliament and of the Council (38 ) and Delegated Regulations adopted on its basis, and any other sector-specific Union legislation that organises the access to and re-use of data. This Regulation should be without prejudice to the access and use of data for the purpose of international cooperation in the context of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. A horizontal regime for the re-use of certain categories of protected data held by public sector bodies, the provision of data sharing servicintermediaries and of services based on data altruism in the Union should be established. Specific characteristics of different sectors may require the design of sectoral data-based systems, while building on the requirements of this Regulation. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act should also apply. _________________ 25 See: Annexes to the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 final). 26For example, Directive 2011/24/EU in the context of the European Health Data Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2020/1056, in the context of the European Mobility Data Space. 27Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. 59) 31Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities. (OJ L 87, 31.03.2009, p. 164) 32Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) 33Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. (OJ L 167, 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). 36Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 38 Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. (OJ L 207, 6.8.2010, p. 1)
Amendment 180 #
Proposal for a regulation
Recital 19
Recital 19
(19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive by a specific Union act, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Amendment 182 #
Proposal for a regulation
Recital 15
Recital 15
(15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided. Such appropriate safeguards should be considered to exist when in that third- country there are equivalent measures in place which ensure that non-personal data benefits from a level of protection similar to that applicable by means of Union or national law in particular as regards the protection of trade secrets and the protection of intellectual property rights. To that end, the Commission may adopt implementing acts that declare that a third country provides a level of protection that is essentially equivalent to those provided by Union or national law. The assessment of the level of protection afforded in such third-country should, in particular, take into consideration the relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law concerning the access to and protection of non-personal data, any access by the public authorities of that third country to the data transferred, the existence and effective functioning of one or more independent supervisory authorities in the third country with responsibility for ensuring and enforcing compliance with the legal regime ensuring access to such data, or the third countries’ international commitments regarding the protection of data the third country concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems. The existence of effective legal remedies for data holders, public sector bodies or data sharing providerintermediaries in the third country concerned is of particular importance in the context of the transfer of non-personal data to that third country. Such safeguards should therefore include the availability of enforceable rights and of effective legal remedies.
Amendment 184 #
Proposal for a regulation
Recital 20
Recital 20
(20) Public sector bodies should be able to charge fees for the re-use of data but. Such fees should be reasonable, transparent, published online and non-discriminatory. Public sector bodies should also be able to decide to make the data available at lower or no cost, for example for certain categories of re-uses such as non- commercial re-use, or re-use by micro, small and medium-sized enterprises, so as to incentivise such re-use in order to stimulate research and innovation and support companies that are an important source of innovation and typically find it more difficult to collect relevant data themselves, in line with State aid rules. Such fees should be reasonable, transparent, published online and non- discriminatory. The list of categories of re- users for which discounted or no fees apply should be made public together with the criteria used to establish such list, in line with State aid rules and competition law.
Amendment 191 #
Proposal for a regulation
Recital 22
Recital 22
(22) Providers of data sharing services (data intermediariData intermediation services) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharingdata intermediation services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data holders and data users, excluding data sharing services that are meant to be used by a closed group of data holders and users. Data intermediation services do not share data themselves, but only provide an intermediation service to entities wishing to engage in data sharing. Providers of cloud services should be excluded, as well as service providers that obtain data from data holders, aggregate, enrich or transform the data and licence the use of the resulting data to data users, without establishing a direct relationship between data holders and data users, for example advertisement or data brokers, data consultancies, providers of data products resulting from value added to the data by the service provider. At the same time, data sharing service providerintermediation services should be allowed to make adaptations to the data exchanged, to the extent that this improves the usability of the data by the data user, where the data user desires this, such as to convert it into specific formats. In addition, services that focus on the intermediation of content, in particular on copyright- protected content, should not be covered by this Regulation. Data exchange platforms that are exclusively used by one data holder in order to enable the use of data they hold as well as platforms developed in the context of objects and devices connected to the Internet-of-Things that have as their main objective to ensure functionalities of the connected object or device and allow value added services, should not be covered by this Regulation. ‘Consolidated tape providers’ in the sense of Article 4 (1) point 53 of Directive 2014/65/EU of the European Parliament and of the Council42 as well as ‘account information service providers’ in the sense of Article 4 point 19 of Directive (EU) 2015/2366 of the European Parliament and of the Council43 should not be considered as data sharing service providers for the purposes of this Regulation. Entities which restrict their activities to facilitating use of data made available on the basis of data altruism and that operate on a not-for-profit basis should not be covered by Chapter III of this Regulation, as this activity serves objectives of general interest by increasing the volume of data available for such purposes. _________________ 42Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L 173/349. 43Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.
Amendment 196 #
(27) In order to ensure the compliance of the providers of data sharing servicdata intermediaries with the conditions set out in this Regulation, such providerintermediaries should have a place of establishment in the Union. Alternatively, where a provider of data sharing servicesdata intermediary not established in the Union offers services within the Union, it should designate a representative. Designation of a representative is necessary, given that such providers of data sharing servicdata intermediaries handle personal data as well as commercially confidential data, which necessitates the close monitoring of the compliance of such service providerdata intermediaries with the conditions laid out in this Regulation. In order to determine whether such a provider of data sharing servicesdata intermediary is offering services within the Union, it should be ascertained whether it is apparent that the provider of data sharing servicesdata intermediary is planning to offer services to persons in one or more Member States. The mere accessibility in the Union of the website or of an email address and of other contact details of the provider of data sharing servicesdata intermediary, or the use of a language generally used in the third country where the provider of data sharing servicesdata intermediary is established, should be considered insufficient to ascertain such an intention. However, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering services in that other language, or the mentioning of users who are in the Union, may make it apparent that the provider of data sharing servicesdata intermediary is planning to offer services within the Union. The representative should act on behalf of the provider of data sharing servicesdata intermediary and it should be possible for competent authorities to contact the representative. The representative should be designated by a written mandate of the provider of data sharing servicesdata intermediary to act on the latter's behalf with regard to the latter's obligations under this Regulation.
Amendment 200 #
Proposal for a regulation
Recital 24
Recital 24
(24) Data cooperatives seek to strengthen the position of individuals in making informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it is important to acknowledge that the rights under Regulation (EU) 2016/679 can only be exercised by each individual and cannot be conferred or delegated to a data cooperative. Data cooperatives could also provide a useful means for one-person companies, micro, small and medium-sized enterprises that in terms of knowledge of data sharing, are often comparable to individuals. Upon request and informed consent of their associated members, cooperatives - which detain the data of their members for the realisation of their economic, social and cultural purposes - should be identifiable as "data cooperatives".
Amendment 205 #
Proposal for a regulation
Recital 25
Recital 25
(25) In order to increase trust in such data sharing services, in particular related to the use of data and the compliance with the conditions imposed by data holders, it is necessary to create a Union-level regulatory framework, which would set out highly harmonised requirements related to the trustworthy provision of such data sharing services. This will contribute to ensuring that data holders and data users have better control over the access to and use of their data, in accordance with Union law. Both in situations where data sharing occurs in a business-to-business context and where it occurs in a business-to- consumer context, data sharing providers should offer a novel, ‘European’ way of data governance, by providing a separation in the data economy between data provision, intermediation and use, which is at the core of increasing such trust among data holders, be they individuals or companies. Providers of data sharing services may also make available specific technical infrastructure for the interconnection of data holders and data users.
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 1 – point b
Article 1 – paragraph 1 – point b
(b) a notification and supervisory framework for the provision of data sharingintermediation services;
Amendment 214 #
Proposal for a regulation
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
(2 a) This Regulation does not create a legal basis for the processing of personal data and should be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC of the European Parliament and of the Council1a, including the powers of supervisory authorities. In the event of a conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails.
Amendment 216 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)
Article 2 – paragraph 1 – point 2 a (new)
Amendment 219 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 b (new)
Article 2 – paragraph 1 – point 2 b (new)
Amendment 221 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 c (new)
Article 2 – paragraph 1 – point 2 c (new)
(2 c) ‘personal data’ means any information relating to a data subject as defined in point (1) of Article 4 of Regulation(EU) 2016/679;
Amendment 225 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3 a (new)
Article 2 – paragraph 1 – point 3 a (new)
(3 a) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679;
Amendment 226 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3 b (new)
Article 2 – paragraph 1 – point 3 b (new)
(3 b) 'data subject' means an identified or identifiable natural person as referred to in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 231 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and is authorisedhas the right, including under Regulation EU (2016/679) in the case of personal data, to use that data for commercial or non- commercial purposes;
Amendment 235 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘'data shariexchange’ means the provision by a data holder of datar data intermediation service (or data intermediary) to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary;, under open data or commercial licences, for free or against remuneration; [to apply coherently throughout the text]
Amendment 238 #
Proposal for a regulation
Recital 37
Recital 37
(37) This Regulation is without prejudice to the establishment, organisation and functioning of entities that seek to engage in data altruism pursuant to national law. It builds on national law requirements to operate lawfully in a Member State as a not-for-profit organisation. Entities which meet the requirements in this Regulation should be able to use the title of ‘Data Altruism Organisations recognised in the Union’. The entity should use a EU dedicated logo or QR code linking to the European register of recognised data altruism organisations, both online and offline. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act.
Amendment 250 #
Proposal for a regulation
Recital 40
Recital 40
(40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics), the EU SME Envoy or a representative appointed by the network of SME envoys and representatives of relevant Agencies. The European Data Protection Board should be invited to appoint a representative to the European Data Innovation Board. Representatives of national, trans-national or Common European data spaces, businesses, researchers and civil society should be invited regularly to participate in the work of the Board. The Board should meet in different configurations, depending on the subjects to be discussed.
Amendment 273 #
Proposal for a regulation
Article 5 – paragraph 13
Article 5 – paragraph 13
(13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the intention to transfer ofthe data to that third country and the purpose for such transfer.
Amendment 285 #
Amendment 292 #
Proposal for a regulation
Article 10 – title
Article 10 – title
Notification of data sharing service providerintermediaries
Amendment 293 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
(1) Any provider of data sharing servicesintermediary who intends to provide the services referred to in Article 9 (1) shall submit a notification to the competent authority for data intermediaries, referred to in Article 12.
Amendment 294 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
(2) For the purposes of this Regulation, a provider of data sharing servicesdata intermediary with establishments in more than one Member State, shall be deemed to be under the jurisdiction of the Member State in which it has its main establishment.
Amendment 295 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
(3) A provider of data sharing servicesintermediary that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established.
Amendment 296 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)
Article 2 – paragraph 1 – point 2 a (new)
(2 a) ‘data sharing service provider’ means a provider of a commercial service, which, through the provision of technical, legal and other services establishes relationships between an undefined number of data subjects and data holders, on the one hand and data users on the other hand, for the exchange, pooling or trade of data;
Amendment 298 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)
Article 2 – paragraph 1 – point 2 a (new)
(2 a) ‘personal data’ means any information relating to a data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 299 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 b (new)
Article 2 – paragraph 1 – point 2 b (new)
(2 b) 'data subject' means an identified or identifiable natural person as referred to in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 299 #
Proposal for a regulation
Article 11 – title
Article 11 – title
Conditions for providing data sharingintermediation services
Amendment 300 #
Proposal for a regulation
Article 11 – paragraph 1 – introductory part
Article 11 – paragraph 1 – introductory part
The provision of data sharingintermediation services referred in Article 9 (1) shall be subject to the following conditions:
Amendment 301 #
Proposal for a regulation
Article 11 – paragraph 1 – point 1
Article 11 – paragraph 1 – point 1
(1) the provider may notdata intermediary shall use the data for which it provides services for oonly in the context of ther purposes than to put them at the disposal of data users and data sharingrovision of services referred to in Article 9(1); these data intermediation services shall be placed in a separate legal entity;
Amendment 303 #
Proposal for a regulation
Article 11 – paragraph 1 – point 2
Article 11 – paragraph 1 – point 2
(2) the metadata collected from the provision of the data sharingintermediation service may be used only for the development of that service and should be made available to the data holders upon request;
Amendment 304 #
Proposal for a regulation
Article 11 – paragraph 1 – point 3
Article 11 – paragraph 1 – point 3
(3) the providerdata intermediary shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data holders and data users, including as regards prices and terms and conditions of the provision of service;
Amendment 305 #
Proposal for a regulation
Article 11 – paragraph 1 – point 4
Article 11 – paragraph 1 – point 4
(4) the providerdata intermediary shall facilitate the exchange of the data in the format in which it receives it from the data holder and shall convert the data into specific formats only to enhance interoperability within and across sectors or if requested by the data user or where mandated by Union law or to ensure harmonisation with international or European data standards;
Amendment 306 #
Proposal for a regulation
Article 11 – paragraph 1 – point 4 a (new)
Article 11 – paragraph 1 – point 4 a (new)
(4 a) the data intermediary may offer additional specific services facilitating the exchange of the data and tools capable of analysis, aggregation, improving the quality or conversion of data to data holders or data users. Those tools shall be used only at the explicit request or approval of the data holder and third- party tools offered in that context shall not use data for purposes other than those requested or approved by the data holder
Amendment 307 #
Proposal for a regulation
Article 11 – paragraph 1 – point 5
Article 11 – paragraph 1 – point 5
(5) the providerdata intermediary shall have procedures in place to monitor and prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services;
Amendment 308 #
Proposal for a regulation
Article 11 – paragraph 1 – point 6
Article 11 – paragraph 1 – point 6
(6) the providerdata intermediary shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient and effective guarantees in place that allow data holders and data users to obtain access to their data and to retrieve their data in case of insolvency of the provider;
Amendment 310 #
Proposal for a regulation
Article 11 – paragraph 1 – point 7
Article 11 – paragraph 1 – point 7
(7) the providerdata intermediary shall put in place adequate technical, legal and organisational measures in order to prevent transfer or access to non-personal data that is unlawful under Union law;
Amendment 311 #
Proposal for a regulation
Article 11 – paragraph 1 – point 8
Article 11 – paragraph 1 – point 8
(8) the providerdata intermediary shall take measures to ensure a high level of security, including cybersecurity standards for the storage and transmission of non-personal data;
Amendment 312 #
Proposal for a regulation
Article 11 – paragraph 1 – point 9
Article 11 – paragraph 1 – point 9
(9) the providerdata intermediary shall have procedures in place to ensure compliance with the Union and national rules onlaw, including rules on data protection and competition;
Amendment 315 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘data shariexchange’ means the provisionand encompasses all the activities performed by athe data holder of, the data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary; user and the data sharing service provider, for the purpose of exchanging data, under open data or commercial licenses, for free or against remuneration.
Amendment 315 #
(10) the providerdata intermediary offering services to data subjects shall act in the data subjects’ best interest when facilitating the exercise of their rights, in particular by advising data subjects on potential data uses and standard terms and conditions attached to such uses;
Amendment 316 #
Proposal for a regulation
Article 11 – paragraph 1 – point 11
Article 11 – paragraph 1 – point 11
(11) where a providerdata intermediary provides tools for obtaining consent from data subjects or permissions to process data made available by legal persondata holders, it shall specify the jurisdiction or jurisdictions outside the Union in which the data use is intended to take place and provide data subjects with tools to withdraw consent and data holders with tools to withdraw permissions to process data at any point in time.
Amendment 329 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10 a (new)
Article 2 – paragraph 1 – point 10 a (new)
(10 a) 'data cooperative' means an organisation supporting its members, who are data subjects or one-person companies, micro, small and medium- sized enterprises, in making informed choices before consenting to data processing, or in negotiating terms and conditions for data processing and data sharing;
Amendment 331 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10 b (new)
Article 2 – paragraph 1 – point 10 b (new)
(10 b) 'purposes of general interest' means purposes established by national law and national competent authorities including and not limited to healthcare, official statistics, improving the provision of public services, supporting research;
Amendment 332 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
This Chapter shall not apply to not-for- profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.:
Amendment 333 #
Proposal for a regulation
Article 14 – paragraph 1 a (new)
Article 14 – paragraph 1 a (new)
(a) public sector bodies that offer data sharing facilities on a non-commercial basis;
Amendment 334 #
Proposal for a regulation
Article 14 a (new)
Article 14 a (new)
Article 14 a b) not-for-profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.
Amendment 344 #
Proposal for a regulation
Article 19 – paragraph 1 – introductory part
Article 19 – paragraph 1 – introductory part
(1) Any entity entered in the register of recognised data altruism organisations shall inform data holders in a clear and comprehensible manner and prior to any processing of their data:
Amendment 348 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) about the purposes of general interest for which it permits the processing of their data by a data user in an easy-to- understand manner;
Amendment 349 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) about any processing outside the Unionf their data performed by a data user outside the Union, including the location and the purposes for which it permits the processing of data.
Amendment 353 #
Proposal for a regulation
Article 19 – paragraph 2 a (new)
Article 19 – paragraph 2 a (new)
(2 a) The entity shall also ensure that consent from data subjects or permissions to process data made available by legal entities can be withdrawn easily, at any point in time and in a user-friendly manner by the data subject or legal entities.
Amendment 357 #
Proposal for a regulation
Article 19 – paragraph 2 b (new)
Article 19 – paragraph 2 b (new)
(2 b) The entity shall take measures to ensure high level of security, including cybersecurity standards, for the storage and processing of data that it has collected based on data altruism.
Amendment 360 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
(3) Where an entity entered in the public register of recognised data altruism organisations provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions outside of the Union in which the data use is intended to take place.
Amendment 361 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Amendment 366 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
(2) Conditions for re-use shall be non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrictbe in line with competition law.
Amendment 370 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
(3) Public sector bodies may impose an obligation to re-use only pre-viously processed data where such pre-processing, performed by the public sector itself, aims to anonymize or pseudonymise personal data or delete commercially confidential information, including trade secrets. or content protected by Intellectual Property Rights;
Amendment 377 #
Proposal for a regulation
Article 30 – paragraph 5
Article 30 – paragraph 5
(5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing providerintermediary and the entity providing data altruism shall inform the data holder about the existence of a request of an administrative authority in a third-country to access its data before complying to the request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
Amendment 379 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
By [fourtwo years after the datae of application of this Regulation], the Commission shall carry out an evaluation of this Regulation, andssessing, inter alia: (a) the conditions for re-use of data under Chapter II in view of their further harmonisation and the potential need for definition of highly sensitive data; (b) the level of compliance with the requirements set out in this Regulation, as well as the quality and security of services provided by data intermediaries under Chapter III; (c) the type of altruistic organisations registered under Chapter IV and overview of the objectives of general interests for which data are shared in view of establishing clear criteria in this respect; (d) the functioning of the Data Innovation Board; (e) the conditions for international access under Article 30. The Commission shall submit a report on its main findings to the European Parliament and to the Council as well as to the European Economic and Social Committee. Member States shall provide the Commission with the information necessary for the preparation of that report.
Amendment 386 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
(5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used, including high level cybersecurity standards. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties.
Amendment 400 #
Proposal for a regulation
Article 5 – paragraph 9 – point a a (new)
Article 5 – paragraph 9 – point a a (new)
(a a) ensure that a natural or legal person located in a third country seeking the right to re-use has a legal representative in one of the Member States;
Amendment 401 #
Proposal for a regulation
Article 5 – paragraph 9 – subparagraph 1
Article 5 – paragraph 9 – subparagraph 1
Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 29 (2) and will permit transfers to the concerned third country.
Amendment 410 #
Proposal for a regulation
Article 5 – paragraph 11
Article 5 – paragraph 11
(11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for the purposes of this Article, the Commission shall be empowered to adopt delegated acts in accordance with Article 28 supplementing this Regulation by laying down special conditions applicable for transfers to third-countries. The conditions for the transfer to third-countries shall be based on the nature of data categories identified in the Union act and on the grounds for deeming them highly sensitive, non-discriminatory and limited to what is necessary to achieve the public policy objectives identified in the Union law act, such as safety and public health, as well as risks of re-identification of anonymized data for data subjects, in accordance with the Union’s international obligations. They may include terms applicable for the transfer or technical arrangements in this regard, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or, in exceptional cases, restrictions as regards transfers to third- countriesshall be non-discriminatory, proportionate and limited to what is necessary to achieve the public policy objectives identified in the Union law act.
Amendment 417 #
Proposal for a regulation
Article 5 – paragraph 13
Article 5 – paragraph 13
(13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the transfer of data to that third country and the purpose of such transfer.
Amendment 422 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
(2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall not restrictbe in line with competition law.
Amendment 429 #
Proposal for a regulation
Article 6 – paragraph 4
Article 6 – paragraph 4
(4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and bythe re-use by micro and small and medium-sized enterprises in line with State aid rules.
Amendment 430 #
Proposal for a regulation
Article 6 – paragraph 4 a (new)
Article 6 – paragraph 4 a (new)
(4 a) Public sector bodies may set up a list of categories of re-users for which data is made available at reduced or no cost, which shall be published together with the criteria used to establish such list and which shall have the objective to foster a wider re-use of the categories of data referred to in Article 3(1) and accessibility by a wider range of re-users, in line with State aid rules and competition law;
Amendment 437 #
Proposal for a regulation
Article 7 – paragraph 2 – point b
Article 7 – paragraph 2 – point b
(b) providing technical support in the application of tested techniques ensuring data processing in a manner that preserves privacy of the information contained in the data for which re-use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data and the deletion of commercially confidential information, including trade secrets or content protected by Intellectual Property Rights;
Amendment 462 #
Proposal for a regulation
Article 9 – paragraph 1 – point c
Article 9 – paragraph 1 – point c
(c) services of data cooperatives, that is to say services supporting data subjects or one-person companies or micro, small and medium-sized enterprises, who are members of the cooperative or who confer the power to the cooperative to negotiate terms and conditions for data processing before they consent, in making informed choices before consenting to data processing, and allowing for mechanisms to exchange views on data processing purposes and conditions that would best represent the interests of data subjects or legal persons.
Amendment 486 #
Proposal for a regulation
Article 10 – paragraph 7
Article 10 – paragraph 7
(7) At the request of the provider, tThe competent authority shall, within one week, issue a standardised declaration, confirming that the provider has submitted the notification referred to in paragraph 4 and that the notification meets fully the requirements outlined in paragraph 6.
Amendment 487 #
Proposal for a regulation
Article 10 – paragraph 7 a (new)
Article 10 – paragraph 7 a (new)
(7 a) Upon reception of the standardised declaration, the provider of data sharing services may start the activity subject to the conditions laid down in this Chapter.
Amendment 503 #
Proposal for a regulation
Article 11 – paragraph 1 – point 2
Article 11 – paragraph 1 – point 2
(2) the metadata collected from the provision of the data sharing service may be used only for the development of that service and should be made available to the data holders upon request;
Amendment 512 #
Proposal for a regulation
Article 11 – paragraph 1 – point 5
Article 11 – paragraph 1 – point 5
(5) the provider shall have procedures in place to prevent and monitor potential fraudulent or abusive practices in relation to access to data from parties seeking access through their services;
Amendment 514 #
Proposal for a regulation
Article 11 – paragraph 1 – point 6
Article 11 – paragraph 1 – point 6
(6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to and to retrieve their data in case of insolvency of the provider;
Amendment 521 #
Proposal for a regulation
Article 11 – paragraph 1 – point 8
Article 11 – paragraph 1 – point 8
(8) the provider shall take measures to ensure a high level of security, including cybersecurity standards, for the storage and transmission of non-personal data;
Amendment 536 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
(3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall build up a strong cooperation and exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 539 #
Proposal for a regulation
Article 13 – paragraph 3
Article 13 – paragraph 3
(3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10 or 11, it shall notify that provider of those findings and give it the opportunity to state its views, within a reasonable time limitthe shortest delay.
Amendment 550 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
This Chapter shall not apply to not-for- profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.:
Amendment 553 #
Proposal for a regulation
Article 14 – paragraph 1 – point a (new)
Article 14 – paragraph 1 – point a (new)
(a) public sector bodies that offer data sharing facilities on a non-commercial basis;
Amendment 554 #
Proposal for a regulation
Article 14 – paragraph 1 – point b (new)
Article 14 – paragraph 1 – point b (new)
(b) not-for-profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.
Amendment 564 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
(3) An entity registered in the register in accordance with Article 16 may refer to itself as a ‘data altruism organisation recognised in the Union’ in its written and spoken communication. The entity shall use a EU dedicated logo or QR code linking to the European register of recognised data altruism organisations, both online and offline. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act in accordance with the procedure referred to in Article 29.
Amendment 565 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
(3) An entity registered in the register in accordance with Article 16 may refer to itself as a ‘data altruism organisation recognised in the Union’ in its written and spoken communication. The entity shall use a EU dedicated logo and link to the European register of recognised data altruism organisations. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act in accordance with the procedure referred to in Article 29.
Amendment 594 #
Proposal for a regulation
Article 17 – paragraph 6
Article 17 – paragraph 6
(6) The information referred to in paragraph 4, points (a), (b), (f), (g), and (h) shall be published in the national public register of recognised data altruism organisations.
Amendment 597 #
Proposal for a regulation
Article 17 – paragraph 7
Article 17 – paragraph 7
(7) Any entity entered in the public register of recognised data altruism organisations shall submit any changes of the information provided pursuant to paragraph 4 to the competent authority within 14 calendar days from the day on which the change takes place.
Amendment 612 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) about the purposes of general interest for which it permits the processing of their data by a data user in an easy-to- understand manner;
Amendment 615 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) about any processingthe purposes of general interest for which it permits any processing of their data by a data user outside the Union.
Amendment 670 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
(1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission, relevant data spacethe EU SME Envoy or a representative appointed by the network of SME envoys and other representatives of relevant Agencies or competent authorities in specific sectors.
Amendment 677 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
(2) Stakeholders and relevant third parties may, including representatives of national, trans-national or Common European data spaces, businesses, researchers, civil society shall be invited regularly to attend meetings of the Board and to participate in its work.
Amendment 684 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
(3) The Commission shall chair the meetings of the Board which may be conducted in different configurations, depending on the subjects to be discussed.
Amendment 692 #
Proposal for a regulation
Article 27 – paragraph 1 – point b
Article 27 – paragraph 1 – point b
(b) to advise and assist the Commission in developing a consistent practice of the competent authorities in the application of requirements applicable to data sharing providers and data altruism organisations;
Amendment 699 #
Proposal for a regulation
Article 27 – paragraph 1 – point d
Article 27 – paragraph 1 – point d
(d) to assist the Commission in addressing fragmentation of the data economy in the single market by enhancing the interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards, inter alia with the aim of encouraging the creation of Common European data spaces;
Amendment 703 #
Proposal for a regulation
Article 27 – paragraph 1 – point d a (new)
Article 27 – paragraph 1 – point d a (new)
(d a) To advise the Member States and the Commission on the possibility to set harmonised conditions allowing for re- use of data referred to in Article 3 (1) held by public sector bodies across the single market;
Amendment 713 #
Proposal for a regulation
Article 27 – paragraph 1 – point e a (new)
Article 27 – paragraph 1 – point e a (new)
(e a) to advise the Commission in the decision of adopting implementing acts referred to in article 5 (9);
Amendment 714 #
Proposal for a regulation
Article 27 – paragraph 1 – point e b (new)
Article 27 – paragraph 1 – point e b (new)
(e b) to assist the Commission in the discussions conducted at bilateral, plurilateral or multilateral level with third countries aimed at improving the regulatory environment for non-personal data, including standardisation, at global level;
Amendment 720 #
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
(1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of recognised data altruism organisations, as the case may be, shall take all reasonable technical, legal and organisational measures in order to prevent transfer or access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the law of the relevant Member State, unless the transfer or access are in line withwithout prejudice to paragraph 2 or 3.
Amendment 723 #
Proposal for a regulation
Article 30 – paragraph 3 – introductory part
Article 30 – paragraph 3 – introductory part
(3) WIn the absence of such an international agreement, where a public sector body, a natural or legal person to which the right to re-use data was granted under Chapter 2, a data sharing provider or entity entered in the register of recognised data altruism organisations is the addressee of a decision of a court or of an administrative authority of a third country to transfer from or give access to non- personal data held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only:
Amendment 725 #
The addressee of the decision shallmay ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine if these conditions are met. The relevant competent bodies shall exchange information on international access requests in the framework of the European Data Innovation Board.
Amendment 729 #
Proposal for a regulation
Article 30 – paragraph 5
Article 30 – paragraph 5
(5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider and the entity providing data altruism shall inform the data subject or the data holder about the existence of a request of an administrative authority in a third-country to access its data before complying to the request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
Amendment 737 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
By [fourtwo years after the data of application of this Regulation], the Commission shall carry out an evaluation of this Regulation, and submit a report on its main findings to the European Parliament and to the Council as well as to the European Economic and Social Committee. Member States shall provide the Commission with the information necessary for the preparation of that report.