Activities of Ibán GARCÍA DEL BLANCO related to 2020/0340(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council European data governance (Data Governance Act)
Amendments (25)
Amendment 67 #
Proposal for a regulation
Recital 8
Recital 8
(8) The re-use regime provided for in this Regulation should apply to data the supply of which forms part of the public tasks of the public sector bodies concerned, as defined by law or by other binding rules in the Member States. In the absence of such rules the public tasks should be defined in accordance with common administrative practice in the Member States, provided that the scope of the public tasks is transparent and subject to review. The public tasks could be defined generally or on a case-by-case basis for individual public sector bodies. As public undertakings are not covered by the definition of public sector body, the data they hold should not be subject to this Regulation. Data held by cultural and educational establishments as well as for public media services, for which intellectual property rights are not incidental, but which are predominantly contained in works and other documents protected by such intellectual property rights, are not covered by this Regulation.
Amendment 74 #
Proposal for a regulation
Recital 11
Recital 11
(11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be ethical, transparent, sustainable, non- discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited tocomply with what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Similarly, depending on the case, public sector bodies should take adequate measures that aim at protecting content in such a way that no intellectual property rights are infringed. Where provision of anonymised or modified data would not respond to the needs of the re-user, on- premise or remote re-use of the data within a secure processing environment could be permitted. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could make the use of such secure processing environment conditional on the signature by the re-user of a confidentiality agreement that prohibits the disclosure of any information that jeopardises the rights and interests of third parties that the re-user may have acquired despite the safeguards put in place. The public sector bodies, where relevant, should facilitate the re-use of data on the basis of consent of data subjects or permissions of legal persons on the re-use of data pertaining to them through adequate technical means. In this respect, the public sector body should support potential re-users in seeking such consent by establishing technical mechanisms that permit transmitting requests for consent from re-users, where practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly.
Amendment 76 #
Proposal for a regulation
Recital 12
Recital 12
(12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with the Charter, as well as international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way that facilitates re- use.
Amendment 86 #
Proposal for a regulation
Recital 19
Recital 19
(19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be ethical, transparent, sustainable, proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Amendment 95 #
Proposal for a regulation
Recital 27
Recital 27
(27) In order to ensure the compliance of the providers of data sharing services with the conditions set out in this Regulation, such providers should have a place of establishment in the Union. Alternatively, where a provider of data sharing services not established in the Union offers services within the Union, it should designate a representative. Designation of a representative is necessary, given that such providers of data sharing services handle personal data as well as commercially confidential data, which necessitates the close monitoring of the compliance of such service providers with the conditions laid out in this Regulation and with other relevant national and Union law. In order to determine whether such a provider of data sharing services is offering services within the Union, it should be ascertained whether it is apparent that the provider of data sharing services is planning to offer services to persons in one or more Member States. The mere accessibility in the Union of the website or of an email address and of other contact details of the provider of data sharing services, or the use of a language generally used in the third country where the provider of data sharing services is established, should be considered insufficient to ascertain such an intention. However, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering services in that other language, or the mentioning of users who are in the Union, may make it apparent that the provider of data sharing services is planning to offer services within the Union. The representative should act on behalf of the provider of data sharing services and it should be possible for competent authorities to contact the representative. The representative should be designated by a written mandate of the provider of data sharing services to act on the latter's behalf with regard to the latter's obligations under this Regulation.
Amendment 102 #
Proposal for a regulation
Recital 33
Recital 33
(33) The competent authorities designated to monitor compliance of data sharing services with the requirements in this Regulation should be chosen on the basis of their capacity and expertise regarding horizontal or sectoral data sharing, and they should be independent as well as transparent and impartial in the exercise of their tasks and they should closely liaise with all relevant national authorities, in particular for data protection, competition, cybersecurity, artificial intelligence and any other sectoral authorities. which may have information necessary for the exercise of their task. Member States should notify the Commission of the identity of the designated competent authorities.
Amendment 104 #
Proposal for a regulation
Recital 35
Recital 35
(35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of general interest. Such purposes would include healthcare, combating climate change, improving mobility and education, reducing gender and cultural gaps, facilitating the establishment of official statistics or improving the provision of public services. Support to scientific research, including for example technological development and demonstration, fundamental research, applied research and privately funded research, insofar as it contributes to the common benefit of society, should be considered as well purposes of general interest. This Regulation aims at contributing to the emergence of pools of data made available on the basis of data altruism that have a sufficient size in order to enable data analytics and machine learning, including across borders in the Union.
Amendment 107 #
Proposal for a regulation
Recital 36
Recital 36
(36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. This should be understood without prejudice of the consent procedures established in Regulation (EU) 2016/679. Legal persons could give permission to the processing of their non-personal data for a range of purposes of general interest, although not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from ethical and transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and companies. Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the registered entity, oversight mechanisms such as ethics councils or boards to ensure that the data controller maintains high standards of scientific ethics, effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679 as well as means for data subjects to stay informed about the use of data they made available.
Amendment 113 #
Proposal for a regulation
Recital 46
Recital 46
(46) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter, including the right to privacy, the protection of personal data, the freedom to conduct a business, the right to property, including intellectual property rights and the integration of persons with disabilities,
Amendment 117 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)
Article 2 – paragraph 1 – point 2 a (new)
(2a) "purposes of general interest" means purposes whereby data is used for the common benefit of society within the scope of application of this Regulation and pertaining to all relevant sectors of public life.
Amendment 140 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
(2) Conditions for re-use shall be ethical, transparent, sustainable, non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition.
Amendment 150 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
(5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any resultthe different steps of the processing of data undertaken by the re- user until and including the results of such a processing and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties.
Amendment 164 #
Proposal for a regulation
Article 5 – paragraph 12
Article 5 – paragraph 12
(12) The natural or legal person to which the right to re-use non-personal data was granted may transfer the data only to those third-countries for which the requirements in paragraphs 98a to 11 are met.
Amendment 166 #
Proposal for a regulation
Article 5 – paragraph 13
Article 5 – paragraph 13
(13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the transfer of data to that third country and for what purposes of general interest.
Amendment 171 #
Proposal for a regulation
Article 6 – paragraph 4
Article 6 – paragraph 4
(4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes in the public interest and by small and medium-sized enterprises in line with State aid rules by allowing re- use at a lower cost or for free.
Amendment 176 #
Proposal for a regulation
Article 7 – paragraph 2 – point c
Article 7 – paragraph 2 – point c
(c) assisting the public sector bodies, where relevant, in obtaining consent or permission by re-users for re-use for altruistic and other purposes in line with specific decisions of data holders, including on the jurisdiction or jurisdictions in which the data processing is intended to take place and in the preparation of data literacy tools to provide information to data holders in a comprehensive and fully understandable manner allowing them to make informed choices;
Amendment 179 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
(4) AWithout prejudice to any other cumulative administrative and non- judicial remedy, any natural or legal person affected by a decision of a public sector body or of a competent body, as the case may be, shall have the right to an effective judicial remedy against such decision before the courts of the Member State where the relevant body is located.
Amendment 186 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
(2) This Chapter shall be without prejudice to the application of other Union and national law to providers of data sharing services, including powers of supervisory authorities to ensure compliance with applicable law, in particular as regard the protection of personal data, intellectual property rights and competition law.
Amendment 222 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
(3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall ensure adequate coordination measures to exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 223 #
Proposal for a regulation
Article 13 – paragraph 4 – point b a (new)
Article 13 – paragraph 4 – point b a (new)
(ba) the non compliance with condition of article 11 paragraph 2 may result in a decision by the national competent authority to require the cessation of the provision of the concerned data sharing service;
Amendment 228 #
Proposal for a regulation
Article 18 – paragraph 2 – point c
Article 18 – paragraph 2 – point c
(c) a list of all natural and legal persons that were allowed to use data it holds, including a summary description of the general interest purposes pursued by such data use and the description of the technical means used for it, including a description of the techniques used to preserve privacy and data protection in accordance with national and Union law;
Amendment 229 #
Proposal for a regulation
Article 18 – paragraph 2 – point e a (new)
Article 18 – paragraph 2 – point e a (new)
(ea) in case where a notification pursuant to paragraph 3 of article 21 has taken place, a description of the measures taken in order to address the finding of non-compliance with one or more of the requirements of this Chapter.
Amendment 232 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
(2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. The non- compliance with this requirement should result in a decision by the national competent authority to remove the entity from the register of recognised data altruism organisation.
Amendment 234 #
Proposal for a regulation
Article 21 – paragraph 5 a (new)
Article 21 – paragraph 5 a (new)
(5a) However, non- compliance with the requirement of article 19 paragraph 2 should result on a decision to remove the entity from the register of recognised data altruism organisations
Amendment 243 #
Proposal for a regulation
Article 27 – paragraph 1 – point e
Article 27 – paragraph 1 – point e
(e) to facilitate the cooperation between national competent authorities under this Regulation through capacity- building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for data sharing service providers and the registration and monitoring of recognised data altruism organisations. It should also ensure adequate cooperation between national competent authorities and any other relevant authorities at national and at Union level where necessary for the exercise of their task of monitoring the compliance with the requirements established in this Regulation.