95 Amendments of Pilar DEL CASTILLO VERA related to 2022/0047(COD)
Amendment 112 #
Proposal for a regulation
Recital 6
Recital 6
(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product and the user of that product. It gives rise to questions of fairness in the digital economy, because the data recorded by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use. However, it is also important that data sharing based on voluntary agreements continues to develop in order to facilitate the development of data-driven value growth of European companies.
Amendment 124 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as tThe data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. In scope are data in raw form (also known as source or primary data, which refers to data points that are automatically generated without any form of processing) as well as prepared data (data cleaned and transformed for the purpose of making it useable prior to further processing and analysis). The Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medicalm ‘prepared data’ should be interpreted broadly, without however reaching the stage of deriving or inferring insights. Prepared data may include data enriched with metadata, combined with other data (e.g. sorted and classified with other data points relating to it) or re-formatted into a commonly-used format. Such data are potentially valuable to the user and support innovation and thealth devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. By contrast, information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovis not generated by the use of the product, but is the outcome of a characterisation, and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. ssessment, recommendation, categorisation or similar systematic processes that assign values or insights to a user or product. Data that is constitutive of a trade secret should only be made available to a data user or third party if all the necessary measures to protect the confidentiality of the trade secrets have been taken by the third party.
Amendment 138 #
Proposal for a regulation
Recital 15
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Likewise defence related products as defined in Article 3(1) of Directive 2009/43 should not be covered by this Regulation.
Amendment 146 #
Proposal for a regulation
Recital 36
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation. An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, this does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation does not prevent these companies from obtaining data through other lawful meansmeans that they cannot receive data from the users and from third parties, but it should not prevent these companies from obtaining data through other lawful means, notably, through contractual agreements with manufacturers allowing that data from products they manufacture can be used by a gatekeeper company service , including when desired by a user of such products. The limitation on granting access to gatekeepers would not exclude them from the market and prevent them from offering its services, as voluntary agreements between them and the data holders remain unaffected.
Amendment 154 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises and of research organisations using the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law, for the costs incurred and investment required for making the data available.
Amendment 156 #
Proposal for a regulation
Recital 18
Recital 18
(18) The user of a product should be understood as the legal or natural person, such as a business or consumer or public sector body, which has purchased, rented or leased the product on other than short- term basis. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. An owner, renter or lessee should equally be considered as user, including when several entities can be considered as users. In the context of multiple users, each user may contribute in a different manner to the data generation and can have an interest in several forms of use.
Amendment 159 #
Proposal for a regulation
Recital 44
Recital 44
(44) To protect micro, small or medium- sized enterprises from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the compensation for making data available to be paid by them should not exceed the direct cost of making the data available and be non-discriminatory. The same regime should apply to those research organisations that use the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law.
Amendment 173 #
Proposal for a regulation
Recital 69
Recital 69
(69) The ability for customers of data processing services, including cloud and edge services, to switch from one data processing service to another, while maintaining a minimum functionality of service, or to use the services of several providers simultaneously without undue data transfer costs, is a key condition for a more competitive market with lower entry barriers for new service providers, and for ensuring further resilience for the users of these services. Guarantees for effective switching should be especially reinforced for customers benefiting from large-scale free-tier offerings, so that does not result in a lock-in situation for customers.
Amendment 176 #
Proposal for a regulation
Recital 69 a (new)
Recital 69 a (new)
(69a) Switching charges are charges imposed by data processing providers to their customers for the switching process. Typically, those charges are intended to pass on costs, which the originating provider may incur because of the switching process, to the customer that wishes to switch. Examples of common switching charges are costs related to the transit of data from one provider to the other or to an on-premise system (‘data egress costs’) or the costs incurred for specific support actions during the switching process, for example in terms of additional human resources provided by the originating data processing service provider. Unnecessarily high “data egress fees” restrict free flow of data, restrict competition and can be an obstacle to compliance with existing EU regulations such as GDPR and ECJ’s rulings. Egress fees are charged to the clients by the cloud service providers of origin when they are willing to take their data out from a cloud provider’s network to an external location, especially when switching from one provider to one or several providers of destination, to relocate their data from one location to another while using the same cloud service provider, or when using the services of several providers simultaneously. Therefore, the gradual withdrawal of the charges associated with switching data processing services shall specifically include withdrawing “egress fees” charged by the data processing service to a customer.
Amendment 179 #
Proposal for a regulation
Recital 23
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679. The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the product, but should however implement a reasonable data retention policy that allows for the effective application of the data access rights under this Regulation
Amendment 182 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The deployment models of cloud computing should include private, community, public and hybrid cloud. The aforementioned service and deployment models shall be the same as the defined in international standards. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processing service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset.
Amendment 185 #
Proposal for a regulation
Recital 72
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence, in a way that does not compromise innovation and competitiveness of European organizations in the global economy. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service typeSwitching is an operation consisting of four main successive steps: i) termination of contract; ii) data extraction, i.e downloading data from a originating provider’s ecosystem; iii) transformation, when the data is structured in a way that matches the schema of the target location; iv) load of the data in a new destination location. Obstacles of different natures may occur during the different steps of the switching process. Cloud service providers and clients have different levels of responsibilities, depending on the steps of the process referred to. Obstacles to switching are of different nature, depending on the step of the switching process it is referred to. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type. Services can only be expected to facilitate functional equivalence for the functionalities that both the originating and destination services offer. This Regulation does not instate an obligation of facilitating functional equivalence for data processing services of the PaaS and/or SaaS service delivery model. Meta-data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching.
Amendment 201 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. Their confidentiality should be preserved through contractual solutions, such as confidentiality agreements and licensing schemes. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product. Consequently, when providing access to data to users or third-parties, data holders should be able to use technical or organizational measures such as strict access protocols, non-disclosure agreements or any other similar measure meant to ensure the preservation of the secrecy of data considered as trade secrets.
Amendment 206 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest:, on facilitating switching between data processing services, on introducing safeguards against unlawful third party access to non-personal data, and on providing for the development of interoperability standards for data to be transferred and used.
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1 a. This Regulation covers personal and non-personal data, including the following types of data or in the following contexts: (a) Chapter II applies to data concerning the performance, use and environment of products and related services; (b) Chapter III applies to any private sector data subject to statutory data sharing obligations; (c) Chapter IV applies to any private sector data accessed and used on the basis of contractual agreements between businesses; (d) Chapter V applies to any private sector data with a focus on non-personal data; (e) Chapter VI applies to any data processed between data processing services; (f) Chapter VII applies to any non- personal data held in the Union by providers of data processing services.
Amendment 209 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third party to whom data is made available may be an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, the data holder nor the third party should not abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. TNeither the data holder nor the third party should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the data holder and third party or its assets or production methods or the use in any other way that could undermine the commercial position of the data holder or third party on the markets it is active on. Data intermediation services [as regulated by Regulation (EU) 2022/868] may support users or third parties in establishing a commercial relation for any lawful purpose on the basis of data of products in scope of this Regulation e.g. by acting on behalf of a user. They could play an instrumental role in aggregating access to data from a large number of individual users so that big data analyses or machine learning can be facilitated, as long as such users remain in full control on whether to contribute their data to such aggregation and the commercial terms under which their data will be used.
Amendment 221 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1a) 'commercially sensitive information’ means any information or data that is strategic for a business or related to a right of intellectual property or a non disclosure agreement;
Amendment 222 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
Article 2 – paragraph 1 – point 1 b (new)
Amendment 236 #
Proposal for a regulation
Recital 37
Recital 37
(37) GThis Regulation does not prevent micro and small enterprises to participate in the data sharing practices, however given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, wWhere a micro or small enterprise is sub- contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy, Member States should provide digital training and guidance to such enterprises.
Amendment 236 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person, including a data subject, that owns, rents or leases a product or receives arelated services;
Amendment 246 #
Proposal for a regulation
Recital 41
Recital 41
(41) Any agreement concluded in business-to-business relations for making the data available should not discriminate between comparable categories of data recipients, independently whether they are large companies or micro, small or medium-sized enterprises. In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 249 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises and of research organisations using the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law, for the costs incurred and investment required for making the data available.
Amendment 253 #
Proposal for a regulation
Recital 42 a (new)
Recital 42 a (new)
(42 a) Such reasonable compensation may include firstly the costs incurred and investment required for making the data available. These costs can be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Such technical costs could include also the costs for processing, necessary to make data available. Costs related to making the data available may also include the costs of organising answers to concrete data sharing requests. They may also vary depending on the arrangements taken for making the data available. Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, could reduce the costs in regular or repetitive transactions in a business relationship. Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available. Reasonable compensation may include secondly a margin. Such margin may vary depending on factors related to the data itself, such as volume, format or nature of the data, or on the supply of and demand for the data. It may consider the costs for collecting the data. The margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high. The margin may also depend on the follow-on use of the data by the data recipient. It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the own activities of the data holder. The fact that the data is co-generated by the user could also lower the amount of the compensation in comparison to other situations where the data are generated exclusively by the data holder.
Amendment 257 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12 a (new)
Article 2 – paragraph 1 – point 12 a (new)
(12a) ‘on-premise’ means a digital data processing infrastructure operated by the customer itself to serve its own needs;
Amendment 258 #
Proposal for a regulation
Recital 44
Recital 44
(44) To protect micro, small or medium- sized enterprises from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the compensation for making data available to be paid by them should not exceed the direct cost of making the data available and be non-discriminatory. The same regime should apply to those research organisations that use the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law.
Amendment 271 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20a) ‘Switching’ shall be understood as the process enabling, for any client of a cloud service provider, to terminate contractual obligations and to extract, transform and load their data to another provider(s), including configurations where data transfers occur when clients of cloud service providers are using several providers simultaneously;
Amendment 275 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 b (new)
Article 2 – paragraph 1 – point 20 b (new)
(20b) ‘egress fees’ refers to data transfer fees being charged to the clients of cloud service providers when they are willing to extract their data from a cloud provider’s network to an external location;
Amendment 277 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 c (new)
Article 2 – paragraph 1 – point 20 c (new)
Amendment 281 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Exceptional needs are circumstances which are unforeseeable and limited in time. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 294 #
Proposal for a regulation
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
(a) the nature antype of data and estimated volume of the data likely to be generated by the use of the product or related service;
Amendment 315 #
Proposal for a regulation
Recital 64
Recital 64
Amendment 316 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by itsthe use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-timethat are accessible to the data holder without undue delay easily, securely, in a structured, commonly used and machine-readable format free of charge and, where applicable, continuously and in real-time. Data shall be provided in the form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data. This shall be done on the basis of a simple request through electronic means where technically feasible.
Amendment 332 #
Proposal for a regulation
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The third party shall not deploy coercive means or abuse evident gaps in the technical infrastructure of the data holder designed to protect the data in order to obtain access to data.
Amendment 337 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within the common European data spaces, which are purpose- or sector-specific or cross- sectoral interoperable frameworks of common standards and practices to share or jointly process data for, interalia, development of new products and services, scientific research or civil society initiatives. This Regulation lays down certain essential requirements for interoperability. Operators within the data spaces, which are entities facilitating or engaging in data sharing within the common European data spaces, including data holders, should comply with these requirements. Compliance with these rules can occur by adhering to the requirements laid down, or by adapting to already existing standards via a presumption of conformity. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services. The European Data Innovation Board should build on existing European and global initiatives for cross-sectoral interoperability of data. In particular, the European Data Innovation Board should study the potential of the digital identity of objects framework as established by the Regulation (EU)910/214 and systems for the identification of legal entities such as the GLEIF for that purpose.
Amendment 341 #
Proposal for a regulation
Recital 80
Recital 80
(80) To promote the interoperability of smart contracts in data sharing applications, it is necessary to lay down essential requirements for smart contracts for professionals who create smart contracts for others or integrate such smart contracts in applications that support the implementation of agreements for sharing data. Specific training programmes on smart contracts for businesses, in particular SMEs, In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity for smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council.
Amendment 371 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, or is a research organisation, and the data holder is not an SME, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 400 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Upon request, a data holder shall make datathat is a legal person shall make data, including relevant metadata, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.
Amendment 408 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be limited in time and scope and deemed to exist in any ofonly in the following circumstances:
Amendment 437 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personalto make available certain data or can enable access to the data and through control of the technical design of the product and related services, the ability, to make available certainr means of access, in the case of non-personal data;.
Amendment 443 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply also to that third party.
Amendment 444 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2 a (new)
Article 17 – paragraph 4 – subparagraph 2 a (new)
Any third party is forbidden to use the data it receives from a public sector body or a Union institution, agency or body, to develop a product or a service that competes with the product or service from which the accessed data originate or share the data with another third party for that purpose.
Amendment 447 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7 a (new)
Article 2 – paragraph 1 – point 7 a (new)
(7 a) ‘readily available data’ means data generated by the use of a product that the data holder obtains or can obtain without disproportionate effort, going beyond a simple operation;
Amendment 453 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negativeto which normal measures for the maintenance of public safety, health and order, are plainly inadequate. such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively and suddenly affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial and immediate degradation of economic assets in the Union or the relevant Member State(s) and which is determined and officially declared according to the respective procedures under Union or national law;
Amendment 468 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider or use multiple providers at the same . In particular, providers of data processing service shall remove pre-commercial, commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 482 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
Article 23 – paragraph 1 – point c
(c) porting its data, and metadata applications created by the customer and other digital assets to another provider of data processing services or to an on- premise system;
Amendment 489 #
2. Paragraph 1 shall only apply to obstaclesThe obligations in this Chapter shall only apply to the original provider to the extent they are within its sphere of control, in particular only to the extent that the obstacles referred to in paragraph 1 that are related to the services, contractual agreements pre-commercial or commercial practices provided by the original provider.
Amendment 493 #
Proposal for a regulation
Article 23 – paragraph 2 a (new)
Article 23 – paragraph 2 a (new)
2 a. The measures related to the contractual relationship between providers of a data processing service and customers pursuant to Article 23 paragraph 1 and 2 shall be equally ensured in the contractual relationship between providers of a data processing service and resellers of such a service and between resellers and their customers;
Amendment 494 #
Proposal for a regulation
Article 23 – paragraph 2 b (new)
Article 23 – paragraph 2 b (new)
2 b. Where applicable, and without prejudice to the obligations of the existing providers, all parties involved, including destination service providers, shall collaborate in good faith to make the switching process effective.
Amendment 498 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services or to an on-premise system shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall include at least the following:
Amendment 499 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, with the exception of data used by the provider to operate, maintain and improve the service or data and digital assets that would conflict with the cloud provider's or other customer's intellectual property rights in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
Amendment 509 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) reasonably assist and, where technically feasible, complete the switching processsupport the switching process, including assisting a third-party entity managing the switching process on behalf of the customer;
Amendment 513 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1 a (new)
Article 24 – paragraph 1 – point a – point 1 a (new)
(1 a) provide the customer and third parties authorized by the customer, at their request and free of charge, access to the resources necessary to support the switching process;
Amendment 521 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) ensure that a high level of security is maintained throughout the porting process, notably the security of the data during their transfer.
Amendment 525 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service, with the exception of data used by the provider to operate, maintain, or improve the service. Providers shall not be required to disclose their own or third parties’ intellectual property, trade secrets or commercially sensitive information;
Amendment 540 #
Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)
Article 24 – paragraph 1 – point c a (new)
(c a) a clause guaranteeing full deletion of all customer data immediately after the expiration of the retrieval period set out in paragraph 1(c);
Amendment 543 #
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. Where the mandatory transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible, due to limitations solely under the control of the provider, the provider of data processing services shall notify the customer within 7 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report and indicating an alternative transition period, which may not exceed 612 months taking into account the technical complexity to migrate. In accordance with paragraph 1 of this Article, full service continuity shall be ensured throughout the alternative transition period against reduced charges, referred to in Article 25(2).
Amendment 550 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3 2yrs] onwards, providers of data processing services shall not impose any charges on the customer for the switching process, with particular reference to egress fees.
Amendment 557 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. Standard subscription or service fees and charges for professional transition services work undertaken by the data processing service at the request of the customer to support the switching process, shall not be considered switching charges for the purposes of this Article.
Amendment 561 #
Proposal for a regulation
Article 25 – paragraph 2
Article 25 – paragraph 2
2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer for the switching process and shall remove any other technical, contractual and organizational obstacle inhibiting the switching process.
Amendment 574 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user canshall agree measurestechnical or organizational measures, such as strict access protocols, to preserve the confidentiality of the shared data, in particular in relation to third parties including liability over possible damages. Contractual instruments such as confidentiality agreements and licensing schemes could be used for this purpose.
Amendment 576 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure thanot implement technical restrictions that prevent the customer, after switching to a service covering the same service type offered by a different provider of data processing services, from enjoysing functional equivalence in the use of the new service. Functional equivalence should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type.
Amendment 581 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfaces publicly available and free of charge.can be required by the customer to make open interfaces designed to facilitate switching between services of the same service type available and free of charge for the customer and its destination provider;
Amendment 584 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards, identified in the central Union data processing service standards repository, for interoperability that are identified in accordance with Article 29(5) of this Regulation.
Amendment 588 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product, or any part of it, from which the data originate and shall not use such data to derive insights about the economic situation, assets and production methods that could undermine the security of the product in a manner which is detrimental to the legitimate interests of the data holder.
Amendment 591 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, with the exception of data used by the provider to operate, maintain, or improve the service,including the relevant data formats and data structures, in a structured, commonly used and machine- readable format.
Amendment 596 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
Article 26 – paragraph 4 a (new)
4 a. When ensuring functional equivalence, providers of data processing services are required to maintain the highest level of security features in their destination service.
Amendment 604 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delayhat are readily available to the data holder to a third party, without undue delay, easily, securely in machine- readable format, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. subject to compliance with applicable laws to the outsourcing of data driven services. Data shall be provided in the form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.
Amendment 617 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b
Article 28 – paragraph 1 – subparagraph 1 – point b
(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, shall be described in a publicly available and consistent manner;
Amendment 620 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) where applicable, the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format;
Amendment 624 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. The user or third party shall not be required to provide any information beyond what is necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. When giving access to trade secrets, the identity of the data recipient and the scope of data must be disclosed to the data holder for an evaluation of trade secret related risk.
Amendment 632 #
Proposal for a regulation
Article 29 – paragraph 1 – point a
Article 29 – paragraph 1 – point a
(a) be performance oriented towards achieving interoperability, in a secure manner, between different data processing services that cover the same service type;
Amendment 641 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party. The data holder shall therefore be entitled to implement technical or organizational measures, such as strict access protocols, to preserve the confidentiality of the shared data. The trade secret holder should have the possibility to refuse this sharing, when these guarantees are not ensured or respected ex-ante.
Amendment 654 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is necessary to provide the service requested by the user or the user agreed to it;
Amendment 669 #
Proposal for a regulation
Article 6 – paragraph 2 – point f a (new)
Article 6 – paragraph 2 – point f a (new)
(f a) use the data it receives to undermine the commercial and industrial position of the data holder on the primary market of the product;
Amendment 670 #
Proposal for a regulation
Article 6 – paragraph 2 – point f b (new)
Article 6 – paragraph 2 – point f b (new)
(f b) use the data it receives in a manner that adversely impacts the security of the product or related service(s)
Amendment 674 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. The third party shall bear the responsibility to ensure the security and protection of the data it receives from the data holder.
Amendment 677 #
Proposal for a regulation
Article 41 – paragraph 1 – point c a (new)
Article 41 – paragraph 1 – point c a (new)
(c a) the interplay between this Regulation, the sector-specific legislation and other relevant Union law, in order to assess any possible conflicting provision, overregulation or legislative gaps;
Amendment 705 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, or is a research organisation, and the data holder is not an SME, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 708 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, and the data holder is not, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 720 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1). The third party shall upon the request of the user or the data holder provide with information on how the data has been used when there is a reasonable doubt for unlawful use or onward sharing of the received data.
Amendment 727 #
Proposal for a regulation
Article 11 – paragraph 2 – introductory part
Article 11 – paragraph 2 – introductory part
2. AWhere a data recipient that has, for the purposes of obtaining data, provided inaccurate, incomplete or false information to the data holder, deployed deceptive or coercive means or abused evident gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation, shall without undue delay, unless the data holder or the user instruct otherwise, including the development of a competing product within the meaning of Article 6(2)(e) or has disclosed those data to another party without the data holder’s authorisation, the data recipient shall be liable for the damages to the party suffering from the misuse or disclosure of such data and shall comply without undue delay with the requests of the data holder to:
Amendment 733 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
1 a. The obligations set out in this Regulation do not preclude a reciprocity of data sharing between a data recipient, user and data holder agreed in contracts.
Amendment 752 #
Proposal for a regulation
Article 13 – paragraph 8 a (new)
Article 13 – paragraph 8 a (new)
8 a. Given the rapidity in which innovations occur on the markets, the list of unfair contractual terms within article 13 shall be reviewed regularly by the European Commission and be adapted to new business practices if necessary
Amendment 825 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) ensure that making the data available would not put the data holder in a situation to violate a national under Union law or national law. Or, assume liability for violations or damages resulting from the access it has requested while making the data available was prohibited under Union law or national law;
Amendment 832 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(e b) commits that confidentiality of trade secrets disclosure will be ensured.
Amendment 841 #
Proposal for a regulation
Article 17 – paragraph 2 – point c
Article 17 – paragraph 2 – point c
(c) respect the legitimate aims of the data holder, taking into account the protection of trade secrets and the, privacy, commercial sensitive information, intellectual property and the duration, cost and effort required to make the data available;
Amendment 847 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 876 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 15 working days following the receipt of a request for the data necessary to respond to a public emergency and within 145 working days in other cases of exceptional need, on either of the following grounds:
Amendment 878 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
Article 18 – paragraph 2 – point a
(a) the data is unavailable; or the data holder does not have control over the data
Amendment 879 #
Proposal for a regulation
Article 18 – paragraph 2 – point a a (new)
Article 18 – paragraph 2 – point a a (new)
(a a) provided security measures concerning transfer, storing and maintaining data confidentiality are insufficient.
Amendment 894 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) not use the data in a manner incompatible with the purpose for which they were requested, nor use the date to develop products or related services that compete against the data holder;
Amendment 896 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
Amendment 901 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) have in place the appropriate and proportionate technical and organisational measures to manage cyber risk to that data;
Amendment 909 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of data constitutive of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, provided that all specific necessary measures required by the trade secret holder are taken to preserve the confidentiality of trade secrets, in particular with respect to the third parties. The trade secret holder, the data holder and the public sector body, or the Union institution, agency or body shall take appropriatecan contractually agree on measures to preserve the confidentiality of those trade secretse shared data, in particular in relation to third parties. The trade secret holder should have the possibility to refuse this sharing, when these guarantees are not ensured or respected ex-ante.
Amendment 1039 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article. To address the fragmentation of the internal market and the data economy in the internal market, as requested by the regulation (EU) 2022/868, the European Data Innovation Board should also assist the Commission enhancing cross-border, cross- sector interoperability of data as well as data sharing services between different sectors and domains.