20 Amendments of Robert HAJŠEL related to 2022/0047(COD)
Amendment 166 #
Proposal for a regulation
Recital 20
Recital 20
(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all personeach user can have access to data they it generates can have access to data they generated only to such data. In case several manufacturers or related services providers have sold, rent out or leased products or services integrated together to the same user, the user should turn to each of the manufacturers or related service providers with who it has a contractual agreement. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism and joint consent that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.
Amendment 343 #
Proposal for a regulation
Recital 80 a (new)
Recital 80 a (new)
(80 a) The number of devices connected to the Internet, both in enterprise networks and consumer households, including machines, sensors, and cameras that make up the Internet of Things (IoT), continues to grow at a steady pace. Since it is expected that by the end of the decade a number of connected devices across the Union will be extremely high, providing for digital identity of IoT devices and their secure authentication is becoming an urgent priority. International Data Corporation estimates that the number of connected IoT devices is expected to reach 41.6 billion by 2025. While an increasing number of devices is connected to the internet, security and resilience are not sufficiently built in by design, leading to insufficient cybersecurity. Ensuring secure digital identities for IoT devices needs to be a continuous, automated process but this needs to start at the point of manufacture and continue throughout the device lifecycle. Connected devices create a data-rich network which means improved functionality and potential revenue growth for organisations, but they also come with significant business and compliance risks. These begin to outweigh the strategic benefits unless businesses and governments prioritise securing digital identities. By extending the concept of digital identity and attestation of attributes to IoT devices, the European Digital Identity Framework can help mitigate cybersecurity risks and add value to the data exchanged by adding a new trust layer to network and information systems, communications networks, digital products, services and devices used by citizens, organisations and businesses.
Amendment 402 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1 a) ‘metadata’ means a structured description of the contents of the data facilitating the discovery and use of this data such as configuration parameters, security settings, logs, and other information regarding the use of the product or related service by the final user. It should be as used by the data holder for its own purpose, without any obligation to register or store metadata additionally.
Amendment 495 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user. This should be done without endangering their functionality nor going against data security requirements from Regulation 2016/679, product regulations or technical standardisation
Amendment 954 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider. In particularorder to provide for effective services switching, providers of data processing service shall remove commercial, technical, contractual and organisational obstacles, which inhibitdiscourage customers from:
Amendment 990 #
Proposal for a regulation
Article 26 – title
Article 26 – title
Technical aspects of switching and interoperability
Amendment 994 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfaces publicly available and free of charge for the purposes of portability and interoperability.
Amendment 997 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format. The exporting data processing service shall ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, can enjoy functional equivalence in the use of the new service.
Amendment 1000 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
Article 26 – paragraph 4 a (new)
4 a. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall make APIs available for the purpose of interoperability. These APIs shall ensure, where technically feasible, that third-party services can enjoy the same functional equivalence as first-party services.
Amendment 1019 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Operators ofwithin data spaces shall comply with, the following essential requirements, applicable to the services offered by the operator, to facilitate interoperability of data, data sharing mechanisms and services:
Amendment 1021 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Amendment 1030 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d
Article 28 – paragraph 1 – subparagraph 1 – point d
(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.
Amendment 1036 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. OData holders and operators ofwithin data spaces that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.
Amendment 1046 #
Proposal for a regulation
Article 29 – title
Article 29 – title
Interoperability and portability for data processing services
Amendment 1048 #
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
Article 29 – paragraph 1 – introductory part
1. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall:
Amendment 1050 #
Proposal for a regulation
Article 29 – paragraph 1 – point a
Article 29 – paragraph 1 – point a
(a) be performance oriented towards achieving interoperability and portability between different data processing services that cover the same service type;
Amendment 1051 #
Proposal for a regulation
Article 29 – paragraph 1 – point b
Article 29 – paragraph 1 – point b
(b) enhance interoperability and portability of digital assets between different data processing services that cover the same service type;
Amendment 1057 #
Proposal for a regulation
Article 29 – paragraph 2 – introductory part
Article 29 – paragraph 2 – introductory part
2. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall address:
Amendment 1065 #
Proposal for a regulation
Article 29 – paragraph 5
Article 29 – paragraph 5
5. For the purposes of Article 26(3) of this Regulation, the Commission shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability and portability of data processing services in central Union standards repository for the interoperability and portability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.
Amendment 1093 #
Proposal for a regulation
Article 30 a (new)
Article 30 a (new)
Article 30 a Digital Identity of Internet of Things devices 1. Internet of Thing (IoT) data generating devices, such as machines, sensors, websites or cloud servers, can have a digital identity and electronic attestation of attributes within the meaning of the Regulation (EU) 910/2014 (European Digital Identity Framework). Digital identity of IoT devices shall allow for identification of a device, and for establishment of a relationship between a device and its owner. 2. The European Digital Identity Wallet (EDIW) within the meaning of Article 6a of the Regulation (EU) 910/2014 (European Digital Identity Framework) shall allow for issuing of electronic attestation of attributes of IoT devices that can be associated with the user of the EDIW at his/her request. 3. The Commission shall be empowered by delegated acts to adopt minimum data sets for the digital identity of certain categories of IoT devices and for their electronic attestation of attributes.