2020/0340(COD) European data governance (Data Governance Act)
Lead committee dossier:
Progress: Procedure completed
| Role | Committee | Rapporteur | Shadows |
|---|---|---|---|
| Lead | ITRE |
NIEBLER Angelika ( EPP)
|
KUMPULA-NATRI Miapetra ( S&D),
DANTI Nicola ( Renew),
BOESELAGER Damian ( Verts/ALE),
LIZZI Elena ( ID),
MELBĀRDE Dace ( ECR),
MATIAS Marisa ( GUE/NGL)
|
| Committee Opinion | IMCO |
GOZI Sandro ( Renew)
|
Anne-Sophie PELLETIER ( GUE/NGL)
|
| Committee Opinion | LIBE |
LAGODINSKY Sergey ( Verts/ALE)
|
Dragoş TUDORACHE ( RE)
|
| Committee Opinion | JURI |
MELCHIOR Karen ( Renew)
|
Emmanuel MAUREL ( GUE/NGL),
Ibán GARCÍA DEL BLANCO ( S&D)
|
Lead committee dossier:
Legal Basis:
RoP 57, TFEU 114-p1
Legal Basis:
RoP 57, TFEU 114-p1Subjects
- 1.20.05 Public access to information and documents, administrative practice
- 1.20.09 Protection of privacy and data protection
- 2.40 Free movement of services, freedom to provide
- 2.80 Cooperation between administrations
- 3.30.06 Information and communication technologies, digital technologies
- 3.30.25 International information networks and society, internet
- 3.50.04 Innovation
Events
2022/06/03
Final act published in Official Journal
2022/06/01
EC - Commission response to text adopted in plenary
Documents
2022/05/30
CSL - Draft final act
Documents
2022/05/30
CSL - Final act signed
2022/05/16
EP/CSL - Act adopted by Council after Parliament's 1st reading
2022/04/06
EP - Results of vote in Parliament
Documents
2022/04/06
EP - Debate in Parliament
Documents
2022/04/06
EP - Decision by Parliament, 1st reading
Details
The European Parliament adopted by 501 votes to 12, with 40 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act).
The European Parliament's first reading position under the ordinary legislative procedure amends the proposal as follows.
Subject matter and scope
This Regulation lays down: (i) conditions for the re-use, within the Union, of certain categories of data held by public sector bodies; (ii) a notification and supervisory framework for the provision of data intermediation services; (iii) a framework for voluntary registration of entities which collect and process data made available for altruistic purposes; and (iv) a framework for the establishment of a European Data Innovation Board.
The Data Governance Act (DGA) aims to increase trust in data sharing , create new European rules on the neutrality of data markets and facilitate the re-use of certain data held by the public sector. It will establish common European data spaces in strategic areas such as health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills.
The Regulation does not create any obligation for public sector bodies to allow the re-use of data, nor does it release public sector bodies from confidentiality obligations under EU or national law.
Re-use of certain categories of public sector data
Public sector bodies will need to avoid creating exclusive rights for the re-use of certain data, and exclusive agreements should be limited to a period of 12 months for new contracts , and two and a half years (30 months) for existing contracts, to make more data available to SMEs and start-ups.
Conditions for the re-use of data
The public sector bodies competent to grant or refuse access for re-use of one or more of the categories of data should make public the conditions for allowing such re-use and the procedure for requesting re-use through the national Single Points of Information.
The conditions for re-use should be non-discriminatory, transparent, proportionate and objectively justified, without restricting competition, with an emphasis on promoting access to such data by SMEs and start-ups .
Public sector bodies will have to ensure that the protected nature of the data is preserved.
Unless national law provides specific safeguards on confidentiality obligations applicable to the re-use of data, the public sector body will have to make the re-use of the data provided conditional on the re-user complying with a confidentiality obligation prohibiting the disclosure of any information that compromises the rights and interests of third parties that the re-user may have acquired despite the safeguards in place.
Transfer of data to third countries
A re-user intending to transfer protected data to a third country will have to comply with the obligations laid down in the Regulation, even after the data have been transferred to the third country. The Commission may declare, by means of implementing acts, where this is justified by a large number of requests throughout the Union for the re-use of non-personal data in specific third countries, that a third country offers a substantially equivalent level of protection to that provided for under Union law.
Fees
Fees applicable under the Regulation should be transparent, proportionate, non-discriminatory and objectively justified. In addition, competent authorities will be able to apply reduced or zero fees for SMEs, start-ups, civil society organisations and educational establishments.
Single information point
Member States should ensure that all relevant information on conditions for re-use and charges is available and easily accessible through a single information point. The single information point may be linked to sectoral, regional or local information points. It could establish a separate, simplified and well-documented information channel for SMEs and start-ups, to meet their needs and capacities for requesting data re-use.
Data intermediation service providers
Members clarified the scope of the legislation, in particular regarding data intermediation services, to ensure that large technology companies are included in the framework.
In order to ensure that data intermediation service providers recognised in the EU are easily identifiable throughout the EU, the Commission will have to devise a common logo by means of implementing acts. EU-recognised data altruism organisations should display the common logo clearly on every online and offline publication that relates to their data altruism activities.
Where a data intermediation service provider not established in the Union does not appoint a legal representative or where that legal representative does not provide the necessary information proving compliance with the Regulation, the competent authority may postpone the commencement of the provision of the data intermediation service or suspend its provision.
Data altruism
Member States may develop national policies in the field of data altruism. These national policies may, in particular, assist data subjects in making personal data related to them held by public sector bodies available voluntarily for data altruism. Data intermediation services providers recognised in the Union should display the common logo clearly on every online and offline publication that relates to their data intermediation activities.
Legal remedies and sanctions
Any natural or legal person affected by a decision of a public sector body or a competent body, as the case may be, should have an effective right of judicial review of that decision before the courts of the Member State in which that body is situated. Member States will also have to provide for a system of penalties applicable to breaches of the provisions of the Regulation.
Documents
2021/12/15
CSL - Coreper letter confirming interinstitutional agreement
Documents
2021/12/15
EP - Text agreed during interinstitutional negotiations
Documents
2021/12/05
EP - Approval in committee of the text agreed at 1st reading interinstitutional negotiations
Documents
2021/09/15
EP - Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)
2021/09/13
EP - Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
2021/07/22
EP - Committee report tabled for plenary, 1st reading
Details
The Committee on Industry, Research and Energy adopted the report by Angelika NIEBLER (EPP, DE) on the proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act).
The proposed regulation aims to promote the availability of data for use, increasing trust in data intermediaries and strengthening data sharing mechanisms across the EU.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
Re-use of certain categories of public sector data
Members believe that public sector bodies should avoid entering into agreements creating exclusive rights for the re-use of certain data. They propose limiting exclusivity agreements to a period of 12 months .
Public sector bodies competent to grant or refuse access for re-use of one or more of the categories of data should be provided with the necessary human and financial resources and should make public the conditions for authorising such re-use and the procedure for applying for re-use through the national single information points.
Conditions for re-use
Conditions for re-use should be transparent and should not be designed to restrict the participation of SMEs, start-ups or civil society actors.
Public sector bodies should ensure that the protected nature of data is preserved . EU and Member State law on the protection of personal data should apply to any personal data processed under the Regulation.
Where public sector bodies make personal data available for re-use, they should assist data subjects to exercise their rights, including vis-à-vis potential re-users. Within their capabilities, public sector bodies should provide advice and support to re-users to help them comply with their obligations.
Transfer of data to third countries
The Commission should adopt delegated acts establishing that a third country offers a level of protection substantially equivalent to that provided by EU or national law. It should also: (i) issue guidelines on the obligations relating to the transfer of non-personal data to a third country by re-users; (ii) establish, by means of implementing acts, standard contractual clauses for the transfer by re-users of non-personal data to a third country.
Single information point
Single information points should provide an electronic and public register of single information points in all other Member States and be linked to the single digital gateway established by Regulation (EU) 2018/1724 of the European Parliament and the Council. A separate, simplified and well-documented information channel could be established for SMEs and start-ups.
The Commission should establish a European single information point providing a searchable electronic register of data available in national single information points and further information on how to access data through these single information points.
Requirements for data sharing services
Members clarified the scope of the legislation, in particular regarding data intermediation services , to ensure that large technology companies are included in the framework.
In order to ensure that recognised data intermediation service providers in the EU are easily identifiable throughout the EU, the Commission should establish, by means of implementing acts, a design for a common logo. Providers of data intermediation services recognised in the Union shall display the common logo clearly on every online and offline publication that relates to their data intermediation activities.
Altruistic data organisations
Members proposed that only an entity registered in the public national register of recognised data altruism under the Regulation should be allowed to use the name ‘data altruism organisation recognised in the Union’ in its written and spoken communications, together with a common logo.
EU-recognised altruistic data organisations should clearly display the common logo on every online and offline publication that relates to their altruistic data activities.
Where an entity that is not established in the Union fails to designate a legal representative or the legal representative fails to provide within a reasonable timeframe, the necessary information that comprehensively demonstrates compliance with this Regulation, the competent authority should have the power to impose the immediate cessation of the provision of the data altruism activity.
Both data intermediaries and data altruism organisations should be removed from the respective national and Union registers in case of non-compliance.
Fees
Fees applicable under the Regulation should be transparent, proportionate, non-discriminatory and objectively justified. Furthermore, competent authorities should be able to apply reduced or zero fees for micro, small and medium-sized enterprises, start-ups, civil society organisations and educational institutions.
Judicial remedy
Any natural or legal person affected by a decision of a public sector body or competent body, as the case may be, should have an effective judicial remedy against that decision before the courts of the Member State in which the body is located.
Members also considered that Member States should provide for a system of penalties applicable to breaches of the provisions of the Regulation.
Documents
2021/07/15
EP - Vote in committee, 1st reading
2021/07/15
EP - Committee decision to open interinstitutional negotiations with report adopted in committee
2021/07/13
EP - Committee opinion
Documents
2021/07/05
EP - Committee opinion
Documents
2021/06/24
EP - Committee opinion
Documents
2021/06/10
EP - Referral to associated committees announced in Parliament
2021/05/10
EP - MELCHIOR Karen (Renew) appointed as rapporteur in JURI
2021/04/27
EP - Amendments tabled in committee
Documents
2021/04/27
EP - Amendments tabled in committee
Documents
2021/04/27
EP - Amendments tabled in committee
Documents
2021/04/21
RO_SENATE - Contribution
Documents
2021/03/26
EP - Committee draft report
Documents
2021/03/23
CZ_SENATE - Contribution
Documents
2021/02/23
PT_PARLIAMENT - Contribution
Documents
2021/02/21
ES_PARLIAMENT - Contribution
Documents
2021/02/18
DE_BUNDESRAT - Contribution
Documents
2021/02/09
EP - GOZI Sandro (Renew) appointed as rapporteur in IMCO
2021/01/11
EP - LAGODINSKY Sergey (Verts/ALE) appointed as rapporteur in LIBE
2020/12/17
EP - NIEBLER Angelika (EPP) appointed as rapporteur in ITRE
2020/12/14
EP - Committee referral announced in Parliament, 1st reading
2020/11/25
EC - Document attached to the procedure
Documents
2020/11/25
EC - Document attached to the procedure
Documents
2020/11/25
EC - Document attached to the procedure
Documents
2020/11/25
EC - Legislative proposal published
Details
PURPOSE: to promote the availability of data for use, by proposing measures to stimulate data sharing and to support the European Data Spaces.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: this proposal for a Regulation on European Data Governance (Data Governance Act) is the first concrete action in the framework of the European Data Strategy .
In its Data Strategy, the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the EU in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union.
The Commission proposed to establish domain specific common European data spaces, as the concrete arrangements in which data sharing and data pooling can happen. Such common European data spaces can cover areas such as health, mobility, manufacturing, financial services, energy, or agriculture or thematic areas, such as the European green deal or European data spaces for public administration or skills.
In this context, it is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges.
A single market for data should ensure that data from the public sector, businesses and citizens can be accessed and used in the most effective and responsible manner possible, while businesses and citizens keep control of the data they generate and the investments made into their collection are safeguarded.
IMPACT ASSESSMENT: according to the impact assessment support study, while in the baseline scenario the data economy and the economic value of data sharing is expected to increase to an estimated EUR 510-533 billion (3.87% of GDP), this would rise to EUR 540.7-544.4 billion (3.92%-3.95% of GDP) depending on the preferred option.
CONTENT: the proposed Regulation aims to promote the availability of data for use, by increasing trust in data intermediaries and strengthening data sharing mechanisms across the EU.
Re-use of certain data held by the public sector
The proposal creates a mechanism to enhance the use of certain public sector data, conditional on the respect of the rights of others (notably on grounds of protection of personal data, but also protection of intellectual property rights and commercial confidentiality).
Public sector bodies authorising such re-use should be technically equipped to ensure that data protection, privacy and confidentiality are fully preserved.
The proposal:
- defines a set of harmonised basic conditions, the respect of which would allow the re-use of data (e.g. the non-exclusivity requirement);
- obliges Member States to set up (i) a single contact point to help researchers and innovative companies select identify suitable data, and (ii) structures that will support public sector bodies with technical means and legal assistance.
Creation of a notification regime for data sharing service providers
In order to increase trust in the sharing of personal and non-personal data and lower transaction costs to B2B and C2B data sharing by creating a notification regime for data sharing providers, providers of data-sharing services would have to comply with a number of requirements, including the obligation to remain neutral with regard to the data exchanged and not to use such data for other purposes.
A competent authority designated by the Member States would be responsible for monitoring compliance with the requirements relating to the provision of data sharing services.
Data Altruism
In order to facilitate altruistic data (data voluntarily made available by individuals or companies for the common good), the proposal gives data altruistic organisations the possibility to register as a ‘Data Altruism Organisation recognised in the EU’ in order to increase trust in their operations.
Governance
The proposal:
- sets out the requirements for the functioning of the competent authorities designated to monitor and implement the notification framework for data-sharing service providers and entities engaged in data altruism. It also contains provisions on the right to lodge complaints against the decisions of such bodies and on the means of judicial redress;
- creates a formal expert group (the ‘European Data Innovation Board’), which will facilitate the emergence of best practice by Member State authorities and advise the Commission on the governance of cross-sectoral standardisation.
Documents
Documents
- Final act published in Official Journal: Regulation 2022/868
- Final act published in Official Journal: OJ L 152 03.06.2022, p. 0001
- Commission response to text adopted in plenary: SP(2022)281
- Draft final act: 00085/2021/LEX
- Results of vote in Parliament: Results of vote in Parliament
- Debate in Parliament: Debate in Parliament
- Decision by Parliament, 1st reading: T9-0111/2022
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2021)006048
- Text agreed during interinstitutional negotiations: PE703.098
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations: PE703.098
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations: GEDA/A/(2021)006048
- Committee report tabled for plenary, 1st reading: A9-0248/2021
- Committee opinion: PE692.728
- Committee opinion: PE693.557
- Committee opinion: PE691.362
- Amendments tabled in committee: PE691.449
- Amendments tabled in committee: PE691.468
- Amendments tabled in committee: PE692.584
- Contribution: COM(2020)0767
- Committee draft report: PE691.139
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Document attached to the procedure: SEC(2020)0405
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2020)0295
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2020)0296
- Legislative proposal published: COM(2020)0767
- Legislative proposal published: EUR-Lex
- Document attached to the procedure: SEC(2020)0405
- Document attached to the procedure: EUR-Lex SWD(2020)0295
- Document attached to the procedure: EUR-Lex SWD(2020)0296
- Committee draft report: PE691.139
- Amendments tabled in committee: PE691.449
- Amendments tabled in committee: PE691.468
- Amendments tabled in committee: PE692.584
- Committee opinion: PE691.362
- Committee opinion: PE693.557
- Committee opinion: PE692.728
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2021)006048
- Text agreed during interinstitutional negotiations: PE703.098
- Draft final act: 00085/2021/LEX
- Commission response to text adopted in plenary: SP(2022)281
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
- Contribution: COM(2020)0767
Activities
- Cristian-Silviu BUŞOI
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Maria da Graça CARVALHO
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Deirdre CLUNE
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Nicola DANTI
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Eva KAILI
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Miapetra KUMPULA-NATRI
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Marisa MATIAS
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Joëlle MÉLIN
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Josianne CUTAJAR
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Sandra PEREIRA
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Mislav KOLAKUŠIĆ
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Dace MELBĀRDE
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Geert BOURGEOIS
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
- Elena LIZZI
Plenary Speeches (1)
- 2022/04/06 Data Governance Act (debate)
Votes
Acte sur la gouvernance des données - Data Governance Act - Daten-Governance-Gesetz - A9-0248/2021 - Angelika Niebler - Accord provisoire - Am 248 #
2022/04/06 Outcome: +: 501, 0: 40, -: 12
PPE
NI
The Left| Amendments | Dossier |
| 1288 |
2020/0340(COD)
2021/04/28
ITRE
631 amendments...
Amendment 109 #
Proposal for a regulation Recital 1 (1) The Treaty on the functioning of the European Union (‘TFEU’) provides for the establishment of an internal market and the institution of a system ensuring that competition in the internal market is not distorted. The establishment of common rules and practices in the Member States relating to the development of a framework for data governance should contribute to the achievement of those objectives. It should also guarantee security, geopolitical resilience, and strategic autonomy of the Union.
Amendment 110 #
Proposal for a regulation Recital 1 (1) The Treaty on the functioning of the European Union (‘TFEU’) provides for the establishment of an internal market and the institution of a system ensuring that competition in the internal market is not distorted. The establishment of common rules and practices in the Member States relating to the development of a framework for data governance embedded fundamental rights-based European values should contribute to the achievement of those objectives.
Amendment 111 #
Proposal for a regulation Recital 1 a (new) (1 a) Both Article 6(2) of the Treaty on European Union and Article 51 of the EU Charter of Fundamental Rights require the Union to respect fundamental rights, observe the principles and promote the application thereof.
Amendment 112 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life, and the COVID19 crisis is likely to result in permanent changes to life in Europe, in which digitalisation will have a major role. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits both for citizens and the economy, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other
Amendment 113 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . The data economy has to be built in a way to enable companies, especially micro, small and medium sized enterprises (SMEs) to thrive, ensuring data access neutrality, portability and interoperability. In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law, which can be pivotal for the rapid development of Artificial Intelligence technologies. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. In order to turn that vision into reality, it proposes to establish domain-
Amendment 114 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for fundamental rights, public security, public order and other legitimate public policy objectives of the European Union,
Amendment 115 #
Proposal for a regulation Recital 2 (2)
Amendment 116 #
Proposal for a regulation Recital 2 a (new) (2 a) The Union’s growth potential depends on the skills of its population and workforce. Bearing in mind that 42% of EU citizens lack basic digital skills, a key element to increase trust from citizens in intensifying data sharing will be to actively promote digital literacy, to reinforce education and training in that area and to ensure lifelong data literacy. This is necessary for a critical analysis to decide how to use and share data, for combating disinformation and building an active digital citizenship as well as to be protected from cybersecurity threats.
Amendment 117 #
Proposal for a regulation Recital 2 a (new) (2 a) The outbreak of COVID 19 pandemic has clearly exacerbated existing inequalities in respect of digital access and literacy, in particular in terms of gender, age and social backgrounds. Accordingly, data literacy should be part of the strategic actions to reduce social inequalities and to promote a socially balanced digital environment.
Amendment 118 #
Proposal for a regulation Recital 2 b (new) (2 b) The Union has to devote attention to the needs of building of data spaces and data economy, while particular attention should be given to software engineering and attracting talent to ICT sector in order to build European know- how focusing on next-generation and cutting-edge technologies.
Amendment 119 #
Proposal for a regulation Recital 2 c (new) (2 c) Action at Union level is necessary to address the fact that women are under- represented at all levels in the digital sector in Europe; from students (32% at Bachelor, Master or equivalent level) up to top academic positions (15%) and that the gender gap is largest in ICT specialist skills and employment, where only 18% are women1a. _________________ 1a https://ec.europa.eu/digital-single- market/en/news/digital-economy- scoreboard-shows-women-europe-are- less-likely-work-or-be-skilled-ictgender gap in digital
Amendment 120 #
Proposal for a regulation Recital 2 d (new) (2 d) Another crucial element to increase trust, part of the broad learning aspect, is establishing a public dialogue to raise awareness of the importance of data, facilitating correct data, protecting data rights holders and providing tools for critical assessment to benefit from data, while protecting the rights of data holders.
Amendment 121 #
Proposal for a regulation Recital 2 e (new) (2 e) Digital Europe Programme, among other EU and national programmes, should support the cooperation towards achieving a European ecosystem for trusted data sharing (via common European data spaces) and digital infrastructures, as well as to support the interoperability and standardisation. Fostering the common data spaces must be done in respect with consumer and data protection legislation. It is also important to strengthen the European Digital Innovation Hubs and their network to help companies, especially SMEs, to achieve an advantage of European data economy.
Amendment 122 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges and by improving trust among industrial stakeholders, namely digital service providers and business users. It is important to ensure data access neutrality and greater interoperability between different data intermediary, avoiding lock- in effects. Sector-
Amendment 123 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges and laying down requirements for data governance. The regulation should aim to build a borderless digital single market and human-centric, trustworthy and secure data society and economy. Sector-
Amendment 124 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the European internal market, by creating a harmonised framework for data exchanges and by giving specific attention to data intermediaries and data holder in order to create a fruitful cooperation among them. Sector-
Amendment 125 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges and developing relocation of data in the Union. Sector-
Amendment 126 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary to increase trust in data sharing by establishing proper mechanisms for control over data and in order to address other barriers to a well-
Amendment 127 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to create a Union-wide governance framework for data access and use, in particular regarding the re-use of certain types of data held by the public sector, the provision of services by data sharing providers to business users and to data subjects, as well as the collection and processing of data made available for altruistic purposes by natural and legal persons. It is necessary to establish favourable conditions for the constitutions of new independent companies (data providers) able to make data assets accessible to everyone in a neutral way.
Amendment 128 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to help address the barriers to a well-
Amendment 129 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to help address the barriers to a well-
Amendment 130 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy
Amendment 131 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to create a Union-wide governance framework for data access and use, in particular regarding the re-use of
Amendment 132 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning and competitive data-driven economy and to create a Union-wide governance framework for data access and use, in particular regarding the re-use of certain types of data held by the public sector, the provision of services by data sharing providers to business users and to data subjects, as well as the collection and processing of data made available for altruistic purposes by natural and legal persons.
Amendment 133 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive
Amendment 134 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector
Amendment 135 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily
Amendment 136 #
Proposal for a regulation Recital 5 a (new) (5 a) Particular attention must be given to micro and small and medium enterprises whose access to data is limited. Structures adopted by Member States must focus on overcoming barriers to access as well as use of data.
Amendment 137 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal data and commercially confidential business data for research, innovation and statistical purposes. In many cases this implies that the data use and re-use in this context can only be done in a secure processing environment set in place and supervised by the public sector. While increased safeguards and requirements apply to the use of personal data, the same level of protection should be given to personal data which has been anonymised or pseudonymised as it will always be vulnerable to re-identification. There is experience at Union level with such secure processing environments that are used for research on statistical microdata on the basis of Commission Regulation (EU) 557/2013 (39 ). In general, insofar as personal data are concerned, the processing of personal data should rely upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679. _________________ 39Commission Regulation (EU) 557/2013 of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European Parliament and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission Regulation (EC) No 831/2002 (OJ L 164, 18.6.2013, p. 16).
Amendment 138 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches
Amendment 139 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation,
Amendment 140 #
Proposal for a regulation Recital 6 (6) There are techniques yet to be fully trustable, enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal data and commercially confidential business data for research, innovation and statistical purposes. In many cases this implies that the data use and re-use in this context can only be done in a secure processing environment set in place within the internal market and supervised by the public sector. There is experience at Union level with such secure processing environments that are used for research on statistical microdata on the basis of Commission Regulation (EU) 557/2013 (39 ). In general, insofar as personal data are concerned, the processing of personal data should rely upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679.
Amendment 141 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal anonymous data and commercially confidential business data
Amendment 142 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches should ensure the safe re-use of personal data and commercially confidential business data for research
Amendment 143 #
Proposal for a regulation Recital 7 (7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Commercially confidential data includes data protected by trade secrets, highly- sensitive data, confidentiality obligations and agreements and any other unauthorised information that could harm commercial interest of the business. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets,
Amendment 144 #
Proposal for a regulation Recital 8 Amendment 145 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of
Amendment 146 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding
Amendment 147 #
Proposal for a regulation Recital 10 (10) Prohibited exclusive agreements and other practices or arrangements
Amendment 148 #
Proposal for a regulation Recital 10 (10) Prohibited exclusive agreements and other practices or arrangements between data holders and data re-users which do not expressly grant exclusive rights but which can reasonably be expected to restrict the availability of data for re-use that have been concluded or have been already in place before the entry into force of this Regulation should not be renewed after the expiration of their term. In the case of indefinite or longer-term agreements, they should be terminated within
Amendment 149 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition.
Amendment 150 #
Proposal for a regulation Recital 11 (11) C
Amendment 151 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of
Amendment 152 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-user, on- premise or remote re-use of the data within
Amendment 153 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re-
Amendment 154 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate
Amendment 155 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way that facilitates re-use and encourages a transparent and cooperative approach to data, including by using a Creative Commons approach to licensing to data that is not already open data.
Amendment 156 #
Proposal for a regulation Recital 13 (13) Data subject to intellectual property rights as well as trade secrets should only be transmitted to a third party where such transmission is lawful by virtue of Union or national law or with the agreement of the rightholder. Where public sector bodies or beneficiaries of data provided by the public sector bodies are holders of the right provided for in Article 7(1) of Directive 96/9/EC of the European Parliament and of the Council (41
Amendment 157 #
Proposal for a regulation Recital 13 a (new) (13 a) In case of sharing the data related to the employment with a third party, companies must transmit that data in full respect of the principles and provisions of GDPR, in particular in respect of Article 88 which provides the conditions for processing data in the context of employment. Additional safeguards should be put in place to avoid misuse of sensitive data. Workers should be able to exercise an unambiguous and informed consent in the processing of their data, for which a strong trade unions' involvement in the new governance of data and AI at company and sectoral level should be implemented. Workers or their representatives must, at the appropriate levels, be guaranteed quality information and consultation in good time on those processes, to guarantee a meaningful exchange with management.
Amendment 158 #
Proposal for a regulation Recital 14 (14) Companies and data subjects should be able to trust that the re-use of certain categories of protected data, which are held by the public sector, will take place in a manner that respects their rights and interests. Additional safeguards should thus be put in place for situations in which the re-use of such public sector data is taking place on the basis of a processing of the data outside the public sector.
Amendment 159 #
Proposal for a regulation Recital 14 (14) Companies and data subjects should be able to trust that the re-use of certain categories of protected data, which are held by the public sector, will take place in a manner that respects their rights and interests. Additional safeguards should thus be put in place for situations in which the re-use of such public sector data is taking place on the basis of a processing of
Amendment 160 #
Proposal for a regulation Recital 14 (14) Companies and data subjects should be able to trust that the re-use of certain categories of protected data, which are held by the public sector, will take place in a manner that respects their rights and interests. Additional safeguards should thus be put in place for situations in which the re-use of such public sector data is taking place on the basis of a processing of the data outside the public sector. Such an additional safeguard could be found in the requirement that public sector bodies should
Amendment 161 #
Proposal for a regulation Recital 15 (15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies
Amendment 162 #
Proposal for a regulation Recital 15 (15) Furthermore, i
Amendment 163 #
Proposal for a regulation Recital 16 Amendment 164 #
Proposal for a regulation Recital 16 (16) In cases where there is no implementing act adopted by the Commission in relation to a third country declaring that it provides a level of protection, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, which is essentially equivalent to that provided by Union or national law, the public sector body should
Amendment 165 #
Proposal for a regulation Recital 16 (16) In cases where there is no implementing act adopted by the Commission in relation to a third country declaring that it provides a level of protection, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, which is essentially equivalent to that provided by Union or national law, the public sector body should o
Amendment 166 #
Proposal for a regulation Recital 16 (16) In cases where there is no implementing act adopted by the Commission in relation to a third country declaring that it provides a level of protection, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, which is essentially equivalent to that provided by Union or national law, the public sector body should only after consent from the competent body transmit protected data to a re-user, if the re-user undertakes obligations to the competent body in the interest of the protection of the data. The re-user that intends to transfer the data to such third country should commit to comply with the obligations laid out in this Regulation even after the data has been transferred to the third country. To ensure the proper enforcement of such obligations, the re-
Amendment 167 #
Proposal for a regulation Recital 16 (16) In cases where there is no
Amendment 168 #
Proposal for a regulation Recital 17 Amendment 169 #
Proposal for a regulation Recital 17 (17) Some third countries adopt laws, regulations and other legal acts which aim at directly transferring or providing access to non-personal data in the Union under the control of natural and legal persons under the jurisdiction of the Member States. Judgments of courts or tribunals or decisions of administrative authorities in third countries requiring such transfer or access to non-personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State.
Amendment 170 #
Proposal for a regulation Recital 17 (17) Some third countries adopt laws, regulations and other legal acts which aim at directly transferring or providing access to non-personal data in the Union under the control of natural and legal persons under the jurisdiction of the Member States. Judgments of courts or tribunals or decisions of administrative authorities in third countries requiring such transfer or access to non-personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. In some cases, situations may arise where the obligation to transfer or provide access to non-personal data arising from a third country law conflicts with a competing obligation to protect such data under Union or national law, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law.
Amendment 171 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of
Amendment 172 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisations should take all reasonable measures to prevent access to the systems where non-personal data is stored,
Amendment 173 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisations should take all reasonable and legal measures to prevent access to the systems where non-personal data is stored, including encryption of data or corporate policies.
Amendment 174 #
Proposal for a regulation Recital 19 Amendment 175 #
Amendment 176 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive
Amendment 177 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data, including real world data, such as electronic health records, insurance claims data and data from patient registries. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. Regarding the processing of data for health research purposes, the provisions of GDPR under Article 9 on the processing of special categories of data should apply. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives
Amendment 178 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to
Amendment 179 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety,
Amendment 180 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive by a specific Union act, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as
Amendment 181 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in
Amendment 182 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use of data but should also be able to decide to make the data available at lower or no cost, for example for certain categories of re-uses such as non-commercial re-use for research, or re-use by small and medium- sized enterprises, so as to incentivise such re-use in order to stimulate research and innovation and support
Amendment 183 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use of data to cover the costs of providing for such data re-use, but should also be able to decide to make the data available at lower or no cost, for example for certain categories of re- uses such as non-commercial re-use, or re- use by small and medium-sized enterprises, so as to incentivise such re-use in order to stimulate research and innovation and support companies that are an important source of innovation and typically find it more difficult to collect relevant data themselves, in line with State aid rules. Such fees should be
Amendment 184 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use
Amendment 185 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use of data but should also be able to decide to make the data available at lower or no cost, for example for certain categories of re-uses such as non-commercial re-use, or re-use by small and medium-sized enterprises, including social economy enterprises, so as to incentivise such re-use in order to stimulate research and innovation and support companies that are an important source of innovation and typically find it more difficult to collect relevant data themselves, in line with State aid rules. Such fees should be reasonable, transparent, published online and non-
Amendment 186 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to set and charge fees for the re-use of data
Amendment 187 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point
Amendment 188 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation and developing a harmonised approach and processes for public sector bodies to make scientific data available for purposes of research. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including secure data processing environments, which allow data analysis in a manner that preserves the privacy of the information. Such support structure could support the data holders with management of the consent, including consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data processing should be performed under the responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors.
Amendment 189 #
Proposal for a regulation Recital 21 (21) In order to incentivise and promote the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including secure data processing environments, which allow data analysis in a manner that preserves the privacy of the information. Such support structure could support the data holders with management of the consent to re-use, including consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data processing should be performed under the responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors.
Amendment 190 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including secure data processing environments in the Union, which allow data analysis in a manner that preserves the privacy of the information. Such support structure could support the data holders with management of the consent, including consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data processing should be performed under the responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors.
Amendment 191 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries offering services that connect the different actors have the potential to
Amendment 192 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries should be controlled and authorised only by public bodies within the Member States. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharing services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data holders and data users, excluding data sharing services that are meant to be used by a closed group of data
Amendment 193 #
Proposal for a regulation Recital 22 (22)
Amendment 194 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy
Amendment 195 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharing services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data holders and data users, excluding data sharing services that are meant to be used by a closed group of data holders and users. Providers of cloud services should be
Amendment 196 #
Proposal for a regulation Recital 22 a (new) (22 a) Data intermediary services could also be set up by public entities such as cities and municipalities fully complying with the rules of this Regulation. Cities gather vast amounts of data of their citizens and the users of their services. Better utilising this data could bring benefits both to the cities and the users of their services through better interoperability of data and improved personal data management for individuals through implementing MyData principles. These services could facilitate the transfer of both public sector data and data provided by the individuals themselves or by third parties. These services should function by fully complying with existing legislation and especially with Regulation EU 2016/679 (GDPR).
Amendment 197 #
Proposal for a regulation Recital 23 (23) A specific category of data intermediaries includes providers of data sharing services that offer their services to data subjects in the sense of Regulation (EU) 2016/679. Such providers focus exclusively on personal data and seek to
Amendment 198 #
Proposal for a regulation Recital 23 (23) A specific category of data intermediaries includes providers of data sharing services that offer their services to
Amendment 199 #
Proposal for a regulation Recital 24 (24) Data cooperatives seek to strengthen the position of individuals in making informed choices before
Amendment 200 #
Proposal for a regulation Recital 24 (24) Data cooperatives seek to strengthen the position of individuals in making informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it
Amendment 201 #
Proposal for a regulation Recital 24 (24) Data cooperatives seek to strengthen the position of individuals in making explicit and informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group.
Amendment 202 #
Proposal for a regulation Recital 24 (24) Data cooperatives seek to strengthen the position of individuals in making informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it is important to acknowledge that the rights under Regulation (EU) 2016/679 can only be exercised by each individual and cannot be conferred or delegated to a data cooperative. Data cooperatives could also provide a useful means for one-person companies, micro, small and medium-sized enterprises, especially in the agrifood sector, that in terms of knowledge of data sharing, are often comparable to individuals.
Amendment 203 #
Proposal for a regulation Recital 24 (24) Data cooperatives seek to strengthen the position of individuals in making informed choices before consenting to data use, influencing the pricing terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it is important to acknowledge that the rights under Regulation (EU) 2016/679 can only be exercised by each individual and cannot be conferred or delegated to a data cooperative. Data cooperatives could also provide a useful means for one-person companies, micro, small and medium-sized enterprises that in terms of knowledge of data sharing, are often comparable to individuals.
Amendment 204 #
Proposal for a regulation Recital 25 (25) In order to increase trust in such data sharing services, in particular related to the use of data and the compliance with the conditions imposed by data holders, it is necessary to create a Union-level regulatory framework, which would set out highly harmonised requirements related to the trustworthy provision of such data sharing services. This will contribute to ensuring that data holders and data users have better control over the access to and use of their data, in accordance with Union law. Both in situations where data sharing occurs in a business-to-business context and where it occurs in a business-to-
Amendment 205 #
Proposal for a regulation Recital 25 (25) In order to increase trust in such data sharing services, in particular related to the use of data and the compliance with the conditions imposed by data holders, it is necessary to create a Union-level regulatory framework, which would set out highly harmonised requirements related to the trustworthy provision of such data sharing services. This will contribute to ensuring that data holders and data users have better control over the access to and use of their data, in accordance with Union law. Both in situations where data sharing occurs in a business-to-business context and where it occurs in a business-to- consumer context, data sharing providers should offer a novel, ‘European’ way of data governance, by providing a separation in the data economy between data provision, intermediation and use, which is at the core of increasing such trust among data holders, be they individuals or companies. Providers of data sharing services may also
Amendment 206 #
Proposal for a regulation Recital 25 (25) In order to increase trust in such data sharing services,
Amendment 207 #
Proposal for a regulation Recital 26 (26) A key element to bring trust and more control for data holder and data users in data sharing services is the neutrality of data sharing service providers as regards the data exchanged between data holders and data users. It is therefore necessary that data sharing service providers act only as intermediaries in the transactions, and do not use the data exchanged for any other purpose. This will also require structural separation between the data sharing service and any other services provided, so as to avoid issues of conflict of interest. This means that the data sharing service should be provided through a legal entity that is separate from the other activities of that data sharing provider. Where an actor provides other data-related services, in addition to data sharing services, the pricing and terms of services for the data sharing service should not be dependent on whether and to what degree a data holder or data user uses other data- related services from the same actor. Data sharing providers that intermediate the exchange of data between individuals as data holders and legal persons should, in addition, bear fiduciary duty towards the individuals, to ensure that they act in the best interest of the data holders.
Amendment 208 #
Proposal for a regulation Recital 26 (26)
Amendment 209 #
Proposal for a regulation Recital 26 a (new) (26 a) Data intermediaries should take reasonable measures to ensure interoperability with other data intermediation services to ensure the proper functioning of the market. Reasonable measures could include following the existing, commonly-used standards. The European Data Innovation Board should facilitate the emergence of additional industry standards, where necessary. Data sharing service providers should implement in due time the measures for interoperability between the data sharing services set out by the European Data Innovation Board.
Amendment 210 #
Proposal for a regulation Recital 26 a (new) (26 a) The gradual shift from physical centres of data storage to data architectures on the cloud and closer to the user reinforces the need for a strengthened cybersecurity framework to meet the evolving levels of trust by both data rights holders and data users in the context of data exchanges.
Amendment 211 #
Proposal for a regulation Recital 26 a (new) (26 a) To help promote proper functioning of the market, data intermediaries should take reasonable measures to ensure interoperability.
Amendment 212 #
Proposal for a regulation Recital 26 b (new) (26 b) COVID-19 crisis has clearly shown just how important digital technologies have become in our daily lives. Telemedicine, teleworking, videoconference and online educational platforms are all great examples of how the digital tools can have a transformative impact on our societies. The digital transformation of our societies and economies is creating new opportunities for innovation and efficiency, while also providing new opportunities in addressing societal challenges. However, as our dependency on digital technologies continues to grow and with it the volume of generated data, individuals, governments and businesses are facing an increased risk of data loss, theft, abuse and misuse. These challenges highlight the need to strengthen Union’s resilience and digital autonomy by investing further into digital skills, technological and industrial capacities necessary to respond to these challenges. A future-proof data governance framework needs to use state- of-the-art cybersecurity standards and utilize cybersecurity solutions that will ensure high levels of protection of personal and non-personal data.
Amendment 213 #
Proposal for a regulation Recital 26 b (new) (26 b) The successful uptake and widespread use of products and services fuelled by data depend on cybersecurity standards, which will inspire trust and allow for safer data sharing mechanisms and better protocols to guarantee data protection and the prevention, detection and handling of evolving cyberthreats.
Amendment 214 #
Proposal for a regulation Recital 26 c (new) (26 c) Technological advancement based on data processing and the interconnectedness of digital products and services call for legally binding cybersecurity and privacy standards to mitigate threats to privacy and the rights and freedoms of individual data rights holders in the context of a harmonised framework for data exchanges through trusted data intermediation.
Amendment 215 #
Proposal for a regulation Recital 26 d (new) Amendment 216 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data sharing services with the conditions set out in this Regulation, such providers should have a place of establishment in the Union.
Amendment 217 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data sharing services with the conditions set out in this Regulation, such providers should have a place of establishment in the Union. Alternatively, where a provider of data sharing services not established in the Union offers services within the Union, it should designate a representative. Designation of a representative is necessary, given that such providers of data sharing services handle personal data as well as commercially confidential data, which necessitates the close monitoring of
Amendment 218 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data sharing services with the conditions set out in this Regulation, such providers should have a place of establishment in the Union
Amendment 219 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data
Amendment 220 #
Proposal for a regulation Recital 28 (28) This Regulation should be without prejudice to the obligation of providers of data sharing services to comply with Regulation (EU) 2016/679 and the responsibility of supervisory authorities to ensure compliance with that Regulation. When providers of data intermediaries process personal data, this Regulation does not affect the protection of personal data. Where the data sharing service providers are data controllers or processors in the sense of Regulation (EU) 2016/679 they are bound by the rules of that Regulation. This Regulation should be also without prejudice to the application of competition law.
Amendment 221 #
Proposal for a regulation Recital 28 a (new) (28 a) As laid down in Article 11 of this Regulation, the data intermediaries shall have procedures and sanctions in place to prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services. These rules could be defined for example in a rulebook that lays out the code of conduct and rules for the data network in question. In practice, sanctions could mean e.g. excluding the data user that does not comply with the rules and procedures that have been agreed within the network or with existing legislation. The data intermediaries are subject to compliance monitoring as laid in the Article 13 of this Regulation. Therefore, it is necessary to set up tools for the data intermediaries surveillance the compliance within the users of their services.
Amendment 222 #
Proposal for a regulation Recital 29 (29) Providers of data sharing services should also take measures to ensure compliance with competition law. Data sharing may generate various types of efficiencies but may also lead to restrictions of competition, in particular where it includes the sharing of competitively sensitive information. This applies in particular in situations where data sharing enables businesses to become
Amendment 223 #
Proposal for a regulation Recital 29 (29) Providers of data sharing services should also take effective measures to ensure compliance with competition law. Data sharing may generate various types of efficiencies but may also lead to restrictions of competition, in particular where it includes the sharing of competitively sensitive information. This applies in particular in situations where data sharing enables businesses to become aware of market strategies of their actual or potential competitors. Competitively sensitive information typically includes information on future prices, production costs, quantities, turnovers, sales or capacities.
Amendment 224 #
Proposal for a regulation Recital 29 a (new) (29 a) In that regard, it is of particular importance to create a data economic environment that enables equal access to data to both SMEs and big companies. This Regulation should avoid monopolistic implementations and structures that could disadvantage micro companies and SMEs.
Amendment 225 #
Proposal for a regulation Recital 29 b (new) (29 b) Competitively sensitive information should also take into account the possibility of issuing fake data to destabilise the market, which could be due to third parties having an interest in these unfair competition practices. For this purpose, processes to verify the authenticity of the data must be activated.
Amendment 226 #
Proposal for a regulation Recital 31 (31) In order to support effective cross- border provision of services, the data
Amendment 227 #
Proposal for a regulation Recital 31 (31) In order to support effective cross- border provision of services, the data sharing provider should be requested to send a notification only to the designated competent authority from the Member State where its main establishment is located or where its legal representative is located. Such a notification should not entail more than a mere declaration of the intention to provide such services and should be completed only by the providing information set out in this Regulation. After the relevant notification the data sharing provider should be able to start operating in other Member States without further notification obligations.
Amendment 228 #
Proposal for a regulation Recital 31 (31) In order to support effective cross- border provision of services, the data sharing provider should be requested to send a notification only to the designated competent authority from the Member State where its main establishment is located
Amendment 229 #
Proposal for a regulation Recital 33 (33) The competent authorities under Regulation 2018/679 designated to monitor compliance of data sharing services with the requirements in this Regulation should be chosen on the basis of their capacity and expertise regarding horizontal or sectoral data sharing, and they should be independent as well as transparent and impartial in the exercise of their tasks. Member States should notify the Commission of the identity of the designated competent authorities.
Amendment 230 #
Proposal for a regulation Recital 35 Amendment 231 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available freely and voluntarily by data subjects
Amendment 232 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of general interest. Such purposes would include healthcare, combating climate change, improving mobility, facilitating the establishment of official statistics or improving the provision of public services.
Amendment 233 #
Proposal for a regulation Recital 35 a (new) (35 a) The creation of a secure European federated digital identity system is of crucial importance. The Data Governance Act should ensure coherence with the EU Digital identity through which users shall access online services, have control over their data, be able to swiftly manage the consent they provide and properly enforce their rights, such as portability and their right to be forgotten.
Amendment 234 #
(36) Legal entities that seek to support purposes of
Amendment 235 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union,
Amendment 236 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in
Amendment 237 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support
Amendment 238 #
Proposal for a regulation Recital 37 (37) This Regulation is without prejudice to the establishment, organisation and functioning of entities that seek to engage in data altruism pursuant to national law. It builds on national law requirements to operate lawfully in a Member State as a not-for-profit organisation. Entities which meet the requirements in this Regulation should be able to use the title of ‘Data Altruism Organisations recognised in the Union’. The entity should use a EU dedicated logo or QR code linking to the European register of recognised data altruism organisations, both online and offline. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act.
Amendment 239 #
Proposal for a regulation Recital 37 (37) This Regulation is without prejudice to the establishment, organisation and functioning of entities that seek to engage in
Amendment 240 #
Proposal for a regulation Recital 37 a (new) (37 a) This Regulation is without prejudice to the establishment, organisation and functioning of entities other than Public Sector bodies that engage in the sharing of data and content on the basis of open licenses, thereby contributing to the creation of commons resources available to all. This includes open collaborative knowledge sharing platforms like Wikipedia and Wikidata, open access scientific and academic repositories, open source software development platforms and Open Access content aggregation platforms like European. Organisations building such open Access commons knowledge repositories play an important role in the online infrastructure. Nothing in this Regulation should therefore be interpreted to limit the ability of non- profit organizations to make data and content available to the public under open licenses.
Amendment 241 #
Proposal for a regulation Recital 37 a (new) (37 a) This Regulation is without prejudice to the establishment, organisation and functioning of entities other than Public Sector bodies that engage in the sharing of data and content on the basis of open licenses, thereby contributing to the creation of commons resources available to all. This includes open collaborative knowledge sharing platforms, open access scientific and academic repositories, open source software development platforms and Open Access content aggregation platforms. Organisations building such open Access commons knowledge repositories play an important role in the online infrastructure. Nothing in this Regulation should therefore be interpreted to limit the ability of non-profit organisations to make data and content available to the public under open licenses.
Amendment 242 #
Proposal for a regulation Recital 38 (38) Data Altruism Organisations
Amendment 243 #
Proposal for a regulation Recital 38 (38) Data Altruism Organisations recognised in the Union should be able to collect relevant data directly from natural and legal persons established in the Union or to process data collected by others. Typically, data altruism would rely on consent of data subjects in the sense of Article 6(1)(a) and 9(2)(a) and in compliance with requirements for lawful consent in accordance with Article 7 of Regulation (EU) 2016/679. In accordance with
Amendment 244 #
Proposal for a regulation Recital 39 (39) To promote trust and bring additional legal certainty to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on an altruistic basis, a European data altruism consent form should be developed and used in the context of altruistic data sharing. Such a form should contribute to additional transparency for data subjects that their data will be accessed and used in accordance with their consent and also in full compliance with the data protection rules. It could also be used to streamline data altruism performed by companies and provide a mechanism allowing such companies to withdraw their permission to use the data. In order to take into account the specificities of individual sectors, including from a data protection perspective, there should be a possibility for sectoral adjustments of the European
Amendment 245 #
Proposal for a regulation Recital 39 (39) To bring additional legal certainty to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on
Amendment 246 #
Proposal for a regulation Recital 39 a (new) (39 a) As highlighted in Recitals, the European data strategy is building upon the emergence of interoperable data spaces that will enable the use and sharing of data, irrespective of its physical location of storage being in the Union or not, in compliance with applicable law. For these data spaces to be able to emerge in a coordinated manner respecting the common aim of data strategy, it is important to define common design principles. Common building blocks and soft infrastructure make cross-sectorial data sharing easier, while there should always be a room for domain specific solutions. The aim of the data space would be to make data findable, accessible, interoperable and reusable (FAIR). The dataspaces should follow at least the three following principles: 1) “data sovereignty”, 2) data level playing field, 3) decentralised soft infrastructure and public-private governance. Data sovereignty for natural person or organisation is the innovative and transformative concept underlying the data space. When the data level playing field exists, players compete on quality of services, and not on the amount of data they control. A data level playing field is a pivotal condition to create a fair data sharing economy. For the design, creation and maintenance of the data level playing field, a sound governance is needed in which all the all the stakeholders of a data space need to feel represented and engaged. The dataspaces should also include sufficient rules on cybersecurity according to union law.
Amendment 247 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established
Amendment 248 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics), as well as representatives of academia, research and standard setting organisations. The European Data Protection Board should be invited to appoint a representative to the European Data Innovation Board. The Board shall establish a Data Innovation Advisory Council (the “Advisory Council”). The Advisory Council shall be proportionally composed of a number between 15 to 30 representatives from industry including SMEs, research, civils society, standardisation organisations and other relevant stakeholders or third parties appointed by the Board. The Advisory Council shall nominate a representative to attend meetings of the Board and to participate in its work.
Amendment 249 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of
Amendment 250 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission
Amendment 251 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established
Amendment 252 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics) as well as representatives of academia, research and standard setting organisations, where relevant. The European Data Protection Board should be invited to appoint a representative to the European Data Innovation Board.
Amendment 253 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture,
Amendment 254 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board
Amendment 255 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, energy, industrial manufacturing, agriculture, transport and statistics). The European Data Protection Board should be invited to appoint a
Amendment 256 #
Proposal for a regulation Recital 40 a (new) (40 a) The Commission must ensure that small and medium-sized entities, as well as start-ups, are adequately represented in the Board, to ensure that these critical members of our economic community benefit directly from expert knowledge, whilst contributing towards the expansion of the European data economy and a more efficient dissemination of data.
Amendment 257 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of standards and specifications (such as the Core Vocabularies44 and the CEF Building Blocks45 ), without prejudice to standardisation work taking place in specific sectors or domains. Work on
Amendment 258 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of standards and specifications (such as the Core Vocabularies44 and the CEF Building Blocks45 ),
Amendment 259 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of standards and specifications (such as the
Amendment 260 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of standards and specifications (such as the Core Vocabularies44 and the CEF Building Blocks45 ), without prejudice to standardisation work taking place in specific sectors or domains. Work on technical standardisation may include the identification of priorities for the development of standards and establishing and maintaining a set of technical and legal standards for transmitting data between two processing environments that allows data spaces to be organised without making recourse to an intermediary. The Board should cooperate with sectoral bodies, networks or expert groups, or other cross- sectoral organisations dealing with re-use of data. Regarding data altruism, the Board should assist the Commission in the development of the data altruism consent form, in consultation with the European Data Protection Board.
Amendment 261 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of open standards and specifications (such as the Core Vocabularies44 and the CEF Building Blocks45 ), without prejudice to standardisation work taking place in specific sectors or domains. Work on technical standardisation may include the identification of priorities for the development of standards and establishing and maintaining a set of technical and legal standards for transmitting data between two processing environments that allows data spaces to be organised without making recourse to an intermediary. The Board should cooperate with sectoral bodies, networks or expert groups, or other cross- sectoral organisations dealing with re-use of data. Regarding data altruism, the
Amendment 262 #
Proposal for a regulation Recital 41 (41) The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross- sector data use by adhering to the European Interoperability Framework (EIF) principles and through the utilisation of European and international standards and specifications (
Amendment 263 #
Proposal for a regulation Recital 41 (41) The main task of the Board should be assisting to form the interoperability between emerging data spaces. The Board should support the Commission in coordinating national practices and policies on the topics covered by this Regulation, and in supporting cross-
Amendment 264 #
Proposal for a regulation Recital 41 a (new) (41 a) Data innovation board should address not only strategic level, but also the tactical and operational level across the different actors in data economy acting in the Union. This means, for example, the coordination of activities that need to follow the strategic directives regarding aspects such as data space interoperability/federation, interoperability of data intermediaries and data sovereignty. To meet the requirements of scale and the market demands, it is imperative that the industry is involved so that it is turned into a true public/private endeavour. To achieve this, the data innovation board shall establish a permanent subgroup called the Data Exchange Board (“the DEB”) in the form of an expert group. It will consist of actors that have a direct interest in the establishment, governance and adoption of a standardised approach to data sharing and exchange with the help of European data spaces. Those actors should be researchers, practitioners, representatives of consumer associations and public and private initiatives for data sharing and exchange. The DEB will be responsible for detailing, maintaining and adopting the agreements that will ultimately define the soft infrastructure. In practical terms, the DEB will execute at a tactical and operational level the goals set by the DIB at the strategic level. These actors should be researchers, practitioners, and public and private initiatives for data sharing and exchange. In a later phase, the DEP should focus on maintaining the soft infrastructure and keeping it up to date (change management).
Amendment 265 #
Proposal for a regulation Recital 41 a (new) (41 a) With reference to 'false data', the Board could evaluate the possibility of creating a "data passport" containing certified or certifiable data, in order to exclude any attempt to falsify the data.
Amendment 266 #
Proposal for a regulation Recital 42 Amendment 267 #
Proposal for a regulation Recital 43 Amendment 268 #
Proposal for a regulation Recital 43 Amendment 269 #
Proposal for a regulation Recital 43 (43) In order to take account of the
Amendment 270 #
Proposal for a regulation Recital 44 (44) This Regulation should not affect the application of the rules on competition, and in particular Articles 101 and 102 of the Treaty on the Functioning of the European Union.
Amendment 271 #
Proposal for a regulation Recital 44 a (new) (44 a) This Regulation shall be enacted in full coherence and consistency with other existing EU legislation, such as the General Data Protection Regulation, as well as ongoing proposals which contain provision on data processing, such as the Digital Service Act (DSA), the Digital Market Act (DMA) or the e-Privacy Regulation.
Amendment 272 #
Proposal for a regulation Recital 45 a (new) (45 a) The European Data Protection Supervisor and the European Data Protection Board have expressed serious concerns in their Joint opinion from 10th March 2021, underlying that the proposal “does not duly take into account the need to ensure and guarantee the level of protection of personal data provided under EU law” and “raises serious concerns from a fundamental rights viewpoint”. Following this opinion, the institutions committed to reinforce disposition in the Regulation to protect GDPR enforcement.
Amendment 273 #
Proposal for a regulation Recital 46 (46) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter, including the right to privacy, the protection of personal data, the freedom to conduct a business, the right to property and the integration of persons with disabilities
Amendment 274 #
Proposal for a regulation Recital 46 (46) This Regulation respects the fundamental rights and observes the principles recognised in particular by the
Amendment 275 #
Proposal for a regulation Recital 46 a (new) (46 a) In the event of any doubt over the interpretation of the provisions of this Regulation or any contradiction or conflict relating to personal data protection, the provisions of the General Data Protection Regulation shall take precedence.
Amendment 276 #
Proposal for a regulation Article 1 – paragraph 1 – point a a (new) (a a) rules regarding the right of natural persons and organisations to deal with data they generate in a data.
Amendment 277 #
Proposal for a regulation Article 1 – paragraph 1 – point a b (new) (a b) the governance structure for a soft infrastructure that will evolve over time, enabling data sovereign data sharing.
Amendment 278 #
Proposal for a regulation Article 1 – paragraph 1 – point c (c) a framework for
Amendment 279 #
Proposal for a regulation Article 1 – paragraph 1 – point c a (new) (c a) a framework for the establishment of a European Data Innovation Board.
Amendment 280 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply
Amendment 281 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply. Any additional requirements shall be non-discriminatory, proportionate and objectively justified.
Amendment 282 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, or where there is a concern regarding the strategic autonomy of the Union, those provisions of that sector-specific Union legal act shall also apply.
Amendment 283 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts or national laws regarding access to or re-
Amendment 284 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) This Regulation is without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council, to Directive 2002/58/EC of the European Parliament and of the Council and Directive (EU) 2016/680 of the European Parliament and of the Council1a. This Regulation should in particular not be read as creating a new legal basis for the processing of personal data for any of the regulated activities. Its implementation should not prevent cross- border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place. _________________ 1aDirective (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p. 89)
Amendment 285 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) Provisions regarding the protection, processing, use and free movement of personal data, are subject to Regulation (EU) 2016/679 and Directive 2002/58/EC. Where personal and non- personal data in a data set are inextricably linked, this Regulation shall not prejudice the application of Regulation (EU) 2016/679.[1] This Regulation does not create legal basis for the processing of personal data outside of the provisions already laid in Regulation(EU) 2016/679 and Directive 2002/58/EC.
Amendment 286 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) Union law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails. This Regulation does not create a legal basis for the processing of personal data.
Amendment 287 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) This Regulation should not affect the level of protection of individual with regard to the processing of personal data under the provisions of Union and national law and does not alter any obligations and rights set out in the data protection legislation.
Amendment 288 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) The re-use of employee data shall be prohibited. To this end, it must be ensured that public service data do not contain employee data, such as in the area of mobility. The full respect of Article 88 of GDPR must be upheld.
Amendment 289 #
Proposal for a regulation Article 1 a (new) Article 1 a This Regulation leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Union and national law. The Regulation does not alter any obligations and rights set out in the data protection legislation.
Amendment 290 #
Proposal for a regulation Article 2 – paragraph 1 – point 1 (1) ‘data’ means any digital and non- digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording;
Amendment 291 #
Proposal for a regulation Article 2 – paragraph 1 – point 1 a (new) (1 a) ’Data Sovereignty’ means the capability of an individual or an organisation to have control over their personal and business data. This entails that they should be able to know which party holds which data, under what conditions (purpose, duration, reward) and where data is kept. They should also be able to re-use the data at other places.
Amendment 292 #
Proposal for a regulation Article 2 – paragraph 1 – point 1 a (new) (1 a) 'highly sensitive data' means data protected by IP, trade secret, and non- personal data whose disclosure to third country authorities may pose threats to national and public security;
Amendment 293 #
Proposal for a regulation Article 2 – paragraph 1 – point 1 b (new) (1 b) ’Soft Infrastructure’ means the set of functional, legal, technical and operational agreements which will support decentralised data sharing. A soft infrastructure is invisible, made up of technology neutral agreements and standards, on how to participate in an ecosystem. As all participants implement the same minimal set of functional, legal, technical and operational agreements and standards, they can interact in the same manner independent of the sector or domain.
Amendment 294 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 (2) ‘re-use’ means the use by natural or legal persons of data held by public sector bodies established in the Union, for commercial or non-commercial purposes other than the initial purpose within the public task for which the data were produced, except for the exchange of data between public sector bodies purely in pursuit of their public tasks;
Amendment 295 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 (2) ‘re-use’ means the use by natural persons or legal
Amendment 296 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) ‘data sharing service provider’ means a provider of a commercial service, which, through the provision of technical, legal and other services establishes relationships between an undefined number of data subjects and data holders, on the one hand and data users on the other hand, for the exchange, pooling or trade of data;
Amendment 297 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) 'data intermediary' means a provider of a service which through the provision of technical, legal and other means establishes relation with data holders, including data subjects and an indefinite number of potential data users, and which assists both parties in a transaction of data assets between the two.
Amendment 298 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) ‘personal data’ means any information relating to a data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 299 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 b (new) (2 b) 'data subject' means an identified or identifiable natural person as referred to in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 300 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new) (3 a) ‘consent’ of the data subject means any freely given, specific, informed, clear and unambiguous indication of the data subject's wishes by which data holders, by a legal statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them;
Amendment 301 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 b (new) (3 b) 'data subject' means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Amendment 302 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 (4)
Amendment 303 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 (4) ‘metadata’ means non personal or anonymised data collected on any activity of a natural or legal person for the purposes of the provision of a data sharing service, including the date , time and geolocation data, duration of activity, connections to other natural or legal persons established by the person who uses the service;
Amendment 304 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 (5) ‘data rights holder’ [this to be valid in whole text] means; a
Amendment 305 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 (5) ‘data holder’ means a legal entity, natural person
Amendment 306 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 (5) ‘data holder’ means a
Amendment 307 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 a (new) (5 a) ‘Data source’ means: a) in the context of personal data, a processor b) in the context of non-personal data, a natural or legal person who processes the non-personal data on behalf of the data holder.
Amendment 308 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 (6) ‘data user’ means a natural
Amendment 309 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 (6) ‘data user’ means: a
Amendment 310 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 a (new) (6 a) ‘consent’ of the data subject, as defined in Article 4(11) of Regulation (EU) 216/679, means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Amendment 311 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 a (new) (6 a) 'data re-user' is a natural or legal person who re-uses data as defined in point (2) of this Article;
Amendment 312 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data sharing’ means the provision by a data holder of data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary
Amendment 313 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data sharing’ means the provision by a data holder of data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, directly or through an intermediary
Amendment 314 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data sharing
Amendment 315 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data
Amendment 316 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) Amendment 317 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7 a) ‘data intermediary’ means an undertaking, or related commercial entity, which provides data sharing services to intermediate between an indefinite number of potential data holders and potential data users by making available technical, legal, or other means to enable or facilitate the exchange, pooling or licensing of data between data holders and data users;
Amendment 318 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7 a) ‘data exchange’ means and encompasses all the activities performed by the data holder, the data user and the data sharing service provider, for the purpose of exchanging data, under open data or commercial licenses, for free or against remuneration.
Amendment 319 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 b (new) (7 b) 'data cooperative' means an organisation or service, which: (a) supports members, who are data subjects, to exercise the rights provided in Regulation (EU) 2016/679, by offering services including, but not limited to, collectively negotiating terms and conditions for data processing, in making informed choices before consenting to data processing, and allowing for mechanisms to exchange views on data processing purposes and conditions that would represent their interest, or; (b) enables small and medium-sized enterprises, not-for-profit or academic institutions to collectively negotiate terms for sharing non-personal data.
Amendment 320 #
Proposal for a regulation Article 2 – paragraph 1 – point 8 (8) ‘access’ means processing by a data
Amendment 321 #
Proposal for a regulation Article 2 – paragraph 1 – point 8 a (new) (8 a) ‘processing’ means any operation or set of operations which is performed on data or on sets of data in electronic format, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Amendment 322 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 Amendment 323 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means
Amendment 324 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking a reward, for purposes of general interest
Amendment 325 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking a
Amendment 326 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means
Amendment 327 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking a
Amendment 328 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 a (new) (10 a) ‘Consent’ means, as provided by the GDPR, consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. A data subject has the right to withdraw consent at any time. The processing of personal data shall be lawful only if and to the extent that at least one of the legal basis under Article 6(1) of the GDPR applies.
Amendment 329 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 a (new) (10 a) 'data cooperative' means an organisation supporting its members, who are data subjects or one-person companies, micro, small and medium- sized enterprises, in making informed choices before consenting to data processing, or in negotiating terms and conditions for data processing and data sharing;
Amendment 330 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 b (new) (10 b) ‘General interest’ means the best interest of the community as a whole in the pursuit of common good and core objectives and values of the Union, supported and limited by citizens' rights and guarantees enshrined in the Treaties and other European or international legislation such as the Green Deal or Paris Agreement;
Amendment 331 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 b (new) (10 b) 'purposes of general interest' means purposes established by national law and national competent authorities including and not limited to healthcare, official statistics, improving the provision of public services, supporting research;
Amendment 332 #
Proposal for a regulation Article 2 – paragraph 1 – point 12 – point a (a) they are established for the specific purpose of meeting needs in the
Amendment 333 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner that allows for the operator of the secure processing environment to determine and supervise all data processing actions, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms. A ‘secure processing environment’ should also be understood as protection against threats.
Amendment 334 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to uphold data confidentiality, integrity and availability and to provide the opportunity to re-use data in a manner that allows for the operator of the secure processing environment to determine and supervise all data processing actions, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms.
Amendment 335 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner that allows for the operator of the secure processing environment to determine and supervise all data processing actions within the Union, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms as well as protection against cyber-attacks.
Amendment 336 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner ensuring compliance with applicable legislation that allows for the operator of the secure processing environment to determine and supervise all data processing actions,
Amendment 337 #
Proposal for a regulation Article 2 – paragraph 1 – point 15 (15) ‘representative’ means any natural or legal person established in the Union explicitly designated to act on behalf of a provider of data sharing services or an entity that collects data for objectives of
Amendment 338 #
Proposal for a regulation Article 2 – paragraph 1 – point 15 a (new) (15 a) 'data sovereignty' means a form of management of the cyber space that provides for the possession by the Member State of the networks and data transmitted through them.
Amendment 339 #
Proposal for a regulation Article 2 – paragraph 1 a (new) ‘Data space’ means a logically defined entity, in which all the participants follow jointly agreed principles and framework of sharing of data. Data space refers to the integration of and interaction between different actors including data rights holders, data sources, data intermediaries and data users, that are involved in, or affected by, related data access and sharing arrangements, according to their different roles, responsibilities and rights, technologies and business models. The aim of a data space is to create interoperability and trust for a data transfer and a seamless digital area with the scale that will enable the development of new products and services based on data.
Amendment 340 #
Proposal for a regulation Article 3 – paragraph 1 – introductory part (1) This Chapter applies, without prejudice to the legal regime of open data set by the Directive on open data and the re-use of public sector information (Directive (EU) 2019/1024), to other categories of data held by public sector bodies and public undertakings to data held by public sector bodies which are protected on grounds of:
Amendment 341 #
Proposal for a regulation Article 3 – paragraph 1 – point d Amendment 342 #
Proposal for a regulation Article 3 – paragraph 2 – point a Amendment 343 #
Proposal for a regulation Article 3 – paragraph 2 – point c (c) data held by cultural establishments and educational establishments when protected by fundamental rights provisions or third party intellectual property rights;
Amendment 344 #
Proposal for a regulation Article 3 – paragraph 2 – point c (c) data held by cultural establishments protected by intellectual property rights of third and educational establishments;
Amendment 345 #
Proposal for a regulation Article 3 – paragraph 2 – point e a (new) (e a) (f) data processed in the context of employment.
Amendment 347 #
Proposal for a regulation Article 3 – paragraph 3 (3) The provisions of this Chapter do not create any obligation on public sector bodies to allow re-use of data beyond the Open Data Directive nor do they release public sector bodies from their confidentiality obligations, but sets a framework for such reuse when data is made available. This Chapter is without prejudice to Union and national law or international agreements to which the Union or Member States are parties on the protection of categories of data provided in paragraph 1. This Chapter is without prejudice to Union and national law on access to documents and to obligations of public sector bodies under Union and national law to allow the re-use of data.
Amendment 348 #
Proposal for a regulation Article 3 – paragraph 3 (3) The provisions of this Chapter do not create any obligation on public sector bodies to allow re-use of data nor do they release public sector bodies from their confidentiality obligations. This Chapter is without prejudice to Union and national law or international agreements to which the Union or Member States are parties on the protection of categories of data provided in paragraph 1. This Chapter is without prejudice to Union and national law on access to documents, in particular with regard to register data, and to obligations of public sector bodies under Union and national law to allow the re-use of data.
Amendment 349 #
Proposal for a regulation Article 4 – paragraph 2 (2) By way of derogation from paragraph 1, an exclusive right to re-use data referred to in that paragraph may be granted for a limited duration and to the extent necessary for the provision of a service or a product in the
Amendment 350 #
Proposal for a regulation Article 4 – paragraph 2 (2) By way of derogation from paragraph 1, an exclusive right to re-use data referred to in that paragraph may be granted to the extent necessary for the provision of a service or a product in the
Amendment 351 #
Proposal for a regulation Article 4 – paragraph 3 (3) Such exclusive right shall be granted
Amendment 352 #
Amendment 353 #
Proposal for a regulation Article 4 – paragraph 4 (4) In all cases not covered by paragraph 3 and where the
Amendment 354 #
Proposal for a regulation Article 4 – paragraph 5 (5) The period of exclusivity of the right to re-use data shall not exceed
Amendment 355 #
Proposal for a regulation Article 4 – paragraph 5 (5) The period of exclusivity of the right to re-use data shall not exceed
Amendment 356 #
Proposal for a regulation Article 4 – paragraph 5 (5) The period of exclusivity of the right to re-use data shall not exceed t
Amendment 357 #
Proposal for a regulation Article 4 – paragraph 6 (6) The award of an exclusive right pursuant to paragraphs (2) to (5), including the reasons why it is necessary to grant such a right, shall be transparent and be made publicly available online two months before entry into force, regardless of a possible publication of an award of a public procurement and concessions contract.
Amendment 358 #
Proposal for a regulation Article 4 – paragraph 6 (6) The decision to award
Amendment 359 #
Proposal for a regulation Article 4 – paragraph 7 a (new) (7 a) (7a) Where an exclusive right to re-use data does not meet the conditions set out in paragraphs 2, 3 and 4, the exclusive right shall be void.
Amendment 360 #
Proposal for a regulation Article 4 – paragraph 7 a (new) (7 a) Where an exclusive right to re-use data does not meet the conditions set out in paragraphs 2, 3 and 4, the exclusive right shall be void.
Amendment 361 #
Proposal for a regulation Article 5 – paragraph 1 Amendment 362 #
Proposal for a regulation Article 5 – paragraph 1 (1) Public sector bodies which are competent under national law to grant or refuse access for the re-use and the process to request such re-use of one or more of the categories of data referred to in Article 3 (1) shall make publicly available the conditions for allowing such re-use. In that task, they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 363 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be non- discriminatory, proportionate and objectively justified with regard to
Amendment 364 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be non- discriminatory, lawful, transparent, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition.
Amendment 365 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be lawful, transparent, non-
Amendment 366 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall
Amendment 367 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 368 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies may impose an obligation to re-use only pre-processed data where such pre-processing aims to anonymize or pseudonymise personal data or delete commercially confidential information, including trade secrets. In the area of research, it must be ensured that the results of data processing remain traceable and reproducible even after anonymisation has taken place.
Amendment 369 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 370 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies may impose an obligation to re-use only pre
Amendment 371 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies may impose an obligation to re-use only pre-processed data where such pre-processing aims to anonymize
Amendment 372 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4) Public sector bodies
Amendment 373 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4) Public sector bodies may also impose
Amendment 374 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a secure processing environment, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data, provided and controlled by the public sector ;
Amendment 375 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a secure processing environment provided and controlled by the public sector within the Union ;
Amendment 376 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a remote secure processing environment provided and controlled by the public sector ;
Amendment 377 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a remote secure processing environment provided and controlled by the public sector ;
Amendment 378 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a remote secure processing environment provided and controlled by the public sector ;
Amendment 379 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data within a secure processing environment provided
Amendment 380 #
Proposal for a regulation Article 5 – paragraph 4 – point b (b) to access and re-use the data within the physical premises in which the secure processing environment is located
Amendment 381 #
Proposal for a regulation Article 5 – paragraph 4 – point b a (new) (b a) (c) to consult DPAs and/or the European Data Protection Board (EDPB) to guarantee anonymisation or pseudonymise personal data.
Amendment 382 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall
Amendment 383 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties. To this end, the public sector bodies shall be equipped with the necessary human and financial resources for monitoring and law enforcement.
Amendment 384 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the
Amendment 385 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right, after giving the re-user the possibility to provide further information, to prohibit the use of results that contain information jeopardising the rights and interests of third parties.
Amendment 386 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall
Amendment 387 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify the means and any results of processing of data undertaken by the re-
Amendment 388 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5 a) A public sector body shall only make commercially confidential data available for re-use if it is able to do so in a manner which protects the legitimate commercial interests of third parties in the commercially confidential data.
Amendment 389 #
Proposal for a regulation Article 5 – paragraph 6 Amendment 390 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re-users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1). All processing of personal data shall occur in full compliance with the GDPR and be accompanied by appropriate data protection safeguards. Re-use of data must be conditional on the signature by the re-user of a confidentiality agreement as set out in Recital 11.
Amendment 391 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall s
Amendment 392 #
Proposal for a regulation Article 5 – paragraph 6 a (new) (6 a) In order to provide such support as described in paragraph (6), the public sector body may establish a data intermediation service as defined in Art 2. This service shall be considered in the scope of data intermediation services described in Art 9, subject to the notification procedure described in Art 10, and subject to the conditions set out in Art 11 with the exception of paragraph (1), which requires the placement of intermediation services into a separate legal entity. It will be subject to monitoring by the competent authorities described in Art 12-13.
Amendment 393 #
Proposal for a regulation Article 5 – paragraph 7 (7) Re-use of data shall only be allowed in compliance with intellectual property rights. The right of the maker of a database as provided for in Article 7(1) of Directive 96/9/EC shall not be exercised by public sector bodies or those who benefit from the data available for reuse in order to prevent the re-use of data or to restrict re-use beyond the limits set by this Regulation.
Amendment 394 #
Proposal for a regulation Article 5 – paragraph 8 (8) When data requested is considered confidential, in accordance with Union or national law
Amendment 395 #
Proposal for a regulation Article 5 – paragraph 9 Amendment 396 #
Proposal for a regulation Article 5 – paragraph 9 Amendment 397 #
Proposal for a regulation Article 5 – paragraph 9 – introductory part (9) The Commission may adopt implementing acts declaring that the legal, supervisory and enforcement arrangements of a third country, without prejudice to the adequacy requirements defined in Article 45 of Regulation (EU) 2016/679:
Amendment 398 #
Proposal for a regulation Article 5 – paragraph 9 – introductory part (9)
Amendment 399 #
Proposal for a regulation Article 5 – paragraph 9 – introductory part (9) The Commission may adopt
Amendment 400 #
Proposal for a regulation Article 5 – paragraph 9 – point a a (new) (a a) ensure that a natural or legal person located in a third country seeking the right to re-use has a legal representative in one of the Member States;
Amendment 401 #
Proposal for a regulation Article 5 – paragraph 9 – subparagraph 1 Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 29 (2) and will permit transfers to the concerned third country.
Amendment 402 #
Proposal for a regulation Article 5 – paragraph 9 – subparagraph 1 Those
Amendment 403 #
Proposal for a regulation Article 5 – paragraph 10 Amendment 404 #
Proposal for a regulation Article 5 – paragraph 10 – introductory part (10) Public sector bodies shall only after consent from the competent body transmit confidential data or data protected by intellectual property rights to a re-user which intends to transfer the data to a third country other than a country designated in accordance with paragraph 9 if the re-user undertakes:
Amendment 405 #
Proposal for a regulation Article 5 – paragraph 10 – introductory part (10) Public sector bodies shall o
Amendment 406 #
Proposal for a regulation Article 5 – paragraph 10 a (new) (10 a) Public sector bodies or the competent bodies referred to in Article 7(1) shall provide guidance and legal and administrative support to re-users, where relevant, for the purpose of supporting them in complying with the obligations referred to in paragraph 10(a).
Amendment 407 #
Proposal for a regulation Article 5 – paragraph 11 Amendment 408 #
Proposal for a regulation Article 5 – paragraph 11 Amendment 409 #
Proposal for a regulation Article 5 – paragraph 11 Amendment 410 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for the purposes of this Article, the Commission shall be empowered to adopt delegated acts in accordance with Article 28 supplementing this Regulation by laying down special conditions applicable for transfers to third-countries. The conditions
Amendment 411 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for the purposes of this Article such as where their transfer to third countries may put at risk Union policy objectives (for instance safety and public health) or may lead to the risk of re-identification of anonymised data, the Commission shall be empowered to adopt delegated acts in accordance with Article 28 supplementing this Regulation by laying down special conditions applicable for transfers to third-countries. The conditions for the transfer to third- countries shall be based on the nature of data categories identified in the Union act and on the grounds for deeming them highly sensitive,
Amendment 412 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for the purposes of this Article,
Amendment 413 #
Proposal for a regulation Article 5 – paragraph 11 (11)
Amendment 414 #
Proposal for a regulation Article 5 – paragraph 12 Amendment 415 #
Proposal for a regulation Article 5 – paragraph 13 Amendment 416 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, it shall inform the public sector body
Amendment 417 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the transfer of data to that third country and the purpose of such transfer.
Amendment 418 #
Proposal for a regulation Article 6 – paragraph 1 (1) Public sector bodies which allow re-use of the categories of data referred to in Article 3 (1) may charge fees for allowing the re-use of such data, to the exception of personal data that belongs solely to data subjects.
Amendment 419 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall not restrict competition. They shall be limited to the necessary costs incurred for the reproduction, provision and dissemination of data, costs for anonymisation of personal data, costs for the maintenance of the secure processing environment, as well as any costs in relation to supporting re-users in seeking consent of data subjects.
Amendment 420 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall
Amendment 421 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate
Amendment 422 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall
Amendment 423 #
Proposal for a regulation Article 6 – paragraph 3 (3) Public sector bodies shall ensure that any fees can be paid online through widely available cross-border payment services, without discrimination based on the place of establishment of the payment service provider within the internal market, the place of issue of the payment instrument or the location of the payment account within the Union.
Amendment 424 #
Proposal for a regulation Article 6 – paragraph 3 (3) Public sector bodies shall ensure that any fees can also be paid online through widely available cross-border payment services, without discrimination based on the place of establishment of the payment service provider, the place of issue of the payment instrument or the location of the payment account
Amendment 425 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and by small and medium-sized enterprises in line with State aid rules. In that regard, public sector bodies may also make the data available at a discounted fee or free of charge, in particular when used for public services for SMEs and civil society, and educational establishments.
Amendment 426 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and by small and medium-sized enterprises in line with State aid rules. In that regard, public sector bodies are encourage to make the data available at a discounted fee or free of charge for all actors, in particular cooperatives.
Amendment 427 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and by small and medium-sized enterprises in line with State aid rules. This may include allowing re- use at lower or no cost.
Amendment 428 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes
Amendment 429 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and
Amendment 430 #
Proposal for a regulation Article 6 – paragraph 4 a (new) (4 a) Public sector bodies may set up a list of categories of re-users for which data is made available at reduced or no cost, which shall be published together with the criteria used to establish such list and which shall have the objective to foster a wider re-use of the categories of data referred to in Article 3(1) and accessibility by a wider range of re-users, in line with State aid rules and competition law;
Amendment 431 #
Proposal for a regulation Article 6 – paragraph 5 (5) Fees shall be derived from the costs related to the processing of requests for re- use of the categories of data referred to in Article 3 (1).
Amendment 432 #
Proposal for a regulation Article 7 – paragraph 1 (1) Member States shall designate one or more competent bodies, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task. In order to fulfil the conditions set out by this Regulation, Member States may delegate the tasks to already existing one or more competent bodies, without being required to set up new ones.
Amendment 433 #
Proposal for a regulation Article 7 – paragraph 1 (1) Member States shall designate one or more competent bodies, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task and in verifying the characteristics of portability and interoperability of data.
Amendment 434 #
Proposal for a regulation Article 7 – paragraph 1 (1) Member States shall designate one or more competent bodies under Regulation 2018/679, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task.
Amendment 435 #
Proposal for a regulation Article 7 – paragraph 1 (1) Member States shall designate
Amendment 436 #
Proposal for a regulation Article 7 – paragraph 2 – point a (a) providing technical support by making available a secure processing environment
Amendment 437 #
Proposal for a regulation Article 7 – paragraph 2 – point b (b) providing technical support in the application of tested techniques ensuring data processing in a manner that preserves privacy of the information contained in the data for which re-use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data and the deletion of commercially confidential information, including trade secrets or content protected by Intellectual Property Rights;
Amendment 438 #
Proposal for a regulation Article 7 – paragraph 2 – point b (b) providing technical support in the application of tested techniques ensuring data processing in a manner that preserves privacy, integrity and availability of the information contained in the data for which re-use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data;
Amendment 439 #
Proposal for a regulation Article 7 – paragraph 2 – point b (b) providing technical support in the application of tested techniques ensuring data processing in a manner that effectively preserves privacy of the information contained in the data for which re-use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data;
Amendment 440 #
Proposal for a regulation Article 7 – paragraph 2 – point b (b) providing technical support
Amendment 441 #
Proposal for a regulation Article 7 – paragraph 2 – point c (c) assisting the public sector bodies, where relevant, in obtaining consent or permission by re-users for re-use for altruistic and other purposes in line with
Amendment 442 #
Proposal for a regulation Article 7 – paragraph 2 – point c (c) assisting the public sector bodies
Amendment 443 #
Proposal for a regulation Article 7 – paragraph 2 – point d a (new) (d a) a harmonised approach for public sector bodies to make scientific data available for purposes of research in order to support rapid innovation in the EU small and medium-sized enterprises in line with State aid rules.
Amendment 444 #
Proposal for a regulation Article 7 – paragraph 4 (4) The competent body or bodies shall have adequate human resources as well as legal and technical capacities and expertise to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3 (1), so that data protection, privacy and confidentiality are fully respected. The competences and resources of the competent body or bodies shall prohibit unjustifiable outsourcing.
Amendment 445 #
Proposal for a regulation Article 7 – paragraph 4 (4) The competent body or bodies shall have adequate legal, financial and technical
Amendment 446 #
Proposal for a regulation Article 7 – paragraph 5 (5) The Member States shall make public and communicate to the Commission the identity of the competent bodies designated pursuant to paragraph 1 by [date of application of this Regulation]. They shall also make public and communicate to the Commission any subsequent modification of the identity of those bodies.
Amendment 447 #
Proposal for a regulation Article 8 – paragraph 1 (1) Member States shall ensure that all relevant information concerning the application of Articles 5 and 6 is available through a single information point, unless the information concerns one sector only in which case the information can be made available through a sectoral competent body referred to in Article 7 (1). Functions of a single information point may be automatically provided if adequate support by a public sector body is ensured. Member States shall be allowed either to establish a new information point o rto rely on an existing structure.
Amendment 448 #
Proposal for a regulation Article 8 – paragraph 1 (1) Member States shall ensure that all relevant information concerning the application of Articles 5 and 6 is available through a single information point. It must be accessible to all relevant stakeholders, so as to ensure efficient operation and promote good collaboration with civil society organizations, social partners and professional organisations.
Amendment 449 #
Proposal for a regulation Article 8 – paragraph 2 (2) The single information point shall receive requests for the re-use of the categories of data referred to in Article 3 (1) and shall transmit them to the competent public sector bodies, or the
Amendment 450 #
Proposal for a regulation Article 8 – paragraph 2 (2) The single information point shall receive requests for the re-use of the categories of data referred to in Article 3 (1) and shall transmit them to the competent public sector bodies, or the competent bodies referred to in Article 7 (1), where relevant. The single information point shall make publicly available by electronic means a register of available data resources containing relevant information describing the nature of available data. At least the format, size, conditions for reuse such as characteristics of interoperability and portability and the data holder shall be made public.
Amendment 451 #
Proposal for a regulation Article 8 – paragraph 2 a (new) (2 a) The single information point may establish a separate, simplified and well- documented information channel for small and medium-sized enterprises (SMEs), addressing their needs and capabilities in requesting the re-use of the categories of data referred to in Article 3 (1).
Amendment 452 #
Proposal for a regulation Article 8 – paragraph 2 a (new) (2 a) The Commission shall establish a European single information point, network offering information on the data available in national single information points and on how to request and access data via those single information points.
Amendment 453 #
Proposal for a regulation Article 8 – paragraph 2 a (new) Amendment 454 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3 (1) shall be granted or refused by the competent public sector bodies or the competent bodies referred to in Article 7 (1) within a reasonable time, and in any case within two months from the date of the request. In order to contribute to a consistent application of this Regulation the competent public sector bodies shall cooperate with each other, and where relevant with the Commission, when refusing requests for re-use of the categories of data referred to in Article 3 (1).
Amendment 455 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3 (1) shall be granted or refused by the competent public sector bodies or the competent bodies referred to in Article 7 (1) with
Amendment 456 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3 (1) shall be granted or refused by the competent public sector bodies or the competent bodies referred to in Article 7 (1) within
Amendment 457 #
Proposal for a regulation Article 9 – paragraph 1 – introductory part (1) Th
Amendment 458 #
Proposal for a regulation Article 9 – paragraph 1 – point a (a)
Amendment 459 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679, in particular managing the data subjects’ consent to data processing;
Amendment 460 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal or non-personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679;
Amendment 461 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c)
Amendment 462 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c) services of data cooperatives
Amendment 463 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c) services of data cooperatives, that is to say services supporting data subjects or one-person companies or micro, small and medium-sized enterprises, including social economy enterprises, who are members of the cooperative or who confer the power to the cooperative to negotiate terms and conditions for data processing before they consent, in making informed choices before consenting to data processing, and allowing for mechanisms to exchange views on data processing purposes and conditions that would best represent the interests of data subjects or legal persons.
Amendment 464 #
Proposal for a regulation Article 9 – paragraph 1 a (new) (1 a) any operations involving personal data in the scope of Article 9 is subject to the rules of the GDPR and therefore the conditions for the joint use of the data is subject to these rules.
Amendment 465 #
Proposal for a regulation Article 9 – paragraph 1 a (new) (1 a) This chapter does not apply to the following activities:
Amendment 466 #
Proposal for a regulation Article 9 – paragraph 1 b (new) (1 b) (a) services, which are aimed at a closed group of data holders or data users, including those operated between two companies or a limited group of legal entities for the purpose of exchanging data in the context of a contractually- defined collaboration or joint undertaking;
Amendment 467 #
Proposal for a regulation Article 9 – paragraph 1 c (new) (1 c) (b) value-added data services, which aggregate data, transform or combine data with other data, or analyse it for the purpose of adding substantial value to it and make available the use of the resulting data to data users, unless they have a direct relationship with data holders for the purpose of data sharing services or reshare the unprocessed data received from the data holder;
Amendment 468 #
Proposal for a regulation Article 9 – paragraph 1 d (new) (1 d) (c) auxiliary technical, legal, financial or administrative support services offered to either data holder or data users for the purpose of preparing an exchange of data;
Amendment 469 #
Proposal for a regulation Article 9 – paragraph 1 e (new) (1 e) (d) not-for-profit online encyclopedias, not-for-profit educational and scientific repositories, and open source software-developing and-sharing platforms;
Amendment 470 #
Proposal for a regulation Article 9 – paragraph 1 f (new) (1 f) (e) ‘Consolidated tape providers’ in the sense of Article 4 (1) point 53 of Directive 2014/65/EU of the European Parliament and of the Council;
Amendment 471 #
Proposal for a regulation Article 9 – paragraph 1 g (new) (1 g) (f) ‘account information service providers’ in the sense of Article 4 point 19 of Directive (EU) 2015/2366 of the European Parliament and of the Council;
Amendment 472 #
Proposal for a regulation Article 9 – paragraph 1 h (new) (1 h) (g) providers of data sharing services, which have been available to the public in the Union for less than 12 months and which have either a consolidated annual turnover at the group level below EUR 10 million, calculated in accordance with Commission Recommendation 2003/361/EC, or, where no consolidated annual turnover can be established less, than one hundred users, who are legal entities, or less than one thousand users who are natural persons.
Amendment 473 #
Proposal for a regulation Article 9 – paragraph 2 a (new) (2 a) A mandatory certification system shall be provided for data intermediaries in order to limit the risks associated with the central role of data intermediaries and thus increase trust in these organisations and their activities.
Amendment 474 #
Proposal for a regulation Article 10 – paragraph 1 (1)
Amendment 475 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established.
Amendment 476 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall
Amendment 477 #
Proposal for a regulation Article 10 – paragraph 4 Amendment 478 #
Proposal for a regulation Article 10 – paragraph 6 – point b (b) the provider’s legal status,
Amendment 479 #
Proposal for a regulation Article 10 – paragraph 6 – point c (c) the address of the provider’s main establishment in the Union, if any, and, where applicable, any secondary branch in another Member State or that of the legal
Amendment 480 #
Proposal for a regulation Article 10 – paragraph 6 – point d (d) a website where information on the provider and the activities can be found,
Amendment 481 #
Proposal for a regulation Article 10 – paragraph 6 – point d (d) a website where above information on the provider and the activities can be found, where applicable;
Amendment 482 #
Proposal for a regulation Article 10 – paragraph 6 – point g (g) the estimated date for starting the activity, or the date the activity has started;
Amendment 483 #
Proposal for a regulation Article 10 – paragraph 6 – point h (h) optionally, and indicative list of the Member States where the provider intends to provide services.
Amendment 484 #
Proposal for a regulation Article 10 – paragraph 6 – point h (h) optionally, an indicative list of the Member States where the provider intends to provide services.
Amendment 485 #
Proposal for a regulation Article 10 – paragraph 6 a (new) (6 a) The competent authority shall ensure that the notification procedure does not impose undue hurdles for small and medium-sized enterprises and organisations and ensures non- discrimination and competition.
Amendment 486 #
Proposal for a regulation Article 10 – paragraph 7 (7)
Amendment 487 #
Proposal for a regulation Article 10 – paragraph 7 a (new) (7 a) Upon reception of the standardised declaration, the provider of data sharing services may start the activity subject to the conditions laid down in this Chapter.
Amendment 488 #
Proposal for a regulation Article 10 – paragraph 8 Amendment 489 #
Proposal for a regulation Article 10 – paragraph 8 Amendment 490 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission of each new notification without delay and the Commission shall forward each notification to the national competent authorities of the Member States by electronic means. The Commission shall keep a register of providers of data sharing services.
Amendment 491 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission and the national competent authorities of the Member States by electronic means, without delay, of each new notification. The Commission shall keep a public register of providers of data sharing services
Amendment 492 #
Proposal for a regulation Article 10 – paragraph 9 (9)
Amendment 493 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission of each new notification. The Commission shall keep and regularly update a public register of all providers of data sharing services.
Amendment 494 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall
Amendment 495 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission of each new notification. The Commission shall keep a public register of
Amendment 496 #
Proposal for a regulation Article 10 – paragraph 10 Amendment 497 #
Proposal for a regulation Article 10 – paragraph 10 (10) The competent authority may charge fees. Such fees shall be proportionate and objective and be based on the administrative costs related to the monitoring of compliance and other market control activities of the competent authorities in relation to notifications of data sharing services. The competent authority may also charge discounted fees or allow free of charge notification for small and medium-sized enterprises (SMEs).
Amendment 498 #
(10 a) Providers shall submit any changes of the information provided pursuant to paragraph 6 to the competent authority within 14 calendar days from the day on which the change takes place;
Amendment 499 #
Proposal for a regulation Article 10 – paragraph 11 (11) Where a
Amendment 500 #
Proposal for a regulation Article 11 – paragraph 1 – point 1 (1) the provider may not use the data for which it provides services for other purposes than to put them at the disposal of data users
Amendment 501 #
Proposal for a regulation Article 11 – paragraph 1 – point 1 a (new) (1 a) the provider may not make the commercial terms, including pricing, for the provision of data sharing services to a data holder or data user dependent upon whether or to what degree the data holder or data user uses other services from the same provider or a related enterprise;
Amendment 502 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the metadata collected from the provision of the data sharing service may be used only for the development of that service respecting the GDPR as a legal basis of processing of personal data;
Amendment 503 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the metadata collected from the provision of the data sharing service may be used only for the development of that service and should be made available to the data holders upon request;
Amendment 504 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the metadata collected from the provision of the data sharing service may be used only for the
Amendment 505 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 (3) the provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data holders and data users, including as regards to terms of service and prices;
Amendment 506 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 (3) the provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data holders and data users, including as regards to prices;
Amendment 507 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 a (new) (3 a) the provider shall avoid lock-in effects and ensure interoperability with other data sharing services, in particular by providing openly accessible application programming interfaces and using open data formats, where technically feasible; (i) Within 12 months of the entry into force of this law, the Commission shall issue guidance on interoperability standards; (ii) The Commission shall consult Member States and relevant stakeholders for the purpose of issuing such guidance.
Amendment 508 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 a (new) (3 a) the provider cannot condition the commercial terms, (including pricing)of data sharing services by the fact whether or to what degree the data holder or data user uses other services from the same company, even if under separate legal entity;
Amendment 509 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4 a) the data intermediary may offer additional specific services to data holders facilitating the exchange of the data, such as aggregation, curation, pseudonymisation and anonymisation; with the aim of improving the quality or conversion of data to data holders or data users, or other related services, and those tools shall be used only at the explicit request or approval of the data holder in the framework of business-to-business agreements;
Amendment 510 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4 a) the provider may offer additional specific tools to data holders facilitating the exchange of the data, such as aggregation, analysis, improving the quality of data or anonymization, only at the explicit request or approval of the data holder. The third-party tools offered in that context shall not use data for purposes other than those requested or approved by the data holder;
Amendment 511 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the provider must ensure and shall have procedures in place to prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services and is liable for damages resulting from security breaches;
Amendment 512 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the provider shall have procedures in place to prevent and monitor potential fraudulent or abusive practices in relation to access to data from parties seeking access through their services;
Amendment 513 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the provider shall have procedures and sanctions in place to prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services;
Amendment 514 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to and to retrieve their data in case of insolvency of the provider;
Amendment 515 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 a (new) (6 a) the provider shall avoid lock-in effects and ensure interoperability with the other data intermediaries (as defined in article 2) in particular by providing openly accessible application programming inter faces and using open data formats, where technically feasible;
Amendment 516 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 a (new) (6 a) the provider to the extent possible shall ensure interoperability with other data sharing services;
Amendment 517 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 b (new) (6 b) The intermediator services should follow the interoperability requirements defined in the common European data spaces.
Amendment 518 #
Proposal for a regulation Article 11 – paragraph 1 – point 7 (7) the provider shall put in place adequate technical, legal and organisational
Amendment 519 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the
Amendment 520 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the provider shall take measures to ensure a high level of security for the storage and transmission of non-personal data
Amendment 521 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the provider shall take measures to ensure a high level of security, including cybersecurity standards, for the storage and transmission of non-personal data;
Amendment 522 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the
Amendment 523 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the provider shall take measures to ensure a high level of security for the storage and transmission of
Amendment 524 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the provider shall take measures to ensure a high level of security for the storage and transmission of
Amendment 525 #
Proposal for a regulation Article 11 – paragraph 1 – point 10 (10)
Amendment 526 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions in which the data use is intended to take place. Such a consent does not replace the need to have a lawful basis for data processing as set by the GDPR.
Amendment 527 #
(11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions in which the data use is intended to take place and provide to the data subject tools for tracking the use of that data and consent withdrawal.
Amendment 528 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions in which the data use is intended to take place and ensure that data subjects are also provided with tools to withdraw consent.
Amendment 529 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 a (new) (11 a) (1 a) the data intermediary must ensure the right conditions to keep data secured.
Amendment 530 #
Proposal for a regulation Article 11 a (new) Article 11 a Data intermediary should ensure quality and security of the services they offer. This control of quality should also be periodically monitored and reviewed. Recommendations or guidance by the Commission, in cooperation with data users in the market, could improve the services of the providers.
Amendment 531 #
Proposal for a regulation Article 11 b (new) Article 11 b It should ensure data portability by adhering to the « Switching Cloud Providers and Porting Data » Association, facilitated by the European Commission in application of Art. 6 of the EU Free Flow of Non-Personal Data Regulation ((EU) 2018/1807) and aimed at developing voluntary Codes of Conduct to offer services with data portability
Amendment 532 #
Proposal for a regulation Article 12 – paragraph 1 (1) Each Member State shall designate in its territory one or more authorities competent, including its data protection authority, to carry out the tasks related to the notification framework and shall communicate to the Commission the identity of those designated authorities by [date of application of this Regulation]. It shall also communicate to the Commission any subsequent modification.
Amendment 533 #
Proposal for a regulation Article 12 – paragraph 2 (2) The designated competent authorities under Regulation 2018/679” shall comply with Article 23”..
Amendment 534 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers. The data protection authorities shall be designated as the main competent authorities for the supervision and enforcement of the provisions under Chapter IV of the Regulation.
Amendment 535 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers and ensure consistency of the decisions taken in application of this directive.
Amendment 536 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall build up a strong cooperation and exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 537 #
Proposal for a regulation Article 13 – paragraph 2 (2) The competent authority shall have the power to request from providers of data sharing services all the information that is necessary to verify compliance with the requirements laid down in Articles 10 and 11. Any request for information shall be proportionate to the performance of the task and shall be reasoned. In case a data sharing service does not submit a notification, he is submitted to Article 31.
Amendment 538 #
Proposal for a regulation Article 13 – paragraph 3 (3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10 or 11, it shall notify that provider of those findings and give it the opportunity to state its views, within a
Amendment 539 #
Proposal for a regulation Article 13 – paragraph 3 (3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10
Amendment 540 #
Proposal for a regulation Article 13 – paragraph 4 – introductory part (4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3
Amendment 541 #
Proposal for a regulation Article 13 – paragraph 4 – introductory part (4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3 either immediately or within a
Amendment 542 #
Proposal for a regulation Article 13 – paragraph 4 – point a (a) to impose dissuasive financial penalties which may include periodic penalties with retroactive effect
Amendment 543 #
Proposal for a regulation Article 13 – paragraph 4 – point a (a) to impose dissuasive financial penalties which may include periodic penalties with retroactive effect; these should be proportionate to the size of the provider and the severity of the breach.
Amendment 544 #
Proposal for a regulation Article 13 – paragraph 4 – point a (a) to impose
Amendment 545 #
Proposal for a regulation Article 13 – paragraph 4 – point b (b) to require
Amendment 546 #
Proposal for a regulation Article 13 – paragraph 4 – point b (b) to
Amendment 547 #
Proposal for a regulation Article 13 – paragraph 5 (5) The competent authorities shall communicate the measures imposed pursuant to paragraph 4
Amendment 548 #
Proposal for a regulation Article 13 – paragraph 6 a (new) (6 a) Upon the request of a data intermediary the competent authority shall confirm that the data intermediary complies with the requirements laid down Articles 10 and 11.
Amendment 549 #
Amendment 550 #
Proposal for a regulation Article 14 – paragraph 1 This Chapter shall not apply to
Amendment 551 #
Proposal for a regulation Article 14 – paragraph 1 This Chapter shall not apply to not-for- profit
Amendment 552 #
Proposal for a regulation Article 14 – paragraph 1 This Chapter shall not apply to not-for- profit entities whose activities consist only in seeking to collect data for objectives of
Amendment 553 #
Proposal for a regulation Article 14 – paragraph 1 – point a (new) (a) public sector bodies that offer data sharing facilities on a non-commercial basis;
Amendment 554 #
Proposal for a regulation Article 14 – paragraph 1 – point b (new) (b) not-for-profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.
Amendment 555 #
Proposal for a regulation Chapter IV – title IV
Amendment 556 #
Proposal for a regulation Article 15 – title Register of
Amendment 557 #
Proposal for a regulation Article 15 – paragraph -1 (new) (-1) The collection of data based on voluntary data sharing in the public interest, as referred to in Article 6(1)(e) of Regulation (EU) 2016/679 is subject to general authorisation by a competent authority, referred to in Article 20. Such authorisation shall be valid in all Member States of the European Union.
Amendment 558 #
Proposal for a regulation Article 15 – paragraph 1 (1) Donating personal or non- personal data is a voluntary and free act of the data subject and hence subject to high-level safeguards. Each competent authority designated pursuant to Article 20 shall keep a public register of recognised data altruism organisations.
Amendment 559 #
Proposal for a regulation Article 15 – paragraph 1 (1) Each competent authority designated pursuant to Article 20 shall keep a regularly-updated public register of recognised data altruism organisations.
Amendment 560 #
Proposal for a regulation Article 15 – paragraph 1 (1) Each competent authority designated pursuant to Article 20 shall keep a public register of
Amendment 561 #
Proposal for a regulation Article 15 – paragraph 2 (2) The Commission shall maintain a public Union register of recognised data altruism organisations. The Commission shall monitor and audit the register of recognised data altruism organizations.
Amendment 562 #
Proposal for a regulation Article 15 – paragraph 2 (2) The Commission shall maintain a publicly accessible and regularly updated Union register of recognised data altruism organisations.
Amendment 563 #
Proposal for a regulation Article 15 – paragraph 2 (2) The Commission shall maintain a public Union register of
Amendment 564 #
Proposal for a regulation Article 15 – paragraph 3 (3) An entity registered in the register in accordance with Article 16 may refer to itself as a ‘data altruism organisation recognised in the Union’ in its written and spoken communication. The entity shall use a EU dedicated logo or QR code linking to the European register of recognised data altruism organisations, both online and offline. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act in accordance with the procedure referred to in Article 29.
Amendment 565 #
Proposal for a regulation Article 15 – paragraph 3 (3) An entity registered in the register in accordance with Article 16 may refer to itself as a ‘data altruism organisation recognised in the Union’ in its written and spoken communication. The entity shall use a EU dedicated logo and link to the European register of recognised data altruism organisations. The logo shall have the objective of providing a coherent visual identity to European Union data altruism organisations and contribute to increase trust for data subjects and legal entities. The logo must be created and displayed with rules established in a separate implementing act in accordance with the procedure referred to in Article 29.
Amendment 566 #
Proposal for a regulation Article 15 – paragraph 3 (3)
Amendment 567 #
Proposal for a regulation Article 16 – title General requirements for
Amendment 568 #
Proposal for a regulation Article 16 – paragraph 1 – introductory part 1. In order to qualify for registration, the data altruism organisation shall:
Amendment 569 #
Proposal for a regulation Article 16 – paragraph 1 – introductory part In order to qualify for
Amendment 570 #
Proposal for a regulation Article 16 – paragraph 1 – point a (a) be a legal entity constituted to meet objectives of
Amendment 571 #
Proposal for a regulation Article 16 – paragraph 1 – point a (a) be a legal entity constituted to meet objectives of
Amendment 572 #
Proposal for a regulation Article 16 – paragraph 1 – point a a (new) (a a) fit definition of data altruism under article 2-10
Amendment 573 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and be independent from any entity that operates on a for-profit basis; in case the entity undertakes other activities on a not- for-profit basis, it shall ensure the legal and functional separation of such activities from the activities related to the collection of data based on voluntary data sharing in the public interest. The entity may not use the data collected based on voluntary data sharing in the public interest for other activities;
Amendment 574 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and be legally and structurally independent from any entity that operates on a for-profit basis;
Amendment 575 #
Proposal for a regulation Article 16 – paragraph 1 – point c (c) perform the activities related to
Amendment 576 #
Proposal for a regulation Article 16 – paragraph 1 – point c (c) perform the activities related to data altruism
Amendment 577 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (c a) be able to process the data within the secure processing environment operated by the entity;
Amendment 578 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (c a) provide to the competent authority an operational data security plan;
Amendment 579 #
Proposal for a regulation Article 16 – paragraph 1 – point c b (new) (c b) have effective oversight mechanism to ensure high standards of scientific ethics;
Amendment 580 #
Proposal for a regulation Article 16 – paragraph 1 – point c c (new) (c c) have effective technical means to withdraw or modify context at any moment as well as means for data subjects to stay informed about th use of data they made available;
Amendment 581 #
Proposal for a regulation Article 16 – paragraph 1 a (new) In case personal data is processed in the context of voluntary data sharing in the public interest, such processing shall be compliant with the requirements laid down in Regulation (EU) 2016/679, including the provisions on transfers of personal data to third countries or international organisations
Amendment 582 #
Proposal for a regulation Article 17 – paragraph 1 (1) Any entity which meets the requirements of Article 2 (10) and 16 may request to be entered in the register of recognised data altruism organisations referred to in Article 15 (1).
Amendment 583 #
Proposal for a regulation Article 17 – paragraph 1 (1) Any entity which meets the requirements of Article 16 may request to be entered in the register of
Amendment 584 #
Proposal for a regulation Article 17 – paragraph 2 (2) For the purposes of this Regulation, an entity engaged in activities based on
Amendment 585 #
Proposal for a regulation Article 17 – paragraph 3 Amendment 586 #
Proposal for a regulation Article 17 – paragraph 3 (3) An entity that is not established in
Amendment 587 #
Proposal for a regulation Article 17 – paragraph 3 (3) An entity that is not established in the Union, but meets the requirements in Article 16, shall appoint a legal representative in one of the Member States where it intends to collect data based on
Amendment 588 #
Proposal for a regulation Article 17 – paragraph 4 – point c (c) the statutes of the entity
Amendment 589 #
Proposal for a regulation Article 17 – paragraph 4 – point f (f) a public website where information on the entity and the activities can be found including as a minimum the information as referred to in letters a, b, d, e and h of this paragraph;
Amendment 590 #
Proposal for a regulation Article 17 – paragraph 4 – point f (f) a website where information on the entity and the activities can be found including as a minimum the information as referred to in letters a, b, d, e and h of this paragraph;
Amendment 591 #
Proposal for a regulation Article 17 – paragraph 4 – point h (h) the purposes of
Amendment 592 #
Proposal for a regulation Article 17 – paragraph 4 – point h (h) the purposes of
Amendment 593 #
Proposal for a regulation Article 17 – paragraph 5 (5) Where the entity has submitted all necessary information pursuant to paragraph 4 and the competent authority considers that the entity complies with the
Amendment 594 #
Proposal for a regulation Article 17 – paragraph 6 (6) The information referred to in paragraph 4, points (a), (b), (f), (g), and (h) shall be published in the national public register of recognised data altruism organisations.
Amendment 595 #
Proposal for a regulation Article 17 – paragraph 6 (6) The information referred to in paragraph 4, points (a), (b), (f), (g), and (h) shall be published in the national register
Amendment 596 #
Proposal for a regulation Article 17 – paragraph 7 (7) Any entity entered in the register of recognised data altruism organisations shall submit any changes of the information provided pursuant to paragraph 4 to the competent authority within 14 calendar days from the day on which the change takes place. The competent authority shall inform the Commission by electronic means of each such notification without delay.
Amendment 597 #
Proposal for a regulation Article 17 – paragraph 7 (7) Any entity entered in the public register of recognised data altruism organisations shall submit any changes of the information provided pursuant to paragraph 4 to the competent authority within 14 calendar days from the day on
Amendment 598 #
Proposal for a regulation Article 17 – paragraph 7 (7) Any entity entered in the register of
Amendment 599 #
Proposal for a regulation Article 17 – paragraph 7 (7)
Amendment 600 #
Proposal for a regulation Article 18 – paragraph 1 – introductory part (1) Any entity entered in the national register of
Amendment 601 #
Proposal for a regulation Article 18 – paragraph 2 – introductory part (2) Any entity entered in the register of
Amendment 602 #
Proposal for a regulation Article 18 – paragraph 2 – point b (b) a description of the way in which the
Amendment 603 #
Proposal for a regulation Article 18 – paragraph 2 – point b (b) a description of the way in which the
Amendment 604 #
Proposal for a regulation Article 18 – paragraph 2 – point c (c) a list of all natural and legal persons that were allowed to use data it holds,
Amendment 605 #
Proposal for a regulation Article 18 – paragraph 2 – point c (c) a list of all natural and legal persons that were allowed to use data it holds, including a summary description of the
Amendment 606 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) A mandatory authorisation framework for data altruistic organisations shall be provided to ensure a higher level of trust. Any entity entered in the register of recognised data altruism organisations shall inform data holders:
Amendment 607 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of recognised data altruism organisations shall inform data
Amendment 608 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of
Amendment 609 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of recognised data altruism organisations shall inform data holders prior to any processing of their data:
Amendment 610 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of
Amendment 611 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of
Amendment 612 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of general interest for which it permits the processing of their data by a data user
Amendment 613 #
Proposal for a regulation Article 19 – paragraph 1 – point b Amendment 614 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about the location of any processing outside the Union. In addition, the non-profit entities will request an authorisation to data holders with approval regarding all the information pursuant in accordance with paragraph 4 of Article 17. The authorisation should be issued by competent authorities designated pursuant to Article 20.
Amendment 615 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about
Amendment 616 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing outside the Union
Amendment 617 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing outside the Union and the location of such processing.
Amendment 618 #
Proposal for a regulation Article 19 – paragraph 1 – point b a (new) (b a) the effective means and tools for withdrawal of consent according to Article 7 of GDPR.
Amendment 619 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. Safeguards shall be provided to ensure that misleading marketing practices are not used to solicit donations of data. Possibilities for sanctions shall be provided for when acting against public interests, according to national laws.
Amendment 620 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing as well as that the obtained consent from data subjects or permissions to process data made available by legal persons can be easily withdrawn.
Amendment 621 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of
Amendment 622 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of
Amendment 623 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2 a) The entity shall take measures to ensure a high level of security for the storage and processing of data that it has collected based on voluntary data sharing in the public interest or is responsible for in the exercise of its activities.
Amendment 624 #
Proposal for a regulation Article 19 – paragraph 3 (3) Where an entity entered in the register of
Amendment 625 #
Proposal for a regulation Article 19 – paragraph 3 (3) Where an entity entered in the register of recognised data altruism organisations provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions outside the Union in which the data use is intended to take place.
Amendment 626 #
Competent authorities for registration of data altruism organisations
Amendment 627 #
Proposal for a regulation Article 20 – paragraph 1 (1) Each Member State shall designate one or more competent authorities responsible for the register of recognised data altruism organisations and for the monitoring of compliance with the requirements of this Chapter. The designated competent authorities for the registration of data altruism organisations shall meet the requirements of Article 23.
Amendment 628 #
Proposal for a regulation Article 20 – paragraph 1 (1) Each Member State shall designate one or more competent authorities under Regulation 2018/679 responsible for the register of recognised data altruism organisations and for the monitoring of compliance with the requirements of this Chapter. The designated competent authorities shall
Amendment 629 #
Proposal for a regulation Article 20 – paragraph 1 (1) Each Member State shall designate
Amendment 630 #
Proposal for a regulation Article 20 – paragraph 1 (1) Each Member State shall designate one
Amendment 631 #
Proposal for a regulation Article 20 – paragraph 2 (2) Each Member State shall inform the Commission of the identity of the designated authorit
Amendment 632 #
Proposal for a regulation Article 20 – paragraph 3 (3) The competent authority shall undertake its tasks in cooperation with the data protection authority, where such tasks are related to processing of personal data, and with relevant sectoral bodies of the same Member State. For any question requiring an assessment of compliance with Regulation (EU) 2016/679, the competent authority shall first seek an opinion or decision by the competent supervisory authority established pursuant to that Regulation and comply with that opinion or decision. The data protection authorities shall be designated as the main competent authorities for the supervision and enforcement of the provisions under Chapter IV of the Regulation.
Amendment 633 #
Proposal for a regulation Article 20 – paragraph 3 (3) The competent authority for the registration of data altruism organisations shall undertake its tasks in cooperation with the data protection authority, where such tasks are related to processing of personal data, and with relevant sectoral bodies of the same Member State. For any question requiring an assessment of compliance with Regulation (EU) 2016/679, the competent authority shall first seek an opinion or decision by the competent supervisory authority established pursuant to that Regulation and comply with that opinion or decision.
Amendment 634 #
Proposal for a regulation Article 21 – paragraph 1 (1) The
Amendment 635 #
Proposal for a regulation Article 21 – paragraph 1 (1) The competent authority shall monitor and supervise compliance of entities entered in the register of
Amendment 636 #
Proposal for a regulation Article 21 – paragraph 2 (2) The competent authority shall have the power to request information from entities included in the register of
Amendment 637 #
Proposal for a regulation Article 21 – paragraph 3 (3) Where the competent authority finds that an entity does not comply with one or more of the requirements of this Chapter it shall notify the entity of those findings and give it the opportunity to state its views, within
Amendment 638 #
Proposal for a regulation Article 21 – paragraph 5 – point a (a) lose its right to collect data made available by natural or legal persons on the basis of data altruism, perform the activities linked to the realisation of the data altruism purpose and refer to itself as a ‘data altruism organisation
Amendment 639 #
Proposal for a regulation Article 21 – paragraph 5 – point b (b) be removed from the national and Union registers of
Amendment 640 #
Proposal for a regulation Article 21 – paragraph 5 – point b a (new) (b a) In the case that the entity wishes to make the request again, an appropriate period of at least 12 months must pass. If the entity runs into criminal problems of a certain entity, neither the company nor the persons responsible in other companies will no longer be able to apply for registration.
Amendment 641 #
Proposal for a regulation Article 21 – paragraph 5 a (new) (5 a) In this regard, the competent authorities shall be able, where appropriate: (a) to impose dissuasive financial penalties which may include periodic penalties with retroactive effect; (b) to impose immediate cessation or postponement of the provision of the data sharing service.
Amendment 642 #
Proposal for a regulation Article 21 – paragraph 6 (6) If an entity included in the register of recognised data altruism organisations has its main establishment or legal representative in a Member State but is active in other Member States, the competent authority of the Member State of the main establishment or where the legal representative is located and the competent authorities of those other Member States shall cooperate and assist each other as necessary and they shall also comply with the rules of the most restrictive Member States in which they operate. Such assistance and cooperation may cover information exchanges between the competent authorities concerned and requests to take the supervisory measures referred to in this Article.
Amendment 643 #
Proposal for a regulation Article 21 – paragraph 6 (6) If an entity included in the register of
Amendment 644 #
Proposal for a regulation Article 22 – title European data altruism consent
Amendment 645 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on
Amendment 646 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on data altruism, the
Amendment 647 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on data altruism, the Commission may adopt implementing acts developing a European data altruism consent form with cooperation of Data innovation board. The form shall allow the collection of consent across Member States in a uniform format. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 29 (2).
Amendment 648 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate and ease the collection of data based on data altruism, the Commission may adopt implementing acts developing a European data altruism
Amendment 649 #
Proposal for a regulation Article 22 – paragraph 2 (2) The European data altruism consent form shall use a modular approach allowing customisation for specific sectors and for different purposes leading to full understanding of the purpose.
Amendment 650 #
Proposal for a regulation Article 22 – paragraph 2 (2) The European data altruism consent
Amendment 651 #
Proposal for a regulation Article 22 – paragraph 3 (3) Where personal data are provided, the European data altruism consent form shall ensure that data subjects are able to give consent to and withdraw consent from a specific data processing operation in compliance with the requirements of Regulation (EU) 2016/679. Data subjects shall be informed of the purposes of any subsequent use before they give their consent.
Amendment 652 #
Proposal for a regulation Article 22 – paragraph 3 (3) Where personal data are provided, the European data altruism consent
Amendment 653 #
Proposal for a regulation Article 22 – paragraph 3 (3) Where personal data are provided, the European data altruism consent form shall ensure that data subjects are able to give free and unambiguous consent to and to be able withdraw their consent from a specific data processing operation in compliance with the requirements of Regulation (EU) 2016/679 at any time.
Amendment 654 #
Proposal for a regulation Article 22 – paragraph 4 (4) The form shall be available in a
Amendment 655 #
Proposal for a regulation Article 22 – paragraph 4 a (new) (4 a) The online consent tools shall include a minimal list of checks and balances allowing consent to be given and withdrawn in an easy to understand, timely and modular manner and a set of standardised visual indicators.
Amendment 656 #
Proposal for a regulation Article 23 – title Requirements and procedures relating to competent authorities
Amendment 657 #
Proposal for a regulation Article 23 – paragraph 1 (1) The competent authorities designated pursuant to Article 12 and Article 20 shall be legally distinct from, and functionally independent of any provider of data sharing services or entity included in the register of recognised data altruism organisations. The functions of the competent authorities designated pursuant to Article 12 and Article 20 may be carried out by the same entity.
Amendment 658 #
Proposal for a regulation Article 23 – paragraph 1 (1) The competent authorities designated pursuant to Article 12 and Article 20 shall be legally distinct from, and functionally independent of any provider of data sharing services or entity included in the register of
Amendment 659 #
Proposal for a regulation Article 23 – paragraph 2 (2) Competent authorities shall exercise their tasks in an impartial, transparent, consistent, reliable and timely manner and safeguard fair competition and non-discriminatory access for individuals and small actors at all times.
Amendment 660 #
Proposal for a regulation Article 23 – paragraph 5 (5) The competent authorities shall have at their disposal the adequate financial
Amendment 661 #
Proposal for a regulation Article 23 – paragraph 6 (6) The competent authorities of a Member State shall provide the Commission and competent authorities from other Member States, on reasoned request, with the information necessary to carry out their tasks under this Regulation. Where a national competent authority considers the information requested to be confidential in accordance with Union and national rules on national security, commercial and professional confidentiality, the Commission and any other competent authorities concerned shall ensure such confidentiality
Amendment 662 #
Proposal for a regulation Article 24 – paragraph 1 (1) Natural and legal persons shall have the right to lodge a complaint, individually or by the representatives of one or more natural persons, with the relevant national competent authority against a provider of data sharing services or an entity entered in the register of
Amendment 663 #
Proposal for a regulation Article 24 – paragraph 2 (2) The authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken, take immediate measures to prevent further infringements and shall inform the complainant of the right to an effective judicial remedy provided for in Article 25.
Amendment 664 #
Proposal for a regulation Article 25 – paragraph 1 – point -a (new) (-a) a breach of obligations stemming from the current Regulation, including but not limited to the purposes of data processing, consent mechanisms and exercise of voluntary data sharing for public interest activities by organisations that are not listed in the national data altruism registry.
Amendment 665 #
Proposal for a regulation Article 25 – paragraph 1 – point b (b) decisions of the competent authorities referred to in Articles 13, 17 and 21 taken in the management, control and enforcement of the notification regime for providers of data sharing services and the monitoring of entities entered into the register of
Amendment 666 #
Proposal for a regulation Article 25 – paragraph 2 (2) Proceedings pursuant to this Article shall be brought before the courts of the Member State in which the authority against which the judicial remedy is sought is located individually or by the representatives of one or more natural persons.
Amendment 667 #
Proposal for a regulation Chapter V a (new) Amendment 668 #
Proposal for a regulation Article 26 Amendment 669 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”)
Amendment 670 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission,
Amendment 671 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission,
Amendment 672 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”)
Amendment 673 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission, relevant data spaces and other representatives of
Amendment 674 #
Proposal for a regulation Article 26 – paragraph 1 a (new) (1 a) The composition shall guarantee a fair distribution of the different third parties between public actors including the Commission, private actors as well as civil society and social partners;
Amendment 675 #
Proposal for a regulation Article 26 – paragraph 2 (2)
Amendment 676 #
Proposal for a regulation Article 26 – paragraph 2 (2)
Amendment 677 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties
Amendment 678 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders
Amendment 679 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders
Amendment 680 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third
Amendment 681 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties
Amendment 682 #
Proposal for a regulation Article 26 – paragraph 2 a (new) (2 a) The Commission shall ensure a balanced composition of the invitations of stakeholders to participate in the work of the Board, accounting for gender as well as geographical diversity, and made up of members with diverse industrial backgrounds, with a well thought out selection process.
Amendment 683 #
Proposal for a regulation Article 26 – paragraph 2 a (new) (2 a) The Commission shall ensure a balanced composition of the invitations of stakeholders to participate in the work of Board, accounting for gender as well as geographical diversity, and made up of members with diverse industrial backgrounds, with a well thought out selection process.
Amendment 684 #
Proposal for a regulation Article 26 – paragraph 3 (3) The Commission shall chair the meetings of the Board which may be conducted in different configurations, depending on the subjects to be discussed.
Amendment 685 #
Proposal for a regulation Article 26 – paragraph 4 a (new) Amendment 686 #
Proposal for a regulation Article 26 – paragraph 4 a (new) (4 a) The data protection supervisory authorities established under national and Union law are the “competent authority”, insofar as the processing of personal data is concerned.
Amendment 687 #
Proposal for a regulation Article 26 – paragraph 4 a (new) (4 a) The Board's deliberations and, where relevant, documents shall be made public.
Amendment 688 #
Proposal for a regulation Article 27 – title Tasks of the European Data Innovation Board
Amendment 689 #
Proposal for a regulation Article 27 – paragraph 1 – point -a (new) (-a) to assist and advise the Commission and the emerging data spaces on how to enable the interoperability, and if possible, scalability, of the emerging data spaces within the Union. This assistance could include assistance on agreeing principles on soft infrastructure (standards) as well as assistance on how to get the best out of the financial help under Digital Europe Programme.
Amendment 690 #
Proposal for a regulation Article 27 – paragraph 1 – point -a a (new) (-a a) to advise and assist the Commission on a soft infrastructure with data sovereignty as key design principle, to form a set of agreements enabling a unified way for control over data
Amendment 691 #
Proposal for a regulation Article 27 – paragraph 1 – point b (b) to advise and assist the Commission in developing a consistent practice of the competent authorities in the application of requirements applicable to data sharing providers as well as entities carrying out activities in relation to data altruism;
Amendment 692 #
Proposal for a regulation Article 27 – paragraph 1 – point b (b) to advise and assist the Commission in developing a consistent practice of the competent authorities in the application of requirements applicable to data sharing providers and data altruism organisations;
Amendment 693 #
Proposal for a regulation Article 27 – paragraph 1 – point b a (new) (b a) to advise and assist the Commission in developing consistent guidelines on how to best protect, in the context of this Regulation, commercially sensitive data of non-personal nature, notably trade secrets, but also non- personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage.
Amendment 694 #
Proposal for a regulation Article 27 – paragraph 1 – point b a (new) (b a) to advise and assist the Commission in developing consistent guidelines for increase a data literacy and that looks at the technology transfer from research, thanks to an expansion of the resources available to those involved in data literacy training, associations, cooperatives and in general to innovation brokers.
Amendment 695 #
Proposal for a regulation Article 27 – paragraph 1 – point c (c) to advise the Commission on the prioritisation of cross-sector standards to be used and developed for data use and cross-sector data sharing between emerging data spaces, cross-sectoral comparison and exchange of best practices with regards to sectoral requirements for security, access procedures, while taking into account sector-specific standardisations activities in particular in clarifying and distinguishing which standards and practices are cross-sectoral and which are sectoral;;
Amendment 696 #
Proposal for a regulation Article 27 – paragraph 1 – point c (c) to advise the Commission on the prioritisation of cross-sector standards to be used and developed for data use and cross-sector data sharing, cross-sectoral comparison and exchange of best practices with regards to sectoral requirements for security, access procedures, while taking into account sector-specific standardisations activities, in particular in clarifying and distinguishing which standards and practices are cross-sectoral and which are sectoral;
Amendment 697 #
Proposal for a regulation Article 27 – paragraph 1 – point c a (new) (c a) to collaborate with sectoral boards and expert groups which may be established in establishing data spaces to perform similar but sector specific tasks defined in (a) – (e) for The Board for cross-sectoral data sharing.
Amendment 698 #
Proposal for a regulation Article 27 – paragraph 1 – point d (d) to assist the Commission in enhancing the interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards and to assist and advice the EU institutions and the emerging data spaces, including on financial assistance through European programmes such as the Digital Europe Programme;
Amendment 699 #
Proposal for a regulation Article 27 – paragraph 1 – point d (d) to assist the Commission in addressing fragmentation of the data economy in the single market by enhancing the interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards, inter alia with the aim of encouraging the creation of Common European data spaces;
Amendment 700 #
Proposal for a regulation Article 27 – paragraph 1 – point d a (new) (d a) establish a permanent sub group called the Data Exchange Board (“the DEB”) in the form of an expert group consisting of actors that have a direct interest in the establishment, governance, and adoption of a standardised approach to data sharing and exchange with the help of European data spaces and to support it in defining the interoperability measures for the data intermediaries. These actors should be researchers, practitioners, and public and private initiatives for data sharing and exchange.
Amendment 701 #
Proposal for a regulation Article 27 – paragraph 1 – point d a (new) (d a) In addition, it should assist the Commission in defining policies and strategies with the aim of avoiding any cases of data manipulation and the creation of "false data", which could cause serious damage to various sectors. With reference to 'false data', the Board could evaluate the possibility of creating a "data passport" containing certified or certifiable data, in order to exclude any attempt to falsify the data.
Amendment 702 #
Proposal for a regulation Article 27 – paragraph 1 – point d a (new) (d a) to maintain a registry of applications and use cases that demonstrate the value of data sharing, contributing to a level playing field and enabling participating stakeholders to identify which data assets to share for and the corresponding objectives of the exchange scheme;
Amendment 703 #
Proposal for a regulation Article 27 – paragraph 1 – point d a (new) (d a) To advise the Member States and the Commission on the possibility to set harmonised conditions allowing for re- use of data referred to in Article 3 (1) held by public sector bodies across the single market;
Amendment 704 #
Proposal for a regulation Article 27 – paragraph 1 – point d a (new) (d a) to advise and assist the Commission in developing consistent guidelines for cybersecurity requirements for the exchange and storage of data;
Amendment 705 #
Proposal for a regulation Article 27 – paragraph 1 – point d b (new) Amendment 706 #
Proposal for a regulation Article 27 – paragraph 1 – point d b (new) (d b) to advise the Commission on the improvement of funding of use cases through mechanisms such as Horizon Europe and the Digital Europe Programme, building on the knowledge gathered from the applications and use cases within its registry;
Amendment 707 #
Proposal for a regulation Article 27 – paragraph 1 – point d c (new) (d c) to advise the Commission in providing guidance to Member States on the contractual arrangements, rights and responsibilities for data sharing;
Amendment 708 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities, the Commission and other European and international bodies under this Regulation through capacity-
Amendment 709 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities and, where relevant, European and international bodies under this Regulation through capacity-
Amendment 710 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities under this Regulation through capacity- building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for data sharing service providers and the registration and monitoring of
Amendment 711 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (e a) The advise the European Commission on data protection matters and the development of consistent practices related to the processing of personal data that do not fall within the competences attributed to the European Data Innovation Board.
Amendment 712 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (e a) to facilitate cooperation between Member States in relation to the rules on penalties laid down by the Member States pursuant to Article 31 and to issue recommendations as regards the harmonisation of those penalties across the Union.
Amendment 713 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (e a) to advise the Commission in the decision of adopting implementing acts referred to in article 5 (9);
Amendment 714 #
Proposal for a regulation Article 27 – paragraph 1 – point e b (new) (e b) to assist the Commission in the discussions conducted at bilateral, plurilateral or multilateral level with third countries aimed at improving the regulatory environment for non-personal data, including standardisation, at global level;
Amendment 715 #
Proposal for a regulation Article 28 Amendment 716 #
Proposal for a regulation Article 28 – paragraph 6 (6) A delegated act adopted pursuant to Article 5 (11) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council
Amendment 717 #
Proposal for a regulation Article 29 – paragraph 2 (2) Where reference is made to this paragraph, Article
Amendment 718 #
Proposal for a regulation Article 30 – paragraph 1 (1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of recognised data altruism organisations, as the case may be, shall take all reasonable technical, legal and organisational measures in order to
Amendment 719 #
Proposal for a regulation Article 30 – paragraph 1 (1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of
Amendment 720 #
Proposal for a regulation Article 30 – paragraph 1 (1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of recognised data altruism organisations, as the case may be, shall take all reasonable technical, legal and organisational measures in order to prevent
Amendment 721 #
Proposal for a regulation Article 30 – paragraph 1 (1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of recognised data altruism organisations, as the case may be, shall take all reasonable technical, legal and organisational measures in order to prevent transfer or access to non-personal sensitive data held in the Union where such transfer or access would create a conflict with Union law or the law of the relevant Member State
Amendment 722 #
Proposal for a regulation Article 30 – paragraph 2 (2) Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a
Amendment 723 #
Proposal for a regulation Article 30 – paragraph 3 – introductory part (3)
Amendment 724 #
Proposal for a regulation Article 30 – paragraph 3 – introductory part (3) Where a public sector body, a natural or legal person to which the right to re-use data was granted under Chapter 2, a data sharing provider or entity entered in the register of
Amendment 725 #
The addressee of the decision
Amendment 726 #
Proposal for a regulation Article 30 – paragraph 3 – subparagraph 1 The addressee of the decision
Amendment 727 #
Proposal for a regulation Article 30 – paragraph 4 (4) If the conditions in paragraph 2, or 3 are met, the public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2,
Amendment 728 #
Proposal for a regulation Article 30 – paragraph 4 (4) If the conditions in paragraph 2, or 3 are met, the public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider or the entity entered in the register of
Amendment 729 #
Proposal for a regulation Article 30 – paragraph 5 (5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider and the entity providing data altruism shall inform the data subject or the data holder about the existence of a request of an administrative authority in a third-country to access its data before complying to the request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
Amendment 730 #
Proposal for a regulation Article 30 – paragraph 5 (5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing services provider and the entity providing
Amendment 731 #
Proposal for a regulation Article 31 – paragraph 1 Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by [date of application of the Regulation] and shall notify the Commission without delay of any subsequent amendment affecting them. For those who infringe the provisions on data altruism, Member States may impose financial sanctions.
Amendment 732 #
Proposal for a regulation Article 31 – paragraph 1 Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive. The penalties system shall be based on the recommendations from the European Data Innovation Board. Member States shall notify the Commission of those rules and measures by [date of application of the Regulation] and shall notify the Commission without delay of any subsequent amendment affecting them.
Amendment 733 #
Proposal for a regulation Article 31 – paragraph 1 Amendment 734 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 735 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 736 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 737 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 738 #
Proposal for a regulation Article 34 – paragraph 1 Entities providing the data sharing services provided in Article 9(1) on the date of entry into force of this Regulation shall comply with the obligations set out in Chapter III by [date -
Amendment 739 #
Proposal for a regulation Article 35 – paragraph 2 It shall apply from [
source: 691.468
2021/05/28
IMCO
231 amendments...
Amendment 159 #
Proposal for a regulation Recital 1 (1) The Treaty on the functioning of the European Union (‘TFEU’) provides for the establishment of an internal market and the institution of a system ensuring that competition in the internal market is not distorted. The establishment of common rules and practices in the Member States relating to the development of a framework for data governance should also contribute to the
Amendment 160 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: despite the many risks involved, data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23. In its Data Strategy24, the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of
Amendment 161 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and
Amendment 162 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council27, and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council28, Directive (EU) 2016/943 of the European Parliament and of the Council29, Regulation (EU) 2018/1807 of the European Parliament and of the Council30, Regulation (EC) No 223/2009 of the European Parliament and of the Council31, Directive 2000/31/EC of the European Parliament and of the Council32, Directive 2001/29/EC of the European Parliament and of the Council33, Directive (EU) 2019/790 of the European Parliament and of the Council34, Directive 2004/48/EC of the European Parliament and of the Council35, Directive (EU) 2019/1024 of the European Parliament and of the Council36, as well as Regulation 2018/858/EU of the European Parliament and of the Council37, Directive 2010/40/EU of the European Parliament and of the Council38 and Delegated Regulations adopted on its basis, and any other sector-specific Union
Amendment 163 #
Proposal for a regulation Recital 3 a (new) (3a) This Regulation is without prejudice to Regulation (EU) 2016/679, to Directive 2002/58/EC of the European Parliament and of the Council1 and Directive (EU) 2016/680. This Regulation does not create a new legal basis for the processing of personal data. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter should prevail. Data protection authorities may be considered competent authorities for the purpose of this Regulation. Where other organisations act as competent authorities under this Regulation, it should be without prejudice to the supervisory powers of data protection authorities under Regulation (EU)2016/679. ______________ 1Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37)
Amendment 164 #
Proposal for a regulation Recital 3 b (new) (3b) In the case of a data set composed of both personal and non-personal data, where those types of data are inextricably linked, the data set is to be considered personal data.
Amendment 165 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to create a Union-wide safe governance framework for data access and use, in particular regarding the re-use of certain types of data held by the public sector, the provision of services by data sharing providers to business users and to data subjects, as well as the collection and processing of data made available for altruistic purposes by natural and legal persons.
Amendment 166 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often not made available, not even for research or innovative activities. Due to the sensitivity of this data, certain technical and legal procedural requirements must be met before they are made available, in order to ensure the respect of rights others have over such data. Such legitimate requirements are usually time- and knowledge-intensive to fulfil. This has led to the underutilisation of such data. While some Member States are setting up structures, processes and sometimes legislate to facilitate this type of re-use, this is not the case across the Union.
Amendment 167 #
Proposal for a regulation Recital 6 (6) There are techniques enabling
Amendment 168 #
Proposal for a regulation Recital 7 (7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Commercially confidential data includes data protected by trade secrets, confidential obligations and any other information the unauthorised disclosure of which would harm legitimate commercial interests in the business. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. It does not create an obligation to allow re-use of public sector data. __________________ 40 OJ L 157, 15.6.2016, p. 1–18
Amendment 169 #
Proposal for a regulation Recital 7 (7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. It must be ensured that companies do not have direct access to protected data and that, as a consequence, anonymization cannot be carried out by them. __________________ 40 OJ L 157, 15.6.2016, p. 1–18
Amendment 170 #
Proposal for a regulation Recital 7 a (new) (7a) It highlights the importance of processing the personal data of EU citizens in the European Union if at all possible.
Amendment 171 #
Proposal for a regulation Recital 7 b (new) (7b) The development of a European industrial and technological base calls for the introduction of a European preference for local or European production in public procurement of digital data in the European Union.
Amendment 172 #
Proposal for a regulation Recital 8 a (new) (8a) Some personal data, such as health or children’s data, are by their very nature unique. The anonymisation of such data should be guaranteed and storage or analysis thereof outside the European Union should not be authorised.
Amendment 173 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. This may be the case when exclusive use of the data is the only way to maximise the societal benefits of the data in question
Amendment 174 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. This may be the case when exclusive use of the data is the only way to maximise the societal benefits of the data in question, for example where there is only one entity (which has specialised in the processing of a specific dataset) capable of delivering the service or the product which allows the public sector body to provide an advanced digital service in the general interest. Such arrangements should, however, be concluded in compliance with public procurement rules and be subject to regular review based on a market analysis in order to ascertain whether such exclusivity continues to be necessary. In addition, such arrangements should comply with the relevant State aid rules, as appropriate, and should be concluded for a limited period, which should not exceed three years. In order to ensure transparency, such exclusive agreements should be published online at least two months before their entry into force, regardless of a possible publication of an award of a public procurement contract. This Regulation should not be read as preventing data licensors to public sector bodies from concluding agreements, which limit the re-use of such licenced data, where a data license addresses the manner of delivery, maintenance and control of the data, as well as data security policies, practices and protocols, in particular where the data comprises personal or sensitive financial, technical or commercial information.
Amendment 175 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding
Amendment 176 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without
Amendment 177 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Safeguards against the de-anonymization and identification of natural persons should be provided for. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-user, on- premise or remote re-use of the data within a secure processing environment could be permitted. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could make the use of such secure processing environment
Amendment 178 #
Proposal for a regulation Recital 11 (11)
Amendment 179 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way that facilitates re-use and encourages a transparent and cooperative approach to data, including by using a Creative Commons approach to licensing to data that is not already open data.
Amendment 180 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT), and Union intellectual property rules. Public sector bodies should, however, exercise their copyright in a way that facilitates re-use.
Amendment 181 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties should
Amendment 182 #
Proposal for a regulation Recital 13 (13) Data subject to intellectual property rights as well as trade secrets should only be transmitted to a third party where such transmission is lawful by virtue of Union or national law
Amendment 183 #
Proposal for a regulation Recital 14 (14) Companies and data subjects should be able to trust that the re-use of certain categories of protected data, which are held by the public sector, will take place in a manner that respects their rights and interests. Additional safeguards should thus be put in place for situations in which the re-use of such public sector data is taking place on the basis of a processing of the data outside the public sector. Such an additional safeguard could be found in the requirement that public sector bodies should
Amendment 184 #
Proposal for a regulation Recital 14 a (new) (14a) Protected data of EU citizens or companies held by a public-sector body of a Member State may not be shared for transmission to third countries or processed outside the European Union by another Member State.
Amendment 185 #
Proposal for a regulation Recital 14 b (new) (14b) A public-sector body in a Member State may not be required to share protected data of EU citizens or companies that it holds.
Amendment 186 #
Proposal for a regulation Recital 15 (15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided.
Amendment 187 #
Proposal for a regulation Recital 15 (15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided. Such appropriate safeguards should be considered to exist when in that third- country there are equivalent measures in place which ensure that non-personal data benefits from a level of protection similar to that applicable by means of Union or national law in particular as regards the protection of trade secrets and the protection of intellectual property rights. To that end, the Commission may adopt implementing acts that declare that a third country provides a level of protection that is essentially equivalent to those provided by Union or national law. The assessment of the level of protection afforded in such third-country should, in particular, take into consideration the relevant legislation, both general and sectoral, including concerning public security, defence,
Amendment 188 #
Proposal for a regulation Recital 15 a (new) (15a) Companies which are located in third countries and which have experienced significant security breaches involving protected or personal data of European origin for which they were responsible in the 10 years prior to their request will be deemed not to offer appropriate safeguards to obtain data of European origin.
Amendment 189 #
Proposal for a regulation Recital 15 b (new) (15b) A third country which has not penalised a significant security lapse on the part of a firm processing personal or protected data of European origin will be deemed not to offer appropriate safeguards.
Amendment 190 #
Proposal for a regulation Recital 15 c (new) (15c) Third countries engaging in economic espionage against EU companies cannot be deemed to offer appropriate safeguards regarding the processing by their companies of protected data of European origin.
Amendment 191 #
Proposal for a regulation Recital 16 a (new) (16a) To ensure the proper enforcement of such obligations, the re-user located in a third country or another Member State should also authorise any inspection deemed necessary by the public-sector body which authorised re-use.
Amendment 192 #
Proposal for a regulation Recital 16 b (new) (16b) A Member State should be able to require cloud providers and digital undertakings operating in the European Union, whether located in the European Union or in a third country, to grant access to any relevant personal data linked to terrorism, even if they are stored in a third country.
Amendment 193 #
Proposal for a regulation Recital 17 Amendment 194 #
Proposal for a regulation Recital 17 (17) Some third countries adopt laws, regulations and other legal acts which aim
Amendment 195 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive by means of a specific Union act, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. Insurance companies, laboratories, databases or any other service provider should not be authorised to use highly sensitive data or data from eHealth applications for the purpose of discrimination in pricing, advertising targeting or commercial application development, as this would run counter to the fundamental right of access to health. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be transparent, proportionate, non-discriminatory and necessary to protect clearly identified legitimate public policy objectives
Amendment 196 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across
Amendment 197 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it
Amendment 198 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge cost-based fees for the re-use of data but should also be able to decide to make the data available at lower or no cost, for example for certain categories of re- uses such as non-commercial re-use, or re- use by small and medium-sized enterprises, so as to
Amendment 199 #
Proposal for a regulation Recital 21 (21) In order to
Amendment 200 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing. Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharing services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data subjects and holders and data users, excluding data sharing services that are meant to be used by a closed group of data subjects and holders and users. Providers of cloud services should be excluded, as well as service providers that obtain data from data subjects and data holders, aggregate, enrich or transform the data and licence the use of the resulting data to data users, without establishing a direct relationship between data subjects and holders and data users, for example advertisement or data brokers, data consultancies, providers of data products resulting from value added to the data by the service provider. At the same time, data sharing service providers should be allowed to make adaptations to the data exchanged, to the extent that this improves the usability of the data by the data user, where the data user desires this, such as to convert it into
Amendment 201 #
Proposal for a regulation Recital 23 (23) A specific category of data intermediaries includes providers of data sharing services that offer their services to data subjects in the sense of Regulation (EU) 2016/679. Such providers focus exclusively on personal data and seek to enhance individual agency and the individuals’ control over the data pertaining to them. They would assist individuals in exercising their rights under Regulation (EU) 2016/679, in particular managing their consent to data processing, the right of access to their own data, the right to the rectification of inaccurate personal data, the right of erasure or right ‘to be forgotten’, the right to withdraw their consent, the right to restrict processing and the data portability right, which allows data subjects to move their personal data from one controller to the other. In this context, it is important that their business model ensures that there are no misaligned incentives that encourage individuals to make more data available for processing than what is in the individuals’ own interest. This could include advising individuals on uses of their data they could allow and making due diligence checks on data users before allowing them to contact data subjects, in order to avoid fraudulent practices. In certain situations, it could be desirable to collate actual data within a personal data storage space, or ‘personal data space’ so that processing can happen within that space without personal data being transmitted to third parties in order to maximise the protection of personal data and privacy.
Amendment 202 #
Proposal for a regulation Recital 25 (25) In order to increase trust in such data sharing services, in particular related to the use of data and the compliance with the conditions imposed by data subjects and data holders, it is necessary to create a Union-level regulatory framework, which would set out highly harmonised requirements related to the trustworthy, open and non-discriminatory provision of such data sharing services. This will contribute to ensuring that data subjects, data holders and data users have better control over the access to and use of their data, in accordance with Union law. Both in situations where data sharing occurs in a business-to-business context and where it occurs in a business-to-
Amendment 203 #
Proposal for a regulation Recital 26 (26) A key element to bring trust and more control for data holder and data users in data sharing services is the neutrality of data sharing service providers as regards the data exchanged between data
Amendment 204 #
Proposal for a regulation Recital 33 (33) The competent authorities designated to monitor compliance of data sharing services with the requirements in this Regulation should be chosen on the basis of their proved capacity and expertise regarding horizontal or sectoral data sharing, and they should be independent as well as transparent and impartial in the exercise of their tasks. Member States should notify the Commission of the identity of the designated competent authorities.
Amendment 205 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of general interest. Such purposes would include healthcare, combating climate change, improving mobility, facilitating the establishment of official statistics or improving the provision of public services. Support to scientific research, including for example technological development and demonstration, fundamental research, applied research and privately funded research,
Amendment 206 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Legal persons could give permission to the processing of their non-personal data for a range of purposes not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from transparency
Amendment 207 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the
Amendment 208 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘EU-registered Data Altruism Organisation
Amendment 209 #
Proposal for a regulation Recital 37 (37) This Regulation is without prejudice to the establishment, organisation and functioning of entities that seek to engage in data altruism pursuant to national law. It builds on national law requirements to operate lawfully in a Member State as a not-for-profit organisation. Entities which meet the requirements in this Regulation should be able to use the title of ‘EU-registered Data Altruism Organisations
Amendment 210 #
Proposal for a regulation Recital 38 (38) EU-registered Data Altruism Organisations
Amendment 211 #
Proposal for a regulation Recital 39 (39) To bring additional legal certainty to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on an altruistic basis, a European data altruism consent form should be developed and used in the context of altruistic data sharing. Such a form should contribute to additional transparency for data subjects that their data will be accessed and used in accordance with their
Amendment 212 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics), standards-setting organisations, academia and civil society, as appropriate. The European Data Protection Board should be invited to appoint a representative to the European Data Innovation Board.
Amendment 213 #
Proposal for a regulation Article 1 – paragraph 1 – point a (a) conditions for the re-use, within the Union, of certain categories of non- personal data held by public sector bodies;
Amendment 214 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply. Regulation (EU) 2016/679 applies to any form of further use of data. In this respect, sensitive personal data shall not be re-used for security reasons.
Amendment 215 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts or national law regarding access to or re-
Amendment 216 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2a) Union law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC, and Regulation (EU) 2018/1725. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails. This Regulation does not create a legal basis for the processing of personal data.
Amendment 217 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2a) The re-use of employees’ personal data shall be prohibited. To this end, it must be ensured that public service data do not contain employees’ personal data, such as data about their mobility.
Amendment 218 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new) (3a) 'personal data' means personal data as defined in point (1) of Article 4 of Regulation (EU)2016/679;
Amendment 219 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 b (new) (3b) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679;
Amendment 220 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 c (new) (3c) 'data subject' means data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 221 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 d (new) (3d) 'processing’ means processing as defined in point (2) of Article 4 of Regulation (EU) 2016/679.
Amendment 222 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 Amendment 223 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data sharing’ means the provision by a data holder of data to a data user for the purpose of joint or individual use of the shared data, based on voluntary agreements, or the sharing of data by a data subject, based on their consent, directly or through an intermediary;
Amendment 224 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means
Amendment 225 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking a reward, for purposes of general interest, in accordance with the Union treaties and national legislation, such as scientific research purposes or improving public services;
Amendment 226 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner that respects data subjects’ rights under Regulation (EU) 2016/679 as well as commercial and statistical confidentiality, that ensures compliance with applicable legislation, or that allows for the operator of the secure processing environment to determine and supervise all data processing actions, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms.
Amendment 227 #
Proposal for a regulation Article 3 – paragraph 2 – point e a (new) (ea) data processed in the context of employment;
Amendment 228 #
Proposal for a regulation Article 3 – paragraph 2 – point e a (new) (ea) personal health data;
Amendment 229 #
Proposal for a regulation Article 3 – paragraph 2 a (new) (2a) The Commission shall ensure that this Regulation does not undermine the provisions of the General Data Protection Regulation.
Amendment 230 #
Proposal for a regulation Article 3 – paragraph 3 a (new) (3a) Where anonymisation, aggregation, or other techniques can be applied so that the protections under paragraph 1 no longer apply, public sector bodies shall make available the data for re-use as mandated by Directive (EU) 2019/1024, without prejudice to Article 5.
Amendment 231 #
Proposal for a regulation Article 4 – paragraph 1 (1) Agreements or other practices pertaining to the re-use of data held by public sector bodies containing categories of data referred to in Article 3 (1) which grant exclusive rights or which have as their object or effect to grant such exclusive rights or to restrict the availability of data for re-use by entities other than the parties to such agreements or other practices shall be prohibited. Agreements or other practices, which restrict the re-use of data which has been licensed or otherwise provided to a public sector body by a commercial data holder, are not subject to this Article.
Amendment 232 #
Proposal for a regulation Article 4 – paragraph 1 a (new) (1a) In order to foster the development of local and European data market players in a sector monopolised by global giants, a public-sector body may require a company that has exceeded the thresholds laid down in the forthcoming legislation on digital services and digital markets to outsource at least 51% of the jobs concerned to a local company as a condition of access to its public data.
Amendment 233 #
Proposal for a regulation Article 4 – paragraph 2 (2) By way of derogation from paragraph 1, an exclusive right to re-use data referred to in that paragraph may be granted to the extent necessary for the provision of a service or a product in the general interest, defined and justified why it is of general interest.
Amendment 234 #
Proposal for a regulation Article 4 – paragraph 3 (3) Such exclusive right shall be granted in the context of a relevant service or concession contract in compliance with applicable Union and national public procurement and concession award rules, or, in the case of a contract of a value for which neither Union nor national public procurement and concession award rules are applicable, in compliance with the principles of transparency, equal treatment and non-discrimination on grounds of nationality
Amendment 235 #
Proposal for a regulation Article 4 – paragraph 4 (4) In all cases not covered by paragraph 3 and where the general interest purpose cannot be fulfilled without granting an exclusive right, the principles of transparency, equal treatment and non- discrimination on grounds of nationality shall apply vis-à-vis any European Union company. A company which does not process public data in the European Union and takes advantage of tax havens may not request access to the public data of a Member State.
Amendment 236 #
Proposal for a regulation Article 4 – paragraph 4 a (new) (4a) A company which does not process public data in the European Union and takes advantage of tax havens may not require a Member State or a European Union body to grant it access to public data.
Amendment 237 #
Proposal for a regulation Article 4 – paragraph 4 b (new) (4b) The contracting authority may, in particular, invite the domestic operators who submit the highest bids to fall into line with the price offered by the foreign tenderer (and, if the first domestic operator refuses, it may turn to the second and then the third domestic operator in the ranking of tenderers), thereby creating an incentive for the operator wishing to win the contract to adjust its price.
Amendment 238 #
Proposal for a regulation Article 4 – paragraph 5 (5) The period of exclusivity of the right to re-use data shall not exceed t
Amendment 239 #
Proposal for a regulation Article 4 – paragraph 7 (7) Agreements or other practices falling within the scope of the prohibition in paragraph 1, which do not meet the conditions set out in paragraph 2, and which were concluded before the date of entry into force of this Regulation shall be terminated at the end of the contract and in any event at the latest within t
Amendment 240 #
Proposal for a regulation Article 5 – paragraph 1 (1) Public sector bodies which are competent under national law to grant or refuse justified access for the re-use of one or more of the categories of data referred to in Article 3 (1) shall make publicly available the conditions for allowing such re-use. In that task, they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 241 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. Consent shall be given specifically for the intended re-use task only, general consent shall not be requested in advance. These conditions shall not be used to restrict competition.
Amendment 242 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be based on consent by the rights holder, non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition.
Amendment 243 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be lawful, clearly indicated, non-
Amendment 244 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 245 #
Proposal for a regulation Article 5 – paragraph 3 (3)
Amendment 246 #
Proposal for a regulation Article 5 – paragraph 3 a (new) (4) Public sector bodies
Amendment 248 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4) Public sector bodies may impose
Amendment 249 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data remotely within a secure processing environment provided and controlled by the public sector ;
Amendment 250 #
Proposal for a regulation Article 5 – paragraph 4 – point b (b) to access and re-use the data within the physical premises in which the secure processing environment is located, i
Amendment 251 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used in line with the latest technical cybersecurity standards. The public sector body shall be able to verify any results of processing of data undertaken by the re-
Amendment 252 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify the means and any results of processing of data undertaken by the re-
Amendment 253 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5a) Public sector bodies shall apply technical means to prevent re-users from identifying any data subject and shall require re-users to continuously assess the risk of identification and de- anonymisation, and to report to the public sector body concerned, in particular where any data breach has resulted in identification of an individual, breaches of the confidentiality, the integrity, or the security of the data have occurred, notwithstanding any reporting obligations under Union law.
Amendment 254 #
Proposal for a regulation Article 5 – paragraph 5 a (new) Amendment 255 #
Proposal for a regulation Article 5 – paragraph 5 b (new) (5b) In the case of anonymised data, public sector bodies shall make a data protection impact assessment prior to granting access to the data. Where it can be reasonably assumed that, or where an impact assessment indicates that the processing or subsequent combination of data could lead to identification or de- anonymisation, the public sector body shall not allow access to, or re-use of the data.
Amendment 256 #
Proposal for a regulation Article 5 – paragraph 6 Amendment 257 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of personal data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation
Amendment 258 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs
Amendment 259 #
Proposal for a regulation Article 5 – paragraph 6 a (new) (6a) Where public sector bodies make personal data available for re-use pursuant to this Article, they shall inform data subjects accordingly of this re-use and of their rights. The public sector body shall support data subjects in exercising their rights, including in relation to any re-users. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 260 #
Proposal for a regulation Article 5 – paragraph 9 – introductory part (9)
Amendment 261 #
Proposal for a regulation Article 5 – paragraph 9 – introductory part (9) The Commission may adopt implementing acts declaring that the legal, supervisory and enforcement arrangements of a third country without prejudice to Article 45 of Regulation (EU) 2016/679:
Amendment 262 #
Proposal for a regulation Article 5 – paragraph 10 – point b a (new) (ba) To establish an office in the Member State in which the data was generated in order to be accessible for redress by the data holder;
Amendment 263 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for the purposes of this Article,
Amendment 264 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the transfer of data to that third country. Data should be treated as personal if there is a foreseeable risk that the re-user may be re-identified.
Amendment 265 #
Proposal for a regulation Article 6 – paragraph 1 (1) Public sector bodies which allow re-use of the categories of data referred to in Article 3 (1) may charge cost-based fees for allowing the re-use of such data.
Amendment 266 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall not restrict competition, cover the costs of monitoring and enforcement. They shall not create incentives to sell or lower the protection of sensitive data.
Amendment 267 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall not restrict competition or inhibit use of data for the general interest.
Amendment 268 #
Proposal for a regulation Article 6 – paragraph 2 a (new) (2a) Any fees shall be reasonable, proportionate and shall not exceed marginal costs in line with Directive (EU) 2019/1024.
Amendment 269 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to
Amendment 270 #
Proposal for a regulation Article 6 – paragraph 4 a (new) (4a) Public-sector bodies may set thresholds in the calculation in order to foster re-use of data and innovation while securing a greater contribution from global digital actors.
Amendment 271 #
Proposal for a regulation Article 6 – paragraph 5 (5) Fees shall be derived from the costs related to the production of the data, to the processing of requests for re-
Amendment 272 #
Proposal for a regulation Article 6 – paragraph 5 a (new) (5a) The Member State may use the cost of producing the data to establish a fair fee to offset the initial or recurrent public investment. The European Union shall use the fees to cover the sums it has invested to produce these data.
Amendment 273 #
Proposal for a regulation Article 6 – paragraph 5 b (new) (5b) In making the calculation, the Member State may take account of the way the data are used and the company’s tax contribution in order to reduce the fee.
Amendment 274 #
Proposal for a regulation Article 7 – paragraph 1 (1) In order to carry out the tasks listed in this article, Member States shall designate one or more competent bodies, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task.
Amendment 275 #
Proposal for a regulation Article 7 – paragraph 2 – point a (a) providing technical support
Amendment 276 #
Proposal for a regulation Article 7 – paragraph 2 – point c (c) assisting the public sector bodies
Amendment 277 #
Proposal for a regulation Article 7 – paragraph 4 (4) The competent body or bodies shall have adequate human resources as well as legal and technical
Amendment 278 #
Proposal for a regulation Article 7 – paragraph 4 (4) The competent body or bodies shall have adequate legal and technical capacities and expertise to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3 (1). The competent body or bodies should be equipped with the necessary human and financial resources to carry out their duties in effective and efficient way.
Amendment 279 #
Proposal for a regulation Article 7 – paragraph 5 (5) The Member States shall communicate to the Commission the identity of the competent bodies designated
Amendment 280 #
Proposal for a regulation Article 8 – paragraph 2 a (new) (2a) The single information point may develop additional services regarding data access and data sharing, including information on data re-use requests under Directive (EU) 2019/1024.
Amendment 281 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3 (1) shall be granted or refused by the competent public sector bodies or the competent bodies referred to in Article 7 (1)
Amendment 282 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3 (1) shall be granted or refused by the competent public sector bodies or the competent bodies referred to in Article 7 (1) within a reasonable time, and in any case within t
Amendment 283 #
Proposal for a regulation Article 9 – paragraph 1 – point a (a) intermediation services whose sole purpose is to facilitate data sharing between data holders which are legal persons and potential data users, including making available the technical or other means to enable such services; those services may include bilateral or multilateral exchanges of data or the creation of platforms or databases enabling the exchange or joint
Amendment 284 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679. The data sharing services shall not themselves process the personal data, but shall only allow data subjects to give consent to specific data users to allow the processing of personal data pertaining to them for specific purposes;
Amendment 285 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c)
Amendment 286 #
Proposal for a regulation Article 9 – paragraph 2 (2) This
Amendment 287 #
Proposal for a regulation Article 9 – paragraph 2 a (new) (2a) The Commission shall develop a mandatory certification system for data intermediaries in order to limit the risks associated with the central role of data intermediaries and thus increase trust in these organisations and their activities.
Amendment 288 #
Proposal for a regulation Article 10 – paragraph 1 (1) Any provider of data sharing services who intends to provide the services referred to in Article 9 (1) shall submit a notification to the competent authority referred to in Article 12 at least ten days prior to starting its activity.
Amendment 289 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered and shall be required to house EU citizens’ data on EU territory. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established.
Amendment 290 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established. The representative shall be mandated by the provider of data sharing services to be addressed in addition to or instead of it by, in particular, competent authorities and data subjects and data holders, on all issues related to the service, for the purposes of ensuring compliance with this Regulation. The designation of a representative by the provider of data sharing services shall be without prejudice to legal actions which could be initiated against the provider of data sharing services themselves.
Amendment 291 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered. The provider shall be deemed to be under the jurisdiction of the Member State in which
Amendment 292 #
Proposal for a regulation Article 10 – paragraph 6 – point d (d) a website where clear, complete and up-to-date information on the provider and the activities can be found
Amendment 293 #
Proposal for a regulation Article 10 – paragraph 6 – point d (d) a public website where information on the provider and
Amendment 294 #
Proposal for a regulation Article 10 – paragraph 6 – point f (f) a description of the service the provider intends to provide including by specifying which types of services referred in Article 9(1) of this Regulation are provided;
Amendment 295 #
Proposal for a regulation Article 10 – paragraph 6 – point g (g) the
Amendment 296 #
Proposal for a regulation Article 10 – paragraph 6 – point h a (new) (ha) the place of data processing and the number of jobs to be created in the European Union;
Amendment 297 #
Proposal for a regulation Article 10 – paragraph 6 – point h b (new) (hb) the turnover and taxes paid in the Member State in the previous year, except in the case of an SME.
Amendment 298 #
Proposal for a regulation Article 10 – paragraph 7 (7) At the request of the provider, the competent authority shall, within a maximum of one week, issue a standardised declaration, confirming that the provider has submitted the notification referred to in paragraph 4.
Amendment 299 #
Proposal for a regulation Article 10 – paragraph 7 (7) At the request of the provider, the competent authority shall, within
Amendment 300 #
Proposal for a regulation Article 10 – paragraph 10 Amendment 301 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the
Amendment 302 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 (3) the provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for
Amendment 303 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4a) Data intermediaries should take reasonable measures to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
Amendment 304 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the provider shall have procedures in place to detect, mitigate and prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services;
Amendment 305 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to their data and transfer of their data in case of insolvency;
Amendment 306 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to and delete their data
Amendment 307 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 a (new) (6a) the provider shall take reasonable measures to ensure interoperability with other data sharing services by means of commonly used, formal or informal, open standards in the sector in which the data sharing service providers operate;
Amendment 308 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the
Amendment 309 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 (9) the provider shall have procedures in place to ensure compliance with the Union and national rules on competition and consumer protection;
Amendment 310 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 a (new) (9a) the provider shall have procedures in place to ensure compliance with the Union and national rules on the protection of personal data, including procedures for ensuring the exercise of data subjects’ rights. In particular, the provider shall provide the data subject with easily accessible tools allowing them a comprehensive view of how and for which specific purpose their personal data are shared by the provider;
Amendment 311 #
Proposal for a regulation Article 11 – paragraph 1 – point 10 (10) the provider offering services to data subjects shall act in the data subjects’ best interest when facilitating the exercise
Amendment 312 #
Proposal for a regulation Article 11 – paragraph 1 – point 10 (10) the provider offering services to data subjects shall act in the data subjects’ best interest when facilitating the exercise of their rights, in particular by advising data subjects on potential data uses and standard terms and conditions attached to such uses and how consent and permissions can be withdrawn;
Amendment 313 #
Proposal for a regulation Article 12 – paragraph 1 (1) Each Member State shall designate in its territory
Amendment 314 #
Proposal for a regulation Article 12 – paragraph 3 (3) The powers of the designated competent authorities
Amendment 315 #
Proposal for a regulation Article 12 – paragraph 3 (3) The
Amendment 316 #
Proposal for a regulation Article 13 – paragraph 3 (3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10 or 11, it shall notify that provider of those findings and give it the opportunity to state its views, within
Amendment 317 #
Proposal for a regulation Article 13 – paragraph 4 – introductory part (4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3 either immediately or within
Amendment 318 #
Proposal for a regulation Article 13 – paragraph 4 – point a a (new) (aa) impose a state compensation obligation on the entity re-using the data in the event of a breach of data anonymity.
Amendment 319 #
Proposal for a regulation Article 13 – paragraph 4 – point b a (new) (ba) exclude the provider from access to new public data in that Member State for a specified period of time.
Amendment 320 #
Proposal for a regulation Article 14 a (new) Amendment 321 #
Proposal for a regulation Article 15 – paragraph 1 (1) Each competent authority designated pursuant to Article 20 shall keep a register of recognised data altruism organisations. That register shall be accessible to the public.
Amendment 322 #
Proposal for a regulation Article 15 – paragraph 1 (1) Each competent authority designated pursuant to Article 20 shall keep a public register of recognised data altruism organisations.
Amendment 323 #
Proposal for a regulation Article 15 – paragraph 1 a (new) (1a) Registration as a recognised data altruism organisation should be a precondition for exercising data altruism activities. The Commission should encourage and facilitate the development of self-regulatory codes of conduct at Union level, involving relevant stakeholders. The European Data Innovation Board shall advise and assist in developing and preserving a consistent practice throughout the Union in this regard.
Amendment 324 #
Proposal for a regulation Article 15 – paragraph 2 (2) The Commission shall maintain a Union register of recognised data altruism organisations. The Union register shall be accessible to the public.
Amendment 325 #
Proposal for a regulation Article 15 – paragraph 3 (3) An entity registered in the register in accordance with Article 16 may refer to itself as an ‘EU-registered data altruism organisation
Amendment 326 #
Proposal for a regulation Article 16 – paragraph 1 – point a (a) be a legal entity constituted to meet objectives of general interest, in line with Union treaties and national law;
Amendment 327 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and be fully independent
Amendment 328 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and be independent from any entity involved in the collection, processing or storage of data that operates on a for-profit basis;
Amendment 329 #
Proposal for a regulation Article 16 – paragraph 1 – point b a (new) (ba) provide supervisory mechanisms, such as ethics boards or councils, to ensure that the data controller maintains high standards of scientific ethics;
Amendment 330 #
Proposal for a regulation Article 16 – paragraph 1 – point b b (new) (bb) provide effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679;
Amendment 331 #
Proposal for a regulation Article 16 – paragraph 1 – point b c (new) (bc) provide the means to keep data subjects informed of the use of the data they have made available;
Amendment 332 #
Proposal for a regulation Article 16 – paragraph 1 – point c (c) perform the activities related to data altruism
Amendment 333 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) ensures technical and organisational requirements for the application of data protection standards and the exercise of data subjects' rights, including the right to transfer data;
Amendment 334 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) have adequate technical, legal and organisational measures in place to prevent transfer or access to non-personal data which does not comply with Union law;
Amendment 335 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) demonstrate professional expertise in processing data activities in compliance with relevant Union and national legislation;
Amendment 336 #
Proposal for a regulation Article 16 – paragraph 1 – point c b (new) (cb) fulfil technical and operational requirements enabling the effective application of data protection standards and the exercise of data subjects’ rights pursuant to Article 16 of the Regulation (EU) 2016/679;
Amendment 337 #
Proposal for a regulation Article 16 – paragraph 1 – point c c (new) (cc) data altruism organisations shall act in the data subjects’ best interest when facilitating the exercise of their rights, in particular by advising data subjects on potential risks, potential data uses and standard terms and conditions attached to such uses
Amendment 338 #
Proposal for a regulation Article 17 – paragraph 4 – point d (d) the entity’s
Amendment 339 #
Proposal for a regulation Article 17 – paragraph 4 – point d (d) the entity’s
Amendment 340 #
Proposal for a regulation Article 17 – paragraph 4 – point f (f) a website where information on the entity and the activities can be found including, as a minimum, the information referred to in points (a), (b), (d), (e), (g) and (h) of this paragraph;
Amendment 341 #
Proposal for a regulation Article 17 – paragraph 4 – point h (h) the purposes of general interest it intends to promote
Amendment 342 #
Proposal for a regulation Article 17 – paragraph 4 – point h a (new) (ha) the nature of data to be controlled, processed, or re-used by the provider, and, in the case of personal data, an indication of the categories of personal data, and the categories of recipients of personal data;
Amendment 343 #
Proposal for a regulation Article 17 – paragraph 7 (7) Any entity entered in the register of recognised data altruism organisations shall submit any changes of the information provided pursuant to paragraph 4 to the competent authority within 14 calendar days from the day on which the change takes place. The competent authority which updated the register shall inform the Commission of the modifications made.
Amendment 344 #
Proposal for a regulation Article 17 – paragraph 7 a (new) (7a) Where the information provided in the application indicates that sensitive data categories could be controlled, processed, or re-used, the Data Altruism Organisation shall conduct a data protection impact assessment pursuant to Article 35, and, where applicable Article 36, of Regulation(EU) 2016/679.
Amendment 345 #
Proposal for a regulation Article 18 – paragraph 1 – introductory part (1) Any entity entered in the national register of recognised data altruism organisations shall keep full, comprehensible and accurate records concerning:
Amendment 346 #
Proposal for a regulation Article 18 – paragraph 1 – point a (a) all natural or legal persons that were given the possibility to process data held by that entity
Amendment 347 #
Proposal for a regulation Article 18 – paragraph 2 – point c (c) a list of all natural and legal persons that were allowed to use data it holds, including a
Amendment 348 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1)
Amendment 349 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of recognised data altruism organisations shall inform data holders prior any processing of their data:
Amendment 350 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of general interest for which
Amendment 351 #
Proposal for a regulation Article 19 – paragraph 1 – point a a (new) (aa) about the rights that the data subject can apply with regard to the processing of its personal data;
Amendment 352 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing outside the Union
Amendment 353 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about by whom and where any processing outside the Union is envisaged.
Amendment 354 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing and ensure that misleading marketing practices are not used to solicit donations of data.
Amendment 355 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. Safeguards shall be provided to ensure that misleading marketing practices are not used to solicit donations of data. Sanctions shall be provided when acting against the general public interest.
Amendment 356 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2a) The entity shall ensure that the data is not used for advertising purposes.
Amendment 357 #
Proposal for a regulation Article 21 – paragraph 3 (3) Where the competent authority finds that an entity does not comply with one or more of the requirements of this Chapter it shall notify the entity of those findings and give it the opportunity to state its views, within
Amendment 358 #
Proposal for a regulation Article 21 – paragraph 5 – point a (a) lose its right to refer to itself as an ‘EU-registered data altruism organisation
Amendment 359 #
Proposal for a regulation Article 22 – title European data altruism consent
Amendment 360 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on data altruism, the Commission may adopt implementing acts developing a European data altruism consent
Amendment 361 #
Proposal for a regulation Article 22 – paragraph 2 (2) The European data altruism consent
Amendment 362 #
Proposal for a regulation Article 22 – paragraph 3 (3) Where personal data are provided, the European data altruism consent
Amendment 363 #
Proposal for a regulation Article 22 – paragraph 4 (4) The
Amendment 364 #
Proposal for a regulation Article 22 – paragraph 4 (4) The form shall be available in all the official languages of the EU in a manner that can be printed on paper and read by humans as well as in an electronic, machine-readable form.
Amendment 365 #
Proposal for a regulation Article 23 – paragraph 3 (3) The top-management and the personnel responsible for carrying out the relevant tasks of the competent authority provided for in this Regulation cannot be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of the services which they evaluate, nor the authorised representative of any of those parties or represent them or have represented them for the last two years. This shall not preclude the use of evaluated services that are necessary for the operations of the competent authority or the use of such services for personal purposes.
Amendment 366 #
Proposal for a regulation Article 23 – paragraph 6 a (new) (6a) Member States shall regularly report to the Commission and the European Data Innovation Board on the activities that competent authorities carry pursuant to this Regulation. The Commission and the Board shall be informed, in particular, about the financial and human resources allocated to the activities pursuant to this Regulation.
Amendment 367 #
Proposal for a regulation Article 24 – paragraph 2 (2) The authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken, and shall inform the complainant of the right to an effective judicial remedy provided for in
Amendment 368 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group
Amendment 369 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission,
Amendment 370 #
Proposal for a regulation Article 26 – paragraph 1 – point a (new) (a) representatives of: (i) competent authorities of all the Member States; (ii) the European Data Protection Board; (iii) the Commission; (iv) European Union Agency for Cybersecurity; (v) relevant data spaces; (vi) other representatives of competent authorities in specific sectors; (b) experts representing relevant private stakeholders and business sectors, representing relevant industries, and persons with data related expertise; (c) experts appointed in a personal capacity, who have proven knowledge and experience in the areas covered by this Regulation.
Amendment 371 #
Proposal for a regulation Article 26 – paragraph 2 Amendment 372 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties, in particular, groups representing citizens' rights, may be invited to attend meetings of the Board and to participate in its work.
Amendment 373 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties including industry and civil society organisations may be invited to attend meetings of the Board and to participate in its work.
Amendment 374 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties may be invited to attend meetings of the Board and
Amendment 375 #
Proposal for a regulation Article 26 – paragraph 4 a (new) (4a) The Board shall carry out its tasks in accordance with the principle of transparency. The Commission shall publish the minutes of the meetings of the Board and other relevant documents on the Commission website.
Amendment 376 #
Proposal for a regulation Article 27 – paragraph 1 – point b a (new) (ba) to advise and assist the Commission in developing consistent guidelines for cybersecurity requirements for the exchange and storage of data; in this regard to aim to consistently keep the latest technical standards in cybersecurity;
Amendment 377 #
Proposal for a regulation Article 27 – paragraph 1 – point c (c) to advise the Commission on the prioritisation of cross-sector standards to be used and developed for data use and cross-sector data sharing, cross-sectoral comparison and exchange of best practices with regards to sectoral requirements for security, access procedures, while taking into account sector-specific standardisations activities; it should also assist the Commission in setting technical guidelines for anonymization;
Amendment 378 #
Proposal for a regulation Article 27 – paragraph 1 – point d (d) to advise and assist the Commission in enhancing the interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards; to do its utmost to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
Amendment 379 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities under this Regulation through capacity- building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for data sharing service providers and the registration and monitoring of recognised data altruism organisations; to advise and assist in developing and preserving a consistent practice in relation to the code of conduct of data altruism organisations throughout the Union.
Amendment 380 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (ea) report annually the percentage of data shared in accordance with this Regulation which are processed inside and outside the European Union; report on job creation in the data-processing sector by Member State.
Amendment 381 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (ea) to facilitate cooperation between Member States in relation to the rules on penalties laid down by the Member States pursuant to Article 31 and to issue recommendations as regards the harmonisation of those penalties across the Union.
Amendment 382 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (ea) to provide expertise, recommendations and advise to the Commission on the possible need to amend this or other related regulations, such as Directive (EU) 2019/1024;
Amendment 383 #
Proposal for a regulation Article 27 – paragraph 1 – point e b (new) (eb) By [PO: insert date 5 years after date of entry into force of this Regulation] the Commission after consultation with the Board shall carry out review of the Board activities, summarising its most important actions, provided added value, issued recommendations and overall contributions to the development of the European Data Market. The conclusions shall be submitted as a report to the European Parliament and the Council.
Amendment 384 #
Proposal for a regulation Article 27 – paragraph 1 a (new) The Board shall develop recommendations to ensure the consistency between the practices of the competent authorities and shall draft opinions on the status of the application of the Regulation in Member States. If inconsistent practices that could lead to fragmentation of the Single Market have been identified, the Board shall draft decisions for the Commission to adopt. Such decisions may require Member States to take all necessary measures to ensure consistency of practices and prevent market fragmentation.
Amendment 385 #
Proposal for a regulation Article 30 – paragraph 2 (2)
Amendment 386 #
Proposal for a regulation Article 30 – paragraph 2 a (new) (2a) Deplores the fact that the Commission does not provide for any specific protection of Europeans with critical economic responsibilities against third-country laws such as the US Cloud Act; that legislation enables third-country law enforcement authorities to access data in the context of criminal investigations which may be prompted by economic competition considerations; as in the Alstom case, the strategic impact of such cases may be significant for European companies;
Amendment 387 #
Proposal for a regulation Article 30 – paragraph 3 Amendment 388 #
Proposal for a regulation Article 30 – paragraph 3 – point a (a) where the third-country system requires the reasons and proportionality of the decision to be set out, and it requires the court order or the decision, as the case may be, to be specific in character, for instance by establishing a sufficient link to certain suspected persons
Amendment 389 #
Proposal for a regulation Article 30 – paragraph 3 – point b (b) the reasoned objection of the addressee is subject to a review by a competent court in
Amendment 390 #
Proposal for a regulation Article 32 – paragraph 1 By [four years after the data of application of this Regulation], the Commission shall carry out an evaluation of this Regulation, and submit a report on its main findings to
source: 692.940
2021/06/07
LIBE
222 amendments...
Amendment 160 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation
Amendment 161 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to
Amendment 162 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data
Amendment 163 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges and laying down requirements for data governance. Sector-
Amendment 164 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Directive 2004/48/EC of the European Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the European Parliament and of the Council (37 ), Directive 2010/40/EU of the European
Amendment 165 #
Proposal for a regulation Recital 3 a (new) (3 a) This Regulation is without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council and to Directives 2002/58/EC and (EU) 2016/680 of the European Parliament and of the Council. This Regulation should in particular not be read as creating a new legal basis for the processing of personal data for any of the regulated activities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter should prevail. It should be possible to consider data protection authorities competent authorities for the purpose of this Regulation. Where other entities act as competent authorities under this Regulation, it should be without prejudice to the supervisory powers of data protection authorities under Regulation(EU) 2016/679.
Amendment 166 #
Proposal for a regulation Recital 3 b (new) (3 b) In the case of a data set composed of both personal and non-personal data, where these data are inextricably linked, the data set should be considered personal data.
Amendment 167 #
Proposal for a regulation Recital 4 (4) Action at Union level
Amendment 168 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to foster trust in data sharing, address the barriers to a well-
Amendment 169 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often not made available, not even for research or
Amendment 170 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces or holds easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data
Amendment 171 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often not made available, not even for research or innovati
Amendment 172 #
Proposal for a regulation Recital 6 (6) There are techniques enabling
Amendment 173 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches
Amendment 174 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation,
Amendment 175 #
Proposal for a regulation Recital 6 a (new) (6 a) Full anonymisation of data is highly complicated and often impossible, which means that such safeguards do not lift the need for the application of robust data security rules and other obligations under Regulation (EU) 2016/679.
Amendment 176 #
Proposal for a regulation Recital 7 (7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/94340
Amendment 177 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of
Amendment 178 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data provided in Union or national law, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate
Amendment 179 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified
Amendment 180 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate
Amendment 181 #
Proposal for a regulation Recital 11 a (new) (11 a) The de-anonymisation of datasets should be prohibited unless where data subjects have given their consent, or another legal basis permits it. This should be without prejudice to the possibility to conduct research into anonymisation techniques, in particular where finding possible weaknesses in existing anonymisation techniques could lead to the overall strengthening of anonymisation, while duly respecting the fundamental right to the protection of personal data.
Amendment 182 #
Proposal for a regulation Recital 15 (15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided. Such appropriate safeguards should be considered to exist when in that third- country there are equivalent measures in place which ensure that non-personal data benefits from a level of protection similar to that applicable by means of Union or national law in particular as regards the protection of trade secrets and the protection of intellectual property rights. To that end, the Commission may adopt implementing acts that declare that a third country provides a level of protection that is essentially equivalent to those provided by Union or national law. The assessment of the level of protection afforded in such third-country should, in particular, take into consideration the relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law concerning the access to and protection of non-personal data, any access by the public authorities of that third country to the data
Amendment 183 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisations should take all reasonable measures to
Amendment 184 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of
Amendment 185 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it
Amendment 186 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use of data
Amendment 187 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies.
Amendment 188 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including
Amendment 189 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include
Amendment 190 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy ,
Amendment 191 #
Proposal for a regulation Recital 22 (22)
Amendment 192 #
Proposal for a regulation Recital 23 (23) A specific category of data intermediaries includes providers of data sharing services that offer their services to data subjects in the sense of Regulation (EU) 2016/679. Such providers
Amendment 193 #
Proposal for a regulation Recital 24 (24) Data cooperatives
Amendment 194 #
Proposal for a regulation Recital 24 a (new) (24 a) Among others, data coalitions could ensure that marginalised communities’ data protects them from disease, instead of exposing them to predictive policing and that every citizen gets a fair share of the value they create in the digital economy.
Amendment 195 #
Proposal for a regulation Recital 26 (26) A key element to bring trust and more control for data holder and data users in data
Amendment 196 #
(27) In order to ensure the compliance of
Amendment 197 #
Proposal for a regulation Recital 28 (28) This Regulation should be without prejudice to the obligation of providers of data sharing services to comply with Regulation (EU) 2016/679 and the responsibility of supervisory authorities to ensure compliance with that Regulation. When providers of data intermediation services process personal data, this Regulation does not affect the protection of personal data. Where the data sharing service providers are data controllers or processors in the sense of Regulation (EU) 2016/679 they are bound by the rules of that Regulation. This Regulation should be also without prejudice to the application of competition law.
Amendment 198 #
Proposal for a regulation Recital 28 (28) This Regulation should be without prejudice to the obligation of providers of data sharing services to comply with Regulation (EU) 2016/679 and the responsibility of supervisory authorities to ensure compliance with that Regulation.
Amendment 199 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of general interest. Such purposes would include healthcare, combating climate change, improving mobility, improving education, facilitating the establishment of official statistics or improving the provision of public services. Support to scientific research, including for example technological development and demonstration, fundamental research, applied research and privately funded research, should also be considered
Amendment 200 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States.
Amendment 201 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Legal persons could give permission to the processing of their non-personal data for a range of purposes not defined at the moment of giving the permission. The
Amendment 202 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the
Amendment 203 #
Proposal for a regulation Recital 38 (38) Data Altruism Organisations recognised in the Union should be able to collect relevant data directly from natural and legal persons or to process data collected by others under an appropriate legal basis established under Regulation (EU) 2016/679. Where they are processing personal data or data controllers or processors in the meaning of Regulation (EU) 2016/679, they are bound by the rules of that Regulation. Typically, data altruism would rely on consent of data subjects in the sense of Article 6(1)(a) and 9(2)(a) and in compliance with requirements for lawful consent in accordance with Article 7 of Regulation (EU) 2016/679. In accordance with Regulation (EU) 2016/679, scientific research purposes can be supported by consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research or only to certain areas of research or parts of research projects. Article 5(1)(b) of Regulation (EU) 2016/679 specifies that further processing for scientific or historical research purposes or statistical purposes should, in accordance with Article 89(1) of Regulation (EU) 2016/679, not be considered to be incompatible with the initial purposes.
Amendment 204 #
Proposal for a regulation Recital 38 (38) Data Altruism Organisations
Amendment 205 #
Proposal for a regulation Recital 39 (39) To bring additional legal certainty to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on an altruistic basis, a European data altruism consent form should be developed and used in the context of altruistic data sharing. Such a form should contribute to additional transparency for data subjects that their data will be accessed and used in accordance with their consent and also in full compliance with
Amendment 206 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics). The European Data Protection Board
Amendment 207 #
Proposal for a regulation Article 1 – paragraph 1 – point b (b) a notification and supervisory framework for the provision of data
Amendment 208 #
Proposal for a regulation Article 1 – paragraph 1 – point c (c) a framework for
Amendment 209 #
(2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply. Any additional requirements shall be non-discriminatory, proportionate and objectively justified
Amendment 210 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) Union and national law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC and Regulation (EU)2018/1725, including the competences and powers of supervisory authorities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails. This Regulation does not create a legal basis for the processing of personal data.
Amendment 211 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) This Regulation is without prejudice to Union and national law as regards the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and the Council(52a) and Directive 2002/58/EC of the European Commission and the Council (53a) and the corresponding provisions in national law. This Regulation does not create a legal basis for the processing of personal data. In the case of conflict between the provisions of this Regulation and Union law on the protection of personal data the latter shall prevail. _________________ 52aRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) 53aDirective 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).
Amendment 212 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) Union law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC, and Regulation (EU) 2018/1725, including the competences and powers of supervisory authorities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter shall prevail. This Regulation does not create a legal basis for the processing of personal data.
Amendment 213 #
Proposal for a regulation Article 1 – paragraph 2 a (new) Amendment 214 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) This Regulation does not create a legal basis for the processing of personal data and should be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC of the European Parliament and of the Council1a, including the powers of supervisory authorities. In the event of a conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails.
Amendment 215 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2 a) Union law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails.
Amendment 216 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) Amendment 217 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) 'personal data' means personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 218 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) ‘personal data’ means data as defined in point (1) ofArticle 4 of Regulation (EU) 2016/679;
Amendment 219 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 b (new) Amendment 220 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 b (new) (2 b) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679, and subject to the conditions set out in Article 7 and Article 8 of that Regulation;
Amendment 221 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 c (new) (2 c) ‘personal data’ means any information relating to a data subject as defined in point (1) of Article 4 of Regulation(EU) 2016/679;
Amendment 222 #
(2 c) 'data subject' means data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 223 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 d (new) (2 d) ‘processing’ means processing as defined in point (2) of Article 4 of Regulation (EU) 2016/679;
Amendment 224 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new) (3 a) 'data subject' means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Amendment 225 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new) (3 a) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679;
Amendment 226 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 b (new) (3 b) 'data subject' means an identified or identifiable natural person as referred to in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 227 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 Amendment 228 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 Amendment 229 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 a (new) (4 a) ‘data subject’ means a natural person as referred in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 230 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 (5) ‘data holder’ means a legal person
Amendment 231 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 (6) ‘data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and
Amendment 232 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 (6) ‘data user’ means a natural or legal person who has lawful access to certain
Amendment 233 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 a (new) (6 a) ‘consent’ means agreement to data processing as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 234 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 a (new) (6 a) 'data re-user' means a natural or legal person who re-uses data;
Amendment 235 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7)
Amendment 236 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7 a) ‘data sharing intermediation service’ - means a commercial service, which, through the provision of technical, legal and other means establishes relationships between an undefined number of data subjects and data holders, on the one hand and data users on the other hand, for the purpose of data sharing as well as the exercise of data subjects' rights. The following shall, inter alia, not be considered to be data intermediation services for the purposes of this Regulation: (a) services that obtain data from data holders, aggregate, enrich or transform the data and license the use of the resulting data to data users, without establishing a direct relationship between data holders and data users; (b) cloud infrastructure services; (c) services that focus on the intermediation of content, in particular on copyright protected content; (d) services of data exchange platforms that are exclusively used by one data holder in order to enable the use of data they hold as well as platforms developed and exclusively offered by manufacturers of objects and devices connected to the Internet-of-Things, which have as their main objective to ensure functionalities of the connected object or device and to allow value added services; (e) services of ‘consolidated tape providers’ as defined in point (53) of Article 4(1) of Directive 2014/65/EU; and (f) services of ‘account information service providers’ as defined in point 19of Article 4 of Directive(EU) 2015/2366;
Amendment 237 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7 a) ‘data sharing service’ means a service, that, through the provision of technical, legal and other means establishes relationships between an undefined number of data subjects and data holders, on the one hand, and data users, on the other hand;
Amendment 238 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7 a) ‘processing’ means any operation or set of operations as defined in point (2) of Article 4 of Regulation (EU)2016/679;
Amendment 239 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking or receiving a reward, for purposes of
Amendment 240 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the
Amendment 241 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means
Amendment 242 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner that ensures compliance with applicable legislation, in particular the preservation of data subject rights under Regulation (EU) 2016/679, and that allows for the operator of the secure processing environment to determine and supervise all data processing actions, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms.
Amendment 243 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the
Amendment 244 #
Proposal for a regulation Article 3 – paragraph 2 – point e a (new) (e a) personal data processed in the context of employment
Amendment 245 #
Proposal for a regulation Article 3 – paragraph 2 a (new) (2 a) Where personal and non-personal data in a data set are inextricably linked in mixed data-sets, the data set shall be considered personal data.
Amendment 246 #
Proposal for a regulation Article 3 – paragraph 3 (3) The provisions of this Chapter do not create any obligation on public sector bodies to allow re-use of data nor do they release public sector bodies from their confidentiality obligations under Union or national law. This Chapter is without prejudice to Union and national law or international agreements to which the Union or Member States are parties on the protection of categories of data provided in paragraph 1. This Chapter is without prejudice to Union and national law on access to documents and to obligations of public sector bodies under Union and national law to allow the re-use of data.
Amendment 247 #
Proposal for a regulation Article 4 – paragraph 2 (2) By way of derogation from paragraph 1, an exclusive right to re-use data referred to in that paragraph may be granted to the extent necessary for the provision of a service or a product in the general interest, defined and justified why it is of general interest.
Amendment 248 #
Proposal for a regulation Article 4 – paragraph 7 a (new) (7 a) Where an exclusive right tore-use data does not meet the conditions set out in paragraphs 2, 3 and 4, the exclusive right shall be void.
Amendment 249 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 250 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies shall comply with the obligations under Union law for preserving the protection of data. To this end, public sector bodies may impose an obligation to re-use only pre-processed data
Amendment 251 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 252 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4) Public sector bodies
Amendment 253 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4) Public sector bodies
Amendment 254 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data, which have been anonymised or pseudonymised, remotely within a secure processing environment provided and controlled by the public sector ;
Amendment 255 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data, in anonymised form, within a secure processing environment provided and controlled by the public sector ;
Amendment 256 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5 a) Public sector bodies shall apply technical means that prevent the re-users from identifying any data subject, even within secure processing environments, and shall hold the re-users responsible for continuously assessing the risk of identification and de-anonymisation and for reporting to the public sector body concerned breaches to the confidentiality, the integrity, or the security of the data, in particular where a data breach has resulted in identification of an individual, notwithstanding any reporting obligations under Union law.
Amendment 257 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5 a) The re-identification of any data subjects by re-users shall be prohibited. The re-users shall be obliged to assess on an on-going basis the risk of re- identification and to report any data breach resulting in the re-identification of the individuals concerned to the competent supervisory authority in accordance with Regulation (EU) 2016/679 and the public sector body.
Amendment 258 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5 a) The public sector bodies shall publish a list of categories of anonymised data made available for re-use, the methods used for anonymisation and other pre-processing, as well as methods of transmission, over a period of at least up to the last two calendar years. The information shall be provided in such a manner that does not allow to identify data subjects.
Amendment 259 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5 a) Public sector bodies shall ensure the re-use of data is in full compliance with Regulation (EU) 2016/679.
Amendment 260 #
Proposal for a regulation Article 5 – paragraph 5 b (new) (5 b) In case of anonymised data, public sector bodies shall make a data protection impact assessment prior to granting access to the data. Where the processing of data can potentially lead to identification or de-anonymisation, the public sector body shall not allow access to, or re-use of, the data.
Amendment 261 #
Proposal for a regulation Article 5 – paragraph 5 b (new) (5 b) Public sector bodies shall ensure that data protection impact assessments required by Regulation (EU) 2016/679 for sharing anonymised data are duly conducted;
Amendment 262 #
Proposal for a regulation Article 5 – paragraph 5 c (new) (5 c) Re-use with the effect of identifying data subjects or otherwise de- anonymising datasets shall be prohibited. Re-users shall not identify any data subjects.
Amendment 263 #
Proposal for a regulation Article 5 – paragraph 6 Amendment 264 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re-users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1). All processing of personal data shall occur in full compliance with the GDPR and be accompanied by appropriate data protection safeguards. Re-use of data must be conditional on the signature by the re-user of a confidentiality agreement as set out in recital 11.
Amendment 265 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5c (new) and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re- users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 266 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation
Amendment 267 #
Proposal for a regulation Article 5 – paragraph 6 a (new) (6 a) Where public sector bodies make available personal data for re-use pursuant to this Article, they shall do so in full compliance with Regulation(EU) 2016/679.
Amendment 268 #
Proposal for a regulation Article 5 – paragraph 9 Amendment 269 #
Proposal for a regulation Article 5 – paragraph 10 Amendment 270 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data categories held by public sector bodies shall be deemed to be highly sensitive for
Amendment 271 #
Proposal for a regulation Article 5 – paragraph 12 Amendment 272 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the
Amendment 273 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the intention to transfer
Amendment 274 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the intention to transfer
Amendment 275 #
Proposal for a regulation Article 6 Amendment 276 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall
Amendment 277 #
Proposal for a regulation Article 7 – paragraph 1 (1) Member States shall designate one or more competent bodies, which may be sectoral, to support the public sector bodies which grant access to the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task. Member States shall be allowed either to establish one or more new bodies or to rely on existing ones that fulfil the conditions set out by this Regulation.
Amendment 278 #
Proposal for a regulation Article 7 – paragraph 2 – point c Amendment 279 #
Proposal for a regulation Article 7 – paragraph 2 – point c a (new) (c a) assisting public sector bodies, where relevant, with formatting data for ensuring a higher level of interoperability with other data available for re-use, according to EU interoperability standards and without prejudice to the data itself or to Union law;
Amendment 280 #
Proposal for a regulation Article 8 – paragraph 2 (2) The single information point shall receive requests for the re-use of the categories of data referred to in Article 3 (1) and shall transmit them to the competent public sector bodies, or the competent bodies referred to in Article 7 (1), where relevant. The single information point shall make available by electronic means a register of available data resources containing relevant information describing the nature of available data. To stimulate cross-border data re-use within the EU, Member States shall ensure that the information on available data resources is presented in two additional wide- circulation EU languages.
Amendment 281 #
Proposal for a regulation Article 8 – paragraph 2 a (new) (2 a) The Commission shall collect and make public and easily accessible information about all Member States’ single information points.
Amendment 282 #
Proposal for a regulation Article 8 – paragraph 3 (3) Requests for the re-use of the categories of data referred to in Article 3
Amendment 283 #
Proposal for a regulation Chapter III – title III
Amendment 284 #
Proposal for a regulation Article -9 (new) Article -9 Creating trust for providers of data sharing services (1) A European general authorisation framework shall be established in order to increase trust in the provision of data sharing services, as identified in paragraph (2), thereby improving the conditions for the functioning of the internal market by increasing data exchanges within the Union, with a view to create a single market for data. (2) The general authorisation framework shall apply to the provision of the following services: (a) services aimed at the creation of personal data spaces, namely services enabling data subjects to exercise the rights provided in Regulation (EU) 2016/679, which may be paired by making available dedicated storage services to the data subjects; (b) services related to the creation of data cooperatives, namely services enabling several data subjects to exercise collectively the rights provided in Regulation (EU) 2016/679, which may be paired by making available data storage services to such data subjects. (3) Member States shall not introduce new national authorisation frameworks for the services covered by the European general authorisation framework for data sharing services. (4) The provider of data sharing services shall be compliant with the requirements laid down in Regulation (EU) 2016/679, including the provisions on transfers of personal data to third countries or international organisations. (5) The general authorisation is without prejudice to powers of supervisory authorities to ensure compliance of providers of data sharing services with applicable law, including on the protection of personal data and competition law. (6) The provision of data sharing services as well as the exchange of information between undertakings are without prejudice to the application of competition law.
Amendment 285 #
Amendment 286 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679; the data sharing services shall not themselves process the personal data, but shall only allow data subjects to give consent to specific data users and for specific purposes;
Amendment 287 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679;
Amendment 288 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services,
Amendment 289 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c) services of data cooperatives, that is to say services
Amendment 290 #
Proposal for a regulation Article 9 – paragraph 2 (2) This
Amendment 291 #
Proposal for a regulation Article 9 – paragraph 2 (2) This
Amendment 292 #
Proposal for a regulation Article 10 – title Notification of data
Amendment 293 #
Proposal for a regulation Article 10 – paragraph 1 (1) Any provider of data
Amendment 294 #
Proposal for a regulation Article 10 – paragraph 2 (2) For the purposes of this Regulation, a
Amendment 295 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data
Amendment 296 #
Proposal for a regulation Article 10 – paragraph 4 a (new) (4 a) By way of derogation from paragraph 4, a provider of data sharing services shall notify the competent authority in the following cases: (a) the provider intends to provide services on the basis of, or can reasonably assume to process personal data, or anonymised data that was derived from personal data; (b) the provider can reasonably assume that the combination of non-personal data under the service it provides could lead to the identification or identifiability of natural persons; The provider shall not start the activity before the competent authority has not been consulted.
Amendment 297 #
Proposal for a regulation Article 10 – paragraph 6 – point f (f) a description of the service or services the provider intends to provide and a declaration of compliance with Regulation (EU) 2016/679 when the data sharing service involves personal data;
Amendment 298 #
Proposal for a regulation Article 10 – paragraph 7 (7) At the request of the provider, the competent authority shall, within
Amendment 299 #
Proposal for a regulation Article 11 – title Conditions for providing data
Amendment 300 #
Proposal for a regulation Article 11 – paragraph 1 – introductory part The provision of data
Amendment 301 #
Proposal for a regulation Article 11 – paragraph 1 – point 1 (1) the
Amendment 302 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 Amendment 303 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the metadata collected from the provision of the data
Amendment 304 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 (3) the
Amendment 305 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 (4) the
Amendment 306 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4 a) the data intermediary may offer additional specific services facilitating the exchange of the data and tools capable of analysis, aggregation, improving the quality or conversion of data to data holders or data users. Those tools shall be used only at the explicit request or approval of the data holder and third- party tools offered in that context shall not use data for purposes other than those requested or approved by the data holder
Amendment 307 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the
Amendment 308 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the
Amendment 309 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient
Amendment 310 #
Proposal for a regulation Article 11 – paragraph 1 – point 7 (7) the
Amendment 311 #
Proposal for a regulation Article 11 – paragraph 1 – point 8 (8) the
Amendment 312 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 (9) the
Amendment 313 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 (9) the provider shall have procedures in place to ensure compliance with the Union and national rules on competition and consumer protection;
Amendment 314 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 a (new) (9 a) the provider shall have procedures in place to ensure compliance with the Union and national rules on the protection of personal data;
Amendment 315 #
(10) the
Amendment 316 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a
Amendment 317 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a provider provides tools for obtaining consent from data subjects in accordance with Article 7 and Article 8 of Regulation 2016/679, or
Amendment 318 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by
Amendment 319 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 a (new) (11 a) The provider shall ensure interoperability with other data sharing services, using open data standards and accessible APIs when technically feasible;
Amendment 320 #
Proposal for a regulation Article 12 – paragraph 1 (1) Each Member State shall designate in its territory one or more authorities competent to carry out the tasks related to the notification framework and shall communicate to the Commission the
Amendment 321 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national supervisory authorities for artificial intelligence, the national competition authorities, the national authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers. Particular attention shall be dedicated to ensuring compliance with the provisions of Regulation (EU) 2016/679 and with Union law.
Amendment 322 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers. The data protection authorities shall be designated as the main competent authorities for the supervision and enforcement of the provisions under Chapter IV of the Regulation.
Amendment 323 #
Proposal for a regulation Article 12 – paragraph 3 (3)
Amendment 324 #
Proposal for a regulation Article 12 – paragraph 3 a (new) (3 a) The competent authorities shall undertake their tasks in cooperation with the data protection authority, where such tasks are related to processing of personal data, and with relevant sectoral bodies of the same Member State.
Amendment 325 #
Proposal for a regulation Article 13 – paragraph 2 (2) The competent authority shall have the power to request from providers of data sharing services all the information that is necessary to verify compliance with the requirements laid down in Articles 10 and 11.
Amendment 326 #
Proposal for a regulation Article 13 – paragraph 2 (2) The competent authority shall have the power to request from providers of data sharing services all the information that is necessary to verify compliance with the requirements laid down in
Amendment 327 #
Proposal for a regulation Article 13 – paragraph 3 (3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in
Amendment 328 #
Proposal for a regulation Article 13 – paragraph 3 (3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in
Amendment 329 #
Proposal for a regulation Article 13 – paragraph 4 – introductory part (4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3 either immediately or within a reasonable time limit and shall take appropriate and proportionate measures aimed at ensuring compliance. In this regard, the competent authorities shall be able
Amendment 330 #
Proposal for a regulation Article 13 – paragraph 4 – point b (b) to require cessation
Amendment 331 #
Proposal for a regulation Article 13 – paragraph 5 a (new) Amendment 332 #
Proposal for a regulation Article 14 – paragraph 1 This Chapter shall not apply to
Amendment 333 #
Proposal for a regulation Article 14 – paragraph 1 a (new) (a) public sector bodies that offer data sharing facilities on a non-commercial basis;
Amendment 334 #
Proposal for a regulation Article 14 a (new) Article 14 a b) not-for-profit entities whose activities consist only in seeking to collect data for objectives of general interest, made available by natural or legal persons on the basis of data altruism.
Amendment 335 #
Proposal for a regulation Article 15 – paragraph 2 (2) The Commission shall maintain a Union register of recognised data altruism organisations, which shall be accessible to the public.
Amendment 336 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and be independent from any entity involved in the collection, processing or storage of data that operates on a for-profit basis;
Amendment 337 #
Proposal for a regulation Article 16 – paragraph 1 – point b a (new) (b a) provide supervisory mechanisms, such as ethics boards or councils, to ensure that the data controller maintains high standards of scientific ethics
Amendment 338 #
Proposal for a regulation Article 16 – paragraph 1 – point b b (new) (b b) provide effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679
Amendment 339 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (c a) ensures technical and organisational requirements for the application of data protection standards and the exercise of data subjects' rights, including the right to transfer data;
Amendment 340 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (c a) have procedures in place that ensure compliance with the Union and national rules on the protection of personal data.
Amendment 341 #
Proposal for a regulation Article 17 – paragraph 3 Amendment 342 #
Proposal for a regulation Article 17 – paragraph 4 – point e (e) the address of the entity’s main establishment in the Union, if any, and,
Amendment 343 #
Proposal for a regulation Article 18 – paragraph 2 – point c (c) a list of all natural and legal persons that were allowed to use data it holds, including a
Amendment 344 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of recognised data altruism organisations shall inform data holders in a clear and comprehensible manner and prior to any processing of their data:
Amendment 345 #
Proposal for a regulation Article 19 – paragraph 1 – introductory part (1) Any entity entered in the register of recognised data altruism organisations shall inform data holders prior to any processing of their data:
Amendment 346 #
Proposal for a regulation Article 19 – paragraph 1 – point -a (new) (-a) about the legal basis established under Regulation (EU) 2016/679 under which it collects data;
Amendment 347 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of general interest (and in case of personal data – about the purpose of the processing which shall be specified, explicit and legitimate) for which it permits the processing of their data by a data user in an easy-to- understand manner
Amendment 348 #
Proposal for a regulation Article 19 – paragraph 1 – point a (a) about the purposes of general interest for which it permits the processing of their data by a data user
Amendment 349 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing o
Amendment 350 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing outside the Union, including its location.
Amendment 351 #
Proposal for a regulation Article 19 – paragraph 1 – point b (b) about any processing outside the Union, including its location.
Amendment 352 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing and ensure that misleading marketing practices are not used to solicit donations of data.
Amendment 353 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2 a) The entity shall also ensure that consent from data subjects or permissions to process data made available by legal entities can be withdrawn easily, at any point in time and in a user-friendly manner by the data subject or legal entities.
Amendment 354 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2 a) The entity shall also ensure that consent from data subjects or permissions to process data made available by legal persons can be easily withdrawn.
Amendment 355 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2 a) The entity shall also ensure that data processing is conducted according to the provisions of Regulation (EU) 2016/679.
Amendment 356 #
Proposal for a regulation Article 19 – paragraph 2 a (new) (2 a) The entity shall ensure that the data is not used for advertising purposes.
Amendment 357 #
Proposal for a regulation Article 19 – paragraph 2 b (new) (2 b) The entity shall take measures to ensure high level of security, including cybersecurity standards, for the storage and processing of data that it has collected based on data altruism.
Amendment 358 #
Proposal for a regulation Article 19 – paragraph 2 b (new) (2 b) The entity shall take measures to ensure a high level of security for the storage and processing of data that it has collected based on data altruism.
Amendment 359 #
Proposal for a regulation Article 19 – paragraph 3 (3) Where an entity entered in the register of recognised data altruism organisations provides tools for obtaining consent in accordance with Article 7 and Article 8 of Regulation 2016/679 from data subjects or permissions to process data made available by legal persons, it shall also specify the jurisdiction or
Amendment 360 #
Proposal for a regulation Article 19 – paragraph 3 (3) Where an entity entered in the public register of recognised data altruism organisations provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions outside of the Union in which the data use is intended to take place.
Amendment 361 #
Proposal for a regulation Article 19 – paragraph 3 a (new) (3 a) When personal data is shared by a data subject, all data subjects rights established under Regulation (EU) 2016/679 continue to apply;
Amendment 362 #
Proposal for a regulation Article 20 – paragraph 1 (1) Each Member State shall designate one or more competent authorities responsible for the publicly-available register of recognised data altruism organisations and for the monitoring of compliance with the requirements of this Chapter. The designated competent authorities shall meet the requirements of Article 23.
Amendment 363 #
Proposal for a regulation Article 20 – paragraph 2 (2) Each Member State shall inform the Commission of the
Amendment 364 #
Proposal for a regulation Article 20 – paragraph 3 (3) The competent authorit
Amendment 365 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on data altruism, the Commission may adopt implementing acts developing a European data altruism consent form, after consultation and authorisation of the European Data Protection Board. The form shall allow the collection of consent across Member States in a uniform format. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 29 (2).
Amendment 366 #
Proposal for a regulation Article 22 – paragraph 1 (1) In order to facilitate the collection of data based on data altruism, the Commission may adopt implementing acts developing a European data altruism consent form, following consultation of the European Data Protection Board. The form shall allow the collection of consent across Member States
Amendment 367 #
Proposal for a regulation Article 22 – paragraph 4 (4) The form shall be available in all the official languages of the EU in a manner that can be printed on paper and read by humans as well as in an electronic, machine-readable form.
Amendment 368 #
Proposal for a regulation Article 23 – paragraph 1 (1) The competent authorities designated pursuant to Article 12 and Article 20 shall be legally distinct from, and functionally independent of any provider of data sharing services or entity included in the register of recognised data altruism organisations. The authorities referred to in Articles 12 and 20 shall be the same as the supervisory authorities designated under Regulation (EU) 2016/679. Member States shall make available additional financial and human resources to perform these tasks.
Amendment 369 #
Proposal for a regulation Article 26 – paragraph 1 (1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the EU-level coordination board of supervisory authorities for artificial intelligence, the cybersecurity Cooperation Group, the Commission, and relevant data spaces and other representatives of competent authorities in specific sectors.
Amendment 370 #
Proposal for a regulation Article 26 – paragraph 2 (2) Stakeholders and relevant third parties may be invited to attend meetings of the Board and to participate in its work. In case stakeholders are invited, an equal number from industry, academia, civil society, and consumer protection group shall be represented. These stakeholders shall be registered in the Transparency Register.
Amendment 371 #
Proposal for a regulation Article 26 – paragraph 4 a (new) (4 a) The agenda of meetings of the Board shall be published beforehand, as well as the minutes after the meeting without undue delay. The minutes shall contain a list of representatives and stakeholders present.
Amendment 372 #
Proposal for a regulation Article 27 – paragraph 1 – point b (b) to advise and assist the Commission in developing a consistent practice of the competent authorities in the application of requirements applicable to data sharing providers
Amendment 373 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (e a) to facilitate cooperation between Member States in relation to the rules on penalties laid down by the Member States pursuant to Article 31 and to issue recommendations as regards the harmonisation of those penalties across the Union
Amendment 374 #
Proposal for a regulation Article 28 Amendment 375 #
Proposal for a regulation Article 30 – title International access and transfer of non- personal data
Amendment 376 #
Proposal for a regulation Article 30 – paragraph 3 – point a (a) where the third-country system requires the reasons and proportionality of the decision to be set out, and it requires the court order or the decision, as the case may be, to be specific in character, for instance by establishing a sufficient link to certain suspected persons, or
Amendment 377 #
Proposal for a regulation Article 30 – paragraph 5 (5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data
Amendment 378 #
Proposal for a regulation Article 31 – paragraph 1 Amendment 379 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 380 #
Proposal for a regulation Article 32 – paragraph 1 By [
Amendment 381 #
Proposal for a regulation Article 35 – paragraph 2 It shall apply from [
source: 693.715
2021/06/08
JURI
204 amendments...
Amendment 100 #
Proposal for a regulation Recital 31 (31) In order to support effective cross- border provision of services, the data
Amendment 101 #
Proposal for a regulation Recital 32 (32) The main establishment of a provider of data
Amendment 102 #
Proposal for a regulation Recital 33 (33) The competent authorities designated to monitor compliance of data sharing services with the requirements in this Regulation should be chosen on the basis of their capacity and expertise regarding horizontal or sectoral data sharing, and they should be independent as well as transparent and impartial in the exercise of their tasks and they should closely liaise with all relevant national authorities, in particular for data protection, competition, cybersecurity, artificial intelligence and any other sectoral authorities. which may have information necessary for the exercise of their task. Member States should notify the Commission of the identity of the designated competent authorities.
Amendment 103 #
Proposal for a regulation Recital 33 (33) The competent authorities designated to monitor compliance of data
Amendment 104 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of general interest. Such purposes would include healthcare, combating climate change, improving mobility and education, reducing gender and cultural gaps, facilitating the establishment of official statistics or improving the provision of public services. Support to scientific research, including for example technological development and demonstration, fundamental research, applied research and privately funded research, insofar as it contributes to the common benefit of society, should be considered as well purposes of general interest. This Regulation aims at contributing to the emergence of pools of data made available on the basis of data altruism that have a sufficient size in order to enable data analytics and machine learning, including across borders in the Union.
Amendment 105 #
Proposal for a regulation Recital 35 (35) There is a strong potential in the use of data made available voluntarily by data subjects based on their consent or, where it concerns non-personal data, made available by legal persons, for purposes of
Amendment 106 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools
Amendment 107 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. This should be understood without prejudice of the consent procedures established in Regulation (EU) 2016/679. Legal persons could give permission to the processing of their non-personal data for a range of purposes of general interest, although not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from ethical and transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and companies. Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the registered entity, oversight mechanisms such as ethics councils or boards to ensure
Amendment 108 #
Proposal for a regulation Recital 36 (36) Legal entities that seek to support purposes of
Amendment 109 #
Proposal for a regulation Recital 38 (38)
Amendment 110 #
Proposal for a regulation Recital 39 (39) To promote trust and bring additional legal certainty and user- friendliness to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on an altruistic basis, a European data altruism consent form should be developed and used in the context of altruistic data sharing. Such a form should contribute to additional transparency for data subjects that their data will be accessed and used in accordance with their consent and also in full compliance with the data protection rules. It could also be used to streamline data altruism performed by companies and provide a mechanism
Amendment 111 #
Proposal for a regulation Recital 40 (40) In order to successfully implement the data governance framework, a European Data Innovation Board should be established, in the form of an expert group. The Board should consist of representatives of the Member States, the Commission and representatives of relevant data spaces and specific sectors (such as health, agriculture, transport and statistics), as well as representatives from civil society, academia, research and standard setting organisations, as relevant. The European Data Protection Board should be invited to appoint a representative to the European Data Innovation Board.
Amendment 112 #
Proposal for a regulation Recital 43 (43) In order to ensure the protection of the rights and interests of data holders and take account of the specific nature of certain categories of data, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission to draw up a list identifying the third countries that provide a level of protection that is essentially equivalent to those provided by Union or national law and to lay down special conditions applicable for transfers to third-
Amendment 113 #
Proposal for a regulation Recital 46 (46) This Regulation respects the fundamental rights and observes the principles recognised in particular by the
Amendment 114 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data and does not weaken the level of data protection. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply.
Amendment 115 #
Proposal for a regulation Article 1 – paragraph 2 (2) This Regulation is without
Amendment 116 #
Proposal for a regulation Article 1 – paragraph 2 a (new) (2a) Union law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC, and Regulation (EU) 2018/1725, including the competences and powers of supervisory authorities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter shall prevail. This Regulation does not create a legal basis for the processing of personal data.
Amendment 117 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2a) "purposes of general interest" means purposes whereby data is used for the common benefit of society within the scope of application of this Regulation and pertaining to all relevant sectors of public life.
Amendment 118 #
Proposal for a regulation Article 2 – paragraph 1 – point 2 a (new) (2 a) 'personal data' means personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 119 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new) (3a) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679;
Amendment 120 #
Proposal for a regulation Article 2 – paragraph 1 – point 3 b (new) (3b) 'data subject' means data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 121 #
Proposal for a regulation Article 2 – paragraph 1 – point 4 Amendment 122 #
Proposal for a regulation Article 2 – paragraph 1 – point 5 (5) ‘data holder’ means a natural or legal person
Amendment 123 #
Proposal for a regulation Article 2 – paragraph 1 – point 6 (6) ‘data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and
Amendment 124 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7)
Amendment 125 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 (7) ‘data sharing’ means the provision of data by a data holder
Amendment 126 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 a (new) (7a) ‘data sharing service’ means a service, that, through the provision of technical, legal and other means establishes relationships between an undefined number of data subjects and data holders, on the one hand, and data users, on the other hand;
Amendment 127 #
Proposal for a regulation Article 2 – paragraph 1 – point 7 b (new) (7b) ‘processing’ means processing as defined in point (2) of Article 4 of Regulation (EU) 2016/679;
Amendment 128 #
Proposal for a regulation Article 2 – paragraph 1 – point 8 (8) ‘access’ means
Amendment 129 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means
Amendment 130 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘data altruism’ means the
Amendment 131 #
Proposal for a regulation Article 2 – paragraph 1 – point 10 a (new) (10a) ‘Public Interest Data Hub’ means an entity controlling, facilitating the processing, or processing itself, data pursuant to paragraph 10 for objectives of public interest, such as healthcare, combating climate change, improving mobility, facilitating the establishment of official statistics, improving public services, or scientific research purposes in the public interest;
Amendment 132 #
Proposal for a regulation Article 2 – paragraph 1 – point 14 (14) ‘secure processing environment’ means the physical or virtual environment and organisational means to provide the opportunity to re-use data in a manner that
Amendment 133 #
Proposal for a regulation Article 2 – paragraph 1 – point 15 (15) ‘representative’ means any natural or legal person established in the Union explicitly designated to act on behalf of a provider of data
Amendment 134 #
Proposal for a regulation Article 3 – paragraph 2 – point c (c) data held by cultural establishments and educational establishments for which intellectual property rights are not incidental, but which are predominantly contained in works and other documents protected by such intellectual property rights;
Amendment 135 #
Proposal for a regulation Article 3 – paragraph 3 a (new) (3a) Where anonymisation, aggregation, or other techniques can be applied so that the protections under paragraph 1 no longer apply, public sector bodies shall make available the data for re-use as mandated by the Open Data Directive, without prejudice to the provisions of Article 5.
Amendment 136 #
(1) Agreements or other practices pertaining to the re-use of data held by public sector bodies containing categories of data referred to in Article 3 (1) which grant exclusive rights or which have as their object or effect to grant such exclusive rights or to restrict the availability of data for re-use by entities other than the parties to such agreements or other practices shall be prohibited. Such agreements or practices and the exclusive rights granted pursuant to them shall be void.
Amendment 137 #
Proposal for a regulation Article 4 – paragraph 5 (5) The period of exclusivity of the right to re-use data shall not exceed
Amendment 138 #
Proposal for a regulation Article 4 – paragraph 7 (7) Agreements or other practices falling within the scope of the prohibition in paragraph 1, which do not meet the conditions set out in paragraph 2, and which were concluded before the date of entry into force of this Regulation shall be terminated at the end of the contract and in any event at the latest within t
Amendment 139 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be non- discriminatory, transparent, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition, including by being constructed in a way that poses restrictions for SMEs, start-ups or civil society actors to participate in the data economy.
Amendment 140 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be ethical, transparent, sustainable, non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition.
Amendment 141 #
Proposal for a regulation Article 5 – paragraph 2 (2) Conditions for re-use shall be lawful, transparent, non-
Amendment 142 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 143 #
Proposal for a regulation Article 5 – paragraph 3 (3) Public sector bodies
Amendment 144 #
Proposal for a regulation Article 5 – paragraph 4 Amendment 145 #
Proposal for a regulation Article 5 – paragraph 4 – introductory part (4)
Amendment 146 #
Proposal for a regulation Article 5 – paragraph 4 – point a (a) to access and re-use the data remotely within a secure processing environment provided and controlled by the public sector
Amendment 147 #
(5)
Amendment 148 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment, used in compliance with high level cybersecurity standards. The public sector body shall be able to verify any results of processing of data undertaken by the re-
Amendment 149 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties. To this end, the public sector bodies shall be equipped with the necessary human and financial resources for monitoring and law enforcement.
Amendment 150 #
Proposal for a regulation Article 5 – paragraph 5 (5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public sector body shall be able to verify
Amendment 151 #
Proposal for a regulation Article 5 – paragraph 5 a (new) (5a) The public sector bodies shall publish a list of categories of anonymised data made available for re-use, the methods used for anonymisation and other pre-processing, as well as methods of transmission, over a period of at least up to the last two calendar years. The information shall be provided in such a manner that does not allow to identify data subjects.
Amendment 152 #
Proposal for a regulation Article 5 – paragraph 5 b (new) (5b) In case of anonymised data, public sector bodies shall make a data protection impact assessment prior to granting access to the data. Where it can be reasonably assumed, or where an impact assessment indicates that the processing or subsequent combination of data could lead to identification or de- anonymisation, the public sector body shall not allow access to, or re-use of the data.
Amendment 153 #
Proposal for a regulation Article 5 – paragraph 5 c (new) (5c) Re-use with the purpose of identifying data subjects or otherwise de- anonymising datasets shall be prohibited. Re-users shall not identify any data subjects.
Amendment 154 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of personal data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support entities requesting re-use
Amendment 155 #
Proposal for a regulation Article 5 – paragraph 6 (6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re-users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. To this end, the public sector bodies shall be equipped with the necessary human and financial resources to carry out their duties in an effective and efficient way. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 156 #
Proposal for a regulation Article 5 – paragraph 6 a (new) (6a) Where public sector bodies make available personal data for re-use pursuant to this Article, they shall inform data subjects accordingly of this re-use and of the rights of the data subject in that regard. The public sector bodies shall support data subjects in exercising their rights, including in relation to any re- users. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 157 #
Proposal for a regulation Article 5 – paragraph 6 b (new) (6b) Public sector bodies shall invite individuals, civil society and consumer protection organisations, in an open and collaborative manner, to participate in setting up processes for allowing the re- use of personal data.
Amendment 158 #
Proposal for a regulation Article 5 – paragraph 6 c (new) (6c) In particular where special categories of data and sensitive sectors such as the health sector are concerned, re-use of personal data shall take into account the outcome of prior data protection impact assessments.
Amendment 159 #
Proposal for a regulation Article 5 – paragraph 9 – subparagraph 1 – introductory part (9)
Amendment 160 #
Proposal for a regulation Article 5 – paragraph 9 – subparagraph 1 – introductory part (9) The Commission
Amendment 161 #
Proposal for a regulation Article 5 – paragraph 9 – subparagraph 2 Amendment 162 #
Proposal for a regulation Article 5 – paragraph 10 – introductory part (10) Public sector bodies shall
Amendment 163 #
Proposal for a regulation Article 5 – paragraph 11 (11) Where specific Union acts adopted in accordance with a legislative procedure establish that certain non-personal data
Amendment 164 #
Proposal for a regulation Article 5 – paragraph 12 (12) The natural or legal person to which the right to re-use non-personal data was granted may transfer the data only to those third-countries for which the
Amendment 165 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the intention to transfer
Amendment 166 #
Proposal for a regulation Article 5 – paragraph 13 (13) Where the re-user intends to transfer non-personal data to a third country, the public sector body shall inform the data holder about the transfer of data to that third country and for what purposes of general interest.
Amendment 167 #
Proposal for a regulation Article 6 – paragraph 2 (2) Any fees pursuant to paragraph 1 shall be non-
Amendment 168 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes and by small and medium-sized enterprises in line with State aid rules. In that regard, public sector bodies may also make the data available for a discounted fee or free of charge, in particular to SMEs and start-ups, civil society actors and educational establishments.
Amendment 169 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1) for non- commercial purposes in the public interest, scientific or historical research and by small and medium-sized enterprises and microenterprises in line with State aid rules. In such cases, the re-use should be allowed for free or at a lower cost.
Amendment 170 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public sector bodies shall take measures to incentivise the re-use of the categories of data referred to in Article 3 (1)
Amendment 171 #
Proposal for a regulation Article 6 – paragraph 4 (4) Where they apply fees, public
Amendment 172 #
Proposal for a regulation Article 6 – paragraph 5 (5) Fees shall be derived from the costs related to the processing of requests for re- use of the categories of data referred to in Article 3 (1).
Amendment 173 #
Proposal for a regulation Article 7 – paragraph 1 (1) For the tasks mentioned in this Article, Member States shall designate one
Amendment 174 #
Proposal for a regulation Article 7 – paragraph 2 – point a a (new) (aa) provides assistance and advice to the public sector for staff training activities regarding data security and protection and all ICT technologies involved
Amendment 175 #
Proposal for a regulation Article 7 – paragraph 2 – point b (b) providing technical support
Amendment 176 #
Proposal for a regulation Article 7 – paragraph 2 – point c (c) assisting the public sector bodies, where relevant, in obtaining consent or permission by re-users for re-use for altruistic and other purposes in line with specific decisions of data holders, including on the jurisdiction or jurisdictions in which the data processing is intended to take place and in the preparation of data literacy tools to provide information to data holders in a comprehensive and fully understandable manner allowing them to make informed choices;
Amendment 177 #
Proposal for a regulation Article 7 – paragraph 2 – point c (c) assisting the public sector bodies
Amendment 178 #
Proposal for a regulation Article 7 – paragraph 4 (4) The competent body or bodies shall have adequate legal and technical capacities and expertise to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3 (1). The competent body or bodies should be equipped with the necessary human and financial resources to carry out their duties in an effective and efficient way.
Amendment 179 #
Proposal for a regulation Article 8 – paragraph 4 (4)
Amendment 180 #
Proposal for a regulation Chapter III – title Requirements applicable to data
Amendment 181 #
Proposal for a regulation Article 9 – title Providers of data
Amendment 182 #
Proposal for a regulation Article 9 – paragraph 1 – introductory part (1) The provision of the following data
Amendment 183 #
(a) intermediation services between data holders
Amendment 184 #
Proposal for a regulation Article 9 – paragraph 1 – point b (b) intermediation services between data subjects that seek to make their personal data available and potential data users,
Amendment 185 #
Proposal for a regulation Article 9 – paragraph 1 – point c (c)
Amendment 186 #
Proposal for a regulation Article 9 – paragraph 2 (2) This Chapter shall be without prejudice to the application of other Union and national law to providers of data sharing services, including powers of supervisory authorities to ensure
Amendment 187 #
Proposal for a regulation Article 9 – paragraph 2 (2) This Chapter shall be without prejudice to the application of other Union and national law to providers of data
Amendment 188 #
Proposal for a regulation Article 9 – paragraph 2 (2) This
Amendment 189 #
Proposal for a regulation Article 10 – title Notification of data
Amendment 190 #
Proposal for a regulation Article 10 – paragraph 1 (1) Any provider of data
Amendment 191 #
Proposal for a regulation Article 10 – paragraph 2 (2) For the purposes of this Regulation, a provider of data
Amendment 192 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established. The representative shall be mandated by the provider of data sharing services to be addressed in addition to or instead of it by, in particular, competent authorities and data subjects and data holders, on all issues related to the data sharing services, for the purposes of ensuring compliance with this Regulation. The designation of a representative by providers of data sharing services shall be without prejudice to legal actions which could be initiated against providers of data sharing services themselves.
Amendment 193 #
Proposal for a regulation Article 10 – paragraph 3 (3) A provider of data
Amendment 194 #
Proposal for a regulation Article 10 – paragraph 4 (4) Upon notification, the provider of data
Amendment 195 #
Proposal for a regulation Article 10 – paragraph 4 a (new) (4a) By way of derogation from paragraph 4, a provider of data sharing services shall notify the competent authority in the following cases: (a) the provider intends to provide services on the basis of, or can reasonably assume to process personal data, or anonymised data that was derived from personal data; (b) the provider can reasonably assume that the combination of non-personal data under the service it provides could lead to the identification or identifiability of natural persons; The provider shall not start the activity before the competent authority has not been consulted.
Amendment 196 #
Proposal for a regulation Article 10 – paragraph 5 (5) The notification shall entitle the provider to provide data
Amendment 197 #
Proposal for a regulation Article 10 – paragraph 6 – point a (a) the name of the provider of data
Amendment 198 #
Proposal for a regulation Article 10 – paragraph 6 – point d (d) a publicly accessible website where information on the provider and the activities can be found,
Amendment 199 #
Proposal for a regulation Article 10 – paragraph 6 – point f (f) a description of the service the provider intends to provide and how the conditions set out in Article 11 are fulfilled;
Amendment 200 #
Proposal for a regulation Article 10 – paragraph 6 – point f a (new) (fa) the nature of data to be controlled, processed, or re-used by the provider, and, in the case of personal data, an indication of the categories of personal data, and the categories of recipients of personal data;
Amendment 201 #
Proposal for a regulation Article 10 – paragraph 6 – point f b (new) (fb) an indication in the case of processing of personal data or where the provider can reasonably assume that the combination of non-personal data under the service it provides could lead to the identification or identifiability of natural persons;
Amendment 202 #
Proposal for a regulation Article 10 – paragraph 6 – point g (g) the
Amendment 203 #
Proposal for a regulation Article 10 – paragraph 6 – point h Amendment 204 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission of each new notification. The Commission shall keep a public register of all providers of data sharing services in the Union, which shall make available the information referred to in paragraph 6,points (a), (b), (c), (d), (f), (fa), and (fb).
Amendment 205 #
Proposal for a regulation Article 10 – paragraph 9 (9) The competent authority shall notify the Commission of each new notification. The Commission shall keep a register of providers of data
Amendment 206 #
Proposal for a regulation Article 10 – paragraph 10 (10) The competent authority may charge fees. Such fees shall be
Amendment 207 #
Proposal for a regulation Article 10 – paragraph 11 (11) Where a provider of data
Amendment 208 #
Proposal for a regulation Article 11 – title Conditions for providing data
Amendment 209 #
Proposal for a regulation Article 11 – paragraph 1 – introductory part The provision of data
Amendment 210 #
Proposal for a regulation Article 11 – paragraph 1 – point 1 (1) the provider may not use the data for which it provides services for other purposes than to put them at the disposal of data users and data
Amendment 211 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the
Amendment 212 #
Proposal for a regulation Article 11 – paragraph 1 – point 2 (2) the metadata collected from the provision of the data
Amendment 213 #
Proposal for a regulation Article 11 – paragraph 1 – point 3 (3) the provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data subjects and data holders, a
Amendment 214 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4a) data intermediation services may include offering additional specific tools and services to data holders for the purpose of facilitating the exchange of data, such as analysis, temporary storage, aggregation, curation, conversion, anonymisation, pseudonymisation; those tools and services shall be used only at the explicit request or approval of the data holder and third-party tools offered in that context shall not use data for other purposes other than those requested or approved by the data holder;
Amendment 215 #
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new) (4a) the provider may offer additional specific services to data subjects and data holders facilitating the exchange of the data, such as storage, aggregation, curation, pseudonymisation and anonymisation;
Amendment 216 #
Proposal for a regulation Article 11 – paragraph 1 – point 5 (5) the provider shall have procedures in place to prevent fraudulent or abusive
Amendment 217 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 (6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to their data or, in the case of providing intermediation services between data subjects and data users, pursuant to Article 9(1), point b, that allow data subjects to exercise their rights in case of insolvency of the provider;
Amendment 218 #
Proposal for a regulation Article 11 – paragraph 1 – point 6 a (new) (6a) the provider shall take reasonable measures to ensure interoperability with other data sharing services by means of commonly used, formal or informal, open standards in the sector in which the data sharing service providers operate;
Amendment 219 #
Proposal for a regulation Article 11 – paragraph 1 – point 9 a (new) (9a) the provider shall have procedures in place to ensure compliance with the Union and national rules on the protection of personal data, including procedures for ensuring the exercise of data subjects’ rights; the provider shall in particular provide the data subjects with easily accessible tools, allowing them a comprehensive view of how and for which specific purpose their personal data are shared by the provider;
Amendment 220 #
Proposal for a regulation Article 11 – paragraph 1 – point 11 (11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by
Amendment 221 #
Proposal for a regulation Article 12 – paragraph 3 (3) The powers of the designated competent authorities
Amendment 222 #
Proposal for a regulation Article 12 – paragraph 3 (3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall ensure adequate coordination measures to exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 223 #
Proposal for a regulation Article 13 – paragraph 4 – point b a (new) (ba) the non compliance with condition of article 11 paragraph 2 may result in a decision by the national competent authority to require the cessation of the provision of the concerned data sharing service;
Amendment 224 #
Proposal for a regulation Article 16 – title General requirements for
Amendment 225 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) operate on a not-for-profit basis and
Amendment 226 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) Where Public Interest Data Hubs provide tools for obtaining consent from data subjects or permissions to process data made available by data holders, they shall specify the jurisdiction or jurisdictions outside the Union in which the data use is intended to take place and provide data subjects with tools to withdraw consent and data holders with tools to withdraw permissions to process data.
Amendment 227 #
Proposal for a regulation Article 17 – paragraph 4 – point f (f) a publicly accessible website where information on the entity and the activities can be found, including as a minimum the information referred to in points (a), (b), (d), (e), (g) and (h) of this paragraph;
Amendment 228 #
Proposal for a regulation Article 18 – paragraph 2 – point c (c) a list of all natural and legal persons that were allowed to use data it holds, including a summary description of the general interest purposes pursued by such data use and the description of the technical means used for it, including a description of the techniques used to preserve privacy and data protection in accordance with national and Union law;
Amendment 229 #
Proposal for a regulation Article 18 – paragraph 2 – point e a (new) (ea) in case where a notification pursuant to paragraph 3 of article 21 has taken place, a description of the measures taken in order to address the finding of non-compliance with one or more of the requirements of this Chapter.
Amendment 230 #
Proposal for a regulation Article 19 – title Specific requirements to safeguard rights and interests of data subjects and
Amendment 231 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not
Amendment 232 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. The non- compliance with this requirement should result in a decision by the national competent authority to remove the entity from the register of recognised data altruism organisation.
Amendment 233 #
Proposal for a regulation Article 19 – paragraph 2 (2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. Safeguards should be provided to ensure that misleading marketing practices are not used to solicit donations of data.
Amendment 234 #
Proposal for a regulation Article 21 – paragraph 5 a (new) (5a) However, non- compliance with the requirement of article 19 paragraph 2 should result on a decision to remove the entity from the register of recognised data altruism organisations
Amendment 235 #
Proposal for a regulation Article 24 – paragraph 1 (1) Natural and legal persons shall have the right to lodge a complaint, individually or by the representatives of one or more natural persons, with the relevant national competent authority against a provider of data sharing services or an entity entered in the register of recognised data altruism organisations.
Amendment 236 #
Proposal for a regulation Article 25 – paragraph 2 (2) Proceedings pursuant to this Article shall be brought before the courts of the Member State in which the authority
Amendment 237 #
Proposal for a regulation Article 27 – paragraph 1 – point b (b) to advise and assist the Commission in developing a consistent practice of the competent authorities in the application of requirements applicable to
Amendment 238 #
Proposal for a regulation Article 27 – paragraph 1 – point b a (new) (ba) to advise and assist the Commission in developing consistent guidelines for the use of technologies to effectively prevent the identification of data subjects such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation for the re-use of personal and non-personal data;
Amendment 239 #
Proposal for a regulation Article 27 – paragraph 1 – point b b (new) (bb) to advise and assist the Commission in developing consistent guidelines on how to best protect, in the context of this Regulation, commercially sensitive data of non-personal nature, in particular trade secrets, but also non- personal data representing content protected by intellectual property rights from unlawful access that risks intellectual property theft or industrial espionage;
Amendment 240 #
Proposal for a regulation Article 27 – paragraph 1 – point b c (new) (bc) to advise and assist the Member States and the Commission on the harmonisation of the interpretation and use of anonymisation and pseudonymisation of data across the Union;
Amendment 241 #
Proposal for a regulation Article 27 – paragraph 1 – point b d (new) (bd) to advise and assist the Commission in developing consistent guidelines for cybersecurity requirements for the exchange and storage of data, in compliance with high level cybersecurity standards;
Amendment 242 #
Proposal for a regulation Article 27 – paragraph 1 – point d (d) to advise and assist the Commission in addressing fragmentation of the data economy in the single market by enhancing the interoperability of data as well as data
Amendment 243 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities under this Regulation through capacity-
Amendment 244 #
Proposal for a regulation Article 27 – paragraph 1 – point e (e) to facilitate the cooperation between national competent authorities under this Regulation through capacity- building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for
Amendment 245 #
Proposal for a regulation Article 28 – paragraph 2 (2) The power to adopt delegated acts referred to in Articles 5 (9) and 5 (11) shall be conferred on the Commission for an indeterminate period of time from […].
Amendment 246 #
Proposal for a regulation Article 28 – paragraph 3 (3) The delegation of power referred to in Articles 5 (9) and 5 (11) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
Amendment 248 #
Proposal for a regulation Article 30 – paragraph -1 (new) -1. This Chapter shall apply to the transfer of non-personal data only.
Amendment 249 #
Proposal for a regulation Article 30 – paragraph 1 (1) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data
Amendment 250 #
Proposal for a regulation Article 30 – paragraph 2 (2) Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a public sector body, a natural or legal person to which the right to re-use data was granted under Chapter 2, a
Amendment 251 #
Proposal for a regulation Article 30 – paragraph 3 – subparagraph 1 – introductory part (3) Where a public sector body, a natural or legal person to which the right to re-use data was granted under Chapter 2, a
Amendment 252 #
Proposal for a regulation Article 30 – paragraph 4 (4) If the conditions in paragraph 2, or 3 are met, the public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the
Amendment 253 #
Proposal for a regulation Article 30 – paragraph 5 (5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the data sharing provider and the entity providing data altruism shall inform the data subject or the data holder about the existence of a request of an administrative authority in a third-country to access its data, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law
Amendment 254 #
Proposal for a regulation Article 30 – paragraph 5 (5) The public sector body, the natural or legal person to which the right to re-use data was granted under Chapter 2, the
Amendment 51 #
Proposal for a regulation Recital 1 a (new) (1 a) Both Article 6(2) of the Treaty on European Union and Article 51 of the Charter of fundamental rights require the Union to respect fundamental rights, observe the principles and promote the application thereof;
Amendment 52 #
Proposal for a regulation Recital 2 (2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life, with a major impact including on cross-border activities. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . But it could also generate potential risks, without a specific intention. In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. In order to turn that vision into
Amendment 53 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules
Amendment 54 #
Proposal for a regulation Recital 3 (3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements,
Amendment 55 #
Proposal for a regulation Recital 3 a (new) Amendment 56 #
Proposal for a regulation Recital 4 (4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy
Amendment 57 #
(4) Action at Union level is necessary in order to address the barriers to a well- functioning data-driven economy and to increase awareness and trust regarding the sharing of data, in particular by establishing proper mechanisms for data subjects to know and meaningfully exercise their rights, as well as data holders to exercise control over data, and create a Union-wide governance framework for data access and use, in particular regarding the re-use of certain types of data held by the public sector, the provision of services by data sharing providers to business users and to data subjects, as well as the collection and processing of data made available for altruistic purposes by natural and legal persons.
Amendment 58 #
Proposal for a regulation Recital 4 (4) Action at Union level, especially based on efficiency and firm responsibility, is necessary in order to address the barriers to a well-
Amendment 59 #
Proposal for a regulation Recital 4 a (new) (4a) The Commission’s consultation of 9 October 2019 entitled ‘SME panel consultation on B2B Data Sharing Principles and Guidance’ found that 40% of SMEs struggle to access the data they need to develop data-driven products and services underscoring the need to lower the barriers to a data-driven economy, in particular for SMEs. The Digital Europe Programme, as well as other Union and national programmes, should support cooperation to achieve a European ecosystem for trusted data sharing. European Digital Innovation Hubs and their network should also be able to help businesses, in particular SMEs and start- ups to reap the benefits from the European data economy.
Amendment 60 #
Proposal for a regulation Recital 4 a (new) (4a) Underlines the need to enhance Europe’s digital sovereignty in a self- determined manner by building on its strengths and reducing its weaknesses, preserving open markets and global cooperation.
Amendment 61 #
Proposal for a regulation Recital 4 b (new) (4b) To foster further trust in the data economy of the Union, it is essential that citizens, businesses, civil society actors and the public sector are provided with safeguards ensuring that control over their strategic and sensitive data is guaranteed and that Union legislation, values and high level standards are upheld in terms of, but not limited to, security, protection of personal data, consumer rights, intellectual property rights and commercial confidentiality, including trade secrets. To that end, public sector bodies, natural or legal persons to which the right to re-use data was granted, providers of data intermediation services and entities entered in the register of recognized data altruism organisations should adhere to the relevant technical standards, codes of conduct and certifications at Union level.
Amendment 62 #
Proposal for a regulation Recital 5 (5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often not made available, not even for research or innovative activities. Due to the sensitivity of this data, certain technical and legal procedural requirements must be met before they are made available, in order to ensure the respect of rights others have over such data
Amendment 63 #
Proposal for a regulation Recital 6 (6) There are techniques enabling privacy-friendly analyses on databases that contain personal data, such as anonymisation, pseudonymisation, differential privacy, generalisation, or suppression and randomisation or other methods that effectively prevent the identification of data subjects. Application of these privacy-enhancing technologies, together with comprehensive data protection approaches compliant with the rules on data processing should ensure the safe re-use of personal data and commercially confidential business data for research, innovation and statistical purposes. In many cases this implies that the data use and re-use in this context can only be done in a secure processing environment set in place and supervised by the public sector. There is experience at Union level with such secure processing environments that are used for research on statistical microdata on the basis of Commission Regulation (EU) 557/2013 (39 ). In general, insofar as personal data are concerned, the processing of personal data should rely upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679. _________________ 39Commission Regulation (EU) 557/2013 of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European Parliament and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission Regulation (EC) No 831/2002 (OJ L 164, 18.6.2013, p. 16).
Amendment 64 #
Proposal for a regulation Recital 6 (6) There are techniques enabling
Amendment 65 #
Proposal for a regulation Recital 6 a (new) (6a) In order to facilitate the protection of personal data or confidential data, and to speed up the process of making such data available for re-use under this Regulation, Member States should encourage public authorities to create and procure data in formats and structures that allow for swift anonymisation, similar to the principle ‘open by design and by default’ as referenced in Recital (16) of Directive (EU) 2019/1024 (Open Data Directive), and as encouraged under the green transition and digital transformation strategy promoting interoperability, energy efficiency, personal data protection and the use of open-source solutions.
Amendment 66 #
Proposal for a regulation Recital 7 (7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights.
Amendment 67 #
Proposal for a regulation Recital 8 (8) The re-use regime provided for in this Regulation should apply to data the supply of which forms part of the public tasks of the public sector bodies concerned, as defined by law or by other binding rules in the Member States. In the absence of such rules the public tasks should be defined in accordance with common administrative practice in the Member States, provided that the scope of the public tasks is transparent and subject to review. The public tasks could be defined generally or on a case-by-case basis for
Amendment 68 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. This may be the case when exclusive use of the data is the only way to maximise the societal benefits of the data in question, for example where there is only one entity (which has specialised in the processing of a specific dataset) capable of delivering the service or the product which allows the public sector body to provide an advanced digital service in the general interest. Such arrangements should, however, be concluded in compliance with public procurement rules and be subject to regular review based on a market analysis in order to ascertain whether such exclusivity
Amendment 69 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding
Amendment 70 #
Proposal for a regulation Recital 9 (9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of
Amendment 71 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition.
Amendment 72 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, transparent, proportionate and objectively justified, while
Amendment 73 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be lawful, transparent, non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of
Amendment 74 #
Proposal for a regulation Recital 11 (11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be ethical, transparent, sustainable, non- discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re-
Amendment 75 #
Proposal for a regulation Recital 11 a (new) (11a) The de-anonymisation of datasets should be prohibited unless where data subjects have given their consent, or another legal basis permits it. This should be without prejudice to the possibility to conduct research into anonymisation techniques, in particular where finding possible weaknesses in existing anonymisation techniques could lead to the overall strengthening of anonymisation, while duly respecting the fundamental right to the protection of personal data.
Amendment 76 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with the Charter, as well as international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way that facilitates re- use.
Amendment 77 #
Proposal for a regulation Recital 12 (12) The intellectual property rights of third parties
Amendment 78 #
Proposal for a regulation Recital 13 (13) Data subject to intellectual property rights as well as trade secrets should only be transmitted to a third party where such transmission is lawful by virtue of Union or national law or with the agreement of the rightholder. This transmission should be previously completely motivated. Where public sector bodies are holders of the right provided for in Article 7(1) of Directive 96/9/EC of the
Amendment 79 #
Proposal for a regulation Recital 14 (14) Companies and data subjects should be able to trust that the re-use of certain categories of protected data, which are held by the public sector, will take place in a manner that respects their rights and interests. Additional safeguards should thus be put in place for situations in which the re-use of such public sector data is taking place on the basis of a processing of the data outside the public sector. Such an additional safeguard could be found in the requirement that public sector bodies should
Amendment 80 #
Proposal for a regulation Recital 15 (15) Furthermore, in order to preserve fair competition and an open market economy it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided. Such appropriate safeguards should be considered to exist when in th
Amendment 81 #
Proposal for a regulation Recital 15 (15) Furthermore, it is important to protect
Amendment 82 #
Proposal for a regulation Recital 16 (16) In cases where
Amendment 83 #
Proposal for a regulation Recital 17 a (new) (17a) This Regulation, in accordance with European strategy for data and aiming to create a human-centric single European data space, must ensure that any access to EU citizen's personal data and certain sensitive data complies with its values and legislative framework, protecting personal data, public interests and fundamental rights. Any re-users located in a country outside of the EU should fully respect Union rules protecting personal data.
Amendment 84 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right
Amendment 85 #
Proposal for a regulation Recital 18 (18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisations should take all
Amendment 86 #
Proposal for a regulation Recital 19 (19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non-
Amendment 87 #
Proposal for a regulation Recital 20 (20) Public sector bodies should be able to charge fees for the re-use of data but should also be able to decide to
Amendment 88 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories
Amendment 89 #
Proposal for a regulation Recital 21 (21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the
Amendment 90 #
Proposal for a regulation Recital 22 (22) Providers of data sharing services (data intermediaries) are expected to play a
Amendment 91 #
Proposal for a regulation Recital 22 (22) Providers of data
Amendment 92 #
Proposal for a regulation Recital 25 (25) In order to increase trust in such data
Amendment 93 #
Proposal for a regulation Recital 26 (26) A key element to bring trust and more control for data holder and data users in data
Amendment 94 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data
Amendment 95 #
Proposal for a regulation Recital 27 (27) In order to ensure the compliance of the providers of data sharing services with the conditions set out in this Regulation, such providers should have a place of establishment in the Union. Alternatively, where a provider of data sharing services not established in the Union offers services within the Union, it should designate a representative. Designation of a representative is necessary, given that such providers of data sharing services handle personal data as well as commercially confidential data, which necessitates the close monitoring of the compliance of such service providers with the conditions laid out in this Regulation and with other relevant national and Union law. In order to determine whether such a provider of data sharing services is offering services within the Union, it
Amendment 96 #
Proposal for a regulation Recital 28 (28) This Regulation should be without prejudice to the obligation of providers of data sharing services to comply with Regulation (EU) 2016/679 and the responsibility of supervisory authorities to ensure compliance with that Regulation. When providers of data sharing services process personal data, this Regulation should not affect the protection of personal data. Where the data sharing service providers are data controllers or processors in the sense of Regulation (EU) 2016/679 they are bound by the rules of that Regulation. This Regulation should be also without prejudice to the application of competition law.
Amendment 97 #
Proposal for a regulation Recital 28 (28) This Regulation should be without prejudice to the obligation of providers of data
Amendment 98 #
Proposal for a regulation Recital 29 (29) Providers of data
Amendment 99 #
Proposal for a regulation Recital 30 (30) A notification procedure for data
source: 693.761
|
History
(these mark the time of scraping, not the official date of the change)
2023-08-03Show (26) Changes | Timetravel
| docs/0 |
|
| docs/10 |
|
| docs/10/docs/0/url |
http://www.europarl.europa.eu/RegData/commissions/itre/lcag/2021/12-15/ITRE_LA(2021)006048_EN.pdf
|
| docs/11 |
|
| docs/11 |
|
| docs/11/docs/0/url |
http://www.europarl.europa.eu/RegData/commissions/itre/inag/2021/12-22/ITRE_AG(2021)703098_EN.pdf
|
| docs/12 |
|
| docs/13 |
|
| docs/14 |
|
| docs/14 |
|
| docs/15 |
|
| docs/15 |
|
| docs/16 |
|
| docs/16 |
|
| docs/17 |
|
| docs/17 |
|
| docs/18 |
|
| docs/18 |
|
| events/0 |
|
| events/7 |
|
| events/8 |
|
| events/9 |
|
| events/12 |
|
| events/14 |
|
| events/14/docs |
|
| procedure/final |
|
2022-06-06Show (29) Changes | Timetravel
| docs/0 |
|
| docs/13 |
|
| docs/14 |
|
| docs/14 |
|
| docs/14/date |
Old
2021-03-23T00:00:00New
2021-03-24T00:00:00 |
| docs/15 |
|
| docs/15 |
|
| docs/15/date |
Old
2021-04-21T00:00:00New
2021-04-22T00:00:00 |
| docs/16 |
|
| docs/16 |
|
| docs/16/date |
Old
2021-02-18T00:00:00New
2021-02-19T00:00:00 |
| docs/17 |
|
| docs/17 |
|
| docs/17/date |
Old
2021-02-23T00:00:00New
2021-02-24T00:00:00 |
| docs/18 |
|
| docs/18/date |
Old
2021-02-21T00:00:00New
2021-02-22T00:00:00 |
| events/0 |
|
| events/7 |
|
| events/7/date |
Old
2021-12-05T00:00:00New
2021-12-06T00:00:00 |
| events/8 |
|
| events/12 |
|
| procedure/stage_reached |
Old
Procedure completed, awaiting publication in Official JournalNew
Procedure completed |
| procedure/subject/1.20.05 |
Public access to information and documents, administrative practice
|
| procedure/subject/1.20.09 |
Protection of privacy and data protection
|
| procedure/subject/2.40 |
Free movement of services, freedom to provide
|
| procedure/subject/2.80 |
Cooperation between administrations
|
| procedure/subject/3.30.06 |
Information and communication technologies, digital technologies
|
| procedure/subject/3.30.25 |
International information networks and society, internet
|
| procedure/subject/3.50.04 |
Innovation
|
2022-06-03Show (21) Changes | Timetravel
| docs/0 |
|
| docs/12 |
|
| docs/13/date |
Old
2021-03-24T00:00:00New
2021-03-23T00:00:00 |
| docs/14/date |
Old
2021-04-22T00:00:00New
2021-04-21T00:00:00 |
| docs/15/date |
Old
2021-02-19T00:00:00New
2021-02-18T00:00:00 |
| docs/16/date |
Old
2021-02-24T00:00:00New
2021-02-23T00:00:00 |
| docs/17/date |
Old
2021-02-22T00:00:00New
2021-02-21T00:00:00 |
| events/0 |
|
| events/7 |
|
| events/8 |
|
| events/8/date |
Old
2021-12-06T00:00:00New
2021-12-05T00:00:00 |
| events/11 |
|
| events/12 |
|
| procedure/stage_reached |
Old
Awaiting Council's 1st reading positionNew
Procedure completed, awaiting publication in Official Journal |
| procedure/subject/1.20.05 |
Public access to information and documents, administrative practice
|
| procedure/subject/1.20.09 |
Protection of privacy and data protection
|
| procedure/subject/2.40 |
Free movement of services, freedom to provide
|
| procedure/subject/2.80 |
Cooperation between administrations
|
| procedure/subject/3.30.06 |
Information and communication technologies, digital technologies
|
| procedure/subject/3.30.25 |
International information networks and society, internet
|
| procedure/subject/3.50.04 |
Innovation
|
2022-04-27Show (2) Changes | Timetravel
| docs/13 |
|
| events/9/summary |
|
2022-04-12Show (1) Changes | Timetravel
| events/8/docs |
|
2022-04-08Show (5) Changes | Timetravel
| docs/13 |
|
| events/8 |
|
| events/9 |
|
| forecasts |
|
| procedure/stage_reached |
Old
Awaiting Parliament's position in 1st readingNew
Awaiting Council's 1st reading position |
2022-04-03Show (4) Changes | Timetravel
| docs/12 |
|
| forecasts/0 |
|
| forecasts/0 |
|
| forecasts/1 |
|
2022-02-24Show (1) Changes | Timetravel
| forecasts/0/date |
Old
2022-03-23T00:00:00New
2022-04-04T00:00:00 |
2022-01-26Show (5) Changes | Timetravel
| docs/14 |
|
| docs/15 |
|
| docs/15/body |
Old
PL_SENATENew
PT_PARLIAMENT |
| docs/16 |
|
| forecasts/0/date |
Old
2022-03-07T00:00:00New
2022-03-23T00:00:00 |
2021-12-23Show (1) Changes | Timetravel
| docs/11 |
|
2021-12-09Show (2) Changes | Timetravel
| events/7 |
|
| forecasts |
|
2021-10-02Show (2) Changes | Timetravel
| docs/11 |
|
| events/4/summary |
|
2021-09-16Show (2) Changes | Timetravel
| events/5 |
|
| events/6 |
|
2021-08-07Show (2) Changes | Timetravel
| docs/11 |
|
| events/4/docs |
|
2021-07-22Show (2) Changes | Timetravel
| events/4 |
|
| procedure/stage_reached |
Old
Awaiting committee decisionNew
Awaiting Parliament's position in 1st reading |
2021-07-16Show (3) Changes | Timetravel
| events/2 |
|
| events/3 |
|
| procedure/Other legal basis |
Rules of Procedure EP 159
|
2021-07-14Show (3) Changes | Timetravel
| docs/9 |
|
| docs/10 |
|
| docs/10/date |
Old
2021-06-30T00:00:00New
2021-07-13T00:00:00 |
2021-07-08Show (1) Changes | Timetravel
| docs/10/docs/0/url |
https://www.europarl.europa.eu/doceo/document/JURI-AD-693557_EN.html
|
2021-07-05Show (1) Changes | Timetravel
| docs/10 |
|
2021-07-02Show (1) Changes | Timetravel
| docs/9/docs/0/url |
https://www.europarl.europa.eu/doceo/document/LIBE-AD-692728_EN.html
|
2021-06-30Show (1) Changes | Timetravel
| docs/9/date |
Old
2021-06-29T00:00:00New
2021-06-30T00:00:00 |
2021-06-29Show (2) Changes | Timetravel
| docs/8/docs/0/url |
https://www.europarl.europa.eu/doceo/document/IMCO-AD-691362_EN.html
|
| docs/9/date |
Old
2021-06-25T00:00:00New
2021-06-29T00:00:00 |
2021-06-25Show (1) Changes | Timetravel
| docs/9 |
|
2021-06-24Show (1) Changes | Timetravel
| docs/8 |
|
2021-06-15Show (1) Changes | Timetravel
| events/1 |
|
2021-06-08Show (3) Changes | Timetravel
| docs/0 |
|
| events/0 |
|
| procedure/legal_basis/0 |
Rules of Procedure EP 57
|
2021-05-25Show (1) Changes | Timetravel
| docs/8 |
|
2021-05-19Show (1) Changes | Timetravel
| committees/2/rapporteur |
|
2021-05-10Show (3) Changes | Timetravel
| docs/7 |
|
| docs/8 |
|
| docs/9 |
|
2021-05-03Show (1) Changes | Timetravel
| events/1/body |
EP
|
2021-04-30Show (3) Changes | Timetravel
| docs/4 |
|
| docs/5 |
|
| docs/6 |
|
2021-04-26Show (5) Changes | Timetravel
| docs/0 |
|
| events/0 |
|
| events/0 |
|
| events/1 |
|
| events/1/type |
Old
?!oeil-ANPRO!?New
Committee referral announced in Parliament, 1st reading |
2021-04-13Show (7) Changes | Timetravel
| docs/0 |
|
| docs/3 |
|
| docs/4 |
|
| docs/4/docs/0/url |
Old
https://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE691.139New
https://www.europarl.europa.eu/doceo/document/ITRE-PR-691139_EN.html |
| events/0 |
|
| events/0 |
|
| events/1 |
|
2021-03-31Show (1) Changes | Timetravel
| docs/3/docs/0/url |
https://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE691.139
|
2021-03-27Show (1) Changes | Timetravel
| docs/3 |
|
2021-03-27Show (2) Changes | Timetravel
| committees/0 |
|
| committees/0 |
|
2021-03-03Show (4) Changes | Timetravel
| committees/0 |
|
| committees/0 |
|
| committees/3 |
|
| committees/3 |
|
2021-02-24Show (4) Changes | Timetravel
| committees/0 |
|
| committees/0 |
|
| committees/3 |
|
| committees/3 |
|
2021-02-17Show (3) Changes | Timetravel
| committees/0 |
|
| committees/0 |
|
| committees/3/rapporteur |
|
2021-02-16Show (10) Changes | Timetravel
| committees/0 |
|
| committees/0 |
|
| committees/1/rapporteur |
|
| docs/0 |
|
| events/0/summary |
|
| events/1 |
|
| otherinst/1 |
|
| procedure/dossier_of_the_committee |
|
| procedure/other_consulted_institutions |
Old
European Economic and Social CommitteeNew
European Economic and Social Committee European Committee of the Regions |
| procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
2020-12-09Show (3) Changes
| commission |
|
| otherinst |
|
| procedure/other_consulted_institutions |
European Economic and Social Committee
|