99 Amendments of Maria GRAPINI related to 2022/0047(COD)
Amendment 89 #
Proposal for a regulation
Recital 1
Recital 1
(1) In recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation in products connected to the Internet of Things in particular has increased the volume and potential value of data for consumers, businesses and society. High quality and interoperable data from different domains increase competitiveness and innovation and ensure sustainable economic growth. The same dataset may potentially be used and reused for a variety of purposes and to an unlimited degree, without any loss in its quality or quantity, while respecting users’ choices and applicable legislation to protect them.
Amendment 92 #
Proposal for a regulation
Recital 2
Recital 2
(2) Barriers to data sharing prevent an optimal allocation of data to the benefit of society. These barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and abuse of contractual imbalances with regards to data access and use.
Amendment 93 #
Proposal for a regulation
Recital 4
Recital 4
(4) In order to respond to the needs of the digital economy, protect consumers and to remove unjustified barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.
Amendment 96 #
Proposal for a regulation
Recital 5
Recital 5
(5) This Regulation ensures that users of a product or related service in the Union including data subjects and consumers, can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties and for the purposes of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for users, micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC and for all other types of enterprises, including start- ups. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.
Amendment 106 #
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation complements and is without prejudice to Union law aiming to promote the interests of consumers and to ensure a high level of consumer protection, to protect their health, safety and economic interests, in particularcluding Directive 2005/29/EC of the European Parliament and of the Council59 , Directive 2011/83/EU of the European Parliament and of the Council60 and Directive 93/13/EEC of the European Parliament and of the Council61 . _________________ 59 Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to- consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22). 60 Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council. 61 Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts. Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules.
Amendment 115 #
Proposal for a regulation
Recital 20
Recital 20
(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all personseach user can have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should swiftly inform the user how the data may be accessed.
Amendment 121 #
Proposal for a regulation
Recital 23
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided by the data holder to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679.
Amendment 125 #
Proposal for a regulation
Recital 24
Recital 24
(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be fair and transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.
Amendment 128 #
Proposal for a regulation
Recital 25
Recital 25
(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, contractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase, rent or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options (such as “allow once” or “allow while using this app or service”), including the prominent option to withdraw permission.
Amendment 132 #
Proposal for a regulation
Recital 26
Recital 26
(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, EU consumer law applies, Directive 2005/29/EC, which applies against unfair commercial practices, and Directive 93/13/EEC which applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises
Amendment 139 #
Proposal for a regulation
Recital 33
Recital 33
(33) In order to prevent the exploitation of users, third parties to whom data has been made available upon request of the user should only process the data for the purposes agreed with the user and share it with another third party only if, as clearly unequivocally informed to the user in timely manner, this is necessary to provide the service requested by the user.
Amendment 143 #
Proposal for a regulation
Recital 34
Recital 34
(34) In line with the data minimisation principle, the third party should only access additional information that is necessary for the provision of the service requested by the user. Having received access to data, the third party should process it exclusively for the purposes agreed with the user, without interference from the data holder. It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access. TData holder or the third party should not make the exercise of the rights or choices of users unduly difficult including by offering choices to users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or free choices of the user, including by means of a digital interface with the useror a part thereof, including its structure, design, function or manner of operation. iIn this context, the data holders and third parties should not rely on so-called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them. These manipulative techniques can be used to persuade users, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and free choice. Common and legitimate commercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. TData holders and third parties should comply with their obligations under relevant Union law, in particularcluding the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.
Amendment 149 #
Proposal for a regulation
Recital 37
Recital 37
Amendment 152 #
Proposal for a regulation
Recital 41
Recital 41
(41) In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 155 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient, in business-to-business relations. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises, for the costs incurred and investment required for making the data available.
Amendment 158 #
Proposal for a regulation
Recital 43
Recital 43
(43) In duly justified cases, including the need to safeguard consumer participation and competition or to promote innovation in certain markets, Union law or national legislation implementing Union law may impose regulated compensation for making available specific data types.
Amendment 162 #
Proposal for a regulation
Recital 48
Recital 48
(48) Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing. In cases where parties cannot agree on fair, reasonable and non-discriminatory terms of making data available, dispute settlement bodies should offer a simple, fast and low- cost solution to the parties. This process cannot undermine the exercise of the rights of users and in case users are affected by a dispute between data holders and data recipients or third parties, users should be effectively and swiftly compensated.
Amendment 165 #
Proposal for a regulation
Recital 52
Recital 52
(52) Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed on micro, small and medium-sized enterprises. This concerns ‘take-it-or- leave-it’ situations where one party supplies a certain contractual term and the micro, small or medium-sized enterprise cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party and accepted by the micro, small or medium-sized enterprise or a term that is negotiated and subsequently agreed in an amended way between contracting parties should not be considered as unilaterally imposed. All contractual agreements shall be in line with Fair, Reasonable and Non- Discriminatory (FRAND) principles
Amendment 177 #
Proposal for a regulation
Recital 69 a (new)
Recital 69 a (new)
(69a) Unnecessarily high “data egress fees”, or data transfer costs have the potential to restrict competition and cause lock-in effects for the customers of data processing services, by reducing incentives to choose a different or additional service provider. Therefore, the gradual withdrawal of the charges associated with switching data processing services shall specifically include withdrawing any “egress fees” charged by the data processing service to a customer.
Amendment 186 #
Proposal for a regulation
Recital 72
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type. Services can only be expected to facilitate functional equivalence for the functionalities that both the originating and destination services offer. This Regulation doesn't instate an obligation of facilitating functional equivalence for data processing services of the PaaS and/or SaaS service delivery model. Meta- data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching.
Amendment 204 #
Proposal for a regulation
Recital 82
Recital 82
(82) In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for the infringements of their rights under this Regulation by lodging complaints with competent authorities. Those authorities should be obliged to cooperate to ensure the complaint is appropriately handled and resolved swiftly. In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to the Regulation (EU) 2017/2394 of the European Parliament and of the Council68 and Directive (EU) 2020/1828 of the European Parliament and of the Council69 . _________________ 68 Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1). 69 Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
Amendment 210 #
Proposal for a regulation
Article 1 – paragraph 4 a (new)
Article 1 – paragraph 4 a (new)
Amendment 214 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording; communicated by a product or related service via a publicly available electronic communication service. This includes data that represent the digitalisation of user actions and events such as data generated by the use of a product or related service or recorded intentionally by the user.
Amendment 220 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
Article 2 – paragraph 1 – point 1 a (new)
(1a) 'accessible data’ means data that the data holder can request and obtain, via a publicly available electronic communication service, in a digital, machine-readable format, from the product, onto an existing interface.
Amendment 225 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)
Article 2 – paragraph 1 – point 1 b (new)
(1b) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU)2016/679.
Amendment 227 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 c (new)
Article 2 – paragraph 1 – point 1 c (new)
(1c) 'non-personal data’ means data other than personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679.
Amendment 228 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 d (new)
Article 2 – paragraph 1 – point 1 d (new)
(1d) ‘consent’ means consent as defined in article 4,point (11), of Regulation (EU) 2016/679;
Amendment 229 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 e (new)
Article 2 – paragraph 1 – point 1 e (new)
(1e) 'raw data’ means data collected directly from a source and not processed in any way;
Amendment 232 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4 a (new)
Article 2 – paragraph 1 – point 4 a (new)
Amendment 235 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person that owns, rents or leases a product or receives a services;, or related services, or the data subject
Amendment 240 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, the ability, to make available certain data; When in possession of personal data, only a controller as defined by Article 4.7 of Regulation (EU) 2016/679 can be a ‘data holder’
Amendment 248 #
Proposal for a regulation
Article 2 – paragraph 1 – point 8 a (new)
Article 2 – paragraph 1 – point 8 a (new)
Amendment 270 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20a) ‘metadata’ means a structured description of the contents of the data facilitating the discovery and use of this data, as well as any other data collected for the purposes of the provision of the service, including configuration parameters, security settings, logs, and other information regarding the use of the service by the final users. As for data generated by the use of connected products, the relevant metadata means the metadata that the data holder uses for its own purpose.
Amendment 278 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, free of charge, safely, easily, securely and, where relevant and appropriate, directly accessible to the user in a structured, commonly used and machine readable format. This shall be done without endangering their functionality and in accordance with data security requirements as laydown by Regulation 2016/679.
Amendment 283 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. Consumers shall have the right to obtain a copy of the data generated by their use of the product and related services, from the data holder without hindrance, in a structured, commonly used and machine-readable format, free of charge.
Amendment 288 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1b. Products and related services shall be designed and manufactured in such a manner that data subjects, irrespective of their legal title over the product, are offered the possibility to use the products covered by this Regulation anonymously or in the least privacy-intrusive way possible, such as by anonymising the data.
Amendment 293 #
Proposal for a regulation
Article 3 – paragraph 2 – introductory part
Article 3 – paragraph 2 – introductory part
2. Before concluding a contract for the purchase, rent or lease of a product or a related service, consumers should be presented with granular, meaningful consent options for data processing, within the meaning of Article4 (11) of Regulation (EU) 2016/679, differentiating between data that is essential for the functioning of the product and a related and other types of data. In addition, at least the following information shall be provided to the user, in a clear and comprehentimely, prominent and comprehensible and easily accessible format:
Amendment 297 #
Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)
Article 3 – paragraph 2 – point a a (new)
(aa) the purpose for which data would be processed
Amendment 298 #
Proposal for a regulation
Article 3 – paragraph 2 – point a b (new)
Article 3 – paragraph 2 – point a b (new)
(ab) the personal data to be processed by the product as well as the indication of the personal data which are necessary for the functioning of the product
Amendment 299 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
Article 3 – paragraph 2 – point c
(c) how the user may access those data and a copy of those data, free of charge;
Amendment 304 #
Proposal for a regulation
Article 3 – paragraph 2 – point e
Article 3 – paragraph 2 – point e
(e) whether the seller, renter or lessor is the data holder and, if not, the identity of the data holder, such as its trading name , contact details and the geographical address at which it is established;
Amendment 306 #
Proposal for a regulation
Article 3 – paragraph 2 – point f
Article 3 – paragraph 2 – point f
(f) the means of communication which enable the user to contact the data holder quickly and communicate with that data holder efficiently in a durable method;
Amendment 307 #
(g) how the user may request that the data are shared with a third-party, free of charge;
Amendment 310 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2a. The data holder shall not make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a neutral manner, or coerce, deceive or manipulate the user in any way, or subvert or impair the autonomy,decision-making or free choices of the user, including by means of a digital interface or a part thereof, including its structure, design, function or manner of operation
Amendment 315 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product or related service, the data holder shall make available to the user the data generated by itsthe use of a product or related service without undue delay, free of charge, that are accessible to the data holder, as well as the relevant metadata, without undue delay, free of charge, easily, securely, in a structured, commonly used and machine- readable format, and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. The manufacturer, where technically supported, shall provide on- device access in a non-discriminatory manner. Where on-device and off-device access are available, the user or third party shall choose their preferred method.
Amendment 321 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product or related service from which the data originate.
Amendment 324 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. hat are accessible to the data holder, as well as the relevant metadata, to a third party, without undue delay, free of charge to the user, in an interoperable, structured, commonly used and machine- readable format, of the same quality as is available to the data holder and, where applicable, continuously and in real-time and done on the basis of secure access mechanisms. Such data shall be digitally processable and interpretable and shall at least provide basic context, metadata and time stamp.
Amendment 333 #
Proposal for a regulation
Article 5 – paragraph 6 a (new)
Article 5 – paragraph 6 a (new)
6a. The data holder shall not make the usability of the product or related service dependent on the user allowing it to process data not required for the functionality of the product or provision of the related service.
Amendment 338 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A third party shall process the data made available to it pursuant to Article 5 only for the purposes, mentioned in paragraph 2a and under the conditions agreed with the user, and subject to the rights of the data subject insofar as personal data are concerned, and shall immediately delete the data when they are no longer necessary for the agreed purpose.
Amendment 340 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a non- neutral manner, or coerce, deceive or manipulate the user in any way, byor subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user or a part thereof, including its structure, design, function or manner of operation;
Amendment 346 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) make the data available it receives available to another third party, in raw, aggregated or derived form, unless this is necessary to provide the service requested by the user and after the user has explicitly been made aware of this in a clear, easily accessible and prominent way;
Amendment 352 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2a. A third party should only use personal data for one of the following specific purposes: (a) the provision of aftermarket services, such as the maintenance and repair of the product or related service or the provision of an aftermarket service that may be in competition with a product or related service provided by the data holder; (b) the provision of an added value service explicitly requested by the consumer or data subject; (c) specific data intermediation services recognised in the Union or specific services provided by data altruism organisations recognised in the Union under the conditions and requirements of Chapters III and IV of Regulation (EU) 2022/868; (d) purposes of non-profit organisations in the public interest; (e) research and innovation in the public interest.
Amendment 353 #
Proposal for a regulation
Article 6 a (new)
Article 6 a (new)
Article 6a Prohibited contractual clauses for business to consumer contracts 1. Contractual terms by data holders, third parties or data recipients concerning the access to, sharing and use of data or the liability and remedies for the breach or the termination of data-related obligations shall be prohibited if their object or effect is to; (a) process personal data generated by the use of a product or service by any data subject other than the user, including use by data holders and third parties, where the data makes it possible to make inferences about private lives or would otherwise entail high risks for the rights and freedoms of the individuals concerned; (b) bundle data usage by data holders or third parties, for example for purposes both necessary for the operation of the product or the related service together with purposes which are unnecessary, such as use for marketing or development of new products; (c) unrestrictedly use personal data generated by the use of a product or related services for purposes such as direct marketing or advertising, credit scoring, to determine eligibility to health insurance or to calculate or modify insurance premiums; (d) derogate from remedies resulting from non-conformity of a product or a service caused by the trader's breaches of the Data Act.
Amendment 355 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
Amendment 362 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. A data holder shall not discriminate between comparable categories of data recipients, that are comparable in terms of activity, size, type of business relationship, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient considers the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder to demonstrate that there has been no discrimination.
Amendment 366 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonablein business-to- business relations shall be reasonable. This Regulation precludes the data holder or the third party from directly or indirectly charging consumers or data subjects a fee, compensation or costs for sharing data or for accessing it.
Amendment 373 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, anyAny reasonable compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly. These costs include the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production.
Amendment 381 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8, 9 and 913.
Amendment 385 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively obtain a copy or provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
Amendment 392 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC shall not be binding on the latter enterprise if it is unfair.provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro, small or medium enterprise;
Amendment 401 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Upon request, a data holder shall make data, including metadata, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.
Amendment 404 #
Proposal for a regulation
Article 14 – paragraph 2 a (new)
Article 14 – paragraph 2 a (new)
2a. This chapter shall not preclude from voluntary cooperation among public sector body or to a Union institution, agency or body and businesses based on non exceptional needs for delivering public services, without prejudice of what stipulated in GDPR
Amendment 446 #
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. A data holder receiving a request for access to data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay, taking into account provision of time and necessary technical, organisational and legal measures.
Amendment 451 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(ba) implement the necessary measures to prevent data from the data holder to be shared with public or semi-public entities which are market competitors with the data holder, leading to unfair competition situations.
Amendment 460 #
Proposal for a regulation
Article 20 – paragraph 2 a (new)
Article 20 – paragraph 2 a (new)
2a. Where the public-sector body or the Union institution, agency or body wishes to challenge the level of compensation requested by the data holder, the matter shall be brought to the competent authority referred to in Article 31 of the Member State where the data holder is established.
Amendment 471 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service;, or a mutually agreed longer notice period on a contractual basis provided that both parties are able to equally influence the contractual content.
Amendment 481 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
Article 23 – paragraph 1 – point c
(c) porting its data, and metadata created by the customer and by the use of the originating service, and/or the customer’s applications and other digital assets to another provider of data processing services;
Amendment 504 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
Amendment 508 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) assist and, where technically feasible, complete the switching process, including reasonably assisting a third- party entity managing the switching process on behalf of the customer;
Amendment 516 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) ensure full continuity or sufficient continuity in compliance with the contractual arrangements related to continuity in the provision of the respective functions or services.
Amendment 520 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) provide the customer and third parties authorised by the customer, at their request, access to the resources necessary to support the switching process.
Amendment 524 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the servicewhere technically feasible, at minimum;
Amendment 532 #
Proposal for a regulation
Article 24 – paragraph 1 – point b – point i (new)
Article 24 – paragraph 1 – point b – point i (new)
i) all data imported by the customer at the inception of the service agreement;
Amendment 533 #
Proposal for a regulation
Article 24 – paragraph 1 – point b – point ii (new)
Article 24 – paragraph 1 – point b – point ii (new)
ii) all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;
Amendment 537 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
Article 24 – paragraph 1 – point c
(c) a minimum period for data retrieval of at least 360 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2.
Amendment 539 #
Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)
Article 24 – paragraph 1 – point c a (new)
(c a) clear description of the different operations required for switching process and clear indication of the corresponding charges imposed on the customer;
Amendment 552 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3yrs, the date of entry into force of this Regulation] onwards, providers of data processing services shall not impose any charges on the customer who are consumers for the switching process.
Amendment 562 #
Proposal for a regulation
Article 25 – paragraph 2
Article 25 – paragraph 2
2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer in business-to-business relations for the switching process.
Amendment 574 #
Proposal for a regulation
Article 25 – paragraph 4
Article 25 – paragraph 4
4. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor switching charges imposed by data processing service providers on the market to ensure that the withdrawal of switching charges as described in paragraph 1a of this Article will be attained in accordance with the deadline provided in the same paragraph.
Amendment 577 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that provide assistance and take all necessary measures in their power, including in cooperation with the data processing service provider of the destination service, to facilitate the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoyswith the aim of achieving functional equivalence in the use of the new service.
Amendment 582 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfacescan be required by the data recipient to make open interfaces designed to facilitate switching between services of the same service type publicly available and free of charge.
Amendment 585 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation or another format mutually agreed upon by the parties.
Amendment 595 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
Article 26 – paragraph 4 a (new)
4 a. Providers of data processing services should not be required to make their services less secure to ensure functional equivalence nor providers of non-infrastructure services be required to meet specifications that do not support security features of their service,unless in cases where such change introduces higher security and cybersecurity standards.
Amendment 612 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Amendment 614 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a
Article 28 – paragraph 1 – subparagraph 1 – point a
(a) the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described in a machine-readable format to allow the recipient to find, access and use the data;
Amendment 618 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format, where that is necessary for the good functioning of the product or service and is technically feasible;
Amendment 626 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. Operators ofwithin data spaces and data holders that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.
Amendment 635 #
Proposal for a regulation
Article 29 – paragraph 1 – point b
Article 29 – paragraph 1 – point b
(b) enhance portability of data and of digital assets between different data processing services that cover the same service type;
Amendment 637 #
Proposal for a regulation
Article 29 – paragraph 1 – point c
Article 29 – paragraph 1 – point c
(c) guarantefacilitate, where technically feasible, functional equivalence between different data processing services that cover the same service type.
Amendment 640 #
Proposal for a regulation
Article 29 – paragraph 1 – point c a (new)
Article 29 – paragraph 1 – point c a (new)
Amendment 646 #
Proposal for a regulation
Article 29 – paragraph 4
Article 29 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to define the scope of a specific service type and to draft European standards applicable to specific service types of data processing services.
Amendment 653 #
Proposal for a regulation
Article 31 – paragraph 2 – point c
Article 31 – paragraph 2 – point c
(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have, sufficient technical and human resources and expertise experience in the field of consumer protection, data and electronic communications services.
Amendment 661 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights under this Regulation have been infringed.
Amendment 662 #
Proposal for a regulation
Article 32 – paragraph 3
Article 32 – paragraph 3
3. Competent authorities shall cooperate to handle and resolve complaints, including by effectively and in a timely manner, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.
Amendment 665 #
Proposal for a regulation
Article 32 a (new)
Article 32 a (new)
Article 32 a Representation Without prejudice to Directive (EU) 2020/1828 or to any other type of representation under national law, recipients of intermediary services shall at least have the right to mandate a body, organisation or association to exercise the rights conferred by this Regulation on their behalf, provided the body, organisation or association meets all of the following conditions: (a) it operates on a not-for-profit basis; (b) it has been properly constituted in accordance with the law of a Member State; (c) its statutory objectives include a legitimate interest in ensuring that this Regulation is complied with.
Amendment 667 #
Proposal for a regulation
Article 32 b (new)
Article 32 b (new)
Amendment 668 #
Proposal for a regulation
Article 32 c (new)
Article 32 c (new)
Article 32 c Right to an effective judicial remedy against a controller or processor 1. Without prejudice to any available administrative or non-judicial remedy, including under Directive (EU) 2020/1828 and the righto lodge a complaint with a competent authority pursuant to Article 32b,each user shall have the right to an effective judicial remedy where he or she considers that their rights under this Regulation have been infringed as a result of the non-compliance with this Regulation. 2. Proceedings against a data holder, third party or data recipient shall be brought before the courts of the Member State where the user has their habitual residence, place or work or establishment.
Amendment 671 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such contractual terms shall be in line with Fair, Reasonable and Non- Discriminatory (FRAND) principles.
Amendment 672 #
Proposal for a regulation
Article 34 – paragraph 1 a (new)
Article 34 – paragraph 1 a (new)
The Commission shall, after consulting the European Data Protection Board, issue guidelines on the definition of products to ascertain which devices are included or excluded from the scope of this Regulation in line with the definition of product under Article 2 of this Regulation.