Activities of Kosma ZŁOTOWSKI related to 2022/0047(COD)
Plenary speeches (1)
Data Act (debate)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)
Amendments (39)
Amendment 119 #
Proposal for a regulation
Recital 5
Recital 5
(5) This Regulation ensures that users of a product or related service in the Union can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processcloud computing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.
Amendment 120 #
Proposal for a regulation
Recital 6
Recital 6
Amendment 121 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
(6 a) While the obligation to make data available as provided by Union law, including Article 4(3), Article 5(8), Article 6 and Article 19(2) of this Regulation, or by national legislation implementing Union law, should be effective, this Regulation should not question the protection of trade secrets as such and that the access is only granted under measures that warrant for the protection of trade secrets within the meaning of Directive (EU) 2016/943.
Amendment 130 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
Amendment 138 #
Proposal for a regulation
Recital 21
Recital 21
(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Where on-device access is technically supported, the manufacturer should make this means of access also available to third-party service providers or the user. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer. Where either option is available, the user or third party should choose their preferred method.
Amendment 156 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To ensure coherent practices between Member States and predictable environment for private entities, the Member States and the Commission should identify the bodies that can request access to data owned by the enterprises. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 158 #
Proposal for a regulation
Recital 57
Recital 57
(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to identified public sector bodies or to identified Union institutions, agencies or bodies upon their request and within the remit of their activities. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations.
Amendment 165 #
Proposal for a regulation
Recital 62
Recital 62
(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested. The business whose data is to be shared, provided it acts in a good faith, should also have the possibility to raise objection concerning planned data transfer in order to protect its security, integrity or confidentiality. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
Amendment 175 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability of the European Parliament and of the Council. The solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processcloud computing services.
Amendment 188 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect the applicability of Union law on the protection of personal data, in particularis without prejudice to Regulations (EU) 2016/679 and (EU) 2018/1725 and Directives 2002/58/EC, including and (EU) 2016/680, including with regard to the powers and competences of supervisory authorities. Insofar as data subjects are concerned, the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement the right of data portability under Article 20 of Regulation (EU) 2016/679 and shall not adversely affect data protection rights of others.
Amendment 215 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical designownership of the product andor related services, the ability at the time the data is generated by the usage, to make available certain data;
Amendment 218 #
Proposal for a regulation
Article 2 – paragraph 1 – point 9
Article 2 – paragraph 1 – point 9
(9) ‘public sector body’ means identified national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies;
Amendment 222 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a provable risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s);
Amendment 225 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data process'cloud computing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed natureservice enabling ubiquitous, scalable, elastic and on-demand network access to a shared pool of configurable computing resources of a centralised, distributed or highly distributed nature provided to a customer that can be rapidly provisioned and released with minimal management effort or service provider interaction;
Amendment 234 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. Where products and related services are already subject to privacy by design requirements, especially Art. 11 of EU (2016/680), this regulation shall not oblige manufacturers to re-design their products and related services to comply with the requirements laid down in this regulation.
Amendment 243 #
Proposal for a regulation
Article 3 – paragraph 2 – point c – point i (new)
Article 3 – paragraph 2 – point c – point i (new)
Amendment 244 #
Proposal for a regulation
Article 3 – paragraph 2 – point c – point ii (new)
Article 3 – paragraph 2 – point c – point ii (new)
ii) The technical means to access the data, such as Software Development Kits or application programming interfaces , and their terms of use and quality of service shall be sufficiently described to enable the development of such means of access;
Amendment 256 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2 a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.
Amendment 261 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. Manufacturer, where technically supported, shall provide on-device access in a non-discriminatory manner. Where on-device and off-device access are available, the user or third party shall choose their preferred method.
Amendment 283 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. Such data shall be digitally processable and interpretable and shall at least provide basic context, metadata and time stamp.
Amendment 327 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
Amendment 341 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC shall not be binding on the latter enterpriseor which has been unilaterally imposed by an enterprise which is the sole source of the data they hold shall not be binding on the micro, small or medium-sized enterprise or the data recipient, respectively, if it is unfair.
Amendment 359 #
Proposal for a regulation
Article 14 – paragraph 1 a (new)
Article 14 – paragraph 1 a (new)
1 a. For the purpose of the request referred to in paragraph 1, the Member States authority referred to in Article 31 and the Commission shall establish a procedure to identify a list of dependent public sector bodies.This list shall be available to the public.While identifying the relevant public sector bodies, the Member States and the Commission shall consider what is strictly necessary to achieve the objectives of this Regulation .
Amendment 361 #
Proposal for a regulation
Article 14 – paragraph 2 a (new)
Article 14 – paragraph 2 a (new)
2 a. This Chapter shall not apply to categories of data already within the scope of application of sector-specific Union law regulating the sharing of data between enterprises and public bodies.
Amendment 365 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be deemed to exist in any of the following circumstances, and in alignment with Article 23 of Regulation (EU) 2016/679:
Amendment 373 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
Article 15 – paragraph 1 – point c – introductory part
(c) as a measure of last resort, where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and
Amendment 379 #
Proposal for a regulation
Article 17 – paragraph 1 – point a a (new)
Article 17 – paragraph 1 – point a a (new)
(a a) request data within its remit;
Amendment 385 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 389 #
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply to such third parties. Data received by third parties from public bodies due to a request under Article 15 shall not be used to develop any services which may compete with the services of the original data holder.
Amendment 392 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2
Article 17 – paragraph 4 – subparagraph 2
Where a public sector body or a Union institution, agency or body intends to transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received. Within 5 working days of that notification, the data holder shall have the right to submit reasonable objection to the intention of the public sector body to transmit or make its data available. In the case of a rejection by the public sector body, data holder may brought the objection to the competent authority referred to in Article 31.
Amendment 397 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 1530 working days in other cases of exceptional need, on either of the following grounds:
Amendment 399 #
Proposal for a regulation
Article 18 – paragraph 2 – point b a (new)
Article 18 – paragraph 2 – point b a (new)
(b a) provided security measures concerning transfer, storing and maintaining data confidentiality are insufficient.
Amendment 408 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of thea request under Article 15(a). In such a case, the public sector body or the Union institution, agency or body shall take appropriate measures to preserve the confidentiality of those trade secrets.
Amendment 411 #
Proposal for a regulation
Article 19 – paragraph 2 a (new)
Article 19 – paragraph 2 a (new)
2 a. Notwithstanding Article 21(1), a public sector body or a Union institution, agency or body shall be responsible for the security of the data they receive.
Amendment 425 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days or after a notice period agreed in the contractual agreement between the customer and the provider of cloud computing services, the contractual agreement of the service;
Amendment 431 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) ensure fullact with due care to maintain business continuity and security of the service and, taking into account the advancement in the switching process, ensure, to the greatest extent possible, continuity in the provision of the respectivelevant functions or services. within the provider of source cloud computing services’ infrastructure capacity and according to the contractual obligations;
Amendment 432 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) provide clear information concerning known risks to continuity in the provision of the respective functions or services from the side of provider of source cloud computing services during the switching process.
Amendment 453 #
Proposal for a regulation
Article 27 a (new)
Article 27 a (new)
Article 27 a List of third-country jurisdictions 1. The Commission may, by way of implementing acts, adopt a list of third country jurisdictions where international transfer or governmental access to non personal data held in the Union would create a conflict with Union law or the national law of the relevant Member State, taking into account: (i) conflicting regulations including on data protection, public security, national security; (ii) access to the reasoned objection procedure; (iii) the level of risk to lose the confidentiality of commercially sensitive data; (iv) international commitments; (v) third country adequacy recognition under article 45 of Regulation 2016/679 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). When developing the list, the Commission shall consult and take due account of the recommendations issued by the Data Innovation Board established under Regulation [xxx – Data Governance Act] and other relevant expert groups.
Amendment 473 #
Proposal for a regulation
Article 42 – paragraph 2
Article 42 – paragraph 2
It shall apply from [124 months after the date of entry into force of this Regulation].