16 Amendments of Paul TANG related to 2020/0340(COD)
Amendment 176 #
Proposal for a regulation
Recital 7
Recital 7
(7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. It must be ensured that companies do not have direct access to protected data and that, as a consequence, anonymisation cannot be conducted by them. _________________ 40 OJ L 157, 15.6.2016, p. 1–18
Amendment 185 #
Proposal for a regulation
Recital 19
Recital 19
(19) In order to build trust in re-use mechanisms, it may beis necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Amendment 193 #
Proposal for a regulation
Recital 24
Recital 24
(24) Data cooperatives seek toand data unions seek to achieve a number of objectives, in particular strengthen the position of individuals into makinge informed choices before consenting to data use, influencing the terms and conditions of data user organisations attached to data use or potentially solving disputes between members of a group on how data can be used when such data pertain to several data subjects within that group. In this context it is important to acknowledge that the rights under Regulation (EU) 2016/679 can only be exercised by each individual and cannot be conferred or delegated to a data cooperativein a manner that gives better choices to the individual members of the group or potentially solving conflicts in positions of individual members of a group on how data can be used when such data pertain to several data subjects within that group can have effects on other members of the group. Data cooperatives could also provide a useful means for one-person companies, micro, small and medium-sized enterprises that in terms of knowledge of data sharing, are often comparable to individuals.
Amendment 194 #
Proposal for a regulation
Recital 24 a (new)
Recital 24 a (new)
(24 a) Among others, data coalitions could ensure that marginalised communities’ data protects them from disease, instead of exposing them to predictive policing and that every citizen gets a fair share of the value they create in the digital economy.
Amendment 201 #
Proposal for a regulation
Recital 36
Recital 36
(36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Legal persons could give permission to the processing of their non-personal data for a range of purposes not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and companies. Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the registered entity, oversight mechanisms such as ethics councils or boards to ensure that the data controller maintains high standards of scientific ethics, effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679 as well as means for data subjects to stay informed about the use of data they made available. Legal entities should ensure that misleading marketing practices are not used to solicit donations of data.
Amendment 205 #
Proposal for a regulation
Recital 39
Recital 39
(39) To bring additional legal certainty to granting and withdrawing of consent, in particular in the context of scientific research and statistical use of data made available on an altruistic basis, a European data altruism consent form should be developed and used in the context of altruistic data sharing. Such a form should contribute to additional transparency for data subjects that their data will be accessed and used in accordance with their consent and also in full compliance with the data protection rules. It could also be used to streamline data altruism performed by companies and provide a mechanism allowing such companies to withdraw their permission to use the data any time. Persons who decide to withdraw their consent shall be ensured that the data for which they gave their consent is no longer used and that they have been removed from the projects for which they were used. In order to take into account the specificities of individual sectors, including from a data protection perspective, there should be a possibility for sectoral adjustments of the European data altruism consent form.
Amendment 247 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
(2) By way of derogation from paragraph 1, an exclusive right to re-use data referred to in that paragraph may be granted to the extent necessary for the provision of a service or a product in the general interest, defined and justified why it is of general interest.
Amendment 249 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
(3) Public sector bodies mayshall impose an obligation to re-use only pre-processed data where such pre-processing aims to anonymizse or pseudonymise personal data or delete commercially confidential information, including trade secretsand data containing trade secrets are processed accordingly. It must be ensured that companies do not have direct access to protected data and that, as a consequence, anonymisation cannot be conducted by them.
Amendment 253 #
Proposal for a regulation
Article 5 – paragraph 4 – introductory part
Article 5 – paragraph 4 – introductory part
(4) Public sector bodies mayshall impose obligations
Amendment 283 #
Proposal for a regulation
Chapter III – title
Chapter III – title
III requirements applicable toA European authorisation framework for data sharing service providers
Amendment 284 #
Proposal for a regulation
Article -9 (new)
Article -9 (new)
Article -9 Creating trust for providers of data sharing services (1) A European general authorisation framework shall be established in order to increase trust in the provision of data sharing services, as identified in paragraph (2), thereby improving the conditions for the functioning of the internal market by increasing data exchanges within the Union, with a view to create a single market for data. (2) The general authorisation framework shall apply to the provision of the following services: (a) services aimed at the creation of personal data spaces, namely services enabling data subjects to exercise the rights provided in Regulation (EU) 2016/679, which may be paired by making available dedicated storage services to the data subjects; (b) services related to the creation of data cooperatives, namely services enabling several data subjects to exercise collectively the rights provided in Regulation (EU) 2016/679, which may be paired by making available data storage services to such data subjects. (3) Member States shall not introduce new national authorisation frameworks for the services covered by the European general authorisation framework for data sharing services. (4) The provider of data sharing services shall be compliant with the requirements laid down in Regulation (EU) 2016/679, including the provisions on transfers of personal data to third countries or international organisations. (5) The general authorisation is without prejudice to powers of supervisory authorities to ensure compliance of providers of data sharing services with applicable law, including on the protection of personal data and competition law. (6) The provision of data sharing services as well as the exchange of information between undertakings are without prejudice to the application of competition law.
Amendment 289 #
Proposal for a regulation
Article 9 – paragraph 1 – point c
Article 9 – paragraph 1 – point c
(c) services of data cooperatives, that is to say services supportingenabling several data subjects or, including one-person companies or micro, small and medium-sized enterprises, who are members of the cooperative or whoto exercise collectively the rights provided in Regulation (EU) 2016/679 which may be paired by making available data storage services to such data subjects. This could be done by confer thering power to the cooperative to negotiate terms and conditions for data processing before they consent, in making informed choices before consenting to data processing, and allowing for mechanisms to exchange views on data processing purposes and conditions that would best represent the interests of data subjects or legal persons.
Amendment 319 #
Proposal for a regulation
Article 11 – paragraph 1 – point 11 a (new)
Article 11 – paragraph 1 – point 11 a (new)
(11 a) The provider shall ensure interoperability with other data sharing services, using open data standards and accessible APIs when technically feasible;
Amendment 335 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
(2) The Commission shall maintain a Union register of recognised data altruism organisations, which shall be accessible to the public.
Amendment 352 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
(2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing and ensure that misleading marketing practices are not used to solicit donations of data.
Amendment 356 #
Proposal for a regulation
Article 19 – paragraph 2 a (new)
Article 19 – paragraph 2 a (new)
(2 a) The entity shall ensure that the data is not used for advertising purposes.