46 Amendments of Massimiliano SALINI related to 2022/0047(COD)
Amendment 112 #
Proposal for a regulation
Recital 6
Recital 6
(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product and the user of that product. It gives rise to questions of fairness in the digital economy, because the data recorded by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use. However, it is also important that data sharing based on voluntary agreements continues to develop in order to facilitate the development of data-driven value growth of European companies.
Amendment 124 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as tThe data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. In scope are data in raw form (also known as source or primary data, which refers to data points that are automatically generated without any form of processing) as well as prepared data (data cleaned and transformed for the purpose of making it useable prior to further processing and analysis). The Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medicalm ‘prepared data’ should be interpreted broadly, without however reaching the stage of deriving or inferring insights. Prepared data may include data enriched with metadata, combined with other data (e.g. sorted and classified with other data points relating to it) or re-formatted into a commonly-used format. Such data are potentially valuable to the user and support innovation and thealth devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. By contrast, information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovis not generated by the use of the product, but is the outcome of a characterisation, and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. ssessment, recommendation, categorisation or similar systematic processes that assign values or insights to a user or product. Data that is constitutive of a trade secret should only be made available to a data user or third party if all the necessary measures to protect the confidentiality of the trade secrets have been taken by the third party.
Amendment 138 #
Proposal for a regulation
Recital 15
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Likewise defence related products as defined in Article 3(1) of Directive 2009/43 should not be covered by this Regulation.
Amendment 156 #
Proposal for a regulation
Recital 18
Recital 18
(18) The user of a product should be understood as the legal or natural person, such as a business or consumer or public sector body, which has purchased, rented or leased the product on other than short- term basis. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. An owner, renter or lessee should equally be considered as user, including when several entities can be considered as users. In the context of multiple users, each user may contribute in a different manner to the data generation and can have an interest in several forms of use.
Amendment 179 #
Proposal for a regulation
Recital 23
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679. The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the product, but should however implement a reasonable data retention policy that allows for the effective application of the data access rights under this Regulation
Amendment 201 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. Their confidentiality should be preserved through contractual solutions, such as confidentiality agreements and licensing schemes. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product. Consequently, when providing access to data to users or third-parties, data holders should be able to use technical or organizational measures such as strict access protocols, non-disclosure agreements or any other similar measure meant to ensure the preservation of the secrecy of data considered as trade secrets.
Amendment 209 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third party to whom data is made available may be an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, the data holder nor the third party should not abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. TNeither the data holder nor the third party should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the data holder and third party or its assets or production methods or the use in any other way that could undermine the commercial position of the data holder or third party on the markets it is active on. Data intermediation services [as regulated by Regulation (EU) 2022/868] may support users or third parties in establishing a commercial relation for any lawful purpose on the basis of data of products in scope of this Regulation e.g. by acting on behalf of a user. They could play an instrumental role in aggregating access to data from a large number of individual users so that big data analyses or machine learning can be facilitated, as long as such users remain in full control on whether to contribute their data to such aggregation and the commercial terms under which their data will be used.
Amendment 236 #
Proposal for a regulation
Recital 37
Recital 37
(37) GThis Regulation does not prevent micro and small enterprises to participate in the data sharing practices, however given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, wWhere a micro or small enterprise is sub- contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy, Member States should provide digital training and guidance to such enterprises.
Amendment 246 #
Proposal for a regulation
Recital 41
Recital 41
(41) Any agreement concluded in business-to-business relations for making the data available should not discriminate between comparable categories of data recipients, independently whether they are large companies or micro, small or medium-sized enterprises. In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 253 #
Proposal for a regulation
Recital 42 a (new)
Recital 42 a (new)
(42 a) Such reasonable compensation may include firstly the costs incurred and investment required for making the data available. These costs can be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Such technical costs could include also the costs for processing, necessary to make data available. Costs related to making the data available may also include the costs of organising answers to concrete data sharing requests. They may also vary depending on the arrangements taken for making the data available. Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, could reduce the costs in regular or repetitive transactions in a business relationship. Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available. Reasonable compensation may include secondly a margin. Such margin may vary depending on factors related to the data itself, such as volume, format or nature of the data, or on the supply of and demand for the data. It may consider the costs for collecting the data. The margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high. The margin may also depend on the follow-on use of the data by the data recipient. It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the own activities of the data holder. The fact that the data is co-generated by the user could also lower the amount of the compensation in comparison to other situations where the data are generated exclusively by the data holder.
Amendment 281 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Exceptional needs are circumstances which are unforeseeable and limited in time. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 315 #
Proposal for a regulation
Recital 64
Recital 64
Amendment 337 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within the common European data spaces, which are purpose- or sector-specific or cross- sectoral interoperable frameworks of common standards and practices to share or jointly process data for, interalia, development of new products and services, scientific research or civil society initiatives. This Regulation lays down certain essential requirements for interoperability. Operators within the data spaces, which are entities facilitating or engaging in data sharing within the common European data spaces, including data holders, should comply with these requirements. Compliance with these rules can occur by adhering to the requirements laid down, or by adapting to already existing standards via a presumption of conformity. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services. The European Data Innovation Board should build on existing European and global initiatives for cross-sectoral interoperability of data. In particular, the European Data Innovation Board should study the potential of the digital identity of objects framework as established by the Regulation (EU)910/214 and systems for the identification of legal entities such as the GLEIF for that purpose.
Amendment 341 #
Proposal for a regulation
Recital 80
Recital 80
(80) To promote the interoperability of smart contracts in data sharing applications, it is necessary to lay down essential requirements for smart contracts for professionals who create smart contracts for others or integrate such smart contracts in applications that support the implementation of agreements for sharing data. Specific training programmes on smart contracts for businesses, in particular SMEs, In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity for smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council.
Amendment 437 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personalto make available certain data or can enable access to the data and through control of the technical design of the product and related services, the ability, to make available certainr means of access, in the case of non-personal data;.
Amendment 447 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7 a (new)
Article 2 – paragraph 1 – point 7 a (new)
(7 a) ‘readily available data’ means data generated by the use of a product that the data holder obtains or can obtain without disproportionate effort, going beyond a simple operation;
Amendment 453 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negativeto which normal measures for the maintenance of public safety, health and order, are plainly inadequate. such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively and suddenly affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial and immediate degradation of economic assets in the Union or the relevant Member State(s) and which is determined and officially declared according to the respective procedures under Union or national law;
Amendment 574 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user canshall agree measurestechnical or organizational measures, such as strict access protocols, to preserve the confidentiality of the shared data, in particular in relation to third parties including liability over possible damages. Contractual instruments such as confidentiality agreements and licensing schemes could be used for this purpose.
Amendment 588 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product, or any part of it, from which the data originate and shall not use such data to derive insights about the economic situation, assets and production methods that could undermine the security of the product in a manner which is detrimental to the legitimate interests of the data holder.
Amendment 604 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delayhat are readily available to the data holder to a third party, without undue delay, easily, securely in machine- readable format, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. subject to compliance with applicable laws to the outsourcing of data driven services. Data shall be provided in the form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.
Amendment 624 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. The user or third party shall not be required to provide any information beyond what is necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. When giving access to trade secrets, the identity of the data recipient and the scope of data must be disclosed to the data holder for an evaluation of trade secret related risk.
Amendment 641 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party. The data holder shall therefore be entitled to implement technical or organizational measures, such as strict access protocols, to preserve the confidentiality of the shared data. The trade secret holder should have the possibility to refuse this sharing, when these guarantees are not ensured or respected ex-ante.
Amendment 654 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is necessary to provide the service requested by the user or the user agreed to it;
Amendment 669 #
Proposal for a regulation
Article 6 – paragraph 2 – point f a (new)
Article 6 – paragraph 2 – point f a (new)
(f a) use the data it receives to undermine the commercial and industrial position of the data holder on the primary market of the product;
Amendment 670 #
Proposal for a regulation
Article 6 – paragraph 2 – point f b (new)
Article 6 – paragraph 2 – point f b (new)
(f b) use the data it receives in a manner that adversely impacts the security of the product or related service(s)
Amendment 674 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. The third party shall bear the responsibility to ensure the security and protection of the data it receives from the data holder.
Amendment 708 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, and the data holder is not, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 720 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1). The third party shall upon the request of the user or the data holder provide with information on how the data has been used when there is a reasonable doubt for unlawful use or onward sharing of the received data.
Amendment 727 #
Proposal for a regulation
Article 11 – paragraph 2 – introductory part
Article 11 – paragraph 2 – introductory part
2. AWhere a data recipient that has, for the purposes of obtaining data, provided inaccurate, incomplete or false information to the data holder, deployed deceptive or coercive means or abused evident gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation, shall without undue delay, unless the data holder or the user instruct otherwise, including the development of a competing product within the meaning of Article 6(2)(e) or has disclosed those data to another party without the data holder’s authorisation, the data recipient shall be liable for the damages to the party suffering from the misuse or disclosure of such data and shall comply without undue delay with the requests of the data holder to:
Amendment 731 #
Proposal for a regulation
Article 11 – paragraph 2 – point b a (new)
Article 11 – paragraph 2 – point b a (new)
(b a) notify the data holder about the disclosure of such data in order to allow the data holder to take immediate actions aimed at reducing the unauthorised disclosure of those data.
Amendment 733 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
1 a. The obligations set out in this Regulation do not preclude a reciprocity of data sharing between a data recipient, user and data holder agreed in contracts.
Amendment 752 #
Proposal for a regulation
Article 13 – paragraph 8 a (new)
Article 13 – paragraph 8 a (new)
8 a. Given the rapidity in which innovations occur on the markets, the list of unfair contractual terms within article 13 shall be reviewed regularly by the European Commission and be adapted to new business practices if necessary
Amendment 825 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) ensure that making the data available would not put the data holder in a situation to violate a national under Union law or national law. Or, assume liability for violations or damages resulting from the access it has requested while making the data available was prohibited under Union law or national law;
Amendment 832 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(e b) commits that confidentiality of trade secrets disclosure will be ensured.
Amendment 841 #
Proposal for a regulation
Article 17 – paragraph 2 – point c
Article 17 – paragraph 2 – point c
(c) respect the legitimate aims of the data holder, taking into account the protection of trade secrets and the, privacy, commercial sensitive information, intellectual property and the duration, cost and effort required to make the data available;
Amendment 847 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 876 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 15 working days following the receipt of a request for the data necessary to respond to a public emergency and within 145 working days in other cases of exceptional need, on either of the following grounds:
Amendment 878 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
Article 18 – paragraph 2 – point a
(a) the data is unavailable; or the data holder does not have control over the data
Amendment 879 #
Proposal for a regulation
Article 18 – paragraph 2 – point a a (new)
Article 18 – paragraph 2 – point a a (new)
(a a) provided security measures concerning transfer, storing and maintaining data confidentiality are insufficient.
Amendment 894 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) not use the data in a manner incompatible with the purpose for which they were requested, nor use the date to develop products or related services that compete against the data holder;
Amendment 896 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
Amendment 901 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) have in place the appropriate and proportionate technical and organisational measures to manage cyber risk to that data;
Amendment 909 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of data constitutive of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, provided that all specific necessary measures required by the trade secret holder are taken to preserve the confidentiality of trade secrets, in particular with respect to the third parties. The trade secret holder, the data holder and the public sector body, or the Union institution, agency or body shall take appropriatecan contractually agree on measures to preserve the confidentiality of those trade secretse shared data, in particular in relation to third parties. The trade secret holder should have the possibility to refuse this sharing, when these guarantees are not ensured or respected ex-ante.
Amendment 976 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
Article 24 – paragraph 1 – point c
(c) a minimum period for data retrieval of at least 3045 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2. After the expiration of this period, the service provider shall permanently delete all data.
Amendment 1039 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article. To address the fragmentation of the internal market and the data economy in the internal market, as requested by the regulation (EU) 2022/868, the European Data Innovation Board should also assist the Commission enhancing cross-border, cross- sector interoperability of data as well as data sharing services between different sectors and domains.
Amendment 1159 #
Proposal for a regulation
Article 42 – paragraph 2
Article 42 – paragraph 2
It shall apply from [124 months after the date of entry into force of this Regulation].