Activities of Alexandra GEESE related to 2022/0047(COD)
Plenary speeches (1)
Data Act (debate)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)
Amendments (117)
Amendment 95 #
Proposal for a regulation
Recital 5
Recital 5
(5) This Regulation ensures that users of a product or related service in the Union, including consumers can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data for the purposes of their choice, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an time limited and demonstrated exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point recognizes that, based on operational, technical, legal, economic, security or other control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related servicessiderations, users of connected products may agree to grant access and use permissions over data transmitted by connected products or generated during the provision of related services to providers of such services. Users of connected products may agree with the manufacturers or vendors to perform one or more related services, including the storage, management and curation of data transmitted by the connected product.
Amendment 105 #
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation complements and is without prejudice to Union law aiming to promote the interests of consumers and to ensure a high level of consumer protection, to protect their health, safety and economic interests, in particularcluding Directive 2005/29/EC of the European Parliament and of the Council59 , Directive 2011/83/EU of the European Parliament and of the Council60 and Directive 93/13/EEC of the European Parliament and of the Council61 . _________________ 59 Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to- consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22). 60 Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council. 61 Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts. Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules.
Amendment 108 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information, non- communicable data or data derived or inferred from this data, where lawfully generated and held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
Amendment 110 #
Proposal for a regulation
Recital 15
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital mapsontent, or data obtained, generated or collected by the connected product or transmitted to it for the purpose of storage or processing, amongst others for the use by an online service should not be covered by this Regulation.
Amendment 112 #
Proposal for a regulation
Recital 17
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.
Amendment 114 #
Proposal for a regulation
Recital 20
Recital 20
(20) In case several persons or entities own or use a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all persons using the product can have access to data they generate. Users of pProducts that generate data typicusually require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or and the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic and complete execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.
Amendment 118 #
Proposal for a regulation
Recital 21
Recital 21
(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer.
Amendment 119 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.
Amendment 122 #
Proposal for a regulation
Recital 23
Recital 23
(23) Before concluding a contract for the purchase, use, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679.
Amendment 124 #
Proposal for a regulation
Recital 24
Recital 24
(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be fair and transparent to the user, including as regards the specific purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector- specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.
Amendment 127 #
Proposal for a regulation
Recital 25
Recital 25
(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, cContractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase, rent, use or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options (such as “allow once” or “allow while using this app or service”), including the, including prominent options to withdraw permission.
Amendment 130 #
Proposal for a regulation
Recital 26
Recital 26
(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, EU consumer law applies, including Directive 2005/29/EC, which applies against unfair commercial practices, as does Directive 93/13/EEC which applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms.. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises
Amendment 135 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third party to whom data is made available may be an individual, an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, the data holder should not abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. The data holder should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the third party or its assets or production methods or the use in any other way that could undermine the commercial position of the third party on the markets it is active on.
Amendment 138 #
Proposal for a regulation
Recital 31
Recital 31
(31) Data generated by the use of a product or related service should only be made available to a third party at the request of the user. This Regulation accordingly complements the right provided under Article 20 of Regulation (EU) 2016/679. That Article provides for a right of data subjects to receive personal data concerning them in a structured, commonly used and machine-readable format, and to port those data to other controllers, where those data are processed on the basis of Article 6(1), point (a), or Article 9(2), point (a), or of a contract pursuant to Article 6(1), point (b). Data subjects also have the right to have the personal data transmitted directly from one controller to another, but only where technically feasible. Article 20 specifies that it pertains to data provided by the data subject but does not specify whether this necessitates active behaviour on the side of the data subject or whether it also applies to situations where a product or related service by its design observes the behaviour of a data subject or other information in relation to a data subject in a passive manner. The right under this Regulation complements the right to receive and port personal data under Article 20 of Regulation (EU) 2016/679 in several ways. It grants users the right to access and make available to a third party to any data generated by the use of a product or related service, irrespective of its nature as personal data, of the distinction between actively provided or passively observed data, and irrespective of the legal basis of processing. Unlike the technical obligations provided for in Article 20 of Regulation (EU) 2016/679, this Regulation mandates and ensures the technical feasibility of third party access for all types of data coming within its scope, whether personal or non- personal. It also allows the data holder to set reasonable compensation to be met by third parties, but not by the user, for any cost incurred in providing direct access to the data generated by the user’s product. If a data holder and third party are unable to agree terms for such direct access, tThis Regulation also allows direct data sharing from users to third parties. This Regulation precludes the data holder or the third party from directly or indirectly charging consumers or data subjects a fee, compensation or costs for sharing data or for accessing it. This Regulation does not directly or indirectly incentivise the commercialisation or trade of personal data. The data subject should be in no way prevented from exercising the rights contained in Regulation (EU) 2016/679, including the right to data portability, by seeking remedies in accordance with that Regulation. It is to be understood in this context that, in accordance with Regulation (EU) 2016/679, a contractual agreement does not allow for the processing of special categories of personal data by the data holder or the third party.
Amendment 140 #
Proposal for a regulation
Recital 33
Recital 33
(33) In order to prevent the exploitation of users, third parties to whom data has been made available upon explicit request of the user should only process the data for the purposes agreed withspecific purposes explicitly requested by the user and share it with another third party only if this is strictly necessary to provide the service requested by the user.
Amendment 142 #
Proposal for a regulation
Recital 34
Recital 34
(34) In line with the data minimisation principle, the data owner should only grant, and third partyies should only access additional, information that is strictly necessary for the provision of the servicepecific service explicitly requested by the user. Having received access to data, the third party should process it exclusively for the purposes agreed withspecific purposes explicitly requested by the user, without interference from the data holder. It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access. The third party should notdata holder or the third party should make the exercise of the rights or choices of users unduly difficult including by offering choices to users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, byor subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user. in this context,or a part thereof, including its structure, design, function or manner of operation. In this context, data holders or third parties should not rely on so- called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them. These manipulative techniques can be used to persuade users, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and choice. Common and lLegitimate commercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. TData holders and third parties should comply with their obligations under relevant Union law, in particular the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.
Amendment 145 #
Proposal for a regulation
Recital 35
Recital 35
(35) The third party should also refrain from using the data to profile individuals unless these processing activities are strictly necessary to provide the servicepecific service explicitly requested by the user. The requirement to delete data when no longer required for the purpose agreed with the user complements the right to erasure of the data subject pursuant to Article 17 of Regulation 2016/679. Where the third party is a provider of a data intermediation service within the meaning of [Data Governance Act], the safeguards for the data subject provided for by that Regulation apply. The third party may use the data to develop a new and innovative product or related service but not to develop a competing product.
Amendment 147 #
Proposal for a regulation
Recital 36
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. TAs a result, the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thuserefore be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation. An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, this does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation does not prevent these companies from obtaining data through other lawful means.
Amendment 156 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonablestrictly cost-based compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium- sized enterprises, for the costs incurred and investment required for making the data available.
Amendment 163 #
Proposal for a regulation
Recital 51
Recital 51
(51) Where one party is in a stronger bargaining position, there is a risk that that party could leverage such position to the detriment of the other contracting party when negotiating access to data and make access to data commercially less viable and sometimes economically prohibitive. Such contractual imbalances particularly harm users and micro, small and medium-sized enterprises without a meaningful ability to negotiate the conditions for access to data, who may have no other choice than to accept ‘take- it-or-leave-it’ contractual terms. Therefore, unfair contract terms regulating the access to and use of data or the liability and remedies for the breach or the termination of data related obligations should not be binding on consumers or micro, small or medium-sized enterprises when they have been unilaterally imposed on them.
Amendment 166 #
Proposal for a regulation
Recital 52
Recital 52
(52) Rules on contractual terms between enterprises should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed on micro, small and medium-sized enterprises. This concerns ‘take-it-or- leave-it’ situations where one party supplies a certain contractual term and the micro, small or medium-sized enterprise cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party and accepted by the micro, small or medium-sized enterprise or a term that is negotiated and subsequently agreed in an amended way between contracting parties should not be considered as unilaterally imposed.
Amendment 167 #
Proposal for a regulation
Recital 53
Recital 53
(53) Furthermore, the rules on unfair contractual terms between enterprises should only apply to those elements of a contract that are related to making data available, that is contractual terms concerning the access to and use of data as well as liability or remedies for breach and termination of data related obligations. Other parts of the same contract, unrelated to making data available, should not be subject to the unfairness test laid down in this Regulation.
Amendment 168 #
Proposal for a regulation
Recital 54
Recital 54
(54) Criteria to identify unfair contractual terms between enterprises should be applied only to excessive contractual terms, where a stronger bargaining position is abused. The vast majority of contractual terms that are commercially more favourable to one party than to the other, including those that are normal in business-to-business contracts, are a normal expression of the principle of contractual freedom and shall continue to apply.
Amendment 169 #
Proposal for a regulation
Recital 55
Recital 55
(55) If a contractual term is not included in the list of terms that are always considered unfair or that are presumed to be unfair between enterprises, the general unfairness provision applies. In this regard, the terms listed as unfair terms should serve as a yardstick to interpret the general unfairness provision. Finally, model contractual terms for business-to-business data sharing contracts to be developed and recommended by the Commission may also be helpful to commercial parties when negotiating contracts.
Amendment 171 #
Proposal for a regulation
Recital 62
Recital 62
(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested, as long as all bodies respect the same rules and restrictions as the original requester of the data. Businesses, and affected third parties, shall have the right to raise objections to planned data access on the grounds of data protection, protected applicable Union legislation, security or trade secrets protected under Directive 2016/943. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
Amendment 175 #
Proposal for a regulation
Recital 69
Recital 69
(69) The ability for customers of data processing services, including cloud and edge services, to switch from one data processing service to another without cost or disruption, while maintaining a minimum functionality of service, is a key condition for a more competitive market with lower entry barriers for new service providers.
Amendment 179 #
Proposal for a regulation
Recital 70
Recital 70
(70) Regulation (EU) 2018/1807 of the European Parliament and of the Council encourages service providers to effectively develop and implement self-regulatory codes of conduct covering best practices for, inter alia, facilitating the switching of data processing service providers and the porting of data. Given the limited efficacycomplete failure of the self-regulatory frameworks developed in response, and the general unavailability of open standards and interfaces, it is necessary to adopt a set of minimum regulatory obligations on providers of data processing services to eliminate all contractual, economic and technical barriers to effective switching between data processing services.
Amendment 187 #
Proposal for a regulation
Recital 72
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) functionally the same service type. Meta-data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching.
Amendment 189 #
Proposal for a regulation
Recital 72 a (new)
Recital 72 a (new)
(72a) An ambitious and innovation- inspiring regulatory approach to interoperability is needed, in order to overcome vendor lock-in, which undermines competition and the development of new services.
Amendment 191 #
Proposal for a regulation
Recital 74
Recital 74
(74) DBoth the source and destination data processing service providers should be required to offer all assistance and support that is required to make the switching process successful and effective without requiring those data processing service providers to develop new categories of services within or on the basis of the IT- infrastructure of different data processing service providers to guarantee functional equivalence in an environment other than their own systems. Nevertheless, service providers are required to offer all assistance and support that is required to make the switching process effective. Existing rights relating to the termination of contracts, including those introduced by Regulation (EU) 2016/679 and Directive (EU) 2019/770 of the European Parliament and of the Council67 should not be affected. _________________ 67 Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (OJ L 136, 22.5.2019, p. 1).
Amendment 193 #
Proposal for a regulation
Recital 75 a (new)
Recital 75 a (new)
(75a) Without prejudice to their right to take action before a court, customers should have access to certified dispute settlement bodies to settle disputes related to switching of data processing services.
Amendment 197 #
Proposal for a regulation
Recital 76
Recital 76
(76) Open interoperability specifications and standards developed in accordance with paragraph 3 and 4 of Annex II of Regulation (EU) 1025/2021 in the field of interoperability and portability enable a seamless multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy. As market-driven processes have not demonstrated the capacity to establish technical specifications or standards that facilitate effective cloud interoperability at the PaaS (platform-as-a-service) and SaaS (software-as-a-service) levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards where possible, particularly for service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications. The Commission, by way of delegated acts, can mandate the use of European standards for interoperability or open interoperability specifications for specific service typeswhere possible through a reference in a central Union standards repository for the interoperability of data processing services. European standards and open interoperability specifications will only be referenced if in compliance with the criteria specified in this Regulation, which have the same meaning as the requirements in paragraphs 3 and 4 of Annex II of Regulation (EU) No 1025/2021 and the interoperability facets defined under the ISO/IEC 19941:2017.
Amendment 199 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should, as soon as possible, adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services.
Amendment 200 #
Proposal for a regulation
Recital 81
Recital 81
(81) In order to ensure the efficient implementation of this Regulation, Member States should designate one or morea competent authoritiy with sufficient resources. If a Member State designates more than one competent authority, it should also designate a coordinating competent authority. Competent authorities should cooperate with each other effectively and in a timely manner, in line with the principles of good administration and mutual assistance to ensure the effective implementation and enforcement of this Regulation. The authorities responsible for the supervision of compliance with data protection and competent authorities designated under sectoral legislation should have the responsibility for application of this Regulation in their areas of competence. Competent authorities shall cooperate upon request of the authorities within the European Data Protection Board and the European Data Innovation Board.
Amendment 202 #
Proposal for a regulation
Recital 82
Recital 82
(82) In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for the infringements of their rights under this Regulation by lodging complaints with competent authorities and before the courts. Those authorities should be obliged to cooperate to ensure the complaint is appropriately handled and resolved quickly and efficiently.. In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to the Regulation (EU) 2017/2394 of the European Parliament and of the Council68 and Directive (EU) 2020/1828 of the European Parliament and of the Council69 . Authorities competent to enforce this Regulation shall cooperate with the Consumer Protection Cooperation network in relation to consumer protection matters, but not on data processing matters. Any referral to the Consumer Protection Cooperation network should not result in a lack of efficient or swift enforcement of the Data Act. _________________ 68 Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1). 69 Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
Amendment 209 #
Proposal for a regulation
Article 1 – paragraph 3 a (new)
Article 1 – paragraph 3 a (new)
3 a. This Regulation complements and does not affect the applicability of Union law aiming to promote the interests of consumers and to ensure a high level of consumer protection, to protect their health, safety and economic interests, including Directive 2005/29/EC of the European Parliament and of the Council, Directive 2011/83/EU of the European Parliament and of the Council and Directive 93/13/EEC of the European Parliament and of the Council. No provision in this Regulation should be applied or interpreted in such a way as to diminish or limit a high level of consumer protection.
Amendment 238 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5 a (new)
Article 2 – paragraph 1 – point 5 a (new)
(5a) ‘consumer’ means any natural person who is acting for purposes which are outside their trade, business, craft or profession;
Amendment 242 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person that is not the user, who has access to data communicated to it, or accessed by it, including derived or inferred data during the provision of a related service, and who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, the ability,the contractually agreed right to process and to make available certain data;
Amendment 247 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘data recipient’ means a legal or natural person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation implementing Union law and including a third party to whom the data is directly made available by the user or the data subject;
Amendment 250 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation which is determined and officially declared according to the respective procedures under Union or national law, such as public health emergencies, emergencies resulting from natural disasters, or human-induced major disasters, such as major cybersecurity incidents negatively affecting the population of the Union, a Member State or part of it, with a demonstrated risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s);
Amendment 256 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data processing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resourstorage and computing resources and related services of a centralised, distributed or highly distributed nature;
Amendment 258 #
Proposal for a regulation
Article 2 – paragraph 1 – point 13
Article 2 – paragraph 1 – point 13
(13) ‘service type’ means a set of data processing services that share the same primary objectives and basic data processing service model;
Amendment 267 #
Proposal for a regulation
Article 2 – paragraph 1 – point 14
Article 2 – paragraph 1 – point 14
(14) ‘functional equivalence’ means the maintenance of a at least minimum level of functionality in the environment of a new data processing service after the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the destination service will deliver the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contract;
Amendment 284 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. Consumers shall have the right to obtain a copy of the data generated by their use of the product and related services, from the data holder without hindrance, in a structured, commonly used and machine-readable format, free of charge.
Amendment 289 #
Proposal for a regulation
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1b. Where consumers can reasonably expect it due to the nature of the product, products shall be designed and manufactured, and related services shall be provided, in such a manner that a basic set of functionalities is maintained when the product or related service is used offline.
Amendment 311 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2a. The data holder shall not make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, or subvert or impair the autonomy, decision-making or free choices of the user, including by means of a digital interface or a part thereof, including its structure, design, function or manner of operation.
Amendment 319 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where datait cannot be directly accessed by the user from the product, the data holder shall make available to the user theany data generated by its use of atransmitted to them by the connected product, or generated during the provision of related services without undue delay, free of charge and, where applicable, continuously and in real-time, in a comprehensive, structured, commonly used and machine-readable format and including the relevant metadata. This shall be done on the basis of a simple request through electronic means where technically feasible.
Amendment 325 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holders shall make available the data generatransmitted byto the use of a product orm from the connected product or generated during the provision of a related service to a third partydata recipient, without undue delay, free of charge to the user, in an interoperable, structured, commonly used and machine-readable format and of the same quality as is available to the data holder and, where applicable, continuously and in real-time, including any technically essential metadata.
Amendment 329 #
Proposal for a regulation
Article 5 – paragraph 2 – point a
Article 5 – paragraph 2 – point a
(a) solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation whatsoever, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1);
Amendment 330 #
Proposal for a regulation
Article 5 – paragraph 2 – point a a (new)
Article 5 – paragraph 2 – point a a (new)
(aa) solicit a data holder to make available data, that they have the rights to use and make available to under Article 4(6);
Amendment 331 #
Proposal for a regulation
Article 5 – paragraph 3 a (new)
Article 5 – paragraph 3 a (new)
3a. Data recipients shall not make the commercial terms, including pricing, of any products or services offered to the user conditional or otherwise commercially dependent upon whether, or to which degree, the user agrees to make available data, transmitted from the connected object or generated during the provision of related services, to the data recipient or a related entity.
Amendment 334 #
Proposal for a regulation
Article 5 – paragraph 6 a (new)
Article 5 – paragraph 6 a (new)
Amendment 342 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a non- neutral manner, or coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the useror a part thereof, including its structure, design, function or manner of operation;
Amendment 349 #
Proposal for a regulation
Article 6 – paragraph 2 – point f a (new)
Article 6 – paragraph 2 – point f a (new)
(fa) make the usability of the product or related service dependent on the user allowing it to process data not required for the purposes or services explicitly requested by the user.
Amendment 354 #
Proposal for a regulation
Article 7 – title
Article 7 – title
Scope of business to consumer and business to business data sharing obligations
Amendment 357 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The obligations of this Chapter related to business to business data- sharing shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.
Amendment 361 #
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. A data holder shall agree with a data recipient the terms for making the data available. Any contractual term concerning the access to and use of the data or the liability and remedies for the breach or the termination of data related obligations shall not be binding if it fulfils the conditions of Article 13 or if it excludes the application of, derogates from or varies the effect of the user of the connected product’s rights under Chapter II.
Amendment 368 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonableshall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 370 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
Amendment 377 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can verify that the requirements of paragraph 1 and, where applicable, paragraph 2 are met.
Amendment 382 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. The user shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes with data holders or data recipients or any third party in relation to breach of user's rights under this Regulation. The user shall have the right to allow a third party to pursue its legal claims on its behalf. This is without prejudice to the right of individuals to initiate, at any stage, proceedings before a court in accordance with the applicable law.
Amendment 399 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Upon a specific request, a data holder shall make datanon-personal data, which it is currently collecting or has previously obtained, collected or otherwise generated and which it retains at the time of the request, available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.
Amendment 403 #
Proposal for a regulation
Article 14 – paragraph 2
Article 14 – paragraph 2
2. This Chapter shall not apply to small and micro enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC.e basis for the need to request data referred to in paragraph 1 shall be laid down by: (a) Union law; or (b) Member State law
Amendment 409 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use non-personal data within the meaning of this Chapter shall be deemed to exist in any of the following circumstances:
Amendment 412 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
Article 15 – paragraph 1 – point a
(a) where the data requested is limited in time and scope and necessary to respond to a public emergency; or
Amendment 414 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from aspond to an imminent public emergency;
Amendment 416 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
Article 15 – paragraph 1 – point c – introductory part
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and is acting on the basis of EU or national law and has identified specific data, which is unavailable to it and which is demonstrably necessary to fulfil a specific task in the public interest that has been explicitly provided by law, and where, in the absence of EU, national or subnational obligations to make data available without compensation, the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates
Amendment 420 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
Article 15 – paragraph 1 – point c – point 1
Amendment 423 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
Amendment 431 #
Proposal for a regulation
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) demonstrate the specific exceptional need for which the data are requested;
Amendment 435 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(ea) specify when the data is expected to be deleted by the public sector body, Union institution, agency or body.
Amendment 437 #
Proposal for a regulation
Article 17 – paragraph 2 – point a a (new)
Article 17 – paragraph 2 – point a a (new)
(aa) be specific with regards to the type of data and correspond to data which the data holder is currently collecting or has previously collected, obtained or otherwise generated and which it retains at the time of the request,
Amendment 439 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 440 #
Proposal for a regulation
Article 17 – paragraph 2 – point f
Article 17 – paragraph 2 – point f
(f) be made publicly available online without undue delay and, in any event, within 10 working days.
Amendment 441 #
Proposal for a regulation
Article 17 – paragraph 3
Article 17 – paragraph 3
3. A public sector body or a Union institution, agency or body shall not make data obtained pursuant to this Chapter available for reuse within the meaning of Directive (EU) 2019/1024. Directive (EU) 2019/1024 shall not apply to the data held by public sector bodies obtained pursuant to this Chapter and Regulation (EU) 2022/868.
Amendment 442 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to agree to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in viewfor the purpose of completing the tasks in Article 15 or to make the data available to a third party, strictly for those purposes in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. Where relevant, it shall bind the third party contractually not to use the data for any other purposes and not to share it with other third parties. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply, including, where relevant, to those third parties.
Amendment 445 #
Proposal for a regulation
Article 17 – paragraph 4 a (new)
Article 17 – paragraph 4 a (new)
4a. A public sector body, Union institution, agency, body or undertaking, or a third party receiving data under this Chapter shall not: (a) use the data to develop a product or a service that competes with the product or service from which the accessed data originates, (b) use it to enhance an existing product or service which is competing with the product or service from which the accessed data originates, (c) derive insights about the economic situation, assets and production or operation methods of the data holder, or share the data with another third party for that purpose.
Amendment 448 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 510 working days following the receipt of a request for the data necessary to respond to a public emergency and within 1520 working days in other cases of exceptional need, defined under point (b) of Article 15, on either of the following grounds:
Amendment 450 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
Article 18 – paragraph 2 – point a
(a) the data is unavailableholder is not currently collecting or has not previously collected, obtained or otherwise generated the requested data and does not retain it at the time of the request;
Amendment 457 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. DUnless specified otherwise in EU, national or subnational legislation, data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge.
Amendment 459 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 461 #
Proposal for a regulation
Article 21
Article 21
Amendment 478 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service;
Amendment 484 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
Article 23 – paragraph 1 – point c
(c) porting its data, metadata, applications and other digital assets to another provider of data processing services or to an on-premise system;
Amendment 487 #
Proposal for a regulation
Article 23 – paragraph 1 – point d
Article 23 – paragraph 1 – point d
(d) maintaining functional equivalence of the service in the IT-environment of the different provider or providers of data processing services covering the same service type, in accordance with Article 26.
Amendment 497 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services or to an on-premise system shall be clearly set outreflected in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall include at least the following:
Amendment 505 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
Amendment 538 #
Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)
Article 24 – paragraph 1 – point c a (new)
(c a) a clause guaranteeing full deletion of all customer data directly after the expiration of the period set out in paragraph 1(c) of this Article or after the expiration of an alternative agreed period later than the expiration of the period set out in paragraph 1(c);
Amendment 541 #
Proposal for a regulation
Article 24 – paragraph 1 – point c b (new)
Article 24 – paragraph 1 – point c b (new)
(c b) details of all the standards and open standards, data structures and data formats in which the exportable data described according to paragraph (1) b) will be available.
Amendment 554 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3yr18 months] onwards, providers of data processing services shall not impose any charges on the customer for the switching process.
Amendment 560 #
Proposal for a regulation
Article 25 – paragraph 2
Article 25 – paragraph 2
2. From [date X, the date of entry into force of the Data Act] until [date X+3yr18 months], providers of data processing services may impose reduced charges on the customer for the switching process as long as these do not exceed the cuostomer fors incurred by the provider of data processing services directly linked to the switching process. .
Amendment 566 #
Proposal for a regulation
Article 25 – paragraph 2 a (new)
Article 25 – paragraph 2 a (new)
2 a. The providers of data processing services shall provide the customer with information setting out the basis for the calculation of the compensation in sufficient detail so that the customer can verify that the requirements of paragraph 2 are met.
Amendment 567 #
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
Amendment 580 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services shall, for services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, as well as cloud-based operating systems, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall and operating systems ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service.
Amendment 586 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation.
Amendment 592 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format.
Amendment 602 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. PData holders and providers of data processing services shall take all reasonablappropriate technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
Amendment 604 #
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. Any decision or judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a data holder or provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.
Amendment 605 #
Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part
Article 27 – paragraph 3 – subparagraph 1 – introductory part
In the absence of such an international agreement, where a data holder or provider of data processing services is the addressee of a decision of a court or a tribunal or a decision of an administrative authority of a third country to transfer from or give access to non-personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only following review by the relevant competent bodies or authorities, pursuant to this Regulation to assess if, in addition to the provisions of any relevant national or Union law, the following conditions have been met:
Amendment 609 #
Proposal for a regulation
Article 27 – paragraph 5
Article 27 – paragraph 5
5. The provider of data processing services shall inform the data holder about the existence of a request of an administrative authority in a third-country to access its data before complying with its request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activunless advised not to do so by a relevant competent body or authority.
Amendment 611 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Amendment 615 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a
Article 28 – paragraph 1 – subparagraph 1 – point a
(a) the dataset content, commercial terms. use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described to allow the reparticipieants to find, access and use the data;
Amendment 616 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b
Article 28 – paragraph 1 – subparagraph 1 – point b
(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists shall be described in a publicly available and consistent manner;
Amendment 619 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format and, where relevant, the means and terms for compensation for such access;
Amendment 621 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d
Article 28 – paragraph 1 – subparagraph 1 – point d
(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.
Amendment 622 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 2
Article 28 – paragraph 1 – subparagraph 2
Amendment 623 #
Proposal for a regulation
Article 28 – paragraph 2
Article 28 – paragraph 2
2. The Commission is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by further specifying the essential requirements for harmonised standards referred to in paragraph 1 taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA].
Amendment 624 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
Amendment 627 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. The Commission shallmay, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary, with respect to any or all of the requirements laid down in paragraph 1 of this Article. Prior to adopting such implementing acts, the Commission shall seek advice from and take into account relevant positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA]. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 628 #
Proposal for a regulation
Article 28 – paragraph 6
Article 28 – paragraph 6
Amendment 631 #
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
Article 29 – paragraph 1 – introductory part
1. Open interoperability specifications and European standards for the interoperability of data processing services shall:
Amendment 638 #
Proposal for a regulation
Article 29 – paragraph 1 – point c
Article 29 – paragraph 1 – point c
(c) guarantee, where technically feasible, functional equivalence between different data processing services that cover the same service type.
Amendment 639 #
Proposal for a regulation
Article 29 – paragraph 1 – point c a (new)
Article 29 – paragraph 1 – point c a (new)
(c a) be developed on the basis of open decision-making accessible to all interested parties in the market or markets affected by those technical specifications;
Amendment 641 #
Proposal for a regulation
Article 29 – paragraph 1 – point c b (new)
Article 29 – paragraph 1 – point c b (new)
(c b) ensure that specifications do not distort the market or limit the possibilities for implementers to develop competition and innovation based upon them;
Amendment 642 #
Proposal for a regulation
Article 29 – paragraph 1 – point c c (new)
Article 29 – paragraph 1 – point c c (new)
(c c) ensure that standardised interfaces are not hidden or controlled by anyone other than the organisations that adopted the technical specifications.
Amendment 644 #
Proposal for a regulation
Article 29 – paragraph 2 – introductory part
Article 29 – paragraph 2 – introductory part
2. Open interoperability specifications and European standards for the interoperability of data processing services shall address:
Amendment 645 #
Proposal for a regulation
Article 29 – paragraph 3
Article 29 – paragraph 3
3. Open interoperability specificationstandards shall comply with paragraph 3 and 4 of Annex II of Regulation (EU) No 1025/2012.