77 Amendments of Arba KOKALARI related to 2022/0047(COD)
Amendment 117 #
Proposal for a regulation
Recital 21
Recital 21
(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. Data processors as defined in Regulation (EU) 2016/679 are by default not considered to act as data holders, unless specifically tasked by the data. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer.
Amendment 133 #
Proposal for a regulation
Recital 27 a (new)
Recital 27 a (new)
(27a) In view of a better protection of trade secrets, this regulation should not be interpreted as giving a right to providers of related services or providers of cloud services to share data generated by the use of products and that are considered trade secrets, to data recipients without informing the manufacturer of such products. Such data holders should agree with the manufacturers the terms for making available that type of data.
Amendment 136 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third party to whom data is made available may be an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, the data holderno part should not abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. The data holderConcerned parties should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the thirdanother party or its assets or production methods or the use in any other way that could undermine the commercial position of the thirdanother party on the markets it is active on.
Amendment 146 #
Proposal for a regulation
Recital 36
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation. An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, this does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation does not prevent these companies from obtaining data through other lawful meansmeans that they cannot receive data from the users and from third parties, but it should not prevent these companies from obtaining data through other lawful means, notably, through contractual agreements with manufacturers allowing that data from products they manufacture can be used by a gatekeeper company service , including when desired by a user of such products. The limitation on granting access to gatekeepers would not exclude them from the market and prevent them from offering its services, as voluntary agreements between them and the data holders remain unaffected.
Amendment 150 #
(37) GThis Regulation shall not prevent micro, small and medium enterprises to participate in the data practices, but given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, wWhere a micro or small enterprise is sub-contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase and encourage micro, small and medium enterprises in the data economy Member states shall provide guidance to such enterprises.
Amendment 151 #
Proposal for a regulation
Recital 37
Recital 37
(37) GThis Regulation does not prevent micro and small enterprises to participate in the data sharing practices, however given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, wWhere a micro or small enterprise is sub-contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub- contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy Member States should provide guidance to such enterprises.
Amendment 154 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises and of research organisations using the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law, for the costs incurred and investment required for making the data available.
Amendment 159 #
Proposal for a regulation
Recital 44
Recital 44
(44) To protect micro, small or medium- sized enterprises from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the compensation for making data available to be paid by them should not exceed the direct cost of making the data available and be non-discriminatory. The same regime should apply to those research organisations that use the data on a not-for-profit basis or in the context of a public-interest mission recognised in the Union or national law.
Amendment 173 #
Proposal for a regulation
Recital 69
Recital 69
(69) The ability for customers of data processing services, including cloud and edge services, to switch from one data processing service to another, while maintaining a minimum functionality of service, or to use the services of several providers simultaneously without undue data transfer costs, is a key condition for a more competitive market with lower entry barriers for new service providers, and for ensuring further resilience for the users of these services. Guarantees for effective switching should be especially reinforced for customers benefiting from large-scale free-tier offerings, so that does not result in a lock-in situation for customers.
Amendment 176 #
Proposal for a regulation
Recital 69 a (new)
Recital 69 a (new)
(69a) Switching charges are charges imposed by data processing providers to their customers for the switching process. Typically, those charges are intended to pass on costs, which the originating provider may incur because of the switching process, to the customer that wishes to switch. Examples of common switching charges are costs related to the transit of data from one provider to the other or to an on-premise system (‘data egress costs’) or the costs incurred for specific support actions during the switching process, for example in terms of additional human resources provided by the originating data processing service provider. Unnecessarily high “data egress fees” restrict free flow of data, restrict competition and can be an obstacle to compliance with existing EU regulations such as GDPR and ECJ’s rulings. Egress fees are charged to the clients by the cloud service providers of origin when they are willing to take their data out from a cloud provider’s network to an external location, especially when switching from one provider to one or several providers of destination, to relocate their data from one location to another while using the same cloud service provider, or when using the services of several providers simultaneously. Therefore, the gradual withdrawal of the charges associated with switching data processing services shall specifically include withdrawing “egress fees” charged by the data processing service to a customer.
Amendment 182 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The deployment models of cloud computing should include private, community, public and hybrid cloud. The aforementioned service and deployment models shall be the same as the defined in international standards. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processing service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset.
Amendment 183 #
Proposal for a regulation
Recital 71 a (new)
Recital 71 a (new)
(71a) Data processing services fall into one or more of the following three data processing service delivery models: IaaS (infrastructure-as-a-service), PaaS (platform-as-a-service) and SaaS (software-as-a-service). These service delivery models indicate the level and type of computing resources (hardware and/or software) offered by the provider of a given service, relative to the computing resources that remain in control of the user of that service. In a much more detailed categorisation, data processing services can be categorised in a non- exhaustive multiplicity of different ‘service types’, meaning sets of data processing services that share the same primary objective and main functionalities.
Amendment 185 #
Proposal for a regulation
Recital 72
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence, in a way that does not compromise innovation and competitiveness of European organizations in the global economy. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service typeSwitching is an operation consisting of four main successive steps: i) termination of contract; ii) data extraction, i.e downloading data from a originating provider’s ecosystem; iii) transformation, when the data is structured in a way that matches the schema of the target location; iv) load of the data in a new destination location. Obstacles of different natures may occur during the different steps of the switching process. Cloud service providers and clients have different levels of responsibilities, depending on the steps of the process referred to. Obstacles to switching are of different nature, depending on the step of the switching process it is referred to. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type. Services can only be expected to facilitate functional equivalence for the functionalities that both the originating and destination services offer. This Regulation does not instate an obligation of facilitating functional equivalence for data processing services of the PaaS and/or SaaS service delivery model. Meta-data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching.
Amendment 206 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest:, on facilitating switching between data processing services, on introducing safeguards against unlawful third party access to non-personal data, and on providing for the development of interoperability standards for data to be transferred and used.
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1 a. This Regulation covers personal and non-personal data, including the following types of data or in the following contexts: (a) Chapter II applies to data concerning the performance, use and environment of products and related services; (b) Chapter III applies to any private sector data subject to statutory data sharing obligations; (c) Chapter IV applies to any private sector data accessed and used on the basis of contractual agreements between businesses; (d) Chapter V applies to any private sector data with a focus on non-personal data; (e) Chapter VI applies to any data processed between data processing services; (f) Chapter VII applies to any non- personal data held in the Union by providers of data processing services.
Amendment 216 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation, including in the form of sound, visual or audio-visual recording of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording the form and format in which they are generated;
Amendment 236 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person, including a data subject, that owns, rents or leases a product or receives arelated services;
Amendment 243 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, at the time the data is generated by the usage, the ability, to make available certain data;
Amendment 244 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services at the time the data generated by the usage, the ability, to make available certain data;
Amendment 252 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s), and which is determined according to the respective procedures under Union law;
Amendment 257 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12 a (new)
Article 2 – paragraph 1 – point 12 a (new)
(12a) ‘on-premise’ means a digital data processing infrastructure operated by the customer itself to serve its own needs;
Amendment 268 #
Proposal for a regulation
Article 2 – paragraph 1 – point 14
Article 2 – paragraph 1 – point 14
(14) ‘functional equivalence’ means the maintenance of a minimum level of functionality in the environment of a new data processing service aftercontractually pre-defined functionality during the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the destination service will deliver the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contract;
Amendment 271 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20a) ‘Switching’ shall be understood as the process enabling, for any client of a cloud service provider, to terminate contractual obligations and to extract, transform and load their data to another provider(s), including configurations where data transfers occur when clients of cloud service providers are using several providers simultaneously;
Amendment 275 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 b (new)
Article 2 – paragraph 1 – point 20 b (new)
(20b) ‘egress fees’ refers to data transfer fees being charged to the clients of cloud service providers when they are willing to extract their data from a cloud provider’s network to an external location;
Amendment 277 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 c (new)
Article 2 – paragraph 1 – point 20 c (new)
Amendment 295 #
(a) the nature and volume of the data likely to be generated by the use of the product or related service;
Amendment 303 #
Proposal for a regulation
Article 3 – paragraph 2 – point d a (new)
Article 3 – paragraph 2 – point d a (new)
(da) where the data holder is a provider of related services or a of cloud services, which terms it has agreed with the manufacturer for making available the data, which are considered trade secrets, to the user;
Amendment 332 #
Proposal for a regulation
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The third party shall not deploy coercive means or abuse evident gaps in the technical infrastructure of the data holder designed to protect the data in order to obtain access to data.
Amendment 363 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. A data holder shall not discriminate between comparable categories of data recipients, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient considershas a resonable doubt that the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder and the data recipient to demonstrate that there has been no significant discrimination.
Amendment 365 #
Proposal for a regulation
Article 8 – paragraph 5 a (new)
Article 8 – paragraph 5 a (new)
5a. When a data holder is the provider of related services, it shall inform, without undue delay, the manufacturer of the product before making data, which are considered trade secrets, available to data recipients. The terms for making those data available shall be agreed with the manufacturer.
Amendment 369 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Any compensation agreed between a data holder and a data recipient for making data available shall be reasonoth be resonable and must cover the cost of making data available.
Amendment 371 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, or is a research organisation, and the data holder is not an SME, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 375 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
Amendment 378 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can verify thatassess if the requirements of paragraph 1 and, where applicable, paragraph 2 are met.
Amendment 383 #
Proposal for a regulation
Article 10 – paragraph 8 a (new)
Article 10 – paragraph 8 a (new)
8a. During a dispute between data holder and data recipient, there are no obligations to make data available between disputing parties, unless otherwise agreed.
Amendment 387 #
Proposal for a regulation
Article 11 – paragraph 2 – introductory part
Article 11 – paragraph 2 – introductory part
2. A data recipient that has, for the purposes of obtaining data, provided inaccurate or false information to the data holder, deployed deceptive or coercive means or abused evident gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation, shall be liable for the damages to the party suffering from the misuse or disclosure of such data and may, without undue delay, unless the data holder or the user instruct otherwise:
Amendment 390 #
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Any contractual term in a data sharing agreement which, to the detriment of one party, or, where applicable, to the detriment of the user, excludes the application of this Chapter, derogates from it, or varies its effect, shall not be binding on that party. These obligations do not prevent the parties from entering into a mutual contract about data sharing.
Amendment 415 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from a public emergency; or
Amendment 419 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
Article 15 – paragraph 1 – point c – point 1
Amendment 424 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
Article 15 – paragraph 1 – point c – point 2
Amendment 432 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
Article 17 – paragraph 1 – point c
(c) explain the purpose of the request, the intended use of the data requested, and the duration of that use and whether there are other areas use, and the duration of that use, and if applicable also the identity of the third party defined in Article 21 of this regulation ;
Amendment 434 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(ea) report to the data holder, within a reasonable time from the reception of the data and that shall not exceed six months, on how the data has been processed.
Amendment 436 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(eb) where applicable, specify the identity of the third party referred to in paragraph 4, and Article 21 of this Regulation
Amendment 443 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply also to that third party.
Amendment 444 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2 a (new)
Article 17 – paragraph 4 – subparagraph 2 a (new)
Any third party is forbidden to use the data it receives from a public sector body or a Union institution, agency or body, to develop a product or a service that competes with the product or service from which the accessed data originate or share the data with another third party for that purpose.
Amendment 449 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 15 working days following the receipt of a request for the data necessary to respond to a public emergency and within 1540 working days in other cases of exceptional need, on either of the following grounds:
Amendment 454 #
Proposal for a regulation
Article 19 – paragraph 1 a (new)
Article 19 – paragraph 1 a (new)
Amendment 468 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider or use multiple providers at the same . In particular, providers of data processing service shall remove pre-commercial, commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 476 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days or any other agreed timeframe, the contractual agreement of the service;
Amendment 489 #
2. Paragraph 1 shall only apply to obstaclesThe obligations in this Chapter shall only apply to the original provider to the extent they are within its sphere of control, in particular only to the extent that the obstacles referred to in paragraph 1 that are related to the services, contractual agreements pre-commercial or commercial practices provided by the original provider.
Amendment 493 #
Proposal for a regulation
Article 23 – paragraph 2 a (new)
Article 23 – paragraph 2 a (new)
2 a. The measures related to the contractual relationship between providers of a data processing service and customers pursuant to Article 23 paragraph 1 and 2 shall be equally ensured in the contractual relationship between providers of a data processing service and resellers of such a service and between resellers and their customers;
Amendment 494 #
Proposal for a regulation
Article 23 – paragraph 2 b (new)
Article 23 – paragraph 2 b (new)
2 b. Where applicable, and without prejudice to the obligations of the existing providers, all parties involved, including destination service providers, shall collaborate in good faith to make the switching process effective.
Amendment 498 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services or to an on-premise system shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall include at least the following:
Amendment 499 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, with the exception of data used by the provider to operate, maintain and improve the service or data and digital assets that would conflict with the cloud provider's or other customer's intellectual property rights in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
Amendment 503 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar days or other contractually agreed time for transition, during which the data processing service provider shall:
Amendment 509 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) reasonably assist and, where technically feasible, complete the switching processsupport the switching process, including assisting a third-party entity managing the switching process on behalf of the customer;
Amendment 513 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1 a (new)
Article 24 – paragraph 1 – point a – point 1 a (new)
(1 a) provide the customer and third parties authorized by the customer, at their request and free of charge, access to the resources necessary to support the switching process;
Amendment 517 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) ensure fullwhich is consistent with contractual agreements related to continuity in the provision of the respective functions or services.
Amendment 521 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) ensure that a high level of security is maintained throughout the porting process, notably the security of the data during their transfer.
Amendment 525 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service, with the exception of data used by the provider to operate, maintain, or improve the service. Providers shall not be required to disclose their own or third parties’ intellectual property, trade secrets or commercially sensitive information;
Amendment 540 #
Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)
Article 24 – paragraph 1 – point c a (new)
(c a) a clause guaranteeing full deletion of all customer data immediately after the expiration of the retrieval period set out in paragraph 1(c);
Amendment 543 #
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. Where the mandatory transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible, due to limitations solely under the control of the provider, the provider of data processing services shall notify the customer within 7 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report and indicating an alternative transition period, which may not exceed 612 months taking into account the technical complexity to migrate. In accordance with paragraph 1 of this Article, full service continuity shall be ensured throughout the alternative transition period against reduced charges, referred to in Article 25(2).
Amendment 550 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. From [date X+3 2yrs] onwards, providers of data processing services shall not impose any charges on the customer for the switching process, with particular reference to egress fees.
Amendment 557 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. Standard subscription or service fees and charges for professional transition services work undertaken by the data processing service at the request of the customer to support the switching process, shall not be considered switching charges for the purposes of this Article.
Amendment 561 #
Proposal for a regulation
Article 25 – paragraph 2
Article 25 – paragraph 2
2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer for the switching process and shall remove any other technical, contractual and organizational obstacle inhibiting the switching process.
Amendment 576 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure thanot implement technical restrictions that prevent the customer, after switching to a service covering the same service type offered by a different provider of data processing services, from enjoysing functional equivalence in the use of the new service. Functional equivalence should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type.
Amendment 581 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processing services shall make open interfaces publicly available and free of charge.can be required by the customer to make open interfaces designed to facilitate switching between services of the same service type available and free of charge for the customer and its destination provider;
Amendment 584 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards, identified in the central Union data processing service standards repository, for interoperability that are identified in accordance with Article 29(5) of this Regulation.
Amendment 591 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, with the exception of data used by the provider to operate, maintain, or improve the service,including the relevant data formats and data structures, in a structured, commonly used and machine- readable format.
Amendment 596 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
Article 26 – paragraph 4 a (new)
4 a. When ensuring functional equivalence, providers of data processing services are required to maintain the highest level of security features in their destination service.
Amendment 600 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
Amendment 610 #
Proposal for a regulation
Article 27 – paragraph 5
Article 27 – paragraph 5
5. The provider of data processing services shall inform the data holder and its customer about the existence of a request of an administrative authority in a third-country to access its data before complying with its request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
Amendment 617 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b
Article 28 – paragraph 1 – subparagraph 1 – point b
(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, shall be described in a publicly available and consistent manner;
Amendment 620 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c
Article 28 – paragraph 1 – subparagraph 1 – point c
(c) where applicable, the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format;
Amendment 632 #
Proposal for a regulation
Article 29 – paragraph 1 – point a
Article 29 – paragraph 1 – point a
(a) be performance oriented towards achieving interoperability, in a secure manner, between different data processing services that cover the same service type;
Amendment 677 #
Proposal for a regulation
Article 41 – paragraph 1 – point c a (new)
Article 41 – paragraph 1 – point c a (new)
(c a) the interplay between this Regulation, the sector-specific legislation and other relevant Union law, in order to assess any possible conflicting provision, overregulation or legislative gaps;
Amendment 680 #
Proposal for a regulation
Article 42 – paragraph 2
Article 42 – paragraph 2
It shall apply from [1230 months after the date of entry into force of this Regulation].