48 Amendments of Andreas GLÜCK related to 2022/0047(COD)
Amendment 356 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a connected product or related service available to the user of that connected product or related service, on the making data available by a user to a data recipient or by the data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest:
Amendment 360 #
Proposal for a regulation
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1 a. Where this Regulation refers to connected products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service, the data generated by them shall be covered by this Regulation, insofar it does not overlap with the scope of the national and Union law referring to electronic communications services.
Amendment 365 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) manufacturers of connected products and suppliproviders of related services placed on the market in the Union and the users of such products or services, irrespective of their place of establishment;
Amendment 369 #
Proposal for a regulation
Article 1 – paragraph 2 – point b a (new)
Article 1 – paragraph 2 – point b a (new)
Amendment 370 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interestrevention, response or recovery from a public emergency and the data holders that provide those data in response to such request;
Amendment 374 #
Proposal for a regulation
Article 1 – paragraph 2 – point e
Article 1 – paragraph 2 – point e
(e) providers of data processing services offer, irrespective of their place of establishment, providing such services to customers in the Union.
Amendment 382 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation shall not apply to, nor pre-empt, voluntary arrangements for the exchange of non-personal data between private and public entities. It shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e- evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not apply to the data generated by connected products and related services provided for public security, defence and national security. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
Amendment 392 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording;, that is generated by the use of a connected product and can be transmitted via electronic communications services.
Amendment 429 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person that owns, rents or leases a a product and receives a related service from a data holder or a lawful user to whom the owner of the connected product has transferred, pursuant to a rental or lease agreement, the right to use the connected product or receives a related services from a data holder;
Amendment 438 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person, other than the user, who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case ofto make available non-personal data and through control of the technical design of thegenerated by the use of a connected product andor a related services, the ability, to make available certain and who has the control over these data;
Amendment 446 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7
Article 2 – paragraph 1 – point 7
(7) ‘data recipient’ means a legal or natural person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holduser makes the data available either directly, or through data intermediation services, or the data holder, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation implementing Union law;
Amendment 454 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negativ legally declared state of emergency by the Union or a Member State for an exceptional and immediate situation caused by natural or man-made disasters, adversely affecting the population of the Union, a Member State or part of it, with a risk of seriousignificant and lasting repercussions on living conditionsthe health, safety or economic stability of citizen, or the substantial degradation of economic assets in the Union or the relevant Member State(s);
Amendment 474 #
Proposal for a regulation
Article 2 – paragraph 1 – point 17
Article 2 – paragraph 1 – point 17
(17) ‘electronic ledger’ means an electronic ledger within the meaning of Article 3, point (53), of Regulation (EU) No 910/2014XXX/XXXX [establishing a European Digital Identity framework];
Amendment 488 #
Proposal for a regulation
Article 3 – title
Article 3 – title
3 Obligation of the manufacturer or a provider of related services to make data generated by the use of connected products or related services accessible to the user
Amendment 490 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the userthat the data holder can readily obtain from the product on to an existing interface, or data that are collected or aimed to be collected by the data holder, are by default, easily, securely and, where relevant and appropriate, directly accessible to the user in a structured, commonly used and machine- readable format along with the relevant metadata, on a free of charge basis and retrievable by the user. Where technically feasible, the user should be able to access and retrieve such data directly from the device, without recourse to related services.
Amendment 499 #
Proposal for a regulation
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1 a. Before concluding a contract for the purchase, rent or lease of a connected product, the manufacturer shall provide to the user, in the form of a standardised label at least the following information: (a) the nature, format and estimated volume of data that the connected product is capable of generating; (b) the means by which the connected product can transmit data, including whether the data will be stored on-device or on a remote server; (c) whether the seller, renter or lessor is the data holder and, if not, the identity of the data holder, such as its trading name, the geographical address at which it is established and where applicable the legal entity identifier; (d) how the user of the connected product can access, retrieve or request erasure of the generated data from the connected product; (e) the on-device storage capacity, including the duration for which data collected by the connected product can be stored on it; (f) the period for which the device is guaranteed to receive functionality updates according to the Regulation (EU) XXX/XXXX [Cyber resilience Act].
Amendment 512 #
Proposal for a regulation
Article 3 – paragraph 2 – introductory part
Article 3 – paragraph 2 – introductory part
2. Before concluding a contract for the purchase, rent or lease of a product orrovision of a related service, at least the following information shall be provided to the user, in a simple manner, clear and comprehensible format:
Amendment 514 #
Proposal for a regulation
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
(a) the nature an, format, frequency and estimated volume of the data likely to be generated by the use of the connected product orand related service;
Amendment 518 #
Proposal for a regulation
Article 3 – paragraph 2 – point b
Article 3 – paragraph 2 – point b
(b) whether the data is likely towill be generated continuously and in real-time;
Amendment 520 #
Proposal for a regulation
Article 3 – paragraph 2 – point b a (new)
Article 3 – paragraph 2 – point b a (new)
(b a) whether the data will be stored on- device or on a remote server;
Amendment 523 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
Article 3 – paragraph 2 – point c
(c) how the user may access, retrieve and request de erasure of those data;
Amendment 536 #
Proposal for a regulation
Article 3 – paragraph 2 – point d
Article 3 – paragraph 2 – point d
(d) whether the manufacturer supplying the product or the service provider providing the related service intends to use the data itself or allow a third party to use the data and, if so, the purposes for which those data will be used;
Amendment 540 #
Proposal for a regulation
Article 3 – paragraph 2 – point e
Article 3 – paragraph 2 – point e
(e) whether the seller, renter or lessorprovider of the related service is the only data holder and, if not, the identity of the other data holders, such as its trading name and, the geographical address at which it is established; and where applicable the legal entity identifier;
Amendment 545 #
Proposal for a regulation
Article 3 – paragraph 2 – point f a (new)
Article 3 – paragraph 2 – point f a (new)
(f a) where relevant, the type of data likely to be generated by the use of the connected product or related service that may contain or contains any trade secrets or may reveal or reveals any other relevant information concerning intellectual property rights and thus requires prior explicit written consent of the data holder before providing access to, using or sharing it;
Amendment 547 #
Proposal for a regulation
Article 3 – paragraph 2 – point g
Article 3 – paragraph 2 – point g
(g) how the user may request that the data are shared with a third-party and withdraw the consent for data sharing;
Amendment 567 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
2. The data holder shall not require the user to provide any information beyond what is strictly necessary to verify the quality as a user pursuant to paragraph 1. The data holder shall not keep any information on the user’'s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and the maintenance of the data infrastructure. Where identification is legally required, data holders shall enable the possibility for users to identify and authenticate through the European Digital Identity Wallets, pursuant to Regulation (EU) XXX/XXXX [European Digital Identity framework].
Amendment 584 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specifiche data holder can take all necessary measures are taken, in advance to preserve the confidentiality of its trade secrets, in particular wisofar this is not hampering the respect to third partiesights of the users or third parties to access data. The data holder and the user can agree on measures to preserve the confidentiality of the shared data, in particular in relation to third parties.
Amendment 616 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. Any undertaking manufacturing connected products or providing related services which has been determined to have a dominant position on the market pursuant to national or Union competition law and any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper, pursuant to Article […] of [Regulation XXX on contestable and fair markets in the digital sector (Digital Markets Act)73 ], shall not be an eligible third party under this Article and therefore shall not: _________________ 73 OJ […].
Amendment 625 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. The user or third party shall not be required to provide any information beyond what is strictly necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. Where identification is not legally required, users should be able to use products anonymously.
Amendment 665 #
Proposal for a regulation
Article 6 – paragraph 2 – point d
Article 6 – paragraph 2 – point d
(d) make the data available it receives to an undertaking manufacturing connected products or providing related services which has been determined to have a dominant position on the market pursuant to national or Union competition law and to an undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper pursuant to Article […] of [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)];
Amendment 680 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The obligations pursuant to Articles 4, 5, and 6 of this Chapter shall not apply to data generated by the use of connected products manufactured ord related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.
Amendment 684 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Where this Regulation refers to products or related services, such reference shall also be understood to include virtual assistants, insofar as they are used to access or control a product or related serviceconnected product.
Amendment 703 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro, small or medium enterprise, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 716 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. DUsers, data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8 and 9.
Amendment 771 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be limited in time and scope and deemed to exist in any ofonly in the following circumstances:
Amendment 777 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
Article 15 – paragraph 1 – point a
(a) where the data requested is strictly necessary to respond to a public emergency;
Amendment 781 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope andstrictly necessary to prevent a public emergency or to assist the recovery from a public emergency; and only if all of the following conditions are fulfilled:
Amendment 782 #
Proposal for a regulation
Article 15 – paragraph 1 – point b – point i (new)
Article 15 – paragraph 1 – point b – point i (new)
i) the public sector body or Union institution, agency or body has exhausted all other means to obtain such data, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or
Amendment 783 #
Proposal for a regulation
Article 15 – paragraph 1 – point b – point ii (new)
Article 15 – paragraph 1 – point b – point ii (new)
ii) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.
Amendment 785 #
Proposal for a regulation
Article 15 – paragraph 1 – point c
Article 15 – paragraph 1 – point c
Amendment 813 #
Proposal for a regulation
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) demonstrate the exceptional need for which the data are requested, laying down the circumstance justifying the request and demonstrating that all the conditions mentioned in Article 15 are met;
Amendment 902 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) take all necessary legal, technical and organisational measures to ensure the integrity and security of the data received;
Amendment 904 #
Proposal for a regulation
Article 19 – paragraph 1 – point c
Article 19 – paragraph 1 – point c
(c) destroy the data as soon as, without undue delay, the data theyat are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed.;
Amendment 907 #
Proposal for a regulation
Article 19 – paragraph 1 – point c a (new)
Article 19 – paragraph 1 – point c a (new)
(c a) notify the data holder, without undue delay, of any cybersecurity threat, vulnerability or incident that has compromised the security and integrity of the data that has been transferred to them, without prejudice to the reporting obligations under Regulation (EU) XXX/XXXX [EUIBA] and Directive (EU) XXX/XXXX [NIS2].
Amendment 925 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where tThe data holder claimsshall be entitled to reasonable compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), s. Such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a fair and reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 1092 #
Proposal for a regulation
Article 30 – paragraph 6
Article 30 – paragraph 6
6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or w, the Commission shall issue a standardisation request in accordance with Article 10 of Regulation 1025/2012. Where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross- border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 1128 #
Proposal for a regulation
Article 32 – paragraph 2
Article 32 – paragraph 2
2. The competent authority with which the complaint has been lodged shall inform the complainant in accordance with national law of the progress of the proceedings and of the decision taken.
Amendment 1163 #
Proposal for a regulation
Article 42 – paragraph 2 a (new)
Article 42 – paragraph 2 a (new)
The obligation resulting from Article 3(1) shall apply retroactively to connected products placed on the market within 5 years prior to the entry into force of this Regulation, only when the manufacturer or provider of related service is able to remotely deploy mechanisms to ensure the fulfilment of the requirements pursuant to Article 3(1) and only when the deployment of such mechanisms would not place a disproportionate burden on the manufacturer or provider of related services.