Activities of Anne-Sophie PELLETIER related to 2020/0340(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act)
Amendments (15)
Amendment 160 #
Proposal for a regulation
Recital 2
Recital 2
(2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: despite the many risks involved, data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23. In its Data Strategy24, the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. In order to turn that vision into reality, it proposes to establish domain- specific common European data spaces, as the concrete arrangements in which data sharing and data pooling can happen. As foreseen in that strategy, such common European data spaces can cover areas such as health, mobility, manufacturing, financial services, energy, or agriculture or thematic areas, such as the European green deal or European data spaces for public administration or skills. __________________ 23Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions on the European Green Deal. Brussels, 11.12.2019. (COM(2019) 640 final). 24 COM(2020) 66 final.
Amendment 195 #
Proposal for a regulation
Recital 19
Recital 19
(19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive by means of a specific Union act, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. Insurance companies, laboratories, databases or any other service provider should not be authorised to use highly sensitive data or data from eHealth applications for the purpose of discrimination in pricing, advertising targeting or commercial application development, as this would run counter to the fundamental right of access to health. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be transparent, proportionate, non-discriminatory and necessary to protect clearly identified legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Amendment 201 #
Proposal for a regulation
Recital 23
Recital 23
(23) A specific category of data intermediaries includes providers of data sharing services that offer their services to data subjects in the sense of Regulation (EU) 2016/679. Such providers focus exclusively on personal data and seek to enhance individual agency and the individuals’ control over the data pertaining to them. They would assist individuals in exercising their rights under Regulation (EU) 2016/679, in particular managing their consent to data processing, the right of access to their own data, the right to the rectification of inaccurate personal data, the right of erasure or right ‘to be forgotten’, the right to withdraw their consent, the right to restrict processing and the data portability right, which allows data subjects to move their personal data from one controller to the other. In this context, it is important that their business model ensures that there are no misaligned incentives that encourage individuals to make more data available for processing than what is in the individuals’ own interest. This could include advising individuals on uses of their data they could allow and making due diligence checks on data users before allowing them to contact data subjects, in order to avoid fraudulent practices. In certain situations, it could be desirable to collate actual data within a personal data storage space, or ‘personal data space’ so that processing can happen within that space without personal data being transmitted to third parties in order to maximise the protection of personal data and privacy.
Amendment 213 #
Proposal for a regulation
Article 1 – paragraph 1 – point a
Article 1 – paragraph 1 – point a
(a) conditions for the re-use, within the Union, of certain categories of non- personal data held by public sector bodies;
Amendment 228 #
Proposal for a regulation
Article 3 – paragraph 2 – point e a (new)
Article 3 – paragraph 2 – point e a (new)
(ea) personal health data;
Amendment 241 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
(2) Conditions for re-use shall be non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. Consent shall be given specifically for the intended re-use task only, general consent shall not be requested in advance. These conditions shall not be used to restrict competition.
Amendment 242 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
(2) Conditions for re-use shall be based on consent by the rights holder, non- discriminatory, proportionate and objectively justified with regard to categories of data and purposes of re-use and the nature of the data for which re-use is allowed. These conditions shall not be used to restrict competition.
Amendment 258 #
Proposal for a regulation
Article 5 – paragraph 6
Article 5 – paragraph 6
(6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 32 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re-users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 262 #
Proposal for a regulation
Article 5 – paragraph 10 – point b a (new)
Article 5 – paragraph 10 – point b a (new)
(ba) To establish an office in the Member State in which the data was generated in order to be accessible for redress by the data holder;
Amendment 289 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
(3) A provider of data sharing services that is not established in the Union, but offers the services referred to in Article 9 (1) within the Union, shall appoint a legal representative in one of the Member States in which those services are offered and shall be required to house EU citizens’ data on EU territory. The provider shall be deemed to be under the jurisdiction of the Member State in which the legal representative is established.
Amendment 313 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
(1) Each Member State shall designate in its territory one or moredata protection authorities competent to carry out the tasks related to the notification framework and shall communicate to the Commission the identity of those designated authorities by [date of application of this Regulation]. It shall also communicate to the Commission any subsequent modification.
Amendment 315 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
(3) The designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 365 #
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
(3) The top-management and the personnel responsible for carrying out the relevant tasks of the competent authority provided for in this Regulation cannot be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of the services which they evaluate, nor the authorised representative of any of those parties or represent them or have represented them for the last two years. This shall not preclude the use of evaluated services that are necessary for the operations of the competent authority or the use of such services for personal purposes.
Amendment 369 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
(1) The Commission shall establish a European Data Innovation Board (“the Board”) in the form of an Expert Group, consisting of the representatives of competent authorities of all the Member States, the European Data Protection Board, the Commission, relevant data spaceEuropean Social partners, relevant data spaces, including civil society organisations and other representatives of competent authorities in specificdata protection sectors.
Amendment 374 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
(2) Stakeholders and relevant third parties may be invited to attend meetings of the Board and to participate in its work. publish afterwards a public report of their communication to the Board.