Activities of Dragoş TUDORACHE related to 2022/0047(COD)

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Abir AL-SAHLANI

Proposal for a regulation
Recital 10 a (new)

(10 a) Data collected or generated by defence products or services or in the context of defence-related activities, including data collected or generated by dual-use products such as satellites, aircraft and drones when used in a defence context, should be excluded from the scope of this Regulation as the disclosure of such data would create strategic vulnerabilities for European security and defence.

2022/11/17
Committee: LIBE

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Product- design data, that relate exclusively to the inner functioning and design of a product and do not present a significant interest to the user, for example data generated or collected as a by product of the interaction between components of sub-components of a system, should be excluded from the scope of this Regulation, provided the product manufacturer can show sharing such data brings no significant benefits to the user in reasonably foreseeable use cases such as the maintenance and repair of the product.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Abir AL-SAHLANI

Proposal for a regulation
Recital 17

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. Product design data, that relate exclusively to the inner functioning and design of a product,should be excluded from the scope of this Regulation insofar as such data brings no significant benefits to the user in reasonably foreseeable uses cases.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Recital 24 a (new)

(24 a) After the data has been made available to a user or data recipient according to the provisions of this Regulation, the data holder should not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user or by the third party.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE

Proposal for a regulation
Recital 36

(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right without additional safeguards. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot ~~request or be granted access to~~solicitor commercially incentivise a users’ or data ~~generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation.~~ holder in any manner, including by providing monetary or any other compensation, to make data available to one of its services.An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, tThis does not prevent third parties from using data processing services offered by a designated gatekeeper~~. This exclusion of designated gatekeepers from the scope of the access right under this Regulation~~ and does not prevent these companies from obtaining data through other lawful means.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 20

(20) In cases of co-ownership of the connected product and related services provided, where several persons or entities own a product or are party to a lease or rent agreement ~~and benefit from access to a related service, reasonable efforts should be made in~~, the design of the connected product or related service or the relevant interface s~~o that~~hall enable all persons ~~can~~to have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer or related service provider as well as a means to communicate to exercise and process data access requests. For identification and authentication purposes, manufacturers and providers of related services should enable users to use European Digital Identity Wallets, issued pursuant to Regulation (EU) XXX/XXXX establishing a framework for a European Digital Identity. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed. User accounts should enable users to revoke consent for processing and data sharing, as well as request deletion of the data generated through the use of the connected product, particularly in cases when the users of the product intend to transfer the ownership of the product to another party.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Recital 56

(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies ~~or in other exceptional cases~~. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 21

(21) PConnected products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable- based or wireless local area networks connected ~~to a publicly available electronic communications service~~ or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. ~~They~~Connected products may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer as well as enable the user to retrieve the data.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Recital 58

(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary ~~either to prevent a public emergency, or~~ to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should~~, outside the case of responding to, preventing or assisting recovery from a public emergency,~~ demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 22

(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet ~~of Things~~. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet ~~of Things~~, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 23

(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, ~~clear and sufficient information should be provided to the user on how the data generated may be acces~~the data holder shall provide to the user clear and sufficient information that would enable the user to effectively exercise its rights upon the data they generate through the use of connected products and related services. The data holder shall develop mechanisms to keep the user up to date when the information changes during the lifetime of the connected product or when the purpose for which the data will be used changes from the originally specified purposed. This obligation provides transparency over the data generated and enhances the easy and secure access for the user, as well as the right to retrieve, process and further harness the value of non-personal data. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation (EU) 2016/679.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 27

(27) The data holder may require appropriate user identification and authentication to verify the user’s entitlement to access the data. Where there is a legal obligation for identification and authentication, data holders should provide users the possibility to use European Digital Identity Wallets pursuant to Regulation (EU) XXX/XXXX establishing a framework for a European Digital Identity. In the case of personal data processed by a processor on behalf of the controller, the data holder should ensure that the access request is received and handled by the processor.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 27 a (new)

(27 a) The user should have the right to share non-personal data with data recipients for commercial and non- commercial purposes. Such data sharing, could be performed directly by the user, upon the request of the user by the data holder or through data intermediation services. Data intermediation services, as regulated by Regulation (EU) 2022/868 could facilitate a data economy by establishing commercial relationships between users, data recipients and third parties and may support users in exercising their right to use data, such as ensuring the proper anonymisation of the data or aggregation of access to data from multiple individual users.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 1 – paragraph 2 – point d

(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the ~~performance of a task carried out in the public interest~~response to or recovery from a public emergency and the data holders that provide those data in response to such request;

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 29 a (new)

(29 a) The data generated by the use of a connected product is a materialisation of the users’ actions and events. The user as a generator of data should have a central role in the data economy, have the right to control and decide how to harness the value of these data and be free to use the data for any lawful purpose. The user should have the right to share non- personal data with third parties for commercial purposes. Such data sharing, could be performed directly by the user, upon the request of the user by the data holder or through data intermediation services. Data intermediation services, as regulated by Regulation (EU) 2022/868 could facilitate a data economy by establishing commercial relationships between users, data holders and data recipients and may support users in exercising their right to use data, such as ensuring the proper anonymisation of data or aggregation of access to data from multiple individual users.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Abir AL-SAHLANI

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e-evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not affect data collected or generated by defence activities, products, or services or by products or services deployed and used for defence purposes, and it shall not affect product design data, insofar as the product manufacturer has demonstrated that such data is of no significant interest to the user. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)

(1 a) “product design data” are data that relate exclusively to the internal functioning of the system and design of the product, for instance in relation to interfaces and interactions between internal components or sub-components of the system;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 1 – point 9

(9) ‘public sector body’ means national, regional or local authorities of the Member States ~~and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies~~;

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 42

(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises, for the costs incurred and investment required for making the data available. The Commission should develop guidance detailing what qualifies as a reasonable compensation in the data economy.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 1 – point 10

(10) ‘public emergency’ means an exceptional situation such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s) and which is determined according to the respective procedures under Union or national law;

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 2 – paragraph 1 – point 14

(14) ‘functional equivalence’ means the maintenance of a minimum level of functionality in the environment of a new data processing service after the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the destination service will deliver the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contract, , insofar as the originating and the destination data processing services cover (in part or in whole) the same service type;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 1

1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely, safely, and, where relevant and appropriate, directly accessible to the user, in a structured, commonly used and machine-readable format.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 50 a (new)

(50 a) In order to avoid misuse of the new data access rights, the data holder may apply protective measures in relation to the data made available to the data recipient to prevent unauthorised access and ensure compliance with the framework of data access pursuant to this Regulation. However, those technical measures should not hinder the effective access and use of data for the data recipient. In the case of abusive practices such as misleading the data holder with inaccurate information or developing a competing connected product, the data holder can, resort to remedies such as requesting the deletion of data and the end of production of connected products based on the data received.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 2 – point a

(a) the nature and ~~volum~~type of the data likely to be generated by the use of the product or related service;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 2 – point c

(c) how the user may access, retrieve, and request the deletion of those data;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 1

1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge, easily, securely, in as structured, commonly used and machine-readable format and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 57

(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency ~~is determin~~should be determined and declared according to the respective procedures in the Member States or of relevant international organisations. In cases of major cybersecurity incidents, this Regulation should be complementary but not create a duplication of requirements deriving from Directive (EU) XXXX/XXXX on measures for a high common level of cybersecurity across the union [NIS2] and Regulation (EU) XXX/XXXX on Digital Operational Resilience for financial entities [DORA].

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD

Proposal for a regulation
Article 4 – paragraph 4

4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product or a related service that competes with the product or the related service from which the data originate.

2022/11/17
Committee: LIBE

Proposal for a regulation
Recital 58

(58) An exceptional need ~~may also~~would arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that noit has exhausted all other alternative means for obtaining the data requested ~~exists~~ and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.

2022/11/14
Committee: ITRE

Proposal for a regulation
Article 5 – paragraph 2 – introductory part

2. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper, pursuant to Article […] of [Regulation XXX on contestable and fair markets in the digital sector (Digital Markets Act)73 ], shall not ~~be an eligible third party under this Article and therefore shall not~~: _________________ 73 OJ […].

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 5 – paragraph 2 – point a

(a) solicit or commercially incentivise a user or a data recipient in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1) or that the data recipient has obtained pursuant to this Article;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 2 – point c

~~(c) receive data from a user that the user has obtained pursuant to a request under Article 4(1).~~deleted

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Dominique RIQUET

Proposal for a regulation
Recital 60

(60) For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal and administrative offences, the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies and Union institutions, agencies and bodies should rely on their powers under sectoral legislation. This Regulation accordingly does not affect instruments for the sharing, access and use of data in those areas. This Regulation should not apply to connected products and related services provided for public security, defence and national security.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 61

(61) A proportionate, limited and predictable framework at Union level is necessary for the making available of data by data holders, in cases of exceptional needs, to public -sector bodies and to Union institution, agencies or bodies ~~both~~ to ensure legal certainty ~~and~~, to minimise the administrative burdens placed on businesses and to avoid misuse of data. To this end, data requests by public sector bodies and by Union institution, agencies and bodies to data holders should be transparent, limited in time, and proportionate in terms of their scope of content and their granularity. The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to perform its tasks in the public interest. The request should also respect the legitimate interests of the businesses to whom the request is made. In order to ensure a higher degree of coordination and avoid additional burden on private companies, Member States should designate one competent authority to act as a single point of contact between public entities requesting access to data and private entities providing access to these data. The competent authority should receive the requests from the public sector bodies or Union institutions, agencies or bodies, analyse whether the requests comply with the requirements set by this Regulation and further direct them to the data holders for execution. The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or Union institution, agency or body where those data are needed to respond to a public emergency. To ensure transparency, data requests made by public sector bodies and by Union institutions, agencies or bodies should be made public without undue delay by the ~~entity requesting the data~~competent authority and online public availability of all requests justified by a public emergency should be ensured.

2022/11/14
Committee: ITRE

Proposal for a regulation
Article 5 – paragraph 5

5. The data holder shall not use any ~~non-personal~~ data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 62

(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies ~~or to maintain the capacity to fulfil specific tasks explicitly provided by law~~. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should ~~also~~ be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested only with the prior explicit consent of the data holder. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 63

(63) Data holders should have the possibility to either ask for a modification of the request made by a public sector body or Union institution, agency and body or its cancellation ~~in a period of 5 or 15 working days depending on the nature of the exceptional need invoked in the request~~without undue delay, but no longer than 5 working days. In case of requests motivated by a public emergency, justified reason not to make the data available should exist if it can be shown that the data is unavailable, the request does not meet the criteria laid down in Chapter V of this Regulation or the request is similar or identical to a previously submitted request for the same purpose by another public sector body or by another Union institution, agency or body and the data holder has not been notified regarding the destruction of such data. A data holder rejecting the request or seeking its modification should communicate the underlying justification for refusing the request to the ~~public sector body or to the Union institution, agency or body requesting the data~~competent authority. In case the sui generis database rights under Directive 96/6/EC of the European Parliament and of the Council66 apply in relation to the requested datasets, data holders should exercise their rights in a way that does not prevent the public sector body and Union institutions, agencies or bodies from obtaining the data, or from sharing it, in accordance with this Regulation. _________________ 66 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 64

(64) Where it is strictly necessary to include personal data in the data made available to a public sector body or to a Union institution, agency or body the applicable rules on personal data protection should be complied with and the making available of the data and their subsequent use should and be accompanied by safeguards for the rights and interests of individuals concerned by those data. The body requesting the data should demonstrate the strict necessity and the specific and limited purposes for processing. ~~The data holder should take reasonable effort~~Prior to making the data available, the data holder should apply all necessary means to anonymise the data or, where such anonymisation proves impossible, the data holder should apply technological means such as pseudonymisation and aggregation~~, prior to making the data available~~.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 65

(65) Data made available to public sector bodies and to Union institutions, agencies and bodies on the basis of exceptional need should only be used for the purpose for which they were requested, unless the data holder that made the data available has exp~~ress~~licitly agreed for the data to be used for other purposes. The ~~data should be destroyed~~public sector bodies and Union institutions, agencies and bodies should take all necessary legal, technical and organisational measures to ensure the integrity and security of the data and should destroy the data once it is no longer necessary for the purpose stated in the request, unless agreed otherwise, and the data holder should be informed thereof.

2022/11/14
Committee: ITRE

Proposal for a regulation
Article 6 – paragraph 2 – point b

(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679~~, unless it is necessary to provide the service requested by the user~~ beyond the provisions of that Regulation;

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 67

(67) When the safeguarding of a significant public ~~good~~interest is at stake, such as is the case of responding to public emergencies, the public sector body or the Union institution, agency or body should not be expected to compensate enterprises for the data obtained. Public emergencies are rare, temporary events and not all such emergencies require the use of data held by enterprises. The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies or Union institutions, agencies or bodies having recourse to this Regulation. However, as cases of an exceptional need other than responding to a public emergency might be more frequent, including cases of prevention of or recovery from a public emergency, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body or to the Union institution, agency or body. The compensation should not be understood as constituting payment for the data itself and as being compulsory.

2022/11/14
Committee: ITRE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 68

(68) The public sector body or Union institution, agency or body may share the data it has obtained pursuant to the request with other entities or persons when this is needed to carry out scientific research activities or analytical activities it cannot perform itself. Data holders should be notified regarding such data sharings, providing the data holder with all necessary information regarding the identity of the data recipient and the activities that will be carried out by the data recipient. The data holder should have the right to object to the sharing of data by a public sector body or a Union institution, agency or body to the competent authority, when such data sharing does not meet the requirements of this Regulation. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the compilation of official statistics. Such research activities should however be compatible with the purpose for which the data was requested ~~and the data holder should be informed about the further sharing of the data it had provided~~. Individuals conducting research or research organisations with whom these data may be shared should act either on a not-for- profit basis or in the context of a public- interest mission recognised by the State. Organisations upon which commercial undertakings have a decisive influence allowing such undertakings to exercise control because of structural situations, which could result in preferential access to the results of the research, should not be considered research organisations for the purposes of this Regulation.

2022/11/14
Committee: ITRE

Proposal for a regulation
Article 6 – paragraph 2 – point d

(d) make the data available it receives to an undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper pursuant to Article […] of [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)];deleted

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 6 – paragraph 2 – point e

(e) use the data it receives to develop a product or related service that competes with the product or the related service from which the accessed data originate or share the data with another third party for that purpose;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI, Michal ŠIMEČKA

Proposal for a regulation
Article 6 – paragraph 2 a (new)

2 a. The third party shall implement adequate organizational, technical and cybersecurity measures to preserve the integrity of the data and to ensure its protection against unauthorised disclosure.

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 7 – paragraph 2 a (new)

2 a. The data holder shall not be liable towards the user for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user after the data has been made available.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE

Proposal for a regulation
Recital 89

(89) In order to allow the economic actors to adapt to the new rules laid out in this Regulation, they should apply from ~~a year after~~18 months after entry into force of the Regulation. The obligations related to the design of the connected products and provision of the related services placed on the market within the last five years from the entry into force of theis Regulation, should apply retroactively, only when the manufacturer or provider of related service is able to remotely deploy mechanisms to ensure the fulfilment of the requirements pursuant to Article 3(1) and only when the deployment of such mechanisms would not place a disproportionate burden on the manufacturer or provider of related services.

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI

Proposal for a regulation
Article 11 – paragraph 2 – point b a (new)

(b a) inform the user of the unauthorised use or disclosure of the data and measures taken to put an end to the unauthorised use or disclosure of the data.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 1 – paragraph 1

1. This Regulation lays down harmonised rules on making data generated by the use of a connected product or related service available to the user of that connected product or related service, on the making data available by a user to a data recipient or by the data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need~~, for the performance of a task carried out in the public interest~~:

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 12 – paragraph 1 a (new)

1 a. The data holder shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the data recipient after the data has been made available.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Alin MITUȚA, Abir AL-SAHLANI

Proposal for a regulation
Article 14 – paragraph 2 a (new)

2 a. This Chapter is without prejudice to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 1 – paragraph 2 – point d

(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the p~~erformance of a task carried out in the public interest~~revention, response or recovery from a public emergency and the data holders that provide those data in response to such request;

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 15 – paragraph 1 – introductory part

An exceptional need to use data within the meaning of this Chapter shall be deemed to exist ~~in any~~where all of the following c~~ircumstances~~onditions are met:

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 1 – point a

(a) ~~where~~ the data requested is strictly necessary to respond to a public emergency;

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 1 – point b

(b) ~~where the data request is limited in time and scope and necessary to prevent a public emergency~~ or to assist the recovery from a public emergency and is limited in time and scope;

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part

(c) ~~where~~ the lack of available data prevents the public sector body or Union institution, agency or body from ~~fulfilling a specific task in the public interest that has been explicitl~~responding to the public emergency or from assisting the recovery pfro~~vided by law; and~~m a public emergency;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Abir AL-SAHLANI

Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1

(1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available~~, and the adoption of new legislative measures cannot ensure the timely availability of the data; or~~.

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2

~~(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.~~deleted

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER, Dominique RIQUET

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall not apply to, nor pre-empt, voluntary arrangements for the exchange of non-personal data between private and public entities. It shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e- evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not apply to the data generated by connected products and related services provided for public security, defence and national security. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 17 – paragraph 1 – point c

(c) explain the purpose of the request, the intended use of the data requested, ~~and~~ the duration of that use, and which third parties the data may be disclosed to;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)

(e a) where the request is made by a public sector body to a data holder established in another Member State, confirm that the public sector body has notified the competent authority of that Member State in conformity with Article 22(3);

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)

(e b) where the data requested concerns personal data, consult the competent supervisory authority under Article 51 of Regulation (EU)2016/679 or under Article 52 under Regulation (EU) 2018/1725, abide by its recommendations, and confirm the conformity of the request with Regulation (EU)2016/679 or Regulation (EU) 2018/1725.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1

Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 a~~pply~~lso apply to such third parties.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 17 – paragraph 4 a (new)

4 a. The third party shall not use the data it receives from a public sector body or a Union institution, agency or body to develop a product or a related service that competes with the product or related service from which the data originate.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI

Proposal for a regulation
Article 18 – paragraph 5

5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the applicable rules on personal data protection shall be fully complied with. The data holder shall take reasonable efforts to pseudonymise the ~~data~~personal data made available, insofar as the request can be fulfilled with pseudonymised data.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 18 – paragraph 6 a (new)

6 a. A data holder complying with a request to make data available pursuant to this article shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing or the unauthorised disclosure of the data by the public sector body or a Union institution, agency or body, after the data has been made available.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Michal ŠIMEČKA

Proposal for a regulation
Article 19 – paragraph 1 – point b

(b) implement, insofar as the processing of personal data is necessary, technical, cybersecurity, and organisational measures that safeguard the rights and freedoms of data subjects;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI, Michal ŠIMEČKA

Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)

(b a) implement adequate administrative, technical and cybersecurity measures to prevent the unauthorised disclosure of the data;

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE

Proposal for a regulation
Article 2 – paragraph 1 – point 2

(2) ‘connected product’ means a tangible~~, movable item, including where incorporated in an immovable~~ item, that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data via a ~~publicly available~~n electronic communications service and whose primary function is not the storing and processing of data;

2022/11/14
Committee: ITRE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI, Michal ŠIMEČKA

Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)

(b b) inform without undue delay the data holder when a security incident has occurred that is affecting the confidentiality,integrity, or availability of the data it holds that was provided by the data holder;

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI, Michal ŠIMEČKA

Proposal for a regulation
Article 19 – paragraph 2

2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate technical, cybersecurity, and organizational measures to preserve the confidentiality of those trade secrets and to ensure the security of the data and the prevention of its unauthorised disclosure.

2022/11/17
Committee: LIBE

1. Data made available to respond to a public emergency pursuant to Article 15, ~~point (a),~~ shall be provided free of charge.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 20 – paragraph 2

2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, ~~points (b) or (c),~~ such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.

2022/11/17
Committee: LIBE

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 2 – paragraph 1 – point 5

(5) ‘user’ means a natural or legal person that owns~~, rents or leases a~~ a product and receives a related service from a data holder or a lawful user to whom the owner of the connected product has transferred, pursuant to a rental or lease agreement, the right to use the connected product or receive~~s a~~ related services from a data holder;

2022/11/14
Committee: ITRE

Proposal for a regulation
Article 21 – paragraph 1

1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations or national statistical institutes and Eurostat in view of carrying out scientific research or analytics ~~compatible with~~for the purpose for which the data was requested~~, or to national statistical institutes and Eurostat for the compilation of official statistics~~.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA, Abir AL-SAHLANI

Proposal for a regulation
Article 21 – paragraph 4

4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received, providing all necessary information regarding the identity of the data recipient and the activities to be carried out by the data recipient, and shall ensure all organizational,technical, and cybersecurity measures to preserve the integrity of the data and to prevent its unauthorised disclosure.

2022/11/17
Committee: LIBE

Dragoş TUDORACHE, Moritz KÖRNER, Karen MELCHIOR, Alin MITUȚA

Proposal for a regulation
Article 23 – paragraph 1 – point a

(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service;

2022/11/17
Committee: LIBE

1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall be clear and transparent to the customer and shall include at least the following:

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:

2022/11/17
Committee: LIBE

Proposal for a regulation
Article 24 – paragraph 1 – point c

(c) a minimum period for data retrieval of at least 360 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2.

2022/11/17
Committee: LIBE