BETA

Activities of Dragoş TUDORACHE related to 2022/0047(COD)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)
2023/02/02
Committee: LIBE
Dossiers: 2022/0047(COD)
Documents: PDF(375 KB) DOC(243 KB)
Authors: [{'name': 'Sergey LAGODINSKY', 'mepid': 197460}]

Amendments (139)

Amendment 95 #
Proposal for a regulation
Citation 1
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 and Article 103 thereof,
2022/11/14
Committee: ITRE
Amendment 110 #
Proposal for a regulation
Recital 5
(5) This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice, either directly or through data intermediation services. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a connected product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by connected products or related services.
2022/11/14
Committee: ITRE
Amendment 114 #
Proposal for a regulation
Recital 6
(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product, and where different from the manufacturer the provider of related services for the connected product and the user of that connected product. It gives rise to questions of fairness in the digital economy, because the data recorded by such connected products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use.
2022/11/14
Committee: ITRE
Amendment 119 #
Proposal for a regulation
Recital 10 a (new)
(10 a) Data collected or generated by defence products or services or in the context of defence-related activities, including data collected or generated by dual-use products such as satellites, aircraft and drones when used in a defence context, should be excluded from the scope of this Regulation as the disclosure of such data would create strategic vulnerabilities for European security and defence.
2022/11/17
Committee: LIBE
Amendment 122 #
Proposal for a regulation
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Product- design data, that relate exclusively to the inner functioning and design of a product and do not present a significant interest to the user, for example data generated or collected as a by product of the interaction between components of sub-components of a system, should be excluded from the scope of this Regulation, provided the product manufacturer can show sharing such data brings no significant benefits to the user in reasonably foreseeable use cases such as the maintenance and repair of the product.
2022/11/17
Committee: LIBE
Amendment 127 #
Proposal for a regulation
Recital 17
(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. Product design data, that relate exclusively to the inner functioning and design of a product,should be excluded from the scope of this Regulation insofar as such data brings no significant benefits to the user in reasonably foreseeable uses cases.
2022/11/17
Committee: LIBE
Amendment 137 #
Proposal for a regulation
Recital 24 a (new)
(24 a) After the data has been made available to a user or data recipient according to the provisions of this Regulation, the data holder should not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user or by the third party.
2022/11/17
Committee: LIBE
Amendment 150 #
Proposal for a regulation
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right without additional safeguards. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot request or be granted access tosolicitor commercially incentivise a users’ or data generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation. holder in any manner, including by providing monetary or any other compensation, to make data available to one of its services.An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, tThis does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation and does not prevent these companies from obtaining data through other lawful means.
2022/11/17
Committee: LIBE
Amendment 164 #
Proposal for a regulation
Recital 20
(20) In cases of co-ownership of the connected product and related services provided, where several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in, the design of the connected product or related service or the relevant interface so thathall enable all persons canto have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer or related service provider as well as a means to communicate to exercise and process data access requests. For identification and authentication purposes, manufacturers and providers of related services should enable users to use European Digital Identity Wallets, issued pursuant to Regulation (EU) XXX/XXXX establishing a framework for a European Digital Identity. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed. User accounts should enable users to revoke consent for processing and data sharing, as well as request deletion of the data generated through the use of the connected product, particularly in cases when the users of the product intend to transfer the ownership of the product to another party.
2022/11/14
Committee: ITRE
Amendment 166 #
Proposal for a regulation
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
2022/11/17
Committee: LIBE
Amendment 172 #
Proposal for a regulation
Recital 21
(21) PConnected products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable- based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. TheyConnected products may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer as well as enable the user to retrieve the data.
2022/11/14
Committee: ITRE
Amendment 174 #
Proposal for a regulation
Recital 58
(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.
2022/11/17
Committee: LIBE
Amendment 175 #
Proposal for a regulation
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.
2022/11/14
Committee: ITRE
Amendment 178 #
Proposal for a regulation
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accesthe data holder shall provide to the user clear and sufficient information that would enable the user to effectively exercise its rights upon the data they generate through the use of connected products and related services. The data holder shall develop mechanisms to keep the user up to date when the information changes during the lifetime of the connected product or when the purpose for which the data will be used changes from the originally specified purposed. This obligation provides transparency over the data generated and enhances the easy and secure access for the user, as well as the right to retrieve, process and further harness the value of non-personal data. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation (EU) 2016/679.
2022/11/14
Committee: ITRE
Amendment 194 #
Proposal for a regulation
Recital 27
(27) The data holder may require appropriate user identification and authentication to verify the user’s entitlement to access the data. Where there is a legal obligation for identification and authentication, data holders should provide users the possibility to use European Digital Identity Wallets pursuant to Regulation (EU) XXX/XXXX establishing a framework for a European Digital Identity. In the case of personal data processed by a processor on behalf of the controller, the data holder should ensure that the access request is received and handled by the processor.
2022/11/14
Committee: ITRE
Amendment 197 #
Proposal for a regulation
Recital 27 a (new)
(27 a) The user should have the right to share non-personal data with data recipients for commercial and non- commercial purposes. Such data sharing, could be performed directly by the user, upon the request of the user by the data holder or through data intermediation services. Data intermediation services, as regulated by Regulation (EU) 2022/868 could facilitate a data economy by establishing commercial relationships between users, data recipients and third parties and may support users in exercising their right to use data, such as ensuring the proper anonymisation of the data or aggregation of access to data from multiple individual users.
2022/11/14
Committee: ITRE
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interestresponse to or recovery from a public emergency and the data holders that provide those data in response to such request;
2022/11/17
Committee: LIBE
Amendment 210 #
Proposal for a regulation
Recital 29 a (new)
(29 a) The data generated by the use of a connected product is a materialisation of the users’ actions and events. The user as a generator of data should have a central role in the data economy, have the right to control and decide how to harness the value of these data and be free to use the data for any lawful purpose. The user should have the right to share non- personal data with third parties for commercial purposes. Such data sharing, could be performed directly by the user, upon the request of the user by the data holder or through data intermediation services. Data intermediation services, as regulated by Regulation (EU) 2022/868 could facilitate a data economy by establishing commercial relationships between users, data holders and data recipients and may support users in exercising their right to use data, such as ensuring the proper anonymisation of data or aggregation of access to data from multiple individual users.
2022/11/14
Committee: ITRE
Amendment 216 #
Proposal for a regulation
Article 1 – paragraph 4
4. This Regulation shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e-evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not affect data collected or generated by defence activities, products, or services or by products or services deployed and used for defence purposes, and it shall not affect product design data, insofar as the product manufacturer has demonstrated that such data is of no significant interest to the user. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
2022/11/17
Committee: LIBE
Amendment 223 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)
(1 a) “product design data” are data that relate exclusively to the internal functioning of the system and design of the product, for instance in relation to interfaces and interactions between internal components or sub-components of the system;
2022/11/17
Committee: LIBE
Amendment 247 #
Proposal for a regulation
Article 2 – paragraph 1 – point 9
(9) ‘public sector body’ means national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies;
2022/11/17
Committee: LIBE
Amendment 250 #
Proposal for a regulation
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises, for the costs incurred and investment required for making the data available. The Commission should develop guidance detailing what qualifies as a reasonable compensation in the data economy.
2022/11/14
Committee: ITRE
Amendment 252 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s) and which is determined according to the respective procedures under Union or national law;
2022/11/17
Committee: LIBE
Amendment 256 #
Proposal for a regulation
Article 2 – paragraph 1 – point 14
(14) ‘functional equivalence’ means the maintenance of a minimum level of functionality in the environment of a new data processing service after the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the destination service will deliver the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contract, , insofar as the originating and the destination data processing services cover (in part or in whole) the same service type;
2022/11/17
Committee: LIBE
Amendment 263 #
Proposal for a regulation
Article 3 – paragraph 1
1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely, safely, and, where relevant and appropriate, directly accessible to the user, in a structured, commonly used and machine-readable format.
2022/11/17
Committee: LIBE
Amendment 269 #
Proposal for a regulation
Recital 50 a (new)
(50 a) In order to avoid misuse of the new data access rights, the data holder may apply protective measures in relation to the data made available to the data recipient to prevent unauthorised access and ensure compliance with the framework of data access pursuant to this Regulation. However, those technical measures should not hinder the effective access and use of data for the data recipient. In the case of abusive practices such as misleading the data holder with inaccurate information or developing a competing connected product, the data holder can, resort to remedies such as requesting the deletion of data and the end of production of connected products based on the data received.
2022/11/14
Committee: ITRE
Amendment 271 #
Proposal for a regulation
Article 3 – paragraph 2 – point a
(a) the nature and volumtype of the data likely to be generated by the use of the product or related service;
2022/11/17
Committee: LIBE
Amendment 272 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
(c) how the user may access, retrieve, and request the deletion of those data;
2022/11/17
Committee: LIBE
Amendment 282 #
Proposal for a regulation
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge, easily, securely, in as structured, commonly used and machine-readable format and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible.
2022/11/17
Committee: LIBE
Amendment 287 #
Proposal for a regulation
Recital 57
(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determinshould be determined and declared according to the respective procedures in the Member States or of relevant international organisations. In cases of major cybersecurity incidents, this Regulation should be complementary but not create a duplication of requirements deriving from Directive (EU) XXXX/XXXX on measures for a high common level of cybersecurity across the union [NIS2] and Regulation (EU) XXX/XXXX on Digital Operational Resilience for financial entities [DORA].
2022/11/14
Committee: ITRE
Amendment 288 #
Proposal for a regulation
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product or a related service that competes with the product or the related service from which the data originate.
2022/11/17
Committee: LIBE
Amendment 296 #
Proposal for a regulation
Recital 58
(58) An exceptional need may alsowould arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that noit has exhausted all other alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.
2022/11/14
Committee: ITRE
Amendment 300 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
2. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper, pursuant to Article […] of [Regulation XXX on contestable and fair markets in the digital sector (Digital Markets Act)73 ], shall not be an eligible third party under this Article and therefore shall not: _________________ 73 OJ […].
2022/11/17
Committee: LIBE
Amendment 301 #
Proposal for a regulation
Article 5 – paragraph 2 – point a
(a) solicit or commercially incentivise a user or a data recipient in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1) or that the data recipient has obtained pursuant to this Article;
2022/11/17
Committee: LIBE
Amendment 302 #
Proposal for a regulation
Article 5 – paragraph 2 – point c
(c) receive data from a user that the user has obtained pursuant to a request under Article 4(1).deleted
2022/11/17
Committee: LIBE
Amendment 303 #
Proposal for a regulation
Recital 60
(60) For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal and administrative offences, the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies and Union institutions, agencies and bodies should rely on their powers under sectoral legislation. This Regulation accordingly does not affect instruments for the sharing, access and use of data in those areas. This Regulation should not apply to connected products and related services provided for public security, defence and national security.
2022/11/14
Committee: ITRE
Amendment 304 #
Proposal for a regulation
Recital 61
(61) A proportionate, limited and predictable framework at Union level is necessary for the making available of data by data holders, in cases of exceptional needs, to public -sector bodies and to Union institution, agencies or bodies both to ensure legal certainty and, to minimise the administrative burdens placed on businesses and to avoid misuse of data. To this end, data requests by public sector bodies and by Union institution, agencies and bodies to data holders should be transparent, limited in time, and proportionate in terms of their scope of content and their granularity. The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to perform its tasks in the public interest. The request should also respect the legitimate interests of the businesses to whom the request is made. In order to ensure a higher degree of coordination and avoid additional burden on private companies, Member States should designate one competent authority to act as a single point of contact between public entities requesting access to data and private entities providing access to these data. The competent authority should receive the requests from the public sector bodies or Union institutions, agencies or bodies, analyse whether the requests comply with the requirements set by this Regulation and further direct them to the data holders for execution. The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or Union institution, agency or body where those data are needed to respond to a public emergency. To ensure transparency, data requests made by public sector bodies and by Union institutions, agencies or bodies should be made public without undue delay by the entity requesting the datacompetent authority and online public availability of all requests justified by a public emergency should be ensured.
2022/11/14
Committee: ITRE
Amendment 305 #
Proposal for a regulation
Article 5 – paragraph 5
5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time.
2022/11/17
Committee: LIBE
Amendment 309 #
Proposal for a regulation
Recital 62
(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested only with the prior explicit consent of the data holder. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
2022/11/14
Committee: ITRE
Amendment 312 #
Proposal for a regulation
Recital 63
(63) Data holders should have the possibility to either ask for a modification of the request made by a public sector body or Union institution, agency and body or its cancellation in a period of 5 or 15 working days depending on the nature of the exceptional need invoked in the requestwithout undue delay, but no longer than 5 working days. In case of requests motivated by a public emergency, justified reason not to make the data available should exist if it can be shown that the data is unavailable, the request does not meet the criteria laid down in Chapter V of this Regulation or the request is similar or identical to a previously submitted request for the same purpose by another public sector body or by another Union institution, agency or body and the data holder has not been notified regarding the destruction of such data. A data holder rejecting the request or seeking its modification should communicate the underlying justification for refusing the request to the public sector body or to the Union institution, agency or body requesting the datacompetent authority. In case the sui generis database rights under Directive 96/6/EC of the European Parliament and of the Council66 apply in relation to the requested datasets, data holders should exercise their rights in a way that does not prevent the public sector body and Union institutions, agencies or bodies from obtaining the data, or from sharing it, in accordance with this Regulation. _________________ 66 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).
2022/11/14
Committee: ITRE
Amendment 316 #
Proposal for a regulation
Recital 64
(64) Where it is strictly necessary to include personal data in the data made available to a public sector body or to a Union institution, agency or body the applicable rules on personal data protection should be complied with and the making available of the data and their subsequent use should and be accompanied by safeguards for the rights and interests of individuals concerned by those data. The body requesting the data should demonstrate the strict necessity and the specific and limited purposes for processing. The data holder should take reasonable effortPrior to making the data available, the data holder should apply all necessary means to anonymise the data or, where such anonymisation proves impossible, the data holder should apply technological means such as pseudonymisation and aggregation, prior to making the data available.
2022/11/14
Committee: ITRE
Amendment 318 #
Proposal for a regulation
Recital 65
(65) Data made available to public sector bodies and to Union institutions, agencies and bodies on the basis of exceptional need should only be used for the purpose for which they were requested, unless the data holder that made the data available has expresslicitly agreed for the data to be used for other purposes. The data should be destroyedpublic sector bodies and Union institutions, agencies and bodies should take all necessary legal, technical and organisational measures to ensure the integrity and security of the data and should destroy the data once it is no longer necessary for the purpose stated in the request, unless agreed otherwise, and the data holder should be informed thereof.
2022/11/14
Committee: ITRE
Amendment 323 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is necessary to provide the service requested by the user beyond the provisions of that Regulation;
2022/11/17
Committee: LIBE
Amendment 325 #
Proposal for a regulation
Recital 67
(67) When the safeguarding of a significant public goodinterest is at stake, such as is the case of responding to public emergencies, the public sector body or the Union institution, agency or body should not be expected to compensate enterprises for the data obtained. Public emergencies are rare, temporary events and not all such emergencies require the use of data held by enterprises. The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies or Union institutions, agencies or bodies having recourse to this Regulation. However, as cases of an exceptional need other than responding to a public emergency might be more frequent, including cases of prevention of or recovery from a public emergency, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body or to the Union institution, agency or body. The compensation should not be understood as constituting payment for the data itself and as being compulsory.
2022/11/14
Committee: ITRE
Amendment 326 #
Proposal for a regulation
Recital 68
(68) The public sector body or Union institution, agency or body may share the data it has obtained pursuant to the request with other entities or persons when this is needed to carry out scientific research activities or analytical activities it cannot perform itself. Data holders should be notified regarding such data sharings, providing the data holder with all necessary information regarding the identity of the data recipient and the activities that will be carried out by the data recipient. The data holder should have the right to object to the sharing of data by a public sector body or a Union institution, agency or body to the competent authority, when such data sharing does not meet the requirements of this Regulation. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the compilation of official statistics. Such research activities should however be compatible with the purpose for which the data was requested and the data holder should be informed about the further sharing of the data it had provided. Individuals conducting research or research organisations with whom these data may be shared should act either on a not-for- profit basis or in the context of a public- interest mission recognised by the State. Organisations upon which commercial undertakings have a decisive influence allowing such undertakings to exercise control because of structural situations, which could result in preferential access to the results of the research, should not be considered research organisations for the purposes of this Regulation.
2022/11/14
Committee: ITRE
Amendment 327 #
Proposal for a regulation
Article 6 – paragraph 2 – point d
(d) make the data available it receives to an undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper pursuant to Article […] of [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)];deleted
2022/11/17
Committee: LIBE
Amendment 328 #
Proposal for a regulation
Article 6 – paragraph 2 – point e
(e) use the data it receives to develop a product or related service that competes with the product or the related service from which the accessed data originate or share the data with another third party for that purpose;
2022/11/17
Committee: LIBE
Amendment 331 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
2 a. The third party shall implement adequate organizational, technical and cybersecurity measures to preserve the integrity of the data and to ensure its protection against unauthorised disclosure.
2022/11/17
Committee: LIBE
Amendment 334 #
Proposal for a regulation
Article 7 – paragraph 2 a (new)
2 a. The data holder shall not be liable towards the user for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the user after the data has been made available.
2022/11/17
Committee: LIBE
Amendment 352 #
Proposal for a regulation
Recital 89
(89) In order to allow the economic actors to adapt to the new rules laid out in this Regulation, they should apply from a year after18 months after entry into force of the Regulation. The obligations related to the design of the connected products and provision of the related services placed on the market within the last five years from the entry into force of theis Regulation, should apply retroactively, only when the manufacturer or provider of related service is able to remotely deploy mechanisms to ensure the fulfilment of the requirements pursuant to Article 3(1) and only when the deployment of such mechanisms would not place a disproportionate burden on the manufacturer or provider of related services.
2022/11/14
Committee: ITRE
Amendment 355 #
Proposal for a regulation
Article 11 – paragraph 2 – point b a (new)
(b a) inform the user of the unauthorised use or disclosure of the data and measures taken to put an end to the unauthorised use or disclosure of the data.
2022/11/17
Committee: LIBE
Amendment 356 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a connected product or related service available to the user of that connected product or related service, on the making data available by a user to a data recipient or by the data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest:
2022/11/14
Committee: ITRE
Amendment 357 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
1 a. The data holder shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing of the data by the data recipient after the data has been made available.
2022/11/17
Committee: LIBE
Amendment 367 #
Proposal for a regulation
Article 14 – paragraph 2 a (new)
2 a. This Chapter is without prejudice to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.
2022/11/17
Committee: LIBE
Amendment 370 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interestrevention, response or recovery from a public emergency and the data holders that provide those data in response to such request;
2022/11/14
Committee: ITRE
Amendment 370 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be deemed to exist in anywhere all of the following circumstancesonditions are met:
2022/11/17
Committee: LIBE
Amendment 373 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
(a) where the data requested is strictly necessary to respond to a public emergency;
2022/11/17
Committee: LIBE
Amendment 375 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from a public emergency and is limited in time and scope;
2022/11/17
Committee: LIBE
Amendment 378 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitlresponding to the public emergency or from assisting the recovery pfrovided by law; andm a public emergency;
2022/11/17
Committee: LIBE
Amendment 379 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1
(1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or.
2022/11/17
Committee: LIBE
Amendment 380 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2
(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.deleted
2022/11/17
Committee: LIBE
Amendment 382 #
Proposal for a regulation
Article 1 – paragraph 4
4. This Regulation shall not apply to, nor pre-empt, voluntary arrangements for the exchange of non-personal data between private and public entities. It shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e- evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and the health and safety of citizens in accordance with Union law. This Regulation shall not apply to the data generated by connected products and related services provided for public security, defence and national security. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
2022/11/14
Committee: ITRE
Amendment 392 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
(c) explain the purpose of the request, the intended use of the data requested, and the duration of that use, and which third parties the data may be disclosed to;
2022/11/17
Committee: LIBE
Amendment 394 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
(e a) where the request is made by a public sector body to a data holder established in another Member State, confirm that the public sector body has notified the competent authority of that Member State in conformity with Article 22(3);
2022/11/17
Committee: LIBE
Amendment 396 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
(e b) where the data requested concerns personal data, consult the competent supervisory authority under Article 51 of Regulation (EU)2016/679 or under Article 52 under Regulation (EU) 2018/1725, abide by its recommendations, and confirm the conformity of the request with Regulation (EU)2016/679 or Regulation (EU) 2018/1725.
2022/11/17
Committee: LIBE
Amendment 400 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 applylso apply to such third parties.
2022/11/17
Committee: LIBE
Amendment 401 #
Proposal for a regulation
Article 17 – paragraph 4 a (new)
4 a. The third party shall not use the data it receives from a public sector body or a Union institution, agency or body to develop a product or a related service that competes with the product or related service from which the data originate.
2022/11/17
Committee: LIBE
Amendment 407 #
Proposal for a regulation
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the applicable rules on personal data protection shall be fully complied with. The data holder shall take reasonable efforts to pseudonymise the datapersonal data made available, insofar as the request can be fulfilled with pseudonymised data.
2022/11/17
Committee: LIBE
Amendment 411 #
Proposal for a regulation
Article 18 – paragraph 6 a (new)
6 a. A data holder complying with a request to make data available pursuant to this article shall not be liable for any direct or indirect damages arising from, relating to, or in connection with the processing or the unauthorised disclosure of the data by the public sector body or a Union institution, agency or body, after the data has been made available.
2022/11/17
Committee: LIBE
Amendment 416 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
(b) implement, insofar as the processing of personal data is necessary, technical, cybersecurity, and organisational measures that safeguard the rights and freedoms of data subjects;
2022/11/17
Committee: LIBE
Amendment 417 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
(b a) implement adequate administrative, technical and cybersecurity measures to prevent the unauthorised disclosure of the data;
2022/11/17
Committee: LIBE
Amendment 418 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2
(2) ‘connected product’ means a tangible, movable item, including where incorporated in an immovable item, that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data via a publicly availablen electronic communications service and whose primary function is not the storing and processing of data;
2022/11/14
Committee: ITRE
Amendment 418 #
Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)
(b b) inform without undue delay the data holder when a security incident has occurred that is affecting the confidentiality,integrity, or availability of the data it holds that was provided by the data holder;
2022/11/17
Committee: LIBE
Amendment 420 #
Proposal for a regulation
Article 19 – paragraph 2
2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate technical, cybersecurity, and organizational measures to preserve the confidentiality of those trade secrets and to ensure the security of the data and the prevention of its unauthorised disclosure.
2022/11/17
Committee: LIBE
Amendment 423 #
1. Data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge.
2022/11/17
Committee: LIBE
Amendment 426 #
Proposal for a regulation
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
2022/11/17
Committee: LIBE
Amendment 429 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
(5) ‘user’ means a natural or legal person that owns, rents or leases a a product and receives a related service from a data holder or a lawful user to whom the owner of the connected product has transferred, pursuant to a rental or lease agreement, the right to use the connected product or receives a related services from a data holder;
2022/11/14
Committee: ITRE
Amendment 429 #
Proposal for a regulation
Article 21 – paragraph 1
1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations or national statistical institutes and Eurostat in view of carrying out scientific research or analytics compatible withfor the purpose for which the data was requested, or to national statistical institutes and Eurostat for the compilation of official statistics.
2022/11/17
Committee: LIBE
Amendment 430 #
Proposal for a regulation
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received, providing all necessary information regarding the identity of the data recipient and the activities to be carried out by the data recipient, and shall ensure all organizational,technical, and cybersecurity measures to preserve the integrity of the data and to prevent its unauthorised disclosure.
2022/11/17
Committee: LIBE
Amendment 437 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 360 calendar days, the contractual agreement of the service;
2022/11/17
Committee: LIBE
Amendment 439 #
1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall be clear and transparent to the customer and shall include at least the following:
2022/11/17
Committee: LIBE
Amendment 441 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:
2022/11/17
Committee: LIBE
Amendment 446 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
(c) a minimum period for data retrieval of at least 360 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2.
2022/11/17
Committee: LIBE
Amendment 451 #
Proposal for a regulation
Article 26 – paragraph 1
1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service. This provision applies to the original provider only insofar as the measures are related to the services,contractual agreements or commercial practices of the original provider.
2022/11/17
Committee: LIBE
Amendment 454 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negativ legally declared state of emergency by the Union or a Member State for an exceptional and immediate situation caused by natural or man-made disasters, adversely affecting the population of the Union, a Member State or part of it, with a risk of seriousignificant and lasting repercussions on living conditionsthe health, safety or economic stability of citizen, or the substantial degradation of economic assets in the Union or the relevant Member State(s);
2022/11/14
Committee: ITRE
Amendment 456 #
Proposal for a regulation
Article 28 – paragraph 4
4. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article
2022/11/17
Committee: LIBE
Amendment 457 #
Proposal for a regulation
Article 28 – paragraph 5
5. The Commission shallmay, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary, with respect to any or all of the requirements laid down in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). Common specifications shall be developed in an open, transparent, technology-neutral manner, in consultation with industry and relevant stakeholders.
2022/11/17
Committee: LIBE
Amendment 458 #
Proposal for a regulation
Article 29 – paragraph 4
4. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft European standards applicable to specific service types of data processing services.
2022/11/17
Committee: LIBE
Amendment 460 #
Proposal for a regulation
Article 30 – paragraph 5
5. The Commission mayshall, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential the requirements under paragraph 1 of this Article.
2022/11/17
Committee: LIBE
Amendment 461 #
Proposal for a regulation
Article 30 – paragraph 6
6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross- border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). Common specifications shall be developed in an open, transparent, technology-neutral manner, in consultation with industry and relevant stakeholders.
2022/11/17
Committee: LIBE
Amendment 474 #
Proposal for a regulation
Article 2 – paragraph 1 – point 17
(17) ‘electronic ledger’ means an electronic ledger within the meaning of Article 3, point (53), of Regulation (EU) No 910/2014XXX/XXXX [establishing a European Digital Identity framework];
2022/11/14
Committee: ITRE
Amendment 489 #
Proposal for a regulation
Article 35 – paragraph 1
In order not to hinder the exercise of the right of users to access and use such data in accordance with Article 4 of this Regulation or of the right to share such data with third parties in accordance with Article 5 of this Regulation, the sui generis right provided for in Article 7 of Directive 96/9/EC does not apply to databases containing data obtained from or generated by the use of a product or a related service when this right is invoked to deny or obstruct the sharing of data with a user or data recipient in accordance with Article 4 and 5.
2022/11/17
Committee: LIBE
Amendment 523 #
Proposal for a regulation
Article 3 – paragraph 2 – point c
(c) how the user may access, retrieve and request de erasure of those data;
2022/11/14
Committee: ITRE
Amendment 540 #
Proposal for a regulation
Article 3 – paragraph 2 – point e
(e) whether the seller, renter or lessorprovider of the related service is the only data holder and, if not, the identity of the other data holders, such as its trading name and, the geographical address at which it is established; and where applicable the legal entity identifier;
2022/11/14
Committee: ITRE
Amendment 547 #
Proposal for a regulation
Article 3 – paragraph 2 – point g
(g) how the user may request that the data are shared with a third-party and withdraw the consent for data sharing;
2022/11/14
Committee: ITRE
Amendment 567 #
Proposal for a regulation
Article 4 – paragraph 2
2. The data holder shall not require the user to provide any information beyond what is strictly necessary to verify the quality as a user pursuant to paragraph 1. The data holder shall not keep any information on the user's access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and the maintenance of the data infrastructure. Where identification is legally required, data holders shall enable the possibility for users to identify and authenticate through the European Digital Identity Wallets, pursuant to Regulation (EU) XXX/XXXX [European Digital Identity framework].
2022/11/14
Committee: ITRE
Amendment 585 #
Proposal for a regulation
Article 4 – paragraph 3 a (new)
3 a. The user shall have the right to either directly share, through a data holder or through providers of data intermediation services as set in the Regulation (EU) 2022/868, their non- personal data to any data recipient for commercial purposes. The data sharing between a user and a data recipient shall be done through contractual agreements, the provisions of Chapter IV on fair, reasonable and non-discriminatory terms shall apply mutatis mutandis to the contractual agreements between users and data recipients.
2022/11/14
Committee: ITRE
Amendment 610 #
Proposal for a regulation
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a connected product or related service to a third party, in accordance with Articles 8 and 9, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicaeasily, securely, in a structured, commonly used and machine- readable format and, where technically feasible, continuously and in real-time.
2022/11/14
Committee: ITRE
Amendment 625 #
Proposal for a regulation
Article 5 – paragraph 3
3. The user or third party shall not be required to provide any information beyond what is strictly necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. Where identification is not legally required, users should be able to use products anonymously.
2022/11/14
Committee: ITRE
Amendment 695 #
6 a. Data holders and data recipients shall take all necessary legal, organisational and technical measures to ensure the cybersecurity of the data transfers and security and integrity of the data.
2022/11/14
Committee: ITRE
Amendment 703 #
Proposal for a regulation
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro, small or medium enterprise, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
2022/11/14
Committee: ITRE
Amendment 713 #
Proposal for a regulation
Article 9 – paragraph 4 a (new)
4 a. The Commission shall develop guidelines to determine what are the criteria for a reasonable compensation according to paragraph 1, set between data holders and data recipients.
2022/11/14
Committee: ITRE
Amendment 716 #
Proposal for a regulation
Article 10 – paragraph 1
1. DUsers, data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8 and 9.
2022/11/14
Committee: ITRE
Amendment 722 #
Proposal for a regulation
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right todiscriminate between data recipients or to hinder the user’s right to access data, retrieve the data or effectively provide data to third parties pursuant to Article 4 and 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).
2022/11/14
Committee: ITRE
Amendment 771 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
An exceptional need to use data within the meaning of this Chapter shall be limited in time and scope and deemed to exist in any ofonly in the following circumstances:
2022/11/14
Committee: ITRE
Amendment 777 #
Proposal for a regulation
Article 15 – paragraph 1 – point a
(a) where the data requested is strictly necessary to respond to a public emergency;
2022/11/14
Committee: ITRE
Amendment 781 #
Proposal for a regulation
Article 15 – paragraph 1 – point b
(b) where the data request is limited in time and scope andstrictly necessary to prevent a public emergency or to assist the recovery from a public emergency; and only if all of the following conditions are fulfilled:
2022/11/14
Committee: ITRE
Amendment 782 #
Proposal for a regulation
Article 15 – paragraph 1 – point b – point i (new)
i) the public sector body or Union institution, agency or body has exhausted all other means to obtain such data, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or
2022/11/14
Committee: ITRE
Amendment 783 #
Proposal for a regulation
Article 15 – paragraph 1 – point b – point ii (new)
ii) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.
2022/11/14
Committee: ITRE
Amendment 785 #
Proposal for a regulation
Article 15 – paragraph 1 – point c
(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and (1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or (2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.deleted
2022/11/14
Committee: ITRE
Amendment 809 #
Proposal for a regulation
Article 17 – paragraph 1 – introductory part
1. WherIn the requestings for data pursuant to Article 14(1), a public sector body or a Union institution, agency or body shall:
2022/11/14
Committee: ITRE
Amendment 813 #
Proposal for a regulation
Article 17 – paragraph 1 – point b
(b) demonstrate the exceptional need for which the data are requested, laying down the circumstance justifying the request and demonstrating that all the conditions mentioned in Article 15 are met;
2022/11/14
Committee: ITRE
Amendment 817 #
Proposal for a regulation
Article 17 – paragraph 1 – point c a (new)
(c a) justify the choice of data holder;
2022/11/14
Committee: ITRE
Amendment 818 #
Proposal for a regulation
Article 17 – paragraph 1 – point c b (new)
(c b) mention the other public sector bodies, Union institutions, agencies or bodies, including where applicable third parties to which the data obtained will be made available to;
2022/11/14
Committee: ITRE
Amendment 822 #
Proposal for a regulation
Article 17 – paragraph 1 – point e
(e) specify tha reasonable deadline by which the data are to be made available or within which the data holder may request the public sector body, Union institution, agency or body to modify or withdraw the request.;
2022/11/14
Committee: ITRE
Amendment 827 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
(e a) specify the deadline within which the data holder may request the public sector body, Union institution, agency or body to modify or withdraw the request;
2022/11/14
Committee: ITRE
Amendment 831 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
(e b) where known at the moment of the request, specify for how long data will be stored and when data will be deleted.
2022/11/14
Committee: ITRE
Amendment 838 #
Proposal for a regulation
Article 17 – paragraph 2 – point b
(b) be justified and proportionate to the exceptional need, in terms of the granularity and volume of the data requested and frequency of access of the data requested, and be limited to data necessary to carry out the task;
2022/11/14
Committee: ITRE
Amendment 840 #
Proposal for a regulation
Article 17 – paragraph 2 – point b a (new)
(b a) mention the purpose of this processing;
2022/11/14
Committee: ITRE
Amendment 851 #
Proposal for a regulation
Article 17 – paragraph 2 – point d a (new)
(d a) be sent to the competent authority referred to in paragraph 2a of this Article and Article 31;
2022/11/14
Committee: ITRE
Amendment 853 #
Proposal for a regulation
Article 17 – paragraph 2 a (new)
2 a. A public sector body or a Union institution, agency or body requesting access to the data shall send the request to the competent authority referred to in Article 31. The competent authority shall coordinate the requests by: (a) analysing whether the request meets the requirements laid down in this Chapter; (b) determine whether a data holder has not received similar requests to make data available by more public sector bodies or Union institutions, agencies or bodies; (c) sending the requests to the data holder for the execution; (d) ensuring the online public availability of requests for access to data made by public sector bodies.
2022/11/14
Committee: ITRE
Amendment 855 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1
Paragraph 3 does not preclude aA public sector body or a Union institution, agency or body shall not be able to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body from the Union, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on, unless the public sector bodies, Union institutions, agencies or bodies or third parties have been included in the request in accordance with paragraph 1(cb). Where the public sector body or a Union institution, agency or body intends to transmit or make data available under this paragraph to a third party that was not included in the request, prior consent of the data holder shall be requested. The receiving public sector bodies, Union institutions, agencies or bodies pursuant toand third parties shall fulfill the obligations laid down in Article 19 apply.
2022/11/14
Committee: ITRE
Amendment 859 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2
Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received.deleted
2022/11/14
Committee: ITRE
Amendment 866 #
Proposal for a regulation
Article 17 – paragraph 4 a (new)
4 a. The third party shall not use the data it receives from a public sector body or a Union institution, agency or body to develop a product or a service that competes with the product or service from which the accessed data originate or share the data with another third party for that purpose.
2022/11/14
Committee: ITRE
Amendment 874 #
Proposal for a regulation
Article 18 – paragraph 2 – introductory part
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request, withiout undue delay, but no longer than 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 15 working days in other cases of exceptional need, on either of the following grounds:
2022/11/14
Committee: ITRE
Amendment 880 #
Proposal for a regulation
Article 18 – paragraph 2 – point b a (new)
(b a) a similar request for the same purpose has been previously submitted by another public sector body or Union institution, agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1)(c).
2022/11/14
Committee: ITRE
Amendment 881 #
Proposal for a regulation
Article 18 – paragraph 3
3. In case of a request for data necessary to respond to a public emergencyfor an exceptional need pursuant to Article 15, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c).
2022/11/14
Committee: ITRE
Amendment 885 #
Proposal for a regulation
Article 18 – paragraph 5
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudall necessary measures to irreversibly anonymised the data.
2022/11/14
Committee: ITRE
Amendment 902 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
(b a) take all necessary legal, technical and organisational measures to ensure the integrity and security of the data received;
2022/11/14
Committee: ITRE
Amendment 904 #
Proposal for a regulation
Article 19 – paragraph 1 – point c
(c) destroy the data as soon as, without undue delay, the data theyat are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed.;
2022/11/14
Committee: ITRE
Amendment 907 #
Proposal for a regulation
Article 19 – paragraph 1 – point c a (new)
(c a) notify the data holder, without undue delay, of any cybersecurity threat, vulnerability or incident that has compromised the security and integrity of the data that has been transferred to them, without prejudice to the reporting obligations under Regulation (EU) XXX/XXXX [EUIBA] and Directive (EU) XXX/XXXX [NIS2].
2022/11/14
Committee: ITRE
Amendment 914 #
Proposal for a regulation
Article 19 – paragraph 2
2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate the legal, technical and organisational measures needed to preserve the confidentiality of those trade secrets.
2022/11/14
Committee: ITRE
Amendment 925 #
Proposal for a regulation
Article 20 – paragraph 2
2. Where tThe data holder claimsshall be entitled to reasonable compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), s. Such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a fair and reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
2022/11/14
Committee: ITRE
Amendment 933 #
Proposal for a regulation
Article 21 – title
21 Contribution of research organisations or statistical bodies in the context of exceptional needs
2022/11/14
Committee: ITRE
Amendment 941 #
Proposal for a regulation
Article 21 – paragraph 2
2. Individuals or organisations receiving the data pursuant to paragraph 1 shall act exclusively on a not-for-profit basis or in the context of a public-interest mission recognised in Union or Member State law. They shall not include organisations upon which commercial undertakings have a decisive influence or which could result in preferential access to the results of the research.
2022/11/14
Committee: ITRE
Amendment 943 #
Proposal for a regulation
Article 21 – paragraph 4
4. Where a public sector body or a Union institution, agency or body intends to transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received. and provide all necessary information regarding the identity of the data recipient and the activities that will be carried out by the data recipient based on the data received pursuant to paragraph 1. Data holders shall have the right to object to the sharing of data by a public sector body or a Union institution, agency or body under paragraph 1, to the competent authority, when such data sharing does not meet the requirements of this Chapter.
2022/11/14
Committee: ITRE
Amendment 950 #
Proposal for a regulation
Article 22 – paragraph 3
3. Where a public sector body intends to request data from a data holder established in another Member State, it shall first notify and send the request to the competent authority of that Member State as referred to in Article 31, of that intention. This requirement shall also apply to requests by Union institutions, agencies and bodies.
2022/11/14
Committee: ITRE
Amendment 1092 #
Proposal for a regulation
Article 30 – paragraph 6
6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or w, the Commission shall issue a standardisation request in accordance with Article 10 of Regulation 1025/2012. Where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross- border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2022/11/14
Committee: ITRE
Amendment 1162 #
Proposal for a regulation
Article 42 – paragraph 2
It shall apply from [128 months after the date of entry into force of this Regulation].
2022/11/14
Committee: ITRE