Activities of Konstantinos ARVANITIS related to 2020/0340(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act)
Amendments (50)
Amendment 160 #
Proposal for a regulation
Recital 2
Recital 2
(2) Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation will bringpromises enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal23 . In its Data Strategy24 , the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. In order to turn that vision into reality, it proposes to establish domain- specific common European data spaces, as the concrete arrangements in which data sharing and data pooling can happen. As foreseen in that strategy, such common European data spaces can cover areas such as health, mobility, manufacturing, financial services, energy, or agriculture or thematic areas, such as the European green deal or European data spaces for public administration or skills. _________________ 23Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions on the European Green Deal. Brussels, 11.12.2019. (COM(2019) 640 final) 24 COM (2020) 66 final.
Amendment 161 #
Proposal for a regulation
Recital 3
Recital 3
(3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Directive 2004/48/EC of the European Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the European Parliament and of the Council (37 ), Directive 2010/40/EU of the European Parliament and of the Council (38 ) and Delegated Regulations adopted on its basis, and any other sector-specific Union legislation that organises the access to and re-use of data. This Regulation should be without prejudice to Union law on the access and use of data for the purpose of international cooperation in the context of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. A horizontal regime for the re-use of certain categories of protected data held by public sector bodies, the provision of data sharing services and of services based on data altruism in the Union should be established. Specific characteristics of different sectors may require the design of sectoral data-based systems, while building on the requirements of this Regulation. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act should also apply. _________________ 25 See: Annexes to the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 final). 26 For example, Directive 2011/24/EU in the context of the European Health Data Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2020/1056, in the context of the European Mobility Data Space. 27Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. 59) 31Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities. (OJ L 87, 31.03.2009, p. 164) 32Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) 33Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. (OJ L 167, 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). 36Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 38Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. (OJ L 207, 6.8.2010, p. 1)
Amendment 165 #
Proposal for a regulation
Recital 3 a (new)
Recital 3 a (new)
(3 a) This Regulation is without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council and to Directives 2002/58/EC and (EU) 2016/680 of the European Parliament and of the Council. This Regulation should in particular not be read as creating a new legal basis for the processing of personal data for any of the regulated activities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter should prevail. It should be possible to consider data protection authorities competent authorities for the purpose of this Regulation. Where other entities act as competent authorities under this Regulation, it should be without prejudice to the supervisory powers of data protection authorities under Regulation(EU) 2016/679.
Amendment 166 #
Proposal for a regulation
Recital 3 b (new)
Recital 3 b (new)
(3 b) In the case of a data set composed of both personal and non-personal data, where these data are inextricably linked, the data set should be considered personal data.
Amendment 169 #
Proposal for a regulation
Recital 5
Recital 5
(5) The idea that data that has been generated at the expense of public budgets should benefit society has been part of Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector makes more of the data it produces easily available for use and re-use. However, certain categories of data (commercially confidential data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union legislation, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often not made available, not even for research or innovative activitiessocially beneficial innovation. Due to the sensitivity of this data, certain technical and legal procedural requirements must be met before they are made available, in order to ensure the respect of rights others have over such data. Such requirements are usually time- and knowledge-intensive to fulfil. This has led to the underutilisation of such data. While some Member States are setting up structures, processes and sometimes legislate to facilitate this type of re-use, this is not the case across the Union.
Amendment 175 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
(6 a) Full anonymisation of data is highly complicated and often impossible, which means that such safeguards do not lift the need for the application of robust data security rules and other obligations under Regulation (EU) 2016/679.
Amendment 179 #
Proposal for a regulation
Recital 11
Recital 11
(11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, p. Public sector bodies allowing re-use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effortburden for the public sector. Depending on the case at hand, beforConditions should be designed to ensure effective safeguards with regard to the protection of personal data. Personal data shall only be accessible wits transmissionhin a secure processing environment, and before allowing access to it within a secure processing environment, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-userthe impact on the protection of personal data has been carefully assessed and the risks for the rights and interests of data subjects are minimal, on- premise or remote re-use of the data within a secure processing environment could be permitted, but data should still at least be anonymised. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could makeIn a context of growing availability and sharing of data, even the re-use of such secure processing environment conditional on the signature bnon- personal data could have an impact on the protection of personal data, especially twhe re-user of a confidentiality agreement that prohibits the disclosure of any information that jeopardises the right such non-personal data is derived from personal data through aggregation, anonymisation or other techniques, as and interests of third parties that the re- user may have acquired despite the safeguards put in placecrease in available data can lead to an increase in the chance of re-identification of data subjects. The public sector bodies, where relevant, should facilitate the re-use of personal data on the basis of consent of data subjects or, in case of non-personal data, on the basis of permissions of legal persons on the re-use of data pertaining to them through adequate technical means. In this respect, it should be possible for the public sector body shouldto support potential re- users in seeking such consent by establishing technical mechanisms that permit transmitting requests for consent from re-users, where permitted and practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly.
Amendment 184 #
Proposal for a regulation
Recital 18
Recital 18
(18) In order to prevent unlawful access to non-personal data, public sector bodies, natural or legal persons to which the right to re-use data was granted, data sharing providers and entities entered in the register of recognised data altruism organisationPublic Interest Data Hubs should take all reasonable measures to prevent access to the systems where non- personal data is stored, including encryption of data or corporate policies.
Amendment 186 #
Proposal for a regulation
Recital 20
Recital 20
(20) Public sector bodies should be able to charge fees for the re-use of data but should also be able to decide to make the data available at lower or no cost, for example for certain categories of re-uses such as non-commercial re-use, or re-use by small and medium-sized enterprises, so as to incentivise such re-use in order to stimulate research and innovation and support companies that are an important source of innovation and typically find it more difficult to collect relevant data themselves, in line with State aid rules. Such fees should be reasonable, transparent, published online and non- discriminatory.
Amendment 188 #
Proposal for a regulation
Recital 21
Recital 21
(21) In order to incentivise the re-use of these categories of data, Member States should establish a single information point to act as the primary interface for re-users that seek to re-use such data held by the public sector bodies. It should have a cross-sector remit, and should complement, if necessary, arrangements at the sectoral level. In addition, Member States should designate, establish or facilitate the establishment of competent bodies to support the activities of public sector bodies allowing re-use of certain categories of protected data. Their tasks may include granting access to data, where mandated in sectoral Union or Member States legislation. Those competent bodies should provide support to public sector bodies with state-of-the-art techniques, including secure data processing environments, which allow data analysis in a manner that preserves the privacy of the information. Such support structure could support the data holders with management of the consent, including consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. DThe competent bodies should not have a supervisory function, which is reserved for supervisory authorities under Regulation (EU) 2016/679. Without prejudice to the supervisory powers of data protection authorities, data processing should be performed under the responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors.
Amendment 200 #
Proposal for a regulation
Recital 36
Recital 36
(36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Legal persons could give permission to the processing of their non-personal data for a range of purposes not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and companies. Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the registered entity, oversight mechanisms such as ethics councils or boards, including representatives from civil society and relevant affected communities, to ensure that the data controller maintains high standards of scientific ethics and protection of fundamental rights, effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679 as well as means for data subjects to stay informed about the use of data they made available.
Amendment 204 #
Proposal for a regulation
Recital 38
Recital 38
(38) Data Altruism Organisations recognised in the Union should be able to collect relevant data directly from natural and legal persons or to process data collected by others under an appropriate legal basis established under Regulation (EU) 2016/679. Typically, data altruism would rely on consent of data subjects in the sense of Article 6(1)(a) and 9(2)(a) and in compliance with requirements for lawful consent in accordance with Article 7 of Regulation (EU) 2016/679. In accordance with Regulation (EU) 2016/679, scientific research purposes can be supported by consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research or only to certain areas of research or parts of research projects. Article 5(1)(b) of Regulation (EU) 2016/679 specifies that further processing for scientific or historical research purposes or statistical purposes should, in accordance with Article 89(1) of Regulation (EU) 2016/679, not be considered to be incompatible with the initial purposes.
Amendment 208 #
Proposal for a regulation
Article 1 – paragraph 1 – point c
Article 1 – paragraph 1 – point c
(c) a framework for voluntary registration of entities which collect and process data made available for altruistic purposes.
Amendment 210 #
Proposal for a regulation
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
(2 a) Union and national law on the protection of personal data shall apply to any personal data processed in connection with this Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC and Regulation (EU)2018/1725, including the competences and powers of supervisory authorities. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails. This Regulation does not create a legal basis for the processing of personal data.
Amendment 217 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)
Article 2 – paragraph 1 – point 2 a (new)
(2 a) 'personal data' means personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 220 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 b (new)
Article 2 – paragraph 1 – point 2 b (new)
(2 b) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679, and subject to the conditions set out in Article 7 and Article 8 of that Regulation;
Amendment 222 #
(2 c) 'data subject' means data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Amendment 223 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2 d (new)
Article 2 – paragraph 1 – point 2 d (new)
(2 d) ‘processing’ means processing as defined in point (2) of Article 4 of Regulation (EU) 2016/679;
Amendment 228 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
Amendment 230 #
Proposal for a regulation
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) ‘data holder’ means a legal person or data subject who, in accordance with applicable Union or national law, has the right to grant access to or to share certain personal or non-personal data under its control;
Amendment 232 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and is authorised to use that data for commercial or non- commercial purposes;
Amendment 234 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6 a (new)
Article 2 – paragraph 1 – point 6 a (new)
(6 a) 'data re-user' means a natural or legal person who re-uses data;
Amendment 239 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘data altruism’ means the consent by data subjects to process personal data pertaining to them, or permissions of other data holders to allow the use of their non- personal data without seeking or receiving a reward, for purposes of generalpublic interest, such as scientific research purposes or improving public services;
Amendment 244 #
Proposal for a regulation
Article 3 – paragraph 2 – point e a (new)
Article 3 – paragraph 2 – point e a (new)
(e a) personal data processed in the context of employment
Amendment 251 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
(3) Public sector bodies mayshall impose an obligation to re-use only pre-processed data where such pre-processing aims to anonymize or pseudonymise personal data or delete commercially confidential information, including trade secrets.
Amendment 252 #
Proposal for a regulation
Article 5 – paragraph 4 – introductory part
Article 5 – paragraph 4 – introductory part
(4) Public sector bodies mayshall impose obligations
Amendment 255 #
Proposal for a regulation
Article 5 – paragraph 4 – point a
Article 5 – paragraph 4 – point a
(a) to access and re-use the data, in anonymised form, within a secure processing environment provided and controlled by the public sector ;
Amendment 256 #
Proposal for a regulation
Article 5 – paragraph 5 a (new)
Article 5 – paragraph 5 a (new)
(5 a) Public sector bodies shall apply technical means that prevent the re-users from identifying any data subject, even within secure processing environments, and shall hold the re-users responsible for continuously assessing the risk of identification and de-anonymisation and for reporting to the public sector body concerned breaches to the confidentiality, the integrity, or the security of the data, in particular where a data breach has resulted in identification of an individual, notwithstanding any reporting obligations under Union law.
Amendment 260 #
Proposal for a regulation
Article 5 – paragraph 5 b (new)
Article 5 – paragraph 5 b (new)
(5 b) In case of anonymised data, public sector bodies shall make a data protection impact assessment prior to granting access to the data. Where the processing of data can potentially lead to identification or de-anonymisation, the public sector body shall not allow access to, or re-use of, the data.
Amendment 262 #
Proposal for a regulation
Article 5 – paragraph 5 c (new)
Article 5 – paragraph 5 c (new)
(5 c) Re-use with the effect of identifying data subjects or otherwise de- anonymising datasets shall be prohibited. Re-users shall not identify any data subjects.
Amendment 265 #
Proposal for a regulation
Article 5 – paragraph 6
Article 5 – paragraph 6
(6) Where the re-use of data cannot be granted in accordance with the obligations laid down in paragraphs 3 to 5c (new) and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re- users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use, where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Amendment 268 #
Proposal for a regulation
Article 5 – paragraph 9
Article 5 – paragraph 9
Amendment 269 #
Proposal for a regulation
Article 5 – paragraph 10
Article 5 – paragraph 10
Amendment 271 #
Proposal for a regulation
Article 5 – paragraph 12
Article 5 – paragraph 12
Amendment 275 #
Proposal for a regulation
Article 6
Article 6
Amendment 276 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
(2) Any fees shall be non- discriminatory, proportionate and objectively justified and shall not restrict competitioncover the costs of monitoring and enforcement. They shall not create incentives to sell or lower the protection of sensitive data.
Amendment 286 #
Proposal for a regulation
Article 9 – paragraph 1 – point b
Article 9 – paragraph 1 – point b
(b) intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in Regulation (EU) 2016/679; the data sharing services shall not themselves process the personal data, but shall only allow data subjects to give consent to specific data users and for specific purposes;
Amendment 291 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
(2) This ChapterRegulation shall be without prejudice to the application of other Union and national law to providers of data sharing services, including powers of supervisory authorities to ensure compliance with applicable law, in particular as regard the protection of personal data and competition law.
Amendment 302 #
Proposal for a regulation
Article 11 – paragraph 1 – point 2
Article 11 – paragraph 1 – point 2
Amendment 317 #
Proposal for a regulation
Article 11 – paragraph 1 – point 11
Article 11 – paragraph 1 – point 11
(11) where a provider provides tools for obtaining consent from data subjects in accordance with Article 7 and Article 8 of Regulation 2016/679, or permissions to process data made available by legal persons, it shall also specify the jurisdiction or jurisdictions in which the data use is intended to take place.
Amendment 323 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
(3) TIn accordance with their respective competences under Union and national law, the designated competent authorities, the data protection authorities, the national competition authorities, the authorities in charge of cybersecurity, and other relevant sectorial authorities shall exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers.
Amendment 325 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
(2) The competent authority shall have the power to request from providers of data sharing services all the information that is necessary to verify compliance with the requirements laid down in Articles 10 and 11. Any request for information shall be proportionate to the performance of the task and shall be reasoned.
Amendment 327 #
Proposal for a regulation
Article 13 – paragraph 3
Article 13 – paragraph 3
(3) Where the competent authority finds that a provider of data sharing services does not comply with one or more of the requirements laid down in Article 10 or 11this Chapter, it shall notify that provider of those findings and give it the opportunity to state its views, within a reasonable time limit.
Amendment 329 #
Proposal for a regulation
Article 13 – paragraph 4 – introductory part
Article 13 – paragraph 4 – introductory part
(4) The competent authority shall have the power to require the cessation of the breach referred to in paragraph 3 either immediately or within a reasonable time limit and shall take appropriate and proportionate measures aimed at ensuring compliance. In this regard, the competent authorities shall be able, where appropriate:
Amendment 330 #
Proposal for a regulation
Article 13 – paragraph 4 – point b
Article 13 – paragraph 4 – point b
(b) to require cessation or postponement of the provision of the data sharing service.
Amendment 331 #
Proposal for a regulation
Article 13 – paragraph 5 a (new)
Article 13 – paragraph 5 a (new)
Amendment 341 #
Proposal for a regulation
Article 17 – paragraph 3
Article 17 – paragraph 3
Amendment 342 #
Proposal for a regulation
Article 17 – paragraph 4 – point e
Article 17 – paragraph 4 – point e
(e) the address of the entity’s main establishment in the Union, if any, and, where applicable, any secondary branch in another Member State or that of the legal representative designated pursuant to paragraph (3);
Amendment 350 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) about any processing outside the Union, including its location.
Amendment 359 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
(3) Where an entity entered in the register of recognised data altruism organisations provides tools for obtaining consent in accordance with Article 7 and Article 8 of Regulation 2016/679 from data subjects or permissions to process data made available by legal persons, it shall also specify the jurisdiction or jurisdictions in which the data use is intended to take place.