Activities of Margarita DE LA PISA CARRIÓN related to 2022/0047(COD)
Plenary speeches (1)
Data Act (debate)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)
Amendments (91)
Amendment 96 #
Proposal for a regulation
Citation 1
Citation 1
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 and Article 168 thereof,
Amendment 107 #
Proposal for a regulation
Recital 5
Recital 5
(5) This Regulation ensures that users of a product or related service in the Union can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services. (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)
Amendment 117 #
Proposal for a regulation
Recital 7
Recital 7
(7) The fundamental right to the protection of personal data is safeguarded in particular under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. Directive 2002/58/EC additionally protects private life and the confidentiality of communications, including providing conditions to any personal and non- personal data storing in and access from terminal equipment. These instruments provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data. This Regulation complements and is without prejudice to Union law on data protection and privacy, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications. When a conflict between this Regulation and Union law on the protection of personal data and privacy or national laws adopted in accordance with relevant Union law arises , the relevant Union or national laws on the protection of personal data and privacy should prevail.
Amendment 127 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Metadata under Chapter II means the metadata that the data holder uses for its own purpose, without any obligation to register or store metadata additionally. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this dataConversely, products related with services subject to specific union law setting out rights and obligations on data access, such as Directive (EU) 2015/2366 should not be covered by Chapter II of this Regulation. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while volatile and only locally processed data and information derived or inferred from data that falls under the scope of this Regulation, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Information derived or inferred from this data, where lawfully held, should not be considered within the scope of this Regulation.
Amendment 134 #
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
(14 a) In order to foster innovation and the development of new products and services, it should be specified that products and services that are not ready to be placed on the market because they are still under development, including prototypes, should not fall under the scope of this Regulation.
Amendment 143 #
Proposal for a regulation
Recital 16
Recital 16
(16) It is necessary to lay down rules applying to connected products that, at the time of the sale, rental or leasing agreement incorporate or are interconnected with a service in such a way that the absence of the service would prevent the product from performing itsone of its main functions. Such related services can be part of the sale, rent or lease agreement, or such services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnected. Neither the power supply nor the supply of the connectivity are to be interpreted as related services under this Regulation This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the supply of service forms part of the sale, rent or lease contract, this Regulation should apply. It should be specified that electronic communications services are not under the scope of this Regulation.
Amendment 157 #
Proposal for a regulation
Recital 18
Recital 18
(18) The user of a product should be understood as the legal or natural person, such as a business or consumer, which has purchased, rented or leathe legal right to posseds the product. Depending and physically controls it. Regardless onf the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data ithe or she generates with the product. The user should therefore be entitled to derive benefit from data generated by that product and any related service.
Amendment 168 #
(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all personseach user can have access to data they themselve generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.
Amendment 176 #
Proposal for a regulation
Recital 22
Recital 22
(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Iinternet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Iinternet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation. (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)
Amendment 183 #
Proposal for a regulation
Recital 24
Recital 24
(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. AThe user should be given a reasonable opportunity to reject this agreement. Should a user chose to reject the contractual terms and conditions, this should not prevent him from using the relevant product of the service, unless the product of the service cannot function without the user's acceptance of the contractual terms. The user should have the right to cancel the contractual agreement at any time, without any financial consequences. Withdrawal of consent should also not affect the use of the product or service, except for consequences that are the direct and unavoidable result of the withdrawal of the user's consent. Furthermore, any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.
Amendment 192 #
Proposal for a regulation
Recital 26
Recital 26
(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, Directive 93/13/EEC applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally impos, which have not been individually negotiated onby a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises
Amendment 205 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should make all reasonable efforts to ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be fully respected in handling the data. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product.
Amendment 221 #
Proposal for a regulation
Recital 33
Recital 33
(33) In order to prevent the exploitation of users, third parties to whom data has been made available upon request of the user should only process the data for the purposes agreed with the user and share it with another third party only if this is authorised by the user and necessary to provide the service requested by the user.
Amendment 227 #
Proposal for a regulation
Recital 35
Recital 35
(35) The third party should also refrain from using the data to profile individuals unless these processing activities are strictly necessary to provide the service requested by the user. The requirement to delete data when no longer required for the purpose agreed with the user complements the right to erasure of the data subject pursuant to Article 17 of Regulation 2016/679. Where the third party is a provider of a data intermediation service within the meaning of [Data Governance Act], the safeguards for the data subject provided for by that Regulation apply. Theat third party may use the data to develop a new and innovative product or related service but not to develop a competing product.
Amendment 231 #
Proposal for a regulation
Recital 36
Recital 36
(36) Start-ups, small and medium-sized enterprises and companies from traditional sectors with less-developed digital capabilities might struggle to obtain access to relevant data. This Regulation aims to facilitate access to data for these entities, while ensuring that the corresponding obligations are scoped as proportionately as possible to avoid overreach. At the same time, a small number of very large companies have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetisingto exploit them. These companies include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and whom existing or new market operators are unable to challenge or contest. The [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)] aims to redress these inefficiencies and imbalances by allowing the Commission to designate a provider as a “gatekeeper”, and imposes a number of obligations on such designated gatekeepers, including a prohibition to combine certain data without consent, and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679. Consistent with the [Regulation on contestable and fair markets in the digital sector (Digital Markets Act)], and given the unrivalled ability of these companies to acquire data, it would not be necessary to achieve the objective of this Regulation, and would thus be disproportionate in relation to data holders made subject to such obligations, to include such gatekeeper undertakings as beneficiaries of the data access right. This means that an undertaking providing core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a product or related service or by a virtual assistant based on the provisions of Chapter II of this Regulation. An undertaking providing core platform services designated as a gatekeeper pursuant to Digital Markets Act should be understood to include all legal entities of a group of companies where one legal entity provides a core platform service. Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a designated gatekeeper. For instance, the third party may not sub-contract the service provision to a gatekeeper. However, this does not prevent third parties from using data processing services offered by a designated gatekeeper. This exclusion of designated gatekeepers from the scope of the access right under this Regulation does not prevent these companies from obtaining data through other lawful means.
Amendment 247 #
Proposal for a regulation
Recital 41
Recital 41
(41) In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. IThe Commission, while involving all affected stakeholders, should establish guidelines on how a data holder can better distinguish between discriminatory and non-discriminatory terms. Emphasised is however, that it is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 252 #
Proposal for a regulation
Recital 42
Recital 42
(42) In order to incentivise the continued investment in generating valuable data, including investments in relevant technical tools, this Regulation contains the principle that the data holder may request reasonable compensation when legally obliged to make data available to the data recipient. These provisions should not be understood as paying for the data itself, but in the case of micro, small or medium-sized enterprises, for the direct costs incurred and investment required for making the data available.
Amendment 254 #
Proposal for a regulation
Recital 43
Recital 43
Amendment 259 #
Proposal for a regulation
Recital 44
Recital 44
(44) To protect micro, small or medium- sized enterprises from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the compensation for making data available to be paid by them should not exceed the direct cost ofincurred and investment required for making the data available and be non-discriminatory.
Amendment 261 #
Proposal for a regulation
Recital 45 a (new)
Recital 45 a (new)
(45 a) The Commission should on a regular basis assess the need for additional funding for the industry in order to foster innovation, the data economy and to make the necessary investments in order to comply with the obligations imposed upon it in this Regulation.
Amendment 264 #
Proposal for a regulation
Recital 47 a (new)
Recital 47 a (new)
(47 a) The data holder, if he is not an SME himself, should actively provide the calculation showing that his price is a cost-based, when he knows, or should have known, that his counterparty is an SME. In any case, he should state that he is obliged to make the data available to an SME at cost price and that he is obliged to make detailed information available when requested.
Amendment 266 #
Proposal for a regulation
Recital 49
Recital 49
(49) To avoid that two or more dispute settlement bodies are seized for the same dispute, particularly in a cross-border setting, a dispute settlement body should be able to reject a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or a tribunal of a Member State. Without prejudice to agreements between parties, the competent dispute settlement body should be located in the Member State where the judicial body would be competent according to the National laws.
Amendment 268 #
Proposal for a regulation
Recital 50
Recital 50
(50) Parties to dispute settlement proceedings should not be prevented from exercising their fundamental rights to an effective remedy and to a fair trial. Therefore, the decision to submit a dispute to a dispute settlement body should not deprive those parties of their right to seek redress before a court or a tribunal of a Member State. However, a dispute should not be part of a dispute settlement procedure at the same time as a procedure before a court of a Member State.
Amendment 271 #
Proposal for a regulation
Recital 51
Recital 51
(51) Where one party is in a stronger bargaining position, there is a risk that that party could leverage such position to the detriment of the other contracting party when negotiating access to data and make access to data commercially less viable and sometimes economically prohibitive. Such contractual imbalances particularly harm micro, small and medium-sized enterprises without a meaningful ability to negotiate the conditions for access to data, who may have no other choice than to accept ‘take- it-or-leave-it’ contractual terms. Therefore, unfair contract terms regulating the access to and use of data or the liability and remedies for the breach or the termination of data related obligations should not be binding on micro, small or medium-sized enterprises when they have been unilaterally imposed onre was no meaningful negotiation about them.
Amendment 274 #
Proposal for a regulation
Recital 52
Recital 52
(52) Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed on micro, small and medium-sized enterprises. This concerns ‘take-it-or- leave-it’ situations where one party supplies a certain contractual term and the micro, small or medium-sized enterprise cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party andnegotiated and subsequently accepted by the micro, small or medium-sized enterprise or a term that is negotiated and subsequently agreedwhether or not in an amended way between contracting parties should not be considered as unilaterally imposed.
Amendment 282 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 284 #
Proposal for a regulation
Recital 56 a (new)
Recital 56 a (new)
(56 a) To ensure coherent practices between Member States and predictable environment for private entities, the Member States should identify the bodies that can request access to data owned by the enterprises. In order to facilitate the data requests made by the identified bodies, each Member State should designate a National single body to handle the data requests.
Amendment 286 #
Proposal for a regulation
Recital 57
Recital 57
(57) In case of public emergencies, such as major public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data wicould potentially outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to identified public sector bodies or to Union institutions, agencies or bodies upon their requand within the remit of their activitiest.. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations. An exceptional need may also arise when a national public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question.
Amendment 290 #
Proposal for a regulation
Recital 57 a (new)
Recital 57 a (new)
(57 a) Although a public emergency may mean that the public interest arising from the use of the data will outweigh the interest of the data holders to freely dispose of their data, it should be emphasized that this is in principle an undesirable situation. That arises from the fact that a public emergency is an acute event, requiring urgent action. A general provision is in that context desirable. At the same time, public emergencies can last for years, including the COVID 19 Pandemic. It is undesirable that an in itself undesirable situation lasts for years, as there is friction between mandatory sharing of data and fundamental rights, among which the right to property. Provisions aimed at enabling governments to oblige companies to share data should therefore be limited in time. During that period the Member States should be able to adopt specific legislation that allows the obligation to share data, so that democratic safeguards remain functioning.
Amendment 292 #
Proposal for a regulation
Recital 58
Recital 58
Amendment 302 #
Proposal for a regulation
Recital 60
Recital 60
(60) For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal and administrative offences, the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies and Union institutions, agencies and bodies should rely on their powers under sectoral legislation. This Regulation accordingly does not affect instruments for the sharing, access and use of data in those areas.
Amendment 307 #
Proposal for a regulation
Recital 62
Recital 62
(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested. The business whose data is to be shared, provided it acts in a good faith, should also have the possibility to raise objection concerning planned data transfer in order to protect its security, integrity or confidentiality. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
Amendment 319 #
Proposal for a regulation
Recital 65
Recital 65
(65) Data made available to public sector bodies and to Union institutions, agencies and bodies on the basis of exceptional need should only be used for the purpose for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes. The data should be destroyed once it is no longer necessary for the purpose stated in the request, unless agreed otherwise, and the data holder should be informed thereof without undue delay.
Amendment 323 #
Proposal for a regulation
Recital 67
Recital 67
(67) When the safeguarding of a significant public good is at stake, such as is the case of responding to public emergencies, the public sector body or the Union institution, agency or body should not be expected to compensate enterprises for the data obtained during the public emergency. Public emergencies are rare events and not all such emergencies require the use of data held by enterprises. The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies or Union institutions, agencies or bodies having recourse to this Regulation. However, awith a high impact on an administration It is therefore reasonable that during a public emergency, an administration might not be able to deal with questions regarding compensation for the data delivered. However, once the public emergency has ended, the public sector body should seek to compensate the enterprise for the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. As cases of an exceptional need other than responding to a public emergency might be more frequent, including cases of prevention of or recovery from a public emergency, data holders should in such cases be entitled to a reasonable compensation which should not exceedcover the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body or to the Union institution, agency or body. The compensation should not be understood as constituting payment for the data itself and as being compulsory.
Amendment 351 #
Proposal for a regulation
Recital 88
Recital 88
(88) This Regulation should not affect the application of the rules of competition, and in particular Articles 101 and 102 of the Treaty on the Functioning of the European Union. The measures provided for in this Regulation should not be used to restrict competition in a manner contrary to the Treaty on the Functioning of the European Union.
Amendment 353 #
Proposal for a regulation
Recital 89
Recital 89
(89) In order to allow the economic actors to adapt to the new rules laid out in this Regulation and make the necessary technical arangements, they should apply from athree years after entry into force of the Regulation.
Amendment 357 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest: during a public emergency.
Amendment 372 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
(d) public sector bodies and Union institutions, agencies or bodiesof a Member State that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request;
Amendment 376 #
Proposal for a regulation
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
2 a. This Regulation does not apply to products and services in development stage including the prototypes.
Amendment 389 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording intentionally generated by the user, or derived data from that generation, such as diagnostic and/or metadata, including when recorded during the stand-by mode or when switched off, and excluding the data resulting from any software process that calculates derivative data from the aforementioned data as such a software process and the data generated with it may be subject to intellectual property rights, volatile data and data that is only processed locally ;
Amendment 419 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2
Article 2 – paragraph 1 – point 2
(2) ‘product’ means a finished and complete tangible, movable item, including where incorporated in an immovable item, that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data via a publicly available electronic communications service and whose primary function is not the storing and processing of data or the display, replay, recording, transmission or reproduction of content;
Amendment 423 #
Proposal for a regulation
Article 2 – paragraph 1 – point 3
Article 2 – paragraph 1 – point 3
(3) ‘related service’ means a digital service, including software, which is incorporated in orbut excluding electronic communication services (ECS), which is at the time of the purchase, rental or leasing agreement, inter- connected with a product in such a way that its absence would prevent the product from performing one of its core functions;.
Amendment 427 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
(4) ‘virtual assistants’ means software that can process demands, tasks or questions including based on audio, written input, gestures or motions, and based onto the extent that those demands, tasks or questions provides access their own and third party services or control theirits own and third party deviceproducts;
Amendment 439 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right orcontrols the data and has the right, ability and obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through control of the technical design of the product and related services, the ability, to make available certain data; When in possession of personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679, only a controller as defined in Article 4, point (7), of Regulation (EU) 2016/679 shall be considered as ‘data holder’;
Amendment 450 #
Proposal for a regulation
Article 2 – paragraph 1 – point 9
Article 2 – paragraph 1 – point 9
(9) ‘public sector body’ means national, regional or local authoritbodies of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodiesthat are in charge of specific tasks in the public interest that would require this data.;
Amendment 451 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s)declared by a Member State according to its national law;
Amendment 482 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20 a) ’metadata’ means metadata as defined in Article 2, point (4), of the Data Governance Act.
Amendment 570 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
Amendment 577 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third partieshe right to request data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the rights protected under Directive 2016/943.
Amendment 578 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. TUnless the data holder and the user can agreemutually agree reasonably and in good faith on measures to preserve the confidentiality of the shared data, in particular in relation to third parties, the data holder shall not be obliged to disclose trade secrets.
Amendment 614 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of chargein a reasonable timeframe and fair compensation, to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time.
Amendment 642 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified he right to request the data referred to in paragraph 1 shall not adversely affect the rights and freedoms of others, including the agreement between the data holder and the third partyrights protected under Directive 2016/943.
Amendment 679 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The obligations of this Chapter shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small or medium-sized enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small or medium- sized enterprise.
Amendment 687 #
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. A data holder shall not be liable for the data it lawfully shares when the data is under control of a third party and shall agree with a data recipient the terms for making the data available. A contractual term concerning the access to and use of the data or the liability and remedies for the breach or the termination of data related obligations shall not be binding if it fulfils the conditions of Article 13 or if it excludes the application of, derogates from or varies the effect of the user’s rights under Chapter II.
Amendment 694 #
Proposal for a regulation
Article 8 – paragraph 6
Article 8 – paragraph 6
6. Unless otherwise provided by Union law, including Article 6 of this Regulation, or by or national legislation implementing Union law, an obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets within the meaning of Directive (EU) 2016/943.
Amendment 711 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The data holder shall actively provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can verify that the requirements of paragraph 1 and, where applicable, paragraph 2 are met. When the data holder knows, or should have known, that its counterpart is an SME, he shall actively inform his counterpart of his obligation to provide the data on the basis of a cost- based model.
Amendment 719 #
Proposal for a regulation
Article 10 – paragraph 8 a (new)
Article 10 – paragraph 8 a (new)
8 a. A dispute cannot be part of a dispute settlement procedure at the same time as the procedure on the same matter before a court in a Member State.
Amendment 748 #
Proposal for a regulation
Article 13 – paragraph 6 a (new)
Article 13 – paragraph 6 a (new)
6 a. The party that supplied the contested term may not argue that the term is an unfair term.
Amendment 749 #
Proposal for a regulation
Article 13 – paragraph 7
Article 13 – paragraph 7
7. This Article does not apply to contractual terms defining the main subject matter of the contract or to contractual terms determining the price to be paid.
Amendment 755 #
Proposal for a regulation
Chapter V – title
Chapter V – title
V MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES AND UNION INSTITUTIONS, AGENCIES OR BODIES BASED ON EXCEPTIONAL NEED
Amendment 788 #
Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part
Article 15 – paragraph 1 – point c – introductory part
(c) where, during a public emergency, and as a last resort where all other feasible options have been exhausted, the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and
Amendment 796 #
Proposal for a regulation
Article 15 – paragraph 1 a (new)
Article 15 – paragraph 1 a (new)
The points (a) and (c) of the first paragraph shall only apply until 3 months after the declaration of a public emergency by a Member State.
Amendment 797 #
Proposal for a regulation
Article 15 – paragraph 1 b (new)
Article 15 – paragraph 1 b (new)
After the exceptional circumstance has ceased to exist, all data obtained by a public sector body or a Union institution, agency or body shall be deleted by such a body. The body concerned shall inform the data holder of the deletion.
Amendment 798 #
Proposal for a regulation
Article 15 a (new)
Article 15 a (new)
Article 15 a Single point to handle public sector bodies' request The competent authority, designated in accordance with Article 35, shall be responsible to coordinate the public sector bodies' requests and transmit them to the enterprise. It shall in particular prevent duplicate requests from public sector bodies and Union institutions, agencies and bodies.
Amendment 800 #
Proposal for a regulation
Article 16 – title
Article 16 – title
Relationship with other obligations to make data available to public sector bodies and Union institutions, agencies and bodies
Amendment 804 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The rights from this Chapter shall not be exercised by public sector bodies and Union institutions, agencies and bodies in order to carry out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or for customs or taxation administration. This Chapter does not affect the applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.
Amendment 806 #
Proposal for a regulation
Article 16 – paragraph 2 a (new)
Article 16 – paragraph 2 a (new)
2 a. Enterprises that fall under the scope of this Chapter shall inform their users of the possibility that data may be shared in case of an exceptional need.
Amendment 808 #
Proposal for a regulation
Article 17 – paragraph 1 – introductory part
Article 17 – paragraph 1 – introductory part
1. Where requesting data pursuant to Article 14(1), a public sector body or a Union institution, agency or body shall:
Amendment 824 #
Proposal for a regulation
Article 17 – paragraph 1 – point e
Article 17 – paragraph 1 – point e
(e) specify the deadline by which the data are to be made available or within which the data holder may request the public sector body, Union institution, agency or body to modify or withdraw the request.
Amendment 839 #
Proposal for a regulation
Article 17 – paragraph 2 – point b
Article 17 – paragraph 2 – point b
(b) be proportionate to the exceptional need and the purpose of the request, in terms of the granularity and volume of the data requested and frequency of access of the data requested;
Amendment 842 #
Proposal for a regulation
Article 17 – paragraph 2 – point c
Article 17 – paragraph 2 – point c
(c) respect the legitimate aiminterests of the data holder, taking into account the protection of trade secrets and the cost and effort required to make the data available;
Amendment 848 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 860 #
Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2
Article 17 – paragraph 4 – subparagraph 2
Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received and the purpose of transmission. The transmission of data shall be made publicly available online without undue delay.
Amendment 867 #
Proposal for a regulation
Article 17 – paragraph 4 a (new)
Article 17 – paragraph 4 a (new)
4 a. Any request made to a data holder shall be made through the competent authority as referred to in Article 31.
Amendment 873 #
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. A data holder receiving a request for access to data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay.
Amendment 882 #
Proposal for a regulation
Article 18 – paragraph 3
Article 18 – paragraph 3
3. In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c).
Amendment 888 #
Proposal for a regulation
Article 18 – paragraph 6
Article 18 – paragraph 6
6. Where the public sector body or the Union institution, agency or body wishes to challenge a data holder’s refusal to provide the data requested, or to seek modification of the request, or where the data holder wishes to challenge the request, the matter shallcould be brought to the competent authority referred to in Article 31, without prejudice to the right to submit a dispute to a civil or administrative court, in accordance with applicable Union or national law.
Amendment 890 #
Proposal for a regulation
Article 19 – title
Article 19 – title
Obligations of public sector bodies and Union institutions, agencies and bodies
Amendment 892 #
Proposal for a regulation
Article 19 – paragraph 1 – introductory part
Article 19 – paragraph 1 – introductory part
1. A public sector body or a Union institution, agency or body having received data pursuant to a request made under Article 14 shall:
Amendment 908 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
Amendment 915 #
Proposal for a regulation
Article 19 – paragraph 2 a (new)
Article 19 – paragraph 2 a (new)
2 a. A public sector body or a Union institution, agency or body shall notify the data holder when a security incident has occurred that is affecting the confidentiality, integrity or availability of the requested data that are in the possession of a public sector body or a Union institution, agency or body, as soon as possible and at any event no later than 24 hours after becoming aware that the incident has occurred.
Amendment 918 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
Amendment 929 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 938 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested, or to national statistical institutes and Eurostat for the compilation of official statistics.
Amendment 948 #
Proposal for a regulation
Article 22 – paragraph 1
Article 22 – paragraph 1
1. Public sector bodies and Union institutions, agencies and bodies shall cooperate and assist one another, to implement this Chapter in a consistent manner.
Amendment 1013 #
Proposal for a regulation
Article 27 – paragraph 5 a (new)
Article 27 – paragraph 5 a (new)
5 a. In all cases, the user shall be notified when his data is transfered to a third country;
Amendment 1014 #
Proposal for a regulation
Article 27 – paragraph 5 b (new)
Article 27 – paragraph 5 b (new)
5 b. When data is shared between two companies, the user shall be informed.
Amendment 1150 #
Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)
Article 41 – paragraph 1 – point a a (new)
(a a) the administrative burden imposed on the industry and the ability of the industry to comply with this Regulation, in particular with Chapter II thereof.
Amendment 1152 #
Proposal for a regulation
Article 41 – paragraph 1 – point b a (new)
Article 41 – paragraph 1 – point b a (new)
(b a) the exclusion of trade secrets in Article 4(3) and Article 5(8)
Amendment 1157 #
Proposal for a regulation
Article 41 – paragraph 1 a (new)
Article 41 – paragraph 1 a (new)
On the basis of that report, the Commission shall, where appropriate, submit a legislative proposal to the Parliament and the Council to amend this Regulation.
Amendment 1158 #
Proposal for a regulation
Article 42 – paragraph 2
Article 42 – paragraph 2
It shall apply from [1236 months after the date of entry into force of this Regulation].