Activities of Christian EHLER related to 2022/0047(COD)
Plenary speeches (1)
Data Act (debate)
Amendments (74)
Amendment 112 #
Proposal for a regulation
Recital 6
Recital 6
(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product and the user of that product. It gives rise to questions of fairness in the digital economy, because the data recorded by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use. However, it is also important that data sharing based on voluntary agreements continues to develop in order to facilitate the development of data-driven value growth of European companies.
Amendment 123 #
Proposal for a regulation
Recital 13 a (new)
Recital 13 a (new)
(13 a) This Regulation aims at strengthening the position and business models of third parties, for example suppliers, through a horizontal approach. To ensure a stronger balance between manufacturers and suppliers and to account for the specific situation and complexity of the respective sector, this Regulation shall be followed by sectoral legislations, for example the mobility data space. These legislations shall set out further rules for the right for suppliers to improved or direct access to data from their own smart components for issues such as quality monitoring, product development or safety improvements and clarifies the role of providers of components in relation to connected products.
Amendment 124 #
Proposal for a regulation
Recital 14
Recital 14
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as tThe data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. In scope are data in raw form (also known as source or primary data, which refers to data points that are automatically generated without any form of processing) as well as prepared data (data cleaned and transformed for the purpose of making it useable prior to further processing and analysis). The Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medicalm ‘prepared data’ should be interpreted broadly, without however reaching the stage of deriving or inferring insights. Prepared data may include data enriched with metadata, combined with other data (e.g. sorted and classified with other data points relating to it) or re-formatted into a commonly-used format. Such data are potentially valuable to the user and support innovation and thealth devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. By contrast, information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovis not generated by the use of the product, but is the outcome of a characterisation, and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. ssessment, recommendation, categorisation or similar systematic processes that assign values or insights to a user or product. Data that is constitutive of a trade secret should only be made available to a data user or third party if all the necessary measures to protect the confidentiality of the trade secrets have been taken by the third party.
Amendment 138 #
Proposal for a regulation
Recital 15
Recital 15
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Likewise defence related products as defined in Article 3(1) of Directive 2009/43 should not be covered by this Regulation.
Amendment 156 #
Proposal for a regulation
Recital 18
Recital 18
(18) The user of a product should be understood as the legal or natural person, such as a business or consumer or public sector body, which has purchased, rented or leased the product on other than short- term basis. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. An owner, renter or lessee should equally be considered as user, including when several entities can be considered as users. In the context of multiple users, each user may contribute in a different manner to the data generation and can have an interest in several forms of use.
Amendment 161 #
Proposal for a regulation
Recital 19
Recital 19
(19) In practice, not all data generated by products or related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet of Things. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers are often able to determine, through their control of the technical design of the product or related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that products are designed and manufactured and related services are provided in such a manner that data generated by their use are always easily accessible to the user. This requires the removal of technical barriers to ensure that users will have direct real- time access to their data without extensive individual verification procedures. In order to facilitate third-party access to the required data, cost-efficient access to software tools is also necessary.
Amendment 179 #
Proposal for a regulation
Recital 23
Recital 23
(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679. The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the product, but should however implement a reasonable data retention policy that allows for the effective application of the data access rights under this Regulation
Amendment 201 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. Their confidentiality should be preserved through contractual solutions, such as confidentiality agreements and licensing schemes. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product. Consequently, when providing access to data to users or third-parties, data holders should be able to use technical or organizational measures such as strict access protocols, non-disclosure agreements or any other similar measure meant to ensure the preservation of the secrecy of data considered as trade secrets.
Amendment 204 #
Proposal for a regulation
Recital 28
Recital 28
(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. The data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to fosto be based on the innovation principle and shall facilitater the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product.
Amendment 209 #
Proposal for a regulation
Recital 29
Recital 29
(29) A third party to whom data is made available may be an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, the data holder nor the third party should not abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. TNeither the data holder nor the third party should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the data holder and third party or its assets or production methods or the use in any other way that could undermine the commercial position of the data holder or third party on the markets it is active on. Data intermediation services [as regulated by Regulation (EU) 2022/868] may support users or third parties in establishing a commercial relation for any lawful purpose on the basis of data of products in scope of this Regulation e.g. by acting on behalf of a user. They could play an instrumental role in aggregating access to data from a large number of individual users so that big data analyses or machine learning can be facilitated, as long as such users remain in full control on whether to contribute their data to such aggregation and the commercial terms under which their data will be used.
Amendment 224 #
Proposal for a regulation
Recital 34
Recital 34
(34) In line with the data minimisation principle, the third party should only access additional information that is necessary for the provision of the service requested by the user. Having received access to data, the third party should process it exclusively for the purposes agreed with the user, without interference from the data holder. It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access. The third party should not coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user. in this context, third parties should notare not allowed to rely on so-called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them. These manipulative techniques can be used to persuade users, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and choice. Common and legitimate commercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. Third parties should comply with their obligations under relevant Union law, in particular the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.
Amendment 235 #
Proposal for a regulation
Recital 37
Recital 37
(37) GThis Regulation does not prevent micro and small enterprises to participate in the data sharing practices, however given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, where a micro or small enterprise is sub- contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy, Member States should ensure that digital guidance and training is available to those enterprises.
Amendment 246 #
Proposal for a regulation
Recital 41
Recital 41
(41) Any agreement concluded in business-to-business relations for making the data available should not discriminate between comparable categories of data recipients, independently whether they are large companies or micro, small or medium-sized enterprises. In order to compensate for the lack of information on the conditions of different contracts, which makes it difficult for the data recipient to assess if the terms for making the data available are non- discriminatory, it should be on the data holder to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination, where a data holder uses different contractual terms for making data available or different compensation, if those differences are justified by objective reasons. These obligations are without prejudice to Regulation (EU) 2016/679.
Amendment 253 #
Proposal for a regulation
Recital 42 a (new)
Recital 42 a (new)
(42 a) Such reasonable compensation may include firstly the costs incurred and investment required for making the data available. These costs can be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not of data collection or production. Such technical costs could include also the costs for processing, necessary to make data available. Costs related to making the data available may also include the costs of organising answers to concrete data sharing requests. They may also vary depending on the arrangements taken for making the data available. Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, could reduce the costs in regular or repetitive transactions in a business relationship. Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available. Reasonable compensation may include secondly a margin. Such margin may vary depending on factors related to the data itself, such as volume, format or nature of the data, or on the supply of and demand for the data. It may consider the costs for collecting the data. The margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high. The margin may also depend on the follow-on use of the data by the data recipient. It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the own activities of the data holder. The fact that the data is co-generated by the user could also lower the amount of the compensation in comparison to other situations where the data are generated exclusively by the data holder.
Amendment 264 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken, in advance to the disclosure of the trade secrets by either the user or the data holder or both, to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. shall agree on measures such as technical and organisational measures like strict access protocols, through contractual instruments such as confidentiality agreements or licensing schemes, to preserve the confidentiality of the shared data ,in particular in relation to third parties, including on liability over possible damages. The data holder shall identify the data which are protected as trade secrets. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex- ante or the user fails to implement those measures prior to the data sharing, the trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The user shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes.
Amendment 281 #
Proposal for a regulation
Recital 56
Recital 56
(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Exceptional needs are circumstances which are unforeseeable and limited in time. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.
Amendment 291 #
Proposal for a regulation
Recital 57 a (new)
Recital 57 a (new)
(57 a) Close cooperation between the public and private sector can be key to enable a fast and quick response to public emergencies or prevention of those. To facilitate close cooperation, the public sector and companies may develop municipal, regional or national sandboxes. These sandboxes could enable the mapping of data sources or the development of corresponding interfaces.
Amendment 294 #
Proposal for a regulation
Recital 58
Recital 58
(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.
Amendment 300 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. 8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserv, including technical and organisational measures, specified in the contractual agreement agreed between the data holder and the third party are taken by the third party prior to the disclosure of the data which is protected as trade secrets, to preserve the confidentiality of the trade secret. The data holder shall identify the data which are protected as trade secrets. In such a case, the measures required by the data holder, such as technical and organisational measures like strict access protocols, for preserving the confidentiality shall be specified in the contractual agreement between the data holder and the third party. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex-ante or the third party fails to implement those measures prior to the data sharing, the confidentiality shall be specified in the agreement between the data holder and the third party. trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The third party shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes and the third party shall apply the identical specific measures agreed between the trade secret holder and the third party in the contractual agreement.
Amendment 315 #
Proposal for a regulation
Recital 64
Recital 64
Amendment 337 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within the common European data spaces, which are purpose- or sector-specific or cross- sectoral interoperable frameworks of common standards and practices to share or jointly process data for, interalia, development of new products and services, scientific research or civil society initiatives. This Regulation lays down certain essential requirements for interoperability. Operators within the data spaces, which are entities facilitating or engaging in data sharing within the common European data spaces, including data holders, should comply with these requirements. Compliance with these rules can occur by adhering to the requirements laid down, or by adapting to already existing standards via a presumption of conformity. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services. The European Data Innovation Board should build on existing European and global initiatives for cross-sectoral interoperability of data. In particular, the European Data Innovation Board should study the potential of the digital identity of objects framework as established by the Regulation (EU)910/214 and systems for the identification of legal entities such as the GLEIF for that purpose.
Amendment 341 #
Proposal for a regulation
Recital 80
Recital 80
(80) To promote the interoperability of smart contracts in data sharing applications, it is necessary to lay down essential requirements for smart contracts for professionals who create smart contracts for others or integrate such smart contracts in applications that support the implementation of agreements for sharing data. Specific training programmes on smart contracts for businesses, in particular SMEs, In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity for smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council.
Amendment 437 #
Proposal for a regulation
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personalto make available certain data or can enable access to the data and through control of the technical design of the product and related services, the ability, to make available certainr means of access, in the case of non-personal data;.
Amendment 447 #
Proposal for a regulation
Article 2 – paragraph 1 – point 7 a (new)
Article 2 – paragraph 1 – point 7 a (new)
(7 a) ‘readily available data’ means data generated by the use of a product that the data holder obtains or can obtain without disproportionate effort, going beyond a simple operation;
Amendment 453 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negativeto which normal measures for the maintenance of public safety, health and order, are plainly inadequate. such as public health emergencies, emergencies resulting from natural disasters, as well as human- induced major disasters, such as major cybersecurity incidents, negatively and suddenly affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial and immediate degradation of economic assets in the Union or the relevant Member State(s) and which is determined and officially declared according to the respective procedures under Union or national law;
Amendment 530 #
Proposal for a regulation
Article 3 – paragraph 2 – point c a (new)
Article 3 – paragraph 2 – point c a (new)
(c a) how the user can limit the generation of data that is not necessary for the basic functionality of the device, for example, by giving the user the possibility of deactivating the processing of data that is not necessary to ensure the basic functionality of the device.
Amendment 561 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where data cannot be directly accessed by the user, for example for cybersecurity reasons, from the product, the data holder shall make available to the user the data generated by its use of a product or related service that are reasonably accessible to the data holder without undue delay, free of charge and, where applicable, continuously and in real-time, and, upon request, in the same quality as available to the data holder. This shall be done on the basis of a simple request through electronic means where technically feasible.
Amendment 571 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken, in advance to the disclosure of the trade secrets by either the user or the data holder or both, to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. shall agree on measures such as technical and organisational measures like strict access protocols, through contractual instruments such as confidentiality agreements or licensing schemes, to preserve the confidentiality of the shared data, in particular in relation to third parties, including on liability over possible damages. The data holder shall identify the data which are protected as trade secrets. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex- ante or the user fails to implement those measures prior to the data sharing, the trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The user shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market or data resulting from the use of a new product, substance or process that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes and the identical specific measures agreed between the trade secret holder and the user in the contractual agreement shall apply.
Amendment 588 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product, or any part of it, from which the data originate and shall not use such data to derive insights about the economic situation, assets and production methods that could undermine the security of the product in a manner which is detrimental to the legitimate interests of the data holder.
Amendment 590 #
Proposal for a regulation
Article 4 – paragraph 4 a (new)
Article 4 – paragraph 4 a (new)
4 a. The user shall not use the data it receives to cause substantial damage to the data holder by misusing the data, for example if the data is used for the manipulation of the product.
Amendment 604 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delayhat are readily available to the data holder to a third party, without undue delay, easily, securely in machine- readable format, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. subject to compliance with applicable laws to the outsourcing of data driven services. Data shall be provided in the form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.
Amendment 613 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. This shall be done by electronic request, if this is technically feasible.
Amendment 622 #
Proposal for a regulation
Article 5 – paragraph 2 – point c
Article 5 – paragraph 2 – point c
(c) receive data from a user that the user has obtained pursuant to a request under Article 4(1). This does not prevent third parties and users from using data processing services provided by a designated gatekeeper. In particular, third parties and users may use those data processing services to process data made available to them in accordance with this Regulation.
Amendment 624 #
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. The user or third party shall not be required to provide any information beyond what is necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. When giving access to trade secrets, the identity of the data recipient and the scope of data must be disclosed to the data holder for an evaluation of trade secret related risk.
Amendment 630 #
Proposal for a regulation
Article 5 – paragraph 5
Article 5 – paragraph 5
5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time. Equally, the third party shall also not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the data holder that could undermine the commercial position of the data holder on the markets in which the data holder is active.
Amendment 640 #
Proposal for a regulation
Article 5 – paragraph 8
Article 5 – paragraph 8
8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third part, including technical and organisational measures, specified in the contractual agreement agreed between the data holder and the third party are taken by the third party prior to the disclosure of the data which is protected as trade secrets, to preserve the confidentiality of the trade secret. The data holder shall identify the data which are protected as trade secrets. In such a case, the measures required by the data holder, such as technical and organisational measures like strict access protocols, for preserving the confidentiality shall be specified in the contractual agreement between the data holder and the third party. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex-ante or the third party fails to implement those measures prior to the data sharing, the trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The third party shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market or data resulting from the use of a new product, substance or process that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes and the identical specific measures agreed between the trade secret holder and the third party in the contractual agreement shall apply.
Amendment 654 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is necessary to provide the service requested by the user or the user agreed to it;
Amendment 669 #
Proposal for a regulation
Article 6 – paragraph 2 – point f a (new)
Article 6 – paragraph 2 – point f a (new)
(f a) use the data it receives to undermine the commercial and industrial position of the data holder on the primary market of the product;
Amendment 670 #
Proposal for a regulation
Article 6 – paragraph 2 – point f b (new)
Article 6 – paragraph 2 – point f b (new)
(f b) use the data it receives in a manner that adversely impacts the security of the product or related service(s)
Amendment 674 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. The third party shall bear the responsibility to ensure the security and protection of the data it receives from the data holder.
Amendment 682 #
Proposal for a regulation
Article 7 – paragraph 1 a (new)
Article 7 – paragraph 1 a (new)
1 a. The obligations provided for in this Chapter shall not apply to access to data excluded or restricted on the grounds of sensitive critical infrastructure protection information within the meaning of Article 2(d) of Directive 2008/114/EC.
Amendment 708 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, and the data holder is not, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 710 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, any compensation agreed shall not exceed the real costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.
Amendment 720 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1). The third party shall upon the request of the user or the data holder provide with information on how the data has been used when there is a reasonable doubt for unlawful use or onward sharing of the received data.
Amendment 727 #
Proposal for a regulation
Article 11 – paragraph 2 – introductory part
Article 11 – paragraph 2 – introductory part
2. AWhere a data recipient that has, for the purposes of obtaining data, provided inaccurate, incomplete or false information to the data holder, deployed deceptive or coercive means or abused evident gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation, shall without undue delay, unless the data holder or the user instruct otherwise, including the development of a competing product within the meaning of Article 6(2)(e) or has disclosed those data to another party without the data holder’s authorisation, the data recipient shall be liable for the damages to the party suffering from the misuse or disclosure of such data and shall comply without undue delay with the requests of the data holder to:
Amendment 733 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
1 a. The obligations set out in this Regulation do not preclude a reciprocity of data sharing between a data recipient, user and data holder agreed in contracts.
Amendment 744 #
Proposal for a regulation
Article 13 – paragraph 4 – point a
Article 13 – paragraph 4 – point a
(a) inappropriately limit the remedies in case of non-performance of contractual obligations or the liability in case of breach of those obligations; this shall not affect the data holder's possibility to provide data "as is" without any warranty for the quality of the data provided.
Amendment 752 #
Proposal for a regulation
Article 13 – paragraph 8 a (new)
Article 13 – paragraph 8 a (new)
8 a. Given the rapidity in which innovations occur on the markets, the list of unfair contractual terms within article 13 shall be reviewed regularly by the European Commission and be adapted to new business practices if necessary
Amendment 784 #
Proposal for a regulation
Article 15 – paragraph 1 – point c
Article 15 – paragraph 1 – point c
Amendment 825 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) ensure that making the data available would not put the data holder in a situation to violate a national under Union law or national law. Or, assume liability for violations or damages resulting from the access it has requested while making the data available was prohibited under Union law or national law;
Amendment 829 #
Proposal for a regulation
Article 17 – paragraph 1 – point e a (new)
Article 17 – paragraph 1 – point e a (new)
(e a) submit a declaration on the lawful and secure handling of the data received;
Amendment 830 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(e b) specify the names of the third parties with whom the public sector body intends to share the obtained data with pursuant to paragraph 4.
Amendment 832 #
Proposal for a regulation
Article 17 – paragraph 1 – point e b (new)
Article 17 – paragraph 1 – point e b (new)
(e b) commits that confidentiality of trade secrets disclosure will be ensured.
Amendment 835 #
Proposal for a regulation
Article 17 – paragraph 2 – point a
Article 17 – paragraph 2 – point a
(a) be expressed in clear, concise and plain language understandable to the data holder in written form;
Amendment 841 #
Proposal for a regulation
Article 17 – paragraph 2 – point c
Article 17 – paragraph 2 – point c
(c) respect the legitimate aims of the data holder, taking into account the protection of trade secrets and the, privacy, commercial sensitive information, intellectual property and the duration, cost and effort required to make the data available;
Amendment 847 #
Proposal for a regulation
Article 17 – paragraph 2 – point d
Article 17 – paragraph 2 – point d
(d) concern, insofar as possible, non- personal data;
Amendment 878 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
Article 18 – paragraph 2 – point a
(a) the data is unavailable; or the data holder does not have control over the data
Amendment 879 #
Proposal for a regulation
Article 18 – paragraph 2 – point a a (new)
Article 18 – paragraph 2 – point a a (new)
(a a) provided security measures concerning transfer, storing and maintaining data confidentiality are insufficient.
Amendment 893 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) not use the data in a manner incompatible with the purposfor any other purpose than the one for which they were requested;
Amendment 894 #
Proposal for a regulation
Article 19 – paragraph 1 – point a
Article 19 – paragraph 1 – point a
(a) not use the data in a manner incompatible with the purpose for which they were requested, nor use the date to develop products or related services that compete against the data holder;
Amendment 896 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
Amendment 897 #
Proposal for a regulation
Article 19 – paragraph 1 – point b
Article 19 – paragraph 1 – point b
(b) implement in advance, insofar as the processing of personal data or sensitive data comprising trade secrets or related to intellectual property rights is necessary, technical and organisational measures that safeguard the rights and freedoms of data subjects and rights holders;
Amendment 901 #
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) have in place the appropriate and proportionate technical and organisational measures to manage cyber risk to that data;
Amendment 909 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of data constitutive of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, provided that all specific necessary measures required by the trade secret holder are taken to preserve the confidentiality of trade secrets, in particular with respect to the third parties. The trade secret holder, the data holder and the public sector body, or the Union institution, agency or body shall take appropriatecan contractually agree on measures to preserve the confidentiality of those trade secretse shared data, in particular in relation to third parties. The trade secret holder should have the possibility to refuse this sharing, when these guarantees are not ensured or respected ex-ante.
Amendment 911 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Disclosure of trade secrets or alleged trade secrets or data containing intellectual property rights to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate measures to preserve the confidentiality of those trade secrets or intellectual property rights.
Amendment 921 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. Data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge.not exceed the actual costs related to making the data available to the public sector body
Amendment 927 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the real costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
Amendment 935 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested, or to national, subnational such as regional or municipal statistical institutes and Eurostat for the compilation of official statistics.
Amendment 1039 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article. To address the fragmentation of the internal market and the data economy in the internal market, as requested by the regulation (EU) 2022/868, the European Data Innovation Board should also assist the Commission enhancing cross-border, cross- sector interoperability of data as well as data sharing services between different sectors and domains.
Amendment 1141 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Where appropriate, these contractual terms should be developed and standardised in open, structured, expandable and machine-readable formats to ensure that the contract terms of data access can be stored and processed digitally.
Amendment 1146 #
Proposal for a regulation
Article 35 – paragraph 1
Article 35 – paragraph 1
In order not to hinder the exercise of the right of users to access and use such data in accordance with Article 4 of this Regulation or of the right to share such data with third parties in accordance with Article 5 of this Regulation, the sui generis right provided for in Article 7 of Directive 96/9/EC does not apply to databases containing data obtained from or generated by the use of a product or ashall not entitle the data holder or proprietor of a sui generis right to prohibit the access and use of data that is permitted under this regulated serviceion.
Amendment 1154 #
Proposal for a regulation
Article 41 – paragraph 1 – point e a (new)
Article 41 – paragraph 1 – point e a (new)
(e a) the contribution of this Regulation to ensuring the economic attractiveness of the collection and use of high quality data sets by European companies.
Amendment 1155 #
Proposal for a regulation
Article 41 – paragraph 1 – point e b (new)
Article 41 – paragraph 1 – point e b (new)
(e b) the contribution of this Regulation to innovation and to promoting the development of high-tech start-ups and SMEs, as well as to enabling access for European users to state-of-the-art computing services.
Amendment 1161 #
Proposal for a regulation
Article 42 – paragraph 2
Article 42 – paragraph 2
It shall apply from [124 months after the date of entry into force of this Regulation].