BETA

Activities of Andrey KOVATCHEV related to 2020/0340(COD)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act)
2021/06/24
Committee: IMCO
Dossiers: 2020/0340(COD)
Documents: PDF(370 KB) DOC(247 KB)
Authors: [{'name': 'Sandro GOZI', 'mepid': 204419}]

Amendments (26)

Amendment 161 #
Proposal for a regulation
Recital 3
(3) It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges. Sector- specific legislation can develop, adapt and propose new and complementary elements, depending on the specificities of the sector, such as the envisaged legislation on the European health data space25 and on access to vehicle data. Moreover, certain sectors of the economy are already regulated by sector-specific Union law that include rules relating to cross-border or Union wide sharing or access to data26 . This Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in particular the implementation of this Regulation shall not prevent cross border transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Directive 2004/48/EC of the European Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the European Parliament and of the Council (37 ), Directive 2010/40/EU of the European Parliament and of the Council (38 ) and Delegated Regulations adopted on its basis, and any other sector-specific Union legislation that organises the access to and re-use of data. This Regulation should be without prejudice to the access and use of data for the purpose of international cooperation in the context of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. A horizontal regime for the re-use of certain categories of protected data held by public sector bodies, the provision of data sharing services and of services based on data altruism in the Union should be established. Specific characteristics of different sectors may require the design of sectoral data-based systems, while building on the requirements of this Regulation. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act should also apply. Тhis Regulation does not create a new legal basis for the processing of personal data. When personal data is referred to in this Regulation, the General Data Protection Regulation (GDPR) prevails. __________________ 25 See: Annexes to the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 final). 26For example, Directive 2011/24/EU in the context of the European Health Data Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2020/1056, in the context of the European Mobility Data Space. 27Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. 59) 31Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities. (OJ L 87, 31.03.2009, p. 164) 32Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) 33 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. (OJ L 167, 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). 36Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 38 Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. (OJ L 207, 6.8.2010, p. 1)
2021/05/28
Committee: IMCO
Amendment 168 #
Proposal for a regulation
Recital 7
(7) The categories of data held by public sector bodies which should be subject to re-use under this Regulation fall outside the scope of Directive (EU) 2019/1024 that excludes data which is not accessible due to commercial and statistical confidentiality and data for which third parties have intellectual property rights. Commercially confidential data includes data protected by trade secrets, confidential obligations and any other information the unauthorised disclosure of which would harm legitimate commercial interests in the business. Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access to such data for reasons of data protection, privacy and the integrity of the individual, in particular in accordance with data protection rules. The re-use of data, which may contain trade secrets, should take place without prejudice to Directive (EU) 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. It does not create an obligation to allow re-use of public sector data. __________________ 40 OJ L 157, 15.6.2016, p. 1–18
2021/05/28
Committee: IMCO
Amendment 174 #
Proposal for a regulation
Recital 9
(9) Public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. This may be the case when exclusive use of the data is the only way to maximise the societal benefits of the data in question, for example where there is only one entity (which has specialised in the processing of a specific dataset) capable of delivering the service or the product which allows the public sector body to provide an advanced digital service in the general interest. Such arrangements should, however, be concluded in compliance with public procurement rules and be subject to regular review based on a market analysis in order to ascertain whether such exclusivity continues to be necessary. In addition, such arrangements should comply with the relevant State aid rules, as appropriate, and should be concluded for a limited period, which should not exceed three years. In order to ensure transparency, such exclusive agreements should be published online at least two months before their entry into force, regardless of a possible publication of an award of a public procurement contract. This Regulation should not be read as preventing data licensors to public sector bodies from concluding agreements, which limit the re-use of such licenced data, where a data license addresses the manner of delivery, maintenance and control of the data, as well as data security policies, practices and protocols, in particular where the data comprises personal or sensitive financial, technical or commercial information.
2021/05/28
Committee: IMCO
Amendment 177 #
Proposal for a regulation
Recital 11
(11) Conditions for re-use of protected data that apply to public sector bodies competent under national law to allow re- use, and which should be without prejudice to rights or obligations concerning access to such data, should be laid down. Those conditions should be non-discriminatory, proportionate and objectively justified, while not restricting competition. In particular, public sector bodies allowing re- use should have in place the technical means necessary to ensure the protection of rights and interests of third parties. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of others in the data and the integrity of the information technology and communication systems of the public sector bodies. Safeguards against the de-anonymization and identification of natural persons should be provided for. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate effort for the public sector. Depending on the case at hand, before its transmission, personal data should be fully anonymised, so as to definitively not allow the identification of the data subjects, or data containing commercially confidential information modified in such a way that no confidential information is disclosed. Where provision of anonymised or modified data would not respond to the needs of the re-user, on- premise or remote re-use of the data within a secure processing environment could be permitted. Data analyses in such secure processing environments should be supervised by the public sector body, so as to protect the rights and interests of others. In particular, personal data should only be transmitted for re-use to a third party where a legal basis allows such transmission. The public sector body could make the use of such secure processing environment conditional on the signature by the re-user of a confidentiality agreement that prohibits the disclosure of any information that jeopardises the rights and interests of third parties that the re-user may have acquired despite the safeguards put in place. The public sector bodies, where relevant, should facilitate the re-use of data on the basis of consent of data subjects or permissions of legal persons on the re-use of data pertaining to them through adequate technical means. In this respect, the public sector body should support potential re-users in seeking such consent by establishing technical mechanisms that permit transmitting requests for consent from re-users, where practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly. Commercially confidential data, which is not capable of protection by these measures, should not be made available for re-use.
2021/05/28
Committee: IMCO
Amendment 180 #
Proposal for a regulation
Recital 12
(12) The intellectual property rights of third parties should not be affected by this Regulation. This Regulation should neither affect the existence or ownership of intellectual property rights of public sector bodies, nor should it limit the exercise of these rights in any way beyond the boundaries set by this Regulation. The obligations imposed in accordance with this Regulation should apply only insofar as they are compatible with international agreements on the protection of intellectual property rights, in particular the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Treaty (WCT), and Union intellectual property rules. Public sector bodies should, however, exercise their copyright in a way that facilitates re-use.
2021/05/28
Committee: IMCO
Amendment 186 #
Proposal for a regulation
Recital 15
(15) Furthermore, it is important to protect commercially sensitive data of non- personal nature, notably trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that may lead to IP theft or industrial espionage. In order to ensure the protection of fundamental rights or interests of data holders, non-personal data which is to be protected from unlawful or unauthorised access under Union or national law, and which is held by public sector bodies, should be transferred only to third-countries where appropriate safeguards for the use of data are provided. Such appropriate safeguards should be considered to exist when in that third- country there are equivalent measures in place which ensure that non-personal data benefits from a level of protection similar to that applicable by means of Union or national law in particular as regards the protection of trade secrets and the protection of intellectual property rights. To that end, the Commission may adopt implementing acts that declare that a third country provides a level of protection that is essentially equivalent to those provided by Union or national law. In addition to that, should there be any worrying cases concerning the re-use of non-personalised data in third countries, the Commission should take them into account when considering the adoption of implementing acts. The assessment of the level of protection afforded in such third-country should, in particular, take into consideration the relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law concerning the access to and protection of non-personal data, any access by the public authorities of that third country to the data transferred, the existence and effective functioning of one or more independent supervisory authorities in the third country with responsibility for ensuring and enforcing compliance with the legal regime ensuring access to such data, or the third countries’ international commitments regarding the protection of data the third country concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems. The existence of effective legal remedies for data holders, public sector bodies or data sharing providers in the third country concerned is of particular importance in the context of the transfer of non-personal data to that third country. Such safeguards should therefore include the availability of enforceable rights and of effective legal remedies.
2021/05/28
Committee: IMCO
Amendment 194 #
Proposal for a regulation
Recital 17
(17) Some third countries adopt laws, regulations and other legal acts which aim at directly transferring or providing access to non-personal data in the Union under the control of natural and legal persons under the jurisdiction of the Member States. The public sector bodies, natural and legal entities, data intermediation service providers and data altruism organisations which have granted or have been granted the right to share or re-use data, should ensure that whenever entering contractual relations with third-parties, non-personal data held in the Union can only be accessed by or transferred to third countries if Union data protection law, security rules and consumer protection law or the data protection law, security rules and consumer protection law of the relevant Member State are respected. They should also comply with, whenever possible, the highest level of technical standards, codes of conduct and certifications at Union level. Judgments of courts or tribunals or decisions of administrative authorities in third countries requiring such transfer or access to non- personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. In some cases, situations may arise where the obligation to transfer or provide access to non-personal data arising from a third country law conflicts with a competing obligation to protect such data under Union or national law, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law. In the absence of international agreements regulating such matters, transfer or access should only be allowed under certain conditions, in particular that the third-country system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and the reasoned objection of the addressee is subject to a review by a competent court in the third country, which is empowered to take duly into account the relevant legal interests of the provider of such data.
2021/05/28
Committee: IMCO
Amendment 196 #
Proposal for a regulation
Recital 19
(19) In order to build trust in re-use mechanisms, it may be necessary to attach stricter conditions for certain types of non- personal data that have been identified as highly sensitive, as regards the transfer to third countries, if such transfer could jeopardise public policy objectives, in line with international commitments. For example, in the health domain, certain datasets held by actors in the public health system, such as public hospitals, could be identified as highly sensitive health data. In order to ensure harmonised practices across the Union, such types of highly sensitive non-personal public data should be defined by Union law, for example in the context of the European Health Data Space or other sectoral legislation. Other sectors in which similar developments could be fostered through European Data Spaces are industry, agriculture, finance, mobility, environment and energy, public administration, professional skills. The conditions attached to the transfer of such data to third countries should be laid down in delegated acts. Conditions should be proportionate, non-discriminatory and necessary to protect legitimate public policy objectives identified, such as the protection of public health, public order, safety, the environment, public morals, consumer protection, privacy and personal data protection. The conditions should correspond to the risks identified in relation to the sensitivity of such data, including in terms of the risk of the re- identification of individuals. These conditions could include terms applicable for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
2021/05/28
Committee: IMCO
Amendment 206 #
Proposal for a regulation
Recital 36
(36) Legal entities that seek to support purposes of general interest by making available relevant data based on data altruism at scale and meet certain requirements, should be able to register as ‘Data Altruism Organisations recognised in the Union’. This could lead to the establishment of data repositories. As registration in a Member State would be valid across the Union, and this should facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data subjects in this respect would consent to specific purposes of data processing, but could also consent to data processing in certain areas of research or parts of research projects as it is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Legal persons could give permission to the processing of their non-personal data for a range of purposes not defined at the moment of giving the permission. The voluntary compliance of such registered entities with a set of requirements should bring trust that the data made available on altruistic purposes is serving a general interest purpose. Such trust should result in particular from a place of establishment within the Union, as well as from the requirement that registered entities have a not-for-profit character, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and companies. Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the registered entity, oversight mechanisms such as ethics councils or boards to ensure that the data controller maintains high standards of scientific ethics, effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679 as well as means for data subjects to stay informed about the use of data they made available. Registration as a recognised data altruism organisation should be a precondition for exercising data altruism activities. Additionally, the Commission should encourage and facilitate the development of self-regulatory codes of conduct at Union level, involving relevant stakeholders.
2021/05/28
Committee: IMCO
Amendment 215 #
Proposal for a regulation
Article 1 – paragraph 2
(2) This Regulation is without prejudice to specific provisions in other Union legal acts or national law regarding access to or re- use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply.
2021/05/28
Committee: IMCO
Amendment 231 #
Proposal for a regulation
Article 4 – paragraph 1
(1) Agreements or other practices pertaining to the re-use of data held by public sector bodies containing categories of data referred to in Article 3 (1) which grant exclusive rights or which have as their object or effect to grant such exclusive rights or to restrict the availability of data for re-use by entities other than the parties to such agreements or other practices shall be prohibited. Agreements or other practices, which restrict the re-use of data which has been licensed or otherwise provided to a public sector body by a commercial data holder, are not subject to this Article.
2021/05/28
Committee: IMCO
Amendment 246 #
Proposal for a regulation
Article 5 – paragraph 3 a (new)
(4) Public sector bodies mayshall impose obligations
2021/05/28
Committee: IMCO
Amendment 248 #
Proposal for a regulation
Article 5 – paragraph 4 – introductory part
(4) Public sector bodies may impose obligations in duly justified cases
2021/05/28
Committee: IMCO
Amendment 249 #
Proposal for a regulation
Article 5 – paragraph 4 – point a
(a) to access and re-use the data remotely within a secure processing environment provided and controlled by the public sector ;
2021/05/28
Committee: IMCO
Amendment 251 #
Proposal for a regulation
Article 5 – paragraph 5
(5) The public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used in line with the latest technical cybersecurity standards. The public sector body shall be able to verify any results of processing of data undertaken by the re- user and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties. A public sector body shall not make commercially confidential data available for re-use unless it is able to do so in a manner, which protects the legitimate commercial interests of third parties related to commercially confidential data. Public sector bodies shall be equipped with the necessary human and financial resources for monitoring and law enforcement.
2021/05/28
Committee: IMCO
Amendment 260 #
Proposal for a regulation
Article 5 – paragraph 9 – introductory part
(9) TWhen duly justified by a substantial number of cases across the Union concerning the re-use of non- personal data in specific third countries, the Commission may adopt implementing acts declaring that the legal, supervisory and enforcement arrangements of a third country:
2021/05/28
Committee: IMCO
Amendment 278 #
Proposal for a regulation
Article 7 – paragraph 4
(4) The competent body or bodies shall have adequate legal and technical capacities and expertise to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3 (1). The competent body or bodies should be equipped with the necessary human and financial resources to carry out their duties in effective and efficient way.
2021/05/28
Committee: IMCO
Amendment 303 #
Proposal for a regulation
Article 11 – paragraph 1 – point 4 a (new)
(4a) Data intermediaries should take reasonable measures to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
2021/05/28
Committee: IMCO
Amendment 308 #
Proposal for a regulation
Article 11 – paragraph 1 – point 8
(8) the providerdata intermediary shall take measures to ensure a high level of security, including state-of-the-art cybersecurity standards for the storage and transmission of non-personal data;
2021/05/28
Committee: IMCO
Amendment 323 #
Proposal for a regulation
Article 15 – paragraph 1 a (new)
(1a) Registration as a recognised data altruism organisation should be a precondition for exercising data altruism activities. The Commission should encourage and facilitate the development of self-regulatory codes of conduct at Union level, involving relevant stakeholders. The European Data Innovation Board shall advise and assist in developing and preserving a consistent practice throughout the Union in this regard.
2021/05/28
Committee: IMCO
Amendment 339 #
Proposal for a regulation
Article 17 – paragraph 4 – point d
(d) the entity’s main sources of income;
2021/05/28
Committee: IMCO
Amendment 355 #
Proposal for a regulation
Article 19 – paragraph 2
(2) The entity shall also ensure that the data is not be used for other purposes than those of general interest for which it permits the processing. Safeguards shall be provided to ensure that misleading marketing practices are not used to solicit donations of data. Sanctions shall be provided when acting against the general public interest.
2021/05/28
Committee: IMCO
Amendment 376 #
Proposal for a regulation
Article 27 – paragraph 1 – point b a (new)
(ba) to advise and assist the Commission in developing consistent guidelines for cybersecurity requirements for the exchange and storage of data; in this regard to aim to consistently keep the latest technical standards in cybersecurity;
2021/05/28
Committee: IMCO
Amendment 377 #
Proposal for a regulation
Article 27 – paragraph 1 – point c
(c) to advise the Commission on the prioritisation of cross-sector standards to be used and developed for data use and cross-sector data sharing, cross-sectoral comparison and exchange of best practices with regards to sectoral requirements for security, access procedures, while taking into account sector-specific standardisations activities; it should also assist the Commission in setting technical guidelines for anonymization;
2021/05/28
Committee: IMCO
Amendment 378 #
Proposal for a regulation
Article 27 – paragraph 1 – point d
(d) to advise and assist the Commission in enhancing the interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards; to do its utmost to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
2021/05/28
Committee: IMCO
Amendment 379 #
Proposal for a regulation
Article 27 – paragraph 1 – point e
(e) to facilitate the cooperation between national competent authorities under this Regulation through capacity- building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for data sharing service providers and the registration and monitoring of recognised data altruism organisations; to advise and assist in developing and preserving a consistent practice in relation to the code of conduct of data altruism organisations throughout the Union.
2021/05/28
Committee: IMCO