2022/0047(COD) | [ParlTrack]

Proposal for a regulation
Recital 2

(2) Barriers to data sharing prevent an optimal allocation of data to the benefit of society. These barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, abuse of dominant positions by third-country Big Tech companies, the EU's lack of ambition with regard to strategic independence from third countries and their companies, costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and abuse of contractual imbalances with regards to data access and use.

Amendment 117 #

Proposal for a regulation
Recital 4

(4) In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. ~~Accordingly,~~ Member States ~~should not~~may adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, ~~unless explicitly provided for in this Regulation, since this would affect the direct and uniform applicat~~in addition to the express provisions of this Regulation.

Amendment 118 #

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a product or related service in the Union can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprise~~s within the meaning of Recommendation 2003/361/EC~~. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.

Amendment 119 #

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a product or related service in the Union can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between ~~data process~~cloud computing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.

Amendment 120 #

Proposal for a regulation
Recital 6

(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product and the user of that product. It gives rise to questions of fairness in the digital economy, because the data recorded by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use.deleted

Amendment 121 #

Proposal for a regulation
Recital 6 a (new)

(6 a) While the obligation to make data available as provided by Union law, including Article 4(3), Article 5(8), Article 6 and Article 19(2) of this Regulation, or by national legislation implementing Union law, should be effective, this Regulation should not question the protection of trade secrets as such and that the access is only granted under measures that warrant for the protection of trade secrets within the meaning of Directive (EU) 2016/943.

Amendment 122 #

Proposal for a regulation
Recital 7

(7) The fundamental right to the protection of personal data is safeguarded in particular under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. Directive 2002/58/EC additionally protects private life and the confidentiality of communications, including providing conditions to any personal and non- personal data storing in and access from terminal equipment. These instruments provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data. This Regulation complements and is without prejudice to Union law on data protection and privacy, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications. In the event of a conflict between this Regulation and Union law on the protection of personal data and privacy or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data and privacy should prevail.

Amendment 123 #

Proposal for a regulation
Recital 8

(8) The principles of data minimisation and data protection by design and by default are essential when processing involves significant risks to the fundamental rights of individuals. Taking into account the state of the art, all parties to data sharing, including where within scope of this Regulation, should implement technical and organisational measures to protect these rights. Such measures include not only pseudonymisation and encryption, but also the use of increasingly available technology that permits algorithms to be brought to the data and allow valuable insights to be derived without the transmission between parties or unnecessary copying of the raw or structured data themselves. Products should be designed in a way that makes it possible for data subjects to use products covered by this Regulation anonymously or with the least possible infringement of their privacy.

Amendment 124 #

Proposal for a regulation
Recital 8

(8) The principles of data minimisation and data protection by design and by default are essential ~~when~~as processing ~~involves~~can lead to significant risks to the fundamental rights of individuals. Taking into account the state of the art, all parties to data sharing, including where within scope of this Regulation, should implement technical and organisational measures to protect these rights. Such measures include not only pseudonymisation and encryption, but also the use of increasingly available technology that permits algorithms to be brought to the data and allow valuable insights to be derived without the transmission between parties or unnecessary copying of the raw or structured data themselvesand facilitate the exercise of data subjects' rights. Such measures include not only deletion and anonymisation where possible, and aggregation and pseudonymisation where the aforementioned aren’t possible to fulfill the purposes of the processing, as well as encryption.

Amendment 125 #

Proposal for a regulation
Recital 8 a (new)

(8 a) The goal of anonymisation is to prevent identification. In accordance with Regulation (EU) 2016/679, anonymised data have been processed in such a way as to remove the possibility to relate them to an identified or identifiable natural person and rendered anonymous in such a manner that the data subject is not or no longer identifiable. Although improbable, the combination of non-personal data sets could lead to the identification or, in the case of previously anonymised data, the re-identification and therefore reattribution to a natural person.

Amendment 126 #

Proposal for a regulation
Recital 11

(11) Union law setting ~~physical~~ design and data requirements for products to be placed on the Union market should not be affected by this Regulation.

Amendment 127 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Recital 13 a (new)

(13 a) This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directive 2001/29/EC, Directive 2004/48/EC, and Directive (EU) 2019/790.

Amendment 128 #

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation with the exception of prototypes. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation, nor any data that is subject to an intellectual property right, except on the basis of a data sharing agreement. Products design-related data, meaning data related to the internal functioning and design of the product can expose industry’s core know-how and intellectual property. Such data should therefore be excluded from the scope of the Regulation. Data that is constitutive of a trade secret should only be made available to a data user or third party upon prior consent of the trade secret holder and if all the necessary measures to protect the confidentiality of the trade secrets have been taken by the third party.

Amendment 129 #

Proposal for a regulation
Recital 14

Amendment 130 #

Proposal for a regulation
Recital 14

Amendment 131 #

Proposal for a regulation
Recital 17

Amendment 132 #

Proposal for a regulation
Recital 17

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data that is already accessible to the data holder in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. Products design-related data is excluded from scope of this Regulation.

Amendment 133 #

Proposal for a regulation
Recital 17

Amendment 134 #

Proposal for a regulation
Recital 18

(18) The user of a product should be understood as the legal or natural person, such as a business or consumer, which has purchased, rented or leased the product. Depending on the legal title under which he or she uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. A product or service may have been purchased, rented or leased by a business, and provided or otherwise made available to one or more employees. Where such provision of a product or service results in the data concerned to be personal data, such data are subject to applicable Union law, in particular on the protection of personal data, of privacy, and the protection of employees.

Amendment 135 #

Proposal for a regulation
Recital 18 a (new)

(18 a) Where the right to access data is exercised by a legal person, the notion of ‘right’ is understood to describe the claim to the obligation of the data holder to provide access to data to a recipient as laid down in this Regulation, subject to all conditions and limits of Union law on the protection of personal data.

Amendment 136 #

Proposal for a regulation
Recital 19

(19) In practice, not all data generated by products or related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet ~~of Things~~. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers are often able to determine, through their control of the technical design of the product or related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that products are designed and manufactured and related services are provided in such a manner that data generated by their use are always easily accessible to the user. (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)

Amendment 137 #

Proposal for a regulation
Recital 19 a (new)

(19 a) Products that use Mobile Networks to transmit data often do not allow the user to access the data locally, and rely on related services. Manufacturers regularly shut down related services prematurely, rendering their products unusable. As the popularity of connected devices grows, this risks significantly increasing the amount of e-Waste we produce, in contradiction with the principles of the Circular Economy. Hence manufacturers should provide guarantees on the minimum duration of the provision of related services, and give users the means to switch to alternative services.

Amendment 138 #

Proposal for a regulation
Recital 21

(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Where on-device access is technically supported, the manufacturer should make this means of access also available to third-party service providers or the user. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider ~~who functions as data holder~~. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer. Where either option is available, the user or third party should choose their preferred method.

Amendment 139 #

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder is~~hould be~~ a controller ~~under~~pursuant to Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. ~~In that case, t~~The performance of a contract can only be a legal ground for processing of personal data if the data subject is a party or if steps are being taken at the request of the data subject prior to entering into a contract. The necessity requirement for processing personal data for the performance of a contract pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 can not be fulfilled by merely providing for processing in a contractual clause. Assessing what is objectively necessary must be fact-based, and this legal ground should be allowed only in situations where it is not possible to perform service or provide product which the data subject has actively requested or signed up for without processing of specific data. Personal data necessary for the controller’s wider business mode but not necessary for the individual services requested by the data subject, do not fulfil this requirement. The basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.

Amendment 140 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder, whenever that is justified, in line with the principle of good faith, in light of the legitimate interests of the user that would otherwise be disproportionately harmed. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.

Amendment 141 #

Proposal for a regulation
Recital 26

(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, Directive 93/13/EEC applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise ~~as defined in Article 2 of the Annex to Recommendation 2003/361/EC63~~ , this Regulation provides that such unfair terms should not be binding on that enterprise. ~~_________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises~~

Amendment 142 #

Proposal for a regulation
Recital 27

(27) The data holder may require appropriate user identification or authentication to verify the user’s entitlement to access the data. In the case of personal data processed by a processor on behalf of the controller, the data holder should ensure that the access request is received and handled by the processor.

Amendment 143 #

Proposal for a regulation
Recital 28

(28) The user should be free to use the data for any lawful purpose. This includes providing the data the user has received exercising the right under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by the data holder, or to instruct the data holder to do so. TIn order to comply with the user’s request, the data holder should ensure that the data made available to the third party is as accurate, complete, reliable, relevant ~~and~~, up-to-date and accessible as the data the data holder itself may be able or entitled to access from the use of the product or related service. Any trade secrets or intellectual property rights should be respected in handling the data. However, data holders should not undermine the right of the users to request access and use of data in accordance with this Regulation on the basis of certain data that the data holder could still consider to be trade secrets or confidential business information. This bearing in mind that the disclosure of trade secrets within the meaning of Directive (EU) 2016/943 serves the interest of innovation and of competition, notably in allowing reverse engineering of a lawfully acquired product, which should be considered as a lawful means of acquiring information. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into that product. The aim of this Regulation should accordingly be understood as to foster the development of new, innovative products or related services, stimulate innovation on aftermarkets, but also stimulate the development of entirely novel services making use of the data, including based on data from a variety of products or related services. At the same time, it aims to avoid undermining the investment incentives for the type of product from which the data are obtained, for instance, by the use of data to develop a competing product.

Amendment 144 #

Proposal for a regulation
Recital 28 a (new)

(28 a) In some cases, when manufacturers are compelled to provide both raw and processed data to users, the combination of this data could be misused by a competitor in order to understand how data is processed by the manufacturer, and in a why that may reveal trade secrets of the manufacturer. Therefore care should be taken to ensure manufacturers can protect their trade secrets all while maximising the amount of data available to the user.

Amendment 145 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Recital 28 a (new)

(28 a) As regards trade secrets, this Regulation should be interpreted in a manner that preserves the protection awarded to trade secrets under Directive (EU) 2016/943. For this reason, data holders are entitled to require that the user or third parties of the user’s choice take all necessary measures to ensure that confidentiality of data considered as trade secrets, including through technical means, is preserved.

Amendment 146 #

Proposal for a regulation
Recital 28 a (new)

(28 a) The Commission should adopt and publish guidelines that clarify the relationship between the obligation to share data and the protection of trade secrets. The Commission should establish a body for dispute settlement for this purpose. The guidelines should be published one year after the entry into force of the Regulation.

Amendment 147 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN

Proposal for a regulation
Recital 29

(29) A third party to whom data is made available may be an enterprise, a research organisation or a not-for-profit organisation. In making the data available to the third party, neither the data holder nor the third party should ~~not~~ abuse its position to seek a competitive advantage in markets where the data holder and third party may be in direct competition. ~~The data holder~~Both parties should not therefore use any data generated by the use of the product or related service in order to derive insights about the economic situation of the oth~~ird~~er party or its assets or production methods or the use in any other way that could undermine the commercial position of the oth~~ird~~er party on the markets it is active on.

Amendment 148 #

Proposal for a regulation
Recital 30

(30) The use of a product or related service may, in particular when the user is a natural person, generate data that relates to an identified or identifiable natural person (the data subject). Processing of such data is subject to the rules established under Regulation (EU) 2016/679, including where personal and non-personal data in a data set are inextricably linked64 . ~~The data subject may be the user or another natural person. P~~Such generation and further processing of personal data ~~may~~is only ~~be requested by a controller or a data subjec~~permitted to begin with where one of the legal grounds pursuant to Articles 6(1) and 9 of that Regulation is met. A user who is the data subject is under certain circumstances entitled under Regulation (EU) 2016/679 to access personal data concerning them, and such rights are unaffected by this Regulation. Under this Regulation, the user who is a natural person is further entitled to access all data generated by the product, personal and non-personal. ~~Where the user is not the data subject but an enterprise, including a sole trader, and not in ca~~Accordingly, such a user intending to request personal data generated by the uses of ~~shared househol~~a product or related use ~~of the product, the user will be a controller with~~rvice is required to have a legal basis for processing the ~~meaning~~data under Article 6(1) of Regulation (EU) 2016/679. Accordingly, such a user as controller intending to request personal data generated by the use of a product or related service is required to have a legal basis for processing the data under Article 6(1) of Regulation (EU) 2016/679, such as, such as the consent of the data subject, a contractual arrangement, or a legal obligation. The legitimate interest of such a user, or of the provider of a product or service, should not be considered a legal basis for generating, further processing, and accessing personal data. The data subject can expect products and services to not collect, obtain, or generate data about them without their consent o~~f the data subject or legitimate interes~~r a freely entered contractual agreement. This user should ensure that the data subject is appropriately informed of the specified, explicit and legitimate purposes for processing those data, and how the data subject may effectively exercise their rights. Where the data holder and the user are joint controllers within the meaning of Article 26 of Regulation (EU) 2016/679, they are required to determine, in a transparent manner by means of an arrangement between them, their respective responsibilities for compliance with that Regulation. It should be understood that such a user, once data has been made available, may in turn become a data holder, if they meet the criteria under this Regulation and thus become subject to the obligations to make data available under this Regulation. Where the user is a Union institution, agency or body, Regulation (EU) 2018/1725 should apply unprejudiced. _________________ 64 OJ L 303, 28.11.2018, p. 59–68.

Amendment 149 #

Proposal for a regulation
Recital 34

(34) In line with the data minimisation principle, the third party should only access additional information that is necessary for the provision of the service requested by the user. Having received access to data, the third party should process it exclusively for the purposes agreed with the user, without interference from the data holder. It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access. The third party should not coerce, deceive or manipulate the user in any way, by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a digital interface with the user. in this context, third parties should not rely on so-called dark patterns in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them. These manipulative techniques can be used to persuade users, particularly vulnerable consumers, to engage in unwanted behaviours, and to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service, in a way that subverts and impairs their autonomy, decision-making and choice. Comm~~on and legitimate comm~~ercial practices that are in compliance with Union law should not in themselves be regarded as constituting dark patterns. Third parties should comply with their obligations under relevant Union law, in particular the requirements set out in Directive 2005/29/EC, Directive 2011/83/EU, Directive 2000/31/EC and Directive 98/6/EC.

Amendment 150 #

Proposal for a regulation
Recital 37

(37) Given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, where a micro or small enterprise is sub-contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy, Member States should ensure that digital training and guidance is available to such enterprises.

Amendment 151 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN

Proposal for a regulation
Recital 37

(37) Given the current state of technology, it is overly burdensome to impose further design obligations in relation to products manufactured or designed and related services provided by micro and small enterprises. That is not the case, however, where a micro or small enterprise is sub-contracted to manufacture or design a product. In such situations, the enterprise, which has sub-contracted to the micro or small enterprise, is able to compensate the sub-contractor appropriately. A micro or small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder, where it is not the manufacturer of the product or a provider of related services. In order to increase the participation of micro and small enterprises in the data economy, Member States should provide digital training and guidance to such enterprises.

Amendment 152 #

Proposal for a regulation
Recital 51

(51) Where one party is in a stronger bargaining position, there is a risk that ~~that~~ party could leverage such position to the detriment of the other contracting party when negotiating access to data and make access to data commercially less viable and sometimes economically prohibitive. Such contractual imbalances can in particularly harm ~~micro, small and medium-sized enterprises without~~enterprises that, due to their comparatively smaller size, may not have a meaningful ability to negotiate the conditions for access to data~~, who~~ and, therefore, may have no other choice than to accept ‘take- it-or-leave-it’ contractual terms. Therefore, in those cases where such imbalances of negotiation power are present, unfair contract terms regulating the access to and use of data or the liability and remedies for the breach or the termination of data related obligations should not be binding on ~~micro, small or medium-sized~~those enterprises when they have been unilaterally imposed on them.

Amendment 153 #

Proposal for a regulation
Recital 52

(52) Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. Therefore, not all contractual terms should be subject to an unfairness test, but only to those terms that are unilaterally imposed oin ~~micro, small and medium-sized enterpris~~situations where an imbalance of negotiation power exists between the contracting parties. This concerns ‘take-it- or- leave-it’ situations where one party supplies a certain contractual term and the ~~micro, small or medium-sized enterprise~~other cannot influence the content of that term despite an attempt to negotiate it. A contractual term that is simply provided by one party and accepted by the ~~micro, small or medium-sized enterprise~~other or a term that is negotiated and subsequently agreed in an amended way between contracting parties should not be considered as unilaterally imposed.

Amendment 154 #

Proposal for a regulation
Recital 56

(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.deleted

Amendment 155 #

Proposal for a regulation
Recital 56

Amendment 156 #

Proposal for a regulation
Recital 56

(56) In situations of exceptional need, it may be necessary for public sector bodies or Union institutions, agencies or bodies to use data held by an enterprise to respond to public emergencies or in other exceptional cases. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To ensure coherent practices between Member States and predictable environment for private entities, the Member States and the Commission should identify the bodies that can request access to data owned by the enterprises. To limit the burden on businesses, micro and small enterprises should be exempted from the obligation to provide public sector bodies and Union institutions, agencies or bodies data in situations of exceptional need.

Amendment 157 #

Proposal for a regulation
Recital 57

(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations.deleted

Amendment 158 #

Proposal for a regulation
Recital 57

(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to identified public sector bodies or to identified Union institutions, agencies or bodies upon their request and within the remit of their activities. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations.

Amendment 159 #

Proposal for a regulation
Recital 58

(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data cannot be obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation.deleted

Amendment 160 #

Proposal for a regulation
Recital 58

(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that no alternative means for obtaining the data requested exists and that the data canHowever, when a public emergency is caused by and could reasonably be addressed by policy decisions of the requesting public sector body, then the request should not be ~~obtained in a timely manner through the laying down of the necessary data provision obligations in new legislation~~deemed an exceptional need.

Amendment 161 #

Proposal for a regulation
Recital 58

(58) An exceptional need may also arise when a public sector body can demonstrate that the data are necessary either to prevent a public emergency, or to assist recovery from a public emergency, in circumstances that are reasonably proximate to the public emergency in question. Where the exceptional need is not justified by the need to respond to, prevent or assist recovery from a public emergency, the public sector body or the Union institution, agency or body should demonstrate that the lack of timely access to and the use of the data requested prevents it from effectively fulfilling a specific task in the public interest that has been explicitly provided in law. Such exceptional need may also occur in other situations, for example in relation to the timely compilation of official statistics when data is not otherwise available or when the burden on statistical respondents will be considerably reduced. At the same time, the public sector body or the Union institution, agency or body should, outside the case of responding to, preventing or assisting recovery from a public emergency, demonstrate that ~~no alternative~~it has exhausted all other means ~~for~~to obtain~~ing~~ the data requested ~~exists and that the data cannot be obtained~~ in a timely manner, including through the laying down of the necessary data provision obligations in new legislation.

Amendment 162 #

Proposal for a regulation
Recital 59

(59) This Regulation should not apply to, nor pre-empt, voluntary arrangements for the exchange of non-personal data between private and public entities. Obligations placed on data holders to provide data that are motivated by needs of a non-exceptional nature, notably where the range of data and of data holders is known and where data use can take place on a regular basis, as in the case of reporting obligations and internal market obligations, should not be affected by this Regulation. Requirements to access data to verify compliance with applicable rules, including in cases where public sector bodies assign the task of the verification of compliance to entities other than public sector bodies, should also not be affected by this Regulation.

Amendment 163 #

Proposal for a regulation
Recital 61

(61) A proportionate, limited and predictable framework at Union level is necessary for the making available of data by data holders, in cases of exceptional needs, to public sector bodies and to Union institution, agencies or bodies both to ensure legal certainty and to minimise the administrative burdens placed on businesses. To this end, data requests by public sector bodies and by Union institution, agencies and bodies to data holders should be transparent and proportionate in terms of their scope of content and their granularity. The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to perform its tasks in the public interest. The request should also respect the legitimate interests of the businesses to whom the request is made. The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or Union institution, agency or body where those data are needed to respond to a public emergency. To ensure transparency, data requests made by public sector bodies and by Union institutions, agencies or bodies should be made public without undue delay by the entity requesting the data and online public availability of all requests justified by a public emergency should be ensured.deleted

Amendment 164 #

Proposal for a regulation
Recital 62

(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re- use of public sector information (OJ L 172, 26.6.2019, p. 56).deleted

Amendment 165 #

Proposal for a regulation
Recital 62

(62) The objective of the obligation to provide the data is to ensure that public sector bodies and Union institutions, agencies or bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided by law. The data obtained by those entities may be commercially sensitive. Therefore, Directive (EU) 2019/1024 of the European Parliament and of the Council65 should not apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data. In addition, it should not affect the possibility of sharing the data for conducting research or for the compilation of official statistics, provided the conditions laid down in this Regulation are met. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies to address the exceptional needs for which the data has been requested. The business whose data is to be shared, provided it acts in a good faith, should also have the possibility to raise objection concerning planned data transfer in order to protect its security, integrity or confidentiality. _________________ 65 Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).

Amendment 166 #

Proposal for a regulation
Recital 63

(63) Data holders should have the possibility to either ask for a modification of the request made by a public sector body or Union institution, agency and body or its cancellation in a period of 5 or 15 working days depending on the nature of the exceptional need invoked in the request. In case of requests motivated by a public emergency, justified reason not to make the data available should exist if it can be shown that the request is similar or identical to a previously submitted request for the same purpose by another public sector body or by another Union institution, agency or body. A data holder rejecting the request or seeking its modification should communicate the underlying justification for refusing the request to the public sector body or to the Union institution, agency or body requesting the data. In case the sui generis database rights under Directive 96/6/EC of the European Parliament and of the Council66 apply in relation to the requested datasets, data holders should exercise their rights in a way that does not prevent the public sector body and Union institutions, agencies or bodies from obtaining the data, or from sharing it, in accordance with this Regulation. _________________ 66 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).deleted

Amendment 167 #

Proposal for a regulation
Recital 64

(64) Where it is strictly necessary to include personal data in the data made available to a public sector body or to a Union institution, agency or body the applicable rules on personal data protection should be complied with and the making available of the data and their subsequent use should and be accompanied by safeguards for the rights and interests of individuals concerned by those data. The body requesting the data should demonstrate the strict necessity and the specific and limited purposes for processing. The data holder should take reasonable efforts to anonymise the data or, where such anonymisation proves impossible, the data holder should apply technological means such as pseudonymisation and aggregation, prior to making the data available.deleted

Amendment 168 #

Proposal for a regulation
Recital 65

(65) Data made available to public sector bodies and to Union institutions, agencies and bodies on the basis of exceptional need should only be used for the purpose for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes. The data should be destroyed once it is no longer necessary for the purpose stated in the request, unless agreed otherwise, and the data holder should be informed thereof.deleted

Amendment 169 #

Proposal for a regulation
Recital 65 a (new)

(65 a) Requests by public bodies that concern the personal data of citizens pose a disproportionate risk to citizens fundamental rights, therefore such requests should be prohibited.

Amendment 170 #

Proposal for a regulation
Recital 65 b (new)

(65 b) Requests by public bodies that concern the personal data of citizens pose a disproportionate risk to citizens fundamental rights, therefore such requests should be subject to the consent of relevant Data Protection Authorities.

Amendment 171 #

Proposal for a regulation
Recital 65 c (new)

(65 c) Requests by public bodies that concern the personal data of citizens pose a disproportionate risk to citizens human rights, therefore any personal data in those requests should be anonymised and public bodies or entities with which public bodies share data from the request should be prohibited from reversing anonymisation.

Amendment 172 #

Proposal for a regulation
Recital 66

(66) When reusing data provided by data holders, public sector bodies and Union institutions, agencies or bodies should respect both existing applicable legislation and contractual obligations to which the data holder is subject. Where the disclosure of trade secrets of the data holder to public sector bodies or to Union institutions, agencies or bodies is strictly necessary to fulfil the purpose for which the data has been requested, confidentiality of such disclosure should be ensured to the data holder.deleted

Amendment 173 #

Proposal for a regulation
Recital 67

(67) When the safeguarding of a significant public good is at stake, such as is the case of responding to public emergencies, the public sector body or the Union institution, agency or body should not be expected to compensate enterprises for the data obtained. Public emergencies are rare events and not all such emergencies require the use of data held by enterprises. The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies or Union institutions, agencies or bodies having recourse to this Regulation. However, as cases of an exceptional need other than responding to a public emergency might be more frequent, including cases of prevention of or recovery from a public emergency, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body or to the Union institution, agency or body. The compensation should not be understood as constituting payment for the data itself and as being compulsory.deleted

Amendment 174 #

Proposal for a regulation
Recital 68

(68) The public sector body or Union institution, agency or body may share the data it has obtained pursuant to the request with other entities or persons when this is needed to carry out scientific research activities or analytical activities it cannot perform itself. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the compilation of official statistics. Such research activities should however be compatible with the purpose for which the data was requested and the data holder should be informed about the further sharing of the data it had provided. Individuals conducting research or research organisations with whom these data may be shared should act either on a not-for- profit basis or in the context of a public- interest mission recognised by the State. Organisations upon which commercial undertakings have a decisive influence allowing such undertakings to exercise control because of structural situations, which could result in preferential access to the results of the research, should not be considered research organisations for the purposes of this Regulation.deleted

Amendment 175 #

Proposal for a regulation
Recital 79

(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability of the European Parliament and of the Council. The solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 ~~of the European Parliament and of the Council. The~~ Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of ~~data process~~cloud computing services.

Amendment 176 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Recital 80

(80) To promote the interoperability of smart contracts in data sharing applications, it is necessary to lay down essential requirements for smart contracts for professionals who create smart contracts for others or integrate such smart contracts in applications that support the implementation of agreements for sharing data. Specific training programmes on smart contracts for businesses, in particular SMEs, should be provided. In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity for smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council.

Amendment 177 #

Proposal for a regulation
Recital 82

(82) In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for the infringements of their rights under this Regulation by lodging complaints with competent authorities and before courts. Those authorities should be obliged to cooperate to ensure the complaint is appropriately handled and resolved swiftly and effectively. In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to the Regulation (EU) 2017/2394 of the European Parliament and of the Council68 and Directive (EU) 2020/1828 of the European Parliament and of the Council69 . _________________ 68 Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1). 69 Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).

Amendment 178 #

Proposal for a regulation
Recital 83

(83) Member States competent authorities should ensure that infringements of the obligations laid down in this Regulation are sanctioned by penalties. When doing so, they should take into account the nature, gravity, recurrence and duration of the infringement in view of the public interest at stake, the scope and kind of activities carried out, as well as the economic capacity of the infringer. They should take into account whether the infringer systematically or recurrently fails to comply with its obligations stemming from this Regulation. In order to help enterprises to draft and negotiate contracts, the Commission should develop and recommend non-mandatory model contractual terms for business-to-business data sharing contracts, where necessary taking into account the conditions in specific sectors and the existing practices with voluntary data sharing mechanisms. These model contractual terms should notably address the preservation of the confidentiality of trade secrets in the framework of this Regulation. These model contractual terms should be primarily a practical tool to help in particular smaller enterprises to conclude a contract. When used widely and integrally, these model contractual terms should also have the beneficial effect of influencing the design of contracts about access to and use of data and therefore lead more broadly towards fairer contractual relations when accessing and sharing data. To that end, the adaptation of Directive 93/13/EEC on unfair terms in consumer contracts to the data economy should be particularly scrutinised.

Amendment 179 #

Proposal for a regulation
Recital 84

(84) In order to eliminate the risk that holders of data bases containing data~~bases~~ obtained or generated by means of physical components, such as sensors, of a connected product and a related service claim the sui generis right under Article 7 of Directive 96/9/EC where such databases do not qualify for the sui generis right, and in so doing hinder the effective exercise of the right of users to access and use data and the right to share data with third parties under this Regulation, this Regulation should, namely machine-generated data, claim the sui generis right under Article 7 of Directive 96/9/EC this Regulation clarifyies that the sui generis right does not apply to such databases as the requirements for protection would not be fulfilled.

Amendment 180 #

Proposal for a regulation
Recital 84

(84) In order to eliminate the risk that holders of data in databases obtained or generated by means of physical components, such as sensors, of a connected product and a related service claim the sui generis right under Article 7 of Directive 96/9/EC ~~where such databases do not qualify for the sui generis right~~, and in so doing hinder the effective exercise of the right of users to access and use data and the right to share data with third parties under this Regulation, this Regulation should clarify that the sui generis right ~~does not apply to such databases as the requirements for protection would not be fulfilled~~should not be invoked to refuse access to those data generated by the use of a product or a related service.

Amendment 181 #

Proposal for a regulation
Article 1 – paragraph 1

1. This Regulation lays down harmonised rules on making data lawfully obtained, collected, or generated by the use of a product or data lawfully obtained, collected, or generated during the provision of a related servic~~e availabl~~e to the user of that product, orn providers of related services, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest: upon request by a user or data subject to data recipients , and on contractual terms between users and data holder, and users and data recipients.

Amendment 182 #

Proposal for a regulation
Article premier – paragraph 1

1. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies~~, where there is an exceptional need,~~ for the performance of a task carried out in the public interest:

Amendment 183 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) manufacturers of products and ~~suppli~~providers of related services placed on the market in the Union and the users ~~of such products or services~~, or in the case of personal data, identified or identifiable natural person the information generated by the use of such products or related services relates to;

Amendment 184 #

Proposal for a regulation
Article 1 – paragraph 2 – point d

(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request;deleted

Amendment 185 #

Proposal for a regulation
Article premier – paragraph 2 – point d

(d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available ~~where there is an exceptional need to that data~~ for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request;

Amendment 186 #

Proposal for a regulation
Article 1 – paragraph 3

3. Union law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment shall apply to personal data processed in connection with the rights and obligations laid down in this Regulation. Th~~is Regulation shall not affect the applicability of~~e obtaining, collection, or generation of personal data through the use of a product or related service requires a legal basis pursuant to data protection law. This Regulation does not create a legal basis for the processing of personal data, nor does it affect any of the rights and obligations set out in Regulations (EU) 2016/679 or (EU) 2018/1725 or Directives 2002/58/EC or (EU) 2016/680. The legitimate interest, as laid down in Article 6 paragraph 1 point f of Regulation (EU) 2016/679, of the manufacturer of a product or the provider of a related service shall not constitute a legal basis for this. This Regulation is without prejudice to Union law on the protection of personal data and privacy, in particular Regulation (EU) 2016/679 ~~and Directive 2002/58/EC, including the powers and competences of supervisory authorities~~, Regulation (EU) 2018/1725, Directive 2002/58/EC, and Directive (EU) 2016(680), including the powers and competences of supervisory authorities. In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail. Insofar as the rights laid down in Chapter II of this Regulation are concerned, and where users are the data subjects of personal data subject to the rights and obligations under that Chapter, the provisions of this Regulation shall complement and particularise the right of data portability under Article 20 of Regulation (EU) 2016/679, and shall not adversely affect data protection rights of others. Insofar the processing of personal data, that is made available to a data recipient pursuant to Article 5 of this Regulation, is restricted in Article 6 of this Regulation, these provisions shall take precedence over Article 6 of Regulation (EU) 2016/679.

Amendment 187 #

Proposal for a regulation
Article premier – paragraph 3

Amendment 188 #

Proposal for a regulation
Article 1 – paragraph 3

Amendment 189 #

Proposal for a regulation
Article 1 – paragraph 3 a (new)

3 a. This Regulation shall not affect the applicability of Union law aiming to ensure a high level of consumer protection, to protect their health, safety and economic interests, including Directive 2005/29/EC of the European Parliament and of the Council, Directive 2011/83/EU of the European Parliament and of the Council and Directive 93/13/EEC of the European Parliament and of the Council.

Amendment 190 #

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall not affect Union and national legal acts providing for the sharing, access and use of data for the purpose of the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, including Regulation (EU) 2021/784 of the European Parliament and of the Council72 and the [e-evidence proposals [COM(2018) 225 and 226] once adopted, and international cooperation in that area. This Regulation shall not affect the collection, sharing, access to and use of data under Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council on information accompanying the transfer of funds. This Regulation shall not affect the competences of the Member States regarding activities concerning public security, defence, national security, customs and tax administration and ~~the health~~shall be implemented with due consideration to public health, the fundamental rights and the safety of citizens in accordance with Union law. _________________ 72 Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).

Amendment 191 #

Proposal for a regulation
Article 1 – paragraph 4 a (new)

4 a. This Regulation shall not affect data that is subject to an intellectual property right. Accordingly, inferred data or derived data resulting from any software process that calculates derivative data from such data, as well as functional system data should not be considered within scope of this Regulation.

Amendment 192 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)

(1a) 'personal data' means any information relating to an identified or identifiable natural person; shall be considered an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity;

Amendment 193 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)

(1a) 'personal data' shall mean personal data as defined in Article 4(1) of Regulation (EU) 2016/679;

Amendment 194 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)

(1 a) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;

Amendment 195 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 a (new)

(1 a) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;

Amendment 196 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)

(1 b) ‘non-personal data’ means data other than personal data;

Amendment 197 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 b (new)

(1 b) ‘non-personal data’ means data other than personal data;

Amendment 198 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 c (new)

(1 c) ‘consent’ means consent as defined in Article 4, point (11), of Regulation (EU) 2016/679;

Amendment 199 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 c (new)

(1 c) ‘consent’ means consent as defined in Article 4, point (11), of Regulation (EU) 2016/679;

Amendment 200 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 d (new)

(1 d) ‘data subject’ means data subject as referred to in Article 4, point (1), of Regulation (EU) 2016/679;

Amendment 201 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 d (new)

(1 d) ‘data subject’ means data subject as referred to in Article 4, point (1), of Regulation (EU) 2016/679;

Amendment 202 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 e (new)

(1 e) 'Micro, small or medium enterprise', means a Micro, small or medium enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC1a; _________________ 1a Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises

Amendment 203 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1 e (new)

(1 e) ‘controller’ means controller as defined in Article 4, point (7), of Regulation (EU) 2016/679;

Amendment 204 #

Proposal for a regulation
Article 2 – paragraph 1 – point 2

(2) ‘product’ means a tangible, movable item, including where incorporated in an immovable item, that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data via a publicly available electronic communications service and whose primary function is not the storing and processing of data item, that, through its design and features, including sensors or in-device software, obtains, collects, or generates, data concerning its use or environment, and that is able to communicate data, and whose primary function is not the storing and processing of data , with the exception of products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation;

Amendment 205 #

Karen MELCHIOR

Proposal for a regulation
Article 2 – paragraph 1 – point 2

(2) ‘product’ means a tangible~~, movable item, including where incorporated in an immovable item,~~ item that obtains, generates or collects, data concerning its use or environment, and that is able to communicate data directly or indirectly via a publicly available electronic communications service and whose primary function is not the storing and processing of data, nor is it primarily designed to display or play content, or to record and transmit content;

Amendment 206 #

Proposal for a regulation
Article 2 – paragraph 1 – point 3

(3) ‘related service’ means a digital service, including software, which is ~~incorporated in or inter-connected with a product in such a way that its absence would prevent the product from performing one~~necessary in order for the product to perform one or more of its functions and which involves communicating data from the product to the related service, and deriving ofr i~~ts functions~~nferring data;

Amendment 207 #

Proposal for a regulation
Article 2 – paragraph 1 – point 4

(4) ‘virtual assistants’ means software that can process demands, tasks or questions including based on audio, written input, gestures or motions, and based on those demands, tasks or questions provides access t~~heir own and third party services or control their own and third party device~~o related services or control products;

Amendment 208 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5

(5) ‘'user’' means a natural or legal person that owns, rents or leases a product or receives a services and the person referred to in Article 4(1) of Regulation (EU) 2016/679;

Amendment 209 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5

(5) ‘user’ means a natural or legal person that owns, rents or leases or a consumer that uses a product or receives a related services;

Amendment 210 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5

(5) ‘user’ means a natural or legal person that owns, rents or leases a product or receives arelated services, and the data subject;

Amendment 211 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5

(5) ‘'user’' means a natural or legal person that owns, uses, rents or leases a product or receives a services;

Amendment 212 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5 a (new)

(5 a) 'consumer' means any natural person who is acting for purposes which are outside their trade, business, craft or profession;

Amendment 213 #

Proposal for a regulation
Article 2 – paragraph 1 – point 5 a (new)

(5a) 'consent' means the definition laid down in Article 4(11) of Regulation (EU) 2016/679 (GDPR);

Amendment 214 #

Proposal for a regulation
Article 2 – paragraph 1 – point 6

(6) ‘data holder’ means a legal or natural person that is not the user, who has access to data communicated to it, or accessed by it, including derived or inferred data during the provision of a related service, and who has the right or obligation, in accordance with ~~this Regulation,~~ applicable Union law or national legislation implementing Union law, or in the case of non-personal data ~~and through control of the technical design of the product and related services, the ability, to~~the contractually agreed right to process and make available certain data;

Amendment 215 #

Proposal for a regulation
Article 2 – paragraph 1 – point 6

(6) ‘data holder’ means a legal or natural person who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data and through ~~control of the technical design~~ownership of the product ~~and~~or related service~~s, the ability~~ at the time the data is generated by the usage, to make available certain data;

Amendment 216 #

Proposal for a regulation
Article 2 – paragraph 1 – point 7

(7) ‘data recipient’ means a legal or natural person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a product or related service, to whom the data holder makes data available, ~~including a third party~~ following a request by the user or the data subject to the data holder or in accordance with a legal obligation under Union law or national legislation implementing Union law, and including a third party to whom the data is directly made available by the user or the data subject;

Amendment 217 #

Proposal for a regulation
Article 2 – paragraph 1 – point 7

(7) ‘data recipient’ means a legal or natural person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a product or related service, to whom the data holder makes data available, including a third party to whom data is directly made available by the user, following an explicit request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation implementing Union law;

Amendment 218 #

Proposal for a regulation
Article 2 – paragraph 1 – point 9

(9) ‘public sector body’ means identified national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies;

Amendment 219 #

Proposal for a regulation
Article 2 – paragraph 1 – point 9 a (new)

(9 a) ‘trade secret’ means a trade secret as defined in Directive (EU) 2016/943 that meets all the requirements of Article 2, point (1) of the same Directive;

Amendment 220 #

Proposal for a regulation
Article 2 – paragraph 1 – point 10

(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s);deleted

Amendment 221 #

Proposal for a regulation
Article 2 – paragraph 1 – point 10

(10) ‘public emergency’ means a legally declared state of emergency by the Union or a Member State due to an exceptional situation ~~negativ~~which adversely affect~~ing~~s the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on ~~living conditions~~health, safety or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s);

Amendment 222 #

Proposal for a regulation
Article 2 – paragraph 1 – point 10

(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a provable risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s);

Amendment 223 #

Proposal for a regulation
Article 2 – paragraph 1 – point 11 a (new)

(11 a) ‘making available of data obtained, collected, or generated by the use of a product or a related service’ means the making accessible of data, including derived and inferred data, by a simple request through electronic means, enabling the user or a third party to copy the data and to receive the data in a structured, commonly used, interoperable and machine-readable format;

Amendment 224 #

Proposal for a regulation
Article 2 – paragraph 1 – point 12

(12) ‘data processing service’ means a ~~digital~~ service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remote access to ~~a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature~~storage and computing resources;

Amendment 225 #

Proposal for a regulation
Article 2 – paragraph 1 – point 12

(12) ~~‘data process~~'cloud computing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed natureservice enabling ubiquitous, scalable, elastic and on-demand network access to a shared pool of configurable computing resources of a centralised, distributed or highly distributed nature provided to a customer that can be rapidly provisioned and released with minimal management effort or service provider interaction;

Amendment 226 #

Proposal for a regulation
Article 2 – paragraph 1 – point 19

(19) ‘interoperability’ means the ability of two or more ~~data spaces or~~ communication networks, systems, products, applications or, components, or services to exchange and use data in order to perform their functions;

Amendment 227 #

Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)

(20 a) "Trade secret holder" should be understood as per Article 2(2) of Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure.

Amendment 228 #

Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)

(20a) 'trade secret' means the definition laid down in Article 2(1) of Directive (EU) 2016/943

Amendment 229 #

Proposal for a regulation
Article 3 – title

Obligation ~~to make data~~of designers, manufacturers and providers of related services regarding data obtained, collected, or generated by the use of products or related services ~~accessible~~

Amendment 230 #

Proposal for a regulation
Article 3 – paragraph 1

1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user. Data holders shall ensure that it is not difficult for users to exercise their rights. Data holders shall make it possible for users to choose freely. They must, therefore, offer a number of options in an impartial manner, without coercion, deception or manipulation, by means of a digital interface or part thereof, including its structure, design, function or mode of operation.

Amendment 231 #

Proposal for a regulation
Article 3 – paragraph 1

1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data obtained, collected, or generated by their use are, by default, easily, securely and, where relevant and appropriate, directly accessible to th~~e user.~~ at user in a structured, commonly used and machine-readable format, including access to derived or inferred data. In the case that user is a data subject, products shall offer possibilities to directly exercise the data subjects’ rights. Products shall be designed and manufactured, and related services shall be provided, in such a way that a data subject is offered the possibility to use the products covered by this Regulation anonymously.

Amendment 232 #

Proposal for a regulation
Article 3 – paragraph 1

1. Products shall be designed and manufactured~~, and related services shall be provided,~~ in such a manner that any transmissible data they generate~~d by their use~~ are, by default, easily, securely and, where relevant and appropriate, directly accessible to the user and retrievable in a structured, commonly used, machine- readable format along with the relevant metadata as well as any data strictly necessary for the servicing and repairing of the product.. Where technically feasible, the user should be able to choose to access and retrieve such data directly from the device without recourse to related services.

Amendment 233 #

Proposal for a regulation
Article 3 – paragraph 1

1. Products shall be designed and manufactured, and related services shall be provided, in such a manner that data generated by their use that are accessible to the data holder are, by default, easily, safely, securely and, where relevant and appropriate, directly accessible to the user. Data shall be provided in the raw form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.

Amendment 234 #

Proposal for a regulation
Article 3 – paragraph 1 a (new)

1 a. Where products and related services are already subject to privacy by design requirements, especially Art. 11 of EU (2016/680), this regulation shall not oblige manufacturers to re-design their products and related services to comply with the requirements laid down in this regulation.

Amendment 235 #

1 a. Products that use cloud based related services for data processing shall be designed and manufactured in such a way that the user can freely switch between related services for data processing, and, where technically feasible, access data locally.

Amendment 236 #

Proposal for a regulation
Article 3 – paragraph 1 b (new)

1 b. Before concluding a contract for the purchase, rent or lease of a product, the following information shall be presented to the user in the form of a standardised label the design of which shall be set out by the European Commission: (a) the means by which the product can transmit data (b) if the transmissible data produced by the product is processed on the product or in the cloud by related services (c) where data processing is done in the cloud by related services, or where data is transmitted to the manufacturer or a third-party: i. if the basic functionalities of the product in its default configuration are available when the user is offline or when that related service is unavailable ii. the duration for which the product manufacturer guarantees the availability of related services to the user iii.The points listed in Article 3.2 of this regulation. (d) if the transmissible data produced can be accessed directly from the device without recourse to related services (e) the on-device storage capacity expressed as the duration for which data collected by the device can be stored on the device (f) the period for which the device is guaranteed to receive security and functionality updates in line with the Cyber Resilience Act.

Amendment 237 #

Proposal for a regulation
Article 3 – paragraph 2 – introductory part

2. Before concluding a contract for the p~~urchase, rent or lease of a product or a~~rovision of related services, at least the following information shall be provided to the user, in a clear and comprehensible format:

Amendment 238 #

Proposal for a regulation
Article 3 – paragraph 2 – introductory part

2. Before the user conclud~~ing~~es a contract for the purchase, rent or lease of a product ~~or a related service~~, at least the following information shall be provided to the user, in a clear and comprehensible format:

Amendment 239 #

Proposal for a regulation
Article 3 – paragraph 2 – point a

(a) the nature and average volume of the data ~~likely to be generated by the use of the product or related service~~transmitted to the provider of related services from the product, and the modalities for the user to access or retrieve such data, including the period for which it shall be stored;

Amendment 240 #

Proposal for a regulation
Article 3 – paragraph 2 – point a

(a) the nature ~~and volume of the data likely to be generated by the use of the produ~~, format, estimated volume and collection frequency of the data which the product is capable to obtain, collect, or ~~related servic~~generate;

Amendment 241 #

Proposal for a regulation
Article 3 – paragraph 2 – point a

(a) the ~~nature an~~type of data and the estimated volume of the data likely to be generated by the use of the product or related service;

Amendment 242 #

Proposal for a regulation
Article 3 – paragraph 2 – point b

(b) whether the data isare likely to be obtained, collected, or generated continuously and in real-time;

Amendment 243 #

Proposal for a regulation
Article 3 – paragraph 2 – point c – point i (new)

i) The data holder shall provide information on the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, which shall be described in a publicly available and consistent manner;

Amendment 244 #

Proposal for a regulation
Article 3 – paragraph 2 – point c – point ii (new)

ii) The technical means to access the data, such as Software Development Kits or application programming interfaces , and their terms of use and quality of service shall be sufficiently described to enable the development of such means of access;

Amendment 245 #

Proposal for a regulation
Article 3 – paragraph 2 – point d

(d) whether the manufacturer supplying the product or the service provider providing the related service intends to use the data itself or allow a third party to use the data and, if so, the purposes for which those data will be used;deleted

Amendment 246 #

Proposal for a regulation
Article 3 – paragraph 2 – point d

(d) whether the ~~manufacturer supplying the product or the~~ service provider providing the related service intends to use the data itself or allow a third party to use the data and, if so, the purposes for which those data will be used;

Amendment 247 #

Proposal for a regulation
Article 3 – paragraph 2 – point e

~~(e) whether the seller, renter or lessor is the data holder and, if not, the identity of the data holder, such as its trading name and the geographical address at which it is established;~~deleted

Amendment 248 #

~~(f) the means of communication which enable the user to contact the data holder quickly and communicate with that data holder efficiently;~~deleted

Amendment 249 #

Proposal for a regulation
Article 3 – paragraph 2 – point f a (new)

(f a) Whether the data holder is the holder of trade secrets or other intellectual property rights contained in the data likely to be generated by the use of the product or related service, and, if not, the identity of the trade secret holder, such as its trading name and the geographical address at which it is established;

Amendment 250 #

Proposal for a regulation
Article 3 – paragraph 2 – point g

~~(g) how the user may request that the data are shared with a third-party;~~deleted

Amendment 251 #

Proposal for a regulation
Article 3 – paragraph 2 – point h

~~(h) the user’s right to lodge a complaint alleging a violation of the provisions of this Chapter with the competent authority referred to in Article 31.~~deleted

Amendment 252 #

Proposal for a regulation
Article 3 – paragraph 2 – point h a (new)

(ha) how the user may request that those data be deleted;

Amendment 253 #

Proposal for a regulation
Article 3 – paragraph 2 – point h b (new)

(hb) how users can restrict the transfer of their data to third parties or geographical areas;

Amendment 254 #

Proposal for a regulation
Article 3 – paragraph 2 a (new)

2 a. Before the user concludes an agreement for the provision of a related service, at least the following information shall be provided to the user in a clear and comprehensible format: (a) the nature, format, and collection frequency of data communicated from the product to the related service, as well as modalities for the user of the product to access or retrieve the data; (b) the nature and estimated volume of data obtained, collected, generated, derived or inferred during the provision of the related service, as well as modalities for the user to access or retrieve the data; (c) whether the provider of the related service intends to process the data itself , whether it intends to allow a third party to process the data and, the purposes for which those data will be processed; (d) the identity of the data holder and, where applicable, other data processing parties, such as the trading name and the geographical address of establishment; (e) the means of communication which enable the user to contact the data holder and, where applicable, other data processing party quickly and communicate with them efficiently; (f) how the user may request that the data be shared with or transferred to a third- party; (g) the foreseen duration of the agreement, as well as the modalities to terminate the agreement prematurely; (h) the user’s right to lodge a complaint alleging a violation of the provisions of this Chapter with the competent authority referred to in Article 31.

Amendment 255 #

Proposal for a regulation
Article 3 – paragraph 2 a (new)

2 a. The data holder shall not use data shared for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679, unless it is strictly necessary to provide the specific service explicitly requested by the user.

Amendment 256 #

Proposal for a regulation
Article 3 – paragraph 2 a (new)

2 a. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers in a non-discriminatory manner.

Amendment 257 #

Proposal for a regulation
Article 3 – paragraph 2 b (new)

2 b. The user may grant or withdraw at any time consent to the data holder for the use of their data or to the third party nominated by the data holder (opt out).

Amendment 258 #

Proposal for a regulation
Article 4 – title

The right of users to access and use data obtained, collected, or generated by their use of products or related services, and the obligation of data holders to provide access to such data

Amendment 259 #

Proposal for a regulation
Article 4 – paragraph 1

1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user ~~the~~any data ~~generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time~~communicated to the data holder from the product or obtained, collected, or generated during the provision of the related service without undue delay, free of charge and, where applicable, continuously and in real-time, in a structured, commonly used and machine-readable format, including access to derived or inferred data, and including the relevant metadata. This shall be done on the basis of a simple request through electronic means w. Where this is not technically feasible, the data holder shall provide a functionally equivalent alternative.

Amendment 260 #

Proposal for a regulation
Article 4 – paragraph 1

1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service that are accessible to the data holder without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. Data shall be provided in the raw form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by the user, including related metadata necessary to interpret and use the data.

Amendment 261 #

Proposal for a regulation
Article 4 – paragraph 1

1. Where data cannot be directly accessed by the user from the product, the data holder shall make available to the user the data generated by its use of a product or related service without undue delay, free of charge and, where applicable, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible. Manufacturer, where technically supported, shall provide on-device access in a non-discriminatory manner. Where on-device and off-device access are available, the user or third party shall choose their preferred method.

Amendment 262 #

Proposal for a regulation
Article 4 – paragraph 1

Amendment 263 #

Proposal for a regulation
Article 4 – paragraph 2

2. The data holder shall not require the user to provide any information beyond what is necessary to verify their quality as athe user pursuant to paragraph 1. The data holder shall not keep any information on the user’s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and the maintenance of the data infrastructure.

Amendment 264 #

Proposal for a regulation
Article 4 – paragraph 3

3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken, in advance to the disclosure of the trade secrets by either the user or the data holder or both, to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user ~~can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties.~~ shall agree on measures such as technical and organisational measures like strict access protocols, through contractual instruments such as confidentiality agreements or licensing schemes, to preserve the confidentiality of the shared data ,in particular in relation to third parties, including on liability over possible damages. The data holder shall identify the data which are protected as trade secrets. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex- ante or the user fails to implement those measures prior to the data sharing, the trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The user shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes.

Amendment 265 #

Proposal for a regulation
Article 4 – paragraph 3

3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken by the user prior to the disclosure to preserve the confidentiality of trade secrets in particular with respect to third parties. TWhere such measures are not sufficient, the data holder and the user ~~can~~shall agree ~~measures~~additional measures, such as technical and organisational measures, to preserve the confidentiality of the shared data, in particular in relation to third parties, through contractual instruments such as confidentiality agreements. The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures to preserve the confidentiality of trade secrets or the user fails to implement those measures, the data holder is entitled to refuse the user’s access to data which are protected as trade secrets.

Amendment 266 #

Proposal for a regulation
Article 4 – paragraph 3

3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. The data holder shall identify the data which are protected as trade secrets, and, in the event that this classification is contested by a third-party or user, shall be obliged to produce evidence proving that the data in question are trade secrets.

Amendment 267 #

Proposal for a regulation
Article 4 – paragraph 3

3. T~~rade secrets shall only be disclosed provided that all specific necessary measures are taken~~he confidentiality of Trade secrets shall be preserved in particular with respect to third parties by taking specific necessary measures. The data holder and the user can agree measures to preserve the confidentiality of t~~rade secrets~~he shared data, in particular ~~with respect~~in relation to third parties. TWhe ~~data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties~~re a user has lawfully acquired a product, the disclosure of a trade secret according to Directive (EU) 2016/943 shall be encouraged in the interest of innovation and of competition, notably in allowing reverse engineering, which should be considered as a lawful means of acquiring information.

Amendment 268 #

Proposal for a regulation
Article 4 – paragraph 3

3. Trade secrets shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. The data holder and the user ~~can~~must agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. Pursuant to Directive (EU) 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure.

Amendment 269 #

Proposal for a regulation
Article 4 – paragraph 3

3. Trade secrets ~~shall only be disclosed provided that all specific necessary measures are taken to preserve the confidentiality of trade secrets in particular with respect to third parties. T~~and data subject to intellectual property rights shall never be disclosed without the prior consent of the trade secret holder or intellectual property rights holder. The trade secret holder, the data holder and the user can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties. The trade secret holder or intellectual property rights holder shall identify the data which are protected.

Amendment 270 #

Proposal for a regulation
Article 4 – paragraph 3 a (new)

3 a. Where data is processed and stored on the product, the manufacturer shall make available all processed data as well as any raw data that does not risk disclosing trade secrets of the manufacturer. Where technically feasible, the user shall be able to choose to deactivate onboard data processing and retrieve all raw data directly from the device.

Amendment 271 #

Proposal for a regulation
Article 4 – paragraph 3 b (new)

3 b. Where data is processed and stored remotely by a related service, the related service shall make available all processed data as well as any raw data that does not risk disclosing trade secrets. Where technically feasible the user shall be able to deactivate remote data processing and retrieve all raw data either directly from the device or, where that is not possible, through the related service.

Amendment 272 #

Proposal for a regulation
Article 4 – paragraph 4

4. TUnless where that data can be directly accessed by the user from the product, the user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product from which the data originate.

Amendment 273 #

Proposal for a regulation
Article 4 – paragraph 4

4. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product or related service that competes with the product or related service from which the data originate.

Amendment 274 #

Proposal for a regulation
Article 4 – paragraph 4

4. The user and/or third party shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a product that competes with the product from which the data originate.

Amendment 275 #

Proposal for a regulation
Article 4 – paragraph 4

4. The user ~~shall not use the data obtained pursuant to a request referred to in paragraph 1~~must not be able to obtain data that make it possible to develop a product that competes with the product from which the data originate.

Amendment 276 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 4 – paragraph 4 a (new)

4 a. The user shall not deploy coercive means or abuse gaps in the technical infrastructure of the data holder designed to protect the data in order to obtain access to data.

Amendment 277 #

Axel VOSS

Proposal for a regulation
Article 4 – paragraph 5

5. Where the user is not a data subject, any personal data generated by the use of a product or related service shall only be made available by the data holder to the user where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 are fulfilled.deleted

Amendment 278 #

Proposal for a regulation
Article 4 – paragraph 5

5. Where the user is not a data subject, any personal data generated by the use of a product or related service shall only be made available by the data holder to the user where all conditions and rules provided by data protection legislation are complied with, notably where there is a valid legal basis under Article 6~~(1)~~ of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 and Article 5(3) of Directive 2002/58/EC are fulfilled.

Amendment 279 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 4 – paragraph 6

6. The data holder shall only use any non-personal data generated by the use of a product or related service on the basis of a contractual agreement with the user. The ~~data hold~~user shall authorise the use of non- personal data generated by the use of a product or related service at the request of the data holder if no legitimate interest of the user is disproportionately harmed. The data holder and the user shall not use such data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or the use by the ~~user~~other party that could undermine the commercial position of the ~~user~~other party in the markets in which the ~~user~~other party is active.

Amendment 280 #

Proposal for a regulation
Article 4 – paragraph 6

6. The data holder shall only use any non-personal data obtained, collected, or generated by the use of a product or related service on the basis of a contractual agreement with the user. The data holder shall not use such data obtained, collected, or generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or the use by the user that could undermine the commercial position of the user in the markets in which the user is active and shall delete the data when they are no longer necessary for the purpose contractually agreed.

Amendment 281 #

Proposal for a regulation
Article 5 – title

Right ~~to share~~of users and data subjects to share, and the obligation of data holders to provide for the sharing of data with third parties

Amendment 282 #

Proposal for a regulation
Article 5 – paragraph 1

1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service that are accessible to the data holder to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. Data shall be provided in the raw form in which they have been generated by the product, with only the minimal adaptations necessary to make them useable by a third party, including related metadata necessary to interpret and use the data.

Amendment 283 #

Proposal for a regulation
Article 5 – paragraph 1

1. Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. Such data shall be digitally processable and interpretable and shall at least provide basic context, metadata and time stamp.

Amendment 284 #

Proposal for a regulation
Article 5 – paragraph 1

1. Upon request by a data subject, or a user, or by a party acting on behalf of a user, the data holder shall make available the data obtained, collected, or generated by the use of a product or related service to a third party, without undue delay, free of charge to the data subject or the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time. and only for the purposes of:

Amendment 285 #

Proposal for a regulation
Article 5 – paragraph 1

1. Upon explicit request by a user, or by a party acting on behalf of a user, the data holder shall make available the data generated by the use of a product or related service to a third party, without undue delay, free of charge to the user, retrievable in a structured, commonly used, machine-readable format, of the same quality as is available to the data holder and, where applicable, continuously and in real-time.

Amendment 286 #

Proposal for a regulation
Article 5 – paragraph 1 – point a (new)

(a) enabling the user or data subject to obtain repair or maintenance, or aftermarket services regarding the product, including competing or unrelated services;

Amendment 287 #

Proposal for a regulation
Article 5 – paragraph 1 – point b (new)

(b) enabling the user or data subject to update the software of its product or related services in particular to fix security and usability problems;

Amendment 288 #

Proposal for a regulation
Article 5 – paragraph 1 – point c (new)

(c) enabling the user or data subject to share data with recognised data altruism organisations pursuant to [Data Governance Act].

Amendment 289 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 (new)

A third party may not solicit or commercially incentivise a user or data subject in any manner, including by providing monetary or any other compensation, to make data available the consumer or data subject has obtained pursuant to a request under Article 4(1) as a mere tradeable commodity. These data may notably not be used by the third party for purposes of direct marketing or advertising, employee monitoring, credit scoring and profiling.

Amendment 290 #

Proposal for a regulation
Article 5 – paragraph 3

3. The user or third party shall not be required to provide any information beyond what is strictly necessary to verify the quality as user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure. Where possible, users shall be able to use products anonymously.

Amendment 291 #

Proposal for a regulation
Article 5 – paragraph 3

3. The user or third party shall not be required to provide any information beyond what is necessary to verify their quality as the user or as third party pursuant to paragraph 1. The data holder shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and the maintenance of the data infrastructure.

Amendment 292 #

Proposal for a regulation
Article 5 – paragraph 4

4. The third party shall not deploy coercive means or abuse evident gaps in the data holder's technical infrastructure o~~f the data holder~~utside of the concerned product, designed to protect the data in order to obtain access to data.

Amendment 293 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 5 – paragraph 4

4. The third party shall not deploy coercive means or abuse ~~evident~~ gaps in the technical infrastructure of the data holder designed to protect the data in order to obtain access to data.

Amendment 294 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 5 – paragraph 5

5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active~~, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time~~.

Amendment 295 #

Proposal for a regulation
Article 5 – paragraph 5

5. The data holder shall not use any non-personal data generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has expressly consented to such use and has the technical possibility to withdraw that consent easily, at any time.

Amendment 296 #

Proposal for a regulation
Article 5 – paragraph 5

5. The data holder shall not use any non-personal data obtained, collected, or generated by the use of the product or related service to derive insights about the economic situation, assets and production methods of or use by the third party that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has consented to such use and has the technical possibility to withdraw that consent at any time.

Amendment 297 #

Axel VOSS

Proposal for a regulation
Article 5 – paragraph 6

6. Where the user is not a data subject, any personal data generated by the use of a product or related service shall only be made available where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 are fulfilled.deleted

Amendment 298 #

Proposal for a regulation
Article 5 – paragraph 6

6. Where ~~the user is not a data subject, any personal data~~a data subject is concerned, that is not the user or data subject requesting access , any personal data obtained, collected, or generated by their use of a product or related service ~~shall only be made available~~, and data derived and inferred from that use, shall only be made available by the data holder to the third party where there is a valid legal basis under points (a) or (b) of Article 6(1) of Regulation (EU) 2016/679 and where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 and Article 5(3) of Directive 2002/58/EC are fulfilled.

Amendment 299 #

Proposal for a regulation
Article 5 – paragraph 6 a (new)

6 a. The data holder shall not make the usability of the product or related service dependent on the user allowing it to process data not required for the functionality of the product or provision of the related service.

Amendment 300 #

Proposal for a regulation
Article 5 – paragraph 8

8. 8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. In such a case, the nature of the data as trade secrets and the measures for preserv, including technical and organisational measures, specified in the contractual agreement agreed between the data holder and the third party are taken by the third party prior to the disclosure of the data which is protected as trade secrets, to preserve the confidentiality of the trade secret. The data holder shall identify the data which are protected as trade secrets. In such a case, the measures required by the data holder, such as technical and organisational measures like strict access protocols, for preserving the confidentiality shall be specified in the contractual agreement between the data holder and the third party. When the agreed measures to preserve the confidentiality of trade secrets are not ensured or respected ex-ante or the third party fails to implement those measures prior to the data sharing, the ~~confidentiality shall be specified in the agreement between the data holder and the third party.~~ trade secret holder should have the possibility to refuse the sharing of data which are protected as trade secrets. The third party shall use data resulting from the use of a product or related service in the context of testing of other new products, substances or processes that are not yet placed on the market only in accordance with the specific provisions of the agreement with the enterprise with whom the user agreed to use one of its products for testing of other new products, substances or processes and the third party shall apply the identical specific measures agreed between the trade secret holder and the third party in the contractual agreement.

Amendment 301 #

Proposal for a regulation
Article 5 – paragraph 8

8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose of the request agreed between the user and the third party and all specific necessary measures agreed between the data holder, or between the trade secrets holder if it is not simultaneously the data holder, and the third party are taken in advance by the third party to preserve the confidentiality of the trade secret. In such a case, the ~~nature of the data as trade secrets and the~~data holder or the trade secret holder, shall identify the nature of the data which are protected as trade secrets and the technical and organisational measures for preserving their confidentiality shall be specified in the agreement between the data or trade secret holder and the third party, including, as appropriate through model contractual terms, technical standards and the application of codes of conduct.

Amendment 302 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN

Proposal for a regulation
Article 5 – paragraph 8

8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and all specific necessary measures ~~agreed~~, including technical and organisational measures, specified in the agreement between the data holder and the third party are taken by the third party prior to the disclosure to preserve the confidentiality of the trade secret. ~~In such a case, the nature of the data as trade secrets and the~~The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures ~~for~~to preserv~~ing~~e the confidentiality ~~shall b~~of trade spec~~ified in the agreement between the data holder and the third party~~rets or the third party fails to implement those measures, the data holder is entitled to refuse the third party’s access to data which are protected as trade secrets.

Amendment 303 #

Proposal for a regulation
Article 5 – paragraph 8

8. Trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party ~~and all specific necessary measures agreed between the data holder and the third party~~, with the explicit agre ~~taken by the third party to preserve the confidentiality of the trade secret~~ement of the user. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder ~~and~~, the third party and the user.

Amendment 304 #

Proposal for a regulation
Article 5 – paragraph 8

8. Trade secrets shall ~~only~~never be disclosed to third parties without the prior consent of the trade secret holder or intellectual property right holder, and only to the extent that they are strictly necessary to fulfil the purpose agreed between the user and the third party and that all specific necessary measures agreed between the ~~data~~trade secret holder or intellectual property right holder and the third party are taken by the third party to preserve the confidentiality of the trade secret. ~~In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party~~The trade secret holder or intellectual property right holder shall identify the data which are protected.

Amendment 305 #

Proposal for a regulation
Article 5 – paragraph 8

8. T~~rade secrets shall only be disclosed to third parties to the extent that they are strictly necessary to fulfil the purpose agreed between th~~hird parties shall take all specific and necessary measures to preserve the confidentiality of trade secrets agreed between the third party and the data holder to preserve the confidentiality of trade use~~r and the third party and all specific necessary measures~~crets disclosed to the third party in order to fulfil the purpose agreed between the ~~data hold~~user and the third party a~~re taken by the third party to preserve the confidentiality of the trade secret~~nd any right of the user or data subject to data sharing. In such a case, the nature of the data as trade secrets and the measures for preserving the confidentiality shall be specified in the agreement between the data holder and the third party.

Amendment 306 #

Proposal for a regulation
Article 5 – paragraph 9

9. The right referred to in paragraph 1 shall not adversely affect data ~~protection~~subject rights of others pursuant to applicable data protection legislation.

Amendment 307 #

Axel VOSS

Proposal for a regulation
Article 5 a (new)

Article 5 a Where the user is not a data subject and to the extent strictly necessary for compliance with the obligations to make available data generated by the use of a product or related service under this Regulation, the processing of personal data is lawful according to Article 6(1)(c), or, where relevant, according to Article 9(2)(g) of Regulation (EU) 2016/679. This only applies to access and sharing of data where the prior processing of the data by the data holder is lawful. The making available of personal data shall be proportionate and respect the essence of the right to data protection. The data holder, user and – where applicable – data recipient shall provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject, including technical limitations on the re-use and use of state- of-the-art security and privacy-preserving measures, such as pseudonymisation, or encryption where anonymisation may significantly affect the purpose pursued.

Amendment 308 #

Proposal for a regulation
Article 6 – title

Obligations of third parties receiving data at the request of the user or the data subject

Amendment 309 #

Proposal for a regulation
Article 6 – paragraph 1

1. A third party shall process ~~the~~personal data made available to it pursuant to Article 5 only for the purposes and under the conditions agreed with the user, and where all conditions and rules provided by data protection legislation are complied with, notably where there is a valid legal basis under points (a) or (b) of Article 6(1) of Regulation (EU) 2016/679, and where relevant, the conditions of Article 9 of Regulation (EU) 2016/679 and Article 5(3) of Directive 2002/58/EC are fulfilled and subject to the rights of the data subject, insofar as personal data are concerned~~, and~~. The third party shall delete the data when they are no longer necessary for the agreed purpose.

Amendment 310 #

Proposal for a regulation
Article 6 – paragraph 2 – point a

(a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the end-users in a non-neutral manner, or coerce, deceive or manipulate the user in any way, byor subvert~~ing~~ or impair~~ing~~ the autonomy, decision-making or choices of the user, including by means of a digital interface with the user; or a part thereof, including its structure, design, function, or manner of operation;

Amendment 311 #

Proposal for a regulation
Article 6 – paragraph 2 – point a a (new)

(a a) make the exercise of the rights or choices of users unduly difficult including by offering choices to the users in a non- neutral manner or through the use of Dark Patterns as defined in recital 67 of Regulation (EU) 2022/2065.

Amendment 312 #

Proposal for a regulation
Article 6 – paragraph 2 – point b

(b) use the data it receives for the profiling of natural persons within the meaning of Article 4(4) of Regulation (EU) 2016/679~~, unless it is necessary to provide the service requested by the user~~;

Amendment 313 #

Proposal for a regulation
Article 6 – paragraph 2 – point b a (new)

(b a) use data it receives to re-identify any data subject to whom the data relates and shall take technical and operational measures to prevent re-identification; it shall notify any data breach resulting in the re-identification of the data subjects concerned to a data protection authority;

Amendment 314 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 6 – paragraph 2 – point e

(e) use the data it receives to develop a product or related service that competes with the product or related service from which the accessed data originate or share the data with another third party for that purpose;

Amendment 315 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 6 – paragraph 2 – point e a (new)

(e a) use the data it receives to cause substantial damage to the data holder by misuse of the data or to derive insights about the economic situation, assets and production methods of or use by the data holder that could undermine the commercial position of the data holder on the markets in which the data holder is active;

Amendment 316 #

Proposal for a regulation
Article 6 – paragraph 2 – point f a (new)

(f a) commercially incentivise the data subject by providing monetary or other compensation for making personal data available.

Amendment 317 #

Proposal for a regulation
Article 7 – paragraph 1

1. The obligations of this Chapter shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.deleted

Amendment 318 #

Proposal for a regulation
Article 7 – paragraph 1

1. The obligations of this Chapter concerning business to business data sharing shall not apply to data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.

Amendment 319 #

Proposal for a regulation
Article 7 – paragraph 1

1. The obligations of this Chapter shall not apply to non-personal data generated by the use of products manufactured or related services provided by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.

Amendment 320 #

Proposal for a regulation
Article 7 – paragraph 1

1. The obligations of this Chapter shall not apply to data generated by the use of products manufactured ~~or related services provided~~ by enterprises that qualify as micro or small enterprises, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as a micro or small enterprise.

Amendment 321 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 8 – paragraph 3

3. A data holder shall not discriminate between comparable categories of data recipients, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient has reasonable grounds to considers that the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder to demonstrate that there has been no discrimination.

Amendment 322 #

Proposal for a regulation
Article 8 – paragraph 6

6. Unless otherwise provided by Union law, including Articles 4(3), 5(8), and 6 of this Regulation, or by national legislation implementing Union law, an obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets within the meaning of Directive (EU) 2016/943.

Amendment 323 #

Proposal for a regulation
Article 9 – paragraph 1

1. Any compensation agreed between a data holder and a data recipient for ~~making data available shall be reasonable.~~ the costs incurred and investment required for making data available shall, in the case of non-personal data, be fair and reasonable, and strictly proportionate in the case of personal data.

Amendment 324 #

Proposal for a regulation
Article 9 – paragraph 2

2. Where the data recipient is a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, ~~any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request~~provided those enterprises do not have partner enterprises or linked enterprises as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as micro, small or medium enterprises, any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request, unless the data holder is also a micro, small or medium enterprise, as defined in Article 2 of the Annex to Recommendation 2003/361/EC, and no imbalance exists between the parties. Article 8(3) shall apply accordingly.

Amendment 325 #

Proposal for a regulation
Article 9 – paragraph 2

2. Where the data recipient is a micro, small or medium enterprise, ~~as defined in Article 2 of the Annex to Recommendation 2003/361/EC,~~ any compensation agreed shall not exceed the costs directly related to making the data available to the data recipient and which are attributable to the request. Article 8(3) shall apply accordingly.

Amendment 326 #

Proposal for a regulation
Article 10 – paragraph 1

1. Data holders and data recipients shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes in relation to the determination of fair, reasonable and non-discriminatory terms for and the transparent manner of making data available in accordance with Articles 8 and 9. This is without prejudice to the data subjects’ rights to seek redress before a supervisory authority, and to the controller’s data protection obligations.

Amendment 327 #

Proposal for a regulation
Article 10 – paragraph 1 a (new)

1 a. The user shall have access to dispute settlement bodies, certified in accordance with paragraph 2 of this Article, to settle disputes with data holders or data recipients or any third party in relation to breach of user's rights under this Regulation. The user shall have the right to allow a third party to pursue its legal claims on its behalf.

Amendment 328 #

Proposal for a regulation
Article 10 – paragraph 1 a (new)

1 a. When the Data holder is not a micro, small or medium enterprise, the Burden of proof shall be reversed in dispute settlements. The Data Holder shall be responsible for proving before the dispute settlement body that the terms are reasonable and non-discriminatory.

Amendment 329 #

Proposal for a regulation
Article 10 – paragraph 2 – subparagraph 1 – point d

(d) it is capable of issuing its decisions in a swift, efficient and cost-effective manner and in ~~at least one official language of the Union~~the official languages of the Union used as an official language of the Member State where it operates.

Amendment 330 #

Proposal for a regulation
Article 10 – paragraph 8

8. The decision of the dispute settlement body shall ~~only~~not be binding on the parties ~~if the parties have explicitly consented to its binding nature prior to the start of the dispute settlement proceedings~~.

Amendment 331 #

Proposal for a regulation
Article 11 – paragraph 1

1. The data holder may apply appropriate technical protection measures~~, including smart contracts,~~ to prevent unauthorised disclosure of and access to the data, and to ensure compliance with Articles 4, 5, 6, 8, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1). Such technical protection measures shall not be used as a means to prevent interoperability of the data which the data holder is under an obligation to make available. Where personal data are concerned, these technical measures shall be consistent with the obligation of the data controller to implement appropriate technical and organisational measures so as to ensure a level of security appropriate to the risk of the personal data processing pursuant to data protection legislation.

Amendment 332 #

Proposal for a regulation
Article 11 – paragraph 1

1. The data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to the data and to ensure compliance with Articles 5, 6, 9 and 10, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not be used as a means to hinder the user’s right to access data, obtain a copy or effectively provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation implementing Union law as referred to in Article 8(1).

Amendment 333 #

2. A data recipient that has, for the purposes of obtaining data, provided inaccurate or false information to the data holder, deployed deceptive or coercive means or abused ~~evident~~ gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation or in the case of personal data, an appropriate legal basis, shall without undue delay, unless the data holder or the user instruct otherwise:

Amendment 334 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 11 – paragraph 2 – introductory part

2. A data recipient that has, for the purposes of obtaining data, provided inaccurate or false information to the data holder, deployed deceptive or coercive means or abused ~~evident~~ gaps in the technical infrastructure of the data holder designed to protect the data, has used the data made available for unauthorised purposes or has disclosed those data to another party without the data holder’s authorisation, shall without undue delay, unless the data holder or the user instruct otherwise:

Amendment 335 #

Proposal for a regulation
Article 11 – paragraph 2 – point a a (new)

(a a) inform the user of the unauthorised use or disclosure of data as well as of the measures taken to put an end to the unauthorised use or disclosure of data;

Amendment 336 #

Proposal for a regulation
Article 11 – paragraph 3 – introductory part

3. Paragraph 2, point (b), shall not apply in either of the following cases where non-personal data are concerned:

Amendment 337 #

Proposal for a regulation
Article 12 – paragraph 2 a (new)

2 a. Any contractual term in a data sharing agreement between data holders and data recipients which, to the detriment of the data subjects, undermines the application of their rights to privacy and data protection, derogates from it, or varies its effect, shall not be binding on that party.

Amendment 338 #

Proposal for a regulation
Article 12 – paragraph 3

3. This Chapter shall only apply in relation to obligations to make data available under Union law or national legislation implementing Union law, which enter into force after [date of application of the Regulation]. As regards obligations which have entered into force before [date of application of the Regulation], their provisions shall be aligned with this Regulation within two years after the date of application of this Regulation.

Amendment 339 #

Proposal for a regulation
Article 13 – title

Unfair contractual terms ~~unilaterally imposed on a micro, small or medium- sized enterprise~~without individual negotiation

Amendment 340 #

Proposal for a regulation
Article 13 – title

Unfair contractual terms unilaterally imposed on a ~~micro, small or medium- sized~~n enterprise

Amendment 341 #

Proposal for a regulation
Article 13 – paragraph 1

1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC ~~shall not be binding on the latter enterprise~~or which has been unilaterally imposed by an enterprise which is the sole source of the data they hold shall not be binding on the micro, small or medium-sized enterprise or the data recipient, respectively, if it is unfair.

Amendment 342 #

Proposal for a regulation
Article 13 – paragraph 1

1. A contractual term, concerning the 1. access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise ~~on a micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC~~ shall not be binding on the latter enterprise if it is unfair.

Amendment 343 #

Proposal for a regulation
Article 13 – paragraph 1

Amendment 344 #

Proposal for a regulation
Article 13 – paragraph 1

Amendment 345 #

Proposal for a regulation
Article 13 – paragraph 1

1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which ha~~s been unilaterally imposed by an enterprise on a micro, small or medium-sized enterprise as defined in~~ve not been individually negotiated shall not be binding on any legal or natural person except consumers in the sense of Article 2(b) of ~~the Annex to Recommendation 2003/361/EC shall not be binding on the latter enterprise~~Council Directive 93/13/EEC if it is unfair.

Amendment 346 #

Proposal for a regulation
Article 13 – paragraph 1

1. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise on a ~~micro, small or medium-sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC~~nother enterprise that has no meaningful ability to negotiate due to the imbalance of power between the parties shall not be binding on the latter enterprise if it is unfair.

Amendment 347 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 13 – paragraph 2

2. A contractual term is unfair if it is of such a nature that its use grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing, and it causes a significant imbalance in the party's rights and obligations arising under the contract.

Amendment 348 #

Proposal for a regulation
Article 13 – paragraph 3 – point c a (new)

(c a) impose the unilateral choice of the competent jurisdiction or the payment of the costs related to the procedure

Amendment 349 #

Proposal for a regulation
Article 13 – paragraph 3 – point c b (new)

(c b) enable the party that unilaterally imposed the contract to reduce its liability for infringement or breaches of its confidentiality duties.

Amendment 350 #

Proposal for a regulation
Article 13 – paragraph 5

5. A contractual term shall be considered to be ~~unilaterally impos~~not individually negotiated within the meaning of this Article if it has been supplied by one contracting party and the other contracting party has not been able to influence its content despite an attempt to negotiate it. The contracting party that supplied a contractual term bears the burddrafted in advance and the other party has therefore not been able to influence the substance of the term, particularly in the context of a pre- formulated standard contract. A contractual term which has not been individually negotiated shall be regarded as unfair if, contrary to the requirement of ~~proving that that term has not been unilaterally imposed~~good faith, it causes a significant imbalance in the parties' rights and obligations arising under the contract, to the detriment of the consumer.

Amendment 351 #

Proposal for a regulation
Article 13 – paragraph 8

8. The parties to a contract covered by paragraph 1 may not exclude the application of this Article, derogate from it, or vary its effects, unless other EU or national legislation implementing EU law allows further elaboration on contractual terms for making data available.

Amendment 352 #

Proposal for a regulation
Article 13 – paragraph 8

8. The parties to a contract covered by paragraph 1 ~~may~~shall not exclude the application of this Article, derogate from it, or vary its effects.

Amendment 353 #

Proposal for a regulation
Article 13 – paragraph 8 a (new)

8 a. This article shall apply to all new contracts following the entering into force of this Regulation. Businesses shall be given a 5-year grace period following the entering into force of this regulation to review existing contractual obligations that are subject to the data act.

Amendment 354 #

Proposal for a regulation
Chapter V – title

V ~~MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES AND UNION INSTITUTIONS, AGENCIES OR BODIES BASED ON EXCEPTIONAL NEED~~(deleted)

Amendment 355 #

Proposal for a regulation
Chapter V – title

V MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES AND UNION INSTITUTIONS, AGENCIES OR BODIES BASED ON ~~EXCEPTIONAL NEED~~PUBLIC INTEREST

Amendment 356 #

Proposal for a regulation
Article 14

Obligation to make data available based 1. Upon request, a data holder shall make data available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested. 2. This Chapter shall not apply to small and micro enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC.Article 14 deleted on exceptional need

Amendment 357 #

Proposal for a regulation
Article 14 – title

Obligation to make data available based on ~~exceptional need~~public interest

Amendment 358 #

Proposal for a regulation
Article 14 – paragraph 1

1. Upon request, a data holder shall make data available to a public sector body or to a Union institution, agency or body demonstrating ~~an exceptional need to~~public interest for the use of the data requested.

Amendment 359 #

Proposal for a regulation
Article 14 – paragraph 1 a (new)

1 a. For the purpose of the request referred to in paragraph 1, the Member States authority referred to in Article 31 and the Commission shall establish a procedure to identify a list of dependent public sector bodies.This list shall be available to the public.While identifying the relevant public sector bodies, the Member States and the Commission shall consider what is strictly necessary to achieve the objectives of this Regulation .

Amendment 360 #

Proposal for a regulation
Article 14 – paragraph 2

~~2. This Chapter shall not apply to small and micro enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC.~~deleted

Amendment 361 #

Proposal for a regulation
Article 14 – paragraph 2 a (new)

2 a. This Chapter shall not apply to categories of data already within the scope of application of sector-specific Union law regulating the sharing of data between enterprises and public bodies.

Amendment 362 #

Proposal for a regulation
Article 15

An exceptional need to use data within the meaning of this Chapter shall be deemed to exist in any of the following circumstances: (a) where the data requested is necessary to respond to a public emergency; (b) where the data request is limited in time and scope and necessary to prevent a public emergency or to assist the recovery from a public emergency; (c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and (1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or (2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.rticle 15 deleted Exceptional need to use data

Amendment 363 #

Proposal for a regulation
Article 15 – title

~~Exceptional need to use data~~Use of data in the public interest

Amendment 364 #

Proposal for a regulation
Article 15 – paragraph 1 – introductory part

An exceptional need to use data within the meaning of this Chapter shall be strictly limited in time and scope and only deemed to exist in ~~any of~~ the following circumstances:

Amendment 365 #

Proposal for a regulation
Article 15 – paragraph 1 – introductory part

An exceptional need to use data within the meaning of this Chapter shall be deemed to exist in any of the following circumstances, and in alignment with Article 23 of Regulation (EU) 2016/679:

Amendment 366 #

Proposal for a regulation
Article 15 – paragraph 1 – introductory part

~~An exceptional need to use~~Public interest in using data within the meaning of this Chapter shall be deemed to exist in any of the following circumstances:

Amendment 367 #

Proposal for a regulation
Article 15 – paragraph 1 – point a

(a) where the data requested is necessary to respond urgently to a public emergency that cannot be reasonably addressed by policy measures;

Amendment 368 #

Proposal for a regulation
Article 15 – paragraph 1 – point a

(a) where the data requested is necessary to prevent or respond to a public threat or emergency;

Amendment 369 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 15 – paragraph 1 – point b

(b) where the data request is limited in time and scope and necessary to prevent an imminent public emergency or to assist the recovery from a public emergency, and alternative means to obtain such data are either unavailable or would be inappropriate;

Amendment 370 #

Proposal for a regulation
Article 15 – paragraph 1 – point b

(b) where the data request is limited in time and scope and necessary to ~~prevent a public emergency or to~~ assist the recovery from a public emergency;

Amendment 371 #

Proposal for a regulation
Article 15 – paragraph 1 – point c

(c) where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and (1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative means, including by purchasing the data on the market at market rates or by relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or (2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.deleted

Amendment 372 #

Proposal for a regulation
Article 15 – paragraph 1 – point c

Amendment 373 #

Proposal for a regulation
Article 15 – paragraph 1 – point c – introductory part

(c) as a measure of last resort, where the lack of available data prevents the public sector body or Union institution, agency or body from fulfilling a specific task in the public interest that has been explicitly provided by law; and

Amendment 374 #

Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1

(1) the public sector body or Union institution, agency or body has been unable to obtain such data by alternative, free means, including by ~~purchasing the data on the market at market rates or by~~ relying on existing obligations to make data available, and the adoption of new legislative measures cannot ensure the timely availability of the data; or

Amendment 375 #

Proposal for a regulation
Article 15 – paragraph 1 – point c – point 1

(1) the public sector body or Union institution, agency or body has ~~been unable to obtain such data by alternative means~~exhausted all other means at its disposal to obtain such data, including bythe purchas~~ing~~e of the data on the market at market rates ~~or by~~, relying on existing obligations to make data available, ~~and~~or the adoption of new legislative measures ~~cannot~~which could ensure the timely availability of the data; orand

Amendment 376 #

Proposal for a regulation
Article 15 – paragraph 1 – point c – point 2

~~(2) obtaining the data in line with the procedure laid down in this Chapter would substantively reduce the administrative burden for data holders or other enterprises.~~deleted

Amendment 377 #

Proposal for a regulation
Article 16

Relationship with other obligations to make data available to public sector bodies and Union institutions, agencies 1. This Chapter shall not affect obligations laid down in Union or national law for the purposes of reporting, complying with information requests or demonstrating or verifying compliance with legal obligations. 2. The rights from this Chapter shall not be exercised by public sector bodies and Union institutions, agencies and bodies in order to carry out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or for customs or taxation administration. This Chapter does not affect the applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.Article 16 deleted and bodies

Amendment 378 #

Proposal for a regulation
Article 17

Requests for data to be made available 1. Where requesting data pursuant to Article 14(1), a public sector body or a Union institution, agency or body shall: (a) specify what data are required; (b) demonstrate the exceptional need for which the data are requested; (c) explain the purpose of the request, the intended use of the data requested, and the duration of that use; (d) state the legal basis for requesting the data; (e) specify the deadline by which the data are to be made available or within which the data holder may request the public sector body, Union institution, agency or body to modify or withdraw the request. 2. A request for data made pursuant to paragraph 1 of this Article shall: (a) be expressed in clear, concise and plain language understandable to the data holder; (b) be proportionate to the exceptional need, in terms of the granularity and volume of the data requested and frequency of access of the data requested; (c) respect the legitimate aims of the data holder, taking into account the protection of trade secrets and the cost and effort required to make the data available; (d) concern, insofar as possible, non- personal data; (e) inform the data holder of the penalties that shall be imposed pursuant to Article 33 by a competent authority referred to in Article 31 in the event of non-compliance with the request; (f) be made publicly available online without undue delay. 3. A public sector body or a Union institution, agency or body shall not make data obtained pursuant to this Chapter available for reuse within the meaning of Directive (EU) 2019/1024. Directive (EU) 2019/1024 shall not apply to the data held by public sector bodies obtained pursuant to this Chapter. 4. Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply. Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received.Article 17 deleted

Amendment 379 #

Proposal for a regulation
Article 17 – paragraph 1 – point a a (new)

(a a) request data within its remit;

Amendment 380 #

Proposal for a regulation
Article 17 – paragraph 1 – point b

(b) demonstrate the ~~exceptional need~~public interest objective for which the data are requested;

Amendment 381 #

Proposal for a regulation
Article 17 – paragraph 1 – point c a (new)

(c a) where the request concerns personal data, forward their request to, and obtain the approval of the relevant Data Protection Authority following the procedure in Article 17a;

Amendment 382 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 17 – paragraph 1 – point e

(e) specify an appropriathe deadline by which the data are to be made available or within which the data holder may request the public sector body, Union institution, agency or body to modify or withdraw the request.

Amendment 383 #

Proposal for a regulation
Article 17 – paragraph 2 – point a

(a) be expressed in clearly, concise ~~and plain language understandable~~ly, plainly and in the official language of the EU to the data holder;

Amendment 384 #

Proposal for a regulation
Article 17 – paragraph 2 – point b

(b) be proportionate to the ~~exceptional need~~public interest objective, in terms of the granularity and volume of the data requested and frequency of access of the data requested;

Amendment 385 #

Proposal for a regulation
Article 17 – paragraph 2 – point d

(d) concern~~, insofar as possible,~~ non- personal data;

Amendment 386 #

Proposal for a regulation
Article 17 – paragraph 2 – point d

(d) ~~concern, insofar as possible,~~be limited to non- personal data;

Amendment 387 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 17 – paragraph 2 – point d a (new)

(d a) where applicable, specify the measures to be taken pursuant to Article 19(2) to preserve the confidentiality of trade secrets, in particular with respect to third parties;

Amendment 388 #

Proposal for a regulation
Article 17 – paragraph 2 – point f

~~(f) be made publicly available online without undue delay.~~deleted

Amendment 389 #

Paragraph 3 does not preclude a public sector body or a Union institution, agency or body to exchange data obtained pursuant to this Chapter with another public sector body, Union institution, agency or body, in view of completing the tasks in Article 15 or to make the data available to a third party in cases where it has outsourced, by means of a publicly available agreement, technical inspections or other functions to this third party. The obligations on public sector bodies, Union institutions, agencies or bodies pursuant to Article 19 apply to such third parties. Data received by third parties from public bodies due to a request under Article 15 shall not be used to develop any services which may compete with the services of the original data holder.

Amendment 390 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1

Amendment 391 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 1 a (new)

Those third parties shall not use the data they receive from a public sector body or a Union institution, agency or body under this paragraph to develop a product or a service that competes with the product or service of the data holder from whom the data was received, nor share the data with another third party for that purpose.

Amendment 392 #

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2

Where a public sector body or a Union institution, agency or body intends to transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received. Within 5 working days of that notification, the data holder shall have the right to submit reasonable objection to the intention of the public sector body to transmit or make its data available. In the case of a rejection by the public sector body, data holder may brought the objection to the competent authority referred to in Article 31.

Amendment 393 #

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2

Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph, it shall: i. notify the data holder from whom the data was received.; ii. ensure that the entity to which the data is transmitted makes no attempts to reverse the anonymisation of the data;

Amendment 394 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN

Proposal for a regulation
Article 17 – paragraph 4 – subparagraph 2

Where a public sector body or a Union institution, agency or body transmits or makes data available under this paragraph, it shall notify without undue delay the data holder from whom the data was received.

Amendment 395 #

Proposal for a regulation
Article 17 a (new)

Article 17 a Procedure for Requests involving personal data 1. Where requests for data concern the personal data of European Citizens, the public body requesting the data shall seek approval from the responsible Data Protection Authority. 2. The Data Protection Authority shall assess in an expedited manner if the request meets the requirements of necessity, and if it is proportional to the exceptional need of the public body. The Data Protection Authority shall render any of the following binding decisions: (a). Rejection of the public body’s request. (b). Partial Rejection of public body’s request. (c). Approval of the public body’s request with binding safeguards. (d). Approval of the public body’s request with guidelines. (e). Approval of the public body’s request in full. 3. The assessments of the Data Protection Authority shall be published and made public. 4. If the assessment approves the public bodies requests, the data subjects concerned by the request shall be notified.

Amendment 396 #

Proposal for a regulation
Article 18

Compliance with requests for data 1. A data holder receiving a request for access to data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay. 2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 15 working days in other cases of exceptional need, on either of the following grounds: (a) the data is unavailable; (b) the request does not meet the conditions laid down in Article 17(1) and (2). 3. In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c). 4. If the data holder decides to decline the request or to seek its modification in accordance with paragraph 3, it shall indicate the identity of the public sector body or Union institution agency or body that previously submitted a request for the same purpose. 5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data. 6. Where the public sector body or the Union institution, agency or body wishes to challenge a data holder’s refusal to provide the data requested, or to seek modification of the request, or where the data holder wishes to challenge the request, the matter shall be brought to the competent authority referred to in Article 31.Article 18 deleted

Amendment 397 #

Proposal for a regulation
Article 18 – paragraph 2 – introductory part

2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 1530 working days in other cases of exceptional need, on either of the following grounds:

Amendment 398 #

Proposal for a regulation
Article 18 – paragraph 2 – introductory part

2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within ~~5 working day~~48 hours following the receipt of a request for the data necessary to respond to a public emergency or threat and within 15 working days in other cases ~~of exceptional need~~, on either of the following grounds:

Amendment 399 #

Proposal for a regulation
Article 18 – paragraph 2 – point b a (new)

(b a) provided security measures concerning transfer, storing and maintaining data confidentiality are insufficient.

Amendment 400 #

Proposal for a regulation
Article 18 – paragraph 3

3. ~~In case of a request for data necessary to respond to a public emergency, t~~The data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c), unless the data requested is needed to prevent a public threat or emergency.

Amendment 401 #

Proposal for a regulation
Article 18 – paragraph 5

5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall ~~take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised~~anonymise the data.

Amendment 402 #

Proposal for a regulation
Article 18 – paragraph 5

5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to ~~pseud~~anonymise the data, insofar as the request can be fulfilled with ~~pseud~~anonymised data.

Amendment 403 #

Proposal for a regulation
Article 19

Obligations of public sector bodies and Union institutions, agencies and bodies 1. A public sector body or a Union institution, agency or body having received data pursuant to a request made under Article 14 shall: (a) not use the data in a manner incompatible with the purpose for which they were requested; (b) implement, insofar as the processing of personal data is necessary, technical and organisational measures that safeguard the rights and freedoms of data subjects; (c) destroy the data as soon as they are no longer necessary for the stated purpose and inform the data holder that the data have been destroyed. 2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate measures to preserve the confidentiality of those trade secrets.Article 19 deleted

Amendment 404 #

Proposal for a regulation
Article 19 – paragraph 1 – point a a (new)

(a a) not combine or process data in any way that would revert the anonymisation of that data;

Amendment 405 #

Proposal for a regulation
Article 19 – paragraph 1 – point b

(b) implement in advance, insofar as the processing of personal data or sensitive data comprising trade secrets or related to intellectual property rights is necessary, technical and organisational measures that safeguard the rights and freedoms of data subjects and rights holders;

Amendment 406 #

Proposal for a regulation
Article 19 – paragraph 2

2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall ~~take appropriate measures~~, prior to the disclosure, take all the necessary and appropriate measures, such as technical and organisational measures, agreed with the data holder to preserve the confidentiality of those trade secrets.

Amendment 407 #

Proposal for a regulation
Article 19 – paragraph 2

2. Disclosure of trade secrets or alleged trade secrets or data containing intellectual property rights to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of the request. In such a case, the public sector body or the Union institution, agency or body shall take appropriate measures to preserve the confidentiality of those trade secrets or intellectual property rights.

Amendment 408 #

Proposal for a regulation
Article 19 – paragraph 2

2. Disclosure of trade secrets or alleged trade secrets to a public sector body or to a Union institution, agency or body shall only be required to the extent that it is strictly necessary to achieve the purpose of ~~the~~a request under Article 15(a). In such a case, the public sector body or the Union institution, agency or body shall take appropriate measures to preserve the confidentiality of those trade secrets.

Amendment 409 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 19 – paragraph 2 – subparagraph 1 (new)

Where a public sector body or a Union institution, agency or body transmits or makes data available to third parties pursuant to Article 17 (4), trade secrets shall only be disclosed to third parties to the extent that they are strictly necessary for the third party to perform the tasks that have been outsourced to it and provided that all specific necessary measures, including technical and organisational measures, agreed between the data holder and the third party are taken by the third party to preserve the confidentiality of the trade secret.

Amendment 410 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 19 – paragraph 2 a (new)

2 a. The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures to preserve the confidentiality of trade secrets or those measures are not implemented, the data holder is entitled to refuse access to data which are protected as trade secrets.

Amendment 411 #

Proposal for a regulation
Article 19 – paragraph 2 a (new)

2 a. Notwithstanding Article 21(1), a public sector body or a Union institution, agency or body shall be responsible for the security of the data they receive.

Amendment 412 #

Proposal for a regulation
Article 20

Compensation in cases of exceptional 1. Data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge. 2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.Article 20 deleted need

Amendment 413 #

Proposal for a regulation
Article 20 – title

Compensation ~~in cases of exceptional need~~

Amendment 414 #

Proposal for a regulation
Article 20 – paragraph 1

1. Data made available to respond to a public emergency pursuant to Article 15, point (a), shall be provided free of charge, unless the data made available is provided by a small or micro enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/CE, in which case, that enterprise should be entitled to a compensation.

Amendment 415 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 20 – paragraph 1

1. DFor making data made available to respond to a public emergency pursuant to Article 15, point (a), ~~shall be provided free of charge~~the data holder is entitled to claim a compensation, which shall not exceed the technical and organisational costs incurred to comply with the request.

Amendment 416 #

Proposal for a regulation
Article 20 – paragraph 2

2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15~~, points (b) or (c),~~ such compensation shall ~~not exceed the~~cover the proven technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin. In the case that there is no agreement between the data holder and the public sector body or the Union institution on the compensation, the matter should be referred to the data coordinator as referred to in Article 31.

Amendment 417 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Marion WALSMANN, Angelika NIEBLER

Proposal for a regulation
Article 20 – paragraph 2

2. ~~Where t~~The data holder ~~claims compens~~shall be entitled to a fair remuneration for making data available in compliance with a request made pursuant to Article 15, points (b) or (c)~~, s~~. Such compensation shall ~~not exceed~~at the least cover the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation, plus a reasonable margin. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.

Amendment 418 #

Proposal for a regulation
Article 20 – paragraph 2

2. Where the data holder claims compensation for making data available in compliance with a request made pursuant to Article 15, points (b) or (c), such compensation shall not exceed the technical and organisational costs incurred to comply with the request including, where necessary, the costs of anonymisation and of technical adaptation~~, plus a reasonable margin~~. Upon request of the public sector body or the Union institution, agency or body requesting the data, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.

Amendment 419 #

Proposal for a regulation
Article 21

Contribution of research organisations or statistical bodies in the context of 1. A public sector body or a Union institution, agency or body shall be entitled to share data received under this Chapter with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested, or to national statistical institutes and Eurostat for the compilation of official statistics. 2. Individuals or organisations receiving the data pursuant to paragraph 1 shall act on a not-for-profit basis or in the context of a public-interest mission recognised in Union or Member State law. They shall not include organisations upon which commercial undertakings have a decisive influence or which could result in preferential access to the results of the research. 3. Individuals or organisations receiving the data pursuant to paragraph 1 shall comply with the provisions of Article 17(3) and Article 19. 4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received.Article 21 deleted exceptional needs

Amendment 420 #

Proposal for a regulation
Article 21 – title

Contribution of research organisations or statistical bodies in the ~~context of exceptional needs~~public interest

Amendment 421 #

Proposal for a regulation
Article 21 – paragraph 4

4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify without undue delay the data holder from whom the data was received, and provide all necessary information regarding the identity of the data recipient and the activities that will be carried out by the data recipient based on the data received pursuant to paragraph 1.

Amendment 422 #

Proposal for a regulation
Article 21 – paragraph 4

4. Where a public sector body or a Union institution, agency or body transmits or makes data available under paragraph 1, it shall notify the data holder from whom the data was received and provide sufficient time for raising any reasonable objections to such further resharing of data provided under this Chapter.

Amendment 423 #

Proposal for a regulation
Article 21 – paragraph 4 a (new)

4 a. Disclosure of trade secrets or alleged trade Secrets or intellectual property rights to individuals or organisations receiving the data pursuant to paragraph 1 shall only be required to the extent that it is strictly necessary to achieve the purpose of the request, provided that all specific necessary measures required by the trade secret holder or intellectual property rights holder are taken to preserve the confidentiality of trade secrets, in particular with respect to the third parties, and shall always require the consent of the trade secret holder or intellectual property rights holder. The data holder and individuals or organisations receiving the data pursuant to paragraph 1 can agree measures to preserve the confidentiality of the shared data, in particular in relation to third parties.

Amendment 424 #

Proposal for a regulation
Article 22

1. Public sector bodies and Union institutions, agencies and bodies shall cooperate and assist one another, to implement this Chapter in a consistent manner. 2. Any data exchanged in the context of assistance requested and provided pursuant to paragraph 1 shall not be used in a manner incompatible with the purpose for which they were requested. 3. Where a public sector body intends to request data from a data holder established in another Member State, it shall first notify the competent authority of that Member State as referred to in Article 31, of that intention. This requirement shArticle 22 deleted Mutuall also apply to requests by Union institutions, agencies and bodies. 4. After having been notified in accordance with paragraph 3, the relevant competent authority shall advise the requesting public sector body of the need, if any, to cooperate with public sector bodies of the Member State in which the data holder is established, with the aim of reducing the administrative burden on the data holder in complying with the request. The requesting public sector body shall take the advice of the relevant competent authority into account.ssistance and cross-border cooperation

Amendment 425 #

Proposal for a regulation
Article 23 – paragraph 1 – point a

(a) terminating, after a maximum notice period of 30 calendar days or after a notice period agreed in the contractual agreement between the customer and the provider of cloud computing services, the contractual agreement of the service;

Amendment 426 #

Proposal for a regulation
Article 23 – paragraph 1 – point a

(a) terminating, after a maximum notice period ~~of 30 calendar days~~specified in the contract in accordance with Article 24, the contractual agreement of the service;

Amendment 427 #

Proposal for a regulation
Article 23 – paragraph 1 – point a

(a) terminating, after a maximum notice period of 3015 calendar days, the contractual agreement of the service;

Amendment 428 #

Proposal for a regulation
Article 23 – paragraph 1 – point c

(c) porting its data, including metadata created by the customer and by the use of the originating service, and/or the customer's applications and other digital assets to another provider of data processing services;

Amendment 429 #

Proposal for a regulation
Article 23 – paragraph 1 – point c

Amendment 430 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar days, ~~during which~~to be initiated after the maximum notice period referred to in Article 23 point (aa), during which the service contract remains applicable and the data processing service provider shall:

Amendment 431 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2

(2) ~~ensure full~~act with due care to maintain business continuity and security of the service and, taking into account the advancement in the switching process, ensure, to the greatest extent possible, continuity in the provision of the re~~spective~~levant functions or services. within the provider of source cloud computing services’ infrastructure capacity and according to the contractual obligations;

Amendment 432 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)

(2 a) provide clear information concerning known risks to continuity in the provision of the respective functions or services from the side of provider of source cloud computing services during the switching process.

Amendment 433 #

Proposal for a regulation
Article 24 – paragraph 1 – point a a (new)

(a a) a maximum notice period for termination of the contract by the user, which shall not exceed 2 months;

Amendment 434 #

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X~~+3yr~~ + 3 months] onwards, providers of data processing services shall not impose any charges on the customer for the switching process.

Amendment 435 #

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X~~+3yrs~~ + 1 year] onwards, providers of data processing services shall not impose any charges on the customer for the switching process.

Amendment 436 #

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X~~+3yr~~ + 3 months], providers of data processing services may impose reduced charges on the customer for the switching process.

Amendment 437 #

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X~~+3yrs~~ + 1 year], providers of data processing services may impose ~~reduced~~minimum charges on the customer for the switching process.

Amendment 438 #

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent ~~international transfer~~transfer outside the EU or governmental access to non-personal data held in the Union ~~where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3~~.

Amendment 439 #

Proposal for a regulation
Article 27 – paragraph 1

Amendment 440 #

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take all ~~reasonabl~~appropriate technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State~~, without prejudice to paragraph 2 or 3~~.

Amendment 441 #

Proposal for a regulation
Article 27 – paragraph 2

2. Any decision or judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based ~~on an international agreement, such as~~ a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and athe Member State of the user.

Amendment 442 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part

In the absence of such an international agreement, where a provider of data processing services is the addressee of a decision of a court or a tribunal or a decision of an administrative authority of a third country to transfer from or give access to non-personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall not take place ~~only:~~. The data processing service provider shall inform the court or administrative authority of a requesting third country that they can bring their request before the competent EU or Member State courts.

Amendment 443 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part

~~In the absence of such an international agreement, w~~Where a provider of data processing services is the addressee of a decision of a court or a tribunal or a decision of an administrative authority of a third country to transfer from or give access to non- personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only:

Amendment 444 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – point a

(a) where the third-country system requires the reasons and proportionality of the decision or judgement to be set out, and it requires such decision or judgement, as the case may be, to be specific in character, for instance by establishing a sufficient link to certain suspected persons, or infringements;deleted

Amendment 445 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – point b

~~(b) the reasoned objection of the addressee is subject to a review by a competent court or tribunal in the third- country; an~~deleted

Amendment 446 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – point c

(c) the competent court or tribunal issuing the decision or judgement or reviewing the decision of an administrative authority is empowered under the law of that country to take duly into account the relevant legal interests of the provider of the data protected by Union law or national law of the relevant Member State.deleted

Amendment 447 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2

The addressee of the decision may ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, or may impinge on national security or defence interests of the Union or its Member States.deleted

Amendment 448 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2

The addressee of the decision may ~~ask~~request the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, or may impinge on national security or defence interests of the Union or its Member States. Relevant competent bodies or authorities shall reply within 10 working days. If the addressee has not received a reply after this time, or if the opinion of the competent authorities concludes that the conditions are not met, the addressee shall deny the request for transfer or access on those grounds.

Amendment 449 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2

The addressee of the decision may ~~ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulat~~send it to the data coordinator as referred to in article 31 who will ask the opinion of the Commission, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, including the protection of trade secrets and the protection of intellectual property rights, or may impinge on national security or defence interests of the Union or its Member States.

Amendment 450 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 3

~~The European Data Innovation Board established under Regulation [xxx – DGA] shall advise and assist the Commission in developing guidelines on the assessment of whether these conditions are met.~~deleted

Amendment 451 #

Proposal for a regulation
Article 27 – paragraph 4

4. If the conditions in paragraph 2 ~~or 3~~ are met, the provider of data processing services shall provide the minimum amount of data permissible in response to a request, based on a reasonable interpretation thereof.

Amendment 452 #

Proposal for a regulation
Article 27 – paragraph 4 a (new)

4 a. Where the provider of data processing services has reason to believe that the transfer of or access to non- personal data may lead to the risk of re- identification of non-personal, or anonymised data, the provider shall request the relevant bodies or authorities competent pursuant to applicable data protection legislation for authorisation before transferring or giving access to data.

Amendment 453 #

Proposal for a regulation
Article 27 a (new)

Article 27 a List of third-country jurisdictions 1. The Commission may, by way of implementing acts, adopt a list of third country jurisdictions where international transfer or governmental access to non personal data held in the Union would create a conflict with Union law or the national law of the relevant Member State, taking into account: (i) conflicting regulations including on data protection, public security, national security; (ii) access to the reasoned objection procedure; (iii) the level of risk to lose the confidentiality of commercially sensitive data; (iv) international commitments; (v) third country adequacy recognition under article 45 of Regulation 2016/679 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). When developing the list, the Commission shall consult and take due account of the recommendations issued by the Data Innovation Board established under Regulation [xxx – Data Governance Act] and other relevant expert groups.

Amendment 454 #

Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)

(d a) equivalence: a smart contract shall afford the same level of protection and legal certainty as any other contracts generated through different means;

Amendment 455 #

Proposal for a regulation
Article 31 – paragraph 1

1. Each Member State shall designate one or more competent authorities as responsible for the application and enforcement of this Regulation. Member States may establish one or more new authorities or rely on existing authorities, or the competent European authority.

Amendment 456 #

Proposal for a regulation
Article 31 – paragraph 1 a (new)

1 a. The independent supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall be responsible for monitoring the application of this Regulation insofar as the protection of personal data is concerned. Chapters VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The European Data Protection Supervisor shall be responsible for monitoring the application of this Regulation insofar as it concerns the Union institutions, bodies, offices and agencies. Where relevant, Article 62 of Regulation 2018/1725 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to the processing of personal data.

Amendment 457 #

Proposal for a regulation
Article 31 – paragraph 2 – point a

(a) the independent supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall be responsible for monitoring the application of this Regulation insofar as the protection of personal data is concerned. Chapters VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to the processing of personal data;deleted

Amendment 458 #

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of ~~Chapter VI of~~ this Regulation shall have experience ~~in the field of~~, sufficient technical and human resources and expertise in the field of consumer protection, data and electronic communications services.

Amendment 459 #

Proposal for a regulation
Article 31 – paragraph 3 – point g

~~(g) ensuring the online public availability of requests for access to data made by public sector bodies in the case of public emergencies under Chapter V;~~deleted

Amendment 460 #

Proposal for a regulation
Article 31 – paragraph 3 – point h

(h) cooperating with all relevant competent authorities ~~to ensure that the obligations of Chapter VI are enforce~~, data coordinators of other member States and the European Data Innovation Board to ensure that the obligations under this Regulation are enforced efficiently, swiftly and consistently with other Union legislation and self-regulation applicable to providers of data processing service;

Amendment 461 #

Proposal for a regulation
Article 31 – paragraph 3 – point i a (new)

(i a) ordering data holders, third parties or data recipients to provide redress, including compensation for damages, to consumers in case of harm;

Amendment 462 #

Proposal for a regulation
Article 31 – paragraph 4

4. Where a Member State designates more than one competent authority, the competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 3 of this Article, cooperate with each other~~, including, as appropri~~. In such cases, relevant Member States shall designate a coordinating competent authority. Competent authorities shall cooperate, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679, to ensure the consistent application of this Regulation. ~~In such cases, relevant Member States shall designate a coordinating competent authority.~~

Amendment 463 #

Proposal for a regulation
Article 31 – paragraph 5

5. Member States shall communicate the name of the designated ~~competent authorities~~data coordinator and their respective tasks and powers ~~and, where applicable, the name of the coordinating competent authority to the Commission. The Commission shall maintain a~~to the Commission and the European Data Innovation Board. The Commission shall regularly update and maintain an easily accessible public register of those authorities.

Amendment 464 #

Proposal for a regulation
Article 31 – paragraph 7 a (new)

7a. The competent authorities shall cooperate with the competent authorities of all Member States to ensure this Regulation is implemented coherently and efficiently. Such mutual assistance shall include the exchange of all relevant information by secure electronic means without undue delay, in particular for the purpose of carrying out the tasks referred to in paragraph 3(b), (c) and (d).

Amendment 465 #

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the coordinating competent authority, or any other relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights under this Regulation have been infringed.

Amendment 466 #

Proposal for a regulation
Article 32 a (new)

Article 32 a Right to an effective judicial remedy against the data coordinator or a competent authority 1. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy against a legally binding decision of the data coordinator or a competent authority pursuant article 31 concerning them. 2. Proceedings against a data coordinator or competent authority shall be brought before the courts of the Member State of the habitual residence, place of work or establishment of the user or their representative organisation. 3. Where proceedings are brought against a decision of a data coordinator or a competent authority pursuant article 31, which was preceded by an opinion or a decision of the Board, the supervisory authority shall forward that opinion or decision to the court.

Amendment 467 #

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. The Commission shall consult the European Data Protection Board when developing such model contractual terms, as far as personal data are concerned.

Amendment 468 #

Luisa REGIMENTI, Axel VOSS, Daniel BUDA, Angelika NIEBLER

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations, as well as model contractual terms on the necessary protection of trade secrets and the preservation of their confidentiality.

Amendment 469 #

Proposal for a regulation
Chapter X – title

X INAPPLICABILITY OF THE SUI GENERIS RIGHT UNDER DIRECTIVE 1996/9/EC TO DATABASES COVERED BY THIS REGULATION

Amendment 470 #

Proposal for a regulation
Article 35 – paragraph 1

In order not to hinder the exercise of the right of users to access and use such data in accordance with Article 4 of this Regulation or of the right to share such data with third parties in accordance with Article 5 of this Regulation, tThe sui generis right provided for in Article 7 of Directive 96/9/EC does not apply to databases containing data obtained from or generated by the use of a product or a related service.

Amendment 471 #

Proposal for a regulation
Article 35 – paragraph 1

In order not to hinder the exercise of the right of users to access and use such data in accordance with Article 4 of this Regulation or of the right to share such data with third parties in accordance with Article 5 of this Regulation, the sui generis right provided for in Article 7 of Directive 96/9/EC ~~does not apply to databases containing data obtained from or~~, shall not be invoked to refuse access to data generated by the use of a product or a related service.

Amendment 472 #

Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)

(a a) whether the provisions of this Regulation related to trade secrets ensure respect for trade secrets while not hampering the access to and sharing of data; in particular, the evaluation shall assess whether and how the confidentiality of trade secrets is ensured in practice despite their disclosure both in the context of data sharing with third parties [and in the business-to- government context]. This assessment shall be carried out in close relationship with the evaluation report on Directive (EU) 2016/943 expected by 9 June 2026 pursuant to Article 18(3) of the directive thereof.

Amendment 473 #

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [124 months after the date of entry into force of this Regulation].

source: 738.512

2022/11/11 IMCO 194 amendments...

Amendment 487 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 23 – paragraph 1 – point d

(d) maintaining functional equivalence of the service in the IT-environment of the different provider or providers of data processing services covering the same service type~~, in accordance with Article 26~~.

Amendment 488 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 23 – paragraph 2

~~2. Paragraph 1 shall only apply to obstacles that are related to the services, contractual agreements or commercial practices provided by the original provider.~~deleted

Amendment 489 #

2. ~~Paragraph 1 shall only apply to obstacles~~The obligations in this Chapter shall only apply to the original provider to the extent they are within its sphere of control, in particular only to the extent that the obstacles referred to in paragraph 1 that are related to the services, contractual agreements pre-commercial or commercial practices provided by the original provider.

Amendment 490 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 23 – paragraph 2

2. Paragraph 1 shall only apply to obstacles that are related to the services, contractual agreements or commercial practices provided by the ~~original provider~~provider of source cloud computing services.

Amendment 491 #

Sandro GOZI, Christophe GRUDLER, Stéphanie YON-COURTIN, Valérie HAYER

Proposal for a regulation
Article 23 – paragraph 2

2. Paragraph 1 shall only apply to obstacles that are related to the services, contractual agreements, pre-commercial or commercial practices provided by the original provider.

Amendment 492 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Andreas SCHWAB, Arba KOKALARI, Pilar del CASTILLO VERA

Proposal for a regulation
Article 23 – paragraph 2

2. Paragraph 1 shall only apply to obstacles that are ~~relat~~directly influenced toby the services, contractual agreements or commercial practices provided by the original provider.

Amendment 493 #

Proposal for a regulation
Article 23 – paragraph 2 a (new)

2 a. The measures related to the contractual relationship between providers of a data processing service and customers pursuant to Article 23 paragraph 1 and 2 shall be equally ensured in the contractual relationship between providers of a data processing service and resellers of such a service and between resellers and their customers;

Amendment 494 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 23 – paragraph 2 b (new)

2 b. Where applicable, and without prejudice to the obligations of the existing providers, all parties involved, including destination service providers, shall collaborate in good faith to make the switching process effective.

Amendment 495 #

Krzysztof HETMAN, Adam JARUBAS, Janusz LEWANDOWSKI, Bartosz ARŁUKOWICZ, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – introductory part

1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services shall be clearly set out ~~in a written contract. Without prejudice to Directive (EU) 2019/770, that contract~~and made available to the customer in advance of that customer accepting terms and conditions of the service priori to signing up to the service of the provider. Without prejudice to Directive (EU) 2019/770, the information to be provided to the customer and the terms and conditions of the service shall include at least the following:

Amendment 496 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – introductory part

1. The rights of the customer and the obligations of the provider of a ~~data process~~cloud computing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, th~~at contrac~~e provider of cloud computing services shall ensure that contractual agreement shall include at least the following:

Amendment 497 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – introductory part

1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services or to an on-premise system shall be clearly ~~set out~~reflected in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall include at least the following:

Amendment 498 #

Proposal for a regulation
Article 24 – paragraph 1 – introductory part

1. The rights of the customer and the obligations of the provider of a data processing service in relation to switching between providers of such services or to an on-premise system shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contract shall include at least the following:

Amendment 499 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, with the exception of data used by the provider to operate, maintain and improve the service or data and digital assets that would conflict with the cloud provider's or other customer's intellectual property rights in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall:

Amendment 500 #

Krzysztof HETMAN, Adam JARUBAS, Janusz LEWANDOWSKI, Bartosz ARŁUKOWICZ, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly ~~or indirectly by~~by the customer or which is uniquely relate to theat customers own usage of the service, to an on-premise system, in particular the establishment of a mandatory maximum transition period of 360 calendar days, during which the data processing service provider shall execute and provide clear information concerning:

Amendment 501 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar days, to be initiated after the maximum notice period referred to in Article 23, during which the data processing service provider shall:

Amendment 502 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, ~~to s~~and in accordance witch t~~o a data process~~he contractual agreement in place, to switch to a cloud computing service offered by another provider of ~~data process~~cloud computing services or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar dexportable data to an on-premise system, without undue delays, during which the ~~data process~~provider of cloud computing service ~~provider~~s shall:

Amendment 503 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar days or other contractually agreed time for transition, during which the data processing service provider shall:

Amendment 504 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

Amendment 505 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

Amendment 506 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part

Amendment 507 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point -1 (new)

(-1) the estimated, fastest possible in terms of factors on the side of the provider of the data processing service from which the switching is to take place, duration of the process for the customer to transition from the data processing service,including any operational, technical or organisational steps necessary for both the service provider and the customer to undertake, in order to complete the switching process;

Amendment 508 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1

(1) assist and, where technically feasible, complete the switching process, including reasonably assisting a third- party entity managing the switching process on behalf of the customer;

Amendment 509 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1

(1) reasonably assist and, where technically feasible, ~~complete the switching process~~support the switching process, including assisting a third-party entity managing the switching process on behalf of the customer;

Amendment 510 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1

(1) assist ~~and~~ance with the switching process that the provider can supply including, where technically feasible, complete the switching process from the provider’s side;

Amendment 511 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1

(1) assist the customer and third parties authorized by the customer in, and, where technically feasible, complete the switching, exporting or porting process;

Amendment 512 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1

(1) assist ~~and, where technically feasible, comple~~through and facilitate the switching process;

Amendment 513 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1 a (new)

(1 a) provide the customer and third parties authorized by the customer, at their request and free of charge, access to the resources necessary to support the switching process;

Amendment 514 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2

(2) ~~ensure full~~act with due care to maintain business continuity and security of the service and, taking into account the advancement in the switching process, ensure, to the greatest extent possible, continuity in the provision of the re~~spective~~levant functions or services within the provider of source cloud computing services’ infrastructure capacity and according to the contractual obligations.

Amendment 515 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2

(2) any risks to continuity in the provision of the respective functions or services from the provider’s side during the switching process and commitment to make every effort on provider’s side to ensure full continuity in the provision of the respective functions or services.

Amendment 516 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2

(2) ensure full continuity or sufficient continuity in compliance with the contractual arrangements related to continuity in the provision of the respective functions or services.

Amendment 517 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2

(2) ensure ~~full~~which is consistent with contractual agreements related to continuity in the provision of the respective functions or services.

Amendment 518 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)

Amendment 519 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)

(2 a) ensure secure deletion of all data, applications and digital assets generated directly or indirectly by the customer within 15 calendar days of the successful transition period

Amendment 520 #

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)

(2 a) provide the customer and third parties authorised by the customer, at their request, access to the resources necessary to support the switching process.

Amendment 521 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)

(2 a) ensure that a high level of security is maintained throughout the porting process, notably the security of the data during their transfer.

Amendment 522 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 b (new)

(2 b) obligation to complete the switching process within the period which may not exceed 6 months. The customer shall retain the right to extend this period, if needed, prior to or during the switching process;

Amendment 523 #

Adam BIELAN

Proposal for a regulation
Article 24 – paragraph 1 – point a a (new)

(a a) obligation to complete its activities under the switching process within the period which may not exceed 6 months, provided that the customer acts in good faith. The customer shall retain the right to extend this period, if needed, prior or during the switching process;

Amendment 524 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the servicewhere technically feasible, at minimum;

Amendment 525 #

Maria da Graça CARVALHO, Marion WALSMANN, Tom VANDENKENDELAERE, Arba KOKALARI, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point b

Amendment 526 #

Adam BIELAN

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) a~~n exhaustive~~ detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata related to customer’s services and created by the customer and by the use of the service during the period the service was provided, including, but not limited to, where appropriate, configuration parameters, security settings, access rights and access logs to the service; excluding data that is generated during the use of the service, that is temporary and used for diagnostic or debugging purposes;

Amendment 527 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata related to the customer's services and created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service; being understood that cloud service providers shall not be required to disclose trade secrets or other proprietary information.

Amendment 528 #

Andreas SCHWAB, Maria da Graça CARVALHO

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) a~~n exhaustive~~ detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided that can be clearly assigned to the customer, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;

Amendment 529 #

Andreas SCHWAB, Maria da Graça CARVALHO

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) an exhaustive specification of all data and application categories in a structured, machine readable form exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;

Amendment 530 #

Proposal for a regulation
Article 24 – paragraph 1 – point b

Amendment 531 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point b

(b) a~~n exhaustive~~ detailed specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;

Amendment 532 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point b – point i (new)

i) all data imported by the customer at the inception of the service agreement;

Amendment 533 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Adriana MALDONADO LÓPEZ, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point b – point ii (new)

ii) all data and metadata created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service;

Amendment 534 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Alin MITUȚA, Vlad-Marius BOTOŞ

Proposal for a regulation
Article 24 – paragraph 1 – point b a (new)

(b a) support for development of the customer’s exit strategy relevant to the contracted services, including through providing information such as procedures for initiating switching from the cloud computing service, the machine-readable data formats that user’s data can be exported to, the tools, including at least one open standard data portability interface, foreseen to export data, known technical restrictions and limitations that could impact switching process, estimated time necessary to complete the switching process, costs indication related to the data transfers and additional services offered to facilitate the switching process, including the ability of the customer to test its switching process.

Amendment 535 #

Tsvetelina PENKOVA, Marc ANGEL, Maria GRAPINI, Alex AGIUS SALIBA, Maria-Manuel LEITÃO-MARQUES

Proposal for a regulation
Article 24 – paragraph 1 – point c

(c) a ~~minimum~~ period for data retrieval of ~~at least~~ 30 calendar days that may be amended by mutual agreement, starting after the termination of the transition period that was agreed between the customer and the ~~service~~ provider of cloud computing services, in accordance with paragraph 1, point (a) ~~and paragraph 2~~.

Amendment 536 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 1 – point c

(c) a minimum period for data retrieval of at least 30 calendar days, starting after the termination of the transition period that was agreed between the customer and the ~~service~~ provider of cloud computing services, in accordance with paragraph 1, point (a) and paragraph 2.

Amendment 537 #

Proposal for a regulation
Article 24 – paragraph 1 – point c

(c) a minimum period for data retrieval of at least 360 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider, in accordance with paragraph 1, point (a) and paragraph 2.

Amendment 538 #

Tsvetelina PENKOVA, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)

(c a) a clause guaranteeing full deletion of all customer data directly after the expiration of the period set out in paragraph 1(c) of this Article or after the expiration of an alternative agreed period later than the expiration of the period set out in paragraph 1(c);

Amendment 539 #

Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)

(c a) clear description of the different operations required for switching process and clear indication of the corresponding charges imposed on the customer;

Amendment 540 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 1 – point c a (new)

(c a) a clause guaranteeing full deletion of all customer data immediately after the expiration of the retrieval period set out in paragraph 1(c);

Amendment 541 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 24 – paragraph 1 – point c b (new)

(c b) details of all the standards and open standards, data structures and data formats in which the exportable data described according to paragraph (1) b) will be available.

Amendment 542 #

Proposal for a regulation
Article 24 – paragraph 2

2. Where the ~~mandatory~~provider of the data processing service becomes aware that the estimated transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible for the provider, the provider of data processing services shall notify the customer within 714 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report justifying and indicating an alternative shortest possible transition period, which may not exceed 6 months. In accordance with paragraph 1 of this Article, full service continuity shall ~~be ensured~~, where technically feasible, continue throughout the alternative transition period against reduced charges, referred to in Article 25(2). if the delay is due to factors on the side of the provider of a data processing service from which the switching is to take place.

Amendment 543 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 24 – paragraph 2

2. Where the mandatory transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible, due to limitations solely under the control of the provider, the provider of data processing services shall notify the customer within 7 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report and indicating an alternative transition period, which may not exceed 612 months taking into account the technical complexity to migrate. In accordance with paragraph 1 of this Article, full service continuity shall be ensured throughout the alternative transition period against reduced charges, referred to in Article 25(2).

Amendment 544 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 24 – paragraph 2

2. Where the mandatory transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible, because the transition process to the new provider has not been used before the provider of data processing services shall notify the customer within 7 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report and indicating an alternative transition period, which may not exceed 6 months. In accordance with paragraph 1 of this Article, full service continuity shall be ensured throughout the alternative transition period against reduced charges, referred to in Article 25(2).

Amendment 545 #

Proposal for a regulation
Article 24 – paragraph 2

2. Where the mandatory transition period as defined in paragraph 1, points (a) and (c) of this Article is technically unfeasible, the provider of data processing services shall notify the customer within 7 working days after the switching request has been made, duly motivating the technical unfeasibility with a detailed report and indicating an alternative transition period, which may not exceed 63 months. In accordance with paragraph 1 of this Article, full service continuity shall be ensured throughout the alternative transition period against reduced charges, referred to in Article 25(2).

Amendment 546 #

Andreas SCHWAB, Maria da Graça CARVALHO

Proposal for a regulation
Article 24 – paragraph 2 a (new)

2 a. The specification of exportable data referred in Article 24 paragraph 1 point (b) may exclude certain categories of data that, if exported, would put the integrity and security of the data processing service provider's services at risk.

Amendment 547 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 – paragraph 2 a (new)

2 a. Following a successful switch to another provider or back on-premises by the customer, the provider of the cloud computing service should be required to permanently delete the user data, unless otherwise expressly agreed.

Amendment 548 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 24 a (new)

Article 24 a Obligations of the providers of destination cloud computing services The provider of destination cloud computing services shall comply with the following obligations towards the customer: a) shall provide information on available procedures for switching and porting to the cloud computing service when it is a porting destination, including information on available porting methods, formats as well as known restrictions and technical limitations; b) shall cooperate in good faith with the provider of source cloud computing services to enable the timely transfer of necessary items such as data or software via commonly used, machine-readable format and by means of the open standard data portability interface, unless otherwise agreed by both parties.

Amendment 549 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X+3yrs] onwards, providers of data processing services shall not impose any additional charges on the customer for the switching process. unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;

Amendment 550 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X+3 2yrs] onwards, providers of data processing services shall not impose any charges on the customer for the switching process, with particular reference to egress fees.

Amendment 551 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X+3yrs], onwards, providers of ~~data process~~cloud computing services shall not impose any charges on ~~the~~ customers who are consumers for the switching process.

Amendment 552 #

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X~~+3yrs~~, the date of entry into force of this Regulation] onwards, providers of data processing services shall not impose any charges on the customer who are consumers for the switching process.

Amendment 553 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Alin MITUȚA, Vlad-Marius BOTOŞ

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X~~+3yrs~~, the date of entry into force of this Regulation] onwards, providers of ~~data process~~cloud computing services shall not impose any charges on ~~the~~ customers who are consumers for the switching process.

Amendment 554 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X+~~3yr~~18 months] onwards, providers of data processing services shall not impose any charges on the customer for the switching process.

Amendment 555 #

Proposal for a regulation
Article 25 – paragraph 1

1. From [date X~~+3yr~~ + 3 months] onwards, providers of data processing services shall not impose any charges on the customer for the switching process.

Amendment 556 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 25 – paragraph 1 a (new)

1 a. From [date X]onwards, providers of data processing services shall, before the customer signs up to the service, provide clear information in the terms and conditions of the service, about the costing parameters for mandatory operations that the provider of data processing services must perform in relation to porting and switching.

Amendment 557 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 25 – paragraph 1 a (new)

1 a. Standard subscription or service fees and charges for professional transition services work undertaken by the data processing service at the request of the customer to support the switching process, shall not be considered switching charges for the purposes of this Article.

Amendment 558 #

Sandro GOZI, Christophe GRUDLER, Stéphanie YON-COURTIN, Morten LØKKEGAARD, Valérie HAYER

Proposal for a regulation
Article 25 – paragraph 1 a (new)

1 a. From [date X, the date of entry into force of this Regulation] onwards, providers of cloud computing services shall not impose any egress fees, or data transfer costs for the switching process or when a customer is using several providers simultaneously.

Amendment 559 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI

Proposal for a regulation
Article 25 – paragraph 1 a (new)

1 a. From [date X + 3 yrs] onwards, providers of data processing services shall not impose any charges on the customer in the context of business-to-business relations for the switching process.

Amendment 560 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X+~~3yr~~18 months], providers of data processing services may impose ~~reduced~~ charges on the customer for the switching process as long as these do not exceed the cuost~~omer for~~s incurred by the provider of data processing services directly linked to the switching process. .

Amendment 561 #

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer for the switching process and shall remove any other technical, contractual and organizational obstacle inhibiting the switching process.

Amendment 562 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X+32yrs], providers of data processing services may impose reduced charges on the customer in business-to-business relations for the switching process.

Amendment 563 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of the Data Act] until [date X+3yrs], providers of ~~data process~~cloud computing services may impose reduced charges on ~~the~~ customers who are consumers for the switching process.

Amendment 564 #

Proposal for a regulation
Article 25 – paragraph 2

Amendment 565 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Alin MITUȚA, Vlad-Marius BOTOŞ

Proposal for a regulation
Article 25 – paragraph 2

2. From [date X, the date of entry into force of th~~e Data Act] until [date X+3yrs~~is Regulation], providers of ~~data process~~cloud computing services ~~may~~shall impose reduced charges on ~~the~~all customers for the switching process.

Amendment 566 #

Proposal for a regulation
Article 25 – paragraph 2 a (new)

2 a. The providers of data processing services shall provide the customer with information setting out the basis for the calculation of the compensation in sufficient detail so that the customer can verify that the requirements of paragraph 2 are met.

Amendment 567 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 25 – paragraph 3

~~3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concern~~deleted.

Amendment 568 #

Proposal for a regulation
Article 25 – paragraph 3

3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned. unless the process prolongs due to factors outside of the control of the provider of data processing service. If the switching process prolongs due to factors outside of the control of the provider of data processing service, the provider of data processing service may charge the party responsible;

Amendment 569 #

Proposal for a regulation
Article 25 – paragraph 3

3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of ~~data process~~cloud computing services that are directly linked to the switching process and shall be associated with mandatory operations that the provider of cloud computing processing services must perform as part of the switching process concerned.

Amendment 570 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 25 – paragraph 3

Amendment 571 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS

Proposal for a regulation
Article 25 – paragraph 3

3. The charges referred to in paragraph 2 shall not exceed the average costs incurred by the provider of data processing services that are directly linked to the switching process concerned.

Amendment 572 #

Proposal for a regulation
Article 25 – paragraph 3 a (new)

3 a. Before entering into a contractual agreement with a customer, the provider of cloud computing services shall provide the customer with clear information describing the charges imposed on the customer for the switching process and where relevant, shall provide information on services associated with highly complex or costly switching or impossible to switch without significant interference in the data or application or service architecture.

Amendment 573 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 25 – paragraph 4

4. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor switching charges imposed by ~~data process~~providers of cloud computing service ~~provider~~s on the market to ensure that the withdrawal of switching charges as described in paragraph 1 of this Article will be attained in accordance with the deadline provided in the same paragraph.

Amendment 574 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 25 – paragraph 4

4. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor switching charges imposed by data processing service providers on the market to ensure that the withdrawal of switching charges as described in paragraph 1a of this Article will be attained in accordance with the deadline provided in the same paragraph.

Amendment 575 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – title

Technical aspects of switching and interoperability

Amendment 576 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 26 – paragraph 1

1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ~~ensure tha~~not implement technical restrictions that prevent the customer, after switching to a service covering the same service type offered by a different provider of data processing services, from enjoysing functional equivalence in the use of the new service. Functional equivalence should be deemed technically feasible whenever both the originating and the destination data processing services cover (in part or in whole) the same service type.

Amendment 577 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Adriana MALDONADO LÓPEZ, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 26 – paragraph 1

1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ~~ensure that~~ provide assistance and take all necessary measures in their power, including in cooperation with the data processing service provider of the destination service, to facilitate the customer, after switching to a service covering the same service type offered by a different provider of data processing services, ~~enjoys~~with the aim of achieving functional equivalence in the use of the new service.

Amendment 578 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 26 – paragraph 1

1. Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ~~ensure that the customer, after switching to a~~provide capabilities, adequate information, documentation, technical support and, where appropriate, tools, to perform porting and switching allowing for functional equivalence in the use of the new service ~~covering~~of the same service type offered by a different provider of data processing services~~, enjoys functional equivalence in the use of the new service~~.

Amendment 579 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – paragraph 1

1. Providers of ~~data process~~cloud computing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ~~ensure~~to the extend possible support that the customer, ~~after~~ switching to a service covering the same service type offered by a different provider of ~~data process~~cloud computing services, ~~enjoys~~is well equipped to achieve functional equivalence in the use of the new service.

Amendment 580 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 26 – paragraph 1

1. Providers of data processing services shall, for services that concern scalable and elastic computing resources ~~limited to infrastructural elements~~ such as servers, networks and the virtual resources necessary for operating the infrastructure, as well as cloud-based operating systems, but that do not provide access to ~~the operating services,~~ software and applications that are stored, otherwise processed, or deployed on those infrastructural elements~~, shall~~ and operating systems ensure that the customer, after switching to a service covering the same service type offered by a different provider of data processing services, enjoys functional equivalence in the use of the new service.

Amendment 581 #

Proposal for a regulation
Article 26 – paragraph 2

2. For data processing services other than those covered by paragraph 1, providers of data processing services ~~shall make open interfaces publicly available and free of charge.~~can be required by the customer to make open interfaces designed to facilitate switching between services of the same service type available and free of charge for the customer and its destination provider;

Amendment 582 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 26 – paragraph 2

2. For data processing services other than those covered by paragraph 1, providers of data processing services ~~shall make open interfaces~~can be required by the data recipient to make open interfaces designed to facilitate switching between services of the same service type publicly available and free of charge.

Amendment 583 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – paragraph 2

2. ~~For data processing services other than those covered by paragraph 1, providers of data process~~Providers of cloud computing services, including providers of destination cloud computing services shall make open interfaces publicly available and free of charge for the purpose of portability and interoperability.

Amendment 584 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 26 – paragraph 3

3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards, identified in the central Union data processing service standards repository, for interoperability that are identified in accordance with Article 29(5) of this Regulation.

Amendment 585 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 26 – paragraph 3

3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation or another format mutually agreed upon by the parties.

Amendment 586 #

Proposal for a regulation
Article 26 – paragraph 3

3. For data processing services other than those covered by paragraph 1, providers of data processing services shall ensure compatibility with open ~~interoperability specifications or European~~ standards for interoperability that are identified in accordance with Article 29(5) of this Regulation.

Amendment 587 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – paragraph 3

3. ~~For data processing services other than those covered by paragraph 1, providers of data processing services shall~~All providers of cloud computing services shall, where technically feasible, ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation.

Amendment 588 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 26 – paragraph 3

3. ~~For data process~~Providers of cloud computing services otshall, where t~~han those covered by paragraph 1, providers of data processing services shall~~echnically feasible without hindering their security standards, ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation.

Amendment 589 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – paragraph 4

4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the equivalent service ~~type~~ concerned, the provider of ~~data process~~cloud computing services shall, at the request of the customer, export where technically feasible, all data generated or co-generated, including the relevant data formats and data structures, and metadata in a structured, commonly used and machine- readable format as indicated to the customer in accordance with Article 24 (1 ab), unless other format is accepted by the customer.

Amendment 590 #

Proposal for a regulation
Article 26 – paragraph 4

4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, ~~export all data generated or co-generated~~and where technically feasible, export all data generated directly by the customer or which is uniquely relate to that customers own usage of the service, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format. for the relevant service type.

Amendment 591 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Pilar del CASTILLO VERA

Proposal for a regulation
Article 26 – paragraph 4

4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, with the exception of data used by the provider to operate, maintain, or improve the service,including the relevant data formats and data structures, in a structured, commonly used and machine- readable format.

Amendment 592 #

Proposal for a regulation
Article 26 – paragraph 4

4. Where the open ~~interoperability specifications or European~~ standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall, at the request of the customer, export all data generated or co-generated, including the relevant data formats and data structures, in a structured, commonly used and machine- readable format.

Amendment 593 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 26 – paragraph 4

Amendment 594 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall make APIs available for the purpose of interoperability. These APIs shall ensure, where technically feasible, that third-party services can enjoy the same functional equivalence as first-party services.

Amendment 595 #

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. Providers of data processing services should not be required to make their services less secure to ensure functional equivalence nor providers of non-infrastructure services be required to meet specifications that do not support security features of their service,unless in cases where such change introduces higher security and cybersecurity standards.

Amendment 596 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. When ensuring functional equivalence, providers of data processing services are required to maintain the highest level of security features in their destination service.

Amendment 597 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN

Proposal for a regulation
Article 26 – paragraph 4 b (new)

4 b. The requirements set out in this chapter shall not require a provider of cloud computing services to: a) develop new technologies or services; b) disclose or transfer proprietary or confidential data or technology that is protected as a trade secret or by other property rights, to the customer or to another provider of cloud computing services;or c) engage in, facilitate or enable anti- competitive behaviour.

Amendment 598 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 26 a (new)

Article 26 a Withdrawal of interoperability charges 1. From [date X] onwards, providers of data processing services shall not impose charges for the interoperability process in excess of the costs incurred by the provider of data processing services that are directly linked to the interoperability process concerned. 2. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor interoperability charges imposed by data processing service providers on the market to ensure that the limitation of interoperability charges as described in paragraph 1 of this Article will be attained in accordance with the deadline provided in the same paragraph.

Amendment 599 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Alin MITUȚA, Vlad-Marius BOTOŞ

Proposal for a regulation
Article 26 b (new)

Article 26 b Exemptions for certain cloud computing services The obligations set out in this Chapter shall not apply to: a) cloud computing services, which have been custom-built to facilitate a specific customer’s need; b) cloud computing services that operate on a trial basis or only supply a testing and evaluation service for business product offerings.

Amendment 600 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing 1. services shall tmake ~~all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent~~transparent to data holders the policies, practices and arrangements they apply in cases of international transfer or request of governmental access to non-personal data held in the Union . Where applicable and where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3, providers of data processing services shall take the necessary and reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent such transfer or access.

Amendment 601 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take all ~~reasonable~~the necessary technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union ~~where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3~~.

Amendment 602 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 27 – paragraph 1

1. PData holders and providers of data processing services shall take all ~~reasonabl~~appropriate technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.

Amendment 603 #

Proposal for a regulation
Article 27 – paragraph 2

2. Any decision or judgment of a court or tribunal, in accordance with Article 47 of the Charter of Fundamental Rights of the European Union, and any decision of an administrative authority of a third country requiring a provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

Amendment 604 #

Proposal for a regulation
Article 27 – paragraph 2

2. Any decision or judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a data holder or provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

Amendment 605 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part

In the absence of such an international agreement, where a data holder or provider of data processing services is the addressee of a decision of a court or a tribunal or a decision of an administrative authority of a third country to transfer from or give access to non-personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only following review by the relevant competent bodies or authorities, pursuant to this Regulation to assess if, in addition to the provisions of any relevant national or Union law, the following conditions have been met:

Amendment 606 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part

Amendment 607 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – point b

(b) the reasoned objection of the addressee is subject to a review by a competent court or tribunal in the third- country, in accordance with Article 47 of the Charter of Fundamental Rights of the European Union; and

Amendment 608 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Alin MITUȚA, Vlad-Marius BOTOŞ

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – point c a (new)

(c a) or where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection according to Article 45 of the Regulation (EU) 2016/679.

Amendment 609 #

Proposal for a regulation
Article 27 – paragraph 5

5. The provider of data processing services shall inform the data holder about the existence of a request of an administrative authority in a third-country to access its data before complying with its request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activunless advised not to do so by a relevant competent body or authority.

Amendment 610 #

Proposal for a regulation
Article 27 – paragraph 5

5. The provider of data processing services shall inform the data holder and its customer about the existence of a request of an administrative authority in a third-country to access its data before complying with its request, except in cases where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.

Amendment 611 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

~~Operator~~Where participants in data spaces offer data ~~spaces shall comply with,~~-based services to other participants, they shall adhere to the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services by making available to other participants comprehensive and consistent descriptions of:

Amendment 612 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

~~Operators of~~Data holders and Operators within Common European data spaces shall comply with, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services:

Amendment 613 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

OData holders and operators ofwithin data spaces shall comply with, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services:

Amendment 614 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a

(a) the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described in a machine-readable format to allow the recipient to find, access and use the data;

Amendment 615 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a

(a) the dataset content, commercial terms. use restrictions, licences, data collection methodology, data quality and uncertainty ~~shall be sufficiently described~~ to allow ~~the re~~participieants to find, access and use the data;

Amendment 616 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b

(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists ~~shall be described in a publicly available and consistent manner~~;

Amendment 617 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b

(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, shall be described in a publicly available and consistent manner;

Amendment 618 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c

(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format, where that is necessary for the good functioning of the product or service and is technically feasible;

Amendment 619 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c

(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format and, where relevant, the means and terms for compensation for such access;

Amendment 620 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c

(c) where applicable, the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously or in real-time in a machine-readable format;

Amendment 621 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d

(d) the means to enable the interoperability of ~~smart~~ contracts for data sharing within their services and activities ~~shall be provided~~.

Amendment 622 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 2

~~These requirements can have a generic nature or concern specific sectors, while taking fully into account the interrelation with requirements coming from other Union or national sectoral legislation.~~deleted

Amendment 623 #

Proposal for a regulation
Article 28 – paragraph 2

2. The Commission is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by ~~further~~ specifying ~~the~~ essential requirements for harmonised standards referred to in paragraph 1 taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA].

Amendment 624 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Adriana MALDONADO LÓPEZ, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 28 – paragraph 3

3. Operators of data spaces that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.deleted

Amendment 625 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 28 – paragraph 3

3. Operators ofwithin data spaces and data holders that meet 3. the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.

Amendment 626 #

Proposal for a regulation
Article 28 – paragraph 3

3. Operators ofwithin data spaces and data holders that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.

Amendment 627 #

Proposal for a regulation
Article 28 – paragraph 5

5. The Commission ~~shall~~may, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary~~, with respect to any or all of the requirements laid down in paragraph 1 of this Article~~. Prior to adopting such implementing acts, the Commission shall seek advice from and take into account relevant positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA]. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).

Amendment 628 #

Proposal for a regulation
Article 28 – paragraph 6

6. The Commission may adopt guidelines laying down interoperability specifications for the functioning of common European data spaces, such as architectural models and technical standards implementing legal rules and arrangements between parties that foster data sharing, such as regarding rights to access and technical translation of consent or permission.deleted

Amendment 629 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – title

Interoperability and portability for data processing services

Amendment 630 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – paragraph 1 – introductory part

1. Open interoperability and portability specifications and European standards for the interoperability of data processing services shall:

Amendment 631 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 29 – paragraph 1 – introductory part

1. Open ~~interoperability specifications and European~~ standards for the interoperability of data processing services shall:

Amendment 632 #

Proposal for a regulation
Article 29 – paragraph 1 – point a

(a) be performance oriented towards achieving interoperability, in a secure manner, between different data processing services that cover the same service type;

Amendment 633 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 29 – paragraph 1 – point a

(a) be performance and security oriented towards achieving interoperability between different data processing services that cover the same service type;

Amendment 634 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – paragraph 1 – point a

(a) be performance oriented towards achieving interoperability and portability between different data processing services ~~that cover the same service type~~;

Amendment 635 #

Proposal for a regulation
Article 29 – paragraph 1 – point b

(b) enhance portability of data and of digital assets between different data processing services that cover the same service type;

Amendment 636 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – paragraph 1 – point b

(b) enhance interoperability and portability of digital assets between different data processing services ~~that cover the same service type;~~

Amendment 637 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 29 – paragraph 1 – point c

(c) ~~guarante~~facilitate, where technically feasible, functional equivalence between different data processing services that cover the same service type.

Amendment 638 #

Proposal for a regulation
Article 29 – paragraph 1 – point c

(c) guarantee~~, where technically feasible,~~ functional equivalence between different data processing services that cover the same service type.

Amendment 639 #

Adriana MALDONADO LÓPEZ, Clara AGUILERA, Christel SCHALDEMOSE, Marc ANGEL, Tsvetelina PENKOVA, Maria GRAPINI, Alex AGIUS SALIBA

Proposal for a regulation
Article 29 – paragraph 1 – point c a (new)

(c a) be developed on the basis of open decision-making accessible to all interested parties in the market or markets affected by those technical specifications;

Amendment 640 #

Proposal for a regulation
Article 29 – paragraph 1 – point c a (new)

(c a) include provisions for technical advances which allow for new functions and innovation in data processing services.

Amendment 641 #

Proposal for a regulation
Article 29 – paragraph 1 – point c b (new)

(c b) ensure that specifications do not distort the market or limit the possibilities for implementers to develop competition and innovation based upon them;

Amendment 642 #

Proposal for a regulation
Article 29 – paragraph 1 – point c c (new)

(c c) ensure that standardised interfaces are not hidden or controlled by anyone other than the organisations that adopted the technical specifications.

Amendment 643 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – paragraph 2 – introductory part

2. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall address:

Amendment 644 #

Proposal for a regulation
Article 29 – paragraph 2 – introductory part

2. Open ~~interoperability specifications and European~~ standards for the interoperability of data processing services shall address:

Amendment 645 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 29 – paragraph 3

3. Open ~~interoperability specification~~standards shall comply with paragraph 3 and 4 of Annex II of Regulation (EU) No 1025/2012.

Amendment 646 #

Proposal for a regulation
Article 29 – paragraph 4

4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to define the scope of a specific service type and to draft European standards applicable to specific service types of data processing services.

Amendment 647 #

Morten LØKKEGAARD, Catharina RINZEMA, Dita CHARANZOVÁ, Ivars IJABS, Karen MELCHIOR, Andrus ANSIP, Sandro GOZI, Alin MITUȚA, Stéphanie YON-COURTIN, Vlad-Marius BOTOŞ, Christophe GRUDLER

Proposal for a regulation
Article 29 – paragraph 5

5. For the purposes of Article 26(3) of this Regulation, the Commission shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability and portability of data processing services in central Union standards repository for the interoperability and portability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.

Amendment 648 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 29 – paragraph 5 a (new)

5 a. All switching, porting and interoperability standards or specifications, as well as implementation of all measures of this regulation, shall ensure compliance with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC,legislation on cyber security, consumer protection, product safety, trade secrets or intellectual property rights, as well as with the accessibility requirements.

Amendment 649 #

Proposal for a regulation
Article 31 – paragraph 1

Amendment 650 #

Krzysztof HETMAN, Adam JARUBAS, Bartosz ARŁUKOWICZ, Janusz LEWANDOWSKI, Jerzy BUZEK, Andrzej HALICKI

Proposal for a regulation
Article 31 – paragraph 1

1. Each Member State shall designate one ~~or more~~ competent authorit~~ies~~y as responsible for the application and enforcement of this Regulation. Member States may establish one or more new authorities or rely on existing authorities.

Amendment 651 #

Proposal for a regulation
Article 31 – paragraph 2 – point b

(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected;. It refers particularly to the official statistics authorities and the activity and decisions of the competent authorities designated according to paragraph 1shall not affect their professional independence.

Amendment 652 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have experience ~~in the field of~~, sufficient technical and human resources and expertise in the field of consumer protection, data and electronic communications services.

Amendment 653 #

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have, sufficient technical and human resources and expertise experience in the field of consumer protection, data and electronic communications services.

Amendment 654 #

Proposal for a regulation
Article 31 – paragraph 3 – point d

(d) imposing, through administrative or judicial procedures, dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines;

Amendment 655 #

Proposal for a regulation
Article 31 – paragraph 3 – point i a (new)

(i a) ensuring data sharing is free of charge for consumers;

Amendment 656 #

Proposal for a regulation
Article 31 – paragraph 3 – point i b (new)

(i b) ordering data holders, third parties or data recipients to provide redress, including compensation for damages, to consumers in case of harm;

Amendment 657 #

Proposal for a regulation
Article 31 – paragraph 3 – point i c (new)

(i c) imposing a temporary or definitive limitation including a ban on processing or mandate data sharing to comply with this Regulation;

Amendment 658 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 31 – paragraph 7

7. Member States shall ensure that the designated competent authorities are provided with the necessary technical and human resources to adequately carry out their tasks in accordance with this Regulation.

Amendment 659 #

Proposal for a regulation
Article 31 – paragraph 7 a (new)

7a. The competent authorities shall cooperate with the competent authorities of the other Member States to ensure this Regulation is implemented coherently and efficiently. Such mutual assistance shall include the exchange of all relevant information by secure electronic means without undue delay, in particular for the purpose of carrying out the tasks referred to in paragraph 3(b), (c) and (d).

Amendment 660 #

Virginie JORON, Jean-Lin LACAPELLE, Markus BUCHHEIT

Proposal for a regulation
Article 31 – paragraph 7 b (new)

7b. Entities falling within the scope of this Regulation shall be subject to the jurisdiction of the Member State where the entity is established. In the event that the entity is established in more than one Member State, it shall be deemed to fall under the territorial jurisdiction of all Member States if the entity is a gatekeeper designated pursuant to Article 3 of Regulation (EU) 2022/1925 on fair and competitive markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828.

Amendment 661 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 32 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, ~~where relevant,~~ collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights under this Regulation have been infringed.

Amendment 662 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 32 – paragraph 3

3. Competent authorities shall cooperate to handle and resolve complaints~~, including by~~ effectively and in a timely manner, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.

Amendment 663 #

Proposal for a regulation
Article 32 – paragraph 3

3. Competent authorities shall cooperate to handle and resolve complaints, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.

Amendment 664 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 32 a (new)

Article 32 a Collective Representation Without prejudice to Directive (EU) 2020/1828 or to any other type of representation under national law, recipients of intermediary services shall at least have the right to mandate a body, organisation or association to exercise the rights conferred by this Regulation on their behalf, provided the body, organisation or association meets all of the following conditions: (a) it operates on a not-for-profit basis; (b) it has been properly constituted in accordance with the law of a Member State; (c) its statutory objectives include a legitimate interest in ensuring that this Regulation is complied with.

Amendment 665 #

Proposal for a regulation
Article 32 a (new)

Article 32 a Representation Without prejudice to Directive (EU) 2020/1828 or to any other type of representation under national law, recipients of intermediary services shall at least have the right to mandate a body, organisation or association to exercise the rights conferred by this Regulation on their behalf, provided the body, organisation or association meets all of the following conditions: (a) it operates on a not-for-profit basis; (b) it has been properly constituted in accordance with the law of a Member State; (c) its statutory objectives include a legitimate interest in ensuring that this Regulation is complied with.

Amendment 666 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 32 a (new)

Article 32 a The provider of a product or a related service shall accept any legal proceeding related to an infringement of this Regulation in the language the product or related service was provided in.

Amendment 667 #

Proposal for a regulation
Article 32 b (new)

Article 32 b Right to an effective judicial remedy against a competent authority 1. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy against a legally binding decision of a competent authority concerning them.2. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy where the competent authority does not handle a complaint swiftly or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 32. 3. Proceedings against a competent authority shall be brought before the courts of the Member State of the habitual residence, place of work or establishment of the user or their representative organisation. 4. Where proceedings are brought against a decision of a competent authority which was preceded by an opinion or a decision of the Board in the consistency mechanism, the supervisory authority shall forward that opinion or decision to the court.

Amendment 668 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 32 c (new)

Article 32 c Right to an effective judicial remedy against a controller or processor 1. Without prejudice to any available administrative or non-judicial remedy, including under Directive (EU) 2020/1828 and the righto lodge a complaint with a competent authority pursuant to Article 32b,each user shall have the right to an effective judicial remedy where he or she considers that their rights under this Regulation have been infringed as a result of the non-compliance with this Regulation. 2. Proceedings against a data holder, third party or data recipient shall be brought before the courts of the Member State where the user has their habitual residence, place or work or establishment.

Amendment 669 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL

Proposal for a regulation
Article 33 – paragraph 1

1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive, including administrative fines against enterprises of a minimum of 20 000 000 EUR or 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Amendment 670 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 33 – paragraph 1

Amendment 671 #

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such contractual terms shall be in line with Fair, Reasonable and Non- Discriminatory (FRAND) principles.

Amendment 672 #

Tsvetelina PENKOVA, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Brando BENIFEI, Marc ANGEL, Maria GRAPINI

Proposal for a regulation
Article 34 – paragraph 1 a (new)

The Commission shall, after consulting the European Data Protection Board, issue guidelines on the definition of products to ascertain which devices are included or excluded from the scope of this Regulation in line with the definition of product under Article 2 of this Regulation.

Amendment 673 #

Proposal for a regulation
Article 34 a (new)

Article 34 a Procedural aspects regarding cross- border enforcement of this Regulation 1. Before [one year after the entry into force of this Regulation], the Commission shall adopt a Delegated Act with the view to harmonise procedural aspects of cross- border enforcement to ensure effective and swift redress for consumers and enforcement of this Regulation. These should at least include the following elements: a) Right to lodge a complaint; b) Jurisdiction; c) Definition of "handling a complaint”; d) Deadlines for different stages of the procedure; e) Right to be heard, access to the file and equality of the parties; f) Temporal and material scope of investigations; g) Dispute settlement between authorities in cross-border cases; h) Cooperation with other enforcement networks or regulators at national and EU level, including the European Data Protection Board; i) Any other element identified that ensures effective and swift redress for consumers and enforcement. 2. The Commission shall evaluate whether this Delegated Act should be amended every two years after its adoption.

Amendment 674 #

Proposal for a regulation
Article 41 – paragraph 1 – point a

(a) other categories or types of data to be restricted or made accessible;

Amendment 675 #

Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)

(a a) whether additional protections are needed for users;

Amendment 676 #

Maria da Graça CARVALHO, Tom VANDENKENDELAERE, Arba KOKALARI, Andreas SCHWAB, Pilar del CASTILLO VERA

Proposal for a regulation
Article 41 – paragraph 1 – point b

(b) whether the exclusion of certain categories of enterprises ~~as beneficiaries under Article 5~~from the scope of business to consumer data sharing obligations under Article 7 undermines consumer protection;

Amendment 677 #

Proposal for a regulation
Article 41 – paragraph 1 – point c a (new)

(c a) the interplay between this Regulation, the sector-specific legislation and other relevant Union law, in order to assess any possible conflicting provision, overregulation or legislative gaps;

Amendment 678 #

Proposal for a regulation
Article 41 – paragraph 1 – point e a (new)

(e a) the efficiency and swiftness of enforcement;

Amendment 679 #

Proposal for a regulation
Article 41 – paragraph 1 – point e b (new)

(e b) whether amendments to this Regulation would be advisable.

Amendment 680 #

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [1230 months after the date of entry into force of this Regulation].

source: 738.594

2022/11/14 ITRE 1070 amendments...

Amendment 100 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL

Proposal for a regulation
Recital 2

(2) Barriers to data sharing prevent an optimal allocation of data to the benefit of society. These barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, the economic value of data sets, the costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and abuse of contractual imbalances with regards to data access and use.

Amendment 1000 #

Proposal for a regulation
Article 26 – paragraph 4 a (new)

Amendment 1001 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. Providers of data processing services should not be required to make their services less secure to ensure functional equivalence nor providers of non-infrastructure services be required to meet specifications that do not support security features of their service, unless incases where such change introduces higher security and cybersecurity standards.

Amendment 1002 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State; when such transfer or access poses a concrete risk to the fundamental rights of individuals, the national security or defence interests of Member States, the protection of commercially sensitive data, including trade secrets, intellectual property rights and contractual undertakings regarding confidentiality, without prejudice to paragraph 2 or 3.

Amendment 1003 #

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take ~~all reasonable~~ technical, legal and organisational measures, including contractual arrangements, in order to prevent ~~international transfer or~~third country governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State~~, without prejudice to paragraph 2 or 3~~.

Amendment 1004 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 27 – paragraph 1

Amendment 1005 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Article 27 – paragraph 1

1. Providers of data processing services shall take all ~~reasonable~~necessary technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.

Amendment 1006 #

Proposal for a regulation
Article 27 – paragraph 1

Amendment 1007 #

Proposal for a regulation
Article 27 – paragraph 2

2. Any decision or judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a data holder or provider of data processing services to transfer from or give access to non-personal data within the scope of this Regulation held in the Union may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

Amendment 1008 #

Adriana MALDONADO LÓPEZ, Marcos ROS SEMPERE, Lina GÁLVEZ MUÑOZ, Nicolás GONZÁLEZ CASARES, Eva KAILI

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 1 – introductory part

Amendment 1009 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2

The addressee of the decision may ask the opinion of the Commission, its bodies or relevant competent bodies or authorities, pursuant to this Regulation, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, or may impinge on national security or defence interests of the Union or its Member States.

Amendment 101 #

Proposal for a regulation
Recital 3

(3) In particular in sectors characterised by the presence of micro, small and medium-sized enterprises, there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds it in the system or due to a lack of interoperability between data, between data services or across borders.

Amendment 1010 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 2

The addressee of the decision ~~may~~shall ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine whether these conditions are met, notably when it considers that the decision may relate to commercially sensitive data, or may impinge on national security or defence interests of the Union or its Member States.

Amendment 1011 #

Proposal for a regulation
Article 27 – paragraph 3 – subparagraph 3

The European Data Innovation Board established under Regulation ~~[xxx – DGA]~~(EU) 2022/868 shall advise and assist the Commission in developing guidelines on the assessment of whether these conditions are met.

Amendment 1012 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Article 27 – paragraph 4

4. If the conditions in paragraph 2 or 3 are met, the provider of data processing services shall provide the minimum amount of data permissible in response to a request, based on a ~~reasonable~~n interpretation thereof by the relevant competent body or authority.

Amendment 1013 #

Proposal for a regulation
Article 27 – paragraph 5 a (new)

5 a. In all cases, the user shall be notified when his data is transfered to a third country;

Amendment 1014 #

Proposal for a regulation
Article 27 – paragraph 5 b (new)

5 b. When data is shared between two companies, the user shall be informed.

Amendment 1015 #

Proposal for a regulation
Article 28 – title

Essential requirements regarding interoperability of data spaces

Amendment 1016 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

~~Operator~~Where participants of data spaces offer data ~~spaces shall comply with~~or data-based services to other participants, they shall adhere to, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services by making publicly available comprehensive and consistent descriptions of:

Amendment 1017 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

Operators ofwithin data spaces shall comply with, the following essential requirements applicable to the services offered by the operator, to facilitate interoperability of data, data sharing mechanisms and services:

Amendment 1018 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

Operators ofwithin data spaces shall comply with, the following essential requirements, applicable to the services offered by the operator, to facilitate interoperability of data, data sharing mechanisms and services:

Amendment 1019 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

Amendment 102 #

Proposal for a regulation
Recital 4

(4) In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who~~, other than the manufacturer or other data holder is entitled to access the data generated by products or~~ is entitled to access the data transmitted by connected products or generated during the provision of related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.

Amendment 1020 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

Amendment 1021 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part

OData holders and operators ofwithin data spaces shall comply with, the following essential requirements to facilitate interoperability of data, data sharing mechanisms and services:

Amendment 1022 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a

Amendment 1023 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point a

(a) the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty ~~shall be sufficiently described~~ to allow ~~the re~~participieants to find, access and use the data;

Amendment 1024 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point b

(b) the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists ~~shall be described in a publicly available and consistent manner~~;

Amendment 1025 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c

(c) the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service ~~shall be sufficiently described~~ to enable automatic access and transmission of data between parties, including continuously or in real- time in a machine-readable format and, where relevant, the means and terms for compensation for such access;

Amendment 1026 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point c

Amendment 1027 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d

(d) the means to enable the interoperability of ~~smart~~ contracts for data sharing within their services and activities shall be provided.

Amendment 1028 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d

(d) the means to enable the interoperability of ~~smart~~ contracts for data sharing within their services and activities shall be provided.

Amendment 1029 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d

(d) the means to enable the interoperability of ~~smart~~ contracts for data sharing within their services and activities ~~shall be provided~~.

Amendment 103 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Josianne CUTAJAR, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Recital 4

(4) In order to ~~respond to the needs of the digital economy~~contribute to the digital transition of the Union, a comprehensive harmonisation at Union level is needed to ensure fairness in the allocation of value from data among all actors in the data economy as well asto avoid fragmentation resulting from national legislation, and therefore to create trust in the data sharing environment. Moreover, to foster access to and use of data. and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.

Amendment 1030 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – point d

(d) the means to enable the interoperability of smart contracts for data sharing within their services and activities shall be provided.

Amendment 1031 #

Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 2

Amendment 1032 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Article 28 – paragraph 2

2. The Commission is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by ~~further~~ specifying ~~the~~ essential requirements for harmonised standards referred to in paragraph 1, taking into account, where relevant, positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA].

Amendment 1033 #

Proposal for a regulation
Article 28 – paragraph 2

2. The Commission, in consultation with the European Data Innovation Board in line with the Articles 29and 30 (f)and 30(h) of the Regulation (EU)No 2022/868 is empowered to adopt delegated acts, in accordance with Article 38 to supplement this Regulation by further specifying the essential requirements referred to in paragraph 1.

Amendment 1034 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 28 – paragraph 3

Amendment 1035 #

Amendment 1036 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL

Proposal for a regulation
Article 28 – paragraph 3

3. OData holders and operators ofwithin data spaces that meet the harmonised standards or parts thereof published by reference in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements referred to in paragraph 1 of this Article, to the extent those standards cover those requirements.

Amendment 1037 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Eva KAILI

Proposal for a regulation
Article 28 – paragraph 3 a (new)

3 a. The operators within a particular data space shall agree on the rules by which the accountabilities regarding these requirements are defined between the operators.

Amendment 1038 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, Massimiliano SALINI, Angelika NIEBLER, Pernille WEISS, Adam JARUBAS, Jerzy BUZEK, Salvatore DE MEO, Bartosz ARŁUKOWICZ

Proposal for a regulation
Article 28 – paragraph 3 a (new)

3 a. The operators within a particular data space shall agree on the rules by which the accountabilities regarding these requirements are defined between the operators.

Amendment 1039 #

Proposal for a regulation
Article 28 – paragraph 4

4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article. To address the fragmentation of the internal market and the data economy in the internal market, as requested by the regulation (EU) 2022/868, the European Data Innovation Board should also assist the Commission enhancing cross-border, cross- sector interoperability of data as well as data sharing services between different sectors and domains.

Amendment 104 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Recital 4

(4) In order to respond to the needs of the digital ~~economy~~transition and digital economy, protect consumers and to remove unjustified barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.

Amendment 1040 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Article 28 – paragraph 4

4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article. When drafting the European standards, such organizations should, whenever possible, take into account the standards, good practices, norms, technical specifications and relevant opensource norms which already exist.

Amendment 1041 #

Proposal for a regulation
Article 28 – paragraph 4

4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements under paragraph 1 of this Article and are developed inan and are developed in an open, transparent, technology-neutral, and inclusive manner in accordance with the Chapter II of Regulation (EU) No 1025/2012.

Amendment 1042 #

Proposal for a regulation
Article 28 – paragraph 4

Amendment 1043 #

Proposal for a regulation
Article 28 – paragraph 5

5. The Commission ~~shall~~may, by way of implementing acts, adopt common specifications, where harmonised standards referred to in paragraph 4 of this Article do not exist or in case it considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article, where necessary~~, with respe~~. Prior to adopting those implementing acts t~~o any or all of the requirements laid down in paragraph 1 of this Article. Those implementing acts shall~~he Commission shall seek advice from and take into account relevant positions adopted by the European Data Innovation Board, as referred to in Article 30(f) of Regulation… [DGA] and be adopted in accordance with the examination procedure referred to in Article 39(2).

Amendment 1044 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 28 – paragraph 6

Amendment 1045 #

Proposal for a regulation
Article 28 – paragraph 6

6. The Commission, in consultation with the European Data Innovation Board in line with the Articles 29 and 30(f)and 30(h) of the Regulation (EU) 2022/868 may adopt guidelines laying down interoperability specifications for the functioning of common European data spaces, such as architectural models and technical standards implementing legal rules and arrangements between parties that foster data sharing, such as regarding rights to access and technical translation of consent or permission.

Amendment 1046 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – title

Interoperability and portability for data processing services

Amendment 1047 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – introductory part

1. Open ~~interoper~~portability specifications and European standards for the ~~interoperability of data process~~portability between cloud computing services shall:

Amendment 1048 #

Proposal for a regulation
Article 29 – paragraph 1 – introductory part

1. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall:

Amendment 1049 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – point a

~~(a) be performance oriented towards achieving interoperability between different data processing services that cover the same service type;~~deleted

Amendment 105 #

Proposal for a regulation
Recital 4

(4) In order to respond to the needs of the digital economy, protect consumers and to remove unjustified barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who, other than the manufacturer or other data holder is entitled to access the data generated by products or related services, under which conditions and on what basis. Accordingly, Member States should not adopt or maintain additional national requirements on those matters falling within the scope of this Regulation, unless explicitly provided for in this Regulation, since this would affect the direct and uniform application of this Regulation.

Amendment 1050 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – point a

(a) be performance oriented towards achieving interoperability and portability between different data processing services that cover the same service type;

Amendment 1051 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – point b

(b) enhance interoperability and portability of digital assets between different data processing services that cover the same service type;

Amendment 1052 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 29 – paragraph 1 – point b

(b) enhance portability of data and of digital assets between different data processing services that cover the same service type;

Amendment 1053 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – point c

~~(c) guarantee, where technically feasible, functional equivalence between different data processing services that cover the same service type.~~deleted

Amendment 1054 #

Proposal for a regulation
Article 29 – paragraph 1 – point c

(c) ~~guarante~~facilitate, where technically feasible, functional equivalence between different data processing services that cover the same service type.

Amendment 1055 #

Adriana MALDONADO LÓPEZ, Marcos ROS SEMPERE, Lina GÁLVEZ MUÑOZ, Nicolás GONZÁLEZ CASARES, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 1 – point c a (new)

(c a) include provisions for technical advances which allow for new functions and innovation in data processing services.

Amendment 1056 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 2 – introductory part

2. Open ~~interoper~~portability specifications and European standards for the ~~interoper~~portability of ~~data process~~between cloud computing services shall address:

Amendment 1057 #

Proposal for a regulation
Article 29 – paragraph 2 – introductory part

2. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall address:

Amendment 1058 #

Proposal for a regulation
Article 29 – paragraph 2 – point a

~~(a) the cloud interoperability aspects of transport interoperability, syntactic interoperability, semantic data interoperability, behavioural interoperability and policy interoperability;~~deleted

Amendment 1059 #

Proposal for a regulation
Article 29 – paragraph 2 – point c

(c) the cloud application aspects of application syntactic portability, application instruction portability, application metadata portability, application behaviour portability and application policy portability.deleted

Amendment 106 #

Proposal for a regulation
Recital 5

(5) This Regulation ensures that ~~users of a product~~manufacturers of connected products and providers of related services must design the products and services in a way that users of a connected products or related services in the Union can always access, in a timely manner, the data ~~genera~~transmitted by th~~e use of that product or~~at connected product or generated during the provision of a related service and that those users can use the data for any lawful purpose, including by sharing it~~hem~~ with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that ~~data holders~~, in cases where users cannot access such data directly, data holders make available to the user, upon request, any data transmitted to them by a connected product or data generated during the provision of a related service. It also imposes the obligations on data holders to make data available to data recipients, at the request of the user, in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use ~~for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensu~~. This Regulation also ensures that, where there is an exceptional need and where certain safeguards are being adheresd t~~hat~~o, data holders should make available to public sector bodies of the Member States and to Union institutions, agencies or bodies~~, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest~~. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder or data recipients to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services. transmitted by a connected product or generated during the provision of a related service. Instead, it recognizes that, based on operational, economic, security or other considerations, users may agree to grant access and use permissions over data transmitted by connected products or generated during the provision of related services to data holders, which may often be manufacturers, and which may contractually agree with the user to perform one or more related services, including the storage, management and curation of data transmitted by the connected product.

Amendment 1060 #

Proposal for a regulation
Article 29 – paragraph 3

3. Open ~~interoper~~portability specifications shall comply with paragraph 3 and 4 of Annex II of Regulation (EU) No 1025/2012.

Amendment 1061 #

Proposal for a regulation
Article 29 – paragraph 4

4. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft European standards applicable to specific service types of data processing services. The standardisation shall take into account the needs of small and medium-sized enterprises.

Amendment 1062 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 29 – paragraph 4

Amendment 1063 #

Proposal for a regulation
Article 29 – paragraph 5

5. For the purposes of Article 26(3) of this Regulation, the Commission in consultation with the European Data Innovation Board in line with the Articles 29 and 30(f) and 30(h) of Regulation (EU) 2022/868 shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability of data processing services in central Union standards repository for the interoperability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.

Amendment 1064 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 29 – paragraph 5

5. For the purposes of Article 26(3) of this Regulation, the Commission shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open ~~interoper~~portability specifications and European standards for the interoperability of data processing services in central Union standards repository for the interoperability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.

Amendment 1065 #

Proposal for a regulation
Article 29 – paragraph 5

Amendment 1066 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Article 29 – paragraph 5 a (new)

5 a. All switching, porting and interoperability standards or specifications, as well as implementation of all measures of this regulation, shall ensure compliance with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC, legislation on cyber security, consumer protection, product safety, trade secrets or intellectual property rights, as well as with the accessibility requirements.

Amendment 1067 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – title

30 Essential requirements regarding ~~smart~~ contracts for data sharing

Amendment 1068 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 1 – introductory part

1. The ~~vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment~~offering contractual party of a smart contract~~s for others~~ in the context of an agreement to make data available shall comply with the following essential requirements:

Amendment 1069 #

Proposal for a regulation
Article 30 – paragraph 1 – point a

(a) robustness and access control: ensure that the smart contract has been designed to offer rigorous access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties;

Amendment 107 #

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a product or related service in the Union can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member ~~States and to Union institutions, agencies or bodies~~, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services. (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)

Amendment 1070 #

Proposal for a regulation
Article 30 – paragraph 1 – point a

Amendment 1071 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 1 – point b

(b) safe termination and interruption: ensure that a mechanism exists to terminate the continued execution of transactions: the smart contract shall include internal functions which can reset or instruct the contract to stop or interrupt the operation to avoid future (accidental) executions; in this regard, the conditions under which a smart contract could be reset or instructed to stop or interrupted, should be clearly and transparently defined. Especially, it should be assessed under which conditions non-consensual termination or interruption should be permissible.

Amendment 1072 #

Proposal for a regulation
Article 30 – paragraph 1 – point c

(c) data archiving and continuity: foresee, if a smart contract must be terminated or deactivated, a possibility to archive transactional data, the smart contract logic and code to keep the record of the operations performed on the data in the past (auditability); andeleted

Amendment 1073 #

Proposal for a regulation
Article 30 – paragraph 1 – point c

Amendment 1074 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 1 – point c

(c) data archiving and continuity: foresee, if a smart contract must be terminated or deactivated, ~~a possibility to archiv~~how the transactional data, the smart contract logic and code should be archived in order to keep the record of the operations performed on the data in the past (auditability); ~~and~~

Amendment 1075 #

Proposal for a regulation
Article 30 – paragraph 1 – point d

~~(d) access control: a smart contract shall be protected through rigorous access control mechanisms at the governance and smart contract layers.~~deleted

Amendment 1076 #

Proposal for a regulation
Article 30 – paragraph 1 – point d

~~(d) access control: a smart contract shall be protected through rigorous access control mechanisms at the governance and smart contract layers.~~deleted

Amendment 1077 #

Proposal for a regulation
Article 30 – paragraph 1 – point d

(d) access control: as smart contracts are capable of controlling large amounts of value and data, while running immutable logic based on code deployed on the blockchain, they shall be protected through rigorous access control mechanisms at the governance and smart contract layers.; and

Amendment 1078 #

Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)

(d a) recovery plans: beyond designing security access controls, smart contracts need to address the possibility of malicious exploits by “preparing for failures” and a fallback plan for responding effectively to attacks by incorporating features and components such as, but not limited to, contract upgrades, emergency stops, event monitoring to track calls to smart contract functions and changes to state variables.

Amendment 1079 #

Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)

(d a) transparency of commercial terms: the smart contract offering shall comprehensively describe the commercial terms underlying the agreement, including any conditional commercial terms, such as future changes of commercial terms conditional upon environmental and performance factors

Amendment 108 #

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a product or related service in the Union, including data subjects can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties and for the purposes of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the ~~data hold~~user effectively enjoys, de facto orand de jure, over data generated by products or related services.

Amendment 1080 #

Proposal for a regulation
Article 30 – paragraph 1 – point d b (new)

(d b) The obligations under Article 13 of this Regulation, if applicable.

Amendment 1081 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 2

2. The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of an agreement to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements under paragraph 1 and, on the fulfilment of the requirements, issue an EU declaration of conformity.deleted

Amendment 1082 #

Proposal for a regulation
Article 30 – paragraph 2

Amendment 1083 #

Proposal for a regulation
Article 30 – paragraph 2

2. The ~~vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment~~offering party of a smart contract~~s for others~~ in the context of an agreement to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements under paragraph 1 and, on the fulfilment of the requirements, issue an EU declaration of conformity.

Amendment 1084 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 3

3. By drawing up the EU declaration of conformity, the ~~vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment~~offering party of a smart contract~~s for others~~ in the context of an agreement to make data available shall be responsible for compliance with the requirements under paragraph 1.

Amendment 1085 #

Proposal for a regulation
Article 30 – paragraph 4

4. A smart contract that meets the harmonised standards or the relevant parts thereof drawn up and published in the Official Journal of the European Union shall be presumed to be in conformity with the essential requirements under paragraph 1 of this Article to the extent those standards cover those requirements.deleted

Amendment 1086 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 4

Amendment 1087 #

Proposal for a regulation
Article 30 – paragraph 5

5. The Commission may, in accordance with Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential the requirements under paragraph 1 of this Article.deleted

Amendment 1088 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 30 – paragraph 5

Amendment 1089 #

Proposal for a regulation
Article 30 – paragraph 6

6. Where harmonised standards referred to in paragraph 4 of this Article do not exist or where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross-border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).deleted

Amendment 109 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a product or related service in the Union including data subjects and consumers, can access, in a timely manner, the data generated by the use of that product or related service and that those users can use the data, including by sharing them with third parties and for the purposes of their choice. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for users, micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC and for all other types of enterprises, including start- ups. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by products or related services.

Amendment 1090 #

Proposal for a regulation
Article 30 – paragraph 6

Amendment 1091 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL, Eva KAILI

Proposal for a regulation
Article 30 – paragraph 6

Amendment 1092 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 30 – paragraph 6

6. Where harmonised standards referred to in paragraph 4 of this Article do not exist ~~or w~~, the Commission shall issue a standardisation request in accordance with Article 10 of Regulation 1025/2012. Where the Commission considers that the relevant harmonised standards are insufficient to ensure conformity with the essential requirements in paragraph 1 of this Article in a cross- border context, the Commission may, by way of implementing acts, adopt common specifications in respect of the essential requirements set out in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).

Amendment 1093 #

Proposal for a regulation
Article 30 a (new)

Article 30 a Digital Identity of Internet of Things devices 1. Internet of Thing (IoT) data generating devices, such as machines, sensors, websites or cloud servers, can have a digital identity and electronic attestation of attributes within the meaning of the Regulation (EU) 910/2014 (European Digital Identity Framework). Digital identity of IoT devices shall allow for identification of a device, and for establishment of a relationship between a device and its owner. 2. The European Digital Identity Wallet (EDIW) within the meaning of Article 6a of the Regulation (EU) 910/2014 (European Digital Identity Framework) shall allow for issuing of electronic attestation of attributes of IoT devices that can be associated with the user of the EDIW at his/her request. 3. The Commission shall be empowered by delegated acts to adopt minimum data sets for the digital identity of certain categories of IoT devices and for their electronic attestation of attributes.

Amendment 1094 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Article 31 – paragraph 1

1. Each Member State shall designate ~~one or more~~an independent competent authorit~~ies~~y as responsible for the application and enforcement of this Regulation~~. Member States may establish one or more new authorities or rely on existing~~ and for ensuring and coordinating cooperation with other relevant authorities.

Amendment 1095 #

Proposal for a regulation
Article 31 – paragraph 1

1. Each Member State shall designate one or more competent authorities as responsible for the application and enforcement of this Regulation, with designated responsible competent authority coordinating the work of the competent authorities. Member States may establish one or more new authorities or rely on existing authorities.

Amendment 1096 #

Proposal for a regulation
Article 31 – paragraph 1

Amendment 1097 #

Proposal for a regulation
Article 31 – paragraph 2 – point a a (new)

(a a) the independent supervisory authorities responsible for monitoring the application of Regulation (EU) 2018/1725 shall be responsible for monitoring the application of this Regulation insofar as EU institutions, agencies, or bodies process personal data.

Amendment 1098 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Article 31 – paragraph 2 – point b

(b) for specific sectoral data ~~exchange~~access issues related to the implementation of this Regulation, ~~the competence of sectoral authorities shall be respected;~~ in particular with regard to data access requirements under Article 3 of this Regulation, the competence of sectoral authorities shall be respected, unless a conflict of competences inhibits the ability of the competent authorities under this Regulation to enforce the rights and obligations of this Regulation;

Amendment 1099 #

Proposal for a regulation
Article 31 – paragraph 2 – point b

(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected; It refers particularly to the official statistics authorities and the activity and decisions of the competent authorities designated according to paragraph 1 shall not affect their professional independence.

Amendment 110 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 5

(5) This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice, either directly or through data intermediation services. It imposes the obligation on the data holder to make data available to users and third parties nominated by the users in certain circumstances. It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and in a transparent manner. Private law rules are key in the overall framework of data sharing. Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair data access and use for micro, small or medium-sized enterprises within the meaning of Recommendation 2003/361/EC. This Regulation also ensures that data holders make available to public sector bodies of the Member States and to Union institutions, agencies or bodies, where there is an exceptional need, the data that are necessary for the performance of tasks carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and data sharing mechanisms and services in the Union. This Regulation should not be interpreted as recognising or creating any legal basis for the data holder to hold, have access to or process data, or as conferring any new right on the data holder to use data generated by the use of a connected product or related service. Instead, it takes as its starting point the control that the data holder effectively enjoys, de facto or de jure, over data generated by connected products or related services.

Amendment 1100 #

Proposal for a regulation
Article 31 – paragraph 2 – point b

(b) for specific sectoral data exchange issues related to the implementation of this Regulation, the competence of sectoral authorities shall be respected, including that of the competent authorities established under the Common European Data Spaces;

Amendment 1101 #

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of ~~Chapter VI of~~ this Regulation shall have experience in the field of data, including non-personal data, and electronic communications services.

Amendment 1102 #

Proposal for a regulation
Article 31 – paragraph 2 – point c

Amendment 1103 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND, Ivo HRISTOV

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have experience, sufficient technical and human resources and expertise in the field of data and electronic communications services.

Amendment 1104 #

Proposal for a regulation
Article 31 – paragraph 2 – point c

(c) the national competent authority responsible for the application and enforcement of Chapter VI of this Regulation shall have technical and human resources and experience in the field of data and electronic communications services.

Amendment 1105 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Article 31 – paragraph 3 – introductory part

3. Member States shall ensure that the respective tasks and powers of the competent authorities designated pursuant to paragraph 1 of this Article are clearly defined and shall at least include:

Amendment 1106 #

Eva KAILI, Miapetra KUMPULA-NATRI

Proposal for a regulation
Article 31 – paragraph 3 – point a a (new)

(a a) coordinating the relevant cooperation with other authorities;

Amendment 1107 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 – paragraph 3 – point b

(b) handling complaints arising from alleged violations of this Regulation, and investigating, to the extent appropriate, the subject matter of the complaint and regularly and meaningfully informing the complainant of the progress and the outcome of the investigation swiftly within a reasonable period, in particular if further investigation or coordination with another competent authority is necessary;

Amendment 1108 #

Proposal for a regulation
Article 31 – paragraph 3 – point b

(b) handling complaints arising from alleged violations of this Regulation, and investigating, to the extent appropriate, the subject matter of the complaint and informing the complainant of the progress and the outcome of the investigation within ~~a reasonable period~~six months, in particular if further investigation or coordination with another competent authority is necessary;

Amendment 1109 #

Proposal for a regulation
Article 31 – paragraph 3 – point d

(d) imposing, through administrative procedures, ~~dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines~~fines which cannot be retroactive;

Amendment 111 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Recital 6

(6) Data generation is a function of the rdes~~ult of the actions of at least two actors, the designer or manufactur~~ign of a connected product, in particular the inclusion of sensors and processing software within the device, of the actions of the user and, depending on the operating modalities, of the provision of one or more related service. In addition, many connected products, for example in the civil infrastructure, energy generation or transport sectors are recording data about their environment or interaction with other elements of that infrastructure without any actions by the user ofr a ~~product and~~ny third party. Such data may often be non-personal in nature and valuable for the user ofr th~~at product. It~~ird parties, which can use it to improve their operations, the overall functioning of a network or system or by making it available to create new products or services. This gives rise to questions of fairness in the digital economy, because the data ~~record~~generated and transmitted by such products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data ~~as a non-rival good~~for the user, as well as for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use.

Amendment 1110 #

Proposal for a regulation
Article 31 – paragraph 3 – point d

(d) imposing, through administrative or juridical procedures, dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines;

Amendment 1111 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 – paragraph 3 – point e

(e) monitoring technological developments of relevance for the making available and use of data with a view of better enforcing this Regulation; ;

Amendment 1112 #

Proposal for a regulation
Article 31 – paragraph 3 – point e

(e) monitoring technological developments of relevance for the making available and use of data with a view of better enforcing this Regulation;

Amendment 1113 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 – paragraph 3 – point e

(e) monitoring technological and commercial developments of relevance for the making available and use of data;

Amendment 1114 #

Proposal for a regulation
Article 31 – paragraph 3 – point f

(f) cooperating with competent authorities of other Member States to ensure the consistent swift and effective application of this Regulation, including the exchange of all relevant information by electronic means, in a timely manner without undue delay;

Amendment 1115 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Article 31 – paragraph 3 – point g

(g) ~~ensuring the online public availability of requests for access to data made by public sector bodies in the case of public emergencies under~~coordinating requests made by public sector bodies to private sector to access data, according to Chapter V;.

Amendment 1116 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 – paragraph 3 – point h

(h) cooperating with all relevant competent authorities and the European Data Protection Board and the European Data Innovation Board to ensure that the obligations ~~of Chapter VI~~under this Regulation are enforced consistently with other Union legislation ~~and self-regulation~~ applicable to providers of data processing service;

Amendment 1117 #

Proposal for a regulation
Article 31 – paragraph 3 – point h

(h) cooperating with all relevant competent authorities and the European Data the European Data Innovation Board to ensure that the obligations of ~~Chapter VI~~this Regulation are enforced consistently with other Union legislation and se~~lf-regulation applicable to providers of data processing service;~~ctor specific data governance rules and regulations

Amendment 1118 #

Proposal for a regulation
Article 31 – paragraph 3 – point i a (new)

(i a) ensuring data sharing is free of charge for consumers; ordering data holders, third parties or data recipients to provide redress, including compensation for damages, to consumers in case of harm; imposing a temporary or definitive limitation including a ban on processing or mandate data sharing to comply with this Regulation;

Amendment 1119 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, Adam JARUBAS, Massimiliano SALINI, Angelika NIEBLER, Pernille WEISS, Jerzy BUZEK, Bartosz ARŁUKOWICZ, Salvatore DE MEO

Proposal for a regulation
Article 31 – paragraph 4

4. Where a Member State designates more than one competent authority, the competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 3 of this Article, cooperate with each other, including, as appropriate, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679, to ensure the consistent application of this Regulation. In such cases, relevant Member States shall designate a coordinating competent authority.deleted

Amendment 112 #

Proposal for a regulation
Recital 6

Amendment 1120 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 – paragraph 4

4. Where a Member State designates more than one competent authority, the competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 3 of this Article, cooperate with each other, including, as appropriate, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679, to ensure the consistent application of this Regulation. In such cases, relevant Member States shall designate a coordinating, responsible competent authority.

Amendment 1121 #

Eva KAILI, Miapetra KUMPULA-NATRI

Proposal for a regulation
Article 31 – paragraph 6

6. When carrying out their tasks and exercising their powers in accordance with this Regulation, the competent authorities shall be independent and remain free from any external influence, whether direct or indirect, and shall neither seek nor take instructions from any other public authority or any private party.

Amendment 1122 #

Proposal for a regulation
Article 31 – paragraph 7 a (new)

7 a. Competent authorities shall cooperate with competent authorities of other Member States to ensure a consistent and efficient application of this Regulation. Such mutual assistance shall include the exchange of all relevant information by electronic means, without undue delay, in particular to carry out the tasks referred to in paragraph (3), points (b), (c) and (d);

Amendment 1123 #

Proposal for a regulation
Article 31 – paragraph 7 b (new)

7 b. Entities falling within the scope of this Regulation shall be subject to the jurisdiction of the Member State where the entity is established. In case the entity is established in more than one Member State, it shall be deemed to be under the jurisdiction of the Member State in which business footprint, as measured by the number of employees registered or revenues generated in that Member State is largest.

Amendment 1124 #

Proposal for a regulation
Article 31 – paragraph 7 c (new)

7 c. An entity falling within scope of this Regulation that offers products or services in the Union but is not established in the Union, nor has designated a legal representative therein, shall be under the jurisdiction of all Member States, where applicable, for the purposes of ensuring the application and enforcement of this Regulation. Any competent authority may exercise its competence, provided that the entity is not subject to enforcement proceedings for the same facts by another competent authority.

Amendment 1125 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 31 a (new)

Article 31 a The role of the European Data Protection Board and the European Data Innovation Board The European Data Protection Board and the European Data Innovation Board in cooperation with the European Public Data Commons body shall foster the mutual exchange of information amongst competent authorities as well as advise and assist the Commission in matters falling under this Regulation that fall within their respective competences.

Amendment 1126 #

Proposal for a regulation
Article 31 a (new)

Article 31 a Role of the European Data Innovation Board The European Data Innovation Board should foster the mutual exchange of information amongst competent authorities as well as advise and assist the Commission in matters of this Regulation falling under the competences of the Board in line with Article 30 of Regulation (EU) 2022/868

Amendment 1127 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND, Lina GÁLVEZ MUÑOZ, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 32 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or~~, where relevant~~ , collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights or the obligations under this Regulation have been infringed.

Amendment 1128 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 32 – paragraph 2

2. The competent authority with which the complaint has been lodged shall inform the complainant in accordance with national law of the progress of the proceedings and of the decision taken.

Amendment 1129 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Article 32 – paragraph 3

3. Competent authorities shall cooperate early in the process to handle and resolve complaints~~, including by~~ effectively and in a timely manner, including by setting reasonable deadlines for adopting formal decisions, ensuring equality of the parties, ensuring the right to be heard from complainants and access to the file throughout the process, exchanging all relevant information by electronic means, without undue delay. This cooperation shall not affect the specific cooperation mechanism provided for by Chapters VI and VII of Regulation (EU) 2016/679.

Amendment 113 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 6

Amendment 1130 #

Proposal for a regulation
Article 32 – paragraph 3

Amendment 1131 #

Proposal for a regulation
Article 32 a (new)

Amendment 1132 #

Proposal for a regulation
Article 32 b (new)

Article 32 b Right to an effective judicial remedy against a competent authority 1. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy against a legally binding decision of a competent authority concerning them. 2. Without prejudice to any other administrative or non-judicial remedy, each user shall have the right to an effective judicial remedy where the competent authority does not handle a complaint swiftly or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 32. 3. Proceedings against a competent authority shall be brought before the courts of the Member State of the habitual residence, place of work or establishment of the user or their representative organisation. 4. Where proceedings are brought against a decision of a competent authority which was preceded by an opinion or a decision of the Board in the consistency mechanism, the supervisory authority shall forward that opinion or decision to the court.

Amendment 1133 #

Proposal for a regulation
Article 32 c (new)

Amendment 1134 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Article 33 – title

~~Penalti~~Fines

Amendment 1135 #

Proposal for a regulation
Article 33 – paragraph 1

1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive, including administrative fines against enterprises of a minimum of 20 000 000EUR or 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Amendment 1136 #

Proposal for a regulation
Article 33 – paragraph 1

1. Member States shall lay down the rules on ~~penalti~~fines applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The ~~penalti~~fines provided for shall be effective, proportionate and dissuasive.

Amendment 1137 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. Member States shall take into account the following non-exhaustive criteria for the imposition of penalties for infringements of this Regulation: (a) the nature, gravity, scale and duration of the infringement; (b) any action taken by the infringing party to mitigate or remedy the damage caused by the infringement; (c) any previous infringements by the infringing party; (d) the financial benefits gained or losses avoided by the infringing party due to the infringement, insofar as such benefits or losses can be reliably established; (e) any other aggravating or mitigating factors applicable to the circumstances of the case.

Amendment 1138 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Article 33 – paragraph 2

2. Member States shall by [date of application of the Regulation] notify the Commission, the European Data Protection Board and the European Data Innovation Board of those rules and measures and shall notify ithem without delay of any subsequent amendment affecting them. The Commission shall regularly update and maintain an easily accessible public register of those measures.

Amendment 1139 #

Proposal for a regulation
Article 33 – paragraph 2

2. Member States shall by [date of application of the Regulation] notify the Commission , the European Data Protection Board and the European Data Innovation Boardof those rules and measures and shall notify it them without delay of any subsequent amendment affecting them. The Commission shall regularly update and maintain an easily accessible public register of those measures.

Amendment 114 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 6

(6) Data generation is the result of the actions of at least two actors, the designer or manufacturer of a product, and where different from the manufacturer the provider of related services for the connected product and the user of that connected product. It gives rise to questions of fairness in the digital economy, because the data recorded by such connected products or related services are an important input for aftermarket, ancillary and other services. In order to realise the important economic benefits of data as a non-rival good for the economy and society, a general approach to assigning access and usage rights on data is preferable to awarding exclusive rights of access and use.

Amendment 1140 #

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use and standard contractual clauses for cloud computing contracts to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such model contractual terms shall address at least the following elements: (a) right to early termination of the contract and to switch operator and modalities to effect such switch; (b) right for the user of a connected product to suppress use of data transmitted from the connected product; (c) data retention and storage policies; (d) readability of the data for the user, including information on metadata and decryption.

Amendment 1141 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND, Lina GÁLVEZ MUÑOZ, Josianne CUTAJAR, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Where appropriate, these contractual terms should be developed and standardised in open, structured, expandable and machine-readable formats to ensure that the contract terms of data access can be stored and processed digitally.

Amendment 1142 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such contractual terms shall be in line with Fair, Reasonable and Non- Discriminatory (FRAND) principles.

Amendment 1143 #

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. These non-binding contractual terms shall be openly freely available in easily usable electronic format.

Amendment 1144 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 34 – paragraph 1

The Commission shall develop and recommend non-binding model contractual terms on data access and use to assist parties in drafting and negotiating contracts with balanced contractual rights and obligations. Such contractual terms shall be in line with Fair, Reasonable and Non- Discriminatory(FRAND) principles.

Amendment 1145 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Article 34 – paragraph 1 a (new)

Amendment 1146 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Article 35 – paragraph 1

In order not to hinder the exercise of the right of users to access and use such data in accordance with Article 4 of this Regulation or of the right to share such data with third parties in accordance with Article 5 of this Regulation, the sui generis right provided for in Article 7 of Directive 96/9/EC ~~does not apply to databases containing data obtained from or generated by the use of a product or a~~shall not entitle the data holder or proprietor of a sui generis right to prohibit the access and use of data that is permitted under this regulat~~ed service~~ion.

Amendment 1147 #

Proposal for a regulation
Article 35 – paragraph 1 a (new)

The right of the maker of a databaseas provided for in Article 7(1) of Directive 96/9/EC shall not be exercised by data holders in such away that it prevents them from making data available to public sector bodies, or Union institutions, agencies or bodies, subsequent to a request made under Article 14 of this Regulation.

Amendment 1148 #

Proposal for a regulation
Article 41 – paragraph 1 – point a

(a) ofurther specifying categories or types of data to be made accessible;

Amendment 1149 #

Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)

(a a) the use of data by users, including making them available to third parties as well as the development of the modalities of data sharing, including competitive dynamics in data spaces and data intermediation services;

Amendment 115 #

Proposal for a regulation
Recital 6 a (new)

(6 a) New statutory obligations on the sharing of data need to be carefully lineated with the Union’s competition framework and maintain companies’ ability to protect their competitive assets and encourage companies to innovate new digital services.

Amendment 1150 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Article 41 – paragraph 1 – point a a (new)

(a a) the administrative burden imposed on the industry and the ability of the industry to comply with this Regulation, in particular with Chapter II thereof.

Amendment 1151 #

Proposal for a regulation
Article 41 – paragraph 1 – point b a (new)

(b a) the exclusion of trade secrets in Article 4(3) and Article 5(8);

Amendment 1152 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Lina GÁLVEZ MUÑOZ, Josianne CUTAJAR, Eva KAILI, Ivo HRISTOV, Nicolás GONZÁLEZ CASARES, Adriana MALDONADO LÓPEZ

Proposal for a regulation
Article 41 – paragraph 1 – point b a (new)

(b a) the exclusion of trade secrets in Article 4(3) and Article 5(8)

Amendment 1153 #

Proposal for a regulation
Article 41 – paragraph 1 – point e a (new)

(e a) evaluation of the impacts of this Regulation to the development of business practices and monetisation practices of the European data economy and possible needs for reviewing the Regulation.

Amendment 1154 #

Proposal for a regulation
Article 41 – paragraph 1 – point e a (new)

(e a) the contribution of this Regulation to ensuring the economic attractiveness of the collection and use of high quality data sets by European companies.

Amendment 1155 #

Proposal for a regulation
Article 41 – paragraph 1 – point e b (new)

(e b) the contribution of this Regulation to innovation and to promoting the development of high-tech start-ups and SMEs, as well as to enabling access for European users to state-of-the-art computing services.

Amendment 1156 #

Proposal for a regulation
Article 41 – paragraph 1 – point e c (new)

(e c) whether other models than the gradual abolition of the switching charges as set out in Article 25 should be preferred, as these may achieve a more appropriate balance between user interests and the interests of the providers of cloud computing services, especially if such providers are start-ups, micro- enterprises or SMEs.

Amendment 1157 #

Proposal for a regulation
Article 41 – paragraph 1 a (new)

On the basis of that report, the Commission shall, where appropriate, submit a legislative proposal to the Parliament and the Council to amend this Regulation.

Amendment 1158 #

Salvatore DE MEO, Massimiliano SALINI

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [1236 months after the date of entry into force of this Regulation].

Amendment 1159 #

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [124 months after the date of entry into force of this Regulation].

Amendment 116 #

Proposal for a regulation
Recital 7

(7) The fundamental right to the protection of personal data is safeguarded in particular under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. Directive 2002/58/EC additionally protects private life and the confidentiality of communications, including providing conditions to any personal and non- personal data storing in and access from terminal equipment. These instruments provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data. This Regulation complements and is without prejudice to Union law on data protection and privacy, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications. This Regulation should not be read as creating a new legal basis for the processing of personal data for any of the regulated activities, or as amending the information requirements laid down in Regulation (EU) 2016/679. In the event of a conflict between this Regulation and Union law on the protection of personal data or national law adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data should prevail.

Amendment 1160 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [124 months after the date of entry into force of this Regulation].

Amendment 1161 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Dragoş TUDORACHE, Morten LØKKEGAARD

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [124 months after the date of entry into force of this Regulation].

Amendment 1162 #

Proposal for a regulation
Article 42 – paragraph 2

It shall apply from [128 months after the date of entry into force of this Regulation].

Amendment 1163 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ, Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 42 – paragraph 2 a (new)

The obligation resulting from Article 3(1) shall apply retroactively to connected products placed on the market within 5 years prior to the entry into force of this Regulation, only when the manufacturer or provider of related service is able to remotely deploy mechanisms to ensure the fulfilment of the requirements pursuant to Article 3(1) and only when the deployment of such mechanisms would not place a disproportionate burden on the manufacturer or provider of related services.

Amendment 1164 #

Proposal for a regulation
Article 42 – paragraph 2 a (new)

The obligation resulting from Article 3(1) shall apply to products and related services placed on the market from ... [12 months after the date of application of this Regulation].

Amendment 117 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Recital 7

(7) The fundamental right to the protection of personal data is safeguarded in particular under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. Directive 2002/58/EC additionally protects private life and the confidentiality of communications, including providing conditions to any personal and non- personal data storing in and access from terminal equipment. These instruments provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data. This Regulation complements and is without prejudice to Union law on data protection and privacy, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications. When a conflict between this Regulation and Union law on the protection of personal data and privacy or national laws adopted in accordance with relevant Union law arises , the relevant Union or national laws on the protection of personal data and privacy should prevail.

Amendment 118 #

Proposal for a regulation
Recital 7 a (new)

(7 a) This Regulation complements and is without prejudice to the Union and national laws providing for the access to and enabling to use data for statistical purposes, in particular Regulation 223/2009 on European Statistics and its related legal acts as well as national legal acts related to official statistics.

Amendment 119 #

Proposal for a regulation
Recital 8

(8) The principles of data minimisation and privacy and data protection by design and by default are essential ~~when~~as processing ~~involves~~can lead to significant risks to the fundamental rights of individuals. Taking into account the state of the art, all parties to data sharing, including where within scope of this Regulation, should implement technical and organisational measures to protect these rights. Such measures include not only pseudonymisation and encryption, but also the use of increasingly available technology that permits algorithms to be brought to the data and allow valuable insights to be derived without the transmission between parties or unnecessary copying of the raw or structured data themselveseffectively protect and facilitate the exercise of data subjects' rights. Such measures include not only deletion and anonymisation where possible, and aggregation and pseudonymisation where the aforementioned are not possible to fulfil the purposes of the processing, as well as and encryption.

Amendment 120 #

Proposal for a regulation
Recital 9 a (new)

(9 a) This Regulation acknowledges that in some situations a user can benefit from the legal protection of consumer law, but by acting in a non-professional capacity a natural person should also benefit from the protections offered by the rules on fairness in data sharing contracts applicable to enterprises. A typical example would be the prosumers, who as natural persons do acquire equipment under the consumer protection framework but use it to generate electricity and sell excess back to the grid operator without being in the framework of a trade, business, craft or profession, thus generating non-personal data that should be opened for sharing under fair terms. To that regard, when acting under another role than consumer, users that are natural persons should benefit from the opportunities and legal certainty offered to enterprises.

Amendment 121 #

Christian EHLER, Angelika NIEBLER, Jens GIESEKE

Proposal for a regulation
Recital 11

~~(11) Union law setting physical design and data requirements for products to be placed on the Union market should not be affected by this Regulation.~~deleted

Amendment 122 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 11

(11) Union law setting physical design and data requirements for connected products to be placed on the Union market should ~~not be affec~~be complemented by this Regulation.

Amendment 123 #

Proposal for a regulation
Recital 13 a (new)

(13 a) This Regulation aims at strengthening the position and business models of third parties, for example suppliers, through a horizontal approach. To ensure a stronger balance between manufacturers and suppliers and to account for the specific situation and complexity of the respective sector, this Regulation shall be followed by sectoral legislations, for example the mobility data space. These legislations shall set out further rules for the right for suppliers to improved or direct access to data from their own smart components for issues such as quality monitoring, product development or safety improvements and clarifies the role of providers of components in relation to connected products.

Amendment 124 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, François-Xavier BELLAMY, Massimiliano SALINI, Pernille WEISS, Angelika NIEBLER, Salvatore DE MEO

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as tThe data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. In scope are data in raw form (also known as source or primary data, which refers to data points that are automatically generated without any form of processing) as well as prepared data (data cleaned and transformed for the purpose of making it useable prior to further processing and analysis). The Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medicalm ‘prepared data’ should be interpreted broadly, without however reaching the stage of deriving or inferring insights. Prepared data may include data enriched with metadata, combined with other data (e.g. sorted and classified with other data points relating to it) or re-formatted into a commonly-used format. Such data are potentially valuable to the user and support innovation and the~~alth devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while~~ development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. By contrast, information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data ~~are potentially valuable to the user and support innov~~is not generated by the use of the product, but is the outcome of a characterisation, a~~nd the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.~~ ssessment, recommendation, categorisation or similar systematic processes that assign values or insights to a user or product. Data that is constitutive of a trade secret should only be made available to a data user or third party if all the necessary measures to protect the confidentiality of the trade secrets have been taken by the third party.

Amendment 125 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components, including sensors, or embedded operating systems, data concerning their performance, use or environment and that are able to communicate that data via a ~~publicly~~n available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.

Amendment 126 #

Proposal for a regulation
Recital 14

(14) P~~hysical p~~roducts that obtain, generate or collect, by means of their design and components, data concerning their performance, use or environment and that are able to communicate that data ~~via a publicly available electronic communications service~~ (often referred to as the Internet of Things) should be covered by this Regulation. ~~Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles~~Such connected products are found in all aspects of the economy and society, including in private, civil or commercial infrastructure, vehicles, ships, aircraft, home equipment and consumer goods, medical and health devices, or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scop or energy production and transmission facilities. Transmissible data obtained, generated or collected by a connected product should always be accessible to the owner of the product, or a third party to whom the owner of the product has transferred certain rights to the product based on a rental or lease contract. The owner or such third party shall be referred to as the user for the purpose of this Rregulation. ~~Such data are potentiall~~These access rights shall in no way valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in questionter or interfere with the fundamental rights of data subjects, who may be interacting with connected product, to personal data generated by the product. Manufacturers' design choices, the users’ demands and, where relevant, sectoral legislation to address sector-specific needs and objectives determine which data is transmissible from the connected product.

Amendment 127 #

Christophe GRUDLER, Dominique RIQUET, Valérie HAYER, Sandro GOZI

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Metadata under Chapter II means the metadata that the data holder uses for its own purpose, without any obligation to register or store metadata additionally. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. ~~The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data~~Conversely, products related with services subject to specific union law setting out rights and obligations on data access, such as Directive (EU) 2015/2366 should not be covered by Chapter II of this Regulation. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while volatile and only locally processed data and information derived or inferred from data that falls under the scope of this Regulation, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. Information derived or inferred from this data, where lawfully held, should not be considered within the scope of this Regulation.

Amendment 128 #

Proposal for a regulation
Recital 14

Amendment 129 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components or operating system, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation, with the exception of prototypes or unless that data are lawfully processed using the product’s own computing capacity. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question. This Regulation applies to products placed on the market in the Union and thus does not apply to products in development stage such as prototypes.

Amendment 130 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Josianne CUTAJAR, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components or operating systems or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation with the exception of prototypes. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.This Regulation applies to products placed on the marketin the Union and thus does not apply to products in development stage such as prototypes.

Amendment 131 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Recital 14

Amendment 132 #

Proposal for a regulation
Recital 14

(14) Physical products that obtain, generate or collect, by means of their components or embedded software, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land- based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.

Amendment 133 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 14 a (new)

(14 a) The data represent the digitalisation of user actions and events. These data are potentially valuable to the user and should accordingly always be accessible to the user. Data generated by the use of a connected product or related service include data recorded intentionally by the user or as a by- product of the users’ actions and events. Such data can also be generated or recorded without any action by the user, such as when the product is in ‘standby mode’ or switched off, including diagnostics data and data captured by embedded applications of sensors. Such data should include data in the form and format in which they are generated by the product, and made available in a comprehensible, structured and machine- readable format, including the relevant metadata. This Regulation should cover only raw data, that is either collected or intended to be collected by the data holder. The data resulting from any software process that calculates derivative data shall be excluded from the scope, as such data and software process may be subject to intellectual property rights.

Amendment 134 #

Proposal for a regulation
Recital 14 a (new)

(14 a) In order to foster innovation and the development of new products and services, it should be specified that products and services that are not ready to be placed on the market because they are still under development, including prototypes, should not fall under the scope of this Regulation.

Amendment 135 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Recital 15

(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phonontent, or data obtained, generated or collected by the connected product or transmitted to it for the purpose of storage or processing on behalf of third parties, cam~~eras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps~~ongst others for the use by an online service should not be covered by this Regulation.

Amendment 136 #

Proposal for a regulation
Recital 15

Amendment 137 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 15

(15) In contrast, certain products ~~that~~ are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service ~~should not be covered by this Regu~~and are often covered by intellectual property rights and electronic communications services legislation. Such products include, for example, personal computers, servers, tablets and smart phones, smart televisions, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. All these connected products have also a strong element of collection of data on how the products operate, such as proximity sensors, accelerometer or gyroscope, the collection of these data being of potential value in improving the performance of the connected products or related services. These non-personal data referring to the functionality of connected products should be included in the scope of this Regulation and should exclude all content data regulated by Union and national law and data concerning intellectual property and electronic communications services.

Amendment 138 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, Massimiliano SALINI, Adam JARUBAS, Pernille WEISS, Jerzy BUZEK, Salvatore DE MEO, Bartosz ARŁUKOWICZ, Angelika NIEBLER, François-Xavier BELLAMY

Proposal for a regulation
Recital 15

(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Likewise defence related products as defined in Article 3(1) of Directive 2009/43 should not be covered by this Regulation.

Amendment 139 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Recital 15

(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps. Overall, existing contracts governing data sharing should be exempted from this Regulation.

Amendment 140 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Recital 15 a (new)

(15 a) The use and access to sensitive data generated by a product regulated by a specific sectoral rules is without prejudice to those rules.

Amendment 141 #

Proposal for a regulation
Recital 16

(16) It is also necessary to lay down rules applying to ~~connected products that incorporate or are interconnected with a service in such a way that the absence of the service would prevent the~~providers of related services that are interconnected with a connected product and that are necessary in order for the connected product ~~from~~to perform~~ing its functions. Such related services can be part of the sale, rent or lease agreement, or such~~ one or more of its functions and which involve the transfer of data between the connected product and the provider the related services. Where a provider of related services receives data from a connected product or has access to data generated during the provision of the related services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnectednd has the right to use this non-personal data, in accordance with Article 4(6), it should be considered a data holder. The provision of related services may themselves generate data of value to the user independently of the data collection capabilities of the product. Such data may represent the digitalisation of user actions and events and should accordingly be accessible to the user. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, including particular through facilitating the maintenance and repair of the products in question or the development of products or services. Information derived or inferred from this data by the data holder or another third party after it has been transmitted from the connected product, should not be considered within scope of this Regulation. This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the provision of a related service is necessary to maintain the functional operation of the connected product, supply of service forms part of the sale, rent or lease contract, this Regulation should apply.

Amendment 142 #

Valter FLEGO

Proposal for a regulation
Recital 16

(16) It is necessary to lay down rules applying to connected products that, at the time of the sale, rental or leasing agreement incorporate or are interconnected with a service in such a way that the absence of the service would prevent the product from performing ~~its~~one of its main functions. Such related services can be part of the sale, rent or lease agreement, ~~or such services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and~~ taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnected. Neither the power supply nor the supply of the connectivity are to be interpreted as related services under this Regulation. This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the supply of service forms part of the sale, rent or lease contract, this Regulation should apply. For the sake of legal certainty, electronic communications services are not in scope.

Amendment 143 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 16

(16) It is necessary to lay down rules applying to connected products that, at the time of the sale, rental or leasing agreement incorporate or are interconnected with a service in such a way that the absence of the service would prevent the product from performing ~~its~~one of its main functions. Such related services can be part of the sale, rent or lease agreement, or such services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnected. Neither the power supply nor the supply of the connectivity are to be interpreted as related services under this Regulation This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the supply of service forms part of the sale, rent or lease contract, this Regulation should apply. It should be specified that electronic communications services are not under the scope of this Regulation.

Amendment 144 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Recital 16

(16) It is necessary to lay down rules applying to connected products that, at the time of the sale, rental or leasing agreement incorporate or are interconnected with a service in such a way that the absence of the service would prevent the product from performing ~~its~~one of its main functions. Such related services can be part of the sale, rent or lease agreement, or such services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the product with which they are interconnected. Neither the power supply nor the supply of the connectivity are to be interpreted as related services under this Regulation. This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the supply of service forms part of the sale, rent or lease contract, this Regulation should apply. For the sake of legal certainty, electronic communication services are not in scope.

Amendment 145 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 16

(16) It is necessary to lay down rules applying to connected products that ~~incorporate or~~ are interconnected with a service in such a way that the absence of the service would prevent the product from performing its functions. Such related services can be part of the sale, rent or lease agreement, or such services are normally provided for products of the same type and the user could reasonably expect them to be provided given the nature of the product and taking into account any public statement made by or on behalf of the seller, renter, lessor or other persons in previous links of the chain of transactions, including the manufacturer. These related services may themselves generate data of value to the user independently of the data collection capabilities of the connected product with which they are interconnected. This Regulation should also apply to a related service that is not supplied by the seller, renter or lessor itself, but is supplied, under the sales, rental or lease contract, by a third party. In the event of doubt as to whether the supply of service forms part of the sale, rent or lease contract, this Regulation should apply.

Amendment 146 #

Proposal for a regulation
Recital 17

Amendment 147 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Marina KALJURAND

Proposal for a regulation
Recital 17

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, ~~but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights~~including data processed using the product’s own computing capacity.

Amendment 148 #

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, ~~but not pertain to data resulting from any softwa~~including data pre -process ~~that calculates derivative data from such data as such software process may be subject to intellectual property rights.~~ed using the product’s own computing capacity

Amendment 149 #

Christophe GRUDLER, Dominique RIQUET, Valérie HAYER, Sandro GOZI

Proposal for a regulation
Recital 17

(17) Data ~~generated by the use of a product or related service include data recorded intentionally by the user. Such data include also~~transmitted by a connected product or generated during the provision of a related service include data obtained, recorded or otherwise generated by the product according to the users intentions and data generated as a by- product of the user’s action, such as diagnostics data, and data generated without any action by the user, ~~such as~~in particular data about the connected product’s environment or interactions, including when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product~~, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.~~ and be compiled in a comprehensible, structured, commonly used and machine-readable format and including the relevant metadata, but not pertain to data that is demonstrated to be subject to intellectual property rights. The description about what data is transmissible by the connected product may refer to the specific data, where relevant, that is subject to intellectual property rights. Where data is transferred in an encrypted format, the user should be provided with all necessary means to decrypt such data and make it accessible.

Amendment 150 #

Proposal for a regulation
Recital 17

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, and without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights. Functional system data, meaning data related to the internal functioning of the product, in particular regarding interfaces between components, do not present any interest for users but can expose EU companies' know-how and and therefore the EU strategic, technological and competitiveness interests. Such data should therefore be excluded from the scope of this Regulation.

Amendment 151 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Recital 17

(17) Data generated by the use of a product or related service include data recorded intentionally by the user. Such data include also data generated as a by- product of the user’s action, such as diagnostics data, ~~and~~sensor-generated data or data captured by embedded applications, and data recorded by a device without any action by the user, such as when the product is in ‘standby mode’, and data recorded during periods when the product is switched off. Such data should include data in the form and format in which they are generated by the product, but not pertain to data resulting from any software process that calculates derivative data from such data as such software process may be subject to intellectual property rights.

Amendment 152 #

Proposal for a regulation
Recital 17 a (new)

(17 a) It is important that the regulation will not hold back the development of edge computing and other efficient technologies needed for e.g. improving energy efficiency. Data generated by the use of a product should be limited in business-to-business relations and products strictly to data that is generated by the interactions of the user and the product, accompanied by relevant metadata. Any derivative data, know-how or analysis should not be regarded as data generated by the use of a product. This is also needed for companies to maintain their competitive assets. This regulation should not in any way limit data holders’ ability to share data falling outside of the scope of this regulation under contractual arrangements.

Amendment 153 #

Proposal for a regulation
Recital 18

(18) The user of a connected product should be understood as the legal or natural person, such as a business or consumer, which has ~~purchased, rented or leased the product. Depending on the legal title under which he uses it, s~~acquired the connected product or receives related services, or to whom the owner of the connected product has transferred, on the basis of a rental or lease agreement, temporary rights to use the connected product or receive related services. Such a user bears the risks and enjoys the benefits of using the connected product and should ~~enjoy also the access to the data it generates. The user should~~ therefore be entitled to derive benefit from data ~~genera~~transmitted by that connected product and generated by the provision of any related service.

Amendment 154 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 18

(18) The user of a connected product should be understood as the legal or natural person, such as a business or, consumer, which has purchased~~, rented or leased the product~~ the product, or to whom the owner of the connected product has transferred, on the basis of a rental or lease agreement, temporary rights to use the connected product or receive related services. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy ~~also~~ the access to the data it generates. The user should therefore have an active role in the data economy and be entitled to derive benefit from non-personal data generated by thate use of that connected product and any related service.

Amendment 155 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, Massimiliano SALINI, Pernille WEISS, Adam JARUBAS, Jerzy BUZEK, Angelika NIEBLER, Bartosz ARŁUKOWICZ, Salvatore DE MEO

Proposal for a regulation
Recital 18

(18) The user of a product should be understood as the legal or natural person, such as a business or consumer, as well as a public sector body which has purchased, rented or leased the product or receives a related service, or a natural person that uses a product or receives a related service, without necessarily having subscribed to this service. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. In the context of multiple users, each user may contribute in a different manner to the data generation and can have an interest in several forms of use.

Amendment 156 #

Proposal for a regulation
Recital 18

(18) The user of a product should be understood as the legal or natural person, such as a business or consumer or public sector body, which has purchased, rented or leased the product on other than short- term basis. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service. An owner, renter or lessee should equally be considered as user, including when several entities can be considered as users. In the context of multiple users, each user may contribute in a different manner to the data generation and can have an interest in several forms of use.

Amendment 157 #

Proposal for a regulation
Recital 18

(18) The user of a product should be understood as the legal or natural person, such as a business or consumer, which has ~~purchased, rented or lea~~the legal right to posseds the product~~. Depending~~ and physically controls it. Regardless onf the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data ithe or she generates with the product. The user should therefore be entitled to derive benefit from data generated by that product and any related service.

Amendment 158 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Josianne CUTAJAR, Eva KAILI, Ivo HRISTOV

Proposal for a regulation
Recital 18

(18) The user of a product should be understood as the legal or natural person, such as a business or, consumer or public sector body , which has purchased, rented or leased the product. Depending on the legal title under which he uses it, such a user bears the risks and enjoys the benefits of using the connected product and should enjoy also the access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that product and any related service.

Amendment 159 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 19

(19) In practice, not all data generated by connected products or related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet ~~of Things~~. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers, who are also providing related services are often able to determine, through their control of the technical design of the connected product or related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that products are designed and manufactured and related services are provided in such a manner that data generated by their use are always easily a~~ccessible to the user~~nd securely accessible in a format that allows the user to view, retrieve and process it, either directly on the connected product or, where not technically possible, on a separate device from the connected product. This Regulation should not be interpreted as an additional obligation for data holders to store data on-device or on a remote server, that are necessary for the immediate functioning of the connected product but the data holder does not intend to extract. Upon an explicit and voluntary agreement between the data holder and the user, such data could be collected and stored.

Amendment 160 #

Proposal for a regulation
Recital 19

(19) In practice, not all data ~~generated by products or~~transmitted by connected products or generated during the provision of related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet of Things. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers, who are often simultaneously data holders, are currently often able to determine, through their control of the technical design of the ~~product or~~connected product or the terms of the related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that connected products are designed and manufactured and related services are provided in such a manner that data ~~generated by their use~~that is transmissible by them to others are always easily accessible to the user.

Amendment 161 #

Proposal for a regulation
Recital 19

(19) In practice, not all data generated by products or related services are easily accessible to their users, and there are often limited possibilities for the portability of data generated by products connected to the Internet of Things. Users are unable to obtain data necessary to make use of providers of repair and other services, and businesses are unable to launch innovative, more efficient and convenient services. In many sectors, manufacturers are often able to determine, through their control of the technical design of the product or related services, what data are generated and how they can be accessed, even though they have no legal right to the data. It is therefore necessary to ensure that products are designed and manufactured and related services are provided in such a manner that data generated by their use are always easily accessible to the user. This requires the removal of technical barriers to ensure that users will have direct real- time access to their data without extensive individual verification procedures. In order to facilitate third-party access to the required data, cost-efficient access to software tools is also necessary.

Amendment 162 #

Tom BERENDSEN

Proposal for a regulation
Recital 19 a (new)

(19 a) The transport sector is digitalising at a rapid pace. Large amounts of data are generated in and from our cars through the increasing connectivity of vehicles. These data flows highlight the importance of consumer control over personal vehicle data. Such control not only guarantees consumer control over which parties have access to and use their data, but also ensures fair competition between companies and sufficient freedom of choice for consumers.

Amendment 163 #

Tom BERENDSEN

Proposal for a regulation
Recital 19 b (new)

(19 b) With specific regard to users in the transport sector, a user must have the possibility to make the data generated by its vehicle available to third parties. Upon such request by the user, and where technically possible, the car manufacturer shall make this data accessible to third-party service providers in a non-discriminatory manner. Only with third parties’ access to high-speed real-time data, consumers can to the full extent benefit from competition, innovation and freedom of choice in the automotive sector.

Amendment 164 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 20

(20) In cases of co-ownership of the connected product and related services provided, where several persons or entities own a product or are party to a lease or rent agreement ~~and benefit from access to a related service, reasonable efforts should be made in~~, the design of the connected product or related service or the relevant interface s~~o that~~hall enable all persons ~~can~~to have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer or related service provider as well as a means to communicate to exercise and process data access requests. For identification and authentication purposes, manufacturers and providers of related services should enable users to use European Digital Identity Wallets, issued pursuant to Regulation (EU) XXX/XXXX establishing a framework for a European Digital Identity. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed. User accounts should enable users to revoke consent for processing and data sharing, as well as request deletion of the data generated through the use of the connected product, particularly in cases when the users of the product intend to transfer the ownership of the product to another party.

Amendment 165 #

Romana JERKOVIĆ, Miapetra KUMPULA-NATRI, Robert HAJŠEL

Proposal for a regulation
Recital 20

(20) In case several persons or entities own or use a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that all persons using the product can have access to data they generate. ~~Users of p~~Products that generate data ~~typical~~do not necessarily require a user account to be set up. Thisose that do should allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Account solutions should allow a user to delete their account and the data related to it, in particular taking into account situations when the ownership or the usage of the product changes. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer ~~should~~or the data holder should duly justify why and immediately inform the user how the data may be accessed swiftly and no later than in one day.

Amendment 166 #

Proposal for a regulation
Recital 20

(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that ~~all person~~each user can have access to data they it generates can ~~have access to data they generate~~d only to such data. In case several manufacturers or related services providers have sold, rent out or leased products or services integrated together to the same user, the user should turn to each of the manufacturers or related service providers with who it has a contractual agreement. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism and joint consent that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.

Amendment 167 #

Proposal for a regulation
Recital 20

(20) In case several persons or entities own a connected product or are party to a lease or rent agreement and benefit from access to a related service, ~~reasonable~~all necessary efforts should be made in the design of the connected product or related service or the relevant interface so that all persons can have access to data they generate. Users of connected products that generate data ~~typicall~~may require a user account to be set up. This allows for identification of the user by the ~~manufacturer~~party managing the data transmission, storage and processing, as well as a means to communicate to exercise and process data access requests to the user. Manufacturers or designers of a connected product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by ~~the manufacturer or data holder. This means that d~~any data holder. Data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying ~~mobile~~ application provided with the connected product or related service, the ~~manufacturer~~party managing the data transmission, storage and processing should inform the user how the data may be accessed.

Amendment 168 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that ~~all persons~~each user can have access to data they themselve generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should inform the user how the data may be accessed.

Amendment 169 #

Proposal for a regulation
Recital 20

(20) In case several persons or entities own a product or are party to a lease or rent agreement and benefit from access to a related service, reasonable efforts should be made in the design of the product or related service or the relevant interface so that ~~all persons~~each user can have access to data they generate. Users of products that generate data typically require a user account to be set up. This allows for identification of the user by the manufacturer as well as a means to communicate to exercise and process data access requests. Manufacturers or designers of a product that is typically used by several persons should put in place the necessary mechanism that allow separate user accounts for individual persons, where relevant, or the possibility for several persons to use the same user account. Access should be granted to the user upon simple request mechanisms granting automatic execution, not requiring examination or clearance by the manufacturer or data holder. This means that data should only be made available when the user actually wants this. Where automated execution of the data access request is not possible, for instance, via a user account or accompanying mobile application provided with the product or service, the manufacturer should swiftly inform the user how the data may be accessed.

Amendment 170 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Recital 21

(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Where on-device access is technically supported, the manufacturer shall make this means of access also available to third-party service providers or the user. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a ~~publicly available~~ electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. ~~They~~Products may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer or in an environment chosen by the user or the authorised. Where either option is available, the user or third party shall choose their preferred method.

Amendment 171 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 21

(21) PConnected products may be designed to make certain data directly available ~~from~~by means of an on- device data access or storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third partydata collected, obtained or otherwise generated by the connected product are transmitted to. Such server may be based on the user’s own local server capacity or that of a data holder, a third party, including the manufacturer or vendor, or a cloud service provider, who ~~functions as data holder. They~~may be considered a data holder, if the receipt, storage, processing or sharing of data transmitted by the connected product are important to the operation of such product. Such servers may be designed to permit the user or a ~~third party~~data recipient to process the data on the connected product or on a computing instance of ~~the manufacturer~~a third party.

Amendment 172 #

Proposal for a regulation
Recital 21

(21) PConnected products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable- based or wireless local area networks connected ~~to a publicly available electronic communications service~~ or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. ~~They~~Connected products may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer as well as enable the user to retrieve the data.

Amendment 173 #

Tom BERENDSEN

Proposal for a regulation
Recital 21

(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Where technically possible, the manufacturer shall make this data also accessible to third-party service providers nominated by the user, or by a party acting on behalf or a user. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer.

Amendment 174 #

Proposal for a regulation
Recital 22

(22) Virtual assistants play an increasing role in digitising consumer and professional environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a connected product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulationconnected product.

Amendment 175 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 22

(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Internet ~~of Things~~. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet ~~of Things~~, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.

Amendment 176 #

Adam JARUBAS, Jerzy BUZEK, Krzysztof HETMAN, Bartosz ARŁUKOWICZ, Andrzej HALICKI, Janusz LEWANDOWSKI

Proposal for a regulation
Recital 22

(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate physical objects connected to the Iinternet ~~of Things~~. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Iinternet ~~of Things~~, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation. (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)

Amendment 177 #

Proposal for a regulation
Recital 22

(22) Virtual assistants play an increasing role in digitising consumer environments and serve as an easy-to-use interface to play content, obtain information, or activate products including physical objects connected to the Internet of Things. Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the Internet of Things, including those manufactured by other parties and can replace the use of manufacturer-provided interfaces such as touchscreens or smart phone apps. The user may wish to make available such data with third party manufacturers and enable novel smart home services. Such virtual assistants should be covered by the data access right provided for in this Regulation also regarding data recorded before the virtual assistant’s activation by the wake word and data generated when a user interacts with a product via a virtual assistant provided by an entity other than the manufacturer of the product if such data are collected. However, only the data stemming from the interaction between the user and product through the virtual assistant falls within the scope of this Regulation. Data produced by the virtual assistant unrelated to the use of a product is not the object of this Regulation.

Amendment 178 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Karen MELCHIOR, Dragoş TUDORACHE, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 23

(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, ~~clear and sufficient information should be provided to the user on how the data generated may be acces~~the data holder shall provide to the user clear and sufficient information that would enable the user to effectively exercise its rights upon the data they generate through the use of connected products and related services. The data holder shall develop mechanisms to keep the user up to date when the information changes during the lifetime of the connected product or when the purpose for which the data will be used changes from the originally specified purposed. This obligation provides transparency over the data generated and enhances the easy and secure access for the user, as well as the right to retrieve, process and further harness the value of non-personal data. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation (EU) 2016/679.

Amendment 179 #

Pilar del CASTILLO VERA, Christian EHLER, Maria da Graça CARVALHO, Massimiliano SALINI, Pernille WEISS, Adam JARUBAS, Angelika NIEBLER, Jerzy BUZEK, Salvatore DE MEO, Bartosz ARŁUKOWICZ, François-Xavier BELLAMY

Proposal for a regulation
Recital 23

(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679. The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the product, but should however implement a reasonable data retention policy that allows for the effective application of the data access rights under this Regulation

Amendment 180 #

Elena LIZZI, Paolo BORCHIA, Matteo ADINOLFI, Isabella TOVAGLIERI, Angelo CIOCCA, Gianna GANCIA

Proposal for a regulation
Recital 23

(23) Before concluding a contract for the purchase, rent, or lease of a product or the provision of a related service, clear and sufficient information should be provided by the data holder to the user on how the data generated may be accessed. This obligation provides transparency over the data generated and enhances the easy access for the user. This obligation to provide information does not affect the obligation for the controller to provide information to the data subject pursuant to Article 12, 13 and 14 of Regulation 2016/679.

Amendment 181 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 23

Amendment 182 #

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, ~~the~~ data holders should be a controllers under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the ~~user~~data subject’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for ~~the~~ data holders to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on ~~the~~ data holders to use data ~~generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case~~transmitted to it from the connected generated by the use of a product or generated during the provision of a related service. Instead, the basis for ~~the manufactur~~a data holder to use non-personal data transmitted to it should be a contractual agreement between the ~~manufacturer and the user. This agreement may be part of the sale, rent or leas~~data holder, in its role as a provider of related services, and the user. Where the manufacturer or vendor of the connected product is also a provider of related services, this agreement may combined with the sale agreement relating to the connected product. Any ~~contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service s~~agreement between the user and a data holder shall clearly and comprehensively address the nature and access modalities of data transmitted from the connected product to the data holder or generated during the provision of the related services, as well as the duration of the agreement and modalities to terminate the agreement prematurely. Where a data hould ~~be transparent to the user, including as regards the purpose for which the data holder intends to use the data~~er intends to share data with third parties for the fulfilment of its contractual obligations, it shall inform the user of the nature and volume of the shared data and, where relevant, contractually bind the third party not to use the data for any other purpose. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by ~~the~~a data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by ~~the~~a data holder on well- defined public policy grounds.

Amendment 183 #

Alin MITUȚA, Andrus ANSIP, Christophe GRUDLER, Morten LØKKEGAARD, Klemen GROŠELJ

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. AThe user should be given a reasonable opportunity to reject this agreement. Should a user chose to reject the contractual terms and conditions, this should not prevent him from using the relevant product of the service, unless the product of the service cannot function without the user's acceptance of the contractual terms. The user should have the right to cancel the contractual agreement at any time, without any financial consequences. Withdrawal of consent should also not affect the use of the product or service, except for consequences that are the direct and unavoidable result of the withdrawal of the user's consent. Furthermore, any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.

Amendment 184 #

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by as user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a connected product or related service. ~~This applies in particular where the manufacturer is the data holder. In that case~~When the manufacturer is also the party providing related services and qualifies as a data holder, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. ~~This agreement may be part of the sale, rent or lease agreement relating to the product~~In such cases, the contract for purchase and provision of related services can be merged. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a connected product or related service should be transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. Where a data holder intends to share data with third parties for the fulfilment of the contractual obligations, it should inform the user of the nature and volume of the shared data and, where relevant, contractually bind the third party not to use the data for any other purposes. This Regulation should also not prevent sector- specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.

Amendment 185 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 24

(24) This Regulation imposes the obligation on data holders to make data available in certain circumstances. Insofar as personal data are processed, the data holder should be a controller under Regulation (EU) 2016/679. Where users are data subjects, data holders should be obliged to provide them access to their data and to make the data available to third parties of the user’s choice in accordance with this Regulation. However, this Regulation does not create a legal basis under Regulation (EU) 2016/679 for the data holder to provide access to personal data or make it available to a third party when requested by a user that is not a data subject and should not be understood as conferring any new right on the data holder to use data generated by the use of a product or related service. This applies in particular where the manufacturer is the data holder. In that case, the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user. This agreement may be part of the sale, rent or lease agreement relating to the product. Any contractual term in the agreement stipulating that the data holder may use the data generated by the user of a product or related service should be fair and transparent to the user, including as regards the purpose for which the data holder intends to use the data. This Regulation should not prevent contractual conditions, whose effect is to exclude or limit the use of the data, or certain categories thereof, by the data holder. This Regulation should also not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well- defined public policy grounds.

Amendment 186 #

Proposal for a regulation
Recital 24 a (new)

(24 a) It is currently often difficult for businesses to justify the personnel or computing costs that are necessary for preparing non-personal data sets or data products and offer them to potential counter parties via data marketplaces, including data intermediation services, as defined in Regulation EU [DGA]. A substantial hurdle to non-personal data sharing by businesses thus results from the lack of predictability of economic returns from investing in the curation and making available of data sets or data products. In order to allow for the emergence of liquid, efficient and fair markets for non-personal data in the Union, it must be clarified which party has the right to offer such data on a marketplace. In order to protect the incentives for users to monetize non- personal data from their connected products, data holders should only be able to monetize aggregated data sets from multiple users and should not make available non-personal data transmitted to them from the connected product with third parties for commercial or non- commercial purposes other than the fulfilment of their contractual obligations to the user. Where relevant, data holders should contractually bind third parties not to market, monetise or further share data received from them. At the same time, where data holders have contractually agreed with users the right to use such data, they should be free to use it for a wide range of purposes, including improving the functioning of the connected product or related services, developing new products or services or enriching or manipulating it or aggregating it with other data, including with the aim of making available the resulting data set with third parties, as long as such derived data set does not allow the identification of the specific data items transmitted to the data holder from the connected product, or allow a third party to derive these data items from the data set without a significant effort. The freedom of contract between users and data holders should also make it possible for data holders to be granted access rights to data on an exclusive basis, which could also be further shared with others, as long as they do not coerce deceive or otherwise manipulate the users to reach its agreement, including by making the sale of the connected product or the provision of a related service conditional upon the user agreeing to share data exclusively.

Amendment 187 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO

Proposal for a regulation
Recital 25

(25) In sectors characterised by the concentration of a small number of manufacturers ~~supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers~~or providers of related services available to users, the ability of users to bargain for access to data transferred by the connected product or generated during the provision of related services is limited due to the bargaining power of the manufacturer or provider of related service. In such circumstances, contractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or providers of related services, making it difficult for users to obtain value from the data generated by the equipment they ~~purchase or lease~~own. Consequently, there is limited potential for innovative smaller businesses to offer data- based solutions in a competitive manner and for a diverse data economy in Europe. ~~This Regulation should~~ Furtherefmore ~~build on recent developments in specific secto~~, data holders, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use ofhould not use any data transmitted to them from the connected product or generated during the pro~~duct~~vision orf related services in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This wcould, for instance, involve using knowledge about the overall performance of a business ~~or a farm~~ in contractual negotiations with the user on potential acquisition of the user’s products ~~or agricultural produce~~ to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate ~~(,e.g. databases on crop yields for the upcoming harvesting season)~~ as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, ~~preferably~~ with granular permission options, where possible (such as “allow once” or “allow while using this app or service”), including the option to withdraw permission.

Amendment 188 #

Proposal for a regulation
Recital 25

(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, cContractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, preferably with granular permission options (such as “allow once” or “allow while using this app or service”), including the option to withdraw permission.

Amendment 189 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 25

(25) In sectors characterised by the concentration of a small number of manufacturers supplying end users, there are only limited options available to users with regard to sharing data with those manufacturers. In such circumstances, contractual agreements may be insufficient to achieve the objective of user empowerment. The data tends to remain under the control of the manufacturers or other data holders, making it difficult for users to obtain value from the data generated by the equipment they purchase, rent or lease. Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in Europe. This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contractual agreement. Sectoral legislation may be brought forward to address sector-specific needs and objectives. Furthermore, the data holder should not use any data generated by the use of the product or related service in order to derive insights about the economic situation of the user or its assets or production methods or the use in any other way that could undermine the commercial position of the user on the markets it is active on. This would, for instance, involve using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on potential acquisition of the user’s products or agricultural produce to the user’s detriment, or for instance, using such information to feed in larger databases on certain markets in the aggregate (,e.g. databases on crop yields for the upcoming harvesting season) as such use could affect the user negatively in an indirect manner. The user should be given the necessary technical interface to manage permissions, ~~preferably~~ with granular permission options (such as “allow once” or “allow while using this app or service”), including the prominent option to withdraw permission.

Amendment 190 #

Miapetra KUMPULA-NATRI, Tsvetelina PENKOVA, Romana JERKOVIĆ, Carlos ZORRINHO, Ivo HRISTOV

Proposal for a regulation
Recital 25 a (new)

(25 a) Data users should have the priority on benefitting from the value created by the use of the product. Data holders should ensure that non-personal they receive from the connected product are primarily used for the fulfilment of their contractual obligations to the user. This is without the prejudice of the data holders capability to use the non-personal data generated to improve the functioning of the connected product or related service, to develop new products or services or to enrich, manipulate or aggregate it with other data.

Amendment 191 #

Tsvetelina PENKOVA, Miapetra KUMPULA-NATRI, Eva KAILI

Proposal for a regulation
Recital 26

(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, EU consumer law applies, Directive 2005/29/EC, which applies against unfair commercial practices, and Directive 93/13/EEC which applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms unilaterally imposed on a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises

Amendment 192 #

Proposal for a regulation
Recital 26

(26) In contracts between a data holder and a consumer as a user of a product or related service generating data, Directive 93/13/EEC applies to the terms of the contract to ensure that a consumer is not subject to unfair contractual terms. For unfair contractual terms ~~unilaterally impos~~, which have not been individually negotiated onby a micro, small or medium- sized enterprise as defined in Article 2 of the Annex to Recommendation 2003/361/EC63 , this Regulation provides that such unfair terms should not be binding on that enterprise. _________________ 63 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises

Amendment 193 #