European Parliament 2019-2024
Committee on the Internal Market and Consumer Protection
2020/0340(COD)
28.5.2021
AMENDMENTS 159 - 390
Draft opinion Sandro Gozi (PE691.362v01.00)
European data governance (Data Governance Act)
Proposal for a regulation (COM(2020)0767 – C9-0377/2020 – 2020/0340(COD))
AM\1232072EN.docx PE692.940v01-00
EN United in diversityEN AM_Com_LegOpinion
PE692.940v01-00 2/138 AM\1232072EN.docx EN Amendment 159 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Recital 1
Text proposed by the Commission Amendment
(1) The Treaty on the functioning of (1) The Treaty on the functioning of the European Union (‘TFEU’) provides for the European Union (‘TFEU’) provides for the establishment of an internal market and the establishment of an internal market and the institution of a system ensuring that the institution of a system ensuring that competition in the internal market is not competition in the internal market is not distorted. The establishment of common distorted. The establishment of common rules and practices in the Member States rules and practices in the Member States relating to the development of a framework relating to the development of a framework for data governance should contribute to for data governance should also contribute the achievement of those objectives. to the development of an internal market that allows the sustainable development of SMEs and micro-enterprises and fair competition.
Or. en
Amendment 160 Anne-Sophie Pelletier
Proposal for a regulation Recital 2
Text proposed by the Commission Amendment
(2) Over the last few years, digital (2) Over the last few years, digital technologies have transformed the technologies have transformed the economy and society, affecting all sectors economy and society, affecting all sectors of activity and daily life. Data is at the of activity and daily life. Data is at the centre of this transformation: data-driven centre of this transformation: despite the innovation will bring enormous benefits for many risks involved, data-driven citizens, for example through improved innovation will bring enormous benefits for personalised medicine, new mobility, and citizens, for example through improved its contribution to the European Green personalised medicine, new mobility, and Deal23. In its Data Strategy24, the its contribution to the European Green Commission described the vision of a Deal23. In its Data Strategy24, the common European data space, a Single Commission described the vision of a Market for data in which data could be common European data space, a Single used irrespective of its physical location of Market for data in which data could be
AM\1232072EN.docx 3/138 PE692.940v01-00 EN storage in the Union in compliance with used irrespective of its physical location of applicable law. It also called for the free storage in the Union in compliance with and safe flow of data with third countries, applicable law. It also called for the free subject to exceptions and restrictions for and safe flow of data with third countries, public security, public order and other subject to exceptions and restrictions for legitimate public policy objectives of the public security, public order and other European Union, in line with international legitimate public policy objectives of the obligations. In order to turn that vision into European Union, in line with international reality, it proposes to establish domain- obligations. In order to turn that vision into specific common European data spaces, as reality, it proposes to establish domain- the concrete arrangements in which data specific common European data spaces, as sharing and data pooling can happen. As the concrete arrangements in which data foreseen in that strategy, such common sharing and data pooling can happen. As European data spaces can cover areas such foreseen in that strategy, such common as health, mobility, manufacturing, European data spaces can cover areas such financial services, energy, or agriculture or as health, mobility, manufacturing, thematic areas, such as the European green financial services, energy, or agriculture or deal or European data spaces for public thematic areas, such as the European green administration or skills. deal or European data spaces for public administration or skills. ______23 Communication from the Commission to 23 Communication from the Commission to the European Parliament, the European the European Parliament, the European Council, the Council, the European Council, the Council, the European Economic and Social Committee and the Economic and Social Committee and the Committee of the Regions on the European Committee of the Regions on the European Green Deal. Brussels, 11.12.2019. Green Deal. Brussels, 11.12.2019. (COM(2019) 640 final). (COM(2019) 640 final). 24 COM(2020) 66 final. 24 COM(2020) 66 final.
Or. fr
Amendment 161 Andrey Kovatchev
Proposal for a regulation Recital 3
Text proposed by the Commission Amendment
(3) It is necessary to improve the (3) It is necessary to improve the conditions for data sharing in the internal conditions for data sharing in the internal market, by creating a harmonised market, by creating a harmonised framework for data exchanges. Sector- framework for data exchanges. Sector- specific legislation can develop, adapt and specific legislation can develop, adapt and
PE692.940v01-00 4/138 AM\1232072EN.docx EN propose new and complementary elements, propose new and complementary elements, depending on the specificities of the sector, depending on the specificities of the sector, such as the envisaged legislation on the such as the envisaged legislation on the European health data space25 and on access European health data space25 and on access to vehicle data. Moreover, certain sectors to vehicle data. Moreover, certain sectors of the economy are already regulated by of the economy are already regulated by sector-specific Union law that include rules sector-specific Union law that include rules relating to cross-border or Union wide relating to cross-border or Union wide sharing or access to data26 . This sharing or access to data26 . This Regulation is therefore without prejudice to Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Regulation (EU) 2016/679 of the European Parliament and of the Council (27 ), and in Parliament and of the Council (27 ), and in particular the implementation of this particular the implementation of this Regulation shall not prevent cross border Regulation shall not prevent cross border transfers of data in accordance with transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) from taking place, Directive (EU) 2016/680 of the European Parliament and 2016/680 of the European Parliament and of the Council (28 ), Directive (EU) of the Council (28 ), Directive (EU) 2016/943 of the European Parliament and 2016/943 of the European Parliament and of the Council (29 ), Regulation (EU) of the Council (29 ), Regulation (EU) 2018/1807 of the European Parliament and 2018/1807 of the European Parliament and of the Council (30 ), Regulation (EC) No of the Council (30 ), Regulation (EC) No 223/2009 of the European Parliament and 223/2009 of the European Parliament and of the Council (31 ), Directive 2000/31/EC of the Council (31 ), Directive 2000/31/EC of the European Parliament and of the of the European Parliament and of the Council (32 ), Directive 2001/29/EC of the Council (32 ), Directive 2001/29/EC of the European Parliament and of the Council (33 European Parliament and of the Council (33 ), Directive (EU) 2019/790 of the European ), Directive (EU) 2019/790 of the European Parliament and of the Council (34 ), Parliament and of the Council (34 ), Directive 2004/48/EC of the European Directive 2004/48/EC of the European Parliament and of the Council (35 ), Parliament and of the Council (35 ), Directive (EU) 2019/1024 of the European Directive (EU) 2019/1024 of the European Parliament and of the Council (36 ), as well Parliament and of the Council (36 ), as well as Regulation 2018/858/EU of the as Regulation 2018/858/EU of the European Parliament and of the Council (37 European Parliament and of the Council (37 ), Directive 2010/40/EU of the European ), Directive 2010/40/EU of the European Parliament and of the Council (38 ) and Parliament and of the Council (38 ) and Delegated Regulations adopted on its basis, Delegated Regulations adopted on its basis, and any other sector-specific Union and any other sector-specific Union legislation that organises the access to and legislation that organises the access to and re-use of data. This Regulation should be re-use of data. This Regulation should be without prejudice to the access and use of without prejudice to the access and use of data for the purpose of international data for the purpose of international cooperation in the context of prevention, cooperation in the context of prevention, investigation, detection or prosecution of investigation, detection or prosecution of criminal offences or the execution of criminal offences or the execution of criminal penalties. A horizontal regime for criminal penalties. A horizontal regime for the re-use of certain categories of protected the re-use of certain categories of protected
AM\1232072EN.docx 5/138 PE692.940v01-00 EN data held by public sector bodies, the data held by public sector bodies, the provision of data sharing services and of provision of data sharing services and of services based on data altruism in the services based on data altruism in the Union should be established. Specific Union should be established. Specific characteristics of different sectors may characteristics of different sectors may require the design of sectoral data-based require the design of sectoral data-based systems, while building on the systems, while building on the requirements of this Regulation. Where a requirements of this Regulation. Where a sector-specific Union legal act requires sector-specific Union legal act requires public sector bodies, providers of data public sector bodies, providers of data sharing services or registered entities sharing services or registered entities providing data altruism services to comply providing data altruism services to comply with specific additional technical, with specific additional technical, administrative or organisational administrative or organisational requirements, including through an requirements, including through an authorisation or certification regime, those authorisation or certification regime, those provisions of that sector-specific Union provisions of that sector-specific Union legal act should also apply. legal act should also apply. Тhis Regulation does not create a new legal basis for the processing of personal data. When personal data is referred to in this Regulation, the General Data Protection Regulation (GDPR) prevails. ______25 See: Annexes to the Communication 25 See: Annexes to the Communication from the Commission to the European from the Commission to the European Parliament, the Council, the European Parliament, the Council, the European Economic and Social Committee and the Economic and Social Committee and the Committee of the Regions on Commission Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 Work Programme 2021 (COM(2020) 690 final). final). 26 For example, Directive 2011/24/EU in 26 For example, Directive 2011/24/EU in the context of the European Health Data the context of the European Health Data Space, and relevant transport legislation Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2019/1239 and Regulation (EU) 2020/1056, in the context of the European 2020/1056, in the context of the European Mobility Data Space. Mobility Data Space. 27 Regulation (EU) 2016/679 of the 27 Regulation (EU) 2016/679 of the European Parliament and of the Council of European Parliament and of the Council of 27 April 2016 on the protection of natural 27 April 2016 on the protection of natural persons with regard to the processing of persons with regard to the processing of personal data and on the free movement of personal data and on the free movement of such data, and repealing Directive such data, and repealing Directive 95/46/EC (General Data Protection 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the 28 Directive (EU) 2016/680 of the
PE692.940v01-00 6/138 AM\1232072EN.docx EN European Parliament and of the Council of European Parliament and of the Council of 27 April 2016 on the protection of natural 27 April 2016 on the protection of natural persons with regard to the processing of persons with regard to the processing of personal data by competent authorities for personal data by competent authorities for the purposes of the prevention, the purposes of the prevention, investigation, detection or prosecution of investigation, detection or prosecution of criminal offences or the execution of criminal offences or the execution of criminal penalties, and on the free criminal penalties, and on the free movement of such data, and repealing movement of such data, and repealing Council Framework Decision Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29 Directive (EU) 2016/943 of the 29 Directive (EU) 2016/943 of the European Parliament and of the Council of European Parliament and of the Council of 8 June 2016 on the protection of 8 June 2016 on the protection of undisclosed know-how and business undisclosed know-how and business information (trade secrets) against their information (trade secrets) against their unlawful acquisition, use and disclosure. unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of European Parliament and of the Council of 14 November 2018 on a framework for the 14 November 2018 on a framework for the free flow of non-personal data in the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. European Union. (OJ L 303, 28.11.2018, p. 59) 59) 31 Regulation (EC) No 223/2009 of the 31 Regulation (EC) No 223/2009 of the European Parliament and of the Council of European Parliament and of the Council of 11 March 2009 on European statistics and 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and 1101/2008 of the European Parliament and of the Council on the transmission of data of the Council on the transmission of data subject to statistical confidentiality to the subject to statistical confidentiality to the Statistical Office of the European Statistical Office of the European Communities, Council Regulation (EC) No Communities, Council Regulation (EC) No 322/97 on Community Statistics, and 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical establishing a Committee on the Statistical Programmes of the European Programmes of the European Communities. (OJ L 87, 31.03.2009, p. Communities. (OJ L 87, 31.03.2009, p. 164) 164) 32 Directive 2000/31/EC of the European 32 Directive 2000/31/EC of the European Parliament and of the Council of 8 June Parliament and of the Council of 8 June 2000, on certain legal aspects of 2000, on certain legal aspects of information society services, in particular information society services, in particular electronic commerce, in the Internal electronic commerce, in the Internal Market (Directive on electronic Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) commerce). (OJ L 178, 17.07.2000, p. 1) 33 Directive 2001/29/EC of the European 33 Directive 2001/29/EC of the European
AM\1232072EN.docx 7/138 PE692.940v01-00 EN Parliament and of the Council of 22 May Parliament and of the Council of 22 May 2001 on the harmonisation of certain 2001 on the harmonisation of certain aspects of copyright and related rights in aspects of copyright and related rights in the information society. (OJ L 167, the information society. (OJ L 167, 22.6.2001, p. 10) 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the 34 Directive (EU) 2019/790 of the European Parliament and of the Council of European Parliament and of the Council of 17 April 2019 on copyright and related 17 April 2019 on copyright and related rights in the Digital Single Market and rights in the Digital Single Market and amending Directives 96/9/EC and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35 Directive 2004/48/EC of the European 35 Directive 2004/48/EC of the European Parliament and of the Council of 29 April Parliament and of the Council of 29 April 2004 on the enforcement of intellectual 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). property rights. (OJ L 157, 30.4.2004). 36 Directive (EU) 2019/1024 of the 36 Directive (EU) 2019/1024 of the European Parliament and of the Council of European Parliament and of the Council of 20 June 2019 on open data and the re-use 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, of public sector information. (OJ L 172, 26.6.2019, p. 56). 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of European Parliament and of the Council of 30 May 2018 on the approval and market 30 May 2018 on the approval and market surveillance of motor vehicles and their surveillance of motor vehicles and their trailers, and of systems, components and trailers, and of systems, components and separate technical units intended for such separate technical units intended for such vehicles, amending Regulations (EC) No vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 14.6.2018). 38 Directive 2010/40/EU of the European 38 Directive 2010/40/EU of the European Parliament and of the Council of 7 July Parliament and of the Council of 7 July 2010 on the framework for the deployment 2010 on the framework for the deployment of Intelligent Transport Systems in the of Intelligent Transport Systems in the field of road transport and for interfaces field of road transport and for interfaces with other modes of transport. (OJ L 207, with other modes of transport. (OJ L 207, 6.8.2010, p. 1) 6.8.2010, p. 1)
Or. en
Amendment 162 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
PE692.940v01-00 8/138 AM\1232072EN.docx EN Proposal for a regulation Recital 3
Text proposed by the Commission Amendment
(3) It is necessary to improve the (3) It is necessary to improve the conditions for data sharing in the internal conditions for data sharing in the internal market, by creating a harmonised market, by creating a harmonised framework for data exchanges. Sector- framework for data exchanges. Sector- specific legislation can develop, adapt and specific legislation can develop, adapt and propose new and complementary elements, propose new and complementary elements, depending on the specificities of the sector, depending on the specificities of the sector, such as the envisaged legislation on the such as the envisaged legislation on the European health data space25 and on access European health data space25 and on access to vehicle data. Moreover, certain sectors to vehicle data. Moreover, certain sectors of the economy are already regulated by of the economy are already regulated by sector-specific Union law that include rules sector-specific Union law that include rules relating to cross-border or Union wide relating to cross-border or Union wide sharing or access to data26 . This sharing or access to data26 . This Regulation is therefore without prejudice to Regulation is therefore without prejudice to Regulation (EU) 2016/679 of the European Regulation (EU) 2016/679 of the European Parliament and of the Council27, and in Parliament and of the Council27, and in particular the implementation of this particular the implementation of this Regulation shall not prevent cross border Regulation shall not prevent cross border transfers of data in accordance with transfers of data in accordance with Chapter V of Regulation (EU) 2016/679 Chapter V of Regulation (EU) 2016/679 from taking place, Directive (EU) from taking place, Directive (EU) 2016/680 of the European Parliament and 2016/680 of the European Parliament and of the Council28, Directive (EU) 2016/943 of the Council28, Directive (EU) 2016/943 of the European Parliament and of the of the European Parliament and of the Council29, Regulation (EU) 2018/1807 of Council29, Regulation (EU) 2018/1807 of the European Parliament and of the the European Parliament and of the Council30, Regulation (EC) No 223/2009 Council30, Regulation (EC) No 223/2009 of the European Parliament and of the of the European Parliament and of the Council31, Directive 2000/31/EC of the Council31, Directive 2000/31/EC of the European Parliament and of the Council32, European Parliament and of the Council32, Directive 2001/29/EC of the European Directive 2001/29/EC of the European Parliament and of the Council33, Directive Parliament and of the Council33, Directive (EU) 2019/790 of the European Parliament (EU) 2019/790 of the European Parliament and of the Council34, Directive 2004/48/EC and of the Council34, Directive 2004/48/EC of the European Parliament and of the of the European Parliament and of the Council35, Directive (EU) 2019/1024 of the Council35, Directive (EU) 2019/1024 of the European Parliament and of the Council36, European Parliament and of the Council36, as well as Regulation 2018/858/EU of the as well as Regulation 2018/858/EU of the European Parliament and of the Council37, European Parliament and of the Council37, Directive 2010/40/EU of the European Directive 2010/40/EU of the European Parliament and of the Council38 and Parliament and of the Council38 and Delegated Regulations adopted on its basis, Delegated Regulations adopted on its basis, and any other sector-specific Union and any other sector-specific Union
AM\1232072EN.docx 9/138 PE692.940v01-00 EN legislation that organises the access to and legislation that organises the access to and re-use of data. This Regulation should be re-use of data. This Regulation should be without prejudice to the access and use of without prejudice to the access and use of data for the purpose of international data for the purpose of international cooperation in the context of prevention, cooperation in the context of prevention, investigation, detection or prosecution of investigation, detection or prosecution of criminal offences or the execution of criminal offences or the execution of criminal penalties. A horizontal regime for criminal penalties. A horizontal regime for the re-use of certain categories of protected the re-use of certain categories of data held data held by public sector bodies, the by public sector bodies, the provision of provision of data sharing services and of data sharing services and of services based services based on data altruism in the on data altruism in the Union should be Union should be established. Specific established. Specific characteristics of characteristics of different sectors may different sectors may require the design of require the design of sectoral data-based sectoral data-based systems, while building systems, while building on the on the requirements of this Regulation. requirements of this Regulation. Where a Where a sector-specific Union legal act sector-specific Union legal act requires requires public sector bodies, providers of public sector bodies, providers of data data sharing services or registered entities sharing services or registered entities providing data altruism services to comply providing data altruism services to comply with specific additional technical, with specific additional technical, administrative or organisational administrative or organisational requirements, including through an requirements, including through an authorisation or certification regime, those authorisation or certification regime, those provisions of that sector-specific Union provisions of that sector-specific Union legal act should also apply. legal act should also apply. ______25 See: Annexes to the Communication 25 See: Annexes to the Communication from the Commission to the European from the Commission to the European Parliament, the Council, the European Parliament, the Council, the European Economic and Social Committee and the Economic and Social Committee and the Committee of the Regions on Commission Committee of the Regions on Commission Work Programme 2021 (COM(2020) 690 Work Programme 2021 (COM(2020) 690 final). final). 26 For example, Directive 2011/24/EU in 26 For example, Directive 2011/24/EU in the context of the European Health Data the context of the European Health Data Space, and relevant transport legislation Space, and relevant transport legislation such as Directive 2010/40/EU, Regulation such as Directive 2010/40/EU, Regulation 2019/1239 and Regulation (EU) 2019/1239 and Regulation (EU) 2020/1056, in the context of the European 2020/1056, in the context of the European Mobility Data Space. Mobility Data Space. 27 Regulation (EU) 2016/679 of the 27 Regulation (EU) 2016/679 of the European Parliament and of the Council of European Parliament and of the Council of 27 April 2016 on the protection of natural 27 April 2016 on the protection of natural persons with regard to the processing of persons with regard to the processing of personal data and on the free movement of personal data and on the free movement of
PE692.940v01-00 10/138 AM\1232072EN.docx EN such data, and repealing Directive such data, and repealing Directive 95/46/EC (General Data Protection 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p.1) Regulation), (OJ L 119, 4.5.2016, p.1) 28 Directive (EU) 2016/680 of the 28 Directive (EU) 2016/680 of the European Parliament and of the Council of European Parliament and of the Council of 27 April 2016 on the protection of natural 27 April 2016 on the protection of natural persons with regard to the processing of persons with regard to the processing of personal data by competent authorities for personal data by competent authorities for the purposes of the prevention, the purposes of the prevention, investigation, detection or prosecution of investigation, detection or prosecution of criminal offences or the execution of criminal offences or the execution of criminal penalties, and on the free criminal penalties, and on the free movement of such data, and repealing movement of such data, and repealing Council Framework Decision Council Framework Decision 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 2008/977/JHA. (OJ L 119, 4.5.2016, p.89) 29 Directive (EU) 2016/943 of the 29 Directive (EU) 2016/943 of the European Parliament and of the Council of European Parliament and of the Council of 8 June 2016 on the protection of 8 June 2016 on the protection of undisclosed know-how and business undisclosed know-how and business information (trade secrets) against their information (trade secrets) against their unlawful acquisition, use and disclosure. unlawful acquisition, use and disclosure. (OJ L 157, 15.6.2016, p.1) (OJ L 157, 15.6.2016, p.1) 30 Regulation (EU) 2018/1807 of the 30 Regulation (EU) 2018/1807 of the European Parliament and of the Council of European Parliament and of the Council of 14 November 2018 on a framework for the 14 November 2018 on a framework for the free flow of non-personal data in the free flow of non-personal data in the European Union. (OJ L 303, 28.11.2018, p. European Union. (OJ L 303, 28.11.2018, p. 59) 59) 31 Regulation (EC) No 223/2009 of the 31 Regulation (EC) No 223/2009 of the European Parliament and of the Council of European Parliament and of the Council of 11 March 2009 on European statistics and 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and 1101/2008 of the European Parliament and of the Council on the transmission of data of the Council on the transmission of data subject to statistical confidentiality to the subject to statistical confidentiality to the Statistical Office of the European Statistical Office of the European Communities, Council Regulation (EC) No Communities, Council Regulation (EC) No 322/97 on Community Statistics, and 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical establishing a Committee on the Statistical Programmes of the European Programmes of the European Communities. (OJ L 87, 31.03.2009, p. Communities. (OJ L 87, 31.03.2009, p. 164) 164) 32 Directive 2000/31/EC of the European 32 Directive 2000/31/EC of the European Parliament and of the Council of 8 June Parliament and of the Council of 8 June 2000, on certain legal aspects of 2000, on certain legal aspects of information society services, in particular information society services, in particular
AM\1232072EN.docx 11/138 PE692.940v01-00 EN electronic commerce, in the Internal electronic commerce, in the Internal Market (Directive on electronic Market (Directive on electronic commerce). (OJ L 178, 17.07.2000, p. 1) commerce). (OJ L 178, 17.07.2000, p. 1) 33 Directive 2001/29/EC of the European 33 Directive 2001/29/EC of the European Parliament and of the Council of 22 May Parliament and of the Council of 22 May 2001 on the harmonisation of certain 2001 on the harmonisation of certain aspects of copyright and related rights in aspects of copyright and related rights in the information society. (OJ L 167, the information society. (OJ L 167, 22.6.2001, p. 10) 22.6.2001, p. 10) 34 Directive (EU) 2019/790 of the 34 Directive (EU) 2019/790 of the European Parliament and of the Council of European Parliament and of the Council of 17 April 2019 on copyright and related 17 April 2019 on copyright and related rights in the Digital Single Market and rights in the Digital Single Market and amending Directives 96/9/EC and amending Directives 96/9/EC and 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 2001/29/EC. (OJ L 130, 17.5.2019, p. 92) 35 Directive 2004/48/EC of the European 35 Directive 2004/48/EC of the European Parliament and of the Council of 29 April Parliament and of the Council of 29 April 2004 on the enforcement of intellectual 2004 on the enforcement of intellectual property rights. (OJ L 157, 30.4.2004). property rights. (OJ L 157, 30.4.2004). 36 Directive (EU) 2019/1024 of the 36 Directive (EU) 2019/1024 of the European Parliament and of the Council of European Parliament and of the Council of 20 June 2019 on open data and the re-use 20 June 2019 on open data and the re-use of public sector information. (OJ L 172, of public sector information. (OJ L 172, 26.6.2019, p. 56). 26.6.2019, p. 56). 37 Regulation (EU) 2018/858 of the 37 Regulation (EU) 2018/858 of the European Parliament and of the Council of European Parliament and of the Council of 30 May 2018 on the approval and market 30 May 2018 on the approval and market surveillance of motor vehicles and their surveillance of motor vehicles and their trailers, and of systems, components and trailers, and of systems, components and separate technical units intended for such separate technical units intended for such vehicles, amending Regulations (EC) No vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, repealing Directive 2007/46/EC (OJ L 151, 14.6.2018). 14.6.2018). 38 Directive 2010/40/EU of the European 38 Directive 2010/40/EU of the European Parliament and of the Council of 7 July Parliament and of the Council of 7 July 2010 on the framework for the deployment 2010 on the framework for the deployment of Intelligent Transport Systems in the of Intelligent Transport Systems in the field of road transport and for interfaces field of road transport and for interfaces with other modes of transport. (OJ L 207, with other modes of transport. (OJ L 207, 6.8.2010, p. 1) 6.8.2010, p. 1)
Or. fr
PE692.940v01-00 12/138 AM\1232072EN.docx EN Amendment 163 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 3 a (new)
Text proposed by the Commission Amendment
(3a) This Regulation is without prejudice to Regulation (EU) 2016/679, to Directive 2002/58/EC of the European Parliament and of the Council1 and Directive (EU) 2016/680. This Regulation does not create a new legal basis for the processing of personal data. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter should prevail. Data protection authorities may be considered competent authorities for the purpose of this Regulation. Where other organisations act as competent authorities under this Regulation, it should be without prejudice to the supervisory powers of data protection authorities under Regulation (EU)2016/679. ______1 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37)
Or. en
Amendment 164 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 3 b (new)
AM\1232072EN.docx 13/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(3b) In the case of a data set composed of both personal and non-personal data, where those types of data are inextricably linked, the data set is to be considered personal data.
Or. en
Amendment 165 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Recital 4
Text proposed by the Commission Amendment
(4) Action at Union level is necessary (4) Action at Union level is necessary in order to address the barriers to a well- in order to address the barriers to a well- functioning data-driven economy and to functioning data-driven economy and to create a Union-wide governance create a Union-wide safe governance framework for data access and use, in framework for data access and use, in particular regarding the re-use of certain particular regarding the re-use of certain types of data held by the public sector, the types of data held by the public sector, the provision of services by data sharing provision of services by data sharing providers to business users and to data providers to business users and to data subjects, as well as the collection and subjects, as well as the collection and processing of data made available for processing of data made available for altruistic purposes by natural and legal altruistic purposes by natural and legal persons. persons.
Or. en
Amendment 166 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 5
PE692.940v01-00 14/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(5) The idea that data that has been (5) The idea that data that has been generated at the expense of public budgets generated at the expense of public budgets should benefit society has been part of should benefit society has been part of Union policy for a long time. Directive Union policy for a long time. Directive (EU) 2019/1024 as well as sector-specific (EU) 2019/1024 as well as sector-specific legislation ensure that the public sector legislation ensure that the public sector makes more of the data it produces easily makes more of the data it produces easily available for use and re-use. However, available for use and re-use. However, certain categories of data (commercially certain categories of data (commercially confidential data, data subject to statistical confidential data, data subject to statistical confidentiality, data protected by confidentiality, data protected by intellectual property rights of third parties, intellectual property rights of third parties, including trade secrets and personal data including trade secrets and personal data not accessible on the basis of specific not accessible on the basis of specific national or Union legislation, such as national or Union legislation, such as Regulation (EU) 2016/679 and Directive Regulation (EU) 2016/679 and Directive (EU) 2016/680) in public databases is often (EU) 2016/680) in public databases is often not made available, not even for research not made available, not even for research or innovative activities. Due to the or innovative activities. Due to the sensitivity of this data, certain technical sensitivity of this data, certain technical and legal procedural requirements must be and legal procedural requirements must be met before they are made available, in met before they are made available, in order to ensure the respect of rights others order to ensure the respect of rights others have over such data. Such requirements are have over such data. Such legitimate usually time- and knowledge-intensive to requirements are usually time- and fulfil. This has led to the underutilisation of knowledge-intensive to fulfil. This has led such data. While some Member States are to the underutilisation of such data. While setting up structures, processes and some Member States are setting up sometimes legislate to facilitate this type of structures, processes and sometimes re-use, this is not the case across the legislate to facilitate this type of re-use, Union. this is not the case across the Union.
Or. en
Amendment 167 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 6
Text proposed by the Commission Amendment
(6) There are techniques enabling (6) There are techniques enabling
AM\1232072EN.docx 15/138 PE692.940v01-00 EN privacy-friendly analyses on databases that privacy-friendly analyses on databases that contain personal data, such as contain personal data, such as anonymisation, pseudonymisation, anonymisation, pseudonymisation, differential privacy, generalisation, or differential privacy, generalisation, or suppression and randomisation. suppression and randomisation. Application of these privacy-enhancing Application of these privacy-enhancing technologies, together with comprehensive technologies, together with comprehensive data protection approaches should ensure data protection approaches should be the safe re-use of personal data and prioritised in order to ensure privacy by commercially confidential business data design and by default, permitting the safer for research, innovation and statistical re-use of personal data and commercially purposes. In many cases this implies that confidential business data for research, the data use and re-use in this context can innovation and statistical purposes. In only be done in a secure processing many cases this implies that the data use environment set in place and supervised by and re-use in this context can only be done the public sector. There is experience at in a secure processing environment set in Union level with such secure processing place and supervised by the public sector. environments that are used for research on There is experience at Union level with statistical microdata on the basis of such secure processing environments that Commission Regulation (EU) 557/2013 (39 are used for research on statistical ). In general, insofar as personal data are microdata on the basis of Commission concerned, the processing of personal data Regulation (EU) 557/2013 (39 ). In general, should rely upon one or more of the insofar as personal data are concerned, the grounds for processing provided in Article processing of personal data should rely 6 of Regulation (EU) 2016/679. upon one or more of the grounds for processing provided in Article 6 of Regulation (EU) 2016/679. ______39 Commission Regulation (EU) 557/2013 39 Commission Regulation (EU) 557/2013 of 17 June 2013 implementing Regulation of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European (EC) No 223/2009 of the European Parliament and of the Council on European Parliament and of the Council on European Statistics as regards access to confidential Statistics as regards access to confidential data for scientific purposes and repealing data for scientific purposes and repealing Commission Regulation (EC) No 831/2002 Commission Regulation (EC) No 831/2002 (OJ L 164, 18.6.2013, p. 16). (OJ L 164, 18.6.2013, p. 16).
Or. en
Amendment 168 Andrey Kovatchev
Proposal for a regulation Recital 7
PE692.940v01-00 16/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(7) The categories of data held by (7) The categories of data held by public sector bodies which should be public sector bodies which should be subject to re-use under this Regulation fall subject to re-use under this Regulation fall outside the scope of Directive (EU) outside the scope of Directive (EU) 2019/1024 that excludes data which is not 2019/1024 that excludes data which is not accessible due to commercial and statistical accessible due to commercial and statistical confidentiality and data for which third confidentiality and data for which third parties have intellectual property rights. parties have intellectual property rights. Personal data fall outside the scope of Commercially confidential data includes Directive (EU) 2019/1024 insofar as the data protected by trade secrets, access regime excludes or restricts access confidential obligations and any other to such data for reasons of data protection, information the unauthorised disclosure privacy and the integrity of the individual, of which would harm legitimate in particular in accordance with data commercial interests in the business. protection rules. The re-use of data, which Personal data fall outside the scope of may contain trade secrets, should take Directive (EU) 2019/1024 insofar as the place without prejudice to Directive (EU) access regime excludes or restricts access 2016/94340 , which sets the framework for to such data for reasons of data protection, the lawful acquisition, use or disclosure of privacy and the integrity of the individual, trade secrets. This Regulation is without in particular in accordance with data prejudice and complementary to more protection rules. The re-use of data, which specific obligations on public sector bodies may contain trade secrets, should take to allow re-use of data laid down in sector- place without prejudice to Directive (EU) specific Union or national law. 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of trade secrets. This Regulation is without prejudice and complementary to more specific obligations on public sector bodies to allow re-use of data laid down in sector- specific Union or national law. It does not create an obligation to allow re-use of public sector data. ______40 OJ L 157, 15.6.2016, p. 1–18 40 OJ L 157, 15.6.2016, p. 1–18
Or. en
Amendment 169 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Recital 7
AM\1232072EN.docx 17/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(7) The categories of data held by (7) The categories of data held by public sector bodies which should be public sector bodies which should be subject to re-use under this Regulation fall subject to re-use under this Regulation fall outside the scope of Directive (EU) outside the scope of Directive (EU) 2019/1024 that excludes data which is not 2019/1024 that excludes data which is not accessible due to commercial and statistical accessible due to commercial and statistical confidentiality and data for which third confidentiality and data for which third parties have intellectual property rights. parties have intellectual property rights. Personal data fall outside the scope of Personal data fall outside the scope of Directive (EU) 2019/1024 insofar as the Directive (EU) 2019/1024 insofar as the access regime excludes or restricts access access regime excludes or restricts access to such data for reasons of data protection, to such data for reasons of data protection, privacy and the integrity of the individual, privacy and the integrity of the individual, in particular in accordance with data in particular in accordance with data protection rules. The re-use of data, which protection rules. The re-use of data, which may contain trade secrets, should take may contain trade secrets, should take place without prejudice to Directive (EU) place without prejudice to Directive (EU) 2016/94340 , which sets the framework for 2016/94340 , which sets the framework for the lawful acquisition, use or disclosure of the lawful acquisition, use or disclosure of trade secrets. This Regulation is without trade secrets. This Regulation is without prejudice and complementary to more prejudice and complementary to more specific obligations on public sector bodies specific obligations on public sector bodies to allow re-use of data laid down in sector- to allow re-use of data laid down in sector- specific Union or national law. specific Union or national law. It must be ensured that companies do not have direct access to protected data and that, as a consequence, anonymization cannot be carried out by them. ______40 OJ L 157, 15.6.2016, p. 1–18 40 OJ L 157, 15.6.2016, p. 1–18
Or. en
Amendment 170 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 7 a (new)
Text proposed by the Commission Amendment
(7a) It highlights the importance of processing the personal data of EU
PE692.940v01-00 18/138 AM\1232072EN.docx EN citizens in the European Union if at all possible.
Or. fr
Amendment 171 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 7 b (new)
Text proposed by the Commission Amendment
(7b) The development of a European industrial and technological base calls for the introduction of a European preference for local or European production in public procurement of digital data in the European Union.
Or. fr
Amendment 172 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 8 a (new)
Text proposed by the Commission Amendment
(8a) Some personal data, such as health or children’s data, are by their very nature unique. The anonymisation of such data should be guaranteed and storage or analysis thereof outside the European Union should not be authorised.
Or. fr
Amendment 173 David Cormand on behalf of the Greens/EFA Group
AM\1232072EN.docx 19/138 PE692.940v01-00 EN Proposal for a regulation Recital 9
Text proposed by the Commission Amendment
(9) Public sector bodies should comply (9) Public sector bodies should comply with competition law when establishing the with competition law when establishing the principles for re-use of data they hold, principles for re-use of data they hold, avoiding as far as possible the conclusion avoiding as far as possible the conclusion of agreements, which might have as their of agreements, which might have as their objective or effect the creation of exclusive objective or effect the creation of exclusive rights for the re-use of certain data. Such rights for the re-use of certain data. Such agreement should be only possible when agreement should be only possible when justified and necessary for the provision of justified and necessary for the provision of a service of general interest. This may be a service of general interest. This may be the case when exclusive use of the data is the case when exclusive use of the data is the only way to maximise the societal the only way to maximise the societal benefits of the data in question, for benefits of the data in question. Such example where there is only one entity arrangements should, however, be (which has specialised in the processing concluded in compliance with public of a specific dataset) capable of delivering procurement rules and be subject to regular the service or the product which allows review based on a market analysis in order the public sector body to provide an to ascertain whether such exclusivity advanced digital service in the general continues to be necessary. In addition, such interest. Such arrangements should, arrangements should comply with the however, be concluded in compliance with relevant State aid rules, as appropriate, and public procurement rules and be subject to should be concluded for a limited period, regular review based on a market analysis which should not exceed three years. In in order to ascertain whether such order to ensure transparency, such exclusivity continues to be necessary. In exclusive agreements should be published addition, such arrangements should comply online, regardless of a possible publication with the relevant State aid rules, as of an award of a public procurement appropriate, and should be concluded for a contract. limited period, which should not exceed three years. In order to ensure transparency, such exclusive agreements should be published online, regardless of a possible publication of an award of a public procurement contract.
Or. en
Justification
The fact that there is currently only one entity capable of delivering the service is not, on its own, a reason to grant it exclusivity.
PE692.940v01-00 20/138 AM\1232072EN.docx EN Amendment 174 Andrey Kovatchev
Proposal for a regulation Recital 9
Text proposed by the Commission Amendment
(9) Public sector bodies should comply (9) Public sector bodies should comply with competition law when establishing the with competition law when establishing the principles for re-use of data they hold, principles for re-use of data they hold, avoiding as far as possible the conclusion avoiding as far as possible the conclusion of agreements, which might have as their of agreements, which might have as their objective or effect the creation of exclusive objective or effect the creation of exclusive rights for the re-use of certain data. Such rights for the re-use of certain data. Such agreement should be only possible when agreement should be only possible when justified and necessary for the provision of justified and necessary for the provision of a service of general interest. This may be a service of general interest. This may be the case when exclusive use of the data is the case when exclusive use of the data is the only way to maximise the societal the only way to maximise the societal benefits of the data in question, for benefits of the data in question, for example where there is only one entity example where there is only one entity (which has specialised in the processing of (which has specialised in the processing of a specific dataset) capable of delivering the a specific dataset) capable of delivering the service or the product which allows the service or the product which allows the public sector body to provide an advanced public sector body to provide an advanced digital service in the general interest. Such digital service in the general interest. Such arrangements should, however, be arrangements should, however, be concluded in compliance with public concluded in compliance with public procurement rules and be subject to regular procurement rules and be subject to regular review based on a market analysis in order review based on a market analysis in order to ascertain whether such exclusivity to ascertain whether such exclusivity continues to be necessary. In addition, such continues to be necessary. In addition, such arrangements should comply with the arrangements should comply with the relevant State aid rules, as appropriate, and relevant State aid rules, as appropriate, and should be concluded for a limited period, should be concluded for a limited period, which should not exceed three years. In which should not exceed three years. In order to ensure transparency, such order to ensure transparency, such exclusive agreements should be published exclusive agreements should be published online, regardless of a possible publication online at least two months before their of an award of a public procurement entry into force, regardless of a possible contract. publication of an award of a public procurement contract. This Regulation should not be read as preventing data licensors to public sector bodies from concluding agreements, which limit the re-use of such licenced data, where a data license addresses the manner of delivery, maintenance and control of the data, as
AM\1232072EN.docx 21/138 PE692.940v01-00 EN well as data security policies, practices and protocols, in particular where the data comprises personal or sensitive financial, technical or commercial information.
Or. en
Amendment 175 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Recital 9
Text proposed by the Commission Amendment
(9) Public sector bodies should comply (9) Public sector bodies should comply with competition law when establishing the with competition law when establishing the principles for re-use of data they hold, principles for re-use of data they hold, avoiding as far as possible the conclusion avoiding the conclusion of agreements, of agreements, which might have as their which might have as their objective or objective or effect the creation of exclusive effect the creation of exclusive rights for rights for the re-use of certain data. Such the re-use of certain data. Such agreement agreement should be only possible when should be only possible when justified and justified and necessary for the provision of necessary for the provision of a service of a service of general interest. This may be general interest. This may be the case when the case when exclusive use of the data is exclusive use of the data is the only way to the only way to maximise the societal maximise the societal benefits of the data benefits of the data in question, for in question, for example where there is example where there is only one entity only one entity (which has specialised in (which has specialised in the processing of the processing of a specific dataset) a specific dataset) capable of delivering the capable of delivering the service or the service or the product which allows the product which allows the public sector public sector body to provide an advanced body to provide an advanced digital service digital service in the general interest. Such in the general interest. Such arrangements arrangements should, however, be should, however, be concluded in concluded in compliance with public compliance with public procurement rules procurement rules and be subject to regular and be subject to regular review based on a review based on a market analysis in order market analysis in order to ascertain to ascertain whether such exclusivity whether such exclusivity continues to be continues to be necessary. In addition, such necessary. In addition, such arrangements arrangements should comply with the should comply with the relevant State aid relevant State aid rules, as appropriate, and rules, as appropriate, and should be should be concluded for a limited period, concluded for a limited period, which which should not exceed three years. In should not exceed three years. In order to order to ensure transparency, such ensure transparency, such exclusive
PE692.940v01-00 22/138 AM\1232072EN.docx EN exclusive agreements should be published agreements should be published online, online, regardless of a possible publication regardless of a possible publication of an of an award of a public procurement award of a public procurement contract. contract.
Or. en
Amendment 176 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 11
Text proposed by the Commission Amendment
(11) Conditions for re-use of protected (11) Conditions for re-use of protected data that apply to public sector bodies data that apply to public sector bodies competent under national law to allow re- competent under national law to allow re- use, and which should be without prejudice use, and which should be without prejudice to rights or obligations concerning access to rights or obligations concerning access to such data, should be laid down. Those to such data, should be laid down. Those conditions should be non-discriminatory, conditions should be non-discriminatory, proportionate and objectively justified, proportionate and objectively justified, while not restricting competition. In while not restricting competition. In particular, public sector bodies allowing re- particular, public sector bodies allowing re- use should have in place the technical use should have in place the technical means necessary to ensure the protection of means necessary to ensure the protection of rights and interests of third parties. rights and interests of third parties. Conditions attached to the re-use of data Conditions attached to the re-use of data should be limited to what is necessary to should be limited to what is necessary to preserve the rights and interests of others in preserve the rights and interests of others in the data and the integrity of the information the data and the integrity of the information technology and communication systems of technology and communication systems of the public sector bodies. Public sector the public sector bodies. Public sector bodies should apply conditions which best bodies should apply conditions which best serve the interests of the re-user without serve the interests of the re-user without leading to a disproportionate effort for the requiring a disproportionate effort for the public sector. Depending on the case at public sector. Depending on the case at hand, before its transmission, personal data hand, before its transmission, personal data should be fully anonymised, so as to should be fully anonymised, so as to definitively not allow the identification of definitively not allow the identification of the data subjects, or data containing the data subjects, or data containing commercially confidential information commercially confidential information modified in such a way that no confidential modified in such a way that no confidential information is disclosed. Where provision information is disclosed. Where this does of anonymised or modified data would not not create meaningful risks for the rights
AM\1232072EN.docx 23/138 PE692.940v01-00 EN respond to the needs of the re-user, on- and interests of data subjects, on-premise premise or remote re-use of the data within or remote re-use of the data within a secure a secure processing environment could be processing environment could be permitted. Data analyses in such secure permitted. Data analyses in such secure processing environments should be processing environments should be supervised by the public sector body, so as supervised by the public sector body, so as to protect the rights and interests of others. to protect the rights and interests of others. In particular, personal data should only be In particular, personal data should only be transmitted for re-use to a third party where transmitted for re-use to a third party where a legal basis allows such transmission. The a legal basis under Regulation 2016/679 public sector body could make the use of allows such transmission. The public sector such secure processing environment body could make the use of such secure conditional on the signature by the re-user processing environment conditional on the of a confidentiality agreement that signature by the re-user of a confidentiality prohibits the disclosure of any information agreement that prohibits the disclosure of that jeopardises the rights and interests of any information that jeopardises the rights third parties that the re-user may have and interests of third parties that the re-user acquired despite the safeguards put in may have acquired despite the safeguards place. The public sector bodies, where put in place. The public sector bodies, relevant, should facilitate the re-use of data where relevant, should facilitate the re-use on the basis of consent of data subjects or of personal data on the basis of informed permissions of legal persons on the re-use consent of data subjects or, with regard to of data pertaining to them through non-personal data, on the basis of adequate technical means. In this respect, permissions of legal persons on the re-use the public sector body should support of data pertaining to them, through the use potential re-users in seeking such consent of adequate technical means. In this by establishing technical mechanisms that respect, the public sector body should permit transmitting requests for consent support potential re-users in seeking such from re-users, where practically feasible. consent by establishing technical No contact information should be given mechanisms that permit transmitting that allows re-users to contact data subjects requests for consent from re-users, where or companies directly. practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly. When transmitting the request to consent, the public sector body should ensure that the request is presented in a neutral way and that the data subject is clearly informed about the possibility to refuse such a request, risks involved in giving consent and how to subsequently easily revoke their consent.
Or. en
Amendment 177 Andrey Kovatchev
PE692.940v01-00 24/138 AM\1232072EN.docx EN Proposal for a regulation Recital 11
Text proposed by the Commission Amendment
(11) Conditions for re-use of protected (11) Conditions for re-use of protected data that apply to public sector bodies data that apply to public sector bodies competent under national law to allow re- competent under national law to allow re- use, and which should be without prejudice use, and which should be without prejudice to rights or obligations concerning access to rights or obligations concerning access to such data, should be laid down. Those to such data, should be laid down. Those conditions should be non-discriminatory, conditions should be non-discriminatory, proportionate and objectively justified, proportionate and objectively justified, while not restricting competition. In while not restricting competition. In particular, public sector bodies allowing re- particular, public sector bodies allowing re- use should have in place the technical use should have in place the technical means necessary to ensure the protection of means necessary to ensure the protection of rights and interests of third parties. rights and interests of third parties. Conditions attached to the re-use of data Conditions attached to the re-use of data should be limited to what is necessary to should be limited to what is necessary to preserve the rights and interests of others in preserve the rights and interests of others in the data and the integrity of the information the data and the integrity of the information technology and communication systems of technology and communication systems of the public sector bodies. Public sector the public sector bodies. Safeguards bodies should apply conditions which best against the de-anonymization and serve the interests of the re-user without identification of natural persons should leading to a disproportionate effort for the be provided for. Public sector bodies public sector. Depending on the case at should apply conditions which best serve hand, before its transmission, personal data the interests of the re-user without leading should be fully anonymised, so as to to a disproportionate effort for the public definitively not allow the identification of sector. Depending on the case at hand, the data subjects, or data containing before its transmission, personal data commercially confidential information should be fully anonymised, so as to modified in such a way that no confidential definitively not allow the identification of information is disclosed. Where provision the data subjects, or data containing of anonymised or modified data would not commercially confidential information respond to the needs of the re-user, on- modified in such a way that no confidential premise or remote re-use of the data within information is disclosed. Where provision a secure processing environment could be of anonymised or modified data would not permitted. Data analyses in such secure respond to the needs of the re-user, on- processing environments should be premise or remote re-use of the data within supervised by the public sector body, so as a secure processing environment could be to protect the rights and interests of others. permitted. Data analyses in such secure In particular, personal data should only be processing environments should be transmitted for re-use to a third party where supervised by the public sector body, so as a legal basis allows such transmission. The to protect the rights and interests of others. public sector body could make the use of In particular, personal data should only be such secure processing environment transmitted for re-use to a third party where
AM\1232072EN.docx 25/138 PE692.940v01-00 EN conditional on the signature by the re-user a legal basis allows such transmission. The of a confidentiality agreement that public sector body could make the use of prohibits the disclosure of any information such secure processing environment that jeopardises the rights and interests of conditional on the signature by the re-user third parties that the re-user may have of a confidentiality agreement that acquired despite the safeguards put in prohibits the disclosure of any information place. The public sector bodies, where that jeopardises the rights and interests of relevant, should facilitate the re-use of data third parties that the re-user may have on the basis of consent of data subjects or acquired despite the safeguards put in permissions of legal persons on the re-use place. The public sector bodies, where of data pertaining to them through relevant, should facilitate the re-use of data adequate technical means. In this respect, on the basis of consent of data subjects or the public sector body should support permissions of legal persons on the re-use potential re-users in seeking such consent of data pertaining to them through by establishing technical mechanisms that adequate technical means. In this respect, permit transmitting requests for consent the public sector body should support from re-users, where practically feasible. potential re-users in seeking such consent No contact information should be given by establishing technical mechanisms that that allows re-users to contact data subjects permit transmitting requests for consent or companies directly. from re-users, where practically feasible. No contact information should be given that allows re-users to contact data subjects or companies directly. Commercially confidential data, which is not capable of protection by these measures, should not be made available for re-use.
Or. en
Amendment 178 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Recital 11
Text proposed by the Commission Amendment
(11) Conditions for re-use of protected (11) It is necessary to establish data that apply to public sector bodies conditions for re-use of protected data that competent under national law to allow re- apply to public sector bodies competent use, and which should be without prejudice under national law to allow re-use, and to rights or obligations concerning access which should be without prejudice to rights to such data, should be laid down. Those or obligations concerning access to such conditions should be non-discriminatory, data. Those conditions should be non- proportionate and objectively justified, discriminatory, proportionate and while not restricting competition. In objectively justified, while not restricting
PE692.940v01-00 26/138 AM\1232072EN.docx EN particular, public sector bodies allowing re- competition. In particular, public sector use should have in place the technical bodies allowing re-use should have in means necessary to ensure the protection of place the technical means necessary to rights and interests of third parties. ensure the protection of rights and interests Conditions attached to the re-use of data of third parties. Conditions attached to the should be limited to what is necessary to re-use of data should be limited to what is preserve the rights and interests of others in necessary to preserve the rights and the data and the integrity of the information interests of others in the data and the technology and communication systems of integrity of the information technology and the public sector bodies. Public sector communication systems of the public bodies should apply conditions which best sector bodies. Public sector bodies should serve the interests of the re-user without apply conditions which best serve the leading to a disproportionate effort for the interests of the re-user without leading to a public sector. Depending on the case at disproportionate effort for the public hand, before its transmission, personal data sector. Depending on the case at hand, should be fully anonymised, so as to before its transmission, personal data definitively not allow the identification of should be fully anonymised, so as to the data subjects, or data containing definitively not allow the identification of commercially confidential information the data subjects, or data containing modified in such a way that no confidential commercially confidential information information is disclosed. Where provision modified in such a way that no confidential of anonymised or modified data would not information is disclosed. Where provision respond to the needs of the re-user, on- of anonymised or modified data would not premise or remote re-use of the data within respond to the needs of the re-user, on- a secure processing environment could be premise or remote re-use of the data within permitted. Data analyses in such secure a secure processing environment could be processing environments should be permitted. Data analyses in such secure supervised by the public sector body, so as processing environments should be to protect the rights and interests of others. supervised by the public sector body, so as In particular, personal data should only be to protect the rights and interests of others. transmitted for re-use to a third party where In particular, personal data should only be a legal basis allows such transmission. The transmitted for re-use to a third party where public sector body could make the use of a legal basis allows such transmission. The such secure processing environment public sector body could make the use of conditional on the signature by the re-user such secure processing environment of a confidentiality agreement that conditional on the signature by the re-user prohibits the disclosure of any information of a confidentiality agreement that that jeopardises the rights and interests of prohibits the disclosure of any information third parties that the re-user may have that jeopardises the rights and interests of acquired despite the safeguards put in third parties that the re-user may have place. The public sector bodies, where acquired despite the safeguards put in relevant, should facilitate the re-use of data place. The public sector bodies, where on the basis of consent of data subjects or relevant, should facilitate the re-use of data permissions of legal persons on the re-use on the basis of consent of data subjects or of data pertaining to them through permissions of legal persons on the re-use adequate technical means. In this respect, of data pertaining to them through the public sector body should support adequate technical means. In this respect, potential re-users in seeking such consent the public sector body should support by establishing technical mechanisms that potential re-users in seeking such consent
AM\1232072EN.docx 27/138 PE692.940v01-00 EN permit transmitting requests for consent by establishing technical mechanisms that from re-users, where practically feasible. permit transmitting requests for consent No contact information should be given from re-users, where practically feasible. that allows re-users to contact data subjects No contact information should be given or companies directly. that allows re-users to contact data subjects or companies directly.
Or. en
Amendment 179 David Cormand
Proposal for a regulation Recital 12
Text proposed by the Commission Amendment
(12) The intellectual property rights of (12) The intellectual property rights of third parties should not be affected by this third parties should not be affected by this Regulation. This Regulation should neither Regulation. This Regulation should neither affect the existence or ownership of affect the existence or ownership of intellectual property rights of public sector intellectual property rights of public sector bodies, nor should it limit the exercise of bodies, nor should it limit the exercise of these rights in any way beyond the these rights in any way beyond the boundaries set by this Regulation. The boundaries set by this Regulation. The obligations imposed in accordance with obligations imposed in accordance with this Regulation should apply only insofar this Regulation should apply only insofar as they are compatible with international as they are compatible with international agreements on the protection of intellectual agreements on the protection of intellectual property rights, in particular the Berne property rights, in particular the Berne Convention for the Protection of Literary Convention for the Protection of Literary and Artistic Works (Berne Convention), and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way however, exercise their copyright in a way that facilitates re-use. that facilitates re-use and encourages a transparent and cooperative approach to data, including by using a Creative Commons approach to licensing to data that is not already open data.
Or. en
PE692.940v01-00 28/138 AM\1232072EN.docx EN Amendment 180 Andrey Kovatchev
Proposal for a regulation Recital 12
Text proposed by the Commission Amendment
(12) The intellectual property rights of (12) The intellectual property rights of third parties should not be affected by this third parties should not be affected by this Regulation. This Regulation should neither Regulation. This Regulation should neither affect the existence or ownership of affect the existence or ownership of intellectual property rights of public sector intellectual property rights of public sector bodies, nor should it limit the exercise of bodies, nor should it limit the exercise of these rights in any way beyond the these rights in any way beyond the boundaries set by this Regulation. The boundaries set by this Regulation. The obligations imposed in accordance with obligations imposed in accordance with this Regulation should apply only insofar this Regulation should apply only insofar as they are compatible with international as they are compatible with international agreements on the protection of intellectual agreements on the protection of intellectual property rights, in particular the Berne property rights, in particular the Berne Convention for the Protection of Literary Convention for the Protection of Literary and Artistic Works (Berne Convention), and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, Treaty (WCT), and Union intellectual however, exercise their copyright in a way property rules. Public sector bodies should, that facilitates re-use. however, exercise their copyright in a way that facilitates re-use.
Or. en
Amendment 181 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Recital 12
Text proposed by the Commission Amendment
(12) The intellectual property rights of (12) The intellectual property rights of third parties should not be affected by this third parties should be ensured by this Regulation. This Regulation should neither Regulation. This Regulation should neither affect the existence or ownership of affect the existence or ownership of intellectual property rights of public sector intellectual property rights of public sector
AM\1232072EN.docx 29/138 PE692.940v01-00 EN bodies, nor should it limit the exercise of bodies, nor should it limit the exercise of these rights in any way beyond the these rights in any way beyond the boundaries set by this Regulation. The boundaries set by this Regulation. The obligations imposed in accordance with obligations imposed in accordance with this Regulation should apply only insofar this Regulation should apply only insofar as they are compatible with international as they are compatible with international agreements on the protection of intellectual agreements on the protection of intellectual property rights, in particular the Berne property rights, in particular the Berne Convention for the Protection of Literary Convention for the Protection of Literary and Artistic Works (Berne Convention), and Artistic Works (Berne Convention), the Agreement on Trade-Related Aspects the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS of Intellectual Property Rights (TRIPS Agreement) and the WIPO Copyright Agreement) and the WIPO Copyright Treaty (WCT). Public sector bodies should, Treaty (WCT). Public sector bodies should, however, exercise their copyright in a way however, exercise their copyright in a way that facilitates re-use. that facilitates re-use.
Or. en
Amendment 182 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Adriana Maldonado López
Proposal for a regulation Recital 13
Text proposed by the Commission Amendment
(13) Data subject to intellectual property (13) Data subject to intellectual property rights as well as trade secrets should only rights as well as trade secrets should only be transmitted to a third party where such be transmitted to a third party where such transmission is lawful by virtue of Union transmission is lawful by virtue of Union or national law or with the agreement of or national law and with the agreement of the rightholder. Where public sector bodies the rightholder. Where public sector bodies are holders of the right provided for in are holders of the right provided for in Article 7(1) of Directive 96/9/EC of the Article 7(1) of Directive 96/9/EC of the European Parliament and of the Council (41 European Parliament and of the Council (41 ) they should not exercise that right in ) they should not exercise that right in order to prevent the re-use of data or to order to prevent the re-use of data or to restrict re-use beyond the limits set by this restrict re-use beyond the limits set by this Regulation. Regulation. ______41 Directive 96/9/EC of the European 41 Directive 96/9/EC of the European Parliament and of the Council of 11 March Parliament and of the Council of 11 March 1996 on the legal protection of databases 1996 on the legal protection of databases
PE692.940v01-00 30/138 AM\1232072EN.docx EN (OJ L 77, 27.3.1996, p. 20). (OJ L 77, 27.3.1996, p. 20).
Or. en
Amendment 183 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 14
Text proposed by the Commission Amendment
(14) Companies and data subjects (14) Companies and data subjects should be able to trust that the re-use of should be able to trust that the re-use of certain categories of protected data, which certain categories of protected data, which are held by the public sector, will take are held by the public sector, will take place in a manner that respects their rights place in a manner that respects their rights and interests. Additional safeguards should and interests. Additional safeguards should thus be put in place for situations in which thus be put in place for situations in which the re-use of such public sector data is the re-use of such public sector data is taking place on the basis of a processing of taking place on the basis of a processing of the data outside the public sector. Such an the data outside the public sector. Such an additional safeguard could be found in the additional safeguard could be found in the requirement that public sector bodies requirement that public sector bodies should take fully into account the rights should fully respect the rights and interests and interests of natural and legal persons of natural and legal persons (in particular (in particular the protection of personal the protection of personal data, data, commercially sensitive data and the commercially sensitive data and the protection of intellectual property rights) in protection of intellectual property rights). case such data is transferred to third Particular care is needed when such data countries. is transferred to third countries.
Or. en
Amendment 184 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Recital 14 a (new)
Text proposed by the Commission Amendment
(14a) Protected data of EU citizens or companies held by a public-sector body of
AM\1232072EN.docx 31/138 PE692.940v01-00 EN a Member State may not be shared for transmission to third countries or processed outside the European Union by another Member State.
Or. fr
Amendment 185 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Recital 14 b (new)
Text proposed by the Commission Amendment
(14b) A public-sector body in a Member State may not be required to share protected data of EU citizens or companies that it holds.
Or. fr
Amendment 186 Andrey Kovatchev
Proposal for a regulation Recital 15
Text proposed by the Commission Amendment
(15) Furthermore, it is important to (15) Furthermore, it is important to protect commercially sensitive data of non- protect commercially sensitive data of non- personal nature, notably trade secrets, but personal nature, notably trade secrets, but also non-personal data representing content also non-personal data representing content protected by intellectual property rights protected by intellectual property rights from unlawful access that may lead to IP from unlawful access that may lead to IP theft or industrial espionage. In order to theft or industrial espionage. In order to ensure the protection of fundamental rights ensure the protection of fundamental rights or interests of data holders, non-personal or interests of data holders, non-personal data which is to be protected from unlawful data which is to be protected from unlawful or unauthorised access under Union or or unauthorised access under Union or national law, and which is held by public national law, and which is held by public sector bodies, should be transferred only to sector bodies, should be transferred only to third-countries where appropriate third-countries where appropriate safeguards for the use of data are provided. safeguards for the use of data are provided.
PE692.940v01-00 32/138 AM\1232072EN.docx EN Such appropriate safeguards should be Such appropriate safeguards should be considered to exist when in that third- considered to exist when in that third- country there are equivalent measures in country there are equivalent measures in place which ensure that non-personal data place which ensure that non-personal data benefits from a level of protection similar benefits from a level of protection similar to that applicable by means of Union or to that applicable by means of Union or national law in particular as regards the national law in particular as regards the protection of trade secrets and the protection of trade secrets and the protection of intellectual property rights. protection of intellectual property rights. To that end, the Commission may adopt To that end, the Commission may adopt implementing acts that declare that a third implementing acts that declare that a third country provides a level of protection that country provides a level of protection that is essentially equivalent to those provided is essentially equivalent to those provided by Union or national law. The assessment by Union or national law. In addition to of the level of protection afforded in such that, should there be any worrying cases third-country should, in particular, take concerning the re-use of non-personalised into consideration the relevant legislation, data in third countries, the Commission both general and sectoral, including should take them into account when concerning public security, defence, considering the adoption of implementing national security and criminal law acts. The assessment of the level of concerning the access to and protection of protection afforded in such third-country non-personal data, any access by the public should, in particular, take into authorities of that third country to the data consideration the relevant legislation, both transferred, the existence and effective general and sectoral, including concerning functioning of one or more independent public security, defence, national security supervisory authorities in the third country and criminal law concerning the access to with responsibility for ensuring and and protection of non-personal data, any enforcing compliance with the legal regime access by the public authorities of that third ensuring access to such data, or the third country to the data transferred, the countries’ international commitments existence and effective functioning of one regarding the protection of data the third or more independent supervisory country concerned has entered into, or authorities in the third country with other obligations arising from legally responsibility for ensuring and enforcing binding conventions or instruments as well compliance with the legal regime ensuring as from its participation in multilateral or access to such data, or the third countries’ regional systems. The existence of international commitments regarding the effective legal remedies for data holders, protection of data the third country public sector bodies or data sharing concerned has entered into, or other providers in the third country concerned is obligations arising from legally binding of particular importance in the context of conventions or instruments as well as from the transfer of non-personal data to that its participation in multilateral or regional third country. Such safeguards should systems. The existence of effective legal therefore include the availability of remedies for data holders, public sector enforceable rights and of effective legal bodies or data sharing providers in the third remedies. country concerned is of particular importance in the context of the transfer of non-personal data to that third country. Such safeguards should therefore include the availability of enforceable rights and of
AM\1232072EN.docx 33/138 PE692.940v01-00 EN effective legal remedies.
Or. en
Amendment 187 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 15
Text proposed by the Commission Amendment
(15) Furthermore, it is important to (15) Furthermore, it is important to protect commercially sensitive data of non- protect commercially sensitive data of non- personal nature, notably trade secrets, but personal nature, notably trade secrets, but also non-personal data representing content also non-personal data representing content protected by intellectual property rights protected by intellectual property rights from unlawful access that may lead to IP from unlawful access that may lead to IP theft or industrial espionage. In order to theft or industrial espionage. In order to ensure the protection of fundamental rights ensure the protection of fundamental rights or interests of data holders, non-personal or interests of data holders, non-personal data which is to be protected from unlawful data which is to be protected from unlawful or unauthorised access under Union or or unauthorised access under Union or national law, and which is held by public national law, and which is held by public sector bodies, should be transferred only to sector bodies, should be transferred only to third-countries where appropriate third-countries where appropriate safeguards for the use of data are provided. safeguards for the use of data are provided. Such appropriate safeguards should be Such appropriate safeguards should be considered to exist when in that third- considered to exist when in that third- country there are equivalent measures in country there are equivalent measures in place which ensure that non-personal data place which ensure that non-personal data benefits from a level of protection similar benefits from a level of protection similar to that applicable by means of Union or to that applicable by means of Union or national law in particular as regards the national law in particular as regards the protection of trade secrets and the protection of trade secrets and the protection of intellectual property rights. protection of intellectual property rights. To that end, the Commission may adopt To that end, the Commission may adopt implementing acts that declare that a third implementing acts that declare that a third country provides a level of protection that country provides a level of protection that is essentially equivalent to those provided is essentially equivalent to those provided by Union or national law. The assessment by Union or national law. The assessment of the level of protection afforded in such of the level of protection afforded in such third-country should, in particular, take third-country should, in particular, take into consideration the relevant legislation, into consideration the relevant legislation, both general and sectoral, including both general and sectoral, including concerning public security, defence, concerning public security, defence,
PE692.940v01-00 34/138 AM\1232072EN.docx EN national security and criminal law national security and criminal law concerning the access to and protection of concerning the access to and protection of non-personal data, any access by the public non-personal data, any access by the public authorities of that third country to the data authorities of that third country to the data transferred, the existence and effective transferred, the existence and effective functioning of one or more independent functioning of one or more independent supervisory authorities in the third country supervisory authorities in the third country with responsibility for ensuring and with responsibility for ensuring and enforcing compliance with the legal regime enforcing compliance with the legal regime ensuring access to such data, or the third ensuring access to such data, or the third countries’ international commitments countries’ international commitments regarding the protection of data the third regarding the protection of data the third country concerned has entered into, or country concerned has entered into, or other obligations arising from legally other obligations arising from legally binding conventions or instruments as well binding conventions or instruments as well as from its participation in multilateral or as from its participation in multilateral or regional systems. The existence of regional systems. The existence of effective legal remedies for data holders, effective legal remedies for data subjects public sector bodies or data sharing and data holders, public sector bodies or providers in the third country concerned is data sharing providers in the third country of particular importance in the context of concerned is of particular importance in the the transfer of non-personal data to that context of the transfer of non-personal data third country. Such safeguards should to that third country. Such safeguards therefore include the availability of should therefore include the availability of enforceable rights and of effective legal enforceable rights and of effective legal remedies. remedies.
Or. en
Amendment 188 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Recital 15 a (new)
Text proposed by the Commission Amendment
(15a) Companies which are located in third countries and which have experienced significant security breaches involving protected or personal data of European origin for which they were responsible in the 10 years prior to their request will be deemed not to offer appropriate safeguards to obtain data of European origin.
AM\1232072EN.docx 35/138 PE692.940v01-00 EN Or. fr
Amendment 189 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 15 b (new)
Text proposed by the Commission Amendment
(15b) A third country which has not penalised a significant security lapse on the part of a firm processing personal or protected data of European origin will be deemed not to offer appropriate safeguards.
Or. fr
Amendment 190 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 15 c (new)
Text proposed by the Commission Amendment
(15c) Third countries engaging in economic espionage against EU companies cannot be deemed to offer appropriate safeguards regarding the processing by their companies of protected data of European origin.
Or. fr
Amendment 191 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 16 a (new)
PE692.940v01-00 36/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(16a) To ensure the proper enforcement of such obligations, the re-user located in a third country or another Member State should also authorise any inspection deemed necessary by the public-sector body which authorised re-use.
Or. fr
Amendment 192 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Recital 16 b (new)
Text proposed by the Commission Amendment
(16b) A Member State should be able to require cloud providers and digital undertakings operating in the European Union, whether located in the European Union or in a third country, to grant access to any relevant personal data linked to terrorism, even if they are stored in a third country.
Or. fr
Amendment 193 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Recital 17
Text proposed by the Commission Amendment
(17) Some third countries adopt laws, deleted regulations and other legal acts which aim at directly transferring or providing access to non-personal data in the Union under the control of natural and legal persons under the jurisdiction of the
AM\1232072EN.docx 37/138 PE692.940v01-00 EN Member States. Judgments of courts or tribunals or decisions of administrative authorities in third countries requiring such transfer or access to non-personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. In some cases, situations may arise where the obligation to transfer or provide access to non-personal data arising from a third country law conflicts with a competing obligation to protect such data under Union or national law, in particular as regards the protection of commercially sensitive data and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law. In the absence of international agreements regulating such matters, transfer or access should only be allowed under certain conditions, in particular that the third-country system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and the reasoned objection of the addressee is subject to a review by a competent court in the third country, which is empowered to take duly into account the relevant legal interests of the provider of such data.
Or. fr
Amendment 194 Andrey Kovatchev
Proposal for a regulation Recital 17
Text proposed by the Commission Amendment
(17) Some third countries adopt laws, (17) Some third countries adopt laws, regulations and other legal acts which aim regulations and other legal acts which aim
PE692.940v01-00 38/138 AM\1232072EN.docx EN at directly transferring or providing access at directly transferring or providing access to non-personal data in the Union under the to non-personal data in the Union under the control of natural and legal persons under control of natural and legal persons under the jurisdiction of the Member States. the jurisdiction of the Member States. The Judgments of courts or tribunals or public sector bodies, natural and legal decisions of administrative authorities in entities, data intermediation service third countries requiring such transfer or providers and data altruism organisations access to non-personal data should be which have granted or have been granted enforceable when based on an international the right to share or re-use data, should agreement, such as a mutual legal ensure that whenever entering assistance treaty, in force between the contractual relations with third-parties, requesting third country and the Union or a non-personal data held in the Union can Member State. In some cases, situations only be accessed by or transferred to third may arise where the obligation to transfer countries if Union data protection law, or provide access to non-personal data security rules and consumer protection arising from a third country law conflicts law or the data protection law, security with a competing obligation to protect such rules and consumer protection law of the data under Union or national law, in relevant Member State are respected. particular as regards the protection of They should also comply with, whenever commercially sensitive data and the possible, the highest level of technical protection of intellectual property rights, standards, codes of conduct and and including its contractual undertakings certifications at Union level. Judgments of regarding confidentiality in accordance courts or tribunals or decisions of with such law. In the absence of administrative authorities in third countries international agreements regulating such requiring such transfer or access to non- matters, transfer or access should only be personal data should be enforceable when allowed under certain conditions, in based on an international agreement, such particular that the third-country system as a mutual legal assistance treaty, in force requires the reasons and proportionality of between the requesting third country and the decision to be set out, that the court the Union or a Member State. In some order or the decision is specific in cases, situations may arise where the character, and the reasoned objection of the obligation to transfer or provide access to addressee is subject to a review by a non-personal data arising from a third competent court in the third country, which country law conflicts with a competing is empowered to take duly into account the obligation to protect such data under Union relevant legal interests of the provider of or national law, in particular as regards the such data. protection of commercially sensitive data and the protection of intellectual property rights, and including its contractual undertakings regarding confidentiality in accordance with such law. In the absence of international agreements regulating such matters, transfer or access should only be allowed under certain conditions, in particular that the third-country system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and the reasoned objection of the
AM\1232072EN.docx 39/138 PE692.940v01-00 EN addressee is subject to a review by a competent court in the third country, which is empowered to take duly into account the relevant legal interests of the provider of such data.
Or. en
Amendment 195 Anne-Sophie Pelletier
Proposal for a regulation Recital 19
Text proposed by the Commission Amendment
(19) In order to build trust in re-use (19) In order to build trust in re-use mechanisms, it may be necessary to attach mechanisms, it may be necessary to attach stricter conditions for certain types of non- stricter conditions for certain types of non- personal data that have been identified as personal data that have been identified as highly sensitive, as regards the transfer to highly sensitive by means of a specific third countries, if such transfer could Union act, as regards the transfer to third jeopardise public policy objectives, in line countries, if such transfer could jeopardise with international commitments. For public policy objectives, in line with example, in the health domain, certain international commitments. For example, datasets held by actors in the public health in the health domain, certain datasets held system, such as public hospitals, could be by actors in the public health system, such identified as highly sensitive health data. In as public hospitals, could be identified as order to ensure harmonised practices across highly sensitive health data. Insurance the Union, such types of highly sensitive companies, laboratories, databases or any non-personal public data should be defined other service provider should not be by Union law, for example in the context authorised to use highly sensitive data or of the European Health Data Space or other data from eHealth applications for the sectoral legislation. The conditions purpose of discrimination in pricing, attached to the transfer of such data to third advertising targeting or commercial countries should be laid down in delegated application development, as this would acts. Conditions should be proportionate, run counter to the fundamental right of non-discriminatory and necessary to access to health. In order to ensure protect legitimate public policy objectives harmonised practices across the Union, identified, such as the protection of public such types of highly sensitive non-personal health, public order, safety, the public data should be defined by Union environment, public morals, consumer law, for example in the context of the protection, privacy and personal data European Health Data Space or other protection. The conditions should sectoral legislation. The conditions correspond to the risks identified in attached to the transfer of such data to third relation to the sensitivity of such data, countries should be laid down in delegated including in terms of the risk of the re- acts. Conditions should be transparent,
PE692.940v01-00 40/138 AM\1232072EN.docx EN identification of individuals. These proportionate, non-discriminatory and conditions could include terms applicable necessary to protect clearly identified for the transfer or technical arrangements, legitimate public policy objectives, such as such as the requirement of using a secure the protection of public health, public processing environment, limitations as order, safety, the environment, public regards the re-use of data in third-countries morals, consumer protection, privacy and or categories of persons which are entitled personal data protection. The conditions to transfer such data to third countries or should correspond to the risks identified in who can access the data in the third relation to the sensitivity of such data, country. In exceptional cases they could including in terms of the risk of the re- also include restrictions on transfer of the identification of individuals. These data to third countries to protect the public conditions could include terms applicable interest. for the transfer or technical arrangements, such as the requirement of using a secure processing environment, limitations as regards the re-use of data in third-countries or categories of persons which are entitled to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Or. fr
Amendment 196 Andrey Kovatchev
Proposal for a regulation Recital 19
Text proposed by the Commission Amendment
(19) In order to build trust in re-use (19) In order to build trust in re-use mechanisms, it may be necessary to attach mechanisms, it may be necessary to attach stricter conditions for certain types of non- stricter conditions for certain types of non- personal data that have been identified as personal data that have been identified as highly sensitive, as regards the transfer to highly sensitive, as regards the transfer to third countries, if such transfer could third countries, if such transfer could jeopardise public policy objectives, in line jeopardise public policy objectives, in line with international commitments. For with international commitments. For example, in the health domain, certain example, in the health domain, certain datasets held by actors in the public health datasets held by actors in the public health system, such as public hospitals, could be system, such as public hospitals, could be identified as highly sensitive health data. In identified as highly sensitive health data. In order to ensure harmonised practices across order to ensure harmonised practices across
AM\1232072EN.docx 41/138 PE692.940v01-00 EN the Union, such types of highly sensitive the Union, such types of highly sensitive non-personal public data should be defined non-personal public data should be defined by Union law, for example in the context by Union law, for example in the context of the European Health Data Space or other of the European Health Data Space or other sectoral legislation. The conditions sectoral legislation. Other sectors in which attached to the transfer of such data to third similar developments could be fostered countries should be laid down in delegated through European Data Spaces are acts. Conditions should be proportionate, industry, agriculture, finance, mobility, non-discriminatory and necessary to environment and energy, public protect legitimate public policy objectives administration, professional skills. The identified, such as the protection of public conditions attached to the transfer of such health, public order, safety, the data to third countries should be laid down environment, public morals, consumer in delegated acts. Conditions should be protection, privacy and personal data proportionate, non-discriminatory and protection. The conditions should necessary to protect legitimate public correspond to the risks identified in policy objectives identified, such as the relation to the sensitivity of such data, protection of public health, public order, including in terms of the risk of the re- safety, the environment, public morals, identification of individuals. These consumer protection, privacy and personal conditions could include terms applicable data protection. The conditions should for the transfer or technical arrangements, correspond to the risks identified in such as the requirement of using a secure relation to the sensitivity of such data, processing environment, limitations as including in terms of the risk of the re- regards the re-use of data in third-countries identification of individuals. These or categories of persons which are entitled conditions could include terms applicable to transfer such data to third countries or for the transfer or technical arrangements, who can access the data in the third such as the requirement of using a secure country. In exceptional cases they could processing environment, limitations as also include restrictions on transfer of the regards the re-use of data in third-countries data to third countries to protect the public or categories of persons which are entitled interest. to transfer such data to third countries or who can access the data in the third country. In exceptional cases they could also include restrictions on transfer of the data to third countries to protect the public interest.
Or. en
Amendment 197 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Recital 19
PE692.940v01-00 42/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(19) In order to build trust in re-use (19) In order to build trust in re-use mechanisms, it may be necessary to attach mechanisms, it is necessary to attach stricter conditions for certain types of non- stricter conditions for certain types of non- personal data that have been identified as personal data that have been identified as highly sensitive, as regards the transfer to highly sensitive, as regards the transfer to third countries, if such transfer could third countries, if such transfer could jeopardise public policy objectives, in line jeopardise public policy objectives, in line with international commitments. For with international commitments. For example, in the health domain, certain example, in the health domain, certain datasets held by actors in the public health datasets held by actors in the public health system, such as public hospitals, could be system, such as public hospitals, could be identified as highly sensitive health data. In identified as highly sensitive health data. In order to ensure harmonised practices across order to ensure harmonised practices across the Union, such types of highly sensitive the Union, such types of highly sensitive non-personal public data should be defined non-personal public data should be defined by Union law, for example in the context by Union law, for example in the context of the European Health Data Space or other of the European Health Data Space or other sectoral legislation. The conditions sectoral legislation. The conditions attached to the transfer of such data to third attached to the transfer of such data to third countries should be laid down in delegated countries should be laid down in delegated acts. Conditions should be proportionate, acts. Conditions should be proportionate, non-discriminatory and necessary to non-discriminatory and necessary to protect legitimate public policy objectives protect legitimate public policy objectives identified, such as the protection of public identified, such as the protection of public health, public order, safety, the health, public order, safety, the environment, public morals, consumer environment, public morals, consumer protection, privacy and personal data protection, privacy and personal data protection. The conditions should protection. The conditions should correspond to the risks identified in correspond to the risks identified in relation to the sensitivity of such data, relation to the sensitivity of such data, including in terms of the risk of the re- including in terms of the risk of the re- identification of individuals. These identification of individuals. These conditions could include terms applicable conditions could include terms applicable for the transfer or technical arrangements, for the transfer or technical arrangements, such as the requirement of using a secure such as the requirement of using a secure processing environment, limitations as processing environment, limitations as regards the re-use of data in third-countries regards the re-use of data in third-countries or categories of persons which are entitled or categories of persons which are entitled to transfer such data to third countries or to transfer such data to third countries or who can access the data in the third who can access the data in the third country. In exceptional cases they could country. In exceptional cases they could also include restrictions on transfer of the also include restrictions on transfer of the data to third countries to protect the public data to third countries to protect the public interest. interest.
Or. en
AM\1232072EN.docx 43/138 PE692.940v01-00 EN Amendment 198 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 20
Text proposed by the Commission Amendment
(20) Public sector bodies should be able (20) Public sector bodies should be able to charge fees for the re-use of data but to charge cost-based fees for the re-use of should also be able to decide to make the data but should also be able to decide to data available at lower or no cost, for make the data available at lower or no cost, example for certain categories of re-uses for example for certain categories of re- such as non-commercial re-use, or re-use uses such as non-commercial re-use, or re- by small and medium-sized enterprises, so use by small and medium-sized enterprises, as to incentivise such re-use in order to so as to facilitate such re-use in order to stimulate research and innovation and stimulate research and innovation and support companies that are an important support companies that are an important source of innovation and typically find it source of innovation and typically find it more difficult to collect relevant data more difficult to collect relevant data themselves, in line with State aid rules. themselves, in line with State aid rules. Such fees should be reasonable, Such fees should be reasonable, transparent, published online and non- transparent, published online and non- discriminatory. discriminatory.
Or. en
Amendment 199 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 21
Text proposed by the Commission Amendment
(21) In order to incentivise the re-use of (21) In order to facilitate the re-use of these categories of data, Member States these categories of data, Member States should establish a single information point should establish a single information point to act as the primary interface for re-users to act as the primary interface for re-users that seek to re-use such data held by the that seek to re-use such data held by the public sector bodies. It should have a public sector bodies. It should have a cross-sector remit, and should complement, cross-sector remit, and should complement, if necessary, arrangements at the sectoral if necessary, arrangements at the sectoral
PE692.940v01-00 44/138 AM\1232072EN.docx EN level. In addition, Member States should level. In addition, Member States should designate, establish or facilitate the designate, establish or facilitate the establishment of competent bodies to establishment of competent bodies to support the activities of public sector support the activities of public sector bodies allowing re-use of certain categories bodies allowing re-use of certain categories of protected data. Their tasks may include of protected data. Their tasks may include granting access to data, where mandated in granting access to data, where mandated in sectoral Union or Member States sectoral Union or Member States legislation. Those competent bodies should legislation. Those competent bodies should provide support to public sector bodies provide support to public sector bodies with state-of-the-art techniques, including with state-of-the-art techniques, including secure data processing environments, secure data processing environments, which allow data analysis in a manner that which allow data analysis in a manner that preserves the privacy of the information. preserves the privacy of the information. Such support structure could support the Such support structure could support the data holders with management of the data subjects and holders with consent, including consent to certain areas management of the consent, including of scientific research when in keeping with consent to certain areas of scientific recognised ethical standards for scientific research when in keeping with recognised research. Data processing should be ethical standards for scientific research. performed under the responsibility of the The competent bodies should not have a public sector body responsible for the supervisory function, which is reserved register containing the data, who remains a for supervisory authorities under data controller in the sense of Regulation Regulation (EU)2016/679. Without (EU) 2016/679 insofar as personal data are prejudice to the supervisory powers of concerned. Member States may have in data protection authorities, processing place one or several competent bodies, should be performed under the which could act in different sectors. responsibility of the public sector body responsible for the register containing the data, who remains a data controller in the sense of Regulation (EU) 2016/679 insofar as personal data are concerned. Member States may have in place one or several competent bodies, which could act in different sectors.
Or. en
Amendment 200 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 22
AM\1232072EN.docx 45/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(22) Providers of data sharing services (22) Providers of data sharing services (data intermediaries) are expected to play a (data intermediaries) are expected to play a key role in the data economy, as a tool to key role in the data economy, as a tool to facilitate the aggregation and exchange of facilitate the aggregation and exchange of substantial amounts of relevant data. Data substantial amounts of relevant data. Data intermediaries offering services that intermediaries offering services that connect the different actors have the connect the different actors have the potential to contribute to the efficient potential to contribute to the efficient pooling of data as well as to the facilitation pooling of data as well as to the facilitation of bilateral data sharing. Specialised data of bilateral data sharing. Specialised data intermediaries that are independent from intermediaries that are independent from both data holders and data users can have a both data holders and data users can have a facilitating role in the emergence of new facilitating role in the emergence of new data-driven ecosystems independent from data-driven ecosystems independent from any player with a significant degree of any player with a significant degree of market power. This Regulation should only market power. This Regulation should only cover providers of data sharing services cover providers of data sharing services that have as a main objective the that have as a main objective the establishment of a business, a legal and establishment of a business, a legal and potentially also technical relation between potentially also technical relation between data holders, including data subjects, on data holders, including data subjects, on the one hand, and potential users on the the one hand, and potential users on the other hand, and assist both parties in a other hand, and assist both parties in a transaction of data assets between the two. transaction of data assets between the two. It should only cover services aiming at It should only cover services aiming at intermediating between an indefinite intermediating between an indefinite number of data holders and data users, number of data subjects and holders and excluding data sharing services that are data users, excluding data sharing services meant to be used by a closed group of data that are meant to be used by a closed group holders and users. Providers of cloud of data subjects and holders and users. services should be excluded, as well as Providers of cloud services should be service providers that obtain data from data excluded, as well as service providers that holders, aggregate, enrich or transform the obtain data from data subjects and data data and licence the use of the resulting holders, aggregate, enrich or transform the data to data users, without establishing a data and licence the use of the resulting direct relationship between data holders data to data users, without establishing a and data users, for example advertisement direct relationship between data subjects or data brokers, data consultancies, and holders and data users, for example providers of data products resulting from advertisement or data brokers, data value added to the data by the service consultancies, providers of data products provider. At the same time, data sharing resulting from value added to the data by service providers should be allowed to the service provider. At the same time, data make adaptations to the data exchanged, to sharing service providers should be the extent that this improves the usability allowed to make adaptations to the data of the data by the data user, where the data exchanged, to the extent that this improves user desires this, such as to convert it into the usability of the data by the data user,
PE692.940v01-00 46/138 AM\1232072EN.docx EN specific formats. In addition, services that where the data user desires this, such as to focus on the intermediation of content, in convert it into specific formats. In addition, particular on copyright-protected content, services that focus on the intermediation of should not be covered by this Regulation. content, in particular on copyright- Data exchange platforms that are protected content, should not be covered by exclusively used by one data holder in this Regulation. Data exchange platforms order to enable the use of data they hold as that are exclusively used by one data well as platforms developed in the context holder in order to enable the use of data of objects and devices connected to the they hold as well as platforms developed in Internet-of-Things that have as their main the context of objects and devices objective to ensure functionalities of the connected to the Internet-of-Things that connected object or device and allow value have as their main objective to ensure added services, should not be covered by functionalities of the connected object or this Regulation. ‘Consolidated tape device and allow value added services, providers’ in the sense of Article 4 (1) should not be covered by this Regulation. point 53 of Directive 2014/65/EU of the ‘Consolidated tape providers’ in the sense European Parliament and of the Council42 of Article 4 (1) point 53 of Directive as well as ‘account information service 2014/65/EU of the European Parliament providers’ in the sense of Article 4 point 19 and of the Council42 as well as ‘account of Directive (EU) 2015/2366 of the information service providers’ in the sense European Parliament and of the Council43 of Article 4 point 19 of Directive (EU) should not be considered as data sharing 2015/2366 of the European Parliament and service providers for the purposes of this of the Council43 should not be considered Regulation. Entities which restrict their as data sharing service providers for the activities to facilitating use of data made purposes of this Regulation. Entities which available on the basis of data altruism and restrict their activities to facilitating use of that operate on a not-for-profit basis should data made available on the basis of data not be covered by Chapter III of this altruism and that operate on a not-for-profit Regulation, as this activity serves basis should not be covered by Chapter III objectives of general interest by increasing of this Regulation, as this activity serves the volume of data available for such objectives of general interest by increasing purposes. the volume of data available for such purposes. ______42 Directive 2014/65/EU of the European 42 Directive 2014/65/EU of the European Parliament and of the Council of 15 May Parliament and of the Council of 15 May 2014 on markets in financial instruments 2014 on markets in financial instruments and amending Directive 2002/92/EC and and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L 173/349. Directive 2011/61/EU, OJ L 173/349. 43 Directive (EU) 2015/2366 of the 43 Directive (EU) 2015/2366 of the European Parliament and of the Council of European Parliament and of the Council of 25 November 2015 on payment services in 25 November 2015 on payment services in the internal market, amending Directives the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 1093/2010, and repealing Directive 2007/64/EC. 2007/64/EC.
AM\1232072EN.docx 47/138 PE692.940v01-00 EN Or. en
Amendment 201 Anne-Sophie Pelletier
Proposal for a regulation Recital 23
Text proposed by the Commission Amendment
(23) A specific category of data (23) A specific category of data intermediaries includes providers of data intermediaries includes providers of data sharing services that offer their services to sharing services that offer their services to data subjects in the sense of Regulation data subjects in the sense of Regulation (EU) 2016/679. Such providers focus (EU) 2016/679. Such providers focus exclusively on personal data and seek to exclusively on personal data and seek to enhance individual agency and the enhance individual agency and the individuals’ control over the data individuals’ control over the data pertaining to them. They would assist pertaining to them. They would assist individuals in exercising their rights under individuals in exercising their rights under Regulation (EU) 2016/679, in particular Regulation (EU) 2016/679, in particular managing their consent to data processing, managing their consent to data processing, the right of access to their own data, the the right of access to their own data, the right to the rectification of inaccurate right to the rectification of inaccurate personal data, the right of erasure or right personal data, the right of erasure or right ‘to be forgotten’, the right to restrict ‘to be forgotten’, the right to withdraw processing and the data portability right, their consent, the right to restrict which allows data subjects to move their processing and the data portability right, personal data from one controller to the which allows data subjects to move their other. In this context, it is important that personal data from one controller to the their business model ensures that there are other. In this context, it is important that no misaligned incentives that encourage their business model ensures that there are individuals to make more data available for no misaligned incentives that encourage processing than what is in the individuals’ individuals to make more data available for own interest. This could include advising processing than what is in the individuals’ individuals on uses of their data they could own interest. This could include advising allow and making due diligence checks on individuals on uses of their data they could data users before allowing them to contact allow and making due diligence checks on data subjects, in order to avoid fraudulent data users before allowing them to contact practices. In certain situations, it could be data subjects, in order to avoid fraudulent desirable to collate actual data within a practices. In certain situations, it could be personal data storage space, or ‘personal desirable to collate actual data within a data space’ so that processing can happen personal data storage space, or ‘personal within that space without personal data data space’ so that processing can happen being transmitted to third parties in order to within that space without personal data maximise the protection of personal data being transmitted to third parties in order to and privacy. maximise the protection of personal data
PE692.940v01-00 48/138 AM\1232072EN.docx EN and privacy.
Or. en
Amendment 202 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 25
Text proposed by the Commission Amendment
(25) In order to increase trust in such (25) In order to increase trust in such data sharing services, in particular related data sharing services, in particular related to the use of data and the compliance with to the use of data and the compliance with the conditions imposed by data holders, it the conditions imposed by data subjects is necessary to create a Union-level and data holders, it is necessary to create a regulatory framework, which would set out Union-level regulatory framework, which highly harmonised requirements related to would set out highly harmonised the trustworthy provision of such data requirements related to the trustworthy, sharing services. This will contribute to open and non-discriminatory provision of ensuring that data holders and data users such data sharing services. This will have better control over the access to and contribute to ensuring that data subjects, use of their data, in accordance with Union data holders and data users have better law. Both in situations where data sharing control over the access to and use of their occurs in a business-to-business context data, in accordance with Union law. Both and where it occurs in a business-to- in situations where data sharing occurs in a consumer context, data sharing providers business-to-business context and where it should offer a novel, ‘European’ way of occurs in a business-to-consumer context, data governance, by providing a separation data sharing providers should offer a novel, in the data economy between data ‘European’ way of data governance, by provision, intermediation and use. providing a separation in the data economy Providers of data sharing services may also between data provision, intermediation and make available specific technical use. Providers of data sharing services may infrastructure for the interconnection of also make available specific technical data holders and data users. infrastructure for the interconnection between data subjects and data holders and data users.
Or. en
Amendment 203 David Cormand on behalf of the Greens/EFA Group
AM\1232072EN.docx 49/138 PE692.940v01-00 EN Proposal for a regulation Recital 26
Text proposed by the Commission Amendment
(26) A key element to bring trust and (26) A key element to bring trust and more control for data holder and data users more control for data holder and data users in data sharing services is the neutrality of in data sharing services is the neutrality of data sharing service providers as regards data sharing service providers as regards the data exchanged between data holders the data exchanged between data subjects and data users. It is therefore necessary that and data holders on the one hand and data data sharing service providers act only as users on the other. It is therefore necessary intermediaries in the transactions, and do that data sharing service providers act only not use the data exchanged for any other as intermediaries in the transactions, and purpose. This will also require structural do not use the data exchanged for any other separation between the data sharing service purpose. This will also require structural and any other services provided, so as to separation between the data sharing service avoid issues of conflict of interest. This and any other services provided, so as to means that the data sharing service should avoid issues of conflict of interest. This be provided through a legal entity that is means that the data sharing service should separate from the other activities of that be provided through a legal entity that is data sharing provider. Data sharing separate from the other activities of that providers that intermediate the exchange of data sharing provider. Where an actor data between individuals as data holders provides other data-related services, in and legal persons should, in addition, bear addition to data sharing services, the fiduciary duty towards the individuals, to pricing and terms of services for the data ensure that they act in the best interest of sharing service should not be influenced the data holders. by whether and to what degree a data holder or data user uses other data- related services from the same actor. Data sharing providers that intermediate the exchange of data between individuals as data subjects and legal persons as data users should, in addition, bear fiduciary duty towards the individuals, to ensure that they act in the best interest of the data subjects.
Or. en
Amendment 204 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Recital 33
PE692.940v01-00 50/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(33) The competent authorities (33) The competent authorities designated to monitor compliance of data designated to monitor compliance of data sharing services with the requirements in sharing services with the requirements in this Regulation should be chosen on the this Regulation should be chosen on the basis of their capacity and expertise basis of their proved capacity and expertise regarding horizontal or sectoral data regarding horizontal or sectoral data sharing, and they should be independent as sharing, and they should be independent as well as transparent and impartial in the well as transparent and impartial in the exercise of their tasks. Member States exercise of their tasks. Member States should notify the Commission of the should notify the Commission of the identity of the designated competent identity of the designated competent authorities. authorities.
Or. en
Amendment 205 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 35
Text proposed by the Commission Amendment
(35) There is a strong potential in the (35) There is a strong potential in the use of data made available voluntarily by use of data made available voluntarily by data subjects based on their consent or, data subjects based on their consent or, where it concerns non-personal data, made where it concerns non-personal data, made available by legal persons, for purposes of available by legal persons, for purposes of general interest. Such purposes would general interest. Such purposes would include healthcare, combating climate include healthcare, combating climate change, improving mobility, facilitating the change, improving mobility, facilitating the establishment of official statistics or establishment of official statistics or improving the provision of public services. improving the provision of public services. Support to scientific research, including for Support to scientific research, including for example technological development and example technological development and demonstration, fundamental research, demonstration, fundamental research, applied research and privately funded applied research and privately funded research, should be considered as well research, may also be considered as well purposes of general interest. This purposes of general interest. This Regulation aims at contributing to the Regulation aims at contributing to the emergence of pools of data made available emergence of pools of data made available on the basis of data altruism that have a on the basis of data altruism that have a sufficient size in order to enable data sufficient size in order to enable data
AM\1232072EN.docx 51/138 PE692.940v01-00 EN analytics and machine learning, including analytics and machine learning, including across borders in the Union. across borders in the Union.
Or. en
Amendment 206 Andrey Kovatchev
Proposal for a regulation Recital 36
Text proposed by the Commission Amendment
(36) Legal entities that seek to support (36) Legal entities that seek to support purposes of general interest by making purposes of general interest by making available relevant data based on data available relevant data based on data altruism at scale and meet certain altruism at scale and meet certain requirements, should be able to register as requirements, should be able to register as ‘Data Altruism Organisations recognised in ‘Data Altruism Organisations recognised in the Union’. This could lead to the the Union’. This could lead to the establishment of data repositories. As establishment of data repositories. As registration in a Member State would be registration in a Member State would be valid across the Union, and this should valid across the Union, and this should facilitate cross-border data use within the facilitate cross-border data use within the Union and the emergence of data pools Union and the emergence of data pools covering several Member States. Data covering several Member States. Data subjects in this respect would consent to subjects in this respect would consent to specific purposes of data processing, but specific purposes of data processing, but could also consent to data processing in could also consent to data processing in certain areas of research or parts of certain areas of research or parts of research projects as it is often not possible research projects as it is often not possible to fully identify the purpose of personal to fully identify the purpose of personal data processing for scientific research data processing for scientific research purposes at the time of data collection. purposes at the time of data collection. Legal persons could give permission to the Legal persons could give permission to the processing of their non-personal data for a processing of their non-personal data for a range of purposes not defined at the range of purposes not defined at the moment of giving the permission. The moment of giving the permission. The voluntary compliance of such registered voluntary compliance of such registered entities with a set of requirements should entities with a set of requirements should bring trust that the data made available on bring trust that the data made available on altruistic purposes is serving a general altruistic purposes is serving a general interest purpose. Such trust should result in interest purpose. Such trust should result in particular from a place of establishment particular from a place of establishment within the Union, as well as from the within the Union, as well as from the requirement that registered entities have a requirement that registered entities have a not-for-profit character, from transparency not-for-profit character, from transparency
PE692.940v01-00 52/138 AM\1232072EN.docx EN requirements and from specific safeguards requirements and from specific safeguards in place to protect rights and interests of in place to protect rights and interests of data subjects and companies. Further data subjects and companies. Further safeguards should include making it safeguards should include making it possible to process relevant data within a possible to process relevant data within a secure processing environment operated by secure processing environment operated by the registered entity, oversight mechanisms the registered entity, oversight mechanisms such as ethics councils or boards to ensure such as ethics councils or boards to ensure that the data controller maintains high that the data controller maintains high standards of scientific ethics, effective standards of scientific ethics, effective technical means to withdraw or modify technical means to withdraw or modify consent at any moment, based on the consent at any moment, based on the information obligations of data processors information obligations of data processors under Regulation (EU) 2016/679 as well as under Regulation (EU) 2016/679 as well as means for data subjects to stay informed means for data subjects to stay informed about the use of data they made available. about the use of data they made available. Registration as a recognised data altruism organisation should be a precondition for exercising data altruism activities. Additionally, the Commission should encourage and facilitate the development of self-regulatory codes of conduct at Union level, involving relevant stakeholders.
Or. en
Amendment 207 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Recital 36
Text proposed by the Commission Amendment
(36) Legal entities that seek to support (36) Legal entities that seek to support purposes of general interest by making purposes of general interest by making available relevant data based on data available relevant data based on data altruism at scale and meet certain altruism at scale and meet certain requirements, should be able to register as requirements, should be able to register as ‘Data Altruism Organisations recognised in ‘Data Altruism Organisations recognised in the Union’. This could lead to the the Union’. This could lead to the establishment of data repositories. As establishment of data repositories. As registration in a Member State would be registration in a Member State would be valid across the Union, and this should valid across the Union, and this should facilitate cross-border data use within the facilitate cross-border data use within the
AM\1232072EN.docx 53/138 PE692.940v01-00 EN Union and the emergence of data pools Union and the emergence of data pools covering several Member States. Data covering several Member States. Data subjects in this respect would consent to subjects in this respect would consent to specific purposes of data processing, but specific purposes of data processing, but could also consent to data processing in could also consent to data processing in certain areas of research or parts of certain areas of research or parts of research projects as it is often not possible research projects as it is often not possible to fully identify the purpose of personal to fully identify the purpose of personal data processing for scientific research data processing for scientific research purposes at the time of data collection. purposes at the time of data collection. Legal persons could give permission to the Legal persons could give permission to the processing of their non-personal data for a processing of their non-personal data for a range of purposes not defined at the range of purposes not defined at the moment of giving the permission. The moment of giving the permission. The voluntary compliance of such registered compliance of such registered entities with entities with a set of requirements should a set of requirements should bring trust that bring trust that the data made available on the data made available on altruistic altruistic purposes is serving a general purposes is serving a general interest interest purpose. Such trust should result in purpose. Such trust should result in particular from a place of establishment particular from a place of establishment within the Union, as well as from the within the Union, as well as from the requirement that registered entities have a requirement that registered entities have a not-for-profit character, from transparency not-for-profit character, from transparency requirements and from specific safeguards requirements and from specific safeguards in place to protect rights and interests of in place to protect rights and interests of data subjects and companies. Further data subjects and companies. Further safeguards should include making it safeguards should include making it possible to process relevant data within a possible to process relevant data within a secure processing environment operated by secure processing environment operated by the registered entity, oversight mechanisms the registered entity, oversight mechanisms such as ethics councils or boards to ensure such as ethics councils or boards to ensure that the data controller maintains high that the data controller maintains high standards of scientific ethics, effective standards of scientific ethics, effective technical means to withdraw or modify technical means to withdraw or modify consent at any moment, based on the consent at any moment, based on the information obligations of data processors information obligations of data processors under Regulation (EU) 2016/679 as well as under Regulation (EU) 2016/679 as well as means for data subjects to stay informed means for data subjects to stay informed about the use of data they made available. about the use of data they made available. Legal entities should ensure that misleading marketing practices are not used to solicit donations of data.
Or. en
Amendment 208 David Cormand
PE692.940v01-00 54/138 AM\1232072EN.docx EN on behalf of the Greens/EFA Group
Proposal for a regulation Recital 36
Text proposed by the Commission Amendment
(36) Legal entities that seek to support (36) Legal entities that seek to support purposes of general interest by making purposes of general interest by making available relevant data based on data available relevant data based on data altruism at scale and meet certain altruism at scale and meet certain requirements, should be able to register as requirements, should be able to register as ‘Data Altruism Organisations recognised ‘EU-registered Data Altruism in the Union’. This could lead to the Organisation'. This could lead to the establishment of data repositories. As establishment of data repositories. As registration in a Member State would be registration in a Member State would be valid across the Union, and this should valid across the Union, and this should facilitate cross-border data use within the facilitate cross-border data use within the Union and the emergence of data pools Union and the emergence of data pools covering several Member States. Data covering several Member States. Data subjects in this respect would consent to subjects in this respect would consent to specific purposes of data processing, but specific purposes of data processing, but could also consent to data processing in could also subsequently be asked for certain areas of research or parts of consent for data processing in certain areas research projects as it is often not possible of research or parts of research projects as to fully identify the purpose of personal it is often not possible to fully identify the data processing for scientific research purpose of personal data processing for purposes at the time of data collection. scientific research purposes at the time of Legal persons could give permission to the data collection. Legal persons could give processing of their non-personal data for a permission to the processing of their non- range of purposes not defined at the personal data for a range of purposes not moment of giving the permission. The defined at the moment of giving the voluntary compliance of such registered permission. The voluntary compliance of entities with a set of requirements should such registered entities with a set of bring trust that the data made available on requirements should bring trust that the altruistic purposes is serving a general data made available on altruistic purposes interest purpose. Such trust should result in is serving a general interest purpose. Such particular from a place of establishment trust should result in particular from a within the Union, as well as from the place of establishment within the Union, as requirement that registered entities have a well as from the requirement that not-for-profit character, from transparency registered entities have a not-for-profit requirements and from specific safeguards character, from transparency requirements in place to protect rights and interests of and from specific safeguards in place to data subjects and companies. Further protect rights and interests of data subjects safeguards should include making it and companies. Further safeguards should possible to process relevant data within a include making it possible to process secure processing environment operated by relevant data within a secure processing the registered entity, oversight mechanisms environment operated by the registered such as ethics councils or boards to ensure entity, oversight mechanisms such as ethics
AM\1232072EN.docx 55/138 PE692.940v01-00 EN that the data controller maintains high councils or boards to ensure that the data standards of scientific ethics, effective controller maintains high standards of technical means to withdraw or modify scientific ethics, effective technical means consent at any moment, based on the to withdraw or modify consent at any information obligations of data processors moment, based on the information under Regulation (EU) 2016/679 as well as obligations of data processors under means for data subjects to stay informed Regulation (EU) 2016/679 as well as about the use of data they made available. means for data subjects to stay informed about the use of data they made available.
Or. en
Amendment 209 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 37
Text proposed by the Commission Amendment
(37) This Regulation is without (37) This Regulation is without prejudice to the establishment, organisation prejudice to the establishment, organisation and functioning of entities that seek to and functioning of entities that seek to engage in data altruism pursuant to engage in data altruism pursuant to national law. It builds on national law national law. It builds on national law requirements to operate lawfully in a requirements to operate lawfully in a Member State as a not-for-profit Member State as a not-for-profit organisation. Entities which meet the organisation. Entities which meet the requirements in this Regulation should be requirements in this Regulation should be able to use the title of ‘Data Altruism able to use the title of ‘EU-registered Data Organisations recognised in the Union’. Altruism Organisations'.
Or. en
Amendment 210 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 38
Text proposed by the Commission Amendment
(38) Data Altruism Organisations (38) EU-registered Data Altruism
PE692.940v01-00 56/138 AM\1232072EN.docx EN recognised in the Union should be able to Organisations should be able to collect collect relevant data directly from natural relevant data directly from natural and and legal persons or to process data legal persons or to process data collected collected by others. Typically, data by others. Typically, data altruism would altruism would rely on consent of data rely on consent of data subjects in the subjects in the sense of Article 6(1)(a) and sense of Article 6(1)(a) and 9(2)(a) and in 9(2)(a) and in compliance with compliance with requirements for lawful requirements for lawful consent in consent in accordance with Article 7 of accordance with Article 7 of Regulation Regulation (EU) 2016/679. In accordance (EU) 2016/679. In accordance with with Regulation (EU) 2016/679, scientific Regulation (EU) 2016/679, scientific research purposes can be supported by research purposes can be supported by consent to certain areas of scientific consent to certain areas of scientific research when in keeping with recognised research when in keeping with recognised ethical standards for scientific research or ethical standards for scientific research or only to certain areas of research or parts of only to certain areas of research or parts of research projects. Article 5(1)(b) of research projects. Article 5(1)(b) of Regulation (EU) 2016/679 specifies that Regulation (EU) 2016/679 specifies that further processing for scientific or further processing for scientific or historical research purposes or statistical historical research purposes or statistical purposes should, in accordance with purposes should, in accordance with Article 89(1) of Regulation (EU) 2016/679, Article 89(1) of Regulation (EU) 2016/679, not be considered to be incompatible with not be considered to be incompatible with the initial purposes. the initial purposes.
Or. en
Amendment 211 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Recital 39
Text proposed by the Commission Amendment
(39) To bring additional legal certainty (39) To bring additional legal certainty to granting and withdrawing of consent, in to granting and withdrawing of consent, in particular in the context of scientific particular in the context of scientific research and statistical use of data made research and statistical use of data made available on an altruistic basis, a European available on an altruistic basis, a European data altruism consent form should be data altruism consent form should be developed and used in the context of developed and used in the context of altruistic data sharing. Such a form should altruistic data sharing. Such a form should contribute to additional transparency for contribute to additional transparency for data subjects that their data will be data subjects that their data will be accessed and used in accordance with their accessed and used in accordance with their
AM\1232072EN.docx 57/138 PE692.940v01-00 EN consent and also in full compliance with consent and also in full compliance with the data protection rules. It could also be the data protection rules. It could also be used to streamline data altruism performed used to streamline data altruism performed by companies and provide a mechanism by companies and provide a mechanism allowing such companies to withdraw their allowing such companies to withdraw their permission to use the data. In order to take permission to use the data at any moment into account the specificities of individual in time. Persons who decide to withdraw sectors, including from a data protection their consent shall be ensured that the perspective, there should be a possibility data for which they gave their consent is for sectoral adjustments of the European no longer used and that they have been data altruism consent form. removed from the projects for which they were used. In order to take into account the specificities of individual sectors, including from a data protection perspective, there should be a possibility for sectoral adjustments of the European data altruism consent form.
Or. en
Amendment 212 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Recital 40
Text proposed by the Commission Amendment
(40) In order to successfully implement (40) In order to successfully implement the data governance framework, a the data governance framework, a European Data Innovation Board should be European Data Innovation Board should be established, in the form of an expert group. established, in the form of an expert group. The Board should consist of The Board should consist of representatives of the Member States, the representatives of the Member States, the Commission and representatives of Commission and representatives of relevant data spaces and specific sectors relevant data spaces and specific sectors (such as health, agriculture, transport and (such as health, agriculture, transport and statistics). The European Data Protection statistics), standards-setting organisations, Board should be invited to appoint a academia and civil society, as appropriate. representative to the European Data The European Data Protection Board Innovation Board. should be invited to appoint a representative to the European Data Innovation Board.
Or. en
PE692.940v01-00 58/138 AM\1232072EN.docx EN Amendment 213 Anne-Sophie Pelletier
Proposal for a regulation Article 1 – paragraph 1 – point a
Text proposed by the Commission Amendment
(a) conditions for the re-use, within the (a) conditions for the re-use, within the Union, of certain categories of data held by Union, of certain categories of non- public sector bodies; personal data held by public sector bodies;
Or. en
Justification
Personal data is protected under Charter for Fundamental Rights, article 8, 'protection of personal data', and in the GDPR. We are only talking here about non-personal data.
Amendment 214 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 1 – paragraph 2
Text proposed by the Commission Amendment
(2) This Regulation is without (2) This Regulation is without prejudice to specific provisions in other prejudice to specific provisions in other Union legal acts regarding access to or re- Union legal acts regarding access to or re- use of certain categories of data, or use of certain categories of data, or requirements related to processing of requirements related to processing of personal or non-personal data. Where a personal or non-personal data. Where a sector-specific Union legal act requires sector-specific Union legal act requires public sector bodies, providers of data public sector bodies, providers of data sharing services or registered entities sharing services or registered entities providing data altruism services to comply providing data altruism services to comply with specific additional technical, with specific additional technical, administrative or organisational administrative or organisational requirements, including through an requirements, including through an authorisation or certification regime, those authorisation or certification regime, those provisions of that sector-specific Union provisions of that sector-specific Union legal act shall also apply. legal act shall also apply. Regulation (EU) 2016/679 applies to any form of further
AM\1232072EN.docx 59/138 PE692.940v01-00 EN use of data. In this respect, sensitive personal data shall not be re-used for security reasons.
Or. en
Amendment 215 Andrey Kovatchev
Proposal for a regulation Article 1 – paragraph 2
Text proposed by the Commission Amendment
(2) This Regulation is without (2) This Regulation is without prejudice to specific provisions in other prejudice to specific provisions in other Union legal acts regarding access to or re- Union legal acts or national law regarding use of certain categories of data, or access to or re-use of certain categories of requirements related to processing of data, or requirements related to processing personal or non-personal data. Where a of personal or non-personal data. Where a sector-specific Union legal act requires sector-specific Union legal act requires public sector bodies, providers of data public sector bodies, providers of data sharing services or registered entities sharing services or registered entities providing data altruism services to comply providing data altruism services to comply with specific additional technical, with specific additional technical, administrative or organisational administrative or organisational requirements, including through an requirements, including through an authorisation or certification regime, those authorisation or certification regime, those provisions of that sector-specific Union provisions of that sector-specific Union legal act shall also apply. legal act shall also apply.
Or. en
Amendment 216 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 1 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) Union law on the protection of personal data shall apply to any personal data processed in connection with this
PE692.940v01-00 60/138 AM\1232072EN.docx EN Regulation. In particular, this Regulation shall be without prejudice to Regulation (EU) 2016/679, Directive 2002/58/EC, and Regulation (EU) 2018/1725. In the event of conflict between the provisions of this Regulation and Union law on the protection of personal data, the latter prevails. This Regulation does not create a legal basis for the processing of personal data.
Or. en
Amendment 217 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 1 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) The re-use of employees’ personal data shall be prohibited. To this end, it must be ensured that public service data do not contain employees’ personal data, such as data about their mobility.
Or. en
Amendment 218 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 3 a (new)
Text proposed by the Commission Amendment
(3a) 'personal data' means personal data as defined in point (1) of Article 4 of Regulation (EU)2016/679;
Or. en
AM\1232072EN.docx 61/138 PE692.940v01-00 EN Amendment 219 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 3 b (new)
Text proposed by the Commission Amendment
(3b) ‘consent’ means consent as defined in point (11) of Article 4 of Regulation (EU) 2016/679;
Or. en
Amendment 220 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 3 c (new)
Text proposed by the Commission Amendment
(3c) 'data subject' means data subject as defined in point (1) of Article 4 of Regulation (EU) 2016/679;
Or. en
Amendment 221 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 3 d (new)
Text proposed by the Commission Amendment
(3d) 'processing’ means processing as defined in point (2) of Article 4 of Regulation (EU) 2016/679.
PE692.940v01-00 62/138 AM\1232072EN.docx EN Or. en
Amendment 222 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 4
Text proposed by the Commission Amendment
(4) ‘metadata’ means data collected deleted on any activity of a natural or legal person for the purposes of the provision of a data sharing service, including the date , time and geolocation data, duration of activity, connections to other natural or legal persons established by the person who uses the service;
Or. en
Amendment 223 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 7
Text proposed by the Commission Amendment
(7) ‘data sharing’ means the provision (7) ‘data sharing’ means the provision by a data holder of data to a data user for by a data holder of data to a data user for the purpose of joint or individual use of the the purpose of joint or individual use of the shared data, based on voluntary shared data, based on voluntary agreements, directly or through an agreements, or the sharing of data by a intermediary; data subject, based on their consent, directly or through an intermediary;
Or. en
Amendment 224 David Cormand
AM\1232072EN.docx 63/138 PE692.940v01-00 EN on behalf of the Greens/EFA Group
Proposal for a regulation Article 2 – paragraph 1 – point 10
Text proposed by the Commission Amendment
(10) ‘data altruism’ means the consent (10) ‘data altruism’ means voluntary by data subjects to process personal data data sharing by data holders, or the pertaining to them, or permissions of consent to data processing by a data other data holders to allow the use of their subject, without seeking or receiving a non-personal data without seeking a reward, for purposes of general interest, reward, for purposes of general interest, such as healthcare, combating climate such as scientific research purposes or change, improving mobility, facilitating improving public services; the establishment of official statistics, improving public services, or scientific research purposes
Or. en
Amendment 225 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 2 – paragraph 1 – point 10
Text proposed by the Commission Amendment
(10) ‘data altruism’ means the consent (10) ‘data altruism’ means the consent by data subjects to process personal data by data subjects to process personal data pertaining to them, or permissions of other pertaining to them, or permissions of other data holders to allow the use of their non- data holders to allow the use of their non- personal data without seeking a reward, for personal data without seeking a reward, for purposes of general interest, such as purposes of general interest, in accordance scientific research purposes or improving with the Union treaties and national public services; legislation, such as scientific research purposes or improving public services;
Or. en
Amendment 226 David Cormand on behalf of the Greens/EFA Group
PE692.940v01-00 64/138 AM\1232072EN.docx EN Proposal for a regulation Article 2 – paragraph 1 – point 14
Text proposed by the Commission Amendment
(14) ‘secure processing environment’ (14) ‘secure processing environment’ means the physical or virtual environment means the physical or virtual environment and organisational means to provide the and organisational means to provide the opportunity to re-use data in a manner that opportunity to re-use data in a manner that allows for the operator of the secure respects data subjects’ rights under processing environment to determine and Regulation (EU) 2016/679 as well as supervise all data processing actions, commercial and statistical confidentiality, including to display, storage, download, that ensures compliance with applicable export of the data and calculation of legislation, or that allows for the operator derivative data through computational of the secure processing environment to algorithms. determine and supervise all data processing actions, including to display, storage, download, export of the data and calculation of derivative data through computational algorithms.
Or. en
Amendment 227 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 3 – paragraph 2 – point e a (new)
Text proposed by the Commission Amendment
(ea) data processed in the context of employment;
Or. en
Amendment 228 Anne-Sophie Pelletier
Proposal for a regulation Article 3 – paragraph 2 – point e a (new)
AM\1232072EN.docx 65/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(ea) personal health data;
Or. en
Justification
On the grounds of Fundamental rights article 3 part C, right of the integrity of the person: (c) the prohibition on making the human body and its parts as such a source of financial gain;
Amendment 229 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 3 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) The Commission shall ensure that this Regulation does not undermine the provisions of the General Data Protection Regulation.
Or. en
Amendment 230 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 3 – paragraph 3 a (new)
Text proposed by the Commission Amendment
(3a) Where anonymisation, aggregation, or other techniques can be applied so that the protections under paragraph 1 no longer apply, public sector bodies shall make available the data for re-use as mandated by Directive (EU) 2019/1024, without prejudice to Article 5.
PE692.940v01-00 66/138 AM\1232072EN.docx EN Or. en
Amendment 231 Andrey Kovatchev
Proposal for a regulation Article 4 – paragraph 1
Text proposed by the Commission Amendment
(1) Agreements or other practices (1) Agreements or other practices pertaining to the re-use of data held by pertaining to the re-use of data held by public sector bodies containing categories public sector bodies containing categories of data referred to in Article 3 (1) which of data referred to in Article 3 (1) which grant exclusive rights or which have as grant exclusive rights or which have as their object or effect to grant such their object or effect to grant such exclusive rights or to restrict the exclusive rights or to restrict the availability of data for re-use by entities availability of data for re-use by entities other than the parties to such agreements or other than the parties to such agreements or other practices shall be prohibited. other practices shall be prohibited. Agreements or other practices, which restrict the re-use of data which has been licensed or otherwise provided to a public sector body by a commercial data holder, are not subject to this Article.
Or. en
Amendment 232 Virginie Joron
Proposal for a regulation Article 4 – paragraph 1 a (new)
Text proposed by the Commission Amendment
(1a) In order to foster the development of local and European data market players in a sector monopolised by global giants, a public-sector body may require a company that has exceeded the thresholds laid down in the forthcoming legislation on digital services and digital markets to outsource at least 51% of the jobs concerned to a local company as a
AM\1232072EN.docx 67/138 PE692.940v01-00 EN condition of access to its public data.
Or. fr
Amendment 233 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 4 – paragraph 2
Text proposed by the Commission Amendment
(2) By way of derogation from (2) By way of derogation from paragraph 1, an exclusive right to re-use paragraph 1, an exclusive right to re-use data referred to in that paragraph may be data referred to in that paragraph may be granted to the extent necessary for the granted to the extent necessary for the provision of a service or a product in the provision of a service or a product in the general interest. general interest, defined and justified why it is of general interest.
Or. en
Amendment 234 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 4 – paragraph 3
Text proposed by the Commission Amendment
(3) Such exclusive right shall be (3) Such exclusive right shall be granted in the context of a relevant service granted in the context of a relevant service or concession contract in compliance with or concession contract in compliance with applicable Union and national public applicable Union and national public procurement and concession award rules, procurement and concession award rules, or, in the case of a contract of a value for or, in the case of a contract of a value for which neither Union nor national public which neither Union nor national public procurement and concession award rules procurement and concession award rules are applicable, in compliance with the are applicable, in compliance with the principles of transparency, equal treatment principles of transparency, equal treatment and non-discrimination on grounds of and non-discrimination on grounds of nationality. nationality vis-à-vis any European Union company. A company which does not process public data in the European
PE692.940v01-00 68/138 AM\1232072EN.docx EN Union and takes advantage of tax havens may not request access to the public data of a Member State.
Or. fr
Amendment 235 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 4 – paragraph 4
Text proposed by the Commission Amendment
(4) In all cases not covered by (4) In all cases not covered by paragraph 3 and where the general interest paragraph 3 and where the general interest purpose cannot be fulfilled without purpose cannot be fulfilled without granting an exclusive right, the principles granting an exclusive right, the principles of transparency, equal treatment and non- of transparency, equal treatment and non- discrimination on grounds of nationality discrimination on grounds of nationality shall apply. shall apply vis-à-vis any European Union company. A company which does not process public data in the European Union and takes advantage of tax havens may not request access to the public data of a Member State.
Or. fr
Amendment 236 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 4 – paragraph 4 a (new)
Text proposed by the Commission Amendment
(4a) A company which does not process public data in the European Union and takes advantage of tax havens may not require a Member State or a European Union body to grant it access to public data.
Or. fr
AM\1232072EN.docx 69/138 PE692.940v01-00 EN Amendment 237 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 4 – paragraph 4 b (new)
Text proposed by the Commission Amendment
(4b) The contracting authority may, in particular, invite the domestic operators who submit the highest bids to fall into line with the price offered by the foreign tenderer (and, if the first domestic operator refuses, it may turn to the second and then the third domestic operator in the ranking of tenderers), thereby creating an incentive for the operator wishing to win the contract to adjust its price.
Or. fr
Amendment 238 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 4 – paragraph 5
Text proposed by the Commission Amendment
(5) The period of exclusivity of the (5) The period of exclusivity of the right to re-use data shall not exceed three right to re-use data shall not exceed two years. Where a contract is concluded, the years. Where a contract is concluded, the duration of the contract awarded shall be as duration of the contract awarded shall be as aligned with the period of exclusivity. aligned with the period of exclusivity.
Or. en
Amendment 239 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
PE692.940v01-00 70/138 AM\1232072EN.docx EN Proposal for a regulation Article 4 – paragraph 7
Text proposed by the Commission Amendment
(7) Agreements or other practices (7) Agreements or other practices falling within the scope of the prohibition falling within the scope of the prohibition in paragraph 1, which do not meet the in paragraph 1, which do not meet the conditions set out in paragraph 2, and conditions set out in paragraph 2, and which were concluded before the date of which were concluded before the date of entry into force of this Regulation shall be entry into force of this Regulation shall be terminated at the end of the contract and in terminated at the end of the contract and in any event at the latest within three years any event at the latest within two years after the date of entry into force of this after the date of entry into force of this Regulation. Regulation.
Or. en
Amendment 240 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 5 – paragraph 1
Text proposed by the Commission Amendment
(1) Public sector bodies which are (1) Public sector bodies which are competent under national law to grant or competent under national law to grant or refuse access for the re-use of one or more refuse justified access for the re-use of one of the categories of data referred to in or more of the categories of data referred to Article 3 (1) shall make publicly available in Article 3 (1) shall make publicly the conditions for allowing such re-use. In available the conditions for allowing such that task, they may be assisted by the re-use. In that task, they may be assisted by competent bodies referred to in Article 7 the competent bodies referred to in Article (1). 7 (1).
Or. en
Amendment 241 Anne-Sophie Pelletier
Proposal for a regulation Article 5 – paragraph 2
AM\1232072EN.docx 71/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(2) Conditions for re-use shall be non- (2) Conditions for re-use shall be non- discriminatory, proportionate and discriminatory, proportionate and objectively justified with regard to objectively justified with regard to categories of data and purposes of re-use categories of data and purposes of re-use and the nature of the data for which re-use and the nature of the data for which re-use is allowed. These conditions shall not be is allowed. Consent shall be given used to restrict competition. specifically for the intended re-use task only, general consent shall not be requested in advance. These conditions shall not be used to restrict competition.
Or. en
Amendment 242 Anne-Sophie Pelletier
Proposal for a regulation Article 5 – paragraph 2
Text proposed by the Commission Amendment
(2) Conditions for re-use shall be non- (2) Conditions for re-use shall be based discriminatory, proportionate and on consent by the rights holder, non- objectively justified with regard to discriminatory, proportionate and categories of data and purposes of re-use objectively justified with regard to and the nature of the data for which re-use categories of data and purposes of re-use is allowed. These conditions shall not be and the nature of the data for which re-use used to restrict competition. is allowed. These conditions shall not be used to restrict competition.
Or. en
Amendment 243 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 5 – paragraph 2
Text proposed by the Commission Amendment
(2) Conditions for re-use shall be non- (2) Conditions for re-use shall be
PE692.940v01-00 72/138 AM\1232072EN.docx EN discriminatory, proportionate and lawful, clearly indicated, non- objectively justified with regard to discriminatory, proportionate and categories of data and purposes of re-use objectively justified with regard to and the nature of the data for which re-use categories of data and purposes of re-use is allowed. These conditions shall not be and the nature of the data for which re-use used to restrict competition. is allowed. These conditions shall not be used to restrict competition.
Or. en
Amendment 244 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 5 – paragraph 3
Text proposed by the Commission Amendment
(3) Public sector bodies may impose an (3) Public sector bodies shall impose obligation to re-use only pre-processed an obligation to re-use only pre-processed data where such pre-processing aims to data and an obligation that data anonymize or pseudonymise personal data containing trade secrets is processed or delete commercially confidential accordingly. They shall ensure that information, including trade secrets. companies do not have direct access to protected data and consequently cannot carry out anonymization of this data.
Or. en
Amendment 245 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 3
Text proposed by the Commission Amendment
(3) Public sector bodies may impose an (3) Where feasible and proportionate, obligation to re-use only pre-processed public sector bodies shall impose an data where such pre-processing aims to obligation to re-use only pre-processed anonymize or pseudonymise personal data data where such pre-processing serves to or delete commercially confidential anonymise or pseudonymise personal data or delete commercially confidential
AM\1232072EN.docx 73/138 PE692.940v01-00 EN information, including trade secrets. information, including trade secrets.
Or. en
Amendment 246 Andrey Kovatchev
Proposal for a regulation Article 5 – paragraph 3 a (new)
Text proposed by the Commission Amendment
(3a) Public sector bodies shall implement appropriate technical and contractual measures to ensure that access to and use of data by the data users comply with the conditions set out by the data holder.
Or. en
Amendment 247Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 5 – paragraph 4 – introductory part
Text proposed by the Commission Amendment
(4) Public sector bodies may impose (4) Public sector bodies shall impose obligations obligations
Or. en
Amendment 248 Andrey Kovatchev
Proposal for a regulation Article 5 – paragraph 4 – introductory part
Text proposed by the Commission Amendment
(4) Public sector bodies may impose (4) Public sector bodies may impose
PE692.940v01-00 74/138 AM\1232072EN.docx EN obligations obligations in duly justified cases
Or. en
Amendment 249 Andrey Kovatchev
Proposal for a regulation Article 5 – paragraph 4 – point a
Text proposed by the Commission Amendment
(a) to access and re-use the data within (a) to access and re-use the data a secure processing environment provided remotely within a secure processing and controlled by the public sector ; environment provided and controlled by the public sector ;
Or. en
Amendment 250 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 5 – paragraph 4 – point b
Text proposed by the Commission Amendment
(b) to access and re-use the data within (b) to access and re-use the data within the physical premises in which the secure the physical premises in which the secure processing environment is located, if processing environment is located, in remote access cannot be allowed without accordance with high security standards jeopardising the rights and interests of to be established and continuously third parties. monitored.
Or. en
Amendment 251 Andrey Kovatchev
Proposal for a regulation Article 5 – paragraph 5
AM\1232072EN.docx 75/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(5) The public sector bodies shall (5) The public sector bodies shall impose conditions that preserve the impose conditions that preserve the integrity of the functioning of the technical integrity of the functioning of the technical systems of the secure processing systems of the secure processing environment used. The public sector body environment used in line with the latest shall be able to verify any results of technical cybersecurity standards. The processing of data undertaken by the re- public sector body shall be able to verify user and reserve the right to prohibit the any results of processing of data use of results that contain information undertaken by the re-user and reserve the jeopardising the rights and interests of third right to prohibit the use of results that parties. contain information jeopardising the rights and interests of third parties. A public sector body shall not make commercially confidential data available for re-use unless it is able to do so in a manner, which protects the legitimate commercial interests of third parties related to commercially confidential data. Public sector bodies shall be equipped with the necessary human and financial resources for monitoring and law enforcement.
Or. en
Amendment 252 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 5 – paragraph 5
Text proposed by the Commission Amendment
(5) The public sector bodies shall (5) The public sector bodies shall impose conditions that preserve the impose conditions that preserve the integrity of the functioning of the technical integrity of the functioning of the technical systems of the secure processing systems of the secure processing environment used. The public sector body environment used. The public sector body shall be able to verify any results of shall be able to verify the means and any processing of data undertaken by the re- results of processing of data undertaken by user and reserve the right to prohibit the the re-user and reserve the right to prohibit use of results that contain information the use of results that contain information jeopardising the rights and interests of third jeopardising the rights and interests of third parties. To this end, the public sector
PE692.940v01-00 76/138 AM\1232072EN.docx EN parties. bodies shall be equipped with the necessary human and financial resources for monitoring and law enforcement.
Or. en
Amendment 253 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 5 a (new)
Text proposed by the Commission Amendment
(5a) Public sector bodies shall apply technical means to prevent re-users from identifying any data subject and shall require re-users to continuously assess the risk of identification and de- anonymisation, and to report to the public sector body concerned, in particular where any data breach has resulted in identification of an individual, breaches of the confidentiality, the integrity, or the security of the data have occurred, notwithstanding any reporting obligations under Union law.
Or. en
Amendment 254 Kosma Złotowski
Proposal for a regulation Article 5 – paragraph 5 a (new)
Text proposed by the Commission Amendment
(5a) Conditions for re-use shall be uniformly applied across Member States. The European Data Innovation Board shall support competent authorities and ensure harmonisation, coordination and
AM\1232072EN.docx 77/138 PE692.940v01-00 EN consistent practice.
Or. en
Amendment 255 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 5 b (new)
Text proposed by the Commission Amendment
(5b) In the case of anonymised data, public sector bodies shall make a data protection impact assessment prior to granting access to the data. Where it can be reasonably assumed that, or where an impact assessment indicates that the processing or subsequent combination of data could lead to identification or de- anonymisation, the public sector body shall not allow access to, or re-use of the data.
Or. en
Amendment 256 Kosma Złotowski
Proposal for a regulation Article 5 – paragraph 6
Text proposed by the Commission Amendment
(6) Where the re-use of data cannot be deleted granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is no other legal basis for transmitting the data under Regulation (EU) 2016/679, the public sector body shall support re-users in seeking consent of the data subjects and/or permission from the legal entities whose rights and interests may be affected by such re-use,
PE692.940v01-00 78/138 AM\1232072EN.docx EN where it is feasible without disproportionate cost for the public sector. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Or. en
Justification
The proposed form of seeking consent is debatable. Moreover, in practice the costs of reaching to affected persons could be too high in relation to the potential gains.
Amendment 257 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 6
Text proposed by the Commission Amendment
(6) Where the re-use of data cannot be (6) Where the re-use of personal data granted in accordance with the obligations cannot be granted in accordance with the laid down in paragraphs 3 to 5 and there is obligations laid down in paragraphs 3 to 5 no other legal basis for transmitting the and there is no other legal basis for data under Regulation (EU) 2016/679, the transmitting the data under Regulation(EU) public sector body shall support re-users in 2016/679, the public sector body shall seeking consent of the data subjects and/or support entities requesting re-use in permission from the legal entities whose seeking valid consent of the data subjects, rights and interests may be affected by insofar as a legal basis exists for the such re-use, where it is feasible without public sector body to collect this consent, disproportionate cost for the public sector. and/or in seeking permission from the In that task they may be assisted by the data holders whose rights and interests competent bodies referred to in Article 7 may be affected by such re-use, where it is (1). feasible without disproportionate cost for the public sector, and where there is no reason to believe that the combination of non-personal data sets would lead to the identification of data subjects. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Or. en
AM\1232072EN.docx 79/138 PE692.940v01-00 EN Amendment 258 Anne-Sophie Pelletier
Proposal for a regulation Article 5 – paragraph 6
Text proposed by the Commission Amendment
(6) Where the re-use of data cannot be (6) Where the re-use of data cannot be granted in accordance with the obligations granted in accordance with the obligations laid down in paragraphs 3 to 5 and there is laid down in paragraphs 2 to 5 and there is no other legal basis for transmitting the no other legal basis for transmitting the data under Regulation (EU) 2016/679, the data under Regulation (EU) 2016/679, the public sector body shall support re-users in public sector body shall support re-users in seeking consent of the data subjects and/or seeking consent of the data subjects and/or permission from the legal entities whose permission from the legal entities whose rights and interests may be affected by rights and interests may be affected by such re-use, where it is feasible without such re-use, where it is feasible without disproportionate cost for the public sector. disproportionate cost for the public sector. In that task they may be assisted by the In that task they may be assisted by the competent bodies referred to in Article 7 competent bodies referred to in Article 7 (1). (1).
Or. en
Amendment 259 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 6 a (new)
Text proposed by the Commission Amendment
(6a) Where public sector bodies make personal data available for re-use pursuant to this Article, they shall inform data subjects accordingly of this re-use and of their rights. The public sector body shall support data subjects in exercising their rights, including in relation to any re-users. In that task they may be assisted by the competent bodies referred to in Article 7 (1).
Or. en
PE692.940v01-00 80/138 AM\1232072EN.docx EN Amendment 260 Andrey Kovatchev
Proposal for a regulation Article 5 – paragraph 9 – introductory part
Text proposed by the Commission Amendment
(9) The Commission may adopt (9) When duly justified by a implementing acts declaring that the legal, substantial number of cases across the supervisory and enforcement arrangements Union concerning the re-use of non- of a third country: personal data in specific third countries, the Commission may adopt implementing acts declaring that the legal, supervisory and enforcement arrangements of a third country:
Or. en
Amendment 261 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 9 – introductory part
Text proposed by the Commission Amendment
(9) The Commission may adopt (9) The Commission may adopt implementing acts declaring that the legal, implementing acts declaring that the legal, supervisory and enforcement arrangements supervisory and enforcement arrangements of a third country: of a third country without prejudice to Article 45 of Regulation (EU) 2016/679:
Or. en
Amendment 262 Anne-Sophie Pelletier
Proposal for a regulation Article 5 – paragraph 10 – point b a (new)
AM\1232072EN.docx 81/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(ba) To establish an office in the Member State in which the data was generated in order to be accessible for redress by the data holder;
Or. en
Amendment 263 Kosma Złotowski
Proposal for a regulation Article 5 – paragraph 11
Text proposed by the Commission Amendment
(11) Where specific Union acts adopted (11) Where specific Union acts adopted in accordance with a legislative procedure in accordance with a legislative procedure establish that certain non-personal data establish that certain non-personal data categories held by public sector bodies categories held by public sector bodies shall be deemed to be highly sensitive for shall be deemed to be highly sensitive for the purposes of this Article, the the purposes of this Article, implementing Commission shall be empowered to adopt powers should be conferred on the delegated acts in accordance with Article Commission as regards laying down 28 supplementing this Regulation by special conditions applicable for transfers laying down special conditions applicable to third-countries. The conditions for the for transfers to third-countries. The transfer to third-countries shall be based on conditions for the transfer to third- the nature of data categories identified in countries shall be based on the nature of the Union act and on the grounds for data categories identified in the Union act deeming them highly sensitive, non- and on the grounds for deeming them discriminatory and limited to what is highly sensitive, non-discriminatory and necessary to achieve the public policy limited to what is necessary to achieve the objectives identified in the Union law act, public policy objectives identified in the such as safety and public health, as well as Union law act, such as safety and public risks of re-identification of anonymized health, as well as risks of re-identification data for data subjects, in accordance with of anonymized data for data subjects, in the Union’s international obligations. They accordance with the Union’s international may include terms applicable for the obligations. They may include terms transfer or technical arrangements in this applicable for the transfer or technical regard, limitations as regards the re-use of arrangements in this regard, limitations as data in third-countries or categories of regards the re-use of data in third-countries persons which are entitled to transfer such or categories of persons which are entitled data to third countries or, in exceptional to transfer such data to third countries or, cases, restrictions as regards transfers to in exceptional cases, restrictions as regards third-countries. The implementing powers
PE692.940v01-00 82/138 AM\1232072EN.docx EN transfers to third-countries. should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council.
Or. en
Amendment 264 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 5 – paragraph 13
Text proposed by the Commission Amendment
(13) Where the re-user intends to (13) Where the re-user intends to transfer non-personal data to a third transfer non-personal data to a third country, the public sector body shall country, the public sector body shall inform the data holder about the transfer of inform the data holder about the transfer of data to that third country. data to that third country. Data should be treated as personal if there is a foreseeable risk that the re-user may be re-identified.
Or. en
Amendment 265 David Cormand, Kim Van Sparrentak on behalf of the Greens/EFA Group
Proposal for a regulation Article 6 – paragraph 1
Text proposed by the Commission Amendment
(1) Public sector bodies which allow (1) Public sector bodies which allow re-use of the categories of data referred to re-use of the categories of data referred to in Article 3 (1) may charge fees for in Article 3 (1) may charge cost-based fees allowing the re-use of such data. for allowing the re-use of such data.
Or. en
AM\1232072EN.docx 83/138 PE692.940v01-00 EN Amendment 266 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 6 – paragraph 2
Text proposed by the Commission Amendment
(2) Any fees shall be non- (2) Any fees shall be non- discriminatory, proportionate and discriminatory, proportionate and objectively justified and shall not restrict objectively justified and shall not restrict competition. competition, cover the costs of monitoring and enforcement. They shall not create incentives to sell or lower the protection of sensitive data.
Or. en
Amendment 267 David Cormand, Kim Van Sparrentak on behalf of the Greens/EFA Group
Proposal for a regulation Article 6 – paragraph 2
Text proposed by the Commission Amendment
(2) Any fees shall be non- (2) Any fees shall be non- discriminatory, proportionate and discriminatory, proportionate and objectively justified and shall not restrict objectively justified and shall not restrict competition. competition or inhibit use of data for the general interest.
Or. en
Amendment 268 Kosma Złotowski
Proposal for a regulation Article 6 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) Any fees shall be reasonable,
PE692.940v01-00 84/138 AM\1232072EN.docx EN proportionate and shall not exceed marginal costs in line with Directive (EU) 2019/1024.
Or. en
Amendment 269 David Cormand, Kim Van Sparrentak on behalf of the Greens/EFA Group
Proposal for a regulation Article 6 – paragraph 4
Text proposed by the Commission Amendment
(4) Where they apply fees, public (4) Where they apply fees, public sector bodies shall take measures to sector bodies shall take measures to incentivise the re-use of the categories of facilitate the re-use of the categories of data referred to in Article 3 (1) for non- data referred to in Article 3 (1) for non- commercial purposes and by small and commercial purposes and by small and medium-sized enterprises in line with State medium-sized enterprises in line with State aid rules. aid rules.
Or. en
Amendment 270 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 6 – paragraph 4 a (new)
Text proposed by the Commission Amendment
(4a) Public-sector bodies may set thresholds in the calculation in order to foster re-use of data and innovation while securing a greater contribution from global digital actors.
Or. fr
Justification
In keeping with the approach taken in the DMA and DSA, the same constraints cannot be applied to the giants in the sector and others below the thresholds.
AM\1232072EN.docx 85/138 PE692.940v01-00 EN Amendment 271 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 6 – paragraph 5
Text proposed by the Commission Amendment
(5) Fees shall be derived from the costs (5) Fees shall be derived from the costs related to the processing of requests for re- related to the production of the data, to use of the categories of data referred to in the processing of requests for re-use of the Article 3 (1). The methodology for categories of data referred to in Article 3 calculating fees shall be published in (1) and a percentage of the profits advance. generated through the commercial re-use of the data. The methodology for calculating fees shall be published in advance.
Or. fr
Amendment 272 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 6 – paragraph 5 a (new)
Text proposed by the Commission Amendment
(5a) The Member State may use the cost of producing the data to establish a fair fee to offset the initial or recurrent public investment. The European Union shall use the fees to cover the sums it has invested to produce these data.
Or. fr
Justification
The process of obtaining some public data necessitated a high level of public investment (e.g. observation satellites). It is only right that companies located in third countries should not be able to use such data free of charge.
PE692.940v01-00 86/138 AM\1232072EN.docx EN Amendment 273 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 6 – paragraph 5 b (new)
Text proposed by the Commission Amendment
(5b) In making the calculation, the Member State may take account of the way the data are used and the company’s tax contribution in order to reduce the fee.
Or. fr
Justification
The process of obtaining some public data necessitated a high level of public investment (e.g. observation satellites). It is only right that companies located in third countries or taking advantage of tax havens should not be able to benefit free of charge, when other companies would have financed the public investment through their tax contributions.
Amendment 274 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 7 – paragraph 1
Text proposed by the Commission Amendment
(1) Member States shall designate one (1) In order to carry out the tasks or more competent bodies, which may be listed in this article, Member States shall sectoral, to support the public sector bodies designate one or more competent bodies, which grant access to the re-use of the which may be sectoral, to support the categories of data referred to in Article 3 public sector bodies which grant access to (1) in the exercise of that task. the re-use of the categories of data referred to in Article 3 (1) in the exercise of that task.
Or. en
Amendment 275 David Cormand
AM\1232072EN.docx 87/138 PE692.940v01-00 EN on behalf of the Greens/EFA Group
Proposal for a regulation Article 7 – paragraph 2 – point a
Text proposed by the Commission Amendment
(a) providing technical support by (a) providing technical support to making available a secure processing ensure a secure processing environment environment for providing access for the for providing access for the re-use of data; re-use of data;
Or. en
Amendment 276 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 7 – paragraph 2 – point c
Text proposed by the Commission Amendment
(c) assisting the public sector bodies, (c) assisting the public sector bodies to where relevant, in obtaining consent or support re-users in obtaining consent for permission by re-users for re-use for re-use of personal data, or permission altruistic and other purposes in line with from data holders in line with their specific decisions of data holders, specific decisions, including on the including on the jurisdiction or jurisdiction or jurisdictions in which the jurisdictions in which the data processing data processing is intended to take place; is intended to take place;
Or. en
Amendment 277 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 7 – paragraph 4
Text proposed by the Commission Amendment
(4) The competent body or bodies shall (4) The competent body or bodies shall have adequate legal and technical have adequate human resources as well as
PE692.940v01-00 88/138 AM\1232072EN.docx EN capacities and expertise to be able to legal and technical capacities and expertise comply with relevant Union or national to be able to comply with relevant Union law concerning the access regimes for the or national law concerning the access categories of data referred to in Article 3 regimes for the categories of data referred (1). to in Article 3 (1), so that data protection, privacy and confidentiality are fully respected. The competences and resources of the competent body or bodies shall prohibit unjustified outsourcing.
Or. en
Amendment 278 Andrey Kovatchev
Proposal for a regulation Article 7 – paragraph 4
Text proposed by the Commission Amendment
(4) The competent body or bodies shall (4) The competent body or bodies shall have adequate legal and technical have adequate legal and technical capacities and expertise to be able to capacities and expertise to be able to comply with relevant Union or national comply with relevant Union or national law concerning the access regimes for the law concerning the access regimes for the categories of data referred to in Article 3 categories of data referred to in Article 3 (1). (1). The competent body or bodies should be equipped with the necessary human and financial resources to carry out their duties in effective and efficient way.
Or. en
Amendment 279 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 7 – paragraph 5
Text proposed by the Commission Amendment
(5) The Member States shall (5) The Member States shall communicate to the Commission the communicate to the Commission the identity of the competent bodies designated identity of the competent bodies designated
AM\1232072EN.docx 89/138 PE692.940v01-00 EN pursuant to paragraph 1 by [date of pursuant to paragraph 1 by [date of application of this Regulation]. They shall application of this Regulation]. They shall also communicate to the Commission any also communicate to the Commission any subsequent modification of the identity of subsequent modification of the identity of those bodies. those bodies within three days after the modification.
Or. en
Amendment 280 Kosma Złotowski
Proposal for a regulation Article 8 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) The single information point may develop additional services regarding data access and data sharing, including information on data re-use requests under Directive (EU) 2019/1024.
Or. en
Amendment 281 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 8 – paragraph 3
Text proposed by the Commission Amendment
(3) Requests for the re-use of the (3) Requests for the re-use of the categories of data referred to in Article 3 categories of data referred to in Article 3 (1) shall be granted or refused by the (1) shall be granted or refused by the competent public sector bodies or the competent public sector bodies or the competent bodies referred to in Article 7 competent bodies referred to in Article 7 (1) within a reasonable time, and in any (1) within two months from the date of the case within two months from the date of request. the request.
Or. en
PE692.940v01-00 90/138 AM\1232072EN.docx EN Amendment 282 Kosma Złotowski
Proposal for a regulation Article 8 – paragraph 3
Text proposed by the Commission Amendment
(3) Requests for the re-use of the (3) Requests for the re-use of the categories of data referred to in Article 3 categories of data referred to in Article 3 (1) shall be granted or refused by the (1) shall be granted or refused by the competent public sector bodies or the competent public sector bodies or the competent bodies referred to in Article 7 competent bodies referred to in Article 7 (1) within a reasonable time, and in any (1) within a reasonable time, and in any case within two months from the date of case within three months from the date of the request. the request.
Or. en
Amendment 283 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 9 – paragraph 1 – point a
Text proposed by the Commission Amendment
(a) intermediation services between (a) intermediation services whose sole data holders which are legal persons and purpose is to facilitate data sharing potential data users, including making between data holders which are legal available the technical or other means to persons and potential data users, including enable such services; those services may making available the technical or other include bilateral or multilateral exchanges means to enable such services; those of data or the creation of platforms or services may include bilateral or databases enabling the exchange or joint multilateral exchanges of data or the exploitation of data, as well as the creation of platforms or databases enabling establishment of a specific infrastructure the exchange or joint use of data, as well as for the interconnection of data holders and the establishment of a specific data users; infrastructure for the interconnection of data holders and data users;
Or. en
AM\1232072EN.docx 91/138 PE692.940v01-00 EN Amendment 284 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 9 – paragraph 1 – point b
Text proposed by the Commission Amendment
(b) intermediation services between (b) intermediation services between data subjects that seek to make their data subjects that seek to make their personal data available and potential data personal data available and potential data users, including making available the users, including making available the technical or other means to enable such technical or other means to enable such services, in the exercise of the rights services, in the exercise of the rights provided in Regulation (EU) 2016/679; provided in Regulation (EU) 2016/679. The data sharing services shall not themselves process the personal data, but shall only allow data subjects to give consent to specific data users to allow the processing of personal data pertaining to them for specific purposes;
Or. en
Amendment 285 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 9 – paragraph 1 – point c
Text proposed by the Commission Amendment
(c) services of data cooperatives, that (c) data cooperatives, namely services is to say services supporting data subjects that enable data subjects to exercise the or one-person companies or micro, small rights provided for in Regulation (EU) and medium-sized enterprises, who are 2016/679, such as by negotiating terms members of the cooperative or who confer and conditions for data processing before the power to the cooperative to negotiate they freely consent, by providing support terms and conditions for data processing to enable the making of informed choices before they consent, in making informed before consenting to data processing, and choices before consenting to data by allowing for mechanisms to exchange processing, and allowing for mechanisms views on data processing purposes and to exchange views on data processing conditions that would best represent the purposes and conditions that would best interests of data subjects or legal persons, represent the interests of data subjects or or which enable small and medium-sized
PE692.940v01-00 92/138 AM\1232072EN.docx EN legal persons. enterprises, not-for-profit or academic institutions, to collectively negotiate terms for sharing non-personal data.
Or. en
Amendment 286 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 9 – paragraph 2
Text proposed by the Commission Amendment
(2) This Chapter shall be without (2) This Regulation shall be without prejudice to the application of other Union prejudice to the application of other Union and national law to providers of data and national law to providers of data sharing services, including powers of sharing services, including powers of supervisory authorities to ensure supervisory authorities to ensure compliance with applicable law, in compliance with applicable law, in particular as regard the protection of particular as regard the protection of personal data and competition law. personal data and competition law.
Or. en
Amendment 287 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 9 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) The Commission shall develop a mandatory certification system for data intermediaries in order to limit the risks associated with the central role of data intermediaries and thus increase trust in these organisations and their activities.
Or. en
AM\1232072EN.docx 93/138 PE692.940v01-00 EN Amendment 288 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 1
Text proposed by the Commission Amendment
(1) Any provider of data sharing (1) Any provider of data sharing services who intends to provide the services who intends to provide the services referred to in Article 9 (1) shall services referred to in Article 9 (1) shall submit a notification to the competent submit a notification to the competent authority referred to in Article 12. authority referred to in Article 12 at least ten days prior to starting its activity.
Or. en
Amendment 289 Anne-Sophie Pelletier
Proposal for a regulation Article 10 – paragraph 3
Text proposed by the Commission Amendment
(3) A provider of data sharing services (3) A provider of data sharing services that is not established in the Union, but that is not established in the Union, but offers the services referred to in Article 9 offers the services referred to in Article 9 (1) within the Union, shall appoint a legal (1) within the Union, shall appoint a legal representative in one of the Member States representative in one of the Member States in which those services are offered. The in which those services are offered and provider shall be deemed to be under the shall be required to house EU citizens’ jurisdiction of the Member State in which data on EU territory. The provider shall be the legal representative is established. deemed to be under the jurisdiction of the Member State in which the legal representative is established.
Or. fr
Amendment 290 David Cormand on behalf of the Greens/EFA Group
PE692.940v01-00 94/138 AM\1232072EN.docx EN Proposal for a regulation Article 10 – paragraph 3
Text proposed by the Commission Amendment
(3) A provider of data sharing services (3) A provider of data sharing services that is not established in the Union, but that is not established in the Union, but offers the services referred to in Article 9 offers the services referred to in Article 9 (1) within the Union, shall appoint a legal (1) within the Union, shall appoint a legal representative in one of the Member States representative in one of the Member States in which those services are offered. The in which those services are offered. The provider shall be deemed to be under the provider shall be deemed to be under the jurisdiction of the Member State in which jurisdiction of the Member State in which the legal representative is established. the legal representative is established. The representative shall be mandated by the provider of data sharing services to be addressed in addition to or instead of it by, in particular, competent authorities and data subjects and data holders, on all issues related to the service, for the purposes of ensuring compliance with this Regulation. The designation of a representative by the provider of data sharing services shall be without prejudice to legal actions which could be initiated against the provider of data sharing services themselves.
Or. en
Amendment 291 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 3
Text proposed by the Commission Amendment
(3) A provider of data sharing services (3) A provider of data sharing services that is not established in the Union, but that is not established in the Union, but offers the services referred to in Article 9 offers the services referred to in Article 9 (1) within the Union, shall appoint a legal (1) within the Union, shall appoint a legal representative in one of the Member States representative in one of the Member States in which those services are offered. The in which those services are offered. The provider shall be deemed to be under the provider shall be deemed to be under the jurisdiction of the Member State in which jurisdiction of the Member State in which
AM\1232072EN.docx 95/138 PE692.940v01-00 EN the legal representative is established. the legal representative is established. The provider of the data sharing service shall provide the legal representative with the necessary resources to ensure efficient collaboration with relevant national authorities. The designation of a representative by the provider of data sharing services shall be without prejudice to legal actions which could be initiated against the provider of data sharing services themselves.
Or. en
Amendment 292 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 6 – point d
Text proposed by the Commission Amendment
(d) a website where information on the (d) a website where clear, complete provider and the activities can be found, and up-to-date information on the provider where applicable; and the activities can be found;
Or. en
Amendment 293 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 10 – paragraph 6 – point d
Text proposed by the Commission Amendment
(d) a website where information on the (d) a public website where information provider and the activities can be found, on the provider and a full list of its where applicable; activities can be found, where applicable;
Or. en
PE692.940v01-00 96/138 AM\1232072EN.docx EN Amendment 294 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 6 – point f
Text proposed by the Commission Amendment
(f) a description of the service the (f) a description of the service the provider intends to provide; provider intends to provide including by specifying which types of services referred in Article 9(1) of this Regulation are provided;
Or. en
Amendment 295 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 6 – point g
Text proposed by the Commission Amendment
(g) the estimated date for starting the (g) the date for starting the activity; activity;
Or. en
Amendment 296 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 10 – paragraph 6 – point h a (new)
Text proposed by the Commission Amendment
(ha) the place of data processing and the number of jobs to be created in the European Union;
Or. fr
AM\1232072EN.docx 97/138 PE692.940v01-00 EN Amendment 297 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 10 – paragraph 6 – point h b (new)
Text proposed by the Commission Amendment
(hb) the turnover and taxes paid in the Member State in the previous year, except in the case of an SME.
Or. fr
Amendment 298 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 7
Text proposed by the Commission Amendment
(7) At the request of the provider, the (7) At the request of the provider, the competent authority shall, within one competent authority shall, within a week, issue a standardised declaration, maximum of one week, issue a confirming that the provider has submitted standardised declaration, confirming that the notification referred to in paragraph 4. the provider has submitted the notification referred to in paragraph 4.
Or. en
Amendment 299 Kosma Złotowski
Proposal for a regulation Article 10 – paragraph 7
Text proposed by the Commission Amendment
(7) At the request of the provider, the (7) At the request of the provider, the competent authority shall, within one competent authority shall, within two week, issue a standardised declaration, weeks, issue a standardised declaration,
PE692.940v01-00 98/138 AM\1232072EN.docx EN confirming that the provider has submitted confirming that the provider has submitted the notification referred to in paragraph 4. the notification referred to in paragraph 4.
Or. en
Amendment 300 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Adriana Maldonado López
Proposal for a regulation Article 10 – paragraph 10
Text proposed by the Commission Amendment
(10) The competent authority may deleted charge fees. Such fees shall be proportionate and objective and be based on the administrative costs related to the monitoring of compliance and other market control activities of the competent authorities in relation to notifications of data sharing services.
Or. en
Justification
It is important to ensure that such process do not create any administrative burden and barriers to entry in the EU data intermediation market. To ensure fairness and consistency across the EU, no fee should be charged by Member States authorities in relation to the notification procedure and related to monitoring of compliance and other market control activities, this is why the provisions of Article 10 (10) should be deleted.
Amendment 301 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 2
Text proposed by the Commission Amendment
(2) the metadata collected from the (2) the data generated by and collected provision of the data sharing service may from the provision of the data sharing be used only for the development of that service may be used only for the
AM\1232072EN.docx 99/138 PE692.940v01-00 EN service; development of that service;
Or. en
Amendment 302 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 3
Text proposed by the Commission Amendment
(3) the provider shall ensure that the (3) the provider shall ensure that the procedure for access to its service is fair, procedure for access to its service is fair, transparent and non-discriminatory for transparent and non-discriminatory for both data holders and data users, including data subjects, data holders and data users, as regards prices; including as regards prices;
Or. en
Amendment 303 Andrey Kovatchev
Proposal for a regulation Article 11 – paragraph 1 – point 4 a (new)
Text proposed by the Commission Amendment
(4a) Data intermediaries should take reasonable measures to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
Or. en
Amendment 304 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 5
PE692.940v01-00 100/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(5) the provider shall have procedures (5) the provider shall have procedures in place to prevent fraudulent or abusive in place to detect, mitigate and prevent practices in relation to access to data from fraudulent or abusive practices in relation parties seeking access through their to access to data from parties seeking services; access through their services;
Or. en
Amendment 305 Kosma Złotowski
Proposal for a regulation Article 11 – paragraph 1 – point 6
Text proposed by the Commission Amendment
(6) the provider shall ensure a (6) the provider shall ensure a reasonable continuity of provision of its reasonable continuity of provision of its services and, in the case of services which services and, in the case of services which ensure storage of data, shall have sufficient ensure storage of data, shall have sufficient guarantees in place that allow data holders guarantees in place that allow data holders and data users to obtain access to their data and data users to obtain access to their data in case of insolvency; and transfer of their data in case of insolvency;
Or. en
Amendment 306 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 6
Text proposed by the Commission Amendment
(6) the provider shall ensure a (6) the provider shall ensure a reasonable continuity of provision of its reasonable continuity of provision of its services and, in the case of services which services and, in the case of services which ensure storage of data, shall have sufficient ensure storage of data, shall have sufficient guarantees in place that allow data holders guarantees in place that allow data holders and data users to obtain access to their data and data users to obtain access to and
AM\1232072EN.docx 101/138 PE692.940v01-00 EN in case of insolvency; delete their data in case of insolvency;
Or. en
Amendment 307 David Cormand, Kim Van Sparrentak on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 6 a (new)
Text proposed by the Commission Amendment
(6a) the provider shall take reasonable measures to ensure interoperability with other data sharing services by means of commonly used, formal or informal, open standards in the sector in which the data sharing service providers operate;
Or. en
Amendment 308 Andrey Kovatchev
Proposal for a regulation Article 11 – paragraph 1 – point 8
Text proposed by the Commission Amendment
(8) the provider shall take measures to (8) the data intermediary shall take ensure a high level of security for the measures to ensure a high level of security, storage and transmission of non-personal including state-of-the-art cybersecurity data; standards for the storage and transmission of non-personal data;
Or. en
Amendment 309 Kosma Złotowski
Proposal for a regulation Article 11 – paragraph 1 – point 9
PE692.940v01-00 102/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(9) the provider shall have procedures (9) the provider shall have procedures in place to ensure compliance with the in place to ensure compliance with the Union and national rules on competition; Union and national rules on competition and consumer protection;
Or. en
Amendment 310 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 9 a (new)
Text proposed by the Commission Amendment
(9a) the provider shall have procedures in place to ensure compliance with the Union and national rules on the protection of personal data, including procedures for ensuring the exercise of data subjects’ rights. In particular, the provider shall provide the data subject with easily accessible tools allowing them a comprehensive view of how and for which specific purpose their personal data are shared by the provider;
Or. en
Amendment 311 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 11 – paragraph 1 – point 10
Text proposed by the Commission Amendment
(10) the provider offering services to (10) the provider offering services to data subjects shall act in the data subjects’ data subjects shall act in the data subjects’ best interest when facilitating the exercise best interest when facilitating the exercise
AM\1232072EN.docx 103/138 PE692.940v01-00 EN of their rights, in particular by advising of their rights, in particular by advising data subjects on potential data uses and data subjects and ensure they understand standard terms and conditions attached to potential data uses and terms and such uses; conditions attached to such uses;
Or. en
Amendment 312 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 11 – paragraph 1 – point 10
Text proposed by the Commission Amendment
(10) the provider offering services to (10) the provider offering services to data subjects shall act in the data subjects’ data subjects shall act in the data subjects’ best interest when facilitating the exercise best interest when facilitating the exercise of their rights, in particular by advising of their rights, in particular by advising data subjects on potential data uses and data subjects on potential data uses and standard terms and conditions attached to standard terms and conditions attached to such uses; such uses and how consent and permissions can be withdrawn;
Or. en
Amendment 313 Anne-Sophie Pelletier
Proposal for a regulation Article 12 – paragraph 1
Text proposed by the Commission Amendment
(1) Each Member State shall designate (1) Each Member State shall designate in its territory one or more authorities in its territory data protection authorities to competent to carry out the tasks related to carry out the tasks related to the the notification framework and shall notification framework and shall communicate to the Commission the communicate to the Commission the identity of those designated authorities by identity of those designated authorities by [date of application of this Regulation]. It [date of application of this Regulation]. It shall also communicate to the Commission shall also communicate to the Commission any subsequent modification. any subsequent modification.
PE692.940v01-00 104/138 AM\1232072EN.docx EN Or. en
Amendment 314 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 12 – paragraph 3
Text proposed by the Commission Amendment
(3) The designated competent (3) The powers of the designated authorities, the data protection authorities, competent authorities are without the national competition authorities, the prejudice to the powers of data protection authorities in charge of cybersecurity, and authorities, national competition other relevant sectorial authorities shall authorities, authorities in charge of exchange the information which is cybersecurity, and other relevant sectorial necessary for the exercise of their tasks in authorities. Those authorities shall relation to data sharing providers. exchange the information which is necessary for the exercise of their tasks in relation to data sharing providers. In particular, for any question requiring an assessment of compliance with Regulation (EU)2016/679, and before starting any data sharing service activities related to personal data, the competent authority shall first request an opinion or decision by the competent supervisory authority established pursuant to that Regulation by which it shall be legally bound.
Or. en
Amendment 315 Anne-Sophie Pelletier
Proposal for a regulation Article 12 – paragraph 3
Text proposed by the Commission Amendment
(3) The designated competent (3) The data protection authorities, the authorities, the data protection authorities, national competition authorities, the the national competition authorities, the authorities in charge of cybersecurity, and authorities in charge of cybersecurity, and other relevant sectorial authorities shall
AM\1232072EN.docx 105/138 PE692.940v01-00 EN other relevant sectorial authorities shall exchange the information which is exchange the information which is necessary for the exercise of their tasks in necessary for the exercise of their tasks in relation to data sharing providers. relation to data sharing providers.
Or. en
Amendment 316 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 13 – paragraph 3
Text proposed by the Commission Amendment
(3) Where the competent authority (3) Where the competent authority finds that a provider of data sharing finds that a provider of data sharing services does not comply with one or more services does not comply with one or more of the requirements laid down in Article 10 of the requirements laid down in Article 10 or 11, it shall notify that provider of those or 11, it shall notify that provider of those findings and give it the opportunity to state findings and give it the opportunity to state its views, within a reasonable time limit. its views, within ten days.
Or. en
Amendment 317 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 13 – paragraph 4 – introductory part
Text proposed by the Commission Amendment
(4) The competent authority shall have (4) The competent authority shall have the power to require the cessation of the the power to require the cessation of the breach referred to in paragraph 3 either breach referred to in paragraph 3 either immediately or within a reasonable time immediately or within ten days and shall limit and shall take appropriate and take appropriate and proportionate proportionate measures aimed at ensuring measures aimed at ensuring compliance. In compliance. In this regard, the competent this regard, the competent authorities shall authorities shall be able, where be able, where appropriate: appropriate:
PE692.940v01-00 106/138 AM\1232072EN.docx EN Or. en
Amendment 318 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 13 – paragraph 4 – point a a (new)
Text proposed by the Commission Amendment
(aa) impose a state compensation obligation on the entity re-using the data in the event of a breach of data anonymity.
Or. fr
Amendment 319 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 13 – paragraph 4 – point b a (new)
Text proposed by the Commission Amendment
(ba) exclude the provider from access to new public data in that Member State for a specified period of time.
Or. fr
Amendment 320 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 14 a (new)
Text proposed by the Commission Amendment
Article 14a Reciprocity Companies and public-sector bodies from
AM\1232072EN.docx 107/138 PE692.940v01-00 EN third countries which do not offer effective reciprocity vis-à-vis the European Union shall be excluded from access with a view to the re-use of data held or produced by public-sector bodies in the European Union.
Or. fr
Amendment 321 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 15 – paragraph 1
Text proposed by the Commission Amendment
(1) Each competent authority (1) Each competent authority designated pursuant to Article 20 shall designated pursuant to Article 20 shall keep a register of recognised data altruism keep a register of recognised data altruism organisations. organisations. That register shall be accessible to the public.
Or. en
Amendment 322 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 15 – paragraph 1
Text proposed by the Commission Amendment
(1) Each competent authority (1) Each competent authority designated pursuant to Article 20 shall designated pursuant to Article 20 shall keep a register of recognised data altruism keep a public register of recognised data organisations. altruism organisations.
Or. en
PE692.940v01-00 108/138 AM\1232072EN.docx EN Amendment 323 Andrey Kovatchev
Proposal for a regulation Article 15 – paragraph 1 a (new)
Text proposed by the Commission Amendment
(1a) Registration as a recognised data altruism organisation should be a precondition for exercising data altruism activities. The Commission should encourage and facilitate the development of self-regulatory codes of conduct at Union level, involving relevant stakeholders. The European Data Innovation Board shall advise and assist in developing and preserving a consistent practice throughout the Union in this regard.
Or. en
Amendment 324 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 15 – paragraph 2
Text proposed by the Commission Amendment
(2) The Commission shall maintain a (2) The Commission shall maintain a Union register of recognised data altruism Union register of recognised data altruism organisations. organisations. The Union register shall be accessible to the public.
Or. en
Amendment 325 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 15 – paragraph 3
AM\1232072EN.docx 109/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(3) An entity registered in the register (3) An entity registered in the register in accordance with Article 16 may refer to in accordance with Article 16 may refer to itself as a ‘data altruism organisation itself as an ‘EU-registered data altruism recognised in the Union’ in its written and organisation’ in its written and spoken spoken communication. communication.
Or. en
Amendment 326 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 16 – paragraph 1 – point a
Text proposed by the Commission Amendment
(a) be a legal entity constituted to meet (a) be a legal entity constituted to meet objectives of general interest; objectives of general interest, in line with Union treaties and national law;
Or. en
Amendment 327 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 16 – paragraph 1 – point b
Text proposed by the Commission Amendment
(b) operate on a not-for-profit basis and (b) operate on a not-for-profit basis and be independent from any entity that be fully independent, both with regard to operates on a for-profit basis; the organisation itself and with regard to its personnel, from any relevant entity that operates on a for-profit basis;
Or. en
PE692.940v01-00 110/138 AM\1232072EN.docx EN Amendment 328 Kosma Złotowski
Proposal for a regulation Article 16 – paragraph 1 – point b
Text proposed by the Commission Amendment
(b) operate on a not-for-profit basis and (b) operate on a not-for-profit basis and be independent from any entity that be independent from any entity involved in operates on a for-profit basis; the collection, processing or storage of data that operates on a for-profit basis;
Or. en
Amendment 329 Kosma Złotowski
Proposal for a regulation Article 16 – paragraph 1 – point b a (new)
Text proposed by the Commission Amendment
(ba) provide supervisory mechanisms, such as ethics boards or councils, to ensure that the data controller maintains high standards of scientific ethics;
Or. en
Amendment 330 Kosma Złotowski
Proposal for a regulation Article 16 – paragraph 1 – point b b (new)
Text proposed by the Commission Amendment
(bb) provide effective technical means to withdraw or modify consent at any moment, based on the information obligations of data processors under Regulation (EU) 2016/679;
Or. en
AM\1232072EN.docx 111/138 PE692.940v01-00 EN Amendment 331 Kosma Złotowski
Proposal for a regulation Article 16 – paragraph 1 – point b c (new)
Text proposed by the Commission Amendment
(bc) provide the means to keep data subjects informed of the use of the data they have made available;
Or. en
Amendment 332 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 16 – paragraph 1 – point c
Text proposed by the Commission Amendment
(c) perform the activities related to data (c) perform the activities related to data altruism take place through a legally altruism through a legally independent independent structure, separate from other structure, separate from other activities it activities it has undertaken. has undertaken.
Or. en
Amendment 333 Kosma Złotowski
Proposal for a regulation Article 16 – paragraph 1 – point c a (new)
Text proposed by the Commission Amendment
(ca) ensures technical and organisational requirements for the application of data protection standards and the exercise of data subjects' rights, including the right to transfer data;
PE692.940v01-00 112/138 AM\1232072EN.docx EN Or. en
Amendment 334 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 16 – paragraph 1 – point c a (new)
Text proposed by the Commission Amendment
(ca) have adequate technical, legal and organisational measures in place to prevent transfer or access to non-personal data which does not comply with Union law;
Or. en
Amendment 335 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 16 – paragraph 1 – point c a (new)
Text proposed by the Commission Amendment
(ca) demonstrate professional expertise in processing data activities in compliance with relevant Union and national legislation;
Or. en
Amendment 336 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 16 – paragraph 1 – point c b (new)
AM\1232072EN.docx 113/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(cb) fulfil technical and operational requirements enabling the effective application of data protection standards and the exercise of data subjects’ rights pursuant to Article 16 of the Regulation (EU) 2016/679;
Or. en
Amendment 337 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 16 – paragraph 1 – point c c (new)
Text proposed by the Commission Amendment
(cc) data altruism organisations shall act in the data subjects’ best interest when facilitating the exercise of their rights, in particular by advising data subjects on potential risks, potential data uses and standard terms and conditions attached to such uses
Or. en
Amendment 338 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 17 – paragraph 4 – point d
Text proposed by the Commission Amendment
(d) the entity’s main sources of (d) the entity’s sources of income and income; start-up capital;
Or. en
PE692.940v01-00 114/138 AM\1232072EN.docx EN Amendment 339 Andrey Kovatchev
Proposal for a regulation Article 17 – paragraph 4 – point d
Text proposed by the Commission Amendment
(d) the entity’s main sources of (d) the entity’s sources of income; income;
Or. en
Amendment 340 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 17 – paragraph 4 – point f
Text proposed by the Commission Amendment
(f) a website where information on the (f) a website where information on the entity and the activities can be found; entity and the activities can be found including, as a minimum, the information referred to in points (a), (b), (d), (e), (g) and (h) of this paragraph;
Or. en
Amendment 341 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 17 – paragraph 4 – point h
Text proposed by the Commission Amendment
(h) the purposes of general interest it (h) the purposes of general interest it intends to promote when collecting data; intends to promote;
Or. en
AM\1232072EN.docx 115/138 PE692.940v01-00 EN Amendment 342 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 17 – paragraph 4 – point h a (new)
Text proposed by the Commission Amendment
(ha) the nature of data to be controlled, processed, or re-used by the provider, and, in the case of personal data, an indication of the categories of personal data, and the categories of recipients of personal data;
Or. en
Amendment 343 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 17 – paragraph 7
Text proposed by the Commission Amendment
(7) Any entity entered in the register of (7) Any entity entered in the register of recognised data altruism organisations recognised data altruism organisations shall submit any changes of the shall submit any changes of the information provided pursuant to information provided pursuant to paragraph 4 to the competent authority paragraph 4 to the competent authority within 14 calendar days from the day on within 14 calendar days from the day on which the change takes place. which the change takes place. The competent authority which updated the register shall inform the Commission of the modifications made.
Or. en
Amendment 344 David Cormand on behalf of the Greens/EFA Group
PE692.940v01-00 116/138 AM\1232072EN.docx EN Proposal for a regulation Article 17 – paragraph 7 a (new)
Text proposed by the Commission Amendment
(7a) Where the information provided in the application indicates that sensitive data categories could be controlled, processed, or re-used, the Data Altruism Organisation shall conduct a data protection impact assessment pursuant to Article 35, and, where applicable Article 36, of Regulation(EU) 2016/679.
Or. en
Amendment 345 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 18 – paragraph 1 – introductory part
Text proposed by the Commission Amendment
(1) Any entity entered in the national (1) Any entity entered in the national register of recognised data altruism register of recognised data altruism organisations shall keep full and accurate organisations shall keep full, records concerning: comprehensible and accurate records concerning:
Or. en
Amendment 346 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 18 – paragraph 1 – point a
Text proposed by the Commission Amendment
(a) all natural or legal persons that (a) all natural or legal persons that were given the possibility to process data were given the possibility to process data held by that entity; held by that entity and their contact
AM\1232072EN.docx 117/138 PE692.940v01-00 EN details;
Or. en
Amendment 347 Kosma Złotowski
Proposal for a regulation Article 18 – paragraph 2 – point c
Text proposed by the Commission Amendment
(c) a list of all natural and legal persons (c) a list of all natural and legal persons that were allowed to use data it holds, that were allowed to use data it holds, including a summary description of the including a comprehensive description of general interest purposes pursued by such the general interest purposes pursued by data use and the description of the such data use and the description of the technical means used for it, including a technical means used for it, including a description of the techniques used to description of the techniques used to preserve privacy and data protection; preserve privacy and data protection;
Or. en
Amendment 348 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 19 – paragraph 1 – introductory part
Text proposed by the Commission Amendment
(1) Any entity entered in the register of (1) Prior to any data processing, the recognised data altruism organisations entity entered in the register of recognised shall inform data holders: data altruism organisations shall inform data subjects and holders:
Or. en
Amendment 349 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
PE692.940v01-00 118/138 AM\1232072EN.docx EN Proposal for a regulation Article 19 – paragraph 1 – introductory part
Text proposed by the Commission Amendment
(1) Any entity entered in the register of (1) Any entity entered in the register of recognised data altruism organisations recognised data altruism organisations shall inform data holders: shall inform data holders prior any processing of their data:
Or. en
Amendment 350 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 19 – paragraph 1 – point a
Text proposed by the Commission Amendment
(a) about the purposes of general (a) about the purposes of general interest for which it permits the processing interest for which the data subject provides of their data by a data user in an easy-to- consent and for which the organisation understand manner; permits the processing of their data by a data user in an easy-to-understand manner;
Or. en
Amendment 351 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 19 – paragraph 1 – point a a (new)
Text proposed by the Commission Amendment
(aa) about the rights that the data subject can apply with regard to the processing of its personal data;
Or. en
AM\1232072EN.docx 119/138 PE692.940v01-00 EN Amendment 352 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 19 – paragraph 1 – point b
Text proposed by the Commission Amendment
(b) about any processing outside the (b) about any processing outside the Union. Union and the associated risks and the location outside the Union where the processing will take place;
Or. en
Amendment 353 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 19 – paragraph 1 – point b
Text proposed by the Commission Amendment
(b) about any processing outside the (b) about by whom and where any Union. processing outside the Union is envisaged.
Or. en
Amendment 354 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 19 – paragraph 2
Text proposed by the Commission Amendment
(2) The entity shall also ensure that the (2) The entity shall also ensure that the data is not be used for other purposes than data is not be used for other purposes than those of general interest for which it those of general interest for which it permits the processing. permits the processing and ensure that misleading marketing practices are not used to solicit donations of data.
PE692.940v01-00 120/138 AM\1232072EN.docx EN Or. en
Amendment 355 Andrey Kovatchev
Proposal for a regulation Article 19 – paragraph 2
Text proposed by the Commission Amendment
(2) The entity shall also ensure that the (2) The entity shall also ensure that the data is not be used for other purposes than data is not be used for other purposes than those of general interest for which it those of general interest for which it permits the processing. permits the processing. Safeguards shall be provided to ensure that misleading marketing practices are not used to solicit donations of data. Sanctions shall be provided when acting against the general public interest.
Or. en
Amendment 356 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López, Evelyne Gebhardt
Proposal for a regulation Article 19 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) The entity shall ensure that the data is not used for advertising purposes.
Or. en
Amendment 357 Maria Grapini, Maria-Manuel Leitão-Marques, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 21 – paragraph 3
AM\1232072EN.docx 121/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(3) Where the competent authority (3) Where the competent authority finds that an entity does not comply with finds that an entity does not comply with one or more of the requirements of this one or more of the requirements of this Chapter it shall notify the entity of those Chapter it shall notify the entity of those findings and give it the opportunity to state findings and give it the opportunity to state its views, within a reasonable time limit. its views, within ten days.
Or. en
Amendment 358 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 21 – paragraph 5 – point a
Text proposed by the Commission Amendment
(a) lose its right to refer to itself as a (a) lose its right to refer to itself as an ‘data altruism organisation recognised in ‘EU-registered data altruism organisation’ the Union’ in any written and spoken in any written and spoken communication; communication;
Or. en
Amendment 359 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 22 – title
Text proposed by the Commission Amendment
European data altruism consent form European data altruism consent interface
Or. en
Amendment 360 David Cormand
PE692.940v01-00 122/138 AM\1232072EN.docx EN on behalf of the Greens/EFA Group
Proposal for a regulation Article 22 – paragraph 1
Text proposed by the Commission Amendment
(1) In order to facilitate the collection (1) In order to facilitate the collection of data based on data altruism, the of data based on data altruism, the Commission may adopt implementing acts Commission may adopt implementing acts developing a European data altruism developing a European data altruism consent form. The form shall allow the consent interface. The interface shall collection of consent across Member States allow the collection and revocation of free in a uniform format. Those implementing and informed consent across Member acts shall be adopted in accordance with States in a uniform format. Those the advisory procedure referred to in implementing acts shall be adopted in Article 29 (2). accordance with the advisory procedure referred to in Article 29 (2).
Or. en
Justification
In this advanced technological environment, we should be far more ambitious than simply providing a "form". Technological opportunities to enhance trust by making transparency and the management of consent and transparency easier and more meaningful should be used, in order to better achieve the goals of the legislation.
Amendment 361 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 22 – paragraph 2
Text proposed by the Commission Amendment
(2) The European data altruism consent (2) The European data altruism consent form shall use a modular approach interface shall use a modular approach allowing customisation for specific sectors allowing customisation for specific sectors and for different purposes. and for different purposes.
Or. en
AM\1232072EN.docx 123/138 PE692.940v01-00 EN Amendment 362 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 22 – paragraph 3
Text proposed by the Commission Amendment
(3) Where personal data are provided, (3) Where personal data are provided, the European data altruism consent form the European data altruism consent shall ensure that data subjects are able to interface shall ensure that data subjects are give consent to and withdraw consent from able to give consent to and withdraw a specific data processing operation in consent from a specific data processing compliance with the requirements of operation in compliance with the Regulation (EU) 2016/679. requirements of Regulation (EU) 2016/679. The interface shall provide up to date information concerning what types of data have been used, with what frequency and for what purposes by users of the data altruism organisation.
Or. en
Amendment 363 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 22 – paragraph 4
Text proposed by the Commission Amendment
(4) The form shall be available in a (4) The interface shall include a manner that can be printed on paper and consent form which shall be available in a read by humans as well as in an electronic, manner that can be printed on paper and machine-readable form. read by humans as well as in an electronic, machine-readable form.
Or. en
Amendment 364 Kosma Złotowski
PE692.940v01-00 124/138 AM\1232072EN.docx EN Proposal for a regulation Article 22 – paragraph 4
Text proposed by the Commission Amendment
(4) The form shall be available in a (4) The form shall be available in all manner that can be printed on paper and the official languages of the EU in a read by humans as well as in an electronic, manner that can be printed on paper and machine-readable form. read by humans as well as in an electronic, machine-readable form.
Or. en
Amendment 365 Anne-Sophie Pelletier
Proposal for a regulation Article 23 – paragraph 3
Text proposed by the Commission Amendment
(3) The top-management and the (3) The top-management and the personnel responsible for carrying out the personnel responsible for carrying out the relevant tasks of the competent authority relevant tasks of the competent authority provided for in this Regulation cannot be provided for in this Regulation cannot be the designer, manufacturer, supplier, the designer, manufacturer, supplier, installer, purchaser, owner, user or installer, purchaser, owner, user or maintainer of the services which they maintainer of the services which they evaluate, nor the authorised representative evaluate, nor the authorised representative of any of those parties or represent them. of any of those parties or represent them or This shall not preclude the use of evaluated have represented them for the last two services that are necessary for the years. This shall not preclude the use of operations of the competent authority or evaluated services that are necessary for the use of such services for personal the operations of the competent authority purposes. or the use of such services for personal purposes.
Or. en
Justification
To prevent revolving door problems between lobbyists and top management.
Amendment 366 Kosma Złotowski
AM\1232072EN.docx 125/138 PE692.940v01-00 EN Proposal for a regulation Article 23 – paragraph 6 a (new)
Text proposed by the Commission Amendment
(6a) Member States shall regularly report to the Commission and the European Data Innovation Board on the activities that competent authorities carry pursuant to this Regulation. The Commission and the Board shall be informed, in particular, about the financial and human resources allocated to the activities pursuant to this Regulation.
Or. en
Amendment 367 Maria Grapini, Leszek Miller, Marc Angel, Christel Schaldemose, Adriana Maldonado López
Proposal for a regulation Article 24 – paragraph 2
Text proposed by the Commission Amendment
(2) The authority with which the (2) The authority with which the complaint has been lodged shall inform the complaint has been lodged shall inform the complainant of the progress of the complainant of the progress of the proceedings and of the decision taken, and proceedings and of the decision taken, and shall inform the complainant of the right to shall inform the complainant of the right to an effective judicial remedy provided for in an effective judicial remedy provided for in Article 25. a maximum of 30 days.
Or. en
Amendment 368 Kosma Złotowski
Proposal for a regulation Article 26 – paragraph 1
PE692.940v01-00 126/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(1) The Commission shall establish a (1) The Commission shall establish a European Data Innovation Board (“the European Data Innovation Board (“the Board”) in the form of an Expert Group, Board”) in the form of an Expert Group consisting of the representatives of and composed of the following groups: competent authorities of all the Member States, the European Data Protection Board, the Commission, relevant data spaces and other representatives of competent authorities in specific sectors.
Or. en
Amendment 369 Anne-Sophie Pelletier
Proposal for a regulation Article 26 – paragraph 1
Text proposed by the Commission Amendment
(1) The Commission shall establish a (1) The Commission shall establish a European Data Innovation Board (“the European Data Innovation Board (“the Board”) in the form of an Expert Group, Board”) in the form of an Expert Group, consisting of the representatives of consisting of the representatives of competent authorities of all the Member competent authorities of all the Member States, the European Data Protection States, the European Data Protection Board, the Commission, relevant data Board, the Commission, European Social spaces and other representatives of partners, relevant data spaces, including competent authorities in specific sectors. civil society organisations and other representatives of competent authorities in data protection sectors.
Or. en
Justification
The expert group should be balanced between interests.
Amendment 370 Kosma Złotowski
AM\1232072EN.docx 127/138 PE692.940v01-00 EN Proposal for a regulation Article 26 – paragraph 1 – point a (new)
Text proposed by the Commission Amendment
(a) representatives of: (i) competent authorities of all the Member States; (ii) the European Data Protection Board; (iii) the Commission; (iv) European Union Agency for Cybersecurity; (v) relevant data spaces; (vi) other representatives of competent authorities in specific sectors; (b) experts representing relevant private stakeholders and business sectors, representing relevant industries, and persons with data related expertise; (c) experts appointed in a personal capacity, who have proven knowledge and experience in the areas covered by this Regulation.
Or. en
Amendment 371 Kosma Złotowski
Proposal for a regulation Article 26 – paragraph 2
Text proposed by the Commission Amendment
(2) Stakeholders and relevant third deleted parties may be invited to attend meetings of the Board and to participate in its work.
Or. en
PE692.940v01-00 128/138 AM\1232072EN.docx EN Amendment 372 David Cormand on behalf of the Greens/EFA Group
Proposal for a regulation Article 26 – paragraph 2
Text proposed by the Commission Amendment
(2) Stakeholders and relevant third (2) Stakeholders and relevant third parties may be invited to attend meetings parties, in particular, groups representing of the Board and to participate in its work. citizens' rights, may be invited to attend meetings of the Board and to participate in its work.
Or. en
Amendment 373 Kosma Złotowski
Proposal for a regulation Article 26 – paragraph 2
Text proposed by the Commission Amendment
(2) Stakeholders and relevant third (2) Stakeholders and relevant third parties may be invited to attend meetings parties including industry and civil society of the Board and to participate in its work. organisations may be invited to attend meetings of the Board and to participate in its work.
Or. en
Amendment 374 Anne-Sophie Pelletier
Proposal for a regulation Article 26 – paragraph 2
Text proposed by the Commission Amendment
(2) Stakeholders and relevant third (2) Stakeholders and relevant third parties may be invited to attend meetings parties may be invited to attend meetings of the Board and to participate in its work. of the Board and publish afterwards a public report of their communication to
AM\1232072EN.docx 129/138 PE692.940v01-00 EN the Board.
Or. en
Justification
Transparency by other parties is essential.
Amendment 375 Kosma Złotowski
Proposal for a regulation Article 26 – paragraph 4 a (new)
Text proposed by the Commission Amendment
(4a) The Board shall carry out its tasks in accordance with the principle of transparency. The Commission shall publish the minutes of the meetings of the Board and other relevant documents on the Commission website.
Or. en
Amendment 376 Andrey Kovatchev
Proposal for a regulation Article 27 – paragraph 1 – point b a (new)
Text proposed by the Commission Amendment
(ba) to advise and assist the Commission in developing consistent guidelines for cybersecurity requirements for the exchange and storage of data; in this regard to aim to consistently keep the latest technical standards in cybersecurity;
Or. en
PE692.940v01-00 130/138 AM\1232072EN.docx EN Amendment 377 Andrey Kovatchev
Proposal for a regulation Article 27 – paragraph 1 – point c
Text proposed by the Commission Amendment
(c) to advise the Commission on the (c) to advise the Commission on the prioritisation of cross-sector standards to prioritisation of cross-sector standards to be used and developed for data use and be used and developed for data use and cross-sector data sharing, cross-sectoral cross-sector data sharing, cross-sectoral comparison and exchange of best practices comparison and exchange of best practices with regards to sectoral requirements for with regards to sectoral requirements for security, access procedures, while taking security, access procedures, while taking into account sector-specific into account sector-specific standardisations activities; standardisations activities; it should also assist the Commission in setting technical guidelines for anonymization;
Or. en
Amendment 378 Andrey Kovatchev
Proposal for a regulation Article 27 – paragraph 1 – point d
Text proposed by the Commission Amendment
(d) to assist the Commission in (d) to advise and assist the enhancing the interoperability of data as Commission in enhancing the well as data sharing services between interoperability of data as well as data different sectors and domains, building on sharing services between different sectors existing European, international or national and domains, building on existing standards; European, international or national standards; to do its utmost to guarantee interoperability within the sector but also across sectors to facilitate data sharing.
Or. en
Amendment 379 Andrey Kovatchev
AM\1232072EN.docx 131/138 PE692.940v01-00 EN Proposal for a regulation Article 27 – paragraph 1 – point e
Text proposed by the Commission Amendment
(e) to facilitate the cooperation (e) to facilitate the cooperation between national competent authorities between national competent authorities under this Regulation through capacity- under this Regulation through capacity- building and the exchange of information, building and the exchange of information, in particular by establishing methods for in particular by establishing methods for the efficient exchange of information the efficient exchange of information relating to the notification procedure for relating to the notification procedure for data sharing service providers and the data sharing service providers and the registration and monitoring of recognised registration and monitoring of recognised data altruism organisations. data altruism organisations; to advise and assist in developing and preserving a consistent practice in relation to the code of conduct of data altruism organisations throughout the Union.
Or. en
Amendment 380 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 27 – paragraph 1 – point e a (new)
Text proposed by the Commission Amendment
(ea) report annually the percentage of data shared in accordance with this Regulation which are processed inside and outside the European Union; report on job creation in the data-processing sector by Member State.
Or. fr
Amendment 381 Kosma Złotowski
Proposal for a regulation Article 27 – paragraph 1 – point e a (new)
PE692.940v01-00 132/138 AM\1232072EN.docx EN Text proposed by the Commission Amendment
(ea) to facilitate cooperation between Member States in relation to the rules on penalties laid down by the Member States pursuant to Article 31 and to issue recommendations as regards the harmonisation of those penalties across the Union.
Or. en
Amendment 382 Kosma Złotowski
Proposal for a regulation Article 27 – paragraph 1 – point e a (new)
Text proposed by the Commission Amendment
(ea) to provide expertise, recommendations and advise to the Commission on the possible need to amend this or other related regulations, such as Directive (EU) 2019/1024;
Or. en
Amendment 383 Kosma Złotowski
Proposal for a regulation Article 27 – paragraph 1 – point e b (new)
Text proposed by the Commission Amendment
(eb) By [PO: insert date 5 years after date of entry into force of this Regulation] the Commission after consultation with the Board shall carry out review of the Board activities, summarising its most important actions, provided added value, issued recommendations and overall contributions to the development of the
AM\1232072EN.docx 133/138 PE692.940v01-00 EN European Data Market. The conclusions shall be submitted as a report to the European Parliament and the Council.
Or. en
Amendment 384 Kosma Złotowski
Proposal for a regulation Article 27 – paragraph 1 a (new)
Text proposed by the Commission Amendment
The Board shall develop recommendations to ensure the consistency between the practices of the competent authorities and shall draft opinions on the status of the application of the Regulation in Member States. If inconsistent practices that could lead to fragmentation of the Single Market have been identified, the Board shall draft decisions for the Commission to adopt. Such decisions may require Member States to take all necessary measures to ensure consistency of practices and prevent market fragmentation.
Or. en
Amendment 385 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 30 – paragraph 2
Text proposed by the Commission Amendment
(2) Any judgment of a court or tribunal (2) No judgment of a court or tribunal and any decision of an administrative and no decision of an administrative authority of a third country requiring a authority of a third country requiring a public sector body, a natural or legal public sector body, a natural or legal person to which the right to re-use data was person to which the right to re-use data was granted under Chapter 2, a data sharing granted under Chapter 2, a data sharing
PE692.940v01-00 134/138 AM\1232072EN.docx EN provider or entity entered in the register of provider or entity entered in the register of recognised data altruism organisations to recognised data altruism organisations to transfer from or give access to non- transfer from or give access to non- personal data subject to this Regulation in personal data subject to this Regulation in the Union may only be recognised or the Union may be recognised or enforceable in any manner if based on an enforceable in any manner. international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State concluded before [the entry into force of this Regulation].
Or. fr
Amendment 386 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 30 – paragraph 2 a (new)
Text proposed by the Commission Amendment
(2a) Deplores the fact that the Commission does not provide for any specific protection of Europeans with critical economic responsibilities against third-country laws such as the US Cloud Act; that legislation enables third-country law enforcement authorities to access data in the context of criminal investigations which may be prompted by economic competition considerations; as in the Alstom case, the strategic impact of such cases may be significant for European companies;
Or. fr
Amendment 387 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 30 – paragraph 3
AM\1232072EN.docx 135/138 PE692.940v01-00 EN Text proposed by the Commission Amendment
(3) Where a public sector body, a deleted natural or legal person to which the right to re-use data was granted under Chapter 2, a data sharing provider or entity entered in the register of recognised data altruism organisations is the addressee of a decision of a court or of an administrative authority of a third country to transfer from or give access to non- personal data held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only: (a) where the third-country system requires the reasons and proportionality of the decision to be set out, and it requires the court order or the decision, as the case may be, to be specific in character, for instance by establishing a sufficient link to certain suspected persons, or infringements; (b) the reasoned objection of the addressee is subject to a review by a competent court in the third-country; and (c) in that context, the competent court issuing the order or reviewing the decision of an administrative authority is empowered under the law of that country to take duly into account the relevant legal interests of the provider of the data protected by Union law or the applicable Member State law. The addressee of the decision shall ask the opinion of the relevant competent bodies or authorities, pursuant to this Regulation, in order to determine if these conditions are met.
Or. fr
PE692.940v01-00 136/138 AM\1232072EN.docx EN Amendment 388 Virginie Joron, Jean-Lin Lacapelle, Alessandra Basso, Isabella Tovaglieri
Proposal for a regulation Article 30 – paragraph 3 – point a
Text proposed by the Commission Amendment
(a) where the third-country system (a) where the third-country system requires the reasons and proportionality of requires the reasons and proportionality of the decision to be set out, and it requires the decision to be set out, and it requires the court order or the decision, as the case the court order or the decision, as the case may be, to be specific in character, for may be, to be specific in character, for instance by establishing a sufficient link to instance by establishing a sufficient link to certain suspected persons, or certain suspected persons and their infringements; criminal infringements;
Or. fr
Amendment 389 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 30 – paragraph 3 – point b
Text proposed by the Commission Amendment
(b) the reasoned objection of the (b) the reasoned objection of the addressee is subject to a review by a addressee is subject to a review by a competent court in the third-country; and competent court in a Member State; and
Or. fr
Amendment 390 Virginie Joron, Jean-Lin Lacapelle
Proposal for a regulation Article 32 – paragraph 1
Text proposed by the Commission Amendment
By [four years after the data of application By [four years after the data of application of this Regulation], the Commission shall of this Regulation], the Commission shall carry out an evaluation of this Regulation, carry out an evaluation of this Regulation, and submit a report on its main findings to and submit a report on its main findings to
AM\1232072EN.docx 137/138 PE692.940v01-00 EN the European Parliament and to the the European Parliament and to the Council as well as to the European Council as well as to the European Economic and Social Committee. Member Economic and Social Committee. Member States shall provide the Commission with States shall provide the Commission with the information necessary for the the information necessary for the preparation of that report. preparation of that report. Reciprocity of access to data located in third countries vis-à-vis Member States shall be assessed. Third countries which do not offer effective reciprocity shall be excluded from all access to data hosted in the European Union.
Or. fr
PE692.940v01-00 138/138 AM\1232072EN.docx EN