keyboard_tab Digital Governance Act 2022/0868 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 6 Fees
- 1 Art. 11 Notification by data intermediation services providers
- 1 Art. 17 Public registers of recognised data altruism organisations
- 1 Art. 21 Specific requirements to safeguard rights and interests of data subjects and data holders with regard to their data
- 1 Art. 22 Rulebook
- 1 Art. 35 Evaluation and review
CHAPTER I
General provisions
CHAPTER II
Re-use of certain categories of protected data held by public sector bodies
CHAPTER III
Requirements applicable to data intermediation services
CHAPTER IV
Data altruism
CHAPTER V
Competent authorities and procedural provisions
CHAPTER VI
European Data Innovation Board
CHAPTER VII
International access and transfer
CHAPTER VIII
Delegation and committee procedure
CHAPTER IX
Final and transitional provisions
- data
- re-use
- personal data
- non-personal data
- consent
- permission
- data subject
- data holder
- data user
- data sharing
- data intermediation service
- processing
- access
- main establishment
- services of data cooperatives
- data altruism
- public sector body
- bodies governed by public law
- public undertaking
- secure processing environment
- legal representative
- data 124
- services 52
- intermediation 52
- shall 51
- altruism 27
- recognised 22
- provider 22
- article 19
- public 15
- referred 15
- competent 14
- the 14
- union 14
- which 14
- notification 13
- organisation 12
- organisations 12
- authority 12
- commission 10
- information 9
- holders 9
- paragraph 9
- processing 9
- fees 9
- providers 9
- subjects 8
- accordance 8
- ensure 8
- register 8
- re-use 7
- provide 7
- such 7
- consent 7
- logo 6
- regulation 6
- relevant 6
- legal_representative 6
- common 6
- from 6
- categories 6
- charge 6
- sector 6
- without 6
- provided 5
- permission 5
- activities 5
- member states 5
- costs 5
- bodies 5
- tools 5
Article 6
Fees
1. Public sector bodies which allow re-use of the categories of data referred to in Article 3(1) may charge fees for allowing the re-use of such data.
2. Any fees charged pursuant to paragraph 1 shall be transparent, non-discriminatory, proportionate and objectively justified and shall not restrict competition.
3. Public sector bodies shall ensure that any fees can also be paid online through widely available cross-border payment services, without discrimination based on the place of establishment of the payment service provider, the place of issue of the payment instrument or the location of the payment account within the Union.
4. Where public sector bodies charge fees, they shall take measures to provide incentives for the re-use of the categories of data referred to in Article 3(1) for non-commercial purposes, such as scientific research purposes, and by SMEs and start-ups in accordance with State aid rules. In that regard, public sector bodies may also make the data available at a discounted fee or free of charge, in particular to SMEs and start-ups, civil society and educational establishments. To that end, public sector bodies may establish a list of categories of re-users to which data for re-use is made available at a discounted fee or free of charge. That list, together with the criteria used to establish it, shall be made public.
5. Any fees shall be derived from the costs related to conducting the procedure for requests for the re-use of the categories of data referred to in Article 3(1) and limited to the necessary costs in relation to:
| (a) | the reproduction, provision and dissemination of data; |
| (b) | the clearance of rights; |
| (c) | anonymisation or other forms of preparation of personal data and commercially confidential data as provided for in Article 5(3); |
| (d) | the maintenance of the secure processing environment; |
| (e) | the acquisition of the right to allow re-use in accordance with this Chapter by third parties outside the public sector; and |
| (f) | assisting re-users in seeking consent from data subjects and permission from data holders whose rights and interests may be affected by such re-use. |
6. The criteria and methodology for calculating fees shall be laid down by the Member States and published. The public_sector_body shall publish a description of the main categories of costs and the rules used for the allocation of costs.
Article 11
Notification by data intermediation services providers
1. Any data intermediation services provider who intends to provide the data intermediation services referred to in Article 10 shall submit a notification to the competent authority for data intermediation services.
2. For the purposes of this Regulation, a data intermediation services provider with establishments in more than one Member State shall be deemed to be under the jurisdiction of the Member State in which it has its main_establishment, without prejudice to Union law regulating cross-border actions for damages and related proceedings.
3. A data intermediation services provider that is not established in the Union, but which offers the data intermediation services referred to in Article 10 within the Union, shall designate a legal_representative in one of the Member States in which those services are offered.
For the purpose of ensuring compliance with this Regulation, the legal_representative shall be mandated by the data intermediation services provider to be addressed in addition to or instead of it by competent authorities for data intermediation services or data subjects and data holders, with regard to all issues related to the data intermediation services provided. The legal_representative shall cooperate with and comprehensively demonstrate to the competent authorities for data intermediation services, upon request, the actions taken and provisions put in place by the data intermediation services provider to ensure compliance with this Regulation.
The data intermediation services provider shall be deemed to be under the jurisdiction of the Member State in which the legal_representative is located. The designation of a legal_representative by the data intermediation services provider shall be without prejudice to any legal actions which could be initiated against the data intermediation services provider.
4. After having submitted a notification in accordance with paragraph 1, the data intermediation services provider may start the activity subject to the conditions laid down in this Chapter.
5. The notification referred to in paragraph 1 shall entitle the data intermediation services provider to provide data intermediation services in all Member States.
6. The notification referred to in paragraph 1 shall include the following information:
| (a) | the name of the data intermediation services provider; |
| (b) | the data intermediation services provider’s legal status, form, ownership structure, relevant subsidiaries and, where the data intermediation services provider is registered in a trade or other similar public national register, registration number; |
| (c) | the address of the data intermediation services provider’s main_establishment in the Union, if any, and, where applicable, of any secondary branch in another Member State or that of the legal_representative; |
| (d) | a public website where complete and up-to-date information on the data intermediation services provider and the activities can be found, including as a minimum the information referred to in points (a), (b), (c) and (f); |
| (e) | the data intermediation services provider’s contact persons and contact details; |
| (f) | a description of the data intermediation service the data intermediation services provider intends to provide, and an indication of the categories listed in Article 10 under which such data intermediation service falls; |
| (g) | the estimated date for starting the activity, if different from the date of the notification. |
7. The competent authority for data intermediation services shall ensure that the notification procedure is non-discriminatory and does not distort the competition.
8. At the request of the data intermediation services provider, the competent authority for data intermediation services shall, within one week of a duly and fully completed notification, issue a standardised declaration, confirming that the data intermediation services provider has submitted the notification referred to in paragraph 1 and that the notification contains the information referred to in paragraph 6.
9. At the request of the data intermediation services provider, the competent authority for data intermediation services shall confirm that the data intermediation services provider complies with this Article and Article 12. Upon receipt of such a confirmation, that data intermediation services provider may use the label ‘ data intermediation services provider recognised in the Union’ in its written and spoken communication, as well as a common logo.
In order to ensure that data intermediation services providers recognised in the Union are easily identifiable throughout the Union, the Commission shall, by means of implementing acts, establish a design for the common logo. Data intermediation services providers recognised in the Union shall display the common logo clearly on every online and offline publication that relates to their data intermediation activities.
Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 33(2).
10. The competent authority for data intermediation services shall notify the Commission of each new notification by electronic means without delay. The Commission shall keep and regularly update a public register of all data intermediation services providers providing their services in the Union. The information referred to in paragraph 6, points (a), (b), (c), (d), (f) and (g), shall be published in the public register.
11. The competent authority for data intermediation services may charge fees for the notification in accordance with national law. Such fees shall be proportionate and objective and be based on the administrative costs related to the monitoring of compliance and other market control activities of the competent authority for data intermediation services in relation to notifications of data intermediation services providers. In the case of SMEs and start-ups, the competent authority for data intermediation services may charge a discounted fee or waive the fee.
12. Data intermediation services providers shall notify the competent authority for data intermediation services of any changes to the information provided pursuant to paragraph 6 within 14 days of the date of the change.
13. Where a data intermediation services provider ceases its activities, it shall notify the relevant competent authority for data intermediation services determined pursuant to paragraphs 1, 2 and 3 within 15 days.
14. The competent authority for data intermediation services shall notify the Commission of each notification referred to in paragraphs 12 and 13 by electronic means without delay. The Commission shall update the public register of the data intermediation services providers in the Union accordingly.
Article 17
Public registers of recognised data altruism organisations
1. Each competent authority for the registration of data altruism organisations shall keep and regularly update a public national register of recognised data altruism organisations.
2. The Commission shall maintain a public Union register of recognised data altruism organisations for information purposes. Provided that an entity is registered in the public national register of recognised data altruism organisations in accordance with Article 18, it may use the label ‘ data altruism organisation recognised in the Union’ in its written and spoken communication, as well as a common logo.
In order to ensure that recognised data altruism organisations are easily identifiable throughout the Union, the Commission shall, by means of implementing acts, establish a design for the common logo. Recognised data altruism organisations shall display the common logo clearly on every online and offline publication that relates to their data altruism activities. The common logo shall be accompanied by a QR code with a link to the public Union register of recognised data altruism organisations.
Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 33(2).
Article 21
Specific requirements to safeguard rights and interests of data subjects and data holders with regard to their data
1. A recognised data altruism organisation shall inform data subjects or data holders prior to any processing of their data in a clear and easily comprehensible manner of:
| (a) | the objectives of general interest and, if applicable, the specified, explicit and legitimate purpose for which personal data is to be processed, and for which it permits the processing of their data by a data user; |
| (b) | the location of and the objectives of general interest for which it permits any processing carried out in a third country, where the processing is carried out by the recognised data altruism organisation. |
2. The recognised data altruism organisation shall not use the data for other objectives than those of general interest for which the data subject or data holder allows the processing. The recognised data altruism organisation shall not use misleading marketing practices to solicit the provision of data.
3. The recognised data altruism organisation shall provide tools for obtaining consent from data subjects or permissions to process data made available by data holders. The recognised data altruism organisation shall also provide tools for easy withdrawal of such consent or permission.
4. The recognised data altruism organisation shall take measures to ensure an appropriate level of security for the storage and processing of non-personal data that it has collected based on data altruism.
5. The recognised data altruism organisation shall, without delay, inform data holders in the event of any unauthorised transfer, access or use of the non-personal data that it has shared.
6. Where the recognised data altruism organisation facilitates data processing by third parties, including by providing tools for obtaining consent from data subjects or permissions to process data made available by data holders, it shall, where relevant, specify the third-country jurisdiction in which the data use is intended to take place.
Article 22
Rulebook
1. The Commission shall adopt delegated acts in accordance with Article 32, supplementing this Regulation by establishing a rulebook laying down:
| (a) | appropriate information requirements to ensure that data subjects and data holders are provided, before a consent or permission for data altruism is given, with sufficiently detailed, clear and transparent information regarding the use of data, the tools for giving and withdrawing consent or permission, and the measures taken to avoid misuse of the data shared with the data altruism organisation; |
| (b) | appropriate technical and security requirements to ensure the appropriate level of security for the storage and processing of data, as well as for the tools for giving and withdrawing consent or permission; |
| (c) | communication roadmaps taking a multi-disciplinary approach to raise awareness of data altruism, of the designation as a ‘ data altruism organisation recognised in the Union’ and of the rulebook among relevant stakeholders, in particular data holders and data subjects that would potentially share their data; |
| (d) | recommendations on relevant interoperability standards. |
2. The rulebook referred to in paragraph 1 shall be prepared in close cooperation with data altruism organisations and relevant stakeholders.
Article 35
Evaluation and review
By 24 September 2025, the Commission shall carry out an evaluation of this Regulation and submit a report on its main findings to the European Parliament and to the Council as well as to the European Economic and Social Committee. The report shall be accompanied, where necessary, by legislative proposals.
The report shall assess, in particular:
| (a) | the application and functioning of the rules on penalties laid down by the Member States pursuant to Article 34; |
| (b) | the level of compliance of the legal_representatives of data intermediation services providers and recognised data altruism organisations that are not established in the Union with this Regulation and the level of enforceability of penalties imposed on those providers and organisations; |
| (c) | the type of data altruism organisations registered under Chapter IV and an overview of the objectives of general interests for which data are shared in view of establishing clear criteria in that respect. |
Member States shall provide the Commission with the information necessary for the preparation of that report.
whereas