keyboard_tab Digital Governance Act 2022/0868 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 7 Competent bodies
- 1 Art. 24 Monitoring of compliance
- 1 Art. 26 Requirements relating to competent authorities
- 1 Art. 28 Right to an effective judicial remedy
- 1 Art. 32 Exercise of the delegation
CHAPTER I
General provisions
CHAPTER II
Re-use of certain categories of protected data held by public sector bodies
CHAPTER III
Requirements applicable to data intermediation services
CHAPTER IV
Data altruism
CHAPTER V
Competent authorities and procedural provisions
CHAPTER VI
European Data Innovation Board
CHAPTER VII
International access and transfer
CHAPTER VIII
Delegation and committee procedure
CHAPTER IX
Final and transitional provisions
- data
- re-use
- personal data
- non-personal data
- consent
- permission
- data subject
- data holder
- data user
- data sharing
- data intermediation service
- processing
- access
- main establishment
- services of data cooperatives
- data altruism
- public sector body
- bodies governed by public law
- public undertaking
- secure processing environment
- legal representative
- data 70
- competent 50
- altruism 41
- shall 38
- organisations 33
- registration 27
- authorities 26
- services 20
- authority 18
- article 16
- intermediation 16
- recognised 14
- the 14
- bodies 14
- referred 10
- member state 10
- commission 9
- from 9
- public 9
- organisation 8
- information 8
- which 8
- tasks 8
- request 7
- technical 7
- have 7
- access 7
- power 6
- delegated 6
- sector 6
- european parliament 6
- more 6
- council 6
- re-use 6
- such 6
- right 5
- including 5
- necessary 5
- chapter 5
- they 5
- requirements 5
- legal 5
- national 5
- relevant 5
- pursuant 5
- assistance 5
- compliance 5
- providing 5
- either 5
- member states 5
Article 7
Competent bodies
1. For the purpose of carrying out the tasks referred to in this Article, each Member State shall designate one or more competent bodies, which may be competent for particular sectors, to assist the public sector bodies which grant or refuse access for the re-use of the categories of data referred to in Article 3(1). Member States may either establish one or more new competent bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions laid down in this Regulation.
2. The competent bodies may be empowered to grant access for the re-use of the categories of data referred to in Article 3(1) pursuant to Union or national law which provides for such access to be granted. Where they grant or refuse access for the re-use, Articles 4, 5, 6 and 9 shall apply to those competent bodies.
3. The competent bodies shall have adequate legal, financial, technical and human resources to carry out the tasks assigned to them, including the necessary technical knowledge to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3(1).
4. The assistance provided for in paragraph 1 shall include, where necessary:
| (a) | providing technical support by making available a secure processing environment for providing access for the re-use of data; |
| (b) | providing guidance and technical support on how to best structure and store data to make that data easily accessible; |
| (c) | providing technical support for pseudonymisation and ensuring data processing in a manner that effectively preserves the privacy, confidentiality, integrity and accessibility of the information contained in the data for which re-use is allowed, including techniques for the anonymisation, generalisation, suppression and randomisation of personal data or other state-of-the-art privacy-preserving methods, and the deletion of commercially confidential information, including trade secrets or content protected by intellectual property rights; |
| (d) | assisting the public sector bodies, where relevant, to provide support to re-users in requesting consent for re-use from data subjects or permission from data holders in line with their specific decisions, including on the jurisdiction in which the data processing is intended to take place and assisting the public sector bodies in establishing technical mechanisms that allow the transmission of requests for consent or permission from re-users, where practically feasible; |
| (e) | providing public sector bodies with assistance in assessing the adequacy of contractual commitments made by a re-user pursuant to Article 5(10). |
5. Each Member State shall notify the Commission of the identity of the competent bodies designated pursuant to paragraph 1 by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent bodies.
Article 24
Monitoring of compliance
1. The competent authorities for the registration of data altruism organisations shall monitor and supervise compliance of recognised data altruism organisations with the requirements laid down in this Chapter. The competent authority for the registration of data altruism organisations may also monitor and supervise the compliance of such recognised data altruism organisations, on the basis of a request by a natural or legal person.
2. The competent authorities for the registration of data altruism organisations shall have the power to request information from recognised data altruism organisations that is necessary to verify compliance with the requirements of this Chapter. Any request for information shall be proportionate to the performance of the task and shall be reasoned.
3. Where the competent authority for the registration of data altruism organisations finds that a recognised data altruism organisation does not comply with one or more of the requirements of this Chapter, it shall notify the recognised data altruism organisation of those findings and give it the opportunity to state its views within 30 days of the receipt of the notification.
4. The competent authority for the registration of data altruism organisations shall have the power to require the cessation of the infringement referred to in paragraph 3 either immediately or within a reasonable time limit and shall take appropriate and proportionate measures with the aim of ensuring compliance.
5. If a recognised data altruism organisation does not comply with one or more of the requirements of this Chapter even after having been notified in accordance with paragraph 3 by the competent authority for the registration of data altruism organisations, that recognised data altruism organisation shall:
| (a) | lose its right to use the label ‘ data altruism organisation recognised in the Union’ in any written and spoken communication; |
| (b) | be removed from the relevant public national register of recognised data altruism organisations and the public Union register of recognised data altruism organisations. |
Any decision revoking the right to use the label ‘ data altruism organisation recognised in the Union’ under the first subparagraph, point (a), shall be made public by the competent authority for the registration of data altruism organisations.
6. If a recognised data altruism organisation has its main_establishment or its legal_representative in a Member State but is active in other Member States, the competent authority for the registration of data altruism organisations of the Member State of the main_establishment or where the legal_representative is located and the competent authorities for the registration of data altruism organisations of those other Member States shall cooperate and assist each other. Such assistance and cooperation may cover information exchanges between the competent authorities for the registration of data altruism organisations concerned for the purposes of their tasks under this Regulation and reasoned requests to take the measures referred to in this Article.
Where a competent authority for the registration of data altruism organisations in one Member State requests assistance from a competent authority for the registration of data altruism organisations in another Member State, it shall submit a reasoned request. The competent authority for the registration of data altruism organisations shall, upon such a request, provide a response without delay and within a timeframe proportionate to the urgency of the request.
Any information exchanged in the context of assistance requested and provided under this paragraph shall be used only in respect of the matter for which it was requested.
Article 26
Requirements relating to competent authorities
1. The competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall be legally distinct from, and functionally independent of, any data intermediation services provider or recognised data altruism organisation. The functions of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations may be carried out by the same authority. Member States may either establish one or more new authorities for those purposes or rely on existing ones.
2. Competent authorities for data intermediation services and competent authorities for the registration of data altruism organisations shall exercise their tasks in an impartial, transparent, consistent, reliable and timely manner. Where they exercise their tasks, they shall safeguard fair competition and non-discrimination.
3. The top-level management and personnel responsible for carrying out the relevant tasks of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall not be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of the services which they evaluate, nor the authorised representative of any of those parties. This shall not preclude the use of evaluated services that are necessary for the operations of the competent authority for data intermediation services and the competent authority for the registration of data altruism organisations or the use of such services for personal purposes.
4. The top-level management and personnel of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall not engage in any activity that may conflict with their independence of judgment or integrity in relation to evaluation activities assigned to them.
5. The competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall have at their disposal the adequate financial and human resources to carry out the tasks assigned to them, including the necessary technical knowledge and resources.
6. The competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations of a Member State shall provide the Commission and competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations from other Member States, on reasoned request and without delay, with the information necessary to carry out their tasks under this Regulation. Where a competent authority for data intermediation services or a competent authority for the registration of data altruism organisations considers the information requested to be confidential in accordance with Union and national law on commercial and professional confidentiality, the Commission and any other competent authorities for data intermediation services or competent authorities for the registration of data altruism organisations concerned shall ensure such confidentiality.
Article 28
Right to an effective judicial remedy
1. Notwithstanding any administrative or other non-judicial remedies, any affected natural and legal persons shall have the right to an effective judicial remedy with regard to legally binding decisions referred to in Article 14 taken by the competent authorities for data intermediation services in the management, control and enforcement of the notification regime for data intermediation services providers and legally binding decisions referred to in Articles 19 and 24 taken by the competent authorities for the registration of data altruism organisations in the monitoring of recognised data altruism organisations.
2. Proceedings pursuant to this Article shall be brought before the courts or tribunals of the Member State of the competent authority for data intermediation services or the competent authority for the registration of data altruism organisations against which the judicial remedy is sought individually or, where relevant, collectively by the representatives of one or more natural or legal persons.
3. Where a competent authority for data intermediation services or a competent authority for the registration of data altruism organisations fails to act on a complaint, any affected natural and legal persons shall, in accordance with national law, either have the right to an effective judicial remedy or access to review by an impartial body with the appropriate expertise.
CHAPTER VI
European Data Innovation Board
Article 32
Exercise of the delegation
1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
2. The power to adopt delegated acts referred to in Article 5(13) and Article 22(1) shall be conferred on the Commission for an indeterminate period of time from 23 June 2022.
3. The delegation of power referred to in Article 5(13) and Article 22(1) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
5. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
6. A delegated act adopted pursuant to Article 5(13) or Article 22(1) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or of the Council.
whereas