keyboard_tab Digital Governance Act 2022/0868 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 2 Art. 12 Conditions for providing data intermediation services
- 1 Art. 22 Rulebook
- 1 Art. 29 European Data Innovation Board
- 2 Art. 30 Tasks of the European Data Innovation Board
CHAPTER I
General provisions
CHAPTER II
Re-use of certain categories of protected data held by public sector bodies
CHAPTER III
Requirements applicable to data intermediation services
CHAPTER IV
Data altruism
CHAPTER V
Competent authorities and procedural provisions
CHAPTER VI
European Data Innovation Board
CHAPTER VII
International access and transfer
CHAPTER VIII
Delegation and committee procedure
CHAPTER IX
Final and transitional provisions
- data
- re-use
- personal data
- non-personal data
- consent
- permission
- data subject
- data holder
- data user
- data sharing
- data intermediation service
- processing
- access
- main establishment
- services of data cooperatives
- data altruism
- public sector body
- bodies governed by public law
- public undertaking
- secure processing environment
- legal representative
- data 144
- services 39
- intermediation 37
- shall 29
- european 18
- commission 16
- provider 15
- article 14
- altruism 14
- regard 13
- subjects 12
- standards 11
- competent 11
- access 11
- organisations 11
- relevant 10
- holders 10
- authorities 10
- advise 9
- ensure 9
- which 9
- board 9
- innovation 8
- assist 8
- requirements 8
- particular 8
- tools 8
- exchange 7
- union 7
- such 7
- standardisation 7
- practices 7
- consent 7
- common 7
- taking 6
- appropriate 6
- non-personal 6
- storage 6
- cross-sectoral 6
- security 6
- registration 6
- used 6
- spaces 6
- interoperability 6
- into 6
- from 6
- developing 6
- the 6
- between 6
- referred 6
Article 12
Conditions for providing data intermediation services
The provision of data intermediation services referred in Article 10 shall be subject to the following conditions:
| (a) | the data intermediation services provider shall not use the data for which it provides data intermediation services for purposes other than to put them at the disposal of data users and shall provide data intermediation services through a separate legal person; |
| (b) | the commercial terms, including pricing, for the provision of data intermediation services to a data holder or data user shall not be dependent upon whether the data holder or data user uses other services provided by the same data intermediation services provider or by a related entity, and if so to what degree the data holder or data user uses such other services; |
| (c) | the data collected with respect to any activity of a natural or legal person for the purpose of the provision of the data intermediation service, including the date, time and geolocation data, duration of activity and connections to other natural or legal persons established by the person who uses the data intermediation service, shall be used only for the development of that data intermediation service, which may entail the use of data for the detection of fraud or cybersecurity, and shall be made available to the data holders upon request; |
| (d) | the data intermediation services provider shall facilitate the exchange of the data in the format in which it receives it from a data subject or a data holder, shall convert the data into specific formats only to enhance interoperability within and across sectors or if requested by the data user or where mandated by Union law or to ensure harmonisation with international or European data standards and shall offer an opt-out possibility regarding those conversions to data subjects or data holders, unless the conversion is mandated by Union law; |
| (e) | data intermediation services may include offering additional specific tools and services to data holders or data subjects for the specific purpose of facilitating the exchange of data, such as temporary storage, curation, conversion, anonymisation and pseudonymisation, such tools being used only at the explicit request or approval of the data holder or data subject and third-party tools offered in that context not being used for other purposes; |
| (f) | the data intermediation services provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data subjects and data holders, as well as for data users, including with regard to prices and terms of service; |
| (g) | the data intermediation services provider shall have procedures in place to prevent fraudulent or abusive practices in relation to parties seeking access through its data intermediation services; |
| (h) | the data intermediation services provider shall, in the event of its insolvency, ensure a reasonable continuity of the provision of its data intermediation services and, where such data intermediation services ensure the storage of data, shall have mechanisms in place to allow data holders and data users to obtain access to, to transfer or to retrieve their data and, where such data intermediation services are provided between data subjects and data users, to allow data subjects to exercise their rights; |
| (i) | the data intermediation services provider shall take appropriate measures to ensure interoperability with other data intermediation services, inter alia, by means of commonly used open standards in the sector in which the data intermediation services provider operates; |
| (j) | the data intermediation services provider shall put in place adequate technical, legal and organisational measures in order to prevent the transfer of or access to non-personal data that is unlawful under Union law or the national law of the relevant Member State; |
| (k) | the data intermediation services provider shall without delay inform data holders in the event of an unauthorised transfer, access or use of the non-personal data that it has shared; |
| (l) | the data intermediation services provider shall take necessary measures to ensure an appropriate level of security for the storage, processing and transmission of non-personal data, and the data intermediation services provider shall further ensure the highest level of security for the storage and transmission of competitively sensitive information; |
| (m) | the data intermediation services provider offering services to data subjects shall act in the data subjects’ best interest where it facilitates the exercise of their rights, in particular by informing and, where appropriate, advising data subjects in a concise, transparent, intelligible and easily accessible manner about intended data uses by data users and standard terms and conditions attached to such uses before data subjects give consent; |
| (n) | where a data intermediation services provider provides tools for obtaining consent from data subjects or permissions to process data made available by data holders, it shall, where relevant, specify the third-country jurisdiction in which the data use is intended to take place and provide data subjects with tools to both give and withdraw consent and data holders with tools to both give and withdraw permissions to process data; |
| (o) | the data intermediation services provider shall maintain a log record of the data intermediation activity. |
Article 22
Rulebook
1. The Commission shall adopt delegated acts in accordance with Article 32, supplementing this Regulation by establishing a rulebook laying down:
| (a) | appropriate information requirements to ensure that data subjects and data holders are provided, before a consent or permission for data altruism is given, with sufficiently detailed, clear and transparent information regarding the use of data, the tools for giving and withdrawing consent or permission, and the measures taken to avoid misuse of the data shared with the data altruism organisation; |
| (b) | appropriate technical and security requirements to ensure the appropriate level of security for the storage and processing of data, as well as for the tools for giving and withdrawing consent or permission; |
| (c) | communication roadmaps taking a multi-disciplinary approach to raise awareness of data altruism, of the designation as a ‘ data altruism organisation recognised in the Union’ and of the rulebook among relevant stakeholders, in particular data holders and data subjects that would potentially share their data; |
| (d) | recommendations on relevant interoperability standards. |
2. The rulebook referred to in paragraph 1 shall be prepared in close cooperation with data altruism organisations and relevant stakeholders.
Article 29
European Data Innovation Board
1. The Commission shall establish a European Data Innovation Board in the form of an expert group, consisting of representatives of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations of all Member States, the European Data Protection Board, the European Data Protection Supervisor, ENISA, the Commission, the EU SME Envoy or a representative appointed by the network of SME envoys, and other representatives of relevant bodies in specific sectors as well as bodies with specific expertise. In its appointments of individual experts, the Commission shall aim to achieve gender and geographical balance among the members of the expert group.
2. The European Data Innovation Board shall consist of at least the following three subgroups:
| (a) | a subgroup composed of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations, with a view to carrying out the tasks pursuant to Article 30, points (a), (c), (j) and (k); |
| (b) | a subgroup for technical discussions on standardisation, portability and interoperability pursuant to Article 30, points (f) and (g); |
| (c) | a subgroup for stakeholder involvement composed of relevant representatives from industry, research, academia, civil society, standardisation organisations, relevant common European data spaces and other relevant stakeholders and third parties advising the European Data Innovation Board on tasks pursuant to Article 30, points (d), (e), (f), (g) and (h). |
3. The Commission shall chair the meetings of the European Data Innovation Board.
4. The European Data Innovation Board shall be assisted by a secretariat provided by the Commission.
Article 30
Tasks of the European Data Innovation Board
The European Data Innovation Board shall have the following tasks:
| (a) | to advise and assist the Commission with regard to developing a consistent practice of public sector bodies and competent bodies referred to in Article 7(1) in handling requests for the re-use of the categories of data referred to in Article 3(1); |
| (b) | to advise and assist the Commission with regard to developing a consistent practice for data altruism across the Union; |
| (c) | to advise and assist the Commission with regard to developing a consistent practice of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations in the application of requirements applicable to data intermediation services providers and recognised data altruism organisations; |
| (d) | to advise and assist the Commission with regard to developing consistent guidelines on how to best protect, in the context of this Regulation, commercially sensitive non-personal data, in particular trade secrets, but also non-personal data representing content protected by intellectual property rights from unlawful access that risks intellectual property theft or industrial espionage; |
| (e) | to advise and assist the Commission with regard to developing consistent guidelines for cybersecurity requirements for the exchange and storage of data; |
| (f) | to advise the Commission, in particular taking into account the input from standardisation organisations, on the prioritisation of cross-sector standards to be used and developed for data use and cross-sector data sharing between emerging common European data spaces, cross-sectoral comparison and exchange of best practices with regard to sectoral requirements for security and access procedures, taking into account sector-specific standardisation activities, in particular clarifying and distinguishing which standards and practices are cross-sectoral and which are sectoral; |
| (g) | to assist the Commission, in particular taking into account the input from standardisation organisations, in addressing fragmentation of the internal market and the data economy in the internal market by enhancing cross-border, cross-sector interoperability of data as well as data sharing services between different sectors and domains, building on existing European, international or national standards, inter alia with the aim of encouraging the creation of common European data spaces; |
| (h) | to propose guidelines for common European data spaces, namely purpose- or sector-specific or cross-sectoral interoperable frameworks of common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives, such common standards and practices taking into account existing standards, complying with the competition rules and ensuring non-discriminatory access to all participants, for the purpose of facilitating data sharing in the Union and reaping the potential of existing and future data spaces, addressing, inter alia:
|
| (i) | to facilitate cooperation between Member States with regard to setting harmonised conditions allowing for the re-use of the categories of data referred to in Article 3(1) held by public sector bodies across the internal market; |
| (j) | to facilitate cooperation between competent authorities for data intermediation services and competent authorities for the registration of data altruism organisations through capacity-building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the notification procedure for data intermediation services providers and the registration and monitoring of recognised data altruism organisations, including coordination with regard to the setting of fees or penalties, as well as facilitate cooperation between competent authorities for data intermediation services and competent authorities for the registration of data altruism organisations with regard to international access and transfer of data; |
| (k) | to advise and assist the Commission with regard to evaluating whether the implementing acts referred to in Article 5(11) and (12) are to be adopted; |
| (l) | to advise and assist the Commission with regard to developing the European data altruism consent form in accordance with Article 25(1); |
| (m) | to advise the Commission on improving the international regulatory environment for non-personal data, including standardisation. |
CHAPTER VII
International access and transfer
whereas