|
Re-use of certain categories of data held by public sector bodies
This section concerns data protected on grounds of commercial confidentiality, statistical confidentiality, intellectual property and protection of personal data.
Member States included additional provisions to ensure that public sector bodies are not obliged to allow re-use of data.
Member States also made clear that, in case of conflict between the Data Governance Act and personal data protection laws, the latter would prevail.
Furthermore, Member States added a new paragraph regarding data transfers to third countries. If the re-user intends to transfer data to a third country, it shall inform the public sector body of its intention as well as of the purpose of the transfer. If the rights and interests of a legal person are at stake, the public sector body shall inform the legal person of the intended transfer. The legal person might refuse to give permission to the transfer. In this case, the public sector body shall not allow the re-use of data.
The Council’s text also considers the situation where there would be a substantial number of requests across the EU concerning the re-use of data in specific third countries. For this case, the text lays down a provision that enables the Commission to adopt implementing acts to facilitate the transfer to a third country. This implementing act would state that the third country has adequate safeguards in place for the protection of intellectual property and trade secrets.
The Commission may lay down specific condition for transfer to third countries of highly sensitive data. In some specific cases, the Commission may restrict transfer to third countries, for instance if it puts at risk the Union policy objectives, such as safety and public health.
Data intermediations services
Member States decided to rename the “data sharing services”. They are now called “data intermediation services”. Such entities provide intermediation services between data holders which are legal persons and potential data users. They can also be entities providing intermediation services between data subjects that seek to make their personal data available or natural persons that seek to make other data available and potential data users.
The Council clarified the fact that these entities must provide their services through a legally independent structure. The text also underlines that metadata and geolocation data may be used only for the purpose of development of that intermediation service.
Member States also introduced a paragraph to ensure that providers take reasonable measures to ensure interoperability with other data intermediation services, for instance through the use of commonly used standards.
Providers must, where relevant, specify to data holders and data subjects the jurisdiction outside the EU in which the data is used/processed. Data subjects and data holders must be given tools to withdraw consent.
Data altruism
Member States also introduced additional provisions in the chapter on data altruism. They want the Commission to encourage data altruism organisations to develop self-regulatory codes of conduct.
Among other things, data altruism organisations should provide data holders and data subjects with appropriate information before a consent or permission for data altruism is given. They should also put in place appropriate technical and security requirements for the storage and processing od data.
Next steps:
The Council will adopt its official position on the text.
The European Parliament is currently amending the text. The Committee for Industry, Research and Energy (ITRE) is responsible for this file. MEP Angelika Niebler (EPP, Germany) is the rapporteur. She was notably the rapporteur for the Cybersecurity Act.
If you have any questions on this topic, please do not hesitate to contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com
|
