This document is an excerpt from the EUR-Lex website
Document 52022IR1959
Opinion of the European Committee of the Regions — European Data Act
Opinion of the European Committee of the Regions — European Data Act
Opinion of the European Committee of the Regions — European Data Act
COR 2022/01959
OJ C 375, 30.9.2022, p. 112–121
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
|
30.9.2022 |
EN |
Official Journal of the European Union |
C 375/112 |
Opinion of the European Committee of the Regions — European Data Act
(2022/C 375/10)
|
I. RECOMMENDATIONS FOR AMENDMENTS
Amendment 1
Recital 57
|
Text proposed by the European Commission |
CoR amendment |
|
In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations . |
In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determined jointly with the EU/EEA Member States and more specifically in the Member States, meaning that, in the event of a data request, the emergency is determined in accordance with the law of the Member State whose public sector body is requesting the data . |
Reason
Definitions are an important way of ensuring that we speak about and understand things in the same way. Determining the existence of an emergency is particularly important as businesses have to provide data free of charge in the event of an emergency.
Amendment 2
New Recital after recital 61
|
Text proposed by the European Commission |
CoR amendment |
|
|
(new) For the purposes of this Regulation, public access to official documents and the resulting national law shall be taken into account. |
Reason
The Regulation must be in keeping with the objectives of the public access principle and with confidentiality-protected interests.
Amendment 3
Article 2(10)
|
Text proposed by the European Commission |
CoR amendment |
|
‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s); |
‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of serious and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s). The existence of a public emergency is determined jointly with the EU/EEA Member States and more specifically in the Member States so that, in the event of a data request, the emergency is determined in accordance with the law of the Member State whose public sector body is requesting the data ; |
Reason
Definitions are an important of ensuring that we speak about and understand things in the same way. Determining the existence of an emergency is particularly important as businesses have to provide data free of charge in the event of an emergency.
Amendment 4
Article 2
|
Text proposed by the European Commission |
CoR amendment |
||
|
|
|
Reason
The Regulation should include provisions on the obligation to share data in the public interest prior to a public emergency.
Amendment 5
Article 14(2)
|
Text proposed by the European Commission |
CoR amendment |
|
This Chapter shall not apply to small and micro enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC. |
This Chapter shall not apply to small and micro enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC , unless the data to be shared relates to the local level and is to be passed on to local public institutions or be provided for the provision of services of general economic interest in accordance with EU law or national law implementing it . |
Reason
The sharing of data among actors in local ecosystems should be facilitated, regardless of the size of the private entity concerned and in cases where services of general economic interest are provided.
Amendment 6
Article 15(c)
|
Text proposed by the European Commission |
CoR amendment |
||
|
|
|
Reason
Examples of good practice have shown that public-private partnerships can contribute to healthy local ecosystems. They are also the basis for many services in smart cities and communities, such as smart mobility. Given the potential to improve citizens' lives on a large scale, data sharing for these purposes should become the norm.
Amendment 7
Article 17(1)(a)
|
Text proposed by the European Commission |
CoR amendment |
||||
|
|
Reason
The minimum data requirement for information requests within Europe must be specified. Businesses will also benefit from standardising data requests.
Amendment 8
Article 17(2)
|
Text proposed by the European Commission |
CoR amendment |
||||
|
|
Reason
Clear provisions should be laid down for cross-border requests for information, including the language in which data requests are to be made.
Amendment 9
Article 17(2)
|
Text proposed by the European Commission |
CoR amendment |
||
|
|
Reason
Article 17(2)(f) should be removed from the Data Act. Maintaining a public register for emergency situations may in itself lead to a security risk and increase administrative work.
Amendment 10
Article 18
|
Text proposed by the European Commission |
CoR amendment |
||||||||
|
1. A data holder receiving a request for access to data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay. |
1. A data holder receiving a request for data under this Chapter shall make the data available to the requesting public sector body or a Union institution, agency or body without undue delay , but in any event no later than 5 working days from the receipt of the request for information . |
||||||||
|
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 15 working days in other cases of exceptional need, on either of the following grounds: |
2. Without prejudice to specific needs regarding the availability of data defined in sectoral legislation, the data holder may decline or seek the modification of the request within 5 working days following the receipt of a request for the data necessary to respond to a public emergency and within 15 working days in other cases of exceptional need, on either of the following grounds: |
||||||||
|
|
||||||||
|
3. In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c). |
3. In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c). |
||||||||
|
4. If the data holder decides to decline the request or to seek its modification in accordance with paragraph 3, it shall indicate the identity of the public sector body or Union institution agency or body that previously submitted a request for the same purpose. |
4. If the data holder decides to decline the request or to seek its modification in accordance with paragraph 3, it shall indicate the identity of the public sector body or Union institution agency or body that previously submitted a request for the same purpose. |
||||||||
|
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data. |
5. Where compliance with the request to make data available to a public sector body or a Union institution, agency or body requires the disclosure of personal data, the data holder shall take reasonable efforts to pseudonymise the data, insofar as the request can be fulfilled with pseudonymised data. |
||||||||
|
6. Where the public sector body or the Union institution, agency or body wishes to challenge a data holder's refusal to provide the data requested, or to seek modification of the request, or where the data holder wishes to challenge the request, the matter shall be brought to the competent authority referred to in Article 31. |
6. Where the public sector body or the Union institution, agency or body wishes to challenge a data holder’s refusal to provide the data requested, or to seek modification of the request, or where the data holder wishes to challenge the request, the matter shall be brought to the competent authority referred to in Article 31. |
||||||||
|
|
7. (new) The data holder shall provide the data in a form that the recipient can understand and that can be read using generic software and, where applicable, in an open format as included in the technical interoperability rules of the existing standards catalogue, either under current EU legislation or that of each EU or EEA Member State. |
Reason
The Regulation should include clear provisions on the time limits within which data must be made available, taking into account the right of the data holder to reject a request or ask for it to be modified.
The data transmitted in the event of an emergency must be readable and usable for the various interested parties through commonly used software programmes and systems. Technological neutrality should be ensured, taking into account the interoperability of data use.
Amendment 11
Article 18(3)
|
Text proposed by the European Commission |
CoR amendment |
|
In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided the requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c). |
In case of a request for data necessary to respond to a public emergency, the data holder may also decline or seek modification of the request if the data holder already provided exactly the same requested data in response to previously submitted request for the same purpose by another public sector body or Union institution agency or body and the data holder has not been notified of the destruction of the data pursuant to Article 19(1), point (c). |
Reason
It should be spelt out that data requests from different public sector actors are rarely the same and the information received soon becomes outdated.
Amendment 12
New article after Article 19
|
Text proposed by the European Commission |
CoR amendment |
|
|
(new heading) Data processing and public access to official documents (new) The obligation under a Member State’s national law to disclose an authority's official documents or not to disclose them pursuant to national confidentiality provisions shall apply to data requests and data under this Regulation. The aim is to bring the principle of public access to official documents into line with the measures taken under this Regulation. |
Reason
Under national law, information or documents passed on to an authority may be available to the public in accordance with the principle of public access. In these cases, the authority’s documents are subject to national confidentiality rules, including in relation to the principle of commercial secrecy.
Amendment 13
Article 20
|
Text proposed by the European Commission |
CoR amendment |
||||
|
|
3. (new)
|
Reason
The Regulation should clarify the rules for the calculation of compensation to undertakings that already provide services of general economic interest in accordance with applicable EU law or national law implementing it.
Amendment 14
Article 31(1)
|
Text proposed by the European Commission |
CoR amendment |
|
Each Member State shall designate one or more competent authorities as responsible for the application and enforcement of this Regulation. Member States may establish one or more new authorities or rely on existing authorities. |
Each Member State shall designate one or more authorities as responsible for the application and implementation of this Regulation , and for guidelines with best practices, skills and development of codes of conduct for data sharing . Member States may establish one or more new authorities or rely on existing authorities and involve local and regional authorities . |
Reason
A separate expert group or authority should be designated to provide guidance on data sharing, draw up codes of conduct for data sharing and ensure adequate skills.
Amendment 15
Article 31(3)
|
Text proposed by the European Commission |
CoR amendment |
||
|
|
|
Reason
The role of a separate expert group or authority should be clearly defined.
II. POLICY RECOMMENDATIONS
THE EUROPEAN COMMITTEE OF THE REGIONS
General comments
|
1. |
welcomes the proposed European Data Act as it seeks a fair distribution of the added value of data among data economy actors, while ensuring that data is accessible to local and regional authorities, responding to societal and economic challenges, promoting innovation and respecting the rights and interests of all parties involved, in particular the protection of personal data; |
|
2. |
welcomes the proposal as it seeks to allow the free flow of non-personal data between businesses (B2B), from the private sector to public authorities (B2G), from authorities to businesses (G2B) and between authorities (G2G). The proposal is seen as an important trust-building measure between private companies and authorities for the processing of data, and sets out clear provisions on contractual agreements for data sharing and compensation for the use of data. Data sharing is important for effective enforcement at national and sub-national level, and the Committee points out that data access is a key issue, especially for local and regional authorities (1). So far, voluntary self-regulation has not been enough to guarantee local and regional authorities access to data; |
|
3. |
suggests that, in addition to the legal obligations on data sharing laid down in the proposed Regulation, data holders should be encouraged using ‘soft measures’, such as financial incentives and platforms for the exchange of best practices. The CoR calls on local and regional authorities to lead by example by providing services and measures based on real-time data; |
|
4. |
stresses that the exchange of data from the growing number of industrial, public and networked devices and the Internet of Things (IoT), as well as relevant cooperation within the EU, is a source of sustainable growth and innovation that should be exploited in compliance with EU and national law on data protection, competition and intellectual property rights; |
|
5. |
highlights the importance of European values in assessing the liability rights of market-dominant platforms, especially those whose business strategies originate from countries outside the European Union. The European Union has the possibility to play a leading role here and draw up innovative rules for the data economy that will subsequently be introduced in third countries; |
|
6. |
calls for Member States’ procurement procedures and funding programmes to include incentives for availability and interoperability of data and development of anonymisation technologies as well as relevant research; |
|
7. |
calls on the social partners to play a bigger role in drawing up workplace recommendations for the use of data to increase productivity and thus guaranteeing workers’ rights and adequate skills; |
|
8. |
takes note of the Commission’s proposal in the Data Act to set up a European Data Innovation Board to come up with recommendations for shared use of data and for decisions on standardisation, and proposes that a corresponding structure be included in Chapter IX of the current Data Act. In line with the recommendations of several B2G information sharing workshops, the competent authority established by each Member State could work to define common objectives, agree on types of data to be shared and develop a common approach or code of conduct. |
Developing a local data economy
|
9. |
welcomes the new binding data transfer requirements, which will specifically strengthen the rights of small and medium-sized enterprises as the backbone of the EU economy, since they will reduce dependence on large data holders and counteract monopolisation by large multinationals; |
|
10. |
welcomes the Commission’s proposal to introduce an ‘unfairness test’ aimed at protecting micro-enterprises and SMEs from unilateral obligations imposed by large companies, and the Commission's commitment to developing non-binding contractual terms on access to data and its use, which should strengthen SMEs' bargaining power with third parties without significant additional costs; |
|
11. |
calls for more clarity on data access, especially in value chains and data ecosystems where smaller actors have been involved in creating datasets, but do not have access to the data they helped generate. |
Sharing data for use by the public sector
|
12. |
stresses that the use of data is in the public interest in order to respond to emergencies, to investigate and prevent developments that could lead to such emergencies and to increase resilience to future crises. Data is also key to understanding environmental degradation and climate change and taking targeted measures to combat them. It can also be used to design measures to combat crime and terrorism more effectively; |
|
13. |
stresses the importance of the possibility provided for in the proposal to oblige companies to share data in response to an information request from public authorities, in the event of a public emergency, exceptional need or recovery from such a situation. In the future, machine-generated data may become an increasingly important factor in the event of disruptions, which local and regional authorities must take into account in their contingency plans. The Data Act does not directly specify how local and regional authorities can know what data is available on the market and at what price; |
|
14. |
considers it important to clarify the minimum requirements for an information request under Article 17 as well as the details of how data is to be destroyed under Article 19. To this end, practices and specifications need to be agreed jointly at EU level; |
|
15. |
believes that data provided in response to an emergency should be readable for public sector bodies and EU institutions, agencies or bodies through common tools, without the need for further investment; |
|
16. |
points out that while Chapter V of the Data Act allows public sector actors to use data held by businesses in certain situations, it should be clarified, for other chapters of the Regulation, whether local and regional actors have other roles too, such as data user, data holder or data recipient. From this perspective, the definitions in the Data Act should be reviewed; |
|
17. |
notes that cloud services are used to varying degrees across public authorities, including local and regional authorities. The Committee calls on the Commission to create a clear framework and the best possible conditions to promote the use of cloud services. Particular attention should be paid to improving the energy efficiency of cloud services, in line with the concept of green coding. ICT costs at local and regional level could be significantly reduced if existing solutions are used on a larger scale and if the expertise of private and public institutions is pooled; |
|
18. |
calls for existing gaps in all four aspects of data interoperability (legal, organisational, semantic and technical) to be closed, in relation to the use of cloud services and cross-border cooperation between private operators and authorities; |
|
19. |
points out that data content should be standardised up to metadata level, as the less room there is for interpretation, the more compatible the data is, whereby additional cost savings can be made, for example in relation to data conversion; |
|
20. |
points out that data interoperability is a challenging and long-term task. The application of knowledge and know-how on data interoperability, as well as the accompanying system changes, are resource-intensive |
|
21. |
points out that data interoperability and data quality are crucial and therefore welcomes the development of appropriate organisational approaches and structures; |
|
22. |
notes that expertise, personnel and financial resources for the use, sharing and joint use of data are often lacking, especially in small municipalities, rural areas and SMEs. Member States and the European Union must provide support, non-mandatory model contracts and technical and financial assistance to train ‘data sharing experts’, for example via the European Digital Innovation Hubs under the Digital Europe programme. Cooperation with local entrepreneurs and start-ups, as well as with regional higher education institutions, is key to sharing best practices, creating a sustainable knowledge and skills base and improving data literacy. |
Proportionality and subsidiarity
|
23. |
considers that the proposed Regulation complies with the proportionality and subsidiarity principles. The added value of the European Union’s action in this area is clear, given the cross-border nature of the use of data and the need to overcome existing barriers that prevent businesses, consumers and the public sector from exploiting the potential value of data more fully. |
Brussels, 30 June 2022.
The President of the European Committee of the Regions
Vasco ALVES CORDEIRO
(*1) Commission Regulation (EU) No 360/2012 of 25 April 2012 on the application of Articles 107 and 108 of the Treaty on the Functioning of the European Union to de minimis aid granted to undertakings providing services of general economic interest.
(1) CDR 5356/2020.