keyboard_tab Data Act 2023/2854 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- Article 1 Subject matter and scope
- Article 2 Definitions
- Article 3 Obligation to make product data and related service data accessible to the user
- Article 4 The rights and obligations of users and data holders with regard to access, use and making available product data and related service data
- Article 5 Right of the user to share data with third parties
- Article 6 Obligations of third parties receiving data at the request of the user
- Article 7 Scope of business-to-consumer and business-to-business data sharing obligations
- Article 8 Conditions under which data holders make data available to data recipients
- Article 9 Compensation for making data available
- Article 10 Dispute settlement
- Article 11 Technical protection measures on the unauthorised use or disclosure of data
- Article 12 Scope of obligations for data holders obliged pursuant to Union law to make data available
- Article 13 Unfair contractual terms unilaterally imposed on another enterprise
- Article 14 Obligation to make data available on the basis of an exceptional need
- Article 15 Exceptional need to use data
- Article 16 Relationship with other obligations to make data available to public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 17 Requests for data to be made available
- Article 18 Compliance with requests for data
- Article 19 Obligations of public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 20 Compensation in cases of an exceptional need
- Article 21 Sharing of data obtained in the context of an exceptional need with research organisations or statistical bodies
- Article 22 Mutual assistance and cross-border cooperation
- Article 23 Removing obstacles to effective switching
- Article 24 Scope of the technical obligations
- Article 25 Contractual terms concerning switching
- Article 26 Information obligation of providers of data processing services
- Article 27 Obligation of good faith
- Article 28 Contractual transparency obligations on international access and transfer
- Article 29 Gradual withdrawal of switching charges
- Article 30 Technical aspects of switching
- Article 31 Specific regime for certain data processing services
- Article 32 International governmental access and transfer
- Article 33 Essential requirements regarding interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces
- Article 34 Interoperability for the purposes of in-parallel use of data processing services
- Article 35 Interoperability of data processing services
- Article 36 Essential requirements regarding smart contracts for executing data sharing agreements
- Article 37 Competent authorities and data coordinators
- Article 38 Right to lodge a complaint
- Article 39 Right to an effective judicial remedy
- Article 40 Penalties
- Article 41 Model contractual terms and standard contractual clauses
- Article 42 Role of the EDIB
- Article 43 Databases containing certain data
- Article 44 Other Union legal acts governing rights and obligations on data access and use
- Article 45 Exercise of the delegation
- Article 46 Committee procedure
- Article 47 Amendment to Regulation (EU) 2017/2394
- Article 48 Amendment to Directive (EU) 2020/1828
- Article 49 Evaluation and review
- Article 50 Entry into force and application
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
BUSINESS TO CONSUMER AND BUSINESS TO BUSINESS DATA SHARING
CHAPTER III
OBLIGATIONS FOR DATA HOLDERS OBLIGED TO MAKE DATA AVAILABLE PURSUANT TO UNION LAW
CHAPTER IV
UNFAIR CONTRACTUAL TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
CHAPTER V
MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES, THE COMMISSION, THE EUROPEAN CENTRAL BANK AND UNION BODIES ON THE BASIS OF AN EXCEPTIONAL NEED
CHAPTER VI
SWITCHING BETWEEN DATA PROCESSING SERVICES
CHAPTER VII
UNLAWFUL INTERNATIONAL GOVERNMENTAL ACCESS AND TRANSFER OF NON-PERSONAL DATA
CHAPTER VIII
INTEROPERABILITY
CHAPTER IX
IMPLEMENTATION AND ENFORCEMENT
CHAPTER X
SUI GENERIS RIGHT UNDER DIRECTIVE 96/9/EC
CHAPTER XI
FINAL PROVISIONS
- data
- metadata
- personal data
- non-personal data
- connected product
- related service
- processing
- data processing service
- same service type
- data intermediation service
- data subject
- user
- data holder
- data recipient
- product data
- related service data
- readily available data
- trade secret
- trade secret holder
- profiling
- making available on the market
- placing on the market
- consumer
- enterprise
- small enterprise
- microenterprise
- Union bodies
- public sector body
- public emergency
- customer
- virtual assistants
- digital assets
- on-premises ICT infrastructure
- switching
- data egress charges
- switching charges
- functional equivalence
- exportable data
- smart contract
- interoperability
- common specifications
- harmonised standard
- data 15
- decision 12
- third-country 10
- authority 10
- union 9
- national 9
- such 8
- access 8
- transfer 8
- relevant 8
- addressee 7
- judgment 7
- shall 7
- provider 6
- request 6
- services 5
- paragraph 5
- processing 5
- international 5
- body 5
- court 4
- tribunal 4
- member 4
- down 4
- non-personal 4
- conditions 4
- laid 4
- legal 4
- subparagraph 4
- within 3
- interests 3
- agreement 3
- third 3
- administrative 3
- country 3
- order 3
- take 3
- competent 3
- first 3
- whether 3
- opinion 3
- held 3
- referred 3
- state 3
- protected 2
- between 2
- commission 2
- defence 2
- security 2
- requires 2
Article 32
International governmental access and transfer
1. Providers of data processing services shall take all adequate technical, organisational and legal measures, including contracts, in order to prevent international and third-country governmental access and transfer of non-personal data held in the Union where such transfer or access would create a conflict with Union law or with the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
2. Any decision or judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a provider of data processing services to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union, or any such agreement between the requesting third country and a Member State.
3. In the absence of an international agreement as referred to in paragraph 2, where a provider of data processing services is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where:
(a) | the third-country system requires the reasons and proportionality of such a decision or judgment to be set out and requires such a decision or judgment to be specific in character, for instance by establishing a sufficient link to certain suspected persons or infringements; |
(b) | the reasoned objection of the addressee is subject to a review by a competent third-country court or tribunal; and |
(c) | the competent third-country court or tribunal issuing the decision or judgment or reviewing the decision of an administrative authority is empowered under the law of that third country to take duly into account the relevant legal interests of the provider of the data protected by Union law or by the national law of the relevant Member State. |
The addressee of the decision or judgment may ask the opinion of the relevant national body or authority competent for international cooperation in legal matters, in order to determine whether the conditions laid down in the first subparagraph are met, in particular when it considers that the decision may relate to trade_secrets and other commercially sensitive data as well as to content protected by intellectual property rights or the transfer may lead to re-identification. The relevant national body or authority may consult the Commission. If the addressee considers that the decision or judgment may impinge on the national security or defence interests of the Union or its Member States, it shall ask the opinion of the relevant national body or authority in order to determine whether the data requested concerns national security or defence interests of the Union or its Member States. If the addressee has not received a reply within one month, or if the opinion of such body or authority concludes that the conditions laid down in the first subparagraph are not met, the addressee may reject the request for transfer or access, to non-personal data, on those grounds.
The EDIB referred to in Article 42 shall advise and assist the Commission in developing guidelines on the assessment of whether the conditions laid down in the first subparagraph of this paragraph are met.
4. If the conditions laid down in paragraph 2 or 3 are met, the provider of data processing services shall provide the minimum amount of data permissible in response to a request, on the basis of the reasonable interpretation of that request by the provider or relevant national body or authority referred to in paragraph 3, second subparagraph.
5. The provider of data processing services shall inform the customer about the existence of a request of a third-country authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
CHAPTER VIII
INTEROPERABILITY
whereas