All official European Union website addresses are in the europa.eu domain.
EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)
欧洲议会和理事会 2023 年 12 月 13 日颁布的关于公平访问和使用数据的统一规则的条例 (EU) 2023/2854 以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法) )(与欧洲经济区相关的文本)
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)
PE/49/2023/REV/1
OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
OJ L,2023/2854,2023 年 12 月 22 日,ELI: http://data.europa.eu/eli/reg/2023/2854/oj (BG、ES、CS、DA、DE、ET、EL、EN、FR 、GA、HR、IT、LV、LT、HU、MT、NL、PL、PT、RO、SK、SL、FI、SV)
In force
现行
ELI: http://data.europa.eu/eli/reg/2023/2854/oj
ELI: http://data.europa.eu/eli/reg/2023/2854/oj
Official Journal 官方期刊 |
EN CN Series L L系列 |
2023/2854 |
22.12.2023 |
REGULATION (EU) 2023/2854 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
欧洲议会和理事会 (EU) 2023/2854 号条例
of 13 December 2023 2023 年 12 月 13 日
on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
关于公平访问和使用数据的统一规则以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法)
(Text with EEA relevance)
(与欧洲经济区相关的文本)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
欧洲议会和欧盟理事会,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
考虑到《欧洲联盟运作条约》,特别是其中第 114 条,
Having regard to the proposal from the European Commission,
考虑到欧盟委员会的提议,
After transmission of the draft legislative act to the national parliaments,
在将立法法案草案转交各国议会后,
Having regard to the opinion of the European Economic and Social Committee (2),
考虑到欧洲经济和社会委员会的意见( 2 ) ,
Acting in accordance with the ordinary legislative procedure (4),
按照普通立法程序行事( 4 ) ,
Whereas: 然而:
(1) |
In recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation of products connected to the internet in particular has increased the volume and potential value of data for consumers, businesses and society. |
(2) |
Barriers to data sharing prevent an optimal allocation of data for the benefit of society. |
(3) |
In sectors characterised by the presence of microenterprises, small enterprises and medium-sized enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC (5) (SMEs), there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds them in the system or due to a lack of interoperability between data, between data services or across borders. |
(4) |
In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who is entitled to use product data or related service data, under which conditions and on what basis. |
(5) |
This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice. |
(6) |
Data generation is the result of the actions of at least two actors, in particular the designer or manufacturer of a connected product, who may in many cases also be a provider of related services, and the user of the connected product or related service. |
(7) |
The fundamental right to the protection of personal data is safeguarded, in particular, by Regulations (EU) 2016/679 (6) and (EU) 2018/1725 (7) of the European Parliament and of the Council. Directive 2002/58/EC of the European Parliament and of the Council (8) additionally protects private life and the confidentiality of communications, including by way of conditions on any personal and non-personal data storing in, and access from, terminal equipment. |
(8) |
The principles of data minimisation and data protection by design and by default are essential when processing involves significant risks to the fundamental rights of individuals. |
(9) |
Unless otherwise provided for in this Regulation, it does not affect national contract law, including rules on the formation, validity or effect of contracts, or the consequences of the termination of a contract. |
(10) |
This Regulation is without prejudice to Union and national legal acts providing for the sharing of, access to and the use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties, or for customs and taxation purposes, irrespective of the legal basis under the Treaty on the Functioning of the European Union (TFEU) on which such Union legal acts were adopted, as well as to international cooperation in that area, in particular on the basis of the Council of Europe Convention on Cybercrime, (ETS No 185), done at Budapest on 23 November 2001. |
(11) |
Union law establishing physical design and data requirements for products to be placed on the Union market should not be affected unless specifically provided for by this Regulation. |
(12) |
This Regulation complements and is without prejudice to Union law aiming to establish accessibility requirements on certain products and services, in particular Directive (EU) 2019/882 of the European Parliament and of the Council (18). |
(13) |
This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directives 2001/29/EC (19), 2004/48/EC (20) and (EU) 2019/790 (21) of the European Parliament and of the Council. |
(14) |
Connected products that obtain, generate or collect, by means of their components or operating systems, data concerning their performance, use or environment and that are able to communicate those data via an electronic communications service, a physical connection, or on-device access, often referred to as the Internet of Things, should fall within the scope of this Regulation, with the exception of prototypes. |
(15) |
The data represent the digitisation of user actions and events and should accordingly be accessible to the user. The rules for access to and the use of data from connected products and related services under this Regulation address both product data and related service data. |
(16) |
This Regulation enables users of connected products to benefit from aftermarket, ancillary and other services based on data collected by sensors embedded in such products, the collection of those data being of potential value in improving the performance of the connected products. |
(17) |
It is necessary to lay down rules regarding products that are connected to a related service at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to or adapt the functionality of the connected product. |
(18) |
The user of a connected product should be understood to be a natural or legal person, such as a business, a consumer or a public sector body, that owns a connected product, has received certain temporary rights, for example by means of a rental or lease agreement, to access or use data obtained from the connected product, or receives related services for the connected product. |
(19) |
Data literacy refers to the skills, knowledge and understanding that allows users, consumers and businesses, in particular SMEs falling within the scope of this Regulation, to gain awareness of the potential value of the data they generate, produce and share and that they are motivated to offer and provide access to in accordance with relevant legal rules. |
(20) |
In practice, not all data generated by connected products or related services are easily accessible to their users and there are often limited possibilities regarding the portability of data generated by products connected to the internet. |
(21) |
Where several persons or entities are considered to be users, for example in the case of co-ownership or where an owner, renter or lessee shares rights of data access or use, the design of the connected product or related service, or the relevant interface, should enable each user to have access to the data they generate. |
(22) |
Connected products may be designed to make certain data directly accessible from on-device data storage or from a remote server to which the data are communicated. |
(23) |
Virtual assistants play an increasing role in digitising consumer and professional environments and serve as an easy-to-use interface to play content, obtain information, or activate products connected to the internet. |
(24) |
Before concluding a contract for the purchase, rent, or lease of a connected product, the seller, rentor or lessor, which may be the manufacturer, should provide to the user information regarding the product data which the connected product is capable of generating, including the type, format and the estimated volume of such data, in a clear and comprehensible manner. |
(25) |
This Regulation should not be understood to confer any new right on data holders to use product data or related service data. |
(26) |
To foster the emergence of liquid, fair and efficient markets for non-personal data, users of connected products should be able to share data with others, including for commercial purposes, with minimal legal and technical effort. |
(27) |
In sectors characterised by the concentration of a small number of manufacturers supplying connected products to end users, there may only be limited options available to users for the access to and the use and sharing of data. |
(28) |
In contracts between a data holder and a consumer as user of a connected product or related service generating data, Union consumer law, in particular Directives 93/13/EEC and 2005/29/EC, applies to ensure that a consumer is not subject to unfair contractual terms. For the purposes of this Regulation, unfair contractual terms unilaterally imposed on an enterprise should not be binding on that enterprise. |
(29) |
Data holders may require appropriate user identification to verify a user’s entitlement to access the data. |
(30) |
The user should be free to use the data for any lawful purpose. |
(31) |
Directive (EU) 2016/943 of the European Parliament and of the Council (23) provides that the acquisition, use or disclosure of a trade secret shall be considered to be lawful, inter alia, where such acquisition, use or disclosure is required or allowed by Union or national law. |
(32) |
The aim of this Regulation is not only to foster the development of new, innovative connected products or related services, stimulate innovation on aftermarkets, but also to stimulate the development of entirely novel services making use of the data concerned, including based on data from a variety of connected products or related services. |
(33) |
A third party to whom data is made available may be a natural or legal person, such as a consumer, an enterprise, a research organisation, a not-for-profit organisation or an entity acting in a professional capacity. |
(34) |
The use of a connected product or related service may, in particular when the user is a natural person, generate data that relates to the data subject. |
(35) |
Product data or related service data should only be made available to a third party at the request of the user. |
(36) |
Access to any data stored in and accessed from terminal equipment is subject to Directive 2002/58/EC and requires the consent of the subscriber or user within the meaning of that Directive unless it is strictly necessary for the provision of an information society service explicitly requested by the user or by the subscriber or for the sole purpose of the transmission of a communication. |
(37) |
In order to prevent the exploitation of users, third parties to whom data has been made available at the request of the user should process those data only for the purposes agreed with the user and share them with another third party only with the agreement of the user to such data sharing. |
(38) |
In line with the data minimisation principle, third parties should access only information that is necessary for the provision of the service requested by the user. |
(39) |
Third parties should also refrain from using data falling within the scope of this Regulation to profile individuals unless such processing activities are strictly necessary to provide the service requested by the user, including in the context of automated decision-making. |
(40) |
Start-ups, small enterprises, enterprises that qualify as a medium-sized enterprises under Article 2 of the Annex to Recommendation 2003/361/EC and enterprises from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data. |
(41) |
Given the current state of technology, it would be overly burdensome on microenterprises and small enterprises to impose further design obligations in relation to connected products manufactured or designed, or the related services provided, by them. |
(42) |
Taking into account the variety of connected products producing data of different nature, volume and frequency, presenting different levels of data and cybersecurity risks and providing economic opportunities of different value, and for the purpose of ensuring consistency of data sharing practices in the internal market, including across sectors, and to encourage and promote fair data sharing practices even in areas where no such right to data access is provided for, this Regulation provides for horizontal rules on the arrangements for access to data whenever a data holder is obliged by Union law or national legislation adopted in accordance with Union law to make data available to a data recipient. |
(43) |
On the basis of the principle of contractual freedom, parties should remain free to negotiate the precise conditions for making data available in their contracts within the framework for the general access rules for making data available. |
(44) |
In order to ensure that the conditions for mandatory data access are fair for both parties to a contract, the general rules on data access rights should refer to the rule on avoiding unfair contractual terms. |
(45) |
Any agreement concluded in business-to-business relations for making data available should be non-discriminatory between comparable categories of data recipients, independently of whether the parties are large enterprises or SMEs. |
(46) |
In order to promote continued investment in generating and making available valuable data, including investments in relevant technical tools, while at the same time avoiding excessive burdens on access to and the use of data which make data sharing no longer commercially viable, this Regulation contains the principle that in business-to-business relations data holders may request reasonable compensation when obliged pursuant to Union law or national legislation adopted in accordance with Union law to make data available to a data recipient. |
(47) |
First, reasonable compensation for meeting the obligation pursuant to Union law or national legislation adopted in accordance with Union law to comply with a request to make data available may include compensation for the costs incurred in making the data available. |
(48) |
It is not necessary to intervene in the case of data sharing between large enterprises, or where the data holder is a small enterprise or a medium-sized enterprise and the data recipient is a large enterprise. |
(49) |
To protect SMEs from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the reasonable compensation for making data available to be paid by them should not exceed the costs directly related to making the data available. |
(50) |
In duly justified cases, including where there is a need to safeguard consumer participation and competition or to promote innovation in certain markets, regulated compensation for making available specific data types may be provided for in Union law or national legislation adopted in accordance with Union law. |
(51) |
Transparency is an important principle for ensuring that the compensation requested by a data holder is reasonable, or, if the data recipient is an SME or a not-for-profit research organisation, that the compensation does not exceed the costs directly related to making the data available to the data recipient and is attributable to the individual request concerned. |
(52) |
Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing. |
(53) |
The dispute settlement procedure under this Regulation is a voluntary procedure that enables users, data holders and data recipients to agree to bring their disputes before dispute settlement bodies. |
(54) |
To avoid cases in which two or more dispute settlement bodies are seized for the same dispute, in particular in a cross-border situation, a dispute settlement body should be able to refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State. |
(55) |
In order to ensure the uniform application of this Regulation, the dispute settlement bodies should take into account the non-binding model contractual terms to be developed and recommended by the Commission as well as Union or national law specifying data sharing obligations or guidelines issued by sectoral authorities for the application of such law. |
(56) |
Parties to dispute settlement proceedings should not be prevented from exercising their fundamental rights to an effective remedy and a fair trial. |
(57) |
Data holders may apply appropriate technical protection measures to prevent the unlawful disclosure of or access to data. However, those measures should neither discriminate between data recipients, nor hinder access to or the use of data for users or data recipients. |
(58) |
Where one party is in a stronger bargaining position, there is a risk that that party could leverage such a position to the detriment of the other contracting party when negotiating access to data with the result that access to data is commercially less viable and sometimes economically prohibitive. |
(59) |
Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships. |
(60) |
Furthermore, the rules on unfair contractual terms should apply only to those elements of a contract that are related to making data available, that is contractual terms concerning access to and use of the data as well as liability or remedies for breach and termination of data related obligations. |
(61) |
Criteria for identifying unfair contractual terms should be applied only to excessive contractual terms where a stronger bargaining position has been abused. |
(62) |
In order to ensure legal certainty, this Regulation establishes a list of clauses that are always considered unfair and a list of clauses that are presumed to be unfair. |
(63) |
In situations of exceptional need, it may be necessary for public sector bodies, the Commission, the European Central Bank or Union bodies to use in the performance of their statutory duties in the public interest existing data, including, where relevant, accompanying metadata, to respond to public emergencies or in other exceptional cases. |
(64) |
In the case of public emergencies, such as public health emergencies, emergencies resulting from natural disasters including those aggravated by climate change and environmental degradation, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. |
(65) |
An exceptional need may also arise from non-emergency situations. In such cases, a public sector body, the Commission, the European Central Bank or a Union body should be allowed to request only non-personal data. |
(66) |
This Regulation should not apply to, or pre-empt, voluntary arrangements for the exchange of data between private and public entities, including the provision of data by SMEs, and is without prejudice to Union legal acts providing for mandatory information requests by public entities to private entities. |
(67) |
This Regulation complements and is without prejudice to the Union and national law providing for access to and the use of data for statistical purposes, in particular Regulation (EC) No 223/2009 of the European Parliament and of the Council (27) as well as national legal acts related to official statistics. |
(68) |
For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies, the Commission, the European Central Bank or Union bodies should rely on their powers under Union or national law. |
(69) |
In accordance with Article 6(1) and (3) of Regulation (EU) 2016/679, a proportionate, limited and predictable framework at Union level is necessary when providing for the legal basis for the making available of data by data holders, in cases of exceptional needs, to public sector bodies, the Commission, the European Central Bank or Union bodies, both to ensure legal certainty and to minimise the administrative burdens placed on businesses. |
(70) |
The objective of the obligation to provide the data is to ensure that public sector bodies, the Commission, the European Central Bank or Union bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided for by law. |
(71) |
Data holders should have the possibility to either decline a request made by a public sector body, the Commission, the European Central Bank or a Union body or seek its modification without undue delay and, in any event, no later than within a period of five or 30 working days, depending on the nature of the exceptional need invoked in the request. Where relevant, the data holder should have this possibility where it does not have control over the data requested, namely where it does not have immediate access to the data and cannot determine its availability. |
(72) |
In the case of an exceptional need related to a public emergency response, public sector bodies should use non-personal data wherever possible. In the case of requests on the basis of an exceptional need not related to a public emergency, personal data cannot be requested. |
(73) |
Data made available to public sector bodies, the Commission, the European Central Bank or Union bodies on the basis of an exceptional need should be used only for the purposes for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes. |
(74) |
When reusing data provided by data holders, public sector bodies, the Commission, the European Central Bank or Union bodies should respect both existing applicable Union or national law and contractual obligations to which the data holder is subject. |
(75) |
When the safeguarding of a significant public good is at stake, such as responding to public emergencies, the public sector body, the Commission, the European Central Bank or the Union body concerned should not be expected to compensate enterprises for the data obtained. |
(76) |
A public sector body, the Commission, the European Central Bank or a Union body should be entitled to share the data it has obtained pursuant to the request with other entities or persons when this is necessary to carry out scientific research activities or analytical activities it cannot perform itself, provided that those activities are compatible with the purpose for which the data was requested. |
(77) |
In order to handle a cross-border public emergency or another exceptional need, data requests may be addressed to data holders in Member States other than that of the requesting public sector body. |
(78) |
The ability of customers of data processing services, including cloud and edge services, to switch from one data processing service to another while maintaining a minimum functionality of service and without downtime of services, or to use the services of several providers simultaneously without undue obstacles and data transfer costs, is a key condition for a more competitive market with lower entry barriers for new providers of data processing services, and for ensuring further resilience for the users of those services. |
(79) |
Regulation (EU) 2018/1807 of the European Parliament and of the Council (30) encourages providers of data processing services to develop and effectively implement self-regulatory codes of conduct covering best practices for, inter alia, facilitating the switching of providers of data processing services and the porting of data. |
(80) |
Data processing services should cover services that allow ubiquitous and on-demand network access to a configurable, scalable and elastic shared pool of distributed computing resources. |
(81) |
The generic concept ‘data processing services’ covers a substantial number of services with a very broad range of different purposes, functionalities and technical set-ups. |
(82) |
Undermining the extraction of the exportable data that belongs to the customer from the source provider of data processing services can impede the restoration of the service functionalities in the infrastructure of the destination provider of data processing services. |
(83) |
Digital assets refer to elements in digital form for which the customer has the right of use, including applications and metadata related to the configuration of settings, security, and access and control rights management, and other elements such as manifestations of virtualisation technologies, including virtual machines and containers. |
(84) |
This Regulation aims to facilitate switching between data processing services, which encompasses conditions and actions that are necessary for a customer to terminate a contract for a data processing service, to conclude one or more new contracts with different providers of data processing services, to port its exportable data and digital assets, and where applicable, benefit from functional equivalence. |
(85) |
Switching is a customer-driven operation consisting of several steps, including data extraction, which refers to the downloading of data from the ecosystem of the source provider of data processing services; transformation, where the data is structured in a way that does not match the schema of the target location; and the uploading of the data in a new destination location. |
(86) |
Functional equivalence means re-establishing, on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after switching, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the customer under the contract. |
(87) |
Data processing services are used across sectors and vary in complexity and service type. This is an important consideration with regard to the porting process and timeframes. |
(88) |
Switching charges are charges imposed by providers of data processing services on the customers for the switching process. |
(89) |
A source provider of data processing services should be able to outsource certain tasks and compensate third-party entities in order to comply with the obligations provided for in this Regulation. |
(90) |
An ambitious and innovation-inspiring regulatory approach to interoperability is needed to overcome vendor lock-in, which undermines competition and the development of new services. |
(91) |
Where providers of data processing services are in turn customers of data processing services provided by a third-party provider, they will benefit from more effective switching themselves while simultaneously remaining bound by this Regulation’s obligations regarding their own service offerings. |
(92) |
Providers of data processing services should be required to offer all the assistance and support within their capacity, proportionate to their respective obligations, that is required to make the switching process to a service of a different provider of data processing services successful, effective and secure. |
(93) |
Providers of data processing services should also be required to remove existing obstacles and not impose new ones, including for customers wishing to switch to an on-premises ICT infrastructure. |
(94) |
Throughout the switching process, a high level of security should be maintained. |
(95) |
The information to be provided by providers of data processing services to the customer could support the customer’s exit strategy. |
(96) |
To facilitate interoperability and switching between data processing services, users and providers of data processing services should consider the use of implementation and compliance tools, in particular those published by the Commission in the form of an EU Cloud Rulebook and a Guidance on public procurement of data processing services. |
(97) |
In order to facilitate switching between data processing services, all parties involved, including both source and destination providers of data processing services, should cooperate in good faith to make the switching process effective, enable the secure and timely transfer of necessary data in a commonly used, machine-readable format, and by means of open interfaces, while avoiding service disruptions and maintaining continuity of the service. |
(98) |
Data processing services which concern services of which the majority of main features has been custom-built to respond to the specific demands of an individual customer or where all components have been developed for the purposes of an individual customer should be exempted from some of the obligations applicable to data processing service switching. |
(99) |
In line with the minimum requirement allowing switching between providers of data processing services, this Regulation also aims to improve interoperability for in-parallel use of multiple data processing services with complementary functionalities. |
(100) |
Open interoperability specifications and standards developed in accordance with Annex II to Regulation (EU) No 1025/2012 of the European Parliament and of the Council (33) in the field of interoperability and portability are expected to enable a multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy. |
(101) |
Third countries may adopt laws, regulations and other legal acts that aim to directly transfer or provide governmental access to non-personal data located outside their borders, including in the Union. |
(102) |
To foster further trust in data, it is important that safeguards to ensure control of their data by Union citizens, the public sector bodies and businesses are implemented to the extent possible. |
(103) |
Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within and among common European data spaces which are purpose or sector specific or cross-sectoral interoperable frameworks for common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives. |
(104) |
To promote the interoperability of tools for the automated execution of data sharing agreements, it is necessary to lay down essential requirements for smart contracts which professionals create for others or integrate in applications that support the implementation of agreements for data sharing. |
(105) |
To demonstrate fulfilment of the essential requirements of this Regulation, the vendor of a smart contract, or in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available in the context of this Regulation, should perform a conformity assessment and issue an EU declaration of conformity. |
(106) |
Besides the obligation on professional developers of smart contracts to comply with essential requirements, it is also important to encourage those participants within data spaces that offer data or data-based services to other participants within and across common European data spaces to support interoperability of tools for data sharing including smart contracts. |
(107) |
In order to ensure the application and enforcement of this Regulation, Member States should designate one or more competent authorities. If a Member State designates more than one competent authority, it should also designate from among them a data coordinator. |
(108) |
In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for infringements of their rights under this Regulation by lodging complaints. |
(109) |
Competent authorities should ensure that infringements of the obligations laid down in this Regulation are subject to penalties. |
(110) |
The EDIB should advise and assist the Commission in coordinating national practices and policies on the topics covered by this Regulation as well as in delivering on its objectives in relation to technical standardisation to enhance interoperability. |
(111) |
In order to help enterprises to draft and negotiate contracts, the Commission should develop and recommend non-binding model contractual terms for business-to-business data sharing contracts, where necessary taking into account the conditions in specific sectors and the existing practices with voluntary data sharing mechanisms. Those model contractual terms should be primarily a practical tool to help in particular SMEs to conclude a contract. |
(112) |
In order to eliminate the risk that holders of data in databases obtained or generated by means of physical components, such as sensors, of a connected product and a related service or other machine-generated data, claim the sui generis right under Article 7 of Directive 96/9/EC, and in so doing hinder, in particular, the effective exercise of the right of users to access and use data and the right to share data with third parties under this Regulation, it should be clarified that the sui generis right does not apply to such databases. That does not affect the possible application of the sui generis right under Article 7 of Directive 96/9/EC to databases containing data falling outside the scope of this Regulation, provided that the requirements for protection pursuant to paragraph 1 of that Article are fulfilled. |
(113) |
In order to take account of technical aspects of data processing services, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of supplementing this Regulation in order to establish a monitoring mechanism on switching charges imposed by providers of data processing services on the market, and to further specify the essential requirements in respect of interoperability for participants in data spaces that offer data or data services to other participants. |
(114) |
In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission in respect of the adoption of common specifications to ensure the interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces, common specifications on the interoperability of data processing services, and common specifications on the interoperability of smart contracts. |
(115) |
This Regulation should be without prejudice to rules addressing needs specific to individual sectors or areas of public interest. Such rules may include additional requirements on the technical aspects of data access, such as interfaces for data access, or how data access could be provided, for example directly from the product or via data intermediation services. |
(116) |
This Regulation should not affect the application of the rules of competition, in particular Articles 101 and 102 TFEU. The measures provided for in this Regulation should not be used to restrict competition in a manner contrary to the TFEU. |
(117) |
In order to allow actors within the scope of this Regulation to adapt to the new rules provided for herein, and to make the necessary technical arrangements, those rules should apply from 12 September 2025. |
(118) |
The European Data Protection Supervisor and the European Data Protection Board were consulted in accordance with Article 42(1) and (2) of Regulation (EU) 2018/1725 and delivered their opinion on 4 May 2022. |
(119) |
Since the objectives of this Regulation, namely ensuring fairness in the allocation of value from data among actors in the data economy and fostering fair access to and use of data in order to contribute to establishing a genuine internal market for data, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale or effects of the action and cross-border use of data, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. |
HAVE ADOPTED THIS REGULATION:
已通过本规定:
CHAPTER I 第一章
GENERAL PROVISIONS 一般规定
Article 1 第1条
Subject matter and scope 主题和范围
1. This Regulation lays down harmonised rules, inter alia, on:
1. 本条例特别规定了以下方面的统一规则:
(a) (A) |
the making available of product data and related service data to the user of the connected product or related service; |
(b) (二) |
the making available of data by data holders to data recipients; |
(c) (C) |
the making available of data by data holders to public sector bodies, the Commission, the European Central Bank and Union bodies, where there is an exceptional need for those data for the performance of a specific task carried out in the public interest; |
(d) (四) |
facilitating switching between data processing services; |
(e) (五) |
introducing safeguards against unlawful third-party access to non-personal data; and |
(f) (F) |
the development of interoperability standards for data to be accessed, transferred and used. |
2. This Regulation covers personal and non-personal data, including the following types of data, in the following contexts:
2. 本条例涵盖以下情况下的个人和非个人数据,包括以下类型的数据:
(a) (A) |
Chapter II applies to data, with the exception of content, concerning the performance, use and environment of connected products and related services; |
(b) (二) |
Chapter III applies to any private sector data that is subject to statutory data sharing obligations; |
(c) (C) |
Chapter IV applies to any private sector data accessed and used on the basis of contract between enterprises; |
(d) (四) |
Chapter V applies to any private sector data with a focus on non-personal data; |
(e) (五) |
Chapter VI applies to any data and services processed by providers of data processing services; |
(f) (F) |
Chapter VII applies to any non-personal data held in the Union by providers of data processing services. |
3. This Regulation applies to:
三、本规定适用于:
(a) (A) |
manufacturers of connected products placed on the market in the Union and providers of related services, irrespective of the place of establishment of those manufacturers and providers; |
(b) (二) |
users in the Union of connected products or related services as referred to in point (a); |
(c) (C) |
data holders, irrespective of their place of establishment, that make data available to data recipients in the Union; |
(d) (四) |
data recipients in the Union to whom data are made available; |
(e) (五) |
public sector bodies, the Commission, the European Central Bank and Union bodies that request data holders to make data available where there is an exceptional need for those data for the performance of a specific task carried out in the public interest and to the data holders that provide those data in response to such request; |
(f) (F) |
providers of data processing services, irrespective of their place of establishment, providing such services to customers in the Union; |
(g) (G) |
participants in data spaces and vendors of applications using smart contracts and persons whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement. |
4. Where this Regulation refers to connected products or related services, such references are also understood to include virtual assistants insofar as they interact with a connected product or related service.
4. 当本法规提及互联产品或相关服务时,此类提及也被理解为包括与互联产品或相关服务交互的虚拟助手。
5.
This Regulation is without prejudice to Union and national law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment, which shall apply to personal data processed in connection with the rights and obligations laid down herein, in particular Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive 2002/58/EC, including the powers and competences of supervisory authorities and the rights of data subjects.
本条例不损害关于保护个人数据、通信隐私和保密性以及终端设备完整性的欧盟和国家法律,这些法律应适用于与本条例规定的权利和义务相关的个人数据处理,特别是条例( EU) 2016/679 和 (EU) 2018/1725 以及指令 2002/58/EC,包括监管机构的权力和权限以及数据主体的权利。
Insofar as users are data subjects, the rights laid down in Chapter II of this Regulation shall complement the rights of access by data subjects and rights to data portability under Articles 15 and 20 of Regulation (EU) 2016/679.
只要用户是数据主体,本法规第二章规定的权利应补充法规 (EU) 2016/679 第 15 条和第 20 条规定的数据主体访问权和数据可移植性权利。
In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy, or national legislation adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail.
如果本条例与关于保护个人数据或隐私的欧盟法律或根据该欧盟法律通过的国家立法发生冲突,则以有关保护个人数据或隐私的相关联盟或国家法律为准。
6. This Regulation does not apply to or pre-empt voluntary arrangements for the exchange of data between private and public entities, in particular voluntary arrangements for data sharing.
6. 本条例不适用于或优先于私人和公共实体之间数据交换的自愿安排,特别是数据共享的自愿安排。
This Regulation does not affect Union or national legal acts providing for the sharing of, access to and the use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties, or for customs and taxation purposes, in particular Regulations (EU) 2021/784, (EU) 2022/2065 and (EU) 2023/1543 and Directive (EU) 2023/1544, or international cooperation in that area.
本条例不影响为预防、调查、侦查或起诉刑事犯罪或执行刑事处罚或海关和司法目的而规定共享、访问和使用数据的联盟或国家法律行为。税收目的,特别是法规 (EU) 2021/784、(EU) 2022/2065 和 (EU) 2023/1543 以及指令 (EU) 2023/1544,或该领域的国际合作。
This Regulation does not apply to the collection or sharing of, access to or the use of data under Regulation (EU) 2015/847 and Directive (EU) 2015/849.
本法规不适用于法规 (EU) 2015/847 和指令 (EU) 2015/849 规定的数据收集或共享、访问或使用。
This Regulation does not apply to areas that fall outside the scope of Union law and in any event does not affect the competences of the Member States concerning public security, defence or national security, regardless of the type of entity entrusted by the Member States to carry out tasks in relation to those competences, or their power to safeguard other essential State functions, including ensuring the territorial integrity of the State and the maintenance of law and order.
本条例不适用于欧盟法律范围之外的领域,并且在任何情况下都不影响成员国在公共安全、国防或国家安全方面的权限,无论成员国委托的实体类型如何执行与这些权限或权力有关的任务,以维护其他基本国家职能,包括确保国家领土完整以及维护法律和秩序。
This Regulation does not affect the competences of the Member States concerning customs and tax administration or the health and safety of citizens.
本条例不影响成员国在海关和税务管理或公民健康和安全方面的权限。
7. This Regulation complements the self-regulatory approach of Regulation (EU) 2018/1807 by adding generally applicable obligations on cloud switching.
7. 本法规通过添加普遍适用的云切换义务,补充了法规 (EU) 2018/1807 的自我监管方法。
8. This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, in particular Directives 2001/29/EC, 2004/48/EC and (EU) 2019/790.
8. 本法规不妨碍规定保护知识产权的欧盟和国家法律行为,特别是指令 2001/29/EC、2004/48/EC 和 (EU) 2019/790。
9.
This Regulation complements and is without prejudice to Union law which aims to promote the interests of consumers and ensure a high level of consumer protection, and to protect their health, safety and economic interests, in particular Directives 93/13/EEC, 2005/29/EC and 2011/83/EU.
该法规补充且不损害欧盟法律,旨在促进消费者利益并确保高水平的消费者保护,并保护他们的健康、安全和经济利益,特别是指令 93/13/EEC, 2005/29 /EC 和 2011/83/EU。
10. This Regulation does not preclude the conclusion of voluntary lawful data sharing contracts, including contracts concluded on a reciprocal basis, which comply with the requirements laid down in this Regulation.
10. 本条例不排除自愿合法数据共享合同的签订,包括在互惠基础上签订的符合本条例规定要求的合同。
Article 2 第二条
Definitions 定义
For the purposes of this Regulation, the following definitions apply:
就本条例而言,适用以下定义:
(1) |
‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording; |
(2) |
‘metadata’ means a structured description of the contents or the use of data facilitating the discovery or use of that data; |
(3) |
‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; |
(4) |
‘non-personal data’ means data other than personal data; |
(5) |
‘connected product’ means an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user; |
(6) |
‘related service’ means a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product; |
(7) |
‘processing’ means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or other means of making them available, alignment or combination, restriction, erasure or destruction; |
(8) |
‘data processing service’ means a digital service that is provided to a customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction; |
(9) |
‘same service type’ means a set of data processing services that share the same primary objective, data processing service model and main functionalities; |
(10) |
‘data intermediation service’ means data intermediation service as defined in Article 2, point (11), of Regulation (EU) 2022/868; |
(11) |
‘data subject’ means data subject as referred to in Article 4, point (1), of Regulation (EU) 2016/679; |
(12) |
‘user’ means a natural or legal person that owns a connected product or to whom temporary rights to use that connected product have been contractually transferred, or that receives related services; |
(13) |
‘data holder’ means a natural or legal person that has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation adopted in accordance with Union law, to use and make available data, including, where contractually agreed, product data or related service data which it has retrieved or generated during the provision of a related service; |
(14) |
‘data recipient’ means a natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation adopted in accordance with Union law; |
(15) |
‘product data’ means data generated by the use of a connected product that the manufacturer designed to be retrievable, via an electronic communications service, physical connection or on-device access, by a user, data holder or a third party, including, where relevant, the manufacturer; |
(16) |
‘related service data’ means data representing the digitisation of user actions or of events related to the connected product, recorded intentionally by the user or generated as a by-product of the user’s action during the provision of a related service by the provider; |
(17) |
‘readily available data’ means product data and related service data that a data holder lawfully obtains or can lawfully obtain from the connected product or related service, without disproportionate effort going beyond a simple operation; |
(18) |
‘trade secret’ means trade secret as defined in Article 2, point (1), of Directive (EU) 2016/943; |
(19) |
‘trade secret holder’ means a trade secret holder as defined in Article 2, point (2), of Directive (EU) 2016/943; |
(20) |
‘profiling’ means profiling as defined in Article 4, point (4), of Regulation (EU) 2016/679; |
(21) |
‘making available on the market’ means any supply of a connected product for distribution, consumption or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge; |
(22) |
‘placing on the market’ means the first making available of a connected product on the Union market; |
(23) |
‘consumer’ means any natural person who is acting for purposes which are outside that person’s trade, business, craft or profession; |
(24) |
‘enterprise’ means a natural or legal person that, in relation to contracts and practices covered by this Regulation, is acting for purposes which are related to that person’s trade, business, craft or profession; |
(25) |
‘small enterprise’ means a small enterprise as defined in Article 2(2) of the Annex to Recommendation 2003/361/EC; |
(26) |
‘microenterprise’ means a microenterprise as defined in Article 2(3) of the Annex to Recommendation 2003/361/EC; |
(27) |
‘Union bodies’ means the Union bodies, offices and agencies set up by or pursuant to acts adopted on the basis of the Treaty on European Union, the TFEU or the Treaty establishing the European Atomic Energy Community; |
(28) |
‘public sector body’ means national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies; |
(29) |
‘public emergency’ means an exceptional situation, limited in time, such as a public health emergency, an emergency resulting from natural disasters, a human-induced major disaster, including a major cybersecurity incident, negatively affecting the population of the Union or the whole or part of a Member State, with a risk of serious and lasting repercussions for living conditions or economic stability, financial stability, or the substantial and immediate degradation of economic assets in the Union or the relevant Member State and which is determined or officially declared in accordance with the relevant procedures under Union or national law; |
(30) |
‘customer’ means a natural or legal person that has entered into a contractual relationship with a provider of data processing services with the objective of using one or more data processing services; |
(31) |
‘virtual assistants’ means software that can process demands, tasks or questions including those based on audio, written input, gestures or motions, and that, based on those demands, tasks or questions, provides access to other services or controls the functions of connected products; |
(32) |
‘digital assets’ means elements in digital form, including applications, for which the customer has the right of use, independently from the contractual relationship with the data processing service it intends to switch from; |
(33) |
‘on-premises ICT infrastructure’ means ICT infrastructure and computing resources owned, rented or leased by the customer, located in the data centre of the customer itself and operated by the customer or by a third-party; |
(34) |
‘switching’ means the process involving a source provider of data processing services, a customer of a data processing service and, where relevant, a destination provider of data processing services, whereby the customer of a data processing service changes from using one data processing service to using another data processing service of the same service type, or other service, offered by a different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data; |
(35) |
‘data egress charges’ means data transfer fees charged to customers for extracting their data through the network from the ICT infrastructure of a provider of data processing services to the system of a different provider or to on-premises ICT infrastructure; |
(36) |
‘switching charges’ means charges, other than standard service fees or early termination penalties, imposed by a provider of data processing services on a customer for the actions mandated by this Regulation for switching to the system of a different provider or to on-premises ICT infrastructure, including data egress charges; |
(37) |
‘functional equivalence’ means re-establishing on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after the switching process, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the customer under the contract; |
(38) |
‘exportable data’, for the purpose of Articles 23 to 31 and Article 35, means the input and output data, including metadata, directly or indirectly generated, or cogenerated, by the customer’s use of the data processing service, excluding any assets or data protected by intellectual property rights, or constituting a trade secret, of providers of data processing services or third parties; |
(39) |
‘smart contract’ means a computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering; |
(40) |
‘interoperability’ means the ability of two or more data spaces or communication networks, systems, connected products, applications, data processing services or components to exchange and use data in order to perform their functions; |
(41) |
open interoperability specification’ means a technical specification in the field of information and communication technologies which is performance oriented towards achieving interoperability between data processing services; |
(42) |
‘common specifications’ means a document, other than a standard, containing technical solutions providing a means to comply with certain requirements and obligations established under this Regulation; |
(43) |
‘harmonised standard’ means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012. |
CHAPTER II 第二章
BUSINESS TO CONSUMER AND BUSINESS TO BUSINESS DATA SHARING
企业对消费者和企业对企业数据共享
Article 3 第三条
Obligation to make product data and related service data accessible to the user
使用户可以访问产品数据和相关服务数据的义务
1.
Connected products shall be designed and manufactured, and related services shall be designed and provided, in such a manner that product data and related service data, including the relevant metadata necessary to interpret and use those data, are, by default, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format, and, where relevant and technically feasible, directly accessible to the user.
互联产品的设计和制造以及相关服务的设计和提供应确保产品数据和相关服务数据(包括解释和使用这些数据所需的相关元数据)在默认情况下能够轻松、安全、免费,以全面的、结构化的、常用的和机器可读的格式,并且在相关和技术上可行的情况下,可以直接供用户访问。
2. Before concluding a contract for the purchase, rent or lease of a connected product, the seller, rentor or lessor, which may be the manufacturer, shall provide at least the following information to the user, in a clear and comprehensible manner:
2. 在签订关联产品的购买、租赁或租赁合同之前,卖方、承租人或出租人(可能是制造商)应至少以清晰易懂的方式向用户提供以下信息:
(a) (A) |
the type, format and estimated volume of product data which the connected product is capable of generating; |
(b) (二) |
whether the connected product is capable of generating data continuously and in real-time; |
(c) (C) |
whether the connected product is capable of storing data on-device or on a remote server, including, where applicable, the intended duration of retention; |
(d) (四) |
how the user may access, retrieve or, where relevant, erase the data, including the technical means to do so, as well as their terms of use and quality of service. |
3. Before concluding a contract for the provision of a related service, the provider of such related service shall provide at least the following information to the user, in a clear and comprehensible manner:
3、在签订相关服务提供合同之前,相关服务提供者应当至少向用户提供清晰、易懂的以下信息:
(a) (A) |
the nature, estimated volume and collection frequency of product data that the prospective data holder is expected to obtain and, where relevant, the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention; |
(b) (二) |
the nature and estimated volume of related service data to be generated, as well as the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention; |
(c) (C) |
whether the prospective data holder expects to use readily available data itself and the purposes for which those data are to be used, and whether it intends to allow one or more third parties to use the data for purposes agreed upon with the user; |
(d) (四) |
the identity of the prospective data holder, such as its trading name and the geographical address at which it is established and, where applicable, of other data processing parties; |
(e) (五) |
the means of communication which make it possible to contact the prospective data holder quickly and communicate with that data holder efficiently; |
(f) (F) |
how the user can request that the data are shared with a third party and, where applicable, end the data sharing; |
(g) (G) |
the user’s right to lodge a complaint alleging an infringement of any of the provisions of this Chapter with the competent authority designated pursuant to Article 37; |
(h) (H) |
whether a prospective data holder is the holder of trade secrets contained in the data that is accessible from the connected product or generated during the provision of a related service, and, where the prospective data holder is not the trade secret holder, the identity of the trade secret holder; |
(i) (我) |
the duration of the contract between the user and the prospective data holder, as well as the arrangements for terminating such a contract. |
Article 4 第四条
The rights and obligations of users and data holders with regard to access, use and making available product data and related service data
用户和数据持有者在访问、使用和提供产品数据及相关服务数据方面的权利和义务
1.
Where data cannot be directly accessed by the user from the connected product or related service, data holders shall make readily available data, as well as the relevant metadata necessary to interpret and use those data, accessible to the user without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time.
如果用户无法从连接的产品或相关服务直接访问数据,则数据持有者应立即提供数据以及解释和使用这些数据所需的相关元数据,使用户能够立即访问该数据,不得无故拖延。以全面、结构化、常用和机器可读的格式,轻松、安全、免费地向数据持有者提供可用的质量,并且在相关且技术上可行的情况下,连续、实时地提供数据。
This shall be done on the basis of a simple request through electronic means where technically feasible.
在技术可行的情况下,这应基于通过电子方式提出的简单请求来完成。
2.
Users and data holders may contractually restrict or prohibit accessing, using or further sharing data, if such processing could undermine security requirements of the connected product, as laid down by Union or national law, resulting in a serious adverse effect on the health, safety or security of natural persons.
如果此类处理可能破坏联盟或国家法律规定的互联产品的安全要求,从而对健康、安全或健康造成严重不利影响,则用户和数据持有者可以通过合同限制或禁止访问、使用或进一步共享数据。自然人的安全。
Sectoral authorities may provide users and data holders with technical expertise in that context. Where the data holder refuses to share data pursuant to this Article, it shall notify the competent authority designated pursuant to Article 37.
部门当局可以向用户和数据持有者提供这方面的技术专业知识。资料持有者拒绝依本条规定共享资料者,应通知依第三十七条指定之主管机关。
3. Without prejudice to the user’s right to seek redress at any stage before a court or tribunal of a Member State, the user may, in relation to any dispute with the data holder concerning the contractual restrictions or prohibitions referred to in paragraph 2:
3. 在不损害用户在任何阶段向成员国法院或法庭寻求补救的权利的情况下,对于与数据持有者就第 2 款中提到的合同限制或禁止产生的任何争议,用户可以:
(a) (A) |
lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority; or |
(b) (二) |
agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1). |
4.
Data holders shall not make the exercise of choices or rights under this Article by the user unduly difficult, including by offering choices to the user in a non-neutral manner or by subverting or impairing the autonomy, decision-making or choices of the user via the structure, design, function or manner of operation of a user digital interface or a part thereof.
数据持有者不得使用户行使本条规定的选择或权利变得过于困难,包括以非中立的方式向用户提供选择,或者通过以下方式颠覆或损害用户的自主权、决策或选择:用户数字界面或其一部分的结构、设计、功能或操作方式。
5. For the purpose of verifying whether a natural or legal person qualifies as a user for the purposes of paragraph 1, a data holder shall not require that person to provide any information beyond what is necessary.
5. 为了验证自然人或法人是否符合第 1 款的用户资格,数据持有者不得要求该人提供超出必要范围的任何信息。
Data holders shall not keep any information, in particular log data, on the user’s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and maintenance of the data infrastructure.
数据持有者不得保留有关用户访问所请求数据的任何信息,特别是日志数据,超出了正确执行用户访问请求以及数据基础设施安全和维护所必需的信息。
6. Trade secrets shall be preserved and shall be disclosed only where the data holder and the user take all necessary measures prior to the disclosure to preserve their confidentiality in particular regarding third parties.
6. 只有当数据持有者和用户在披露之前采取一切必要措施以保护其机密性(特别是有关第三方的机密性)时,才应保存和披露商业秘密。
The data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata, and shall agree with the user proportionate technical and organisational measures necessary to preserve the confidentiality of the shared data, in particular in relation to third parties, such as model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据,并应同意用户采取适当的技术和组织措施以保护机密性共享数据,特别是与第三方相关的数据,例如示范合同条款、保密协议、严格的访问协议、技术标准和行为准则的应用。
7.
Where there is no agreement on the necessary measures referred to in paragraph 6, or if the user fails to implement the measures agreed pursuant to paragraph 6 or undermines the confidentiality of the trade secrets, the data holder may withhold or, as the case may be, suspend the sharing of data identified as trade secrets.
如果没有就第 6 款所述的必要措施达成一致,或者如果用户未执行根据第 6 款商定的措施或破坏商业秘密的机密性,数据持有者可以扣留或视情况而定,暂停共享被认定为商业秘密的数据。
The decision of the data holder shall be duly substantiated and provided in writing to the user without undue delay.
数据持有者的决定应得到充分证实并以书面形式提供给用户,不得无故拖延。
In such cases, the data holder shall notify the competent authority designated pursuant to Article 37 that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应通知根据第 37 条指定的主管当局,其已扣留或暂停数据共享,并确定哪些措施尚未商定或实施,以及(如果相关)哪些商业秘密的机密性已被破坏。
8.
In exceptional circumstances, where the data holder who is a trade secret holder is able to demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the user pursuant to paragraph 6 of this Article, that data holder may refuse on a case-by-case basis a request for access to the specific data in question.
在特殊情况下,作为商业秘密持有者的数据持有者能够证明,尽管用户根据第 6 款采取了技术和组织措施,但其极有可能因商业秘密的披露而遭受严重的经济损失。根据本条规定,数据持有者可以根据具体情况拒绝访问相关特定数据的请求。
That demonstration shall be duly substantiated on the basis of objective elements, in particular the enforceability of trade secrets protection in third countries, the nature and level of confidentiality of the data requested, and the uniqueness and novelty of the connected product, and shall be provided in writing to the user without undue delay.
该论证应根据客观要素,特别是第三国商业秘密保护的可执行性、所请求数据的保密性和级别以及所连接产品的独特性和新颖性来充分证实,并应提供以书面形式通知用户,不得无故拖延。
Where the data holder refuses to share data pursuant to this paragraph, it shall notify the competent authority designated pursuant to Article 37.
资料持有者拒绝依本项规定共享资料者,应通知依第三十七条指定之主管机关。
9. Without prejudice to a user’s right to seek redress at any stage before a court or tribunal of a Member State, a user wishing to challenge a data holder’s decision to refuse or to withhold or suspend data sharing pursuant to paragraphs 7 and 8 may:
9. 在不损害用户在任何阶段向成员国法院或法庭寻求补救的权利的情况下,希望对数据持有者根据第 7 段和第 8 段拒绝、扣留或暂停数据共享的决定提出质疑的用户可以:
(a) (A) |
lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority, which shall, without undue delay, decide whether and under which conditions data sharing is to start or resume; or |
(b) (二) |
agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1). |
10.
The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a connected product that competes with the connected product from which the data originate, nor share the data with a third party with that intent and shall not use such data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the data holder.
用户不得使用根据第 1 款所述请求获得的数据来开发与数据来源的连接产品竞争的连接产品,也不得出于此目的与第三方共享数据,并且不得使用此类数据数据以获得有关制造商或数据持有者(如适用)的经济状况、资产和生产方法的见解。
11. The user shall not use coercive means or abuse gaps in the technical infrastructure of a data holder which is designed to protect the data in order to obtain access to data.
11. 用户不得使用强制手段或滥用数据持有者旨在保护数据的技术基础设施中的漏洞来获取数据访问权限。
12.
Where the user is not the data subject whose personal data is requested, any personal data generated by the use of a connected product or related service shall be made available by the data holder to the user only where there is a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC are fulfilled.
如果用户不是被请求提供个人数据的数据主体,则只有在具有有效的法律依据的情况下,数据持有者才可以向用户提供通过使用连接产品或相关服务而生成的任何个人数据。 (EU) 2016/679 法规第 6 条以及相关法规第 9 条和指令 2002/58/EC 第 5(3) 条的条件均得到满足。
13. A data holder shall only use any readily available data that is non-personal data on the basis of a contract with the user.
13. 数据持有者只能根据与用户签订的合同使用任何现成的非个人数据。
A data holder shall not use such data to derive insights about the economic situation, assets and production methods of, or the use by, the user in any other manner that could undermine the commercial position of that user on the markets in which the user is active.
数据持有者不得使用此类数据来深入了解用户的经济状况、资产和生产方法,或以任何其他可能损害该用户在其所在市场的商业地位的方式使用该用户。积极的。
14. Data holders shall not make available non-personal product data to third parties for commercial or non-commercial purposes other than the fulfilment of their contract with the user.
14. 除履行与用户的合同外,数据持有者不得出于商业或非商业目的向第三方提供非个人产品数据。
Where relevant, data holders shall contractually bind third parties not to further share data received from them.
在相关情况下,数据持有者应通过合同约束第三方不得进一步共享从其收到的数据。
Article 5 第五条
Right of the user to share data with third parties
用户与第三方共享数据的权利
1.
Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available readily available data, as well as the relevant metadata necessary to interpret and use those data, to a third party without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge to the user, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time.
根据用户或代表用户的一方的请求,数据持有者应立即向第三方提供可用的数据以及解释和使用这些数据所需的相关元数据,不得无故拖延,与数据持有者可获得的质量相同,以全面、结构化、常用和机器可读的格式,轻松、安全、免费地向用户免费提供数据,并且在相关且技术上可行的情况下,连续、实时地提供数据。
The data shall be made available by the data holder to the third party in accordance with Articles 8 and 9.
数据持有者应根据第 8 条和第 9 条向第三方提供数据。
2. Paragraph 1 shall not apply to readily available data in the context of the testing of new connected products, substances or processes that are not yet placed on the market unless their use by a third party is contractually permitted.
2. 第 1 款不适用于测试尚未投放市场的新连接产品、物质或工艺时容易获得的数据,除非合同允许第三方使用这些数据。
3. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible third party under this Article and therefore shall not:
3. 根据法规 (EU) 2022/1925 第 3 条,任何被指定为看门人的企业均不属于本条规定的合格第三方,因此不得:
(a) (A) |
solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1); |
(b) (二) |
solicit or commercially incentivise a user to request the data holder to make data available to one of its services pursuant to paragraph 1 of this Article; |
(c) (C) |
receive data from a user that the user has obtained pursuant to a request under Article 4(1). |
4. For the purpose of verifying whether a natural or legal person qualifies as a user or as a third party for the purposes of paragraph 1, the user or the third party shall not be required to provide any information beyond what is necessary.
4. 为了验证自然人或法人是否符合第 1 款规定的用户或第三方的资格,不得要求用户或第三方提供超出必要范围的任何信息。
Data holders shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and maintenance of the data infrastructure.
数据持有者不得保留有关第三方访问所请求数据的任何信息,除非是妥善执行第三方访问请求以及数据基础设施安全和维护所必需的信息。
5. The third party shall not use coercive means or abuse gaps in the technical infrastructure of a data holder which is designed to protect the data in order to obtain access to data.
5. 第三方不得使用强制手段或滥用数据持有者旨在保护数据的技术基础设施中的漏洞来获取数据访问权。
6.
A data holder shall not use any readily available data to derive insights about the economic situation, assets and production methods of, or the use by, the third party in any other manner that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has given permission to such use and has the technical possibility to easily withdraw that permission at any time.
数据持有者不得使用任何现成的数据来深入了解第三方的经济状况、资产和生产方法,或以任何其他可能损害第三方在市场上的商业地位的方式使用第三方。第三方是活跃的,除非第三方已授予此类使用许可,并且在技术上可以随时轻松撤回该许可。
7.
Where the user is not the data subject whose personal data is requested, any personal data generated by the use of a connected product or related service shall be made available by the data holder to the third party only where there is a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC are fulfilled.
如果用户不是被请求提供个人数据的数据主体,则只有在存在有效的处理法律依据的情况下,数据持有者才应将使用连接产品或相关服务生成的任何个人数据提供给第三方根据 (EU) 2016/679 法规第 6 条的规定,以及在相关情况下,满足该法规第 9 条和指令 2002/58/EC 第 5(3) 条的条件。
8.
Any failure on the part of the data holder and the third party to agree on arrangements for transmitting the data shall not hinder, prevent or interfere with the exercise of the rights of the data subject under Regulation (EU) 2016/679 and, in particular, with the right to data portability under Article 20 of that Regulation.
数据持有者和第三方未能就数据传输安排达成一致,不得阻碍、阻止或干扰数据主体根据法规 (EU) 2016/679 行使权利,特别是,具有该条例第 20 条规定的数据可移植权。
9. Trade secrets shall be preserved and shall be disclosed to third parties only to the extent that such disclosure is strictly necessary to fulfil the purpose agreed between the user and the third party.
9. 应保留商业秘密,并仅在为实现用户与第三方约定的目的绝对必要的情况下才向第三方披露商业秘密。
The data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata, and shall agree with the third party all proportionate technical and organisational measures necessary to preserve the confidentiality of the shared data, such as model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据,并应与第三方同意采取所有必要的相称技术和组织措施,以保护商业秘密。共享数据的机密性,例如示范合同条款、保密协议、严格的访问协议、技术标准和行为准则的应用。
10.
Where there is no agreement on the necessary measures referred to in paragraph 9 of this Article or if the third party fails to implement the measures agreed pursuant to paragraph 9 of this Article or undermines the confidentiality of the trade secrets, the data holder may withhold or, as the case may be, suspend the sharing of data identified as trade secrets.
如果未就本条第 9 款所述的必要措施达成一致,或者第三方未执行本条第 9 款规定的措施或破坏商业秘密的,数据持有者可以扣留或视情况暂停共享被认定为商业秘密的数据。
The decision of the data holder shall be duly substantiated and provided in writing to the third party without undue delay.
数据持有者的决定应得到充分证实并以书面形式提供给第三方,不得无故拖延。
In such cases, the data holder shall notify the competent authority designated pursuant to Article 37 that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应通知根据第 37 条指定的主管当局,其已扣留或暂停数据共享,并确定哪些措施尚未商定或实施,以及(如果相关)哪些商业秘密的机密性已被破坏。
11.
In exceptional circumstances, where the data holder who is a trade secret holder is able to demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the third party pursuant to paragraph 9 of this Article, that data holder may refuse on a case-by-case basis a request for access to the specific data in question.
在特殊情况下,作为商业秘密持有者的数据持有者能够证明,尽管第三方根据第 9 款采取了技术和组织措施,但其极有可能因商业秘密的披露而遭受严重的经济损失根据本条规定,数据持有者可以根据具体情况拒绝访问相关特定数据的请求。
That demonstration shall be duly substantiated on the basis of objective elements, in particular the enforceability of trade secrets protection in third countries, the nature and level of confidentiality of the data requested, and the uniqueness and novelty of the connected product, and shall be provided in writing to the third party without undue delay.
该论证应根据客观要素,特别是第三国商业秘密保护的可执行性、所请求数据的保密性和级别以及所连接产品的独特性和新颖性来充分证实,并应提供不得无故拖延地书面通知第三方。
Where the data holder refuses to share data pursuant to this paragraph, it shall notify the competent authority designated pursuant to Article 37.
资料持有者拒绝依本项规定共享资料者,应通知依第三十七条指定之主管机关。
12. Without prejudice to the third party’s right to seek redress at any stage before a court or tribunal of a Member State, a third party wishing to challenge a data holder’s decision to refuse or to withhold or suspend data sharing pursuant to paragraphs 10 and 11 may:
12. 在不损害第三方在任何阶段向成员国法院或法庭寻求补救的权利的情况下,希望对数据持有者根据第 10 和 11 段拒绝、扣留或暂停数据共享的决定提出质疑的第三方可能:
(a) (A) |
lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority, which shall, without undue delay, decide whether and under which conditions the data sharing is to start or resume; or |
(b) (二) |
agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1). |
13. The right referred to in paragraph 1 shall not adversely affect the rights of data subjects pursuant to the applicable Union and national law on the protection of personal data.
13. 第 1 款中提到的权利不得对数据主体根据适用的欧盟和国家保护个人数据法律所享有的权利产生不利影响。
Article 6 第六条
Obligations of third parties receiving data at the request of the user
第三方应用户请求接收数据的义务
1.
A third party shall process the data made available to it pursuant to Article 5 only for the purposes and under the conditions agreed with the user and subject to Union and national law on the protection of personal data including the rights of the data subject insofar as personal data are concerned.
第三方应仅出于与用户同意的目的和条件下处理根据第 5 条提供的数据,并遵守欧盟和国家有关个人数据保护的法律,包括数据主体在个人数据方面的权利。数据有关。
The third party shall erase the data when they are no longer necessary for the agreed purpose, unless otherwise agreed with the user in relation to non-personal data.
当约定目的不再需要这些数据时,第三方应删除这些数据,除非与用户就非个人数据另有约定。
2. The third party shall not:
2. 第三方不得:
(a) (A) |
make the exercise of choices or rights under Article 5 and this Article by the user unduly difficult, including by offering choices to the user in a non-neutral manner, or by coercing, deceiving or manipulating the user, or by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a user digital interface or a part thereof; |
(b) (二) |
notwithstanding Article 22(2), points (a) and (c), of Regulation (EU) 2016/679, use the data it receives for the profiling, unless it is necessary to provide the service requested by the user; |
(c) (C) |
make the data it receives available to another third party, unless the data is made available on the basis of a contract with the user, and provided that the other third party takes all necessary measures agreed between the data holder and the third party to preserve the confidentiality of trade secrets; |
(d) (四) |
make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925; |
(e) (五) |
use the data it receives to develop a product that competes with the connected product from which the accessed data originate or share the data with another third party for that purpose; third parties shall also not use any non-personal product data or related service data made available to them to derive insights about the economic situation, assets and production methods of, or use by, the data holder; |
(f) (F) |
use the data it receives in a manner that has an adverse impact on the security of the connected product or related service; |
(g) (G) |
disregard the specific measures agreed with a data holder or with the trade secrets holder pursuant to Article 5(9) and undermine the confidentiality of trade secrets; |
(h) (H) |
prevent the user that is a consumer, including on the basis of a contract, from making the data it receives available to other parties. |
Article 7 第七条
Scope of business-to-consumer and business-to-business data sharing obligations
企业对消费者和企业对企业数据共享义务的范围
1.
The obligations of this Chapter shall not apply to data generated through the use of connected products manufactured or designed or related services provided by a microenterprise or a small enterprise, provided that that enterprise does not have a partner enterprise or a linked enterprise within the meaning of Article 3 of the Annex to Recommendation 2003/361/EC that does not qualify as a microenterprise or a small enterprise and where the microenterprise and small enterprise is not subcontracted to manufacture or design a connected product or to provide a related service.
本章义务不适用于通过使用微型企业或小型企业制造或设计的互联产品或提供的相关服务所产生的数据,但该企业不具有以下含义的合作企业或关联企业:第 2003/361/EC 建议书附件第 3 条不符合微型企业或小型企业的资格,并且微型企业和小型企业未分包制造或设计互联产品或提供相关服务。
The same shall apply to data generated through the use of connected products manufactured by or related services provided by an enterprise that has qualified as a medium-sized enterprise under Article 2 of the Annex to Recommendation 2003/361/EC for less than one year and to connected products for one year after the date on which they were placed on the market by a medium-sized enterprise.
同样适用于通过使用由符合建议 2003/361/EC 附件第 2 条规定的中型企业资格的企业生产的联网产品或提供的相关服务不足一年而产生的数据,并且中型企业将联网产品投放市场之日起一年内。
2. Any contractual term which, to the detriment of the user, excludes the application of, derogates from or varies the effect of the user’s rights under this Chapter shall not be binding on the user.
2. 任何损害用户利益、排除本章规定的用户权利的适用、减损或改变其效力的合同条款对用户不具有约束力。
CHAPTER III 第三章
OBLIGATIONS FOR DATA HOLDERS OBLIGED TO MAKE DATA AVAILABLE PURSUANT TO UNION LAW
数据持有者根据工会法提供数据的义务
Article 8 第八条
Conditions under which data holders make data available to data recipients
数据持有者向数据接收者提供数据的条件
1.
Where, in business-to-business relations, a data holder is obliged to make data available to a data recipient under Article 5 or under other applicable Union law or national legislation adopted in accordance with Union law, it shall agree with a data recipient the arrangements for making the data available and shall do so under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner in accordance with this Chapter and Chapter IV.
在企业对企业关系中,如果数据持有者有义务根据第 5 条或其他适用的联盟法律或根据联盟法律通过的国家立法向数据接收者提供数据,则数据持有者应与数据接收者同意提供数据的安排,并应按照本章和第四章的规定,在公平、合理和非歧视性的条款和条件下并以透明的方式进行。
2.
A contractual term concerning access to and the use of data, or liability and remedies for the breach or termination of data-related obligations, shall not be binding if it constitutes an unfair contractual term within the meaning of Article 13 or if, to the detriment of the user, it excludes the application of, derogates from or varies the effect of the user’s rights under Chapter II.
有关数据访问和使用的合同条款,或者违反或终止数据相关义务的责任和补救措施,如果构成第 13 条含义内的不公平合同条款,或者损害排除用户根据第二章享有的权利的适用、减损或改变其效力。
3. A data holder shall not discriminate regarding the arrangements for making data available between comparable categories of data recipients, including partner enterprises or linked enterprises of the data holder when making data available.
3. 数据持有者在提供数据的安排上不得对同类数据接收者(包括数据持有者的合作企业或关联企业)之间的数据提供安排实行歧视。
Where a data recipient considers that the conditions under which data has been made available to it are discriminatory, the data holder shall without undue delay provide the data recipient, upon its reasoned request, with information showing that there has been no discrimination.
如果数据接收者认为向其提供数据的条件具有歧视性,则数据持有者应根据数据接收者的合理要求,立即向其提供表明不存在歧视的信息。
4. A data holder shall not make data available to a data recipient, including on an exclusive basis, unless requested to do so by the user under Chapter II.
4. 数据持有者不得向数据接收者提供数据,包括独家提供数据,除非用户根据第二章要求这样做。
5.
Data holders and data recipients shall not be required to provide any information beyond what is necessary to verify compliance with the contractual terms agreed for making data available or with their obligations under this Regulation or other applicable Union law or national legislation adopted in accordance with Union law.
数据持有者和数据接收者无需提供任何必要信息,以验证是否遵守提供数据所商定的合同条款或本条例或其他适用的欧盟法律或根据欧盟法律通过的国家立法规定的义务。
6. Unless otherwise provided for in Union law, including Article 4(6) and Article 5(9) of this Regulation, or by national legislation adopted in accordance with Union law, an obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets.
6. 除非欧盟法律(包括本条例第 4 条第 6 款和第 5 条第 9 款)或根据欧盟法律通过的国家立法另有规定,否则向数据接收者提供数据的义务不构成义务。商业秘密的披露。
Article 9 第九条
Compensation for making data available
对提供数据的补偿
1. Any compensation agreed upon between a data holder and a data recipient for making data available in business-to-business relations shall be non- discriminatory and reasonable and may include a margin.
1. 数据持有者和数据接收者之间就在企业对企业关系中提供数据而商定的任何补偿均应是非歧视性的、合理的,并且可以包括利润。
2. When agreeing on any compensation, the data holder and the data recipient shall take into account in particular:
2. 在就任何补偿达成一致时,数据持有者和数据接收者应特别考虑:
(a) (A) |
costs incurred in making the data available, including, in particular, the costs necessary for the formatting of data, dissemination via electronic means and storage; |
(b) (二) |
investments in the collection and production of data, where applicable, taking into account whether other parties contributed to obtaining, generating or collecting the data in question. |
3. The compensation referred to in paragraph 1 may also depend on the volume, format and nature of the data.
3. 第 1 款中提及的补偿还可能取决于数据的数量、格式和性质。
4.
Where the data recipient is an SME or a not-for-profit research organisation and where such a data recipient does not have partner enterprises or linked enterprises that do not qualify as SMEs, any compensation agreed shall not exceed the costs referred to in paragraph 2, point (a).
如果数据接收者是中小企业或非营利性研究机构,并且该数据接收者没有不符合中小企业资格的合作企业或关联企业,则约定的任何补偿不得超过第二款所述的成本,点(a)。
5. The Commission shall adopt guidelines on the calculation of reasonable compensation, taking into account the advice of the European Data Innovation Board (EDIB) referred to in Article 42.
5. 委员会应考虑第 42 条中提及的欧洲数据创新委员会 (EDIB) 的建议,采用合理补偿计算指南。
6. This Article shall not preclude other Union law or national legislation adopted in accordance with Union law from excluding compensation for making data available or providing for lower compensation.
6. 本条并不排除其他欧盟法律或根据欧盟法律通过的国家立法排除对提供数据的补偿或规定较低的补偿。
7. The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can assess whether the requirements of paragraphs 1 to 4 are met.
7. 数据持有者应向数据接收者提供足够详细的信息,说明赔偿计算的依据,以便数据接收者能够评估是否满足第 1 款至第 4 款的要求。
Article 10 第十条
Dispute settlement 纠纷解决
1.
Users, data holders and data recipients shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes pursuant to Article 4(3) and (9) and Article 5(12) as well as disputes relating to the fair, reasonable and non-discriminatory terms and conditions for, and transparent manner of, making data available in accordance with this Chapter and Chapter IV.
用户、数据持有者和数据接收者应有权联系根据本条第 5 款认证的争议解决机构,根据第 4 条第(3)款和第(9)款以及第 5 条第(12)款解决争议以及争议涉及根据本章和第四章提供数据的公平、合理和非歧视性条款和条件以及透明方式。
2. Dispute settlement bodies shall make the fees, or the mechanisms used to determine the fees, known to the parties concerned before those parties request a decision.
2. 争议解决机构应在有关各方请求作出决定之前告知其费用或用于确定费用的机制。
3.
For disputes referred to a dispute settlement body pursuant to Article 4(3) and (9) and Article 5(12), where the dispute settlement body decides a dispute in favour of the user or of the data recipient, the data holder shall bear all the fees charged by the dispute settlement body and shall reimburse that user or that data recipient for any other reasonable expenses that it has incurred in relation to the dispute settlement.
对于根据第四条第(三)项和第(九)项以及第五条第(十二)项提交争议解决机构的争议,如果争议解决机构做出有利于用户或数据接收者的争议,数据持有者应承担以下责任:争议解决机构收取的所有费用,并应补偿该用户或数据接收者因争议解决而产生的任何其他合理费用。
If the dispute settlement body decides a dispute in favour of the data holder, the user or the data recipient shall not be required to reimburse any fees or other expenses that the data holder paid or is to pay in relation to the dispute settlement, unless the dispute settlement body finds that the user or the data recipient manifestly acted in bad faith.
如果争议解决机构裁定争议有利于数据持有者,则用户或数据接收者无需偿还数据持有者已经支付或将支付的与争议解决相关的任何费用或其他费用,除非争议解决机构认为用户或数据接收者的行为明显具有恶意。
4.
Customers and providers of data processing services shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes relating to breaches of the rights of customers and the obligations of providers of data processing services, in accordance with Articles 23 to 31.
客户和数据处理服务提供商应有权根据本条第 5 款规定,通过经认证的争议解决机构来解决与侵犯客户权利和数据处理服务提供商义务相关的争议。第二十三条至第三十一条。
5. The Member State where the dispute settlement body is established shall, at the request of that body, certify that body where it has demonstrated that it meets all of the following conditions:
5. 设立争端解决机构的成员国应根据该机构的要求,对该机构进行认证,证明其满足以下所有条件:
(a) (A) |
it is impartial and independent, and it is to issue its decisions in accordance with clear, non-discriminatory and fair rules of procedure; |
(b) (二) |
it has the necessary expertise, in particular in relation to fair, reasonable and non-discriminatory terms and conditions, including compensation, and on making data available in a transparent manner, allowing the body to effectively determine those terms and conditions; |
(c) (C) |
it is easily accessible through electronic communication technology; |
(d) (四) |
it is capable of adopting its decisions in a swift, efficient and cost-effective manner in at least one official language of the Union. |
6. Member States shall notify to the Commission the dispute settlement bodies certified in accordance with paragraph 5. The Commission shall publish a list of those bodies on a dedicated website and keep it updated.
6. 成员国应向委员会通报根据第 5 款认证的争端解决机构。委员会应在专门网站上公布这些机构的名单并保持更新。
7. A dispute settlement body shall refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.
7. 争端解决机构应拒绝处理已提交另一争端解决机构或成员国法院或法庭的争端解决请求。
8. A dispute settlement body shall grant parties the possibility, within a reasonable period of time, to express their points of view on the matters those parties have brought before that body.
8. 争端解决机构应给予各方在合理时间内就各方向该机构提交的事项表达观点的可能性。
In that context, each party to a dispute shall be provided with the submissions of the other party to their dispute and any statements made by experts. The parties shall be given the possibility to comment on those submissions and statements.
在这种情况下,应向争议各方提供争议另一方提交的材料以及专家的任何陈述。各方应有权对这些提交和声明发表评论。
9. A dispute settlement body shall adopt its decision on a matter referred to it within 90 days of receipt of a request pursuant to paragraphs 1 and 4. That decision shall be in writing or on a durable medium and shall be supported by a statement of reasons.
9. 争端解决机构应在收到根据第 1 款和第 4 款提出的请求后 90 天内就提交给它的事项作出决定。该决定应采用书面形式或采用持久介质,并应有以下声明的支持:原因。
10. Dispute settlement bodies shall draw up and make publicly available annual activity reports. Such annual reports shall include, in particular, the following general information:
10. 争端解决机构应起草并公布年度活动报告。此类年度报告应特别包括以下一般信息:
(a) (A) |
an aggregation of the outcomes of disputes; |
(b) (二) |
the average time taken to resolve disputes; |
(c) (C) |
the most common reasons for disputes. |
11. In order to facilitate the exchange of information and best practices, a dispute settlement body may decide to include recommendations in the report referred to in paragraph 10 as to how problems can be avoided or resolved.
11. 为了促进信息和最佳做法的交流,争端解决机构可决定在第 10 段提及的报告中纳入关于如何避免或解决问题的建议。
12. The decision of a dispute settlement body shall be binding on the parties only if the parties have explicitly consented to its binding nature prior to the start of the dispute settlement proceedings.
12. 只有当事方在争端解决程序开始前明确同意其裁决的约束力时,争端解决机构的决定才对各方具有约束力。
13. This Article does not affect the right of parties to seek an effective remedy before a court or tribunal of a Member State.
13. 本条不影响当事人向成员国法院或法庭寻求有效补救的权利。
Article 11 第十一条
Technical protection measures on the unauthorised use or disclosure of data
针对未经授权使用或泄露数据的技术保护措施
1.
A data holder may apply appropriate technical protection measures, including smart contracts and encryption, to prevent unauthorised access to data, including metadata, and to ensure compliance with Articles 4, 5, 6, 8 and 9, as well as with the agreed contractual terms for making data available.
数据持有者可以采用适当的技术保护措施,包括智能合约和加密,以防止未经授权访问数据,包括元数据,并确保遵守第4、5、6、8和9条以及商定的合同条款使数据可用。
Such technical protection measures shall not discriminate between data recipients or hinder a user’s right to obtain a copy of, retrieve, use or access data, to provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation adopted in accordance with Union law.
此类技术保护措施不得歧视数据接收者,也不得妨碍用户获取数据副本、检索、使用或访问数据的权利,根据第 5 条向第三方提供数据的权利,或第三方根据欧盟法律或国家法律享有的任何权利。根据联盟法通过的立法。
Users, third parties and data recipients shall not alter or remove such technical protection measures unless agreed by the data holder.
除非数据持有者同意,用户、第三方和数据接收者不得改变或解除该等技术保护措施。
2. In the circumstances referred to in paragraph 3, the third party or data recipient shall comply, without undue delay, with the requests of the data holder and, where applicable and where they are not the same person, the trade secret holder or the user:
2. 在第 3 款所述情况下,第三方或数据接收方应立即遵守数据持有者的要求,并且在适用的情况下且如果他们不是同一个人,则应遵守商业秘密持有者或数据持有者的要求。用户:
(a) (A) |
to erase the data made available by the data holder and any copies thereof; |
(b) (二) |
to end the production, offering or placing on the market or use of goods, derivative data or services produced on the basis of knowledge obtained through such data, or the importation, export or storage of infringing goods for those purposes, and destroy any infringing goods, where there is a serious risk that the unlawful use of those data will cause significant harm to the data holder, the trade secret holder or the user or where such a measure would not be disproportionate in light of the interests of the data holder, the trade secret holder or the user; |
(c) (C) |
to inform the user of the unauthorised use or disclosure of the data and of the measures taken to put an end to the unauthorised use or disclosure of the data; |
(d) (四) |
to compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data. |
3. Paragraph 2 shall apply where a third party or a data recipient has:
3. 第 2 款适用于第三方或数据接收者有以下情况的情况:
(a) (A) |
for the purposes of obtaining data, provided false information to a data holder, deployed deceptive or coercive means or abused gaps in the technical infrastructure of the data holder designed to protect the data; |
(b) (二) |
used the data made available for unauthorised purposes, including the development of a competing connected product within the meaning of Article 6(2), point (e); |
(c) (C) |
unlawfully disclosed data to another party; |
(d) (四) |
not maintained the technical and organisational measures agreed pursuant to Article 5(9); or |
(e) (五) |
altered or removed technical protection measures applied by the data holder pursuant to paragraph 1 of this Article without the agreement of the data holder. |
4.
Paragraph 2 shall also apply where a user alters or removes technical protection measures applied by the data holder or does not maintain the technical and organisational measures taken by the user in agreement with the data holder or, where they are not the same person, the trade secrets holder, in order to preserve trade secrets, as well as in respect of any other party that receives the data from the user by means of an infringement of this Regulation.
如果用户更改或删除数据持有者所采用的技术保护措施,或者不按照与数据持有者或(如果他们不是同一个人)协议维持用户所采取的技术和组织措施,则第 2 款也适用。秘密持有人,以保护商业秘密,以及通过违反本条例的方式从用户处接收数据的任何其他方。
5. Where the data recipient infringes Article 6(2), point (a) or (b), users shall have the same rights as data holders under paragraph 2 of this Article.
5. 如果数据接收者违反第 6 条第(2)款(a)或(b)点的规定,用户应享有与数据持有者相同的本条第 2 款规定的权利。
Article 12 第十二条
Scope of obligations for data holders obliged pursuant to Union law to make data available
根据欧盟法律,数据持有者有义务提供数据的义务范围
1. This Chapter shall apply where, in business-to-business relations, a data holder is obliged under Article 5 or under applicable Union law or national legislation adopted in accordance with Union law, to make data available to a data recipient.
1. 本章适用于在企业对企业关系中,数据持有者根据第 5 条或适用的联盟法律或根据联盟法律通过的国家立法有义务向数据接收者提供数据的情况。
2. A contractual term in a data sharing agreement which, to the detriment of one party, or, where applicable, to the detriment of the user, excludes the application of this Chapter, derogates from it, or varies its effect, shall not be binding on that party.
2. 数据共享协议中的合同条款,若损害一方利益,或在适用的情况下损害用户利益,排除本章的适用、减损本章或改变其效果,则不得对该方具有约束力。
CHAPTER IV 第四章
UNFAIR CONTRACTUAL TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
与企业间数据访问和使用相关的不公平合同条款
Article 13 第十三条
Unfair contractual terms unilaterally imposed on another enterprise
单方面向另一企业强加不公平的合同条款
1.
A contractual term concerning access to and the use of data or liability and remedies for the breach or the termination of data related obligations, which has been unilaterally imposed by an enterprise on another enterprise, shall not be binding on the latter enterprise if it is unfair.
一个企业单方面向另一企业强加的涉及数据访问和使用的合同条款或者违反或终止数据相关义务的责任和补救措施,如果不公平,则对该企业不具有约束力。
2. A contractual term which reflects mandatory provisions of Union law, or provisions of Union law which would apply if the contractual terms did not regulate the matter, shall not be considered to be unfair.
2. 反映联盟法强制性规定的合同条款,或在合同条款未规范该事项时适用的联盟法规定,不应被视为不公平。
3. A contractual term is unfair if it is of such a nature that its use grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing.
3. 如果合同条款的使用严重偏离数据访问和使用方面的良好商业惯例,违反诚信和公平交易,则该合同条款不公平。
4. In particular, a contractual term shall be unfair for the purposes of paragraph 3, if its object or effect is to:
4. 特别是,就第 3 款而言,如果合同条款的目的或效果是:
(a) (A) |
exclude or limit the liability of the party that unilaterally imposed the term for intentional acts or gross negligence; |
(b) (二) |
exclude the remedies available to the party upon whom the term has been unilaterally imposed in the case of non-performance of contractual obligations, or the liability of the party that unilaterally imposed the term in the case of a breach of those obligations; |
(c) (C) |
give the party that unilaterally imposed the term the exclusive right to determine whether the data supplied are in conformity with the contract or to interpret any contractual term. |
5. A contractual term shall be presumed to be unfair for the purposes of paragraph 3 if its object or effect is to:
5. 就第 3 款而言,如果合同条款的目的或效果是:
(a) (A) |
inappropriately limit remedies in the case of non-performance of contractual obligations or liability in the case of a breach of those obligations, or extend the liability of the enterprise upon whom the term has been unilaterally imposed; |
(b) (二) |
allow the party that unilaterally imposed the term to access and use the data of the other contracting party in a manner that is significantly detrimental to the legitimate interests of the other contracting party, in particular when such data contain commercially sensitive data or are protected by trade secrets or by intellectual property rights; |
(c) (C) |
prevent the party upon whom the term has been unilaterally imposed from using the data provided or generated by that party during the period of the contract, or to limit the use of such data to the extent that that party is not entitled to use, capture, access or control such data or exploit the value of such data in an adequate manner; |
(d) (四) |
prevent the party upon whom the term has been unilaterally imposed from terminating the agreement within a reasonable period; |
(e) (五) |
prevent the party upon whom the term has been unilaterally imposed from obtaining a copy of the data provided or generated by that party during the period of the contract or within a reasonable period after the termination thereof; |
(f) (F) |
enable the party that unilaterally imposed the term to terminate the contract at unreasonably short notice, taking into consideration any reasonable possibility of the other contracting party to switch to an alternative and comparable service and the financial detriment caused by such termination, except where there are serious grounds for so doing; |
(g) (G) |
enable the party that unilaterally imposed the term to substantially change the price specified in the contract or any other substantive condition related to the nature, format, quality or quantity of the data to be shared, where no valid reason and no right of the other party to terminate the contract in the case of such a change is specified in the contract. |
Point (g) of the first subparagraph shall not affect terms by which the party that unilaterally imposed the term reserves the right to unilaterally change the terms of a contract of an indeterminate duration, provided that the contract specified a valid reason for such unilateral changes, that the party that unilaterally imposed the term is required to provide the other contracting party with reasonable notice of any such intended change, and that the other contracting party is free to terminate the contract at no cost in the case of a change.
第一段 (g) 点不应影响单方面施加该条款的一方保留单方面更改无限期合同条款的权利的条款,前提是合同规定了此类单方面更改的有效理由,单方面施加该条款的一方必须就任何此类预期变更向另一缔约方提供合理通知,并且在发生变更的情况下,另一缔约方可以免费终止合同。
6. A contractual term shall be considered to be unilaterally imposed within the meaning of this Article if it has been supplied by one contracting party and the other contracting party has not been able to influence its content despite an attempt to negotiate it.
6. 如果合同条款是由一个缔约方提供的,而另一缔约方尽管试图对其进行谈判但仍无法影响其内容,则应被视为本条含义内单方面强加的合同条款。
The contracting party that supplied the contractual term bears the burden of proving that that term has not been unilaterally imposed. The contracting party that supplied the contested contractual term may not argue that the term is an unfair contractual term.
提供合同条款的缔约方有责任证明该条款不是单方面强加的。提供有争议的合同条款的缔约方不得辩称该条款是不公平的合同条款。
7. Where the unfair contractual term is severable from the remaining terms of the contract, those remaining terms shall be binding.
7. 如果不公平合同条款与合同的其余条款可分割,则其余条款具有约束力。
8. This Article does not apply to contractual terms defining the main subject matter of the contract or to the adequacy of the price, as against the data supplied in exchange.
8. 本条不适用于定义合同主要标的的合同条款,也不适用于相对于交换中提供的数据的价格的充足性。
9. The parties to a contract covered by paragraph 1 shall not exclude the application of this Article, derogate from it, or vary its effects.
9. 第 1 款所涵盖的合同当事人不得排除本条的适用、减损本条或改变其效力。
CHAPTER V 第五章
MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES, THE COMMISSION, THE EUROPEAN CENTRAL BANK AND UNION BODIES ON THE BASIS OF AN EXCEPTIONAL NEED
根据特殊需要向公共部门机构、委员会、欧洲中央银行和工会机构提供数据
Article 14 第十四条
Obligation to make data available on the basis of an exceptional need
根据特殊需要提供数据的义务
Where a public sector body, the Commission, the European Central Bank or a Union body demonstrates an exceptional need, as set out in Article 15, to use certain data, including the relevant metadata necessary to interpret and use those data, to carry out its statutory duties in the public interest, data holders that are legal persons, other than public sectors bodies, which hold those data shall make them available upon a duly reasoned request.
当公共部门机构、委员会、欧洲中央银行或联盟机构表现出第 15 条规定的特殊需要时,需要使用某些数据,包括解释和使用这些数据所需的相关元数据,以执行其出于公共利益的法定职责,持有这些数据的法人(公共部门机构除外)的数据持有者应根据合理的请求提供这些数据。
Article 15 第十五条
Exceptional need to use data
特殊情况需要使用数据
1. An exceptional need to use certain data within the meaning of this Chapter shall be limited in time and scope and shall be considered to exist only in any of the following circumstances:
1. 本章含义内的某些数据的特殊需要应在时间和范围上受到限制,并且仅在下列情况之一时才被视为存在:
(a) (A) |
where the data requested is necessary to respond to a public emergency and the public sector body, the Commission, the European Central Bank or the Union body is unable to obtain such data by alternative means in a timely and effective manner under equivalent conditions; |
(b) (二) |
in circumstances not covered by point (a) and only insofar as non-personal data is concerned, where:
|
2. Paragraph 1, point (b), shall not apply to microenterprises and small enterprises.
2. 第 1 款 (b) 点不适用于微型企业和小型企业。
3.
The obligation to demonstrate that the public sector body was unable to obtain non-personal data by purchasing them on the market shall not apply where the specific task carried out in the public interest is the production of official statistics and where the purchase of such data is not allowed by national law.
如果为了公共利益而执行的具体任务是编制官方统计数据,并且购买此类数据是为了公共利益,则证明公共部门机构无法通过在市场上购买非个人数据来获取非个人数据的义务不适用。国家法律不允许。
Article 16 第十六条
Relationship with other obligations to make data available to public sector bodies, the Commission, the European Central Bank and Union bodies
与向公共部门机构、委员会、欧洲中央银行和联盟机构提供数据的其他义务的关系
1. This Chapter shall not affect the obligations laid down in Union or national law for the purposes of reporting, complying with requests for access to information or demonstrating or verifying compliance with legal obligations.
1. 本章不应影响联盟或国家法律规定的报告、遵守信息获取请求或证明或核实遵守法律义务的义务。
2.
This Chapter shall not apply to public sector bodies, the Commission, the European Central Bank or Union bodies carrying out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or to customs or taxation administration.
本章不适用于从事预防、调查、侦查或起诉刑事或行政犯罪或执行刑事处罚活动的公共部门机构、委员会、欧洲中央银行或联盟机构,也不适用于海关或税务管理机构。
This Chapter does not affect applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.
本章不影响有关预防、调查、侦查或起诉刑事或行政犯罪或执行刑事或行政处罚或海关或税务管理的适用的欧盟和国家法律。
Article 17 第十七条
Requests for data to be made available
要求提供数据
1. When requesting data pursuant to Article 14, a public sector body, the Commission, the European Central Bank or a Union body shall:
1. 根据第 14 条要求提供数据时,公共部门机构、委员会、欧洲中央银行或联盟机构应:
(a) (A) |
specify the data required, including the relevant metadata necessary to interpret and use those data; |
(b) (二) |
demonstrate that the conditions necessary for the existence of an exceptional need as referred to in Article 15 for the purpose of which the data are requested are met; |
(c) (C) |
explain the purpose of the request, the intended use of the data requested, including, where applicable, by a third party in accordance with paragraph 4 of this Article, the duration of that use, and, where relevant, how the processing of personal data is to address the exceptional need; |
(d) (四) |
specify, if possible, when the data are expected to be erased by all parties that have access to them; |
(e) (五) |
justify the choice of data holder to which the request is addressed; |
(f) (F) |
specify any other public sector bodies or the Commission, European Central Bank or Union bodies and the third parties with which the data requested is expected to be shared with; |
(g) (G) |
where personal data are requested, specify any technical and organisational measures necessary and proportionate to implement data protection principles and necessary safeguards, such as pseudonymisation, and whether anonymisation can be applied by the data holder before making the data available; |
(h) (H) |
state the legal provision allocating to the requesting public sector body, the Commission, the European Central Bank or the Union body the specific task carried out in the public interest relevant for requesting the data; |
(i) (我) |
specify the deadline by which the data are to be made available and the deadline referred to in Article 18(2) by which the data holder may decline or seek modification of the request; |
(j) |
make its best efforts to avoid compliance with the data request resulting in the data holders’ liability for infringement of Union or national law. |
2. A request for data made pursuant to paragraph 1 of this Article shall:
2. 根据本条第 1 款提出的数据请求应:
(a) (A) |
be made in writing and expressed in clear, concise and plain language understandable to the data holder; |
(b) (二) |
be specific regarding the type of data requested and correspond to data which the data holder has control over at the time of the request; |
(c) (C) |
be proportionate to the exceptional need and duly justified, regarding the granularity and volume of the data requested and frequency of access of the data requested; |
(d) (四) |
respect the legitimate aims of the data holder, committing to ensuring the protection of trade secrets in accordance with Article 19(3), and the cost and effort required to make the data available; |
(e) (五) |
concern non-personal data, and only if this is demonstrated to be insufficient to respond to the exceptional need to use data, in accordance with Article 15(1), point (a), request personal data in pseudonymised form and establish the technical and organisational measures that are to be taken to protect the data; |
(f) (F) |
inform the data holder of the penalties that are to be imposed pursuant to Article 40 by the competent authority designated pursuant to Article 37 in the event of non-compliance with the request; |
(g) (G) |
where the request is made by a public sector body, be transmitted to the data coordinator referred to in Article 37 of the Member State where the requesting public sector body is established, who shall make the request publicly available online without undue delay unless the data coordinator considers that such publication would create a risk for public security; |
(h) (H) |
where the request is made by the Commission, the European Central Bank or a Union body, be made available online without undue delay; |
(i) (我) |
where personal data are requested, be notified without undue delay to the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 in the Member State where the public sector body is established. |
The European Central Bank and Union bodies shall inform the Commission of their requests.
欧洲中央银行和联盟机构应将其请求通知委员会。
3. A public sector body, the Commission, the European Central Bank or a Union body shall not make data obtained pursuant to this Chapter available for reuse as defined in Article 2, point (2), of Regulation (EU) 2022/868 or Article 2, point (11), of Directive (EU) 2019/1024.
3. 公共部门机构、委员会、欧洲中央银行或联盟机构不得将根据本章获得的数据用于重复使用(如 (EU) 2022/868 条例第 2 条第 (2) 点或(EU) 2019/1024 号指令第 2 条第 (11) 点。
Regulation (EU) 2022/868 and Directive (EU) 2019/1024 shall not apply to the data held by public sector bodies obtained pursuant to this Chapter.
(EU) 2022/868 条例和 (EU) 2019/1024 指令不适用于公共部门机构根据本章获得的数据。
4.
Paragraph 3 of this Article does not preclude a public sector body, the Commission, the European Central Bank or a Union body to exchange data obtained pursuant to this Chapter with another public sector body or the Commission, the European Central Bank or a Union body in view of completing the tasks referred to in Article 15, as specified in the request in accordance with paragraph 1, point (f), of this Article or to make the data available to a third party where it has delegated, by means of a publicly available agreement, technical inspections or other functions to that third party.
本条第 3 款并不排除公共部门机构、委员会、欧洲中央银行或联盟机构与其他公共部门机构或委员会、欧洲中央银行或联盟机构交换根据本章获得的数据。为了完成根据本条第 1 款第 (f) 点提出的请求中规定的第 15 条所述任务,或通过公开方式将数据提供给其委托的第三方该第三方可用的协议、技术检查或其他功能。
The obligations on public sector bodies pursuant to Article 19, in particular safeguards to preserve the confidentiality of trade secrets, shall apply also to such third parties.
第 19 条规定的公共部门机构的义务,特别是保护商业秘密的保密措施,也适用于此类第三方。
Where a public sector body, the Commission, the European Central Bank or a Union body transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received without undue delay.
如果公共部门机构、委员会、欧洲中央银行或联盟机构根据本款传输或提供数据,则应立即通知从其接收数据的数据持有者。
5.
Where the data holder considers that its rights under this Chapter have been infringed by the transmission or making available of data, it may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果数据持有者认为其在本章下的权利因传输或提供数据而受到侵犯,则可以向数据持有者所在成员国根据第 37 条指定的主管当局提出投诉。
6. The Commission shall develop a model template for requests pursuant to this Article.
6. 委员会应根据本条制定请求的模型模板。
Article 18 第十八条
Compliance with requests for data
遵守数据请求
1.
A data holder receiving a request to make data available under this Chapter shall make the data available to the requesting public sector body, the Commission, the European Central Bank or a Union body without undue delay, taking into account necessary technical, organisational and legal measures.
收到本章规定的提供数据请求的数据持有者应立即向提出请求的公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据,同时考虑必要的技术、组织和法律措施。
2.
Without prejudice to specific needs regarding the availability of data defined in Union or national law, a data holder may decline or seek the modification of a request to make data available under this Chapter without undue delay and, in any event, no later than five working days after the receipt of a request for the data necessary to respond to a public emergency and without undue delay and, in any event, no later than 30 working days after the receipt of such a request in other cases of an exceptional need, on any of the following grounds:
在不损害欧盟或国家法律中定义的有关数据可用性的特定需求的情况下,数据持有者可以拒绝或寻求修改根据本章提供数据的请求,不得无故拖延,并且在任何情况下不得迟于五个工作时间在收到应对公共紧急情况所需数据的请求后数天内,并且不得无故拖延,并且在任何情况下,在其他特殊需要的情况下,不得迟于收到此类请求后 30 个工作日,出于以下理由:
(a) (A) |
the data holder does not have control over the data requested; |
(b) (二) |
a similar request for the same purpose has been previously submitted by another public sector body or the Commission, the European Central Bank or a Union body and the data holder has not been notified of the erasure of the data pursuant to Article 19(1), point (c); |
(c) (C) |
the request does not meet the conditions laid down in Article 17(1) and (2). |
3.
If the data holder decides to decline the request or to seek its modification in accordance with paragraph 2, point (b), it shall indicate the identity of the public sector body or the Commission, the European Central Bank or the Union body that previously submitted a request for the same purpose.
如果数据持有者决定拒绝请求或根据第 2 款 (b) 点寻求修改,则应表明先前提交请求的公共部门机构或委员会、欧洲中央银行或欧盟机构的身份出于同一目的的请求。
4.
Where the data requested includes personal data, the data holder shall properly anonymise the data, unless the compliance with the request to make data available to a public sector body, the Commission, the European Central Bank or a Union body requires the disclosure of personal data.
如果所请求的数据包括个人数据,数据持有者应适当地匿名化数据,除非为了满足向公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据的要求而要求披露个人数据。
In such cases, the data holder shall pseudonymise the data.
在这种情况下,数据持有者应对数据进行假名处理。
5.
Where the public sector body, the Commission, the European Central Bank or the Union body wishes to challenge a data holder’s refusal to provide the data requested, or where the data holder wishes to challenge the request and the matter cannot be resolved by an appropriate modification of the request, the matter shall be referred to the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果公共部门机构、委员会、欧洲中央银行或联盟机构希望对数据持有者拒绝提供所请求的数据提出质疑,或者数据持有者希望对请求提出质疑,但问题无法通过适当的修改来解决收到请求后,该事项应提交给数据持有者所在成员国根据第 37 条指定的主管机构。
Article 19 第十九条
Obligations of public sector bodies, the Commission, the European Central Bank and Union bodies
公共部门机构、委员会、欧洲中央银行和联盟机构的义务
1. A public sector body, the Commission, the European Central Bank or a Union body receiving data pursuant to a request made under Article 14 shall:
1. 根据第 14 条提出的请求接收数据的公共部门机构、委员会、欧洲中央银行或联盟机构应:
(a) (A) |
not use the data in a manner incompatible with the purpose for which they were requested; |
(b) (二) |
have implemented technical and organisational measures that preserve the confidentiality and integrity of the requested data and the security of the data transfers, in particular personal data, and safeguard the rights and freedoms of data subjects; |
(c) (C) |
erase the data as soon as they are no longer necessary for the stated purpose and inform the data holder and individuals or organisations that received the data pursuant to Article 21(1) without undue delay that the data have been erased, unless archiving of the data is required in accordance with Union or national law on public access to documents in the context of transparency obligations. |
2. A public sector body, the Commission, the European Central Bank, a Union body or a third party receiving data under this Chapter shall not:
2. 根据本章规定接收数据的公共部门机构、委员会、欧洲中央银行、欧盟机构或第三方不得:
(a) (A) |
use the data or insights about the economic situation, assets and production or operation methods of the data holder to develop or enhance a connected product or related service that competes with the connected product or related service of the data holder; |
(b) (二) |
share the data with another third party for any of the purposes referred to in point (a). |
3. Disclosure of trade secrets to a public sector body, the Commission, the European Central Bank or a Union body shall be required only to the extent that it is strictly necessary to achieve the purpose of a request under Article 15.
3. 向公共部门机构、委员会、欧洲中央银行或联盟机构披露商业秘密的要求仅限于为实现第 15 条规定的请求目的所必需的范围内。
In such a case, the data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata.
在这种情况下,数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据中的数据。
The public sector body, the Commission, the European Central Bank or the Union body shall, prior to the disclosure of trade secrets, take all necessary and appropriate technical and organisational measures to preserve the confidentiality of the trade secrets, including, as appropriate, the use of model contractual terms, technical standards and the application of codes of conduct.
公共部门机构、委员会、欧洲中央银行或联盟机构应在披露商业秘密之前,采取一切必要和适当的技术和组织措施来保守商业秘密的机密性,包括酌情使用示范合同条款、技术标准和行为准则的应用。
4. A public sector body, the Commission, the European Central Bank or a Union body shall be responsible for the security of the data it receives.
4. 公共部门机构、委员会、欧洲中央银行或联盟机构应对其收到的数据的安全负责。
Article 20 第二十条
Compensation in cases of an exceptional need
特殊需要时的补偿
1. Data holders other than microenterprises and small enterprises shall make available data necessary to respond to a public emergency pursuant to Article 15(1), point (a), free of charge.
1.微型企业和小型企业以外的数据持有者应根据第15条第(1)款(a)项免费提供应对公共紧急情况所需的数据。
The public sector body, the Commission, the European Central Bank or the Union body that has received data shall provide public acknowledgement to the data holder if requested by the data holder.
如果数据持有者提出要求,收到数据的公共部门机构、委员会、欧洲中央银行或联盟机构应向数据持有者提供公开确认。
2. The data holder shall be entitled to fair compensation for making data available in compliance with a request made pursuant to Article 15(1), point (b).
2. 数据持有者应有权因按照第 15 条第 (1) 款 (b) 点提出的请求提供数据而获得公平补偿。
Such compensation shall cover the technical and organisational costs incurred to comply with the request including, where applicable, the costs of anonymisation, pseudonymisation, aggregation and of technical adaptation, and a reasonable margin.
此类补偿应涵盖为遵守请求而产生的技术和组织成本,包括(如适用)匿名化、假名化、聚合和技术适应的成本以及合理的利润。
Upon request of the public sector body, the Commission, the European Central Bank or the Union body, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
应公共部门机构、委员会、欧洲中央银行或联盟机构的要求,数据持有者应提供有关成本和合理利润计算基础的信息。
3. Paragraph 2 shall also apply where a microenterprise and small enterprise claims compensation for making data available.
三、小微企业因提供数据而要求赔偿的,亦适用第二款规定。
4.
Data holders shall not be entitled to compensation for making data available in compliance with a request made pursuant to Article 15(1), point (b), where the specific task carried out in the public interest is the production of official statistics and where the purchase of data is not allowed by national law.
如果为了公共利益而执行的具体任务是编制官方统计数据,并且国家法律不允许购买数据。
Member States shall notify the Commission where the purchase of data for the production of official statistics is not allowed by national law.
如果国家法律不允许购买数据用于制作官方统计数据,成员国应通知委员会。
5.
Where the public sector body, the Commission, the European Central Bank or the Union body disagrees with the level of compensation requested by the data holder, they may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果公共部门机构、委员会、欧洲中央银行或联盟机构不同意数据持有者要求的赔偿水平,他们可以向数据所在成员国根据第 37 条指定的主管当局提出投诉。持有者成立。
Article 21 第二十一条
Sharing of data obtained in the context of an exceptional need with research organisations or statistical bodies
与研究组织或统计机构共享在特殊需要的情况下获得的数据
1. A public sector body, the Commission, the European Central Bank or a Union body shall be entitled to share data received under this Chapter:
1. 公共部门机构、委员会、欧洲中央银行或联盟机构应有权共享根据本章收到的数据:
(a) (A) |
with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested; or |
(b) (二) |
with national statistical institutes and Eurostat for the production of official statistics. |
2. Individuals or organisations receiving the data pursuant to paragraph 1 shall act on a not-for-profit basis or in the context of a public-interest mission recognised in Union or national law.
2. 根据第 1 款接收数据的个人或组织应以非营利为目的或在欧盟或国家法律认可的公共利益使命的背景下行事。
They shall not include organisations upon which commercial undertakings have a significant influence which is likely to result in preferential access to the results of the research.
它们不应包括商业企业具有重大影响力并可能导致优先获得研究成果的组织。
3. Individuals or organisations receiving the data pursuant to paragraph 1 of this Article shall comply with the same obligations that are applicable to the public sector bodies, the Commission, the European Central Bank or Union bodies pursuant to Article 17(3) and Article 19.
3. 根据本条第 1 款接收数据的个人或组织应遵守根据第 17 条第(3)款和第 19 条适用于公共部门机构、委员会、欧洲中央银行或联盟机构的相同义务。
4.
Notwithstanding Article 19(1), point (c), individuals or organisations receiving the data pursuant to paragraph 1 of this Article may keep the data received for the purpose for which the data was requested for up to six months following erasure of the data by the public sector bodies, the Commission, the European Central Bank and Union bodies.
尽管有第 19 条第 (1) 款 (c) 点的规定,根据本条第 1 款接收数据的个人或组织可以出于请求数据的目的而在删除数据后将收到的数据保留最多六个月。公共部门机构、委员会、欧洲中央银行和联盟机构。
5.
Where a public sector body, the Commission, the European Central Bank or a Union body intends to transmit or make data available under paragraph 1 of this Article, it shall notify without undue delay the data holder from whom the data was received, stating the identity and contact details of the organisation or the individual receiving the data, the purpose of the transmission or making available of the data, the period for which the data is to be used and the technical protection and organisational measures taken, including where personal data or trade secrets are involved.
如果公共部门机构、委员会、欧洲中央银行或联盟机构打算根据本条第 1 款传输或提供数据,则应立即通知从其收到数据的数据持有者,说明其身份接收数据的组织或个人的联系方式、传输或提供数据的目的、使用数据的期限以及采取的技术保护和组织措施,包括个人数据或交易的地点涉及秘密。
Where the data holder disagrees with the transmission or making available of data, it may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果数据持有者不同意传输或提供数据,可以向数据持有者所在成员国根据第 37 条指定的主管当局提出投诉。
Article 22 第二十二条
Mutual assistance and cross-border cooperation
互助跨境合作
1. Public sector bodies, the Commission, the European Central Bank and Union bodies shall cooperate and assist one another, to implement this Chapter in a consistent manner.
1. 公共部门机构、委员会、欧洲中央银行和联盟机构应相互合作和协助,以一致的方式实施本章。
2. Any data exchanged in the context of assistance requested and provided pursuant to paragraph 1 shall not be used in a manner incompatible with the purpose for which they were requested.
2. 在根据第 1 款请求和提供援助时交换的任何数据不得以与请求目的不相符的方式使用。
3. Where a public sector body intends to request data from a data holder established in another Member State, it shall first notify the competent authority designated pursuant to Article 37 in that Member State of that intention.
3. 如果公共部门机构打算向另一个成员国设立的数据持有者请求数据,则应首先将该意图通知该成员国根据第 37 条指定的主管当局。
This requirement shall also apply to requests by the Commission, the European Central Bank and Union bodies. The request shall be examined by the competent authority of the Member State where the data holder is established.
该要求也适用于委员会、欧洲中央银行和联盟机构的请求。该请求应由数据持有者所在成员国的主管当局进行审查。
4. After having examined the request in light of the requirements laid down in Article 17, the relevant competent authority shall, without undue delay, take one of the following actions:
4. 根据第十七条规定的要求审查请求后,有关主管当局应立即采取以下行动之一:
(a) (A) |
transmit the request to the data holder and, if applicable, advise the requesting public sector body, the Commission, the European Central Bank or the Union body of the need, if any, to cooperate with public sector bodies of the Member State in which the data holder is established with the aim of reducing the administrative burden on the data holder in complying with the request; |
(b) (二) |
reject the request on duly substantiated grounds in accordance with this Chapter. |
The requesting public sector body, the Commission, the European Central Bank and the Union body shall take into account the advice of and the grounds provided by the relevant competent authority pursuant to the first subparagraph before taking any further action such as resubmitting the request, if applicable.
提出请求的公共部门机构、委员会、欧洲中央银行和欧盟机构在采取任何进一步行动(例如重新提交请求)之前,应考虑相关主管当局根据第一分段提供的建议和理由,如果适用的。
CHAPTER VI 第六章
SWITCHING BETWEEN DATA PROCESSING SERVICES
在数据处理服务之间切换
Article 23 第二十三条
Removing obstacles to effective switching
消除有效切换的障碍
Providers of data processing services shall take the measures provided for in Articles 25, 26, 27, 29 and 30 to enable customers to switch to a data processing service, covering the same service type, which is provided by a different provider of data processing services, or to on-premises ICT infrastructure, or, where relevant, to use several providers of data processing services at the same time.
数据处理服务提供者应当采取第二十五条、第二十六条、第二十七条、第二十九条、第三十条规定的措施,使客户能够切换到由不同数据处理服务提供者提供的同一服务类型的数据处理服务。 ,或本地 ICT 基础设施,或在相关情况下同时使用多个数据处理服务提供商。
In particular, providers of data processing services shall not impose and shall remove pre-commercial, commercial, technical, contractual and organisational obstacles, which inhibit customers from:
特别是,数据处理服务提供商不得施加并应消除商业前、商业、技术、合同和组织障碍,这些障碍阻碍客户:
(a) |
terminating, after the maximum notice period and the successful completion of the switching process, in accordance with Article 25, the contract of the data processing service; |
(b) |
concluding new contracts with a different provider of data processing services covering the same service type; |
(c) |
porting the customer’s exportable data and digital assets, to a different provider of data processing services or to an on-premises ICT infrastructure, including after having benefited from a free-tier offering; |
(d) |
in accordance with Article 24, achieving functional equivalence in the use of the new data processing service in the ICT environment of a different provider of data processing services covering the same service type; |
(e) |
unbundling, where technically feasible, data processing services referred to in Article 30(1) from other data processing services provided by the provider of data processing services. |
Article 24 第二十四条
Scope of the technical obligations
技术义务的范围
The responsibilities of providers of data processing services laid down in Articles 23, 25, 29, 30 and 34 shall apply only to the services, contracts or commercial practices provided by the source provider of data processing services.
第二十三条、第二十五条、第二十九条、第三十条和第三十四条规定的数据处理服务提供者的责任仅适用于数据处理服务来源提供者提供的服务、合同或商业惯例。
Article 25 第二十五条
Contractual terms concerning switching
有关转换的合同条款
1. The rights of the customer and the obligations of the provider of data processing services in relation to switching between providers of such services or, where applicable, to an on-premises ICT infrastructure shall be clearly set out in a written contract.
1. 应在书面合同中明确规定客户的权利和数据处理服务提供商在此类服务提供商之间或适用的情况下本地 ICT 基础设施之间切换的权利和义务。
The provider of data processing services shall make that contract available to the customer prior to signing the contract in a way that allows the customer to store and reproduce the contract.
数据处理服务提供商应在签署合同之前以允许客户存储和复制合同的方式向客户提供该合同。
2. Without prejudice to Directive (EU) 2019/770, the contract referred to in paragraph 1 of this Article shall include at least the following:
2. 在不影响指令(EU)2019/770 的情况下,本条第 1 款提及的合同应至少包括以下内容:
(a) (A) |
clauses allowing the customer, upon request, to switch to a data processing service offered by a different provider of data processing services or to port all exportable data and digital assets to an on-premises ICT infrastructure, without undue delay and in any event not after the mandatory maximum transitional period of 30 calendar days, to be initiated after the maximum notice period referred to in point (d), during which the service contract remains applicable and during which the provider of data processing services shall:
|
(b) (二) |
an obligation of the provider of data processing services to support the customer’s exit strategy relevant to the contracted services, including by providing all relevant information; |
(c) (C) |
a clause specifying that the contract shall be considered to be terminated and the customer shall be notified of the termination, in one of the following cases:
|
(d) (四) |
a maximum notice period for initiation of the switching process, which shall not exceed two months; |
(e) (五) |
an exhaustive specification of all categories of data and digital assets that can be ported during the switching process, including, at a minimum, all exportable data; |
(f) (F) |
an exhaustive specification of categories of data specific to the internal functioning of the provider’s data processing service that are to be exempted from the exportable data under point (e) of this paragraph where a risk of breach of trade secrets of the provider exists, provided that such exemptions do not impede or delay the switching process provided for in Article 23; |
(g) (G) |
a minimum period for data retrieval of at least 30 calendar days, starting after the termination of the transitional period that was agreed between the customer and the provider of data processing services, in accordance with point (a) of this paragraph and paragraph 4; |
(h) (H) |
a clause guaranteeing full erasure of all exportable data and digital assets generated directly by the customer, or relating to the customer directly, after the expiry of the retrieval period referred to in point (g) or after the expiry of an alternative agreed period at a date later than the date of expiry of the retrieval period referred to in point (g), provided that the switching process has been completed successfully; |
(i) (我) |
switching charges, that may be imposed by providers of data processing services in accordance with Article 29. |
3.
The contract referred to in paragraph 1 shall include clauses providing that the customer may notify the provider of data processing services of its decision to perform one or more of the following actions upon termination of the maximum notice period referred to in paragraph 2, point (d):
第 1 款中提到的合同应包括这样的条款,规定客户可以通知数据处理服务提供商其决定在第 2 款第 (d) 点中提到的最长通知期限终止时执行以下一项或多项行动: ):
(a) (A) |
switch to a different provider of data processing services, in which case the customer shall provide the necessary details of that provider; |
(b) (二) |
switch to an on-premises ICT infrastructure; |
(c) (C) |
erase its exportable data and digital assets. |
4.
Where the mandatory maximum transitional period as provided for in paragraph 2, point (a) is technically unfeasible, the provider of data processing services shall notify the customer within 14 working days of the making of the switching request, and shall duly justify the technical unfeasibility and indicate an alternative transitional period, which shall not exceed seven months.
如果第 2 款 (a) 点规定的强制性最长过渡期在技术上不可行,数据处理服务提供商应在提出转换请求后 14 个工作日内通知客户,并应充分证明技术上不可行的理由并注明替代的过渡期,过渡期不得超过七个月。
In accordance with paragraph 1, service continuity shall be ensured throughout the alternative transitional period.
根据第 1 款,应在整个替代过渡期内确保服务连续性。
5. Without prejudice to paragraph 4, the contract referred to in paragraph 1 shall include clauses providing the customer with the right to extend the transitional period once for a period that the customer considers more appropriate for its own purposes.
5. 在不影响第 4 款的情况下,第 1 款提及的合同应包括条款,规定客户有权将过渡期延长一次,直至客户认为更适合其自身目的的期限。
Article 26 第二十六条
Information obligation of providers of data processing services
数据处理服务提供者的信息义务
The provider of data processing services shall provide the customer with:
数据处理服务提供商应向客户提供:
(a) (A) |
information on available procedures for switching and porting to the data processing service, including information on available switching and porting methods and formats as well as restrictions and technical limitations which are known to the provider of data processing services; |
(b) (二) |
a reference to an up-to-date online register hosted by the provider of data processing services, with details of all the data structures and data formats as well as the relevant standards and open interoperability specifications, in which the exportable data referred to in Article 25(2), point (e), are available. |
Article 27 第二十七条
Obligation of good faith 诚信义务
All parties involved, including destination providers of data processing services, shall cooperate in good faith to make the switching process effective, enable the timely transfer of data and maintain the continuity of the data processing service.
包括数据处理服务目的地提供者在内的各方应当真诚合作,使切换过程有效,确保数据及时转移,保持数据处理服务的连续性。
Article 28 第二十八条
Contractual transparency obligations on international access and transfer
国际访问和传输的合同透明度义务
1. Providers of data processing services shall make the following information available on their websites, and keep that information up to date:
1. 数据处理服务提供商应在其网站上提供以下信息,并及时更新该信息:
(a) (A) |
the jurisdiction to which the ICT infrastructure deployed for data processing of their individual services is subject; |
(b) (二) |
a general description of the technical, organisational and contractual measures adopted by the provider of data processing services in order to prevent international governmental access to or transfer of non-personal data held in the Union where such access or transfer would create a conflict with Union law or the national law of the relevant Member State. |
2. The websites referred to in paragraph 1 shall be listed in contracts for all data processing services offered by providers of data processing services.
2. 第 1 款中提到的网站应列在数据处理服务提供商提供的所有数据处理服务的合同中。
Article 29 第二十九条
Gradual withdrawal of switching charges
逐步取消转换费用
1. From 12 January 2027, providers of data processing services shall not impose any switching charges on the customer for the switching process.
1.自2027年1月12日起,数据处理服务提供商不得就转换过程向客户收取任何转换费用。
2. From 11 January 2024 to 12 January 2027, providers of data processing services may impose reduced switching charges on the customer for the switching process.
2. 2024年1月11日至2027年1月12日期间,数据处理服务提供商可以向客户收取较低的转换费用。
3. The reduced switching charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned.
3. 第 2 款中提到的减少的转换费用不得超过与相关转换过程直接相关的数据处理服务提供商所产生的成本。
4.
Before entering into a contract with a customer, providers of data processing services shall provide the prospective customer with clear information on the standard service fees and early termination penalties that might be imposed, as well as on the reduced switching charges that might be imposed during the timeframe referred to in paragraph 2.
在与客户签订合同之前,数据处理服务提供商应向潜在客户提供有关标准服务费和可能施加的提前终止罚款以及在服务期间可能施加的减少的转换费用的明确信息。第 2 段中提及的时间范围。
5.
Where relevant, providers of data processing services shall provide information to a customer on data processing services that involve highly complex or costly switching or for which it is impossible to switch without significant interference in the data, digital assets or service architecture.
在相关情况下,数据处理服务提供商应向客户提供涉及高度复杂或成本高昂的转换或在不对数据、数字资产或服务架构造成重大干扰的情况下不可能进行转换的数据处理服务的信息。
6. Where applicable, providers of data processing services shall make the information referred to in paragraphs 4 and 5 publicly available to customers via a dedicated section of their website or in any other easily accessible way.
6. 在适用的情况下,数据处理服务提供商应通过其网站的专门部分或以任何其他易于访问的方式向客户公开第 4 款和第 5 款中提到的信息。
7.
The Commission is empowered to adopt delegated acts in accordance with Article 45 to supplement this Regulation by establishing a monitoring mechanism for the Commission to monitor switching charges, imposed by providers of data processing services on the market to ensure that the withdrawal and reduction of switching charges, pursuant to paragraphs 1 and 2 of this Article are to be attained in accordance with the deadlines laid down in those paragraphs.
委员会有权根据第 45 条采取授权行为来补充本条例,建立委员会监督机制来监督市场上数据处理服务提供商征收的转换费用,以确保取消和减少转换费用,根据本条第 1 款和第 2 款,应按照这些款规定的期限完成。
Article 30 第三十条
Technical aspects of switching
切换的技术方面
1.
Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall, in accordance with Article 27, take all reasonable measures in their power to facilitate that the customer, after switching to a service covering the same service type, achieves functional equivalence in the use of the destination data processing service.
涉及可扩展和弹性计算资源的数据处理服务提供商,这些资源仅限于基础设施元素,例如服务器、网络和操作基础设施所需的虚拟资源,但不提供对所存储的操作服务、软件和应用程序的访问,否则处理或部署在这些基础设施要素上的,应根据第 27 条,在其权力范围内采取一切合理措施,以促进客户在切换到涵盖相同服务类型的服务后,在使用目的地时实现功能等效数据处理服务。
The source provider of data processing services shall facilitate the switching process by providing capabilities, adequate information, documentation, technical support and, where appropriate, the necessary tools.
数据处理服务的来源提供商应通过提供能力、充足的信息、文档、技术支持以及必要的工具(如适用)来促进转换过程。
2.
Providers of data processing services, other than those referred to in paragraph 1, shall make open interfaces available to an equal extent to all their customers and the concerned destination providers of data processing services free of charge to facilitate the switching process.
除第 1 款所述之外的数据处理服务提供商应向其所有客户和相关数据处理服务目标提供商提供同等程度的免费开放接口,以便利转换过程。
Those interfaces shall include sufficient information on the service concerned to enable the development of software to communicate with the services, for the purposes of data portability and interoperability.
这些接口应包括有关相关服务的足够信息,以便软件开发能够与服务进行通信,以实现数据可移植性和互操作性。
3.
For data processing services other than those referred to in paragraph 1 of this Article, providers of data processing services shall ensure compatibility with common specifications based on open interoperability specifications or harmonised standards for interoperability at least 12 months after the references to those common specifications or harmonised standards for interoperability of data processing services were published in the central Union standards repository for the interoperability of data processing services following the publication of the underlying implementing acts in the Official Journal of the European Union in accordance with Article 35(8).
对于本条第一款所述以外的数据处理服务,数据处理服务提供商应在引用通用规范或协调一致标准后至少 12 个月内确保与基于开放互操作性规范或互操作性协调标准的通用规范的兼容性。根据第 35(8) 条,在《欧盟官方公报》上发布基本实施法案后,数据处理服务互操作性标准已在数据处理服务互操作性中央联盟标准存储库中发布。
4. Providers of data processing services other than those referred to in paragraph 1 of this Article shall update the online register referred to in Article 26, point (b) in accordance with their obligations under paragraph 3 of this Article.
4. 本条第 1 款所述以外的数据处理服务提供商应根据本条第 3 款规定的义务更新第 26 条 (b) 点所述的在线登记册。
5.
In the case of switching between services of the same service type, for which common specifications or the harmonised standards for interoperability referred to in paragraph 3 of this Article have not been published in the central Union standards repository for the interoperability of data processing services in accordance with Article 35(8), the provider of data processing services shall, at the request of the customer, export all exportable data in a structured, commonly used and machine-readable format.
在同一服务类型的服务之间进行切换时,本条第 3 款中提到的通用规范或互操作性协调标准尚未在数据处理服务互操作性中央联盟标准存储库中发布。根据第 35 条第(8)款,数据处理服务提供商应根据客户的要求,以结构化、通用且机器可读的格式导出所有可导出数据。
6.
Providers of data processing services shall not be required to develop new technologies or services, or disclose or transfer digital assets that are protected by intellectual property rights or that constitute a trade secret, to a customer or to a different provider of data processing services or compromise the customer’s or provider’s security and integrity of service.
不得要求数据处理服务提供商开发新技术或服务,或向客户或其他数据处理服务提供商披露或转让受知识产权保护或构成商业秘密的数字资产,或泄露或转让受知识产权保护或构成商业秘密的数字资产。客户或提供商的服务的安全性和完整性。
Article 31 第三十一条
Specific regime for certain data processing services
某些数据处理服务的具体制度
1.
The obligations laid down in Article 23, point (d), Article 29 and Article 30(1) and (3) shall not apply to data processing services of which the majority of main features has been custom-built to accommodate the specific needs of an individual customer or where all components have been developed for the purposes of an individual customer, and where those data processing services are not offered at broad commercial scale via the service catalogue of the provider of data processing services.
第 23 条 (d) 点、第 29 条以及第 30 条第(1)和(3)款规定的义务不适用于大多数主要功能是为满足特定需求而定制的数据处理服务。个人客户,或者所有组件都是为了个人客户的目的而开发的,并且这些数据处理服务不是通过数据处理服务提供商的服务目录以广泛的商业规模提供的。
2. The obligations laid down in this Chapter shall not apply to data processing services provided as a non-production version for testing and evaluation purposes and for a limited period of time.
2. 本章规定的义务不适用于在有限时间内以非生产版本形式提供的用于测试和评估目的的数据处理服务。
3. Prior to the conclusion of a contract on the provision of the data processing services referred to in this Article, the provider of data processing services shall inform the prospective customer of the obligations of this Chapter that do not apply.
3. 在签订提供本条所述数据处理服务的合同之前,数据处理服务提供商应告知潜在客户不适用本章的义务。
CHAPTER VII 第七章
UNLAWFUL INTERNATIONAL GOVERNMENTAL ACCESS AND TRANSFER OF NON-PERSONAL DATA
非法国际政府访问和传输非个人数据
Article 32 第三十二条
International governmental access and transfer
国际政府准入和转让
1.
Providers of data processing services shall take all adequate technical, organisational and legal measures, including contracts, in order to prevent international and third-country governmental access and transfer of non-personal data held in the Union where such transfer or access would create a conflict with Union law or with the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
数据处理服务提供商应采取一切适当的技术、组织和法律措施,包括合同,以防止国际和第三国政府访问和转移在联盟中持有的非个人数据,因为这种转移或访问会产生冲突符合欧盟法律或相关成员国的国家法律,且不影响第 2 款或第 3 款。
2.
Any decision or judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a provider of data processing services to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union, or any such agreement between the requesting third country and a Member State.
第三国法院或法庭的任何决定或判决以及第三国行政当局要求数据处理服务提供商传输或授予访问联盟中持有的属于本条例范围内的非个人数据的任何决定或判决仅当基于提出请求的第三国与欧盟之间有效的国际协议(例如司法协助条约)或请求第三国与成员国之间的任何此类协议时,该协议才应以任何方式得到承认或执行。
3.
In the absence of an international agreement as referred to in paragraph 2, where a provider of data processing services is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where:
在没有第 2 款所述国际协议的情况下,如果数据处理服务提供商是第三国法院或法庭的决定或判决或第三国行政当局转让或允许访问属于本条例范围内的欧盟境内的非个人数据,并且遵守此类决定可能会导致收件人违反欧盟法律或相关成员国的国家法律、转移或访问该第三国当局仅应在以下情况下提供此类数据:
(a) (A) |
the third-country system requires the reasons and proportionality of such a decision or judgment to be set out and requires such a decision or judgment to be specific in character, for instance by establishing a sufficient link to certain suspected persons or infringements; |
(b) (二) |
the reasoned objection of the addressee is subject to a review by a competent third-country court or tribunal; and |
(c) (C) |
the competent third-country court or tribunal issuing the decision or judgment or reviewing the decision of an administrative authority is empowered under the law of that third country to take duly into account the relevant legal interests of the provider of the data protected by Union law or by the national law of the relevant Member State. |
The addressee of the decision or judgment may ask the opinion of the relevant national body or authority competent for international cooperation in legal matters, in order to determine whether the conditions laid down in the first subparagraph are met, in particular when it considers that the decision may relate to trade secrets and other commercially sensitive data as well as to content protected by intellectual property rights or the transfer may lead to re-identification.
决定或判决的接收人可以征求主管法律事务国际合作的相关国家机构或当局的意见,以确定是否满足第一分段规定的条件,特别是当它认为决定或判决可能涉及商业秘密和其他商业敏感数据以及受知识产权保护的内容,或者传输可能导致重新识别。
The relevant national body or authority may consult the Commission.
有关国家机构或当局可以咨询委员会。
If the addressee considers that the decision or judgment may impinge on the national security or defence interests of the Union or its Member States, it shall ask the opinion of the relevant national body or authority in order to determine whether the data requested concerns national security or defence interests of the Union or its Member States.
如果收件人认为该决定或判决可能会影响欧盟或其成员国的国家安全或国防利益,则应征求相关国家机构或当局的意见,以确定所请求的数据是否涉及国家安全或联盟或其成员国的国防利益。
If the addressee has not received a reply within one month, or if the opinion of such body or authority concludes that the conditions laid down in the first subparagraph are not met, the addressee may reject the request for transfer or access, to non-personal data, on those grounds.
如果收件人在一个月内没有收到答复,或者该机构或当局的意见认为不满足第一段规定的条件,则收件人可以拒绝向非个人转移或访问的请求。数据,基于这些理由。
The EDIB referred to in Article 42 shall advise and assist the Commission in developing guidelines on the assessment of whether the conditions laid down in the first subparagraph of this paragraph are met.
第 42 条中提到的 EDIB 应向委员会提供建议并协助委员会制定评估是否满足本款第一分段规定的条件的指南。
4.
If the conditions laid down in paragraph 2 or 3 are met, the provider of data processing services shall provide the minimum amount of data permissible in response to a request, on the basis of the reasonable interpretation of that request by the provider or relevant national body or authority referred to in paragraph 3, second subparagraph.
如果满足第 2 款或第 3 款规定的条件,数据处理服务提供商应根据提供商或相关国家机构对该请求的合理解释,提供响应请求所允许的最低数据量或第 3 款第二项所述的当局。
5.
The provider of data processing services shall inform the customer about the existence of a request of a third-country authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
数据处理服务提供商应在满足第三国当局请求之前告知客户存在第三国当局访问其数据的请求,除非该请求服务于执法目的,并且只要有必要保存该请求即可。执法活动的有效性。
CHAPTER VIII 第八章
INTEROPERABILITY 互操作性
Article 33 第三十三条
Essential requirements regarding interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces
关于数据、数据共享机制和服务以及共同欧洲数据空间的互操作性的基本要求
1.
Participants in data spaces that offer data or data services to other participants shall comply with the following essential requirements to facilitate the interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces which are purpose- or sector-specific or cross-sectoral interoperable frameworks for common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives:
向其他参与者提供数据或数据服务的数据空间参与者应遵守以下基本要求,以促进数据、数据共享机制和服务以及针对特定目的或部门的共同欧洲数据空间的互操作性或跨部门可互操作的共同标准和做法框架,以共享或联合处理数据,除其他外,用于开发新产品和服务、科学研究或民间社会倡议:
(a) (A) |
the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described, where applicable, in a machine-readable format, to allow the recipient to find, access and use the data; |
(b) (二) |
the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, shall be described in a publicly available and consistent manner; |
(c) (C) |
the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously, in bulk download or in real-time in a machine-readable format where that is technically feasible and does not hamper the good functioning of the connected product; |
(d) (四) |
where applicable, the means to enable the interoperability of tools for automating the execution of data sharing agreements, such as smart contracts shall be provided. |
The requirements can have a generic nature or concern specific sectors, while taking fully into account the interrelation with requirements arising from other Union or national law.
这些要求可以具有通用性或涉及特定部门,同时充分考虑与其他联盟或国家法律提出的要求的相互关系。
2.
The Commission is empowered to adopt delegated acts, in accordance with Article 45 of this Regulation to supplement this Regulation by further specifying the essential requirements laid down in paragraph 1 of this Article, in relation to those requirements that, by their nature, cannot produce the intended effect unless they are further specified in binding Union legal acts and in order to properly reflect technological and market developments.
委员会有权根据本条例第 45 条采取授权行为,通过进一步明确本条第 1 款规定的基本要求来补充本条例,这些要求就其性质而言不能产生除非在具有约束力的欧盟法律行为中进一步规定,并为了正确反映技术和市场发展,否则不会达到预期效果。
The Commission shall when adopting delegated acts take into account the advice of the EDIB in accordance with Article 42, point (c)(iii).
委员会在通过授权行为时应根据第 42 条 (c)(iii) 点考虑 EDIB 的建议。
3. The participants in data spaces that offer data or data services to other participants in data spaces which meet the harmonised standards or parts thereof, the references of which are published in the Official Journal of the European Union, shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such harmonised standards or parts thereof.
3. 数据空间参与者向数据空间中的其他参与者提供符合协调标准或部分协调标准的数据或数据服务,其参考文献发布在欧盟官方公报上,应被视为符合协调标准。符合第 1 款规定的基本要求,只要这些要求被此类统一标准或其部分内容所涵盖。
4. The Commission shall, pursuant to Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraph 1 of this Article.
4. 委员会应根据第 1025/2012 号法规 (EU) 第 10 条,要求一个或多个欧洲标准化组织起草满足本条第 1 款规定的基本要求的统一标准。
5. The Commission may, by means of implementing acts, adopt common specifications covering any or all of the essential requirements laid down in paragraph 1 where the following conditions have been fulfilled:
5. 在满足以下条件的情况下,委员会可以通过实施法案,采用涵盖第 1 款规定的任何或所有基本要求的共同规范:
(a) (A) |
the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised standard that satisfies the essential requirements laid down in paragraph 1 of this Article and:
|
(b) (二) |
no reference to harmonised standards covering the relevant essential requirements laid down in paragraph 1 of this Article is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 and no such reference is expected to be published within a reasonable period. |
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 46(2).
这些实施法案应根据第 46 条第(2)款规定的审查程序予以通过。
6. Before preparing a draft implementing act referred to in paragraph 5 of this Article, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers that the conditions in paragraph 5 of this Article have been fulfilled.
6. 在准备本条第 5 款中提到的实施法案草案之前,委员会应通知第 1025/2012 号法规 (EU) 第 22 条中提到的委员会,它认为本条第 5 款中的条件已满足已实现。
7. When preparing the draft implementing act referred to in paragraph 5, the Commission shall take into account the advice of the EDIB and views of other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
7. 在准备第 5 款提到的实施法案草案时,委员会应考虑 EDIB 的建议和其他相关机构或专家组的意见,并应适当咨询所有相关利益相关者。
8.
The participants in data spaces that offer data or data services to other participants in data spaces that meet the common specifications established by implementing acts referred to in paragraph 5 or parts thereof shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such common specifications or parts thereof.
向数据空间中的其他参与者提供数据或数据服务的数据空间参与者,如果满足通过实施第 5 款或其部分所述的行为所建立的共同规范,则应被视为符合第 1 款规定的基本要求在此类通用规范或其部分涵盖这些要求的范围内。
9. Where a harmonised standard is adopted by a European standardisation organisation and proposed to the Commission for the purpose of publishing its reference in the Official Journal of the European Union, the Commission shall assess the harmonised standard in accordance with Regulation (EU) No 1025/2012. Where the reference of a harmonised standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 5 of this Article, or parts thereof which cover the same essential requirements as those covered by that harmonised standard.
9. 如果欧洲标准化组织采用协调标准,并向委员会提出建议,以便在欧盟官方公报上发布其参考资料,委员会应根据 (EU) No 1025 条例评估该协调标准/2012。如果统一标准的引用在欧盟官方公报上公布,则委员会应废除本条第 5 款中提到的实施法案,或其涵盖与该统一标准涵盖的基本要求相同的基本要求的部分。 。
10. When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraph 1, it shall inform the Commission thereof by submitting a detailed explanation.
10. 当成员国认为通用规范不能完全满足第 1 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。
The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。
11. The Commission may adopt guidelines taking into account the proposal of the EDIB in accordance with Article 30, point (h), of Regulation (EU) 2022/868 laying down interoperable frameworks for common standards and practices for the functioning of common European data spaces.
11. 委员会可以根据 (EU) 2022/868 号法规第 30 条 (h) 点的规定,考虑 EDIB 的提议,制定指导方针,为共同欧洲数据运作的共同标准和实践制定可互操作的框架空间。
Article 34 第三十四条
Interoperability for the purposes of in-parallel use of data processing services
并行使用数据处理服务的互操作性
1. The requirements laid down in Article 23, Article 24, Article 25(2), points (a)(ii), (a)(iv), (e) and (f) and Article 30(2) to (5) shall also apply mutatis mutandis to providers of data processing services to facilitate interoperability for the purposes of in-parallel use of data processing services.
1. 第 23 条、第 24 条、第 25 条第(2)款、(a)(ii)、(a)(iv)、(e)和(f)点以及第 30(2) 至 (5) 条规定的要求)亦须比照适用于数据处理服务的提供者,以促进数据处理服务的互操作性,以实现并行使用数据处理服务的目的。
2. Where a data processing service is being used in parallel with another data processing service, the providers of data processing services may impose data egress charges, but only for the purpose of passing on egress costs incurred, without exceeding such costs.
2. 当一项数据处理服务与另一项数据处理服务并行使用时,数据处理服务提供商可以征收数据流出费用,但仅用于转嫁所产生的流出费用,但不得超过该费用。
Article 35 第三十五条
Interoperability of data processing services
数据处理服务的互操作性
1. Open interoperability specifications and harmonised standards for the interoperability of data processing services shall:
1. 数据处理服务互操作性的开放互操作性规范和协调标准应:
(a) (A) |
achieve, where technically feasible, interoperability between different data processing services that cover the same service type; |
(b) (二) |
enhance portability of digital assets between different data processing services that cover the same service type; |
(c) (C) |
facilitate, where technically feasible, functional equivalence between different data processing services referred to in Article 30(1) that cover the same service type; |
(d) (四) |
not have an adverse impact on the security and integrity of data processing services and data; |
(e) (五) |
be designed in such a way so as to allow for technical advances and the inclusion of new functions and innovation in data processing services. |
2. Open interoperability specifications and harmonised standards for the interoperability of data processing services shall adequately address:
2. 数据处理服务互操作性的开放互操作性规范和统一标准应充分解决:
(a) (A) |
the cloud interoperability aspects of transport interoperability, syntactic interoperability, semantic data interoperability, behavioural interoperability and policy interoperability; |
(b) (二) |
the cloud data portability aspects of data syntactic portability, data semantic portability and data policy portability; |
(c) (C) |
the cloud application aspects of application syntactic portability, application instruction portability, application metadata portability, application behaviour portability and application policy portability. |
3. Open interoperability specifications shall comply with Annex II to Regulation (EU) No 1025/2012.
3. 开放互操作性规范应符合 (EU) No 1025/2012 法规附件 II。
4.
After taking into account relevant international and European standards and self-regulatory initiatives, the Commission may, in accordance with Article 10(1) of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraphs 1 and 2 of this Article.
在考虑相关国际和欧洲标准以及自律举措后,委员会可根据第 1025/2012 号法规 (EU) 第 10(1) 条,要求一个或多个欧洲标准化组织起草满足以下要求的协调标准:本条第 1 款和第 2 款规定的基本要求。
5. The Commission may, by means of implementing acts, adopt common specifications based on open interoperability specifications covering all of the essential requirements laid down in paragraphs 1 and 2.
5. 委员会可以通过实施法案,采用基于开放互操作性规范的通用规范,涵盖第 1 款和第 2 款规定的所有基本要求。
6.
When preparing the draft implementing act referred to in paragraph 5 of this Article, the Commission shall take into account the views of the relevant competent authorities referred to in Article 37(5), point (h) and other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
在准备本条第 5 款所指的实施法案草案时,委员会应考虑第 37 条第(5)款(h)点所指的相关主管当局和其他相关机构或专家组的意见,并应适当咨询所有相关利益攸关方。
7. When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraphs 1 and 2, it shall inform the Commission thereof by submitting a detailed explanation.
7. 当成员国认为通用规范不能完全满足第 1 款和第 2 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。
The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。
8.
For the purpose of Article 30(3), the Commission shall, by means of implementing acts, publish the references of harmonised standards and common specifications for the interoperability of data processing services in a central Union standards repository for the interoperability of data processing services.
就第 30 条第(3)款而言,委员会应通过实施法案,在数据处理服务互操作性中央联盟标准存储库中公布数据处理服务互操作性协调标准和通用规范的参考。
9. The implementing acts referred to in this Article shall be adopted in accordance with the examination procedure referred to in Article 46(2).
9. 本条所述的实施法案应根据第 46 条第(2)款所述的审查程序予以通过。
Article 36 第三十六条
Essential requirements regarding smart contracts for executing data sharing agreements
有关执行数据共享协议的智能合约的基本要求
1.
The vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall ensure that those smart contracts comply with the following essential requirements of:
使用智能合约的应用程序的供应商,或者在没有智能合约的情况下,其贸易、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约以提供数据的人员,应确保:这些智能合约符合以下基本要求:
(a) (A) |
robustness and access control, to ensure that the smart contract has been designed to offer access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties; |
(b) (二) |
safe termination and interruption, to ensure that a mechanism exists to terminate the continued execution of transactions and that the smart contract includes internal functions which can reset or instruct the contract to stop or interrupt the operation, in particular to avoid future accidental executions; |
(c) (C) |
data archiving and continuity, to ensure, in circumstances in which a smart contract must be terminated or deactivated, there is a possibility to archive the transactional data, smart contract logic and code in order to keep the record of operations performed on the data in the past (auditability); |
(d) (四) |
access control, to ensure that a smart contract is protected through rigorous access control mechanisms at the governance and smart contract layers; and |
(e) (五) |
consistency, to ensure consistency with the terms of the data sharing agreement that the smart contract executes. |
2.
The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements laid down in paragraph 1 and, on the fulfilment of those requirements, issue an EU declaration of conformity.
智能合约的供应商,或者在没有智能合约的情况下,其行业、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约以提供数据的人员,应执行合格评定为了满足第 1 段中规定的基本要求,并在满足这些要求后,发布欧盟符合性声明。
3.
By drawing up the EU declaration of conformity, the vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall be responsible for compliance with the essential requirements laid down in paragraph 1.
通过起草欧盟符合性声明,使用智能合约的应用程序的供应商,或者在没有智能合约的情况下,其贸易、业务或专业涉及在执行协议或部分协议的背景下为他人部署智能合约的人其提供数据应负责遵守第 1 款规定的基本要求。
4. A smart contract that meets the harmonised standards or the relevant parts thereof, the references of which are published in the Official Journal of the European Union, shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such harmonised standards or parts thereof.
4. 符合统一标准或其相关部分(其引用在欧盟官方公报上发布)的智能合约,应被推定为符合第 1 款规定的基本要求。此类统一标准或其部分内容涵盖了这些要求。
5. The Commission shall, pursuant to Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraph 1 of this Article.
5. 委员会应根据第 1025/2012 号法规 (EU) 第 10 条,要求一个或多个欧洲标准化组织起草满足本条第 1 款规定的基本要求的统一标准。
6. The Commission may, by means of implementing acts, adopt common specifications covering any or all of the essential requirements laid down in paragraph 1 where the following conditions have been fulfilled:
6. 在满足以下条件的情况下,委员会可以通过实施法案,采用涵盖第 1 款规定的任何或所有基本要求的通用规范:
(a) (A) |
the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised standard that satisfies the essential requirements laid down in paragraph 1 of this Article and:
|
(b) (二) |
no reference to harmonised standards covering the relevant essential requirements laid down in paragraph 1 of this Article is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 and no such reference is expected to be published within a reasonable period. |
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 46(2).
这些实施法案应根据第 46 条第(2)款规定的审查程序予以通过。
7. Before preparing a draft implementing act referred to in paragraph 6 of this Article, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers that the conditions in paragraph 6 of this Article have been fulfilled.
7. 在准备本条第 6 款中提到的实施法案草案之前,委员会应通知第 1025/2012 号法规 (EU) 第 22 条中提到的委员会,它认为本条第 6 款中的条件已满足已实现。
8. When preparing the draft implementing act referred to in paragraph 6, the Commission shall take into account the advice of the EDIB and views of other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
8. 在准备第 6 款提到的实施法案草案时,委员会应考虑 EDIB 的建议和其他相关机构或专家组的意见,并应适当咨询所有相关利益攸关方。
9.
The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available that meet the common specifications established by implementing acts referred to in paragraph 6 or parts thereof shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such common specifications or parts thereof.
智能合约的供应商,或者在没有智能合约的情况下,其行业、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约的人员,以提供符合通用规范的数据通过实施第 6 款或其部分所述的法案所建立的标准,应被推定符合第 1 款规定的基本要求,只要这些要求已被此类通用规范或其部分所涵盖。
10. Where a harmonised standard is adopted by a European standardisation organisation and proposed to the Commission for the purpose of publishing its reference in the Official Journal of the European Union, the Commission shall assess the harmonised standard in accordance with Regulation (EU) No 1025/2012. Where the reference of a harmonised standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 6 of this Article, or parts thereof which cover the same essential requirements as those covered by that harmonised standard.
10. 如果欧洲标准化组织采用协调标准,并向委员会提出建议,以便在欧盟官方公报上发布其参考资料,委员会应根据 (EU) No 1025 法规评估该协调标准/2012。如果统一标准的引用在欧盟官方公报上公布,则委员会应废除本条第 6 款中提及的实施法案,或其涵盖与该统一标准涵盖的基本要求相同的基本要求的部分。 。
11. When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraph 1, it shall inform the Commission thereof by submitting a detailed explanation.
11. 当成员国认为通用规范不能完全满足第 1 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。
The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。
CHAPTER IX 第九章
IMPLEMENTATION AND ENFORCEMENT
实施和执行
Article 37 第三十七条
Competent authorities and data coordinators
主管当局和数据协调员
1. Each Member State shall designate one or more competent authorities to be responsible for the application and enforcement of this Regulation (competent authorities). Member States may establish one or more new authorities or rely on existing authorities.
1. 各成员国应指定一个或多个主管当局负责本条例的适用和执行(主管当局)。成员国可以设立一个或多个新的当局或依赖现有的当局。
2.
Where a Member State designates more than one competent authority, it shall designate a data coordinator from among them to facilitate cooperation between the competent authorities and to assist entities within the scope of this Regulation on all matters related to its application and enforcement.
如果成员国指定了多个主管当局,则应从其中指定一名数据协调员,以促进主管当局之间的合作,并协助本条例范围内的实体处理与其适用和执行有关的所有事项。
Competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 5, cooperate with each other.
主管当局在履行第五款规定的任务和权力时应相互合作。
3. The supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall be responsible for monitoring the application of this Regulation insofar as the protection of personal data is concerned.
3. 负责监督条例 (EU) 2016/679 实施情况的监管机构应负责监督本条例在个人数据保护方面的实施情况。
Chapters VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis.
(EU) 2016/679 法规第六章和第七章应比照适用。
The European Data Protection Supervisor shall be responsible for monitoring the application of this Regulation insofar as it concerns the Commission, the European Central Bank or Union bodies. Where relevant, Article 62 of Regulation (EU) 2018/1725 shall apply mutatis mutandis.
欧洲数据保护监管机构应负责监督本法规在涉及委员会、欧洲中央银行或联盟机构方面的应用。在相关情况下,法规 (EU) 2018/1725 第 62 条应比照适用。
The tasks and powers of the supervisory authorities referred to in this paragraph shall be exercised with regard to the processing of personal data.
本款所述监管机构的任务和权力应在个人数据处理方面行使。
4. Without prejudice to paragraph 1 of this Article:
4. 在不影响本条第 1 款的情况下:
(a) (A) |
for specific sectoral data access and use issues related to the application of this Regulation, the competence of sectoral authorities shall be respected; |
(b) (二) |
the competent authority responsible for the application and enforcement of Articles 23 to 31 and Articles 34 and 35 shall have experience in the field of data and electronic communications services. |
5. Member States shall ensure that the tasks and powers of the competent authorities are clearly defined and include:
5. 成员国应确保主管当局的任务和权力得到明确界定,包括:
(a) (A) |
promoting data literacy and awareness among users and entities falling within the scope of this Regulation of the rights and obligations under this Regulation; |
(b) (二) |
handling complaints arising from alleged infringements of this Regulation, including in relation to trade secrets, and investigating, to the extent appropriate, the subject matter of complaints and regularly informing complainants, where relevant in accordance with national law, of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another competent authority is necessary; |
(c) (C) |
conducting investigations into matters that concern the application of this Regulation, including on the basis of information received from another competent authority or other public authority; |
(d) (四) |
imposing effective, proportionate and dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines; |
(e) (五) |
monitoring technological and relevant commercial developments of relevance for the making available and use of data; |
(f) (F) |
cooperating with competent authorities of other Member States and, where relevant, with the Commission or the EDIB, to ensure the consistent and efficient application of this Regulation, including the exchange of all relevant information by electronic means, without undue delay, including regarding paragraph 10 of this Article; |
(g) (G) |
cooperating with the relevant competent authorities responsible for the implementation of other Union or national legal acts, including with authorities competent in the field of data and electronic communication services, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 or with sectoral authorities to ensure that this Regulation is enforced consistently with other Union and national law; |
(h) (H) |
cooperating with the relevant competent authorities to ensure that Articles 23 to 31 and Articles 34 and 35 are enforced consistently with other Union law and self-regulation applicable to providers of data processing services; |
(i) (我) |
ensuring that switching charges are withdrawn in accordance with Article 29; |
(j) |
examining the requests for data made pursuant to Chapter V. |
Where designated, the data coordinator shall facilitate the cooperation referred to in points (f), (g) and (h) of the first subparagraph and shall assist the competent authorities upon their request.
如果指定,数据协调员应促进第一分段 (f)、(g) 和 (h) 点中提到的合作,并应主管当局的要求提供协助。
6. The data coordinator, where such competent authority has been designated, shall:
6. 在指定主管当局的情况下,数据协调员应:
(a) (A) |
act as the single point of contact for all issues related to the application of this Regulation; |
(b) (二) |
ensure the online public availability of requests to make data available made by public sector bodies in the case of exceptional need under Chapter V and promote voluntary data sharing agreements between public sector bodies and data holders; |
(c) (C) |
inform the Commission, on an annual basis, of the refusals notified under Article 4(2) and (8) and Article 5(11). |
7. Member States shall notify the Commission of the names of the competent authorities and of their tasks and powers and, where applicable, the name of the data coordinator. The Commission shall maintain a public register of those authorities.
7. 成员国应将主管当局的名称及其任务和权力以及数据协调员的姓名(如适用)通知委员会。委员会应保存这些机构的公共登记册。
8.
When carrying out their tasks and exercising their powers in accordance with this Regulation, competent authorities shall remain impartial and free from any external influence, whether direct or indirect, and shall neither seek nor take instructions for individual cases from any other public authority or any private party.
主管机关依照本条例执行任务和行使职权时,应保持公正,不受任何直接或间接的外部影响,不得就个别案件寻求或接受任何其他公共机关或任何私人的指示。派对。
9. Member States shall ensure that the competent authorities are provided with sufficient human and technical resources and relevant expertise to effectively carry out their tasks in accordance with this Regulation.
9. 成员国应确保向主管当局提供足够的人力和技术资源以及相关专业知识,以根据本条例有效履行其任务。
10. Entities falling within the scope of this Regulation shall be subject to the competence of the Member State where the entity is established.
10. 属于本条例范围的实体应受该实体所在成员国的管辖。
Where the entity is established in more than one Member State, it shall be considered to be under the competence of the Member State in which it has its main establishment, that is, where the entity has its head office or registered office from which the principal financial functions and operational control are exercised.
如果该实体在多个成员国设立,则该实体应被视为受其主要机构所在成员国的管辖,即该实体有其总部或注册办事处,而其主要机构也位于该成员国。行使财务职能和运营控制权。
11. Any entity falling within the scope of this Regulation that makes connected products available or offers services in the Union, and which is not established in the Union, shall designate a legal representative in one of the Member States.
11. 任何属于本法规范围、在联盟内提供互联产品或提供服务且未在联盟内设立的实体,应在某一成员国指定一名法定代表人。
12.
For the purpose of ensuring compliance with this Regulation, a legal representative shall be mandated by an entity falling within the scope of this Regulation that makes connected products available or offers services in the Union to be addressed in addition to or instead of it by competent authorities with regard to all issues related to that entity.
为了确保遵守本条例,法定代表人应由本条例范围内的实体指定,该实体在欧盟内提供互联产品或提供服务,以补充或代替主管当局处理关于与该实体相关的所有问题。
That legal representative shall cooperate with and comprehensively demonstrate to the competent authorities, upon request, the actions taken and provisions put in place by the entity falling within the scope of this Regulation that makes connected products available or offers services in the Union to ensure compliance with this Regulation.
该法定代表人应与主管当局合作,并根据要求向主管当局全面展示本条例范围内在欧盟提供互联产品或提供服务的实体所采取的行动和制定的规定,以确保遵守本条例。
13. An entity falling within the scope of this Regulation that makes connected products available or offers services in the Union, shall be considered to be under the competence of the Member State in which its legal representative is located.
13. 属于本条例范围的实体,在联盟内提供互联产品或提供服务,应被视为受其法定代表人所在成员国的管辖。
The designation of a legal representative by such an entity shall be without prejudice to the liability of, and any legal action that could be initiated against, such an entity.
该实体指定法定代表人不应影响该实体的责任以及可能针对该实体提起的任何法律诉讼。
Until such time as an entity designates a legal representative in accordance with this Article, it shall be under the competence of all Member States, where applicable, for the purposes of ensuring the application and enforcement of this Regulation.
在实体根据本条指定法定代表人之前,该实体应受所有成员国(如适用)的管辖,以确保本条例的适用和执行。
Any competent authority may exercise its competence, including by imposing effective, proportionate and dissuasive penalties, provided that the entity is not subject to enforcement proceedings under this Regulation regarding the same facts by another competent authority.
任何主管当局都可以行使其职权,包括通过实施有效、相称和劝阻性处罚,前提是该实体不受另一主管当局就同一事实根据本条例提起的强制执行程序的约束。
14. Competent authorities shall have the power to request from users, data holders, or data recipients, or their legal representatives, falling under the competence of their Member State all information necessary to verify compliance with this Regulation.
14. 主管当局有权向属于其成员国权限的用户、数据持有者或数据接收者或其法律代表要求提供验证是否遵守本条例所需的所有信息。
Any request for information shall be proportionate to the performance of the underlying task and shall be reasoned.
任何信息请求均应与基本任务的执行情况相称,并应说明理由。
15.
Where a competent authority in one Member State requests assistance or enforcement measures from a competent authority in another Member State, it shall submit a reasoned request. A competent authority shall, upon receiving such a request, provide a response, detailing the actions that have been taken or which are intended to be taken, without undue delay.
如果一个成员国的主管当局向另一成员国的主管当局请求协助或采取强制措施,则应提交一份合理的请求。主管当局应在收到此类请求后立即作出答复,详细说明已采取或打算采取的行动。
16. Competent authorities shall respect the principles of confidentiality and of professional and commercial secrecy and shall protect personal data in accordance with Union or national law.
16. 主管当局应尊重保密以及专业和商业秘密的原则,并应根据联盟或国家法律保护个人数据。
Any information exchanged in the context of a request for assistance and provided pursuant to this Article shall be used only in respect of the matter for which it was requested.
在协助请求中交换的以及根据本条提供的任何信息只能用于所请求的事项。
Article 38 第三十八条
Right to lodge a complaint
提出投诉的权利
1.
Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights under this Regulation have been infringed.
在不损害任何其他行政或司法补救措施的情况下,自然人和法人有权单独或在相关情况下集体向其惯常居住地、工作地点或机构所在成员国的相关主管当局提出投诉如果他们认为自己根据本条例享有的权利受到侵犯。
The data coordinator shall, upon request, provide all the necessary information to natural and legal persons for the lodging of their complaints with the appropriate competent authority.
数据协调员应根据要求向自然人和法人提供向适当主管当局提出投诉所需的所有信息。
2. The competent authority with which the complaint has been lodged shall inform the complainant, in accordance with national law, of the progress of the proceedings and of the decision taken.
2. 收到投诉的主管当局应根据国家法律向投诉人通报诉讼进展情况和作出的决定。
3. Competent authorities shall cooperate to handle and resolve complaints effectively and in a timely manner, including by exchanging all relevant information by electronic means, without undue delay.
3. 主管当局应合作及时有效地处理和解决投诉,包括通过电子方式交换所有相关信息,不得无故拖延。
This cooperation shall not affect the cooperation mechanisms provided for by Chapters VI and VII of Regulation (EU) 2016/679 and by Regulation (EU) 2017/2394.
这种合作不应影响法规 (EU) 2016/679 第六章和第七章以及法规 (EU) 2017/2394 规定的合作机制。
Article 39 第三十九条
Right to an effective judicial remedy
获得有效司法补救的权利
1. Notwithstanding any administrative or other non-judicial remedy, any affected natural and legal person shall have the right to an effective judicial remedy with regard to legally binding decisions taken by competent authorities.
1. 尽管有任何行政或其他非司法补救措施,任何受影响的自然人和法人均有权就主管当局作出的具有法律约束力的决定获得有效的司法补救措施。
2. Where a competent authority fails to act on a complaint, any affected natural and legal person shall, in accordance with national law, either have the right to an effective judicial remedy or access to review by an impartial body with the appropriate expertise.
2. 如果主管当局未能对投诉采取行动,任何受影响的自然人和法人均应根据国家法律获得有效的司法补救措施或由具有适当专业知识的公正机构进行审查。
3.
Proceedings pursuant to this Article shall be brought before the courts or tribunals of the Member State of the competent authority against which the judicial remedy is sought individually or, where relevant, collectively by the representatives of one or more natural or legal persons.
根据本条提起的诉讼应向一个或多个自然人或法人的代表单独或在相关情况下集体向主管当局的成员国法院或法庭提出。
Article 40 第四十条
Penalties 处罚
1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
1. 成员国应制定适用于违反本条例行为的处罚规则,并应采取一切必要措施确保其得到实施。规定的处罚应有效、相称且具有劝诫性。
2. Member States shall by 12 September 2025 notify the Commission of those rules and measures and shall notify it without delay of any subsequent amendment affecting them. The Commission shall regularly update and maintain an easily accessible public register of those measures.
2. 成员国应在 2025 年 9 月 12 日之前将这些规则和措施通知委员会,并应立即通知委员会影响其的任何后续修正案。委员会应定期更新和维护这些措施的易于访问的公共登记册。
3. Member States shall take into account the recommendations of the EDIB and the following non-exhaustive criteria for the imposition of penalties for infringements of this Regulation:
3. 成员国应考虑 EDIB 的建议和以下非详尽标准来对违反本法规的行为实施处罚:
(a) (A) |
the nature, gravity, scale and duration of the infringement; |
(b) (二) |
any action taken by the infringing party to mitigate or remedy the damage caused by the infringement; |
(c) (C) |
any previous infringements by the infringing party; |
(d) (四) |
the financial benefits gained or losses avoided by the infringing party due to the infringement, insofar as such benefits or losses can be reliably established; |
(e) (五) |
any other aggravating or mitigating factor applicable to the circumstances of the case; |
(f) (F) |
infringing party’s annual turnover in the preceding financial year in the Union. |
4.
For infringements of the obligations laid down in Chapter II, III and V of this Regulation, the supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 may within their scope of competence impose administrative fines in accordance with Article 83 of Regulation (EU) 2016/679 and up to the amount referred to in Article 83(5) of that Regulation.
对于违反本条例第二章、第三章和第五章规定的义务的行为,负责监督条例 (EU) 2016/679 实施情况的监管机构可以根据条例第 83 条在其职权范围内处以行政罚款。 (EU) 2016/679 以及该法规第 83(5) 条中提到的金额。
5.
For infringements of the obligations laid down in Chapter V of this Regulation, the European Data Protection Supervisor may impose within its scope of competence administrative fines in accordance with Article 66 of Regulation (EU) 2018/1725 up to the amount referred to in Article 66(3) of that Regulation.
对于违反本法规第五章规定的义务的行为,欧洲数据保护监管机构可以根据法规 (EU) 2018/1725 第 66 条在其职权范围内处以行政罚款,最高可达第 66 条所述金额该条例第(3)条。
Article 41 第四十一条
Model contractual terms and standard contractual clauses
示范合同条款和标准合同条款
The Commission, before 12 September 2025, shall develop and recommend non-binding model contractual terms on data access and use, including terms on reasonable compensation and the protection of trade secrets, and non-binding standard contractual clauses for cloud computing contracts to assist parties in drafting and negotiating contracts with fair, reasonable and non-discriminatory contractual rights and obligations.
委员会应在2025年9月12日之前制定并推荐有关数据访问和使用的非约束性示范合同条款,包括合理补偿和保护商业秘密的条款,以及云计算合同的非约束性标准合同条款,以协助各方在起草和谈判合同时具有公平、合理和非歧视性的合同权利和义务。
Article 42 第四十二条
Role of the EDIB EDIB 的作用
The EDIB established by the Commission as an expert group pursuant to Article 29 of Regulation (EU) 2022/868, in which competent authorities shall be represented, shall support the consistent application of this Regulation by:
委员会根据法规 (EU) 2022/868 第 29 条设立的 EDIB 作为专家组(其中应有主管当局的代表)应通过以下方式支持本法规的一致应用:
(a) (A) |
advising and assisting the Commission with regard to developing consistent practice of competent authorities in the enforcement of Chapters II, III, V and VII; |
(b) (二) |
facilitating cooperation between competent authorities through capacity-building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the enforcement of the rights and obligations under Chapters II, III and V in cross-border cases, including coordination with regard to the setting of penalties; |
(c) (C) |
advising and assisting the Commission with regard to:
|
CHAPTER X 第十章
SUI GENERIS RIGHT UNDER DIRECTIVE 96/9/EC
96/9/EC 指令下的特殊规定
Article 43 第四十三条
Databases containing certain data
包含某些数据的数据库
The sui generis right provided for in Article 7 of Directive 96/9/EC shall not apply when data is obtained from or generated by a connected product or related service falling within the scope of this Regulation, in particular in relation to Articles 4 and 5 thereof.
当数据是从属于本法规范围内的互联产品或相关服务获取或生成时,特别是与第 4 条和第 5 条相关的情况,96/9/EC 指令第 7 条规定的特殊权利不适用其中。
CHAPTER XI 第十一章
FINAL PROVISIONS 最后条款
Article 44 第四十四条
Other Union legal acts governing rights and obligations on data access and use
管辖数据访问和使用的权利和义务的其他欧盟法律法案
1.
The specific obligations for the making available of data between businesses, between businesses and consumers, and on exceptional basis between businesses and public bodies, in Union legal acts that entered into force on or before 11 January 2024, and delegated or implementing acts pursuant thereto, shall remain unaffected.
在 2024 年 1 月 11 日或之前生效的联盟法律法案以及据此授权或实施的法案中,企业之间、企业与消费者之间以及企业与公共机构之间例外情况下提供数据的具体义务,应保持不受影响。
2. This Regulation is without prejudice to Union law specifying, in light of the needs of a sector, a common European data space, or an area of public interest, further requirements, in particular in relation to:
2. 本条例不妨碍欧盟法律,根据部门、欧洲共同数据空间或公共利益领域的需要,规定进一步的要求,特别是与以下方面相关的要求:
(a) (A) |
technical aspects of data access; |
(b) (二) |
limits on the rights of data holders to access or use certain data provided by users; |
(c) (C) |
aspects going beyond data access and use. |
3. This Regulation, with the exception of Chapter V, is without prejudice to Union and national law providing for access to and authorising the use of data for scientific research purposes.
3. 除第五章外,本条例不妨碍为科学研究目的获取和授权使用数据的联盟和国家法律。
Article 45 第四十五条
Exercise of the delegation
行使代理权
1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
1. 根据本条规定的条件,委员会被授予采取授权行为的权力。
2. The power to adopt delegated acts referred to in Article 29(7) and Article 33(2) shall be conferred on the Commission for an indeterminate period of time from 11 January 2024.
2. 应授予委员会采取第 29 条第(7)款和第 33 条第(2)款所述授权行为的权力,期限不定,期限自 2024 年 1 月 11 日起。
3. The delegation of power referred to in Article 29(7) and Article 33(2) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision.
3. 欧洲议会或理事会可随时撤销第 29 条第(7)款和第 33 条第(2)款所述的授权。撤销决定应终止该决定中规定的授权。
It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
该决定应在欧盟官方公报上公布该决定后的第二天或其中指定的较晚日期生效。它不影响任何已经生效的授权行为的有效性。
4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
4. 在通过授权法案之前,委员会应根据 2016 年 4 月 13 日关于更好立法的机构间协议中规定的原则咨询各成员国指定的专家。
5. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
5. 一旦通过一项授权法案,委员会应同时通知欧洲议会和理事会。
6.
A delegated act adopted pursuant to Article 29(7) or Article 33(2) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object.
根据第 29 条第(7)款或第 33 条第(2)款通过的授权法案,只有在欧洲议会或理事会在将该法案通知给欧洲议会后的三个月内没有表示反对的情况下,才应生效。欧洲议会和理事会,或者如果在该期限届满之前,欧洲议会和理事会均通知委员会他们不会反对。
That period shall be extended by three months at the initiative of the European Parliament or of the Council.
根据欧洲议会或理事会的倡议,该期限应延长三个月。
Article 46 第四十六条
Committee procedure 委员会程序
1. The Commission shall be assisted by the Committee established by Regulation (EU) 2022/868. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
1. 委员会应得到第 (EU) 2022/868 号条例设立的委员会的协助。该委员会应是第 182/2011 号法规 (EU) 含义内的委员会。
2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
2. 当提及本段时,适用第 182/2011 号法规 (EU) 第 5 条。
Article 47 第四十七条
Amendment to Regulation (EU) 2017/2394
(EU) 2017/2394 法规修正案
In the Annex to Regulation (EU) 2017/2394 the following point is added:
在法规 (EU) 2017/2394 的附件中添加了以下几点:
‘29. '29。 |
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj).’ |
Article 48 第四十八条
Amendment to Directive (EU) 2020/1828
指令 (EU) 2020/1828 修正案
In Annex I to Directive (EU) 2020/1828 the following point is added:
在指令 (EU) 2020/1828 的附件 I 中添加了以下几点:
‘68. '68。 |
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj). ’ |
Article 49 第四十九条
Evaluation and review 评估与审查
1. By 12 September 2028, the Commission shall carry out an evaluation of this Regulation and submit a report on its main findings to the European Parliament and to the Council, and to the European Economic and Social Committee. That evaluation shall assess, in particular:
1. 2028 年 9 月 12 日之前,委员会应对本法规进行评估,并向欧洲议会、理事会以及欧洲经济和社会委员会提交关于其主要调查结果的报告。该评估应特别评估:
(a) (A) |
situations to be considered to be situations of exceptional need for the purpose of Article 15 of this Regulation and the application of Chapter V of this Regulation in practice, in particular the experience in the application of Chapter V of this Regulation by public sector bodies, the Commission, the European Central Bank and Union bodies; the number and outcome of the proceedings brought to the competent authority under Article 18(5) on the application of Chapter V of this Regulation, as reported by the competent authorities; the impact of other obligations laid down in Union or national law for the purposes of complying with requests for access to information; the impact of voluntary data-sharing mechanisms, such as those put in place by data altruism organisations recognised under Regulation (EU) 2022/868, on meeting the objectives of Chapter V of this Regulation, and the role of personal data in the context of Article 15 of this Regulation, including the evolution of privacy-enhancing technologies; |
(b) (二) |
the impact of this Regulation on the use of data in the economy, including on data innovation, data monetisation practices and data intermediation services, as well as on data sharing within the common European data spaces; |
(c) (C) |
the accessibility and use of different categories and types of data; |
(d) (四) |
the exclusion of certain categories of enterprises as beneficiaries under Article 5; |
(e) (五) |
the absence of any impact on intellectual property rights; |
(f) (F) |
the impact on trade secrets, including on the protection against their unlawful acquisition, use and disclosure, as well as the impact of the mechanism allowing the data holder to refuse the user’s request under Article 4(8) and Article 5(11), taking into account, to the extent possible, any revision of Directive (EU) 2016/943; |
(g) (G) |
whether the list of unfair contractual terms referred to in Article 13 is up-to-date in light of new business practices and the rapid pace of market innovation; |
(h) (H) |
changes in the contractual practices of providers of data processing services and whether this results in sufficient compliance with Article 25; |
(i) (我) |
the diminution of charges imposed by providers of data processing services for the switching process, in line with the gradual withdrawal of switching charges pursuant to Article 29; |
(j) |
the interplay of this Regulation with other Union legal acts of relevance to the data economy; |
(k) |
the prevention of unlawful governmental access to non-personal data; |
(l) |
the efficacy of the enforcement regime required under Article 37; |
(m) (米) |
the impact of this Regulation on SMEs with regard to their capacity to innovate and to the availability of data processing services for users in the Union and the burden of complying with new obligations. |
2. By 12 September 2028, the Commission shall carry out an evaluation of this Regulation and submit a report on its main findings to the European Parliament and to the Council, and to the European Economic and Social Committee.
2. 2028 年 9 月 12 日之前,委员会应对本法规进行评估,并向欧洲议会、理事会以及欧洲经济和社会委员会提交关于其主要调查结果的报告。
That evaluation shall assess the impact of Articles 23 to 31 and Articles 34 and 35, in particular regarding pricing and the diversity of data processing services offered within the Union, with a special focus on SME providers.
该评估应评估第 23 条至第 31 条以及第 34 条和第 35 条的影响,特别是有关定价和联盟内提供的数据处理服务多样性的影响,并特别关注中小企业提供商。
3. Member States shall provide the Commission with the information necessary for the preparation of the reports referred to in paragraphs 1 and 2.
3. 成员国应向委员会提供编写第 1 款和第 2 款所述报告所需的信息。
4. On the basis of the reports referred to in paragraphs 1 and 2, the Commission may, where appropriate, submit a legislative proposal to the European Parliament and to the Council to amend this Regulation.
4. 根据第 1 款和第 2 款提及的报告,委员会可酌情向欧洲议会和理事会提交立法提案,以修订本条例。
Article 50 第五十条
Entry into force and application
生效和适用
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
本法规自其在欧盟官方公报上发布后的第二十天起生效。
It shall apply from 12 September 2025.
自2025年9月12日起施行。
The obligation resulting from Article 3(1) shall apply to connected products and the services related to them placed on the market after 12 September 2026.
第 3(1) 条规定的义务适用于 2026 年 9 月 12 日之后投放市场的互联产品及与之相关的服务。
Chapter III shall apply in relation to obligations to make data available under Union law or national legislation adopted in accordance with Union law, which enters into force after 12 September 2025.
第三章适用于根据欧盟法律或根据欧盟法律通过的国家立法提供数据的义务,该法律将于 2025 年 9 月 12 日后生效。
Chapter IV shall apply to contracts concluded after 12 September 2025.
第四章适用于 2025 年 9 月 12 日之后签订的合同。
Chapter IV shall apply from 12 September 2027 to contracts concluded on or before 12 September 2025 provided that they are:
第四章自 2027 年 9 月 12 日起适用于 2025 年 9 月 12 日或之前签订的合同,前提是:
(a) (A) |
of indefinite duration; or |
(b) (二) |
due to expire at least 10 years from 11 January 2024. |
This Regulation shall be binding in its entirety and directly applicable in all Member States.
本法规应具有完整的约束力并直接适用于所有成员国。
Done at Strasbourg, 13 December 2023.
2023 年 12 月 13 日于斯特拉斯堡制定。
For the European Parliament
对于欧洲议会
The President 总统
R. METSOLA R·梅索拉
For the Council 对于理事会
The President 总统
P. NAVARRO RÍOS P·纳瓦罗·里奥斯
(1)
OJ C 402, 19.10.2022, p. 5.
( 1 ) OJ C 402,2022 年 10 月 19 日,第 14 页。 5 .
(2)
OJ C 365, 23.9.2022, p. 18.
( 2 ) OJ C 365,2022 年 9 月 23 日,第 3 页。 18 .
(3)
OJ C 375, 30.9.2022, p. 112.
( 3 ) OJ C 375,2022 年 9 月 30 日,第 3 页。 112 .
(4) Position of the European Parliament of 9 November 2023 (not yet published in the Official Journal) and decision of the Council of 27 November 2023.
( 4 )欧洲议会 2023 年 11 月 9 日的立场(尚未在官方公报上发布)和理事会 2023 年 11 月 27 日的决定。
(5) Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
( 5 ) 2003 年 5 月 6 日关于微型、小型和中型企业定义的委员会建议 2003/361/EC( OJ L 124,20.5.2003,第 36 页)。
(6) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
( 6 )欧洲议会和理事会 2016 年 4 月 27 日关于在个人数据处理和此类数据自由流动方面保护自然人的条例 (EU) 2016/679,并废除指令 95/ 46/EC(一般数据保护条例)( OJ L 119,4.5.2016,第 1 页)。
(7) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
( 7 )欧洲议会和理事会 2018 年 10 月 23 日颁布的第 (EU) 2018/1725 号条例,涉及在欧盟机构、机构、办公室和机构处理个人数据方面保护自然人以及关于自由此类数据的移动,并废除第 45/2001 号法规 (EC) 和第 1247/2002/EC 号决定( OJ L 295,21.11.2018,第 39 页)。
(8) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).
( 8 )欧洲议会和理事会 2002 年 7 月 12 日关于电子通信领域个人数据处理和隐私保护的指令 2002/58/EC(隐私和电子通信指令)( OJ L 201, 2002 年 7 月 31 日,第 37 页)。
(9) Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (OJ L 95, 21.4.1993, p. 29).
( 9 ) 1993 年 4 月 5 日关于消费者合同中不公平条款的理事会指令 93/13/EEC ( OJ L 95, 21.4.1993, p. 29 )。
(10) Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22).
( 10 )欧洲议会和理事会 2005 年 5 月 11 日关于内部市场中企业对消费者不公平商业行为的指令 2005/29/EC 以及修订理事会指令 84/450/EEC、指令 97/7/EC 、欧洲议会和理事会 98/27/EC 和 2002/65/EC 以及欧洲议会和理事会第 2006/2004 号法规 (EC)(“不公平商业行为指令”)( OJ L 149, 2005 年 6 月 11 日,第 22 页)。
(11) Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council (OJ L 304, 22.11.2011, p. 64).
( 11 )欧洲议会和理事会 2011 年 10 月 25 日关于消费者权利的指令 2011/83/EU,修订理事会指令 93/13/EEC 和欧洲议会和理事会指令 1999/44/EC 并废除欧洲议会和理事会的理事会指令 85/577/EEC 和指令 97/7/EC( OJ L 304,22.11.2011,第 64 页)。
(12) Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
( 12 )欧洲议会和理事会 2021 年 4 月 29 日关于解决在线传播恐怖主义内容的第 (EU) 2021/784 号条例( OJ L 172,2021 年 5 月 17 日,第 79 页)。
(13) Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (OJ L 277, 27.10.2022, p. 1).
( 13 )欧洲议会和理事会 2022 年 10 月 19 日关于数字服务单一市场的法规 (EU) 2022/2065 和修订指令 2000/31/EC(数字服务法)( OJ L 277,27.10.2022 ,第 1 页)。
(14) Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (OJ L 191, 28.7.2023, p. 118).
( 14 )欧洲议会和理事会 2023 年 7 月 12 日关于刑事诉讼中电子证据和刑事诉讼后监禁判决执行的欧洲生产令和欧洲保存令的条例 (EU) 2023/1543 ( OJ L 191 ,2023 年 7 月 28 日,第 118 页)。
(15) Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings (OJ L 191, 28.7.2023, p. 181).
( 15 ) 2023 年 7 月 12 日欧洲议会和理事会指令 (EU) 2023/1544 制定了关于在刑事诉讼中收集电子证据的指定机构和法律代表任命的统一规则 ( OJ L 191,2023 年 7 月 28 日,第 181 页)。
(16) Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
( 16 )欧洲议会和理事会 2015 年 5 月 20 日颁布的关于资金转移信息的法规 (EU) 2015/847 和废除法规 (EC) No 1781/2006 ( OJ L 141, 5.6.2015, p. 1) )。
(17) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
( 17 )欧洲议会和理事会 2015 年 5 月 20 日关于防止利用金融系统进行洗钱或恐怖主义融资的指令 (EU) 2015/849,修订了 (EU) No 648/ 条例2012 年欧洲议会和理事会指令,并废除欧洲议会和理事会指令 2005/60/EC 以及委员会指令 2006/70/EC( OJ L 141,2015 年 6 月 5 日,第 73 页)。
(18) Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).
( 18 )欧洲议会和理事会 2019 年 4 月 17 日关于产品和服务的无障碍要求的指令 (EU) 2019/882( OJ L 151,2019 年 6 月 7 日,第 70 页)。
(19) Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (OJ L 167, 22.6.2001, p. 10).
( 19 )欧洲议会和理事会 2001 年 5 月 22 日关于协调信息社会版权及相关权某些方面的指令 2001/29/EC( OJ L 167,22.6.2001,第 10 页)。
(20) Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (OJ L 157, 30.4.2004, p. 45).
( 20 )欧洲议会和理事会 2004 年 4 月 29 日关于知识产权执法的第 2004/48/EC 号指令( OJ L 157,2004 年 4 月 30 日,第 45 页)。
(21) Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92).
( 21 )欧洲议会和理事会 2019 年 4 月 17 日关于数字单一市场版权及相关权的指令 (EU) 2019/790 以及修订指令 96/9/EC 和 2001/29/EC ( OJ L 130 ,2019 年 5 月 17 日,第 92 页)。
(22) Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (OJ L 152, 3.6.2022, p. 1).
( 22 )欧洲议会和理事会 2022 年 5 月 30 日关于欧洲数据治理的法规 (EU) 2022/868 和修订法规 (EU) 2018/1724(数据治理法)( OJ L 152, 3.6.2022, p 1 ).
(23) Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1).
( 23 )欧洲议会和理事会 2016 年 6 月 8 日关于保护未公开的专有技术和商业信息(商业秘密)免遭非法获取、使用和披露的指令 (EU) 2016/943( OJ L 157, 2016 年 6 月 15 日,第 1 页)。
(24) Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers (OJ L 80, 18.3.1998, p. 27).
( 24 )欧洲议会和理事会 1998 年 2 月 16 日关于在向消费者提供的产品价格中保护消费者的指令 98/6/EC( OJ L 80,18.3.1998,第 27 页)。
(25) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) (OJ L 178, 17.7.2000, p. 1).
( 25 )欧洲议会和理事会 2000 年 6 月 8 日关于内部市场中信息社会服务,特别是电子商务的某些法律问题的第 2000/31/EC 号指令(“电子商务指令”)( OJ L 178,2000 年 7 月 17 日,第 1 页)。
(26) Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (OJ L 265, 12.10.2022, p. 1).
( 26 )欧洲议会和理事会 2022 年 9 月 14 日关于数字领域可竞争和公平市场的法规 (EU) 2022/1925 以及修订指令 (EU) 2019/1937 和 (EU) 2020/1828(数字市场)法)( OJ L 265,2022 年 10 月 12 日,第 1 页)。
(27) Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164).
( 27 )欧洲议会和理事会 2009 年 3 月 11 日关于欧洲统计的第 (EC) 223/2009 号条例,并废除欧洲议会和理事会关于传输数据的第 1101/2008 号条例 (EC、Euratom)数据须遵守欧洲共同体统计办公室统计机密、关于共同体统计的理事会 (EC) 第 322/97 号条例以及理事会第 89/382/EEC 号决定,欧洲原子能共同体建立欧洲共同体统计计划委员会 ( OJ L 87,2009 年 3 月 31 日,第 164 页)。
(28) Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
( 28 )欧洲议会和理事会 2019 年 6 月 20 日关于开放数据和公共部门信息再利用的指令 (EU) 2019/1024( OJ L 172,2019 年 6 月 26 日,第 56 页)。
(29) Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).
( 29 )欧洲议会和理事会 1996 年 3 月 11 日关于数据库法律保护的第 96/9/EC 号指令( OJ L 77, 27.3.1996, p. 20 )。
(30) Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union (OJ L 303, 28.11.2018, p. 59).
( 30 )欧洲议会和理事会 2018 年 11 月 14 日关于欧盟非个人数据自由流动框架的法规 (EU) 2018/1807( OJ L 303,28.11.2018,第 59 页) )。
(31) Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (OJ L 136, 22.5.2019, p. 1).
( 31 )欧洲议会和理事会 2019 年 5 月 20 日关于数字内容和数字服务供应合同某些方面的指令 (EU) 2019/770( OJ L 136,2019 年 5 月 22 日,第 1 页)。
(32) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).
( 32 )欧洲议会和理事会 2022 年 12 月 14 日关于金融部门数字运营弹性的法规 (EU) 2022/2554 以及修订法规 (EC) No 1060/2009、(EU) No 648/2012,( EU) No 600/2014、(EU) No 909/2014 和 (EU) 2016/1011( OJ L 333,27.12.2022,第 1 页)。
(33) Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).
( 33 )欧洲议会和理事会 2012 年 10 月 25 日关于欧洲标准化的第 1025/2012 号法规 (EU),修订理事会指令 89/686/EEC 和 93/15/EEC 以及指令 94/9/EC、94欧洲议会/25/EC、95/16/EC、97/23/EC、98/34/EC、2004/22/EC、2007/23/EC、2009/23/EC 和 2009/105/EC并废除理事会第 87/95/EEC 号决定以及欧洲议会和理事会第 1673/2006/EC 号决定( OJ L 316,2012 年 11 月 14 日,第 12 页)。
(34) Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 (OJ L 218, 13.8.2008, p. 30).
( 34 )欧洲议会和理事会 2008 年 7 月 9 日颁布的第 (EC) 765/2008 号法规规定了认证要求并废除了 (EEC) 339/93 号法规( OJ L 218,2008 年 8 月 13 日,第 34 页)。 30 )。
(35) Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008 on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC (OJ L 218, 13.8.2008, p. 82).
( 35 )欧洲议会和理事会 2008 年 7 月 9 日关于产品营销共同框架的第 768/2008/EC 号决定,并废除理事会第 93/465/EEC 号决定( OJ L 218, 13.8.2008,第 82 页)。
(36) Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1).
( 36 )欧洲议会和理事会 2017 年 12 月 12 日关于负责执行消费者保护法的国家当局之间合作的条例 (EU) 2017/2394 和废除条例 (EC) No 2006/2004 ( OJ L 345, 2017 年 12 月 27 日,第 1 页)。
(37) Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
( 37 )欧洲议会和理事会 2020 年 11 月 25 日关于保护消费者集体利益的代表行动的指令 (EU) 2020/1828 和废除指令 2009/22/EC ( OJ L 409, 4.12.2020 ,第 1 页)。
(38)
OJ L 123, 12.5.2016, p. 1.
( 38 ) OJ L 123,2016 年 5 月 12 日,第 12 页。 1 .
(39) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
( 39 )欧洲议会和理事会 2011 年 2 月 16 日第 (EU) No 182/2011 号条例,规定了有关成员国控制委员会行使执行权力的机制的规则和一般原则( OJ L 55, 2011 年 2 月 28 日,第 13 页)。
ELI: http://data.europa.eu/eli/reg/2023/2854/oj
ELI:http://data.europa.eu/eli/reg/2023/2854/oj
ISSN 1977-0677 (electronic edition)
ISSN 1977-0677(电子版)