这是用户在 2024-8-8 22:13 为 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R2854 保存的双语快照页面,由 沉浸式翻译 提供双语支持。了解如何保存?
An official website of the European UnionAn official EU website

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32023R2854

Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)
欧洲议会和理事会 2023 年 12 月 13 日颁布的关于公平访问和使用数据的统一规则的条例 (EU) 2023/2854 以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法) )(与欧洲经济区相关的文本)

PE/49/2023/REV/1

OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
OJ L,2023/2854,2023 年 12 月 22 日,ELI: http://data.europa.eu/eli/reg/2023/2854/oj (BG、ES、CS、DA、DE、ET、EL、EN、FR 、GA、HR、IT、LV、LT、HU、MT、NL、PL、PT、RO、SK、SL、FI、SV)

Legal status of the document In force
Legal status of the document 现行

ELI: http://data.europa.eu/eli/reg/2023/2854/oj
ELI: http://data.europa.eu/eli/reg/2023/2854/oj

European flag

Official Journal  官方期刊
of the European Union 欧盟的

EN CN

Series L L系列


2023/2854

22.12.2023

REGULATION (EU) 2023/2854 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
欧洲议会和理事会 (EU) 2023/2854 号条例

of 13 December 2023  2023 年 12 月 13 日

on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
关于公平访问和使用数据的统一规则以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法)

(Text with EEA relevance)
(与欧洲经济区相关的文本)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
欧洲议会和欧盟理事会,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
考虑到《欧洲联盟运作条约》,特别是其中第 114 条,

Having regard to the proposal from the European Commission,
考虑到欧盟委员会的提议,

After transmission of the draft legislative act to the national parliaments,
在将立法法案草案转交各国议会后,

Having regard to the opinion of the European Central Bank (1),
考虑到欧洲央行的意见( 1 )

Having regard to the opinion of the European Economic and Social Committee (2),
考虑到欧洲经济和社会委员会的意见( 2 )

Having regard to the opinion of the Committee of the Regions (3),
考虑到地区委员会的意见( 3 )

Acting in accordance with the ordinary legislative procedure (4),
按照普通立法程序行事( 4 ) ,

Whereas: 然而:

(1)

In recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation of products connected to the internet in particular has increased the volume and potential value of data for consumers, businesses and society.
近年来,数据驱动技术对所有经济部门产生了变革性影响。特别是连接到互联网的产品的激增增加了消费者、企业和社会的数据量和潜在价值。

High-quality and interoperable data from different domains increase competitiveness and innovation and ensure sustainable economic growth. The same data may be used and reused for a variety of purposes and to an unlimited degree, without any loss of quality or quantity.
来自不同领域的高质量和可互操作的数据可以提高竞争力和创新,并确保可持续的经济增长。相同的数据可以无限程度地用于各种目的和重复使用,而不会造成质量或数量的损失。

(2)

Barriers to data sharing prevent an optimal allocation of data for the benefit of society.
数据共享的障碍阻碍了数据的优化分配以造福社会。

Those barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, the costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and the abuse of contractual imbalances with regard to data access and use.
这些障碍包括数据持有者缺乏自愿签订数据共享协议的激励、数据相关权利和义务的不确定性、签订合同和实施技术接口的成本、数据孤岛中信息的高度碎片化、元数据匮乏管理、缺乏语义和技术互操作性标准、阻碍数据访问的瓶颈、缺乏共同的数据共享做法以及滥用数据访问和使用方面的合同不平衡。

(3)

In sectors characterised by the presence of microenterprises, small enterprises and medium-sized enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC (5) (SMEs), there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds them in the system or due to a lack of interoperability between data, between data services or across borders.
在委员会建议 2003/361/EC ( 5 )附件第 2 条所定义的以微型企业、小型企业和中型企业(中小企业)为特征的部门中,往往缺乏数字能力和技能来收集、分析和使用数据,如果一个参与者将数据保存在系统中,或者由于数据之间、数据服务之间或跨境缺乏互操作性,访问通常会受到限制。

(4)

In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who is entitled to use product data or related service data, under which conditions and on what basis.
为了满足数字经济的需求并消除内部数据市场运作良好的障碍,有必要制定一个统一的框架,规定谁有权使用产品数据或相关服务数据,在什么条件下以及基于什么基础。

Accordingly, Member States should not adopt or maintain additional national requirements regarding matters falling within the scope of this Regulation, unless explicitly provided for herein, since this would affect its direct and uniform application.
因此,除非本条例明确规定,否则成员国不应就本条例范围内的事项采用或维持额外的国家要求,因为这将影响其直接和统一的适用。

Moreover, action at Union level should be without prejudice to obligations and commitments in the international trade agreements concluded by the Union.
此外,联盟层面的行动不应损害联盟缔结的国际贸易协定中的义务和承诺。

(5)

This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice.
该法规确保欧盟内联网产品或相关服务的用户能够及时访问使用该联网产品或相关服务所生成的数据,并且这些用户可以使用这些数据,包括通过与其他人共享这些数据。他们选择的第三方。

It imposes the obligation on data holders to make data available to users and third parties of the user’s choice in certain circumstances.
它规定数据持有者有义务在某些情况下向用户和用户选择的第三方提供数据。

It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner. Private law rules are key in the overall framework for data sharing.
它还确保数据持有者根据公平、合理和非歧视性的条款和条件并以透明的方式向欧盟的数据接收者提供数据。私法规则是数据共享整体框架的关键。

Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair access to and use of data.
因此,该条例适应了合同法的规则,并防止利用合同不平衡来阻碍数据的公平访问和使用。

This Regulation also ensures that data holders make available to public sector bodies, the Commission, the European Central Bank or Union bodies, where there is an exceptional need, the data that are necessary for the performance of a specific task carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and of data sharing mechanisms and services in the Union.
该法规还确保数据持有者在有特殊需要时向公共部门机构、委员会、欧洲中央银行或联盟机构提供执行为了公共利益而执行的特定任务所需的数据。此外,该条例旨在促进数据处理服务之间的切换,并增强联盟内数据以及数据共享机制和服务的互操作性。

This Regulation should not be interpreted as recognising or conferring any new right on data holders to use data generated by the use of a connected product or related service.
本法规不应被解释为承认或授予数据持有者使用通过连接产品或相关服务生成的数据的任何新权利。

(6)

Data generation is the result of the actions of at least two actors, in particular the designer or manufacturer of a connected product, who may in many cases also be a provider of related services, and the user of the connected product or related service.
数据生成是至少两个参与者的行为的结果,特别是互联产品的设计者或制造商,他们在许多情况下也可能是相关服务的提供商,以及互联产品或相关服务的用户。

It gives rise to questions of fairness in the digital economy as the data recorded by connected products or related services are an important input for aftermarket, ancillary and other services.
它引发了数字经济的公平问题,因为互联产品或相关服务记录的数据是售后、辅助和其他服务的重要输入。

In order to realise the important economic benefits of data, including by way of data sharing on the basis of voluntary agreements and the development of data-driven value creation by Union enterprises, a general approach to assigning rights regarding access to and the use of data is preferable to awarding exclusive rights of access and use.
为了实现数据的重要经济利益,包括通过基于自愿协议的数据共享以及联盟企业数据驱动的价值创造的发展,制定了分配数据访问和使用权利的通用方法优于授予访问和使用的专有权。

This Regulation provides for horizontal rules which could be followed by Union or national law that addresses the specific situations of the relevant sectors.
该法规规定了横向规则,联盟或国家法律可以遵循这些规则来解决相关部门的具体情况。

(7)

The fundamental right to the protection of personal data is safeguarded, in particular, by Regulations (EU) 2016/679 (6) and (EU) 2018/1725 (7) of the European Parliament and of the Council. Directive 2002/58/EC of the European Parliament and of the Council (8) additionally protects private life and the confidentiality of communications, including by way of conditions on any personal and non-personal data storing in, and access from, terminal equipment.
保护个人数据的基本权利尤其受到欧洲议会和理事会条例 (EU) 2016/679 ( 6 )和 (EU) 2018/1725 ( 7 ) 的保障。欧洲议会和理事会的指令 2002/58/EC ( 8 )还保护私人生活和通信的机密性,包括对终端设备中存储和访问的任何个人和非个人数据设定条件。

Those Union legislative acts provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data.
这些欧盟立法法案为可持续和负责任的数据处理提供了基础,包括数据集包含个人和非个人数据的情况。

This Regulation complements and is without prejudice to Union law on the protection of personal data and privacy, in particular Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive 2002/58/EC.
本法规补充且不影响关于保护个人数据和隐私的欧盟法律,特别是法规 (EU) 2016/679 和 (EU) 2018/1725 以及指令 2002/58/EC。

No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications.
本条例的任何条款的应用或解释均不应削弱或限制个人数据保护权或通信隐私权和保密权。

Any processing of personal data pursuant to this Regulation should comply with Union data protection law, including the requirement of a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC.
根据本条例对个人数据进行的任何处理均应遵守欧盟数据保护法,包括根据 (EU) 2016/679 条例第 6 条进行处理的有效法律依据的要求,以及(如果相关)该条例第 9 条的条件2002/58/EC 指令第 5(3) 条的规定。

This Regulation does not constitute a legal basis for the collection or generation of personal data by the data holder.
本条例不构成数据持有者收集或生成个人数据的法律依据。

This Regulation imposes an obligation on data holders to make personal data available to users or third parties of a user’s choice upon that user’s request. Such access should be provided to personal data that are processed by the data holder on the basis of any of the legal bases referred to in Article 6 of Regulation (EU) 2016/679.
该法规规定数据持有者有义务根据用户的请求向用户或用户选择的第三方提供个人数据。应向数据持有者根据 (EU) 2016/679 法规第 6 条中提到的任何法律依据处理的个人数据提供此类访问权限。

Where the user is not the data subject, this Regulation does not create a legal basis for providing access to personal data or for making personal data available to a third party and should not be understood as conferring any new right on the data holder to use personal data generated by the use of a connected product or related service.
如果用户不是数据主体,本条例并不为提供个人数据访问或向第三方提供个人数据建立法律依据,并且不应被理解为授予数据持有者使用个人数据的任何新权利。使用连接产品或相关服务生成的数据。

In those cases, it could be in the interest of the user to facilitate meeting the requirements of Article 6 of Regulation (EU) 2016/679.
在这些情况下,促进满足 (EU) 2016/679 法规第 6 条的要求可能符合用户的利益。

As this Regulation should not adversely affect the data protection rights of data subjects, the data holder can comply with requests in those cases, inter alia, by anonymising personal data or, where the readily available data contains personal data of several data subjects, transmitting only personal data relating to the user.
由于本条例不应对数据主体的数据保护权利产生不利影响,因此数据持有者可以在这些情况下满足请求,除其他外,通过匿名化个人数据,或者在现成数据包含多个数据主体的个人数据的情况下,仅传输与用户相关的个人数据。

(8)

The principles of data minimisation and data protection by design and by default are essential when processing involves significant risks to the fundamental rights of individuals.
当处理涉及对个人基本权利的重大风险时,数据最小化和数据设计和默认保护的原则至关重要。

Taking into account the state of the art, all parties to data sharing, including data sharing falling within scope of this Regulation, should implement technical and organisational measures to protect those rights.
考虑到现有技术,数据共享的各方,包括属于本条例范围内的数据共享,应采取技术和组织措施来保护这些权利。

Such measures include not only pseudonymisation and encryption, but also the use of increasingly available technology that permits algorithms to be brought to the data and allow valuable insights to be derived without the transmission between parties or unnecessary copying of the raw or structured data themselves.
这些措施不仅包括假名和加密,还包括使用日益可用的技术,这些技术允许将算法引入数据,并允许在无需各方之间传输或不必要地复制原始或结构化数据本身的情况下得出有价值的见解。

(9)

Unless otherwise provided for in this Regulation, it does not affect national contract law, including rules on the formation, validity or effect of contracts, or the consequences of the termination of a contract.
除本条例另有规定外,不影响国家合同法,包括关于合同的成立、有效性、效力或者合同终止后果的规则。

This Regulation complements and is without prejudice to Union law which aims to promote the interests of consumers and ensure a high level of consumer protection, and to protect their health, safety and economic interests, in particular Council Directive 93/13/EEC (9) and Directives 2005/29/EC (10) and 2011/83/EU (11) of the European Parliament and of the Council.
本法规补充且不损害欧盟法律,旨在促进消费者利益并确保高水平的消费者保护,并保护他们的健康、安全和经济利益,特别是理事会指令 93/13/EEC ( 9 )以及欧洲议会和理事会指令 2005/29/EC ( 10 )和 2011/83/EU ( 11 )

(10)

This Regulation is without prejudice to Union and national legal acts providing for the sharing of, access to and the use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties, or for customs and taxation purposes, irrespective of the legal basis under the Treaty on the Functioning of the European Union (TFEU) on which such Union legal acts were adopted, as well as to international cooperation in that area, in particular on the basis of the Council of Europe Convention on Cybercrime, (ETS No 185), done at Budapest on 23 November 2001.
本条例不妨碍为预防、调查、侦查或起诉刑事犯罪或执行刑事处罚或海关目的而规定共享、访问和使用数据的欧盟和国家法律行为和税收目的,无论通过此类欧盟法律行为所依据的《欧盟运作条约》(TFEU)的法律依据如何,以及该领域的国际合作,特别是在欧盟理事会的基础上《欧洲网络犯罪公约》(ETS No 185),2001 年 11 月 23 日在布达佩斯签署。

Such acts include Regulations (EU) 2021/784 (12), (EU) 2022/2065 (13) and (EU) 2023/1543 (14) of the European Parliament and of the Council and Directive (EU) 2023/1544 of the European Parliament and of the Council (15). This Regulation does not apply to the collection or sharing of, access to or the use of data under Regulation (EU) 2015/847 of the European Parliament and of the Council (16) and Directive (EU) 2015/849 of the European Parliament and of the Council (17).
此类法案包括欧洲议会和理事会的 (EU) 2021/784 ( 12 ) 号条例、(EU) 2022/2065 ( 13 ) 号条例和 (EU) 2023/1543 ( 14 ) 号条例以及欧洲议会和理事会的 (EU) 2023/1544 号指令欧洲议会和理事会15 。本法规不适用于根据欧洲议会和理事会( 16 )法规 (EU) 2015/847 以及欧洲议会指令 (EU) 2015/849 收集或共享、访问或使用数据和理事会17

This Regulation does not apply to areas that fall outside the scope of Union law and in any event does not affect the competences of the Member States concerning public security, defence or national security, customs and tax administration or the health and safety of citizens, regardless of the type of entity entrusted by the Member States to carry out tasks in relation to those competences.
本条例不适用于欧盟法律范围之外的领域,并且在任何情况下都不影响成员国在公共安全、国防或国家安全、海关和税务管理或公民健康和安全方面的权限,无论成员国委托执行与这些权限相关的任务的实体类型。

(11)

Union law establishing physical design and data requirements for products to be placed on the Union market should not be affected unless specifically provided for by this Regulation.
除非本法规特别规定,欧盟法律规定了投放到欧盟市场的产品的物理设计和数据要求,不应受到影响。

(12)

This Regulation complements and is without prejudice to Union law aiming to establish accessibility requirements on certain products and services, in particular Directive (EU) 2019/882 of the European Parliament and of the Council (18).
该法规补充且不影响旨在对某些产品和服务制定无障碍要求的欧盟法律,特别是欧洲议会和理事会的指令 (EU) 2019/882 ( 18 )

(13)

This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directives 2001/29/EC (19), 2004/48/EC (20) and (EU) 2019/790 (21) of the European Parliament and of the Council.
本法规不影响规定保护知识产权的欧盟和国家法律行为,包括欧盟指令 2001/29/EC ( 19 ) 、2004/48/EC ( 20 )和 (EU) 2019/790 ( 21 )欧洲议会和理事会。

(14)

Connected products that obtain, generate or collect, by means of their components or operating systems, data concerning their performance, use or environment and that are able to communicate those data via an electronic communications service, a physical connection, or on-device access, often referred to as the Internet of Things, should fall within the scope of this Regulation, with the exception of prototypes.
通过其组件或操作系统获取、生成或收集有关其性能、使用或环境的数据的联网产品,并且能够通过电子通信服务、物理连接或设备上访问来传达这些数据,通常被称为物联网的设备应属于本法规的范围,但原型除外。

Examples of such electronic communications services include, in particular, land-based telephone networks, television cable networks, satellite-based networks and near-field communication networks.
这种电子通信服务的示例尤其包括陆基电话网络、有线电视网络、基于卫星的网络和近场通信网络。

Connected products are found in all aspects of the economy and society, including in private, civil or commercial infrastructure, vehicles, health and lifestyle equipment, ships, aircraft, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery.
互联产品存在于经济和社会的各个方面,包括私人、民用或商业基础设施、车辆、健康和生活方式设备、船舶、飞机、家用设备和消费品、医疗和健康设备或农业和工业机械。

Manufacturers’ design choices, and, where relevant, Union or national law that addresses sector-specific needs and objectives or relevant decisions of competent authorities, should determine which data a connected product is capable of making available.
制造商的设计选择,以及解决行业特定需求和目标的相关联盟或国家法律或主管当局的相关决定,应确定互联产品能够提供哪些数据。

(15)

The data represent the digitisation of user actions and events and should accordingly be accessible to the user. The rules for access to and the use of data from connected products and related services under this Regulation address both product data and related service data.
这些数据代表用户操作和事件的数字化,因此用户应该可以访问。本条例规定的连接产品和相关服务数据的访问和使用规则涉及产品数据和相关服务数据。

Product data refers to data generated by the use of a connected product that the manufacturer designed to be retrievable from the connected product by a user, data holder or a third party, including, where relevant, the manufacturer.
产品数据是指通过使用制造商设计的连接产品而生成的数据,该数据可由用户、数据持有者或第三方(包括制造商)从连接产品中检索。

Related service data refers to data, which also represent the digitisation of user actions or events related to the connected product which are generated during the provision of a related service by the provider.
相关服务数据是指提供商在提供相关服务期间产生的与连接产品相关的用户动作或事件的数字化数据。

Data generated by the use of a connected product or related service should be understood to cover data recorded intentionally or data which result indirectly from the user’s action, such as data about the connected product’s environment or interactions.
使用互联产品或相关服务生成的数据应理解为涵盖有意记录的数据或由用户行为间接产生的数据,例如有关互联产品的环境或交互的数据。

This should include data on the use of a connected product generated by a user interface or via a related service, and should not be limited to the information that such use took place, but should include all data that the connected product generates as a result of such use, such as data generated automatically by sensors and data recorded by embedded applications, including applications indicating hardware status and malfunctions.
这应包括由用户界面或通过相关服务生成的有关互联产品使用情况的数据,并且不应限于发生此类使用的信息,而应包括互联产品由于以下原因而生成的所有数据:此类使用,例如传感器自动生成的数据和嵌入式应用程序记录的数据,包括指示硬件状态和故障的应用程序。

This should also include data generated by the connected product or related service during times of inaction by the user, such as when the user chooses not to use a connected product for a given period of time and instead to keep it in stand-by mode or even switched off, as the status of a connected product or its components, for example its batteries, can vary when the connected product is in stand-by mode or switched off.
这还应包括在用户不活动期间由连接的产品或相关服务生成的数据,例如当用户选择在给定的时间内不使用连接的产品而是将其保持在待机模式或即使已关闭,因为当所连接的产品处于待机模式或关闭时,所连接的产品或其组件(例如其电池)的状态可能会发生变化。

Data which are not substantially modified, meaning data in raw form, also known as source or primary data which refer to data points that are automatically generated without any further form of processing, as well as data which have been pre-processed for the purpose of making them understandable and useable prior to subsequent processing and analysis fall within the scope of this Regulation.
未经过实质性修改的数据,是指原始形式的数据,也称为源数据或原始数据,是指未经任何进一步形式的处理而自动生成的数据点,以及经过预处理的数据在后续处理和分析之前使它们易于理解和使用属于本法规的范围。

Such data includes data collected from a single sensor or a connected group of sensors for the purpose of making the collected data comprehensible for wider use-cases by determining a physical quantity or quality or the change in a physical quantity, such as temperature, pressure, flow rate, audio, pH value, liquid level, position, acceleration or speed.
此类数据包括从单个传感器或连接的传感器组收集的数据,其目的是通过确定物理量或质量或物理量的变化(例如温度、压力、流量、音频、pH 值、液位、位置、加速度或速度。

The term ‘pre-processed data’ should not be interpreted in such a manner as to impose an obligation on the data holder to make substantial investments in cleaning and transforming the data.
“预处理数据”一词不应被解释为强加给数据持有者在数据清理和转换方面进行大量投资的义务。

The data to be made available should include the relevant metadata, including its basic context and timestamp, to make the data usable, combined with other data, such as data sorted and classified with other data points relating to them, or re-formatted into a commonly used format.
要提供的数据应包括相关元数据,包括其基本上下文和时间戳,以使数据与其他数据结合使用,例如与与其相关的其他数据点进行排序和分类的数据,或重新格式化为常用格式。

Such data are potentially valuable to the user and support innovation and the development of digital and other services to protect the environment, health and the circular economy, including through facilitating the maintenance and repair of the connected products in question.
此类数据对用户具有潜在价值,并支持数字和其他服务的创新和发展,以保护环境、健康和循环经济,包括促进相关连接产品的维护和维修。

By contrast, information inferred or derived from such data, which is the outcome of additional investments into assigning values or insights from the data, in particular by means of proprietary, complex algorithms, including those that are a part of proprietary software, should not be considered to fall within the scope of this Regulation and consequently should not be subject to the obligation of a data holder to make it available to a user or a data recipient, unless otherwise agreed between the user and the data holder.
相比之下,从此类数据推断或派生的信息,是对数据赋值或见解进行额外投资的结果,特别是通过专有的复杂算法,包括属于专有软件一部分的算法,不应该被认为属于本条例的范围,因此不应受到数据持有者向用户或数据接收者提供其可用的义务的约束,除非用户和数据持有者之间另有约定。

Such data could include, in particular, information derived by means of sensor fusion, which infers or derives data from multiple sensors, collected in the connected product, using proprietary, complex algorithms and which could be subject to intellectual property rights.
此类数据尤其可以包括通过传感器融合得出的信息,传感器融合使用专有的复杂算法从多个传感器推断或得出数据,这些数据在连接的产品中收集,并且可能受到知识产权的约束。

(16)

This Regulation enables users of connected products to benefit from aftermarket, ancillary and other services based on data collected by sensors embedded in such products, the collection of those data being of potential value in improving the performance of the connected products.
该法规使互联产品的用户能够从基于此类产品中嵌入的传感器收集的数据的售后、辅助和其他服务中受益,这些数据的收集对于提高互联产品的性能具有潜在价值。

It is important to delineate between, on the one hand, markets for the provision of such sensor-equipped connected products and related services and, on the other, markets for unrelated software and content such as textual, audio or audiovisual content often covered by intellectual property rights.
重要的是要区分一方面是提供此类配备传感器的互联产品和相关服务的市场,另一方面是不相关软件和内容(例如通常由知识分子涵盖的文本、音频或视听内容)的市场。财产权。

As a result, data that such sensor-equipped connected products generate when the user records, transmits, displays or plays content, as well as the content itself, which is often covered by intellectual property rights, inter alia for use by an online service, should not be covered by this Regulation.
因此,此类配备传感器的互联产品在用户记录、传输、显示或播放内容时生成的数据以及内容本身通常受知识产权保护,尤其供在线服务使用,不应属于本条例的范围。

This Regulation should also not cover data which was obtained, generated or accessed from the connected product, or which was transmitted to it, for the purpose of storage or other processing operations on behalf of other parties, who are not the user, such as may be the case with regard to servers or cloud infrastructure operated by their owners entirely on behalf of third parties, inter alia for use by an online service.
本法规也不应涵盖从连接产品获取、生成或访问的数据,或出于存储或代表非用户的其他方(例如可能的其他方)进行其他处理操作的目的而传输给连接产品的数据。其所有者完全代表第三方运营的服务器或云基础设施,尤其是供在线服务使用的服务器或云基础设施就是这种情况。

(17)

It is necessary to lay down rules regarding products that are connected to a related service at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to or adapt the functionality of the connected product.
有必要在购买、出租或租赁时制定有关与相关服务连接的产品的规则,以确保其不存在将阻止连接的产品执行一项或多项功能,或者随后由制造商或第三方连接到产品,以添加或调整所连接产品的功能。

Such related services involve the exchange of data between the connected product and the service provider and should be understood to be explicitly linked to the operation of the connected product’s functions, such as services that, where applicable, transmit commands to the connected product that are able to have an impact on its action or behaviour.
此类相关服务涉及连接产品和服务提供商之间的数据交换,并且应被理解为明确链接到连接产品功能的操作,例如在适用的情况下向连接产品传输命令的服务,这些服务能够对其行动或行为产生影响。

Services which do not have an impact on the operation of the connected product and which do not involve the transmitting of data or commands to the connected product by the service provider should not be considered to be related services.
不影响连接产品的运行且不涉及服务提供商向连接产品传输数据或命令的服务不应被视为相关服务。

Such services could include, for example, auxiliary consulting, analytics or financial services, or regular repair and maintenance. Related services can be offered as part of the purchase, rent or lease contract.
例如,此类服务可能包括辅助咨询、分析或金融服务,或定期维修和维护。相关服务可以作为购买、租赁或租赁合同的一部分提供。

Related services could also be provided for products of the same type and users could reasonably expect them to be provided taking into account the nature of the connected product and any public statement made by or on behalf of the seller, rentor, lessor or other persons in previous links of the chain of transactions, including the manufacturer.
也可以为同类产品提供相关服务,并且考虑到相关产品的性质以及卖方、承租人、出租人或其他人或代表其发表的任何公开声明,用户可以合理预期提供相关服务。交易链的先前环节,包括制造商。

Those related services may themselves generate data of value to the user independently of the data collection capabilities of the connected product with which they are interconnected.
这些相关服务本身可以生成对用户有价值的数据,而与它们互连的连接产品的数据收集能力无关。

This Regulation should also apply to a related service that is not supplied by the seller, rentor or lessor itself, but which is provided by a third party.
本规定也适用于非出卖人、承租人或出租人本身提供而是由第三方提供的相关服务。

In the event of doubt as to whether the service is provided as part of the purchase, rent or lease contract, this Regulation should apply. Neither the power supply, nor the supply of the connectivity are to be interpreted as related services under this Regulation.
如果对服务是否作为购买、租赁或租赁合同的一部分提供有疑问,则应适用本条例。电源或连接的提供均不应被解释为本条例规定的相关服务。

(18)

The user of a connected product should be understood to be a natural or legal person, such as a business, a consumer or a public sector body, that owns a connected product, has received certain temporary rights, for example by means of a rental or lease agreement, to access or use data obtained from the connected product, or receives related services for the connected product.
互联产品的用户应理解为自然人或法人,例如拥有互联产品的企业、消费者或公共部门机构,已获得某些临时权利,例如通过租赁或租赁协议,访问或使用从连接产品获得的数据,或接收连接产品的相关服务。

Those access rights should in no way alter or interfere with the rights of data subjects who may be interacting with a connected product or a related service regarding personal data generated by the connected product or during the provision of the related service.
这些访问权不得以任何方式改变或干扰可能与联网产品或相关服务进行交互的、有关联网产品生成的或在提供相关服务期间的个人数据的数据主体的权利。

The user bears the risks and enjoys the benefits of using the connected product and should also enjoy access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that connected product and any related service.
用户承担风险并享受使用连接产品的好处,并且还应该有权访问其生成的数据。因此,用户应有权从该连接产品和任何相关服务生成的数据中获益。

An owner, renter or lessee should also be considered to be a user, including where several entities can be considered to be users.
所有者、承租人或承租人也应被视为用户,包括多个实体可被视为用户的情况。

In the context of multiple users, each user may contribute in a different manner to the data generation and have an interest in several forms of use, such as fleet management for a leasing enterprise, or mobility solutions for individuals using a car sharing service.
在多个用户的情况下,每个用户可能以不同的方式对数据生成做出贡献,并对多种使用形式感兴趣,例如租赁企业的车队管理,或使用汽车共享服务的个人的移动解决方案。

(19)

Data literacy refers to the skills, knowledge and understanding that allows users, consumers and businesses, in particular SMEs falling within the scope of this Regulation, to gain awareness of the potential value of the data they generate, produce and share and that they are motivated to offer and provide access to in accordance with relevant legal rules.
数据素养是指使用户、消费者和企业,特别是属于本条例范围内的中小企业,能够认识到他们生成、生产和共享的数据的潜在价值并有动力的技能、知识和理解。根据相关法律规则提供和提供访问权限。

Data literacy should go beyond learning about tools and technologies and aim to equip and empower citizens and businesses with the ability to benefit from an inclusive and fair data market.
数据素养不应局限于学习工具和技术,而是旨在让公民和企业具备从包容和公平的数据市场中受益的能力。

The spread of data literacy measures and the introduction of appropriate follow-up actions could contribute to improving working conditions and ultimately sustain the consolidation, and innovation path of, the data economy in the Union.
数据素养措施的推广和采取适当的后续行动可能有助于改善工作条件,并最终维持欧盟数据经济的巩固和创新之路。

Competent authorities should promote tools and adopt measures to advance data literacy among users and entities falling within the scope of this Regulation and an awareness of their rights and obligations thereunder.
主管当局应推广工具并采取措施,提高本条例范围内的用户和实体的数据素养,并提高其权利和义务的认识。

(20)

In practice, not all data generated by connected products or related services are easily accessible to their users and there are often limited possibilities regarding the portability of data generated by products connected to the internet.
在实践中,并非所有由连接产品或相关服务生成的数据都可以被用户轻松访问,并且连接到互联网的产品生成的数据的可移植性通常有限。

Users are unable to obtain the data necessary to make use of providers of repair and other services and businesses are unable to launch innovative, convenient and more efficient services.
用户无法获取使用维修和其他服务提供商所需的数据,企业无法推出创新、便捷和更高效的服务。

In many sectors, manufacturers are able to determine, through their control of the technical design of the connected products or related services, what data are generated and how they can be accessed, despite having no legal right to those data.
在许多领域,制造商能够通过对互联产品或相关服务的技术设计的控制来确定生成哪些数据以及如何访问这些数据,尽管他们对这些数据没有合法权利。

It is therefore necessary to ensure that connected products are designed and manufactured, and related services are designed and provided, in such a manner that product data and related service data, including the relevant metadata necessary to interpret and use those data, including for the purpose of retrieving, using or sharing them, are always easily and securely accessible to a user, free of charge, in a comprehensive, structured, commonly used and machine-readable format.
因此,有必要确保互联产品的设计和制造以及相关服务的设计和提供,确保产品数据和相关服务数据,包括解释和使用这些数据所需的相关元数据,包括用于以下目的:用户始终能够以全面、结构化、常用和机器可读的格式轻松、安全、免费地获取、使用或共享它们。

Product data and related service data that a data holder lawfully obtains or can lawfully obtain from the connected product or related service, such as by means of the connected product design, the data holder’s contract with the user for the provision of related services, and its technical means of data access, without disproportionate effort, are referred to as ‘readily available data’.
数据持有者通过互联产品或相关服务合法获取或可以合法获取的产品数据和相关服务数据,例如通过互联产品设计、数据持有者与用户签订的提供相关服务的合同及其无需付出过多努力即可访问数据的技术手段被称为“随时可用的数据”。

Readily available data does not include data generated by the use of a connected product where the design of the connected product does not provide for such data being stored or transmitted outside the component in which they are generated or the connected product as a whole.
随时可用的数据不包括通过使用连接产品生成的数据,其中连接产品的设计未规定此类数据在生成数据的组件或整个连接产品之外存储或传输。

This Regulation should therefore not be understood to impose an obligation to store data on the central computing unit of a connected product.
因此,本法规不应被理解为强加了在互联产品的中央计算单元上存储数据的义务。

The absence of such an obligation should not prevent the manufacturer or data holder from voluntarily agreeing with the user on the making of such adaptations.
缺乏此类义务不应妨碍制造商或数据持有者自愿同意用户进行此类调整。

The design obligations in this Regulation are also without prejudice to the data minimisation principle laid down in Article 5(1), point (c), of Regulation (EU) 2016/679 and should not be understood as imposing an obligation to design connected products and related services in such a way that they store or otherwise process any personal data other than the personal data necessary in relation to the purposes for which they are processed.
本法规中的设计义务也不妨碍法规 (EU) 2016/679 第 5(1) 条 (c) 点规定的数据最小化原则,并且不应被理解为强加设计互联产品的义务和相关服务,以这样的方式存储或以其他方式处理任何个人数据,但与处理目的相关的必要个人数据除外。

Union or national law could be introduced to outline further specificities, such as the product data that should be accessible from connected products or related services, given that such data may be essential for the efficient operation, repair or maintenance of those connected products or related services.
可以引入联盟或国家法律来概述进一步的细节,例如应从连接的产品或相关服务访问的产品数据,因为此类数据可能对于这些连接的产品或相关服务的有效操作、维修或维护至关重要。

Where subsequent updates or alterations to a connected product or a related service, by the manufacturer or another party, lead to additional accessible data or a restriction of initially accessible data, such changes should be communicated to the user in the context of the update or alteration.
如果制造商或另一方对连接的产品或相关服务进行后续更新或更改,导致额外的可访问数据或最初可访问的数据受到限制,则应在更新或更改的情况下将此类更改传达给用户。

(21)

Where several persons or entities are considered to be users, for example in the case of co-ownership or where an owner, renter or lessee shares rights of data access or use, the design of the connected product or related service, or the relevant interface, should enable each user to have access to the data they generate.
如果多个人或实体被视为用户,例如在共同所有权或所有者、承租人或承租人共享数据访问或使用权的情况下,连接产品或相关服务的设计或相关接口,应该使每个用户都能够访问他们生成的数据。

Use of connected products that generate data typically requires a user account to be set up. Such an account allows the user to be identified by the data holder, which may be the manufacturer.
使用生成数据的连接产品通常需要设置用户帐户。这样的帐户允许数据持有者(可以是制造商)识别用户。

It can also be used as a means of communication and to submit and process data access requests.
它还可以用作通信手段以及提交和处理数据访问请求。

Where several manufacturers or related services providers have sold, rented or leased connected products or provided related services, integrated together, to the same user, the user should turn to each of the parties with which it has a contract.
如果多个制造商或相关服务提供商向同一用户销售、出租或出租连接产品或提供集成的相关服务,则该用户应向与其签订合同的各方求助。

Manufacturers or designers of a connected product that is typically used by several persons should put in place the necessary mechanisms to allow separate user accounts for individual persons, where relevant, or for the possibility of several persons using the same user account.
通常由多人使用的互联产品的制造商或设计者应建立必要的机制,以允许个人(如果相关)使用单独的用户帐户,或者允许多个人使用同一用户帐户的可能性。

Account solutions should allow users to delete their accounts and erase the data related to them and could allow users to terminate data access, use or sharing, or submit requests to terminate, in particular taking into account situations in which the ownership or usage of the connected product changes.
帐户解决方案应允许用户删除其帐户并删除与其相关的数据,并允许用户终止数据访问、使用或共享,或提交终止请求,特别是考虑到所连接的帐户的所有权或使用情况产品变更。

Access should be granted to the user on the basis of simple request mechanism granting automatic execution and not requiring examination or clearance by the manufacturer or data holder. This means that the data should be made available only when the user actually wants access.
应基于授予自动执行的简单请求机制来授予用户访问权限,而不需要制造商或数据持有者进行检查或许可。这意味着只有当用户真正需要访问时才应提供数据。

Where automated execution of the data access request is not possible, for example via a user account or accompanying mobile application provided with the connected product or related service, the manufacturer should inform the user as to how the data may be accessed.
如果无法自动执行数据访问请求,例如通过连接产品或相关服务提供的用户帐户或随附的移动应用程序,制造商应告知用户如何访问数据。

(22)

Connected products may be designed to make certain data directly accessible from on-device data storage or from a remote server to which the data are communicated.
互联产品可被设计为使得某些数据可以从设备上的数据存储或从数据所传送到的远程服务器直接访问。

Access to on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or mobile network.
可以通过连接到公共可用的电子通信服务或移动网络的基于电缆或无线的局域网来实现对设备上数据存储的访问。

The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider. Processors as defined in Article 4, point (8), of Regulation (EU) 2016/679 are not considered to act as data holders.
服务器可以是制造商自己的本地服务器容量,也可以是第三方或云服务提供商的服务器容量。 (EU) 2016/679 法规第 4 条第 (8) 点定义的处理者不被视为数据持有者。

However, they can be specifically tasked with making data available by the controller as defined in Article 4, point (7), of Regulation (EU) 2016/679.
然而,他们可以专门负责向控制者提供数据,如法规 (EU) 2016/679 第 4 条第 (7) 点所定义。

Connected products may be designed to permit the user or a third party to process the data on the connected product, on a computing instance of the manufacturer or within an information and communications technology (ICT) environment chosen by the user or the third party.
连接产品可被设计为允许用户或第三方处理连接产品上、制造商的计算实例上或用户或第三方选择的信息和通信技术(ICT)环境内的数据。

(23)

Virtual assistants play an increasing role in digitising consumer and professional environments and serve as an easy-to-use interface to play content, obtain information, or activate products connected to the internet.
虚拟助手在数字化消费者和专业环境中发挥着越来越重要的作用,并作为一个易于使用的界面来播放内容、获取信息或激活连接到互联网的产品。

Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the internet, including those manufactured by other parties, and can replace the use of manufacturer-provided interfaces such as touch screens or smartphone apps.
例如,虚拟助理可以充当智能家居环境中的单一网关,并记录有关用户如何与连接到互联网的产品(包括其他方制造的产品)交互的大量相关数据,并且可以取代制造商的使用提供触摸屏或智能手机应用程序等界面。

The user may wish to make available such data to third party manufacturers and enable novel smart services. Virtual assistants should be covered by the data access rights provided for in this Regulation.
用户可能希望向第三方制造商提供此类数据并启用新颖的智能服务。虚拟助理应受到本条例规定的数据访问权限的保护。

Data generated when a user interacts with a connected product via a virtual assistant provided by an entity other than the manufacturer of the connected product should also be covered by the data access rights provided for in this Regulation.
用户通过互联产品制造商以外的实体提供的虚拟助手与互联产品交互时生成的数据也应受到本条例规定的数据访问权的保护。

However, only the data arising from the interaction between the user and a connected product or related service through the virtual assistant should be covered by this Regulation.
然而,只有用户通过虚拟助手与连接的产品或相关服务之间的交互产生的数据才应受到本条例的管辖。

Data produced by the virtual assistant which are unrelated to the use of a connected product or related service are not covered by this Regulation.
虚拟助手产生的与连接产品或相关服务的使用无关的数据不属于本法规的范围。

(24)

Before concluding a contract for the purchase, rent, or lease of a connected product, the seller, rentor or lessor, which may be the manufacturer, should provide to the user information regarding the product data which the connected product is capable of generating, including the type, format and the estimated volume of such data, in a clear and comprehensible manner.
在签订购买、租赁或租用互联产品的合同之前,卖方、承租人或出租人(可能是制造商)应向用户提供有关互联产品能够生成的产品数据的信息,包括以清晰易懂的方式说明此类数据的类型、格式和估计数量。

This could include information on data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, as well as clear and sufficient information relevant for the exercise of the user’s rights on how the data may be stored, retrieved or accessed, including the terms of use and quality of service of application programming interfaces or, where applicable, the provision of software development kits.
这可能包括有关数据结构、数据格式、词汇、分类方案、分类法和代码列表(如果有)的信息,以及与用户行使如何存储、检索或访问数据的权利相关的清晰且充分的信息,包括应用程序编程接口的使用条款和服务质量,或在适用的情况下提供软件开发工具包。

That obligation provides transparency over the product data generated and enhances easy access for the user.
该义务提供了生成的产品数据的透明度,并增强了用户的访问便利性。

The information obligation could be fulfilled, for example by maintaining a stable uniform resource locator (URL) on the web, which can be distributed as a web link or QR code, pointing to the relevant information, which could be provided by the seller, rentor or lessor, which may be the manufacturer, to the user before concluding the contract for the purchase, rent or lease of a connected product.
信息义务可以通过在网络上维护一个稳定的统一资源定位器(URL)来履行,该定位器可以作为网络链接或二维码分发,指向相关信息,这些信息可以由卖方、出租人提供或出租人(可能是制造商)在签订连接产品的购买、租赁或租赁合同之前向用户提供的信息。

It is, in any case, necessary that the user is able to store the information in a way that is accessible for future reference and that allows the unchanged reproduction of the information stored.
在任何情况下,用户必须能够以可访问的方式存储信息以供将来参考并且允许不加改变地再现所存储的信息。

The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the connected product, but should implement a reasonable data retention policy, where applicable, in line with storage limitation principle pursuant Article 5(1), point (e), of Regulation (EU) 2016/679, that allows for the effective application of the data access rights provided for in this Regulation.
鉴于连接产品用户的需求,数据持有者不能期望无限期地存储数据,但应根据第 5 条第 (1) 点的存储限制原则,在适用的情况下实施合理的数据保留政策(EU) 2016/679 法规 (e),允许有效应用本法规中规定的数据访问权。

The obligation to provide information does not affect the obligation of the controller to provide information to the data subject pursuant to Articles 12, 13 and 14 of Regulation (EU) 2016/679.
提供信息的义务不影响控制者根据法规 (EU) 2016/679 第 12、13 和 14 条向数据主体提供信息的义务。

The obligation to provide information before concluding a contract for the provision of a related service should lie with the prospective data holder, independently of whether the data holder concludes a contract for the purchase, rent or lease of a connected product.
在签订提供相关服务的合同之前提供信息的义务应由潜在数据持有者承担,无论数据持有者是否签订购买、租赁或租赁关联产品的合同。

Where information changes during the lifetime of the connected product or the contract period for the related service, including where the purpose for which those data are to be used changes from the originally specified purpose, it should also be provided to the user.
如果信息在连接产品的生命周期或相关服务的合同期内发生变化,包括这些数据的使用目的从最初指定的目的发生变化,也应向用户提供。

(25)

This Regulation should not be understood to confer any new right on data holders to use product data or related service data.
本条例不应被理解为授予数据持有者使用产品数据或相关服务数据的任何新权利。

Where the manufacturer of a connected product is a data holder, the basis for the manufacturer to use non-personal data should be a contract between the manufacturer and the user.
如果互联产品的制造商是数据持有者,则制造商使用非个人数据的基础应该是制造商与用户之间的合同。

Such a contract could be part of an agreement for the provision of the related service, which could be concluded together with the purchase, rent or lease agreement relating to the connected product.
此类合同可以是提供相关服务的协议的一部分,该协议可以与关联产品相关的购买、租赁或租赁协议一起签订。

Any contractual term stipulating that the data holder may use product data or related service data should be transparent to the user, including regarding the purposes for which the data holder intends to use the data.
规定数据持有者可以使用产品数据或相关服务数据的任何合同条款应对用户透明,包括关于数据持有者打算使用数据的目的。

Such purposes could include improving the functioning of the connected product or related services, developing new products or services, or aggregating data with the aim of making available the resulting derived data to third parties, provided that such derived data do not allow the identification of specific data transmitted to the data holder from the connected product, or allow a third party to derive those data from the dataset.
此类目的可能包括改进连接产品或相关服务的功能,开发新产品或服务,或聚合数据以向第三方提供所得的派生数据,前提是此类派生数据不允许识别特定的信息。从连接的产品传输到数据持有者的数据,或允许第三方从数据集中导出这些数据。

Any change of the contract should depend on the informed agreement of the user.
合同的任何变更均应征得用户的知情同意。

This Regulation does not prevent parties from agreeing on contractual terms the effect of which is to exclude or limit the use of non-personal data, or certain categories of non-personal data, by a data holder.
本条例并不阻止各方就合同条款达成一致,其效果是排除或限制数据持有者对非个人数据或某些类别的非个人数据的使用。

Neither does it prevent parties from agreeing to make product data or related service data available to third parties, directly or indirectly, including, where applicable, via another data holder.
它也不妨碍各方同意直接或间接(包括在适用的情况下通过其他数据持有者)向第三方提供产品数据或相关服务数据。

Moreover, this Regulation does not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well-defined public policy grounds.
此外,本条例并不妨碍欧盟法律或与欧盟法律兼容的国家法律规定的特定部门监管要求,这些要求将排除或限制数据持有者基于明确的公共政策理由使用某些此类数据。

This Regulation does not prevent users, in the case of business-to-business relations, from making data available to third parties or data holders under any lawful contractual term, including by agreeing to limit or restrict further sharing of such data, or from being compensated proportionately, for example in exchange for waiving their right to use or share such data.
在企业对企业关系的情况下,本条例并不阻止用户根据任何合法合同条款向第三方或数据持有者提供数据,包括同意限制或约束此类数据的进一步共享,或者阻止用户将数据提供给第三方或数据持有者。按比例给予补偿,例如以放弃使用或共享此类数据的权利作为交换。

While the notion of ‘data holder’ generally does not include public sector bodies, it may include public undertakings.
虽然“数据持有者”的概念通常不包括公共部门机构,但它可能包括公共事业。

(26)

To foster the emergence of liquid, fair and efficient markets for non-personal data, users of connected products should be able to share data with others, including for commercial purposes, with minimal legal and technical effort.
为了促进流动、公平和高效的非个人数据市场的出现,互联产品的用户应该能够以最少的法律和技术努力与他人共享数据,包括出于商业目的。

It is currently often difficult for businesses to justify the personnel or computing costs that are necessary for preparing non-personal datasets or data products and to offer them to potential counterparties via data intermediation services, including data marketplaces.
目前,企业通常很难证明准备非个人数据集或数据产品所需的人员或计算成本的合理性,并通过数据中介服务(包括数据市场)将其提供给潜在的交易对手。

A substantial hurdle to the sharing of non-personal data by businesses therefore results from the lack of predictability of economic returns from investing in the curation and making available of datasets or data products.
因此,企业共享非个人数据的一个重大障碍是由于投资于数据集或数据产品的管理和提供而产生的经济回报缺乏可预测性。

In order to allow for the emergence of liquid, fair and efficient markets for non-personal data in the Union, the party that has the right to offer such data on a market must be clarified.
为了在欧盟内出现流动、公平和高效的非个人数据市场,必须明确有权在市场上提供此类数据的一方。

Users should therefore have the right to share non-personal data with data recipients for commercial and non-commercial purposes. Such data sharing could be performed directly by the user, upon the request of the user via a data holder, or through data intermediation services.
因此,用户应有权出于商业和非商业目的与数据接收者共享非个人数据。这种数据共享可以由用户直接执行,也可以根据用户的请求通过数据持有者执行,或者通过数据中介服务执行。

Data intermediation services, as regulated by Regulation (EU) 2022/868 of the European Parliament and of the Council (22) could facilitate a data economy by establishing commercial relationships between users, data recipients and third parties and may support users in exercising their right to use data, such as ensuring the anonymisation of personal data or aggregation of access to data from multiple individual users.
根据欧洲议会和理事会第 (EU) 2022/868 号法规( 22 )的规定,数据中介服务可以通过在用户、数据接收者和第三方之间建立商业关系来促进数据经济,并可以支持用户行使其权利使用数据,例如确保个人数据的匿名化或聚合多个个人用户的数据访问权限。

Where data are excluded from a data holder’s obligation to make them available to users or third parties, the scope of such data could be specified in the contract between the user and the data holder for the provision of a related service so that users can easily determine which data are available to them for sharing with data recipients or third parties.
如果数据持有者不承担向用户或第三方提供数据的义务,则可以在用户与数据持有者之间提供相关服务的合同中明确此类数据的范围,以便用户能够轻松确定他们可以使用哪些数据与数据接收者或第三方共享。

Data holders should not make available non-personal product data to third parties for commercial or non-commercial purposes other than the fulfilment of their contract with the user, without prejudice to legal requirements pursuant to Union or national law for a data holder to make data available.
数据持有者不得出于商业或非商业目的向第三方提供非个人产品数据,除了履行与用户的合同之外,在不影响欧盟或国家法律对数据持有者制作数据的法律要求的情况下可用的。

Where relevant, data holders should contractually bind third parties not to further share data received from them.
在相关情况下,数据持有者应通过合同约束第三方不得进一步共享从他们那里收到的数据。

(27)

In sectors characterised by the concentration of a small number of manufacturers supplying connected products to end users, there may only be limited options available to users for the access to and the use and sharing of data.
在向最终用户提供互联产品的少数制造商集中的行业中,用户访问、使用和共享数据的选择可能有限。

In such circumstances, contracts may be insufficient to achieve the objective of user empowerment, making it difficult for users to obtain value from the data generated by the connected product they purchase, rent or lease.
在这种情况下,合同可能不足以实现用户赋权的目标,导致用户难以从他们购买、租用或租赁的联网产品产生的数据中获取价值。

Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in the Union.
因此,创新型小型企业以竞争性方式提供基于数据的解决方案以及欧盟多元化数据经济的潜力有限。

This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contract. Union or national law may be adopted to address sector-specific needs and objectives.
因此,该法规应以特定部门的最新发展为基础,例如《农业数据合同共享行为准则》。可以采用联盟或国家法律来解决特定部门的需求和目标。

Furthermore, data holders should not use any readily available data that is non-personal data in order to derive insights about the economic situation of the user or its assets or production methods or about such use by the user in any other manner that could undermine the commercial position of that user on the markets in which it is active.
此外,数据持有者不应使用任何现成的非个人数据来了解用户的经济状况或其资产或生产方法,或用户以任何其他可能损害数据的方式使用此类数据。该用户在其活跃市场上的商业地位。

This could include using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on the potential acquisition of the user’s products or agricultural produce to the user’s detriment, or using such information to feed into larger databases on certain markets in the aggregate, for example databases on crop yields for the upcoming harvesting season, as such use could affect the user negatively in an indirect manner.
这可能包括在与用户就可能购买用户产品或农产品而对用户造成损害的合同谈判中使用有关企业或农场整体绩效的知识,或者使用此类信息将其输入到某些市场的更大数据库中。汇总,例如关于即将到来的收获季节的农作物产量的数据库,因为这种使用可能会以间接的方式对用户产生负面影响。

The user should be given the necessary technical interface to manage permissions, preferably with granular permission options such as ‘allow once’ or ‘allow while using this app or service’, including the option to withdraw such permissions.
应为用户提供必要的技术界面来管理权限,最好具有精细的权限选项,例如“允许一次”或“使用此应用程序或服务时允许”,包括撤回此类权限的选项。

(28)

In contracts between a data holder and a consumer as user of a connected product or related service generating data, Union consumer law, in particular Directives 93/13/EEC and 2005/29/EC, applies to ensure that a consumer is not subject to unfair contractual terms. For the purposes of this Regulation, unfair contractual terms unilaterally imposed on an enterprise should not be binding on that enterprise.
在数据持有者与作为生成数据的互联产品或相关服务的用户的消费者之间的合同中,适用欧盟消费者法,特别是指令 93/13/EEC 和 2005/29/EC,以确保消费者不受不公平的合同条款。本条例所称企业单方面施加的不公平合同条款对该企业不具有约束力。

(29)

Data holders may require appropriate user identification to verify a user’s entitlement to access the data.
数据持有者可能需要适当的用户身份来验证用户访问数据的权利。

In the case of personal data processed by a processor on behalf of the controller, data holders should ensure that the access request is received and handled by the processor.
如果处理者代表控制者处理个人数据,数据持有者应确保处理者接收并处理访问请求。

(30)

The user should be free to use the data for any lawful purpose.
用户应可以自由地将数据用于任何合法目的。

This includes providing the data the user has received while exercising its rights under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by a data holder, or to instruct the data holder to do so.
这包括向提供可能与数据持有者提供的服务竞争的售后服务的第三方提供用户在行使其本条例规定的权利时收到的数据,或指示数据持有者这样做。

The request should be submitted by the user or by an authorised third party acting on a user’s behalf, including a provider of a data intermediation service.
该请求应由用户或代表用户行事的授权第三方(包括数据中介服务提供商)提交。

Data holders should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the connected product or related service.
数据持有者应确保向第三方提供的数据与数据持有者本身能够或有权通过使用连接产品或访问的数据一样准确、完整、可靠、相关和最新。相关服务。

Any intellectual property rights should be respected in the handling of the data. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into those products.
处理数据时应尊重任何知识产权。重要的是要保持对产品的投资动机,这些产品的功能基于这些产品内置传感器的数据的使用。

(31)

Directive (EU) 2016/943 of the European Parliament and of the Council (23) provides that the acquisition, use or disclosure of a trade secret shall be considered to be lawful, inter alia, where such acquisition, use or disclosure is required or allowed by Union or national law.
欧洲议会和理事会指令 (EU) 2016/943 ( 23 )规定,商业秘密的获取、使用或披露应被视为合法,尤其是在需要获取、使用或披露的情况下,或联盟或国家法律允许。

While this Regulation requires data holders to disclose certain data to users, or third parties of a user’s choice, even when such data qualify for protection as trade secrets, it should be interpreted in such a manner as to preserve the protection afforded to trade secrets under Directive (EU) 2016/943.
虽然本条例要求数据持有者向用户或用户选择的第三方披露某些数据,但即使这些数据符合商业秘密的保护条件,也应以保留对商业秘密提供的保护的方式进行解释。指令(欧盟)2016/943。

In this context, data holders should be able to require users, or third parties of a user’s choice, to preserve the confidentiality of data considered to be trade secrets.
在这种情况下,数据持有者应该能够要求用户或用户选择的第三方保护被视为商业秘密的数据的机密性。

To that end, data holders should identify trade secrets prior to the disclosure, and should have the possibility to agree with users, or third parties of a user’s choice, on necessary measures to preserve their confidentiality, including by the use of model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
为此,数据持有者应在披露之前识别商业秘密,并应有可能与用户或用户选择的第三方就保护其机密性的必要措施达成一致,包括使用示范合同条款,保密协议、严格的访问协议、技术标准和行为准则的应用。

In addition to the use of model contractual terms to be developed and recommended by the Commission, the establishment of codes of conduct and technical standards related to the protection of trade secrets in handling the data could help achieve the aim of this Regulation and should be encouraged.
除了使用委员会制定和推荐的示范合同条款外,建立与处理数据时保护商业秘密相关的行为准则和技术标准也有助于实现本条例的目标,应予以鼓励。

Where there is no agreement on the necessary measures or where a user, or third parties of the user’s choice, fail to implement agreed measures or undermine the confidentiality of the trade secrets, the data holder should be able to withhold or suspend the sharing of data identified as trade secrets.
如果没有就必要措施达成一致,或者用户或用户选择的第三方未能执行商定的措施或破坏商业秘密的机密性,数据持有者应能够扣留或暂停数据共享被认定为商业秘密。

In such cases, the data holder should provide the decision in writing to the user or to the third party without undue delay and notify the competent authority of the Member State in which the data holder is established that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应立即向用户或第三方提供书面决定,并通知数据持有者所在成员国的主管当局其已扣留或暂停数据共享并识别哪些措施尚未商定或实施,以及哪些商业秘密的机密性已受到损害(如果相关)。

Data holders cannot, in principle, refuse a data access request under this Regulation solely on the basis that certain data is considered to be a trade secret, as this would subvert the intended effects of this Regulation.
原则上,数据持有者不能仅仅因为某些数据被视为商业秘密而拒绝本条例规定的数据访问请求,因为这会破坏本条例的预期效果。

However, in exceptional circumstances, a data holder who is a trade secret holder should be able, on a case-by-case basis, to refuse a request for the specific data in question if it is able to demonstrate to the user or to the third party that, despite the technical and organisational measures taken by the user or by the third party, serious economic damage is highly likely to result from the disclosure of that trade secret.
然而,在特殊情况下,作为商业秘密持有者的数据持有者应该能够根据具体情况拒绝对相关特定数据的请求,如果它能够向用户或向其证明第三方认为,尽管用户或第三方采取了技术和组织措施,但该商业秘密的泄露很可能导致严重的经济损失。

Serious economic damage implies serious and irreparable economic loss. The data holder should duly substantiate its refusal in writing without undue delay to the user or to the third party and notify the competent authority.
严重经济损失意味着严重且无法挽回的经济损失。数据持有者应立即以书面形式向用户或第三方充分证实其拒绝,并通知主管当局。

Such a substantiation should be based on objective elements, demonstrating the concrete risk of serious economic damage expected to result from a specific data disclosure and the reasons why the measures taken to safeguard the requested data are not considered to be sufficient.
这种证实应基于客观要素,证明特定数据披露预计会造成严重经济损失的具体风险,以及为保护所请求数据而采取的措施被认为不充分的原因。

A possible negative impact on cybersecurity can be taken into account in that context.
在这种情况下可以考虑对网络安全可能产生的负面影响。

Without prejudice to the right to seek redress before a court or tribunal of a Member State, where the user or a third party wishes to challenge the data holder’s decision to refuse or to withhold or suspend data sharing, the user or the third party can lodge a complaint with the competent authority, which should, without undue delay, decide whether and under which conditions data sharing should start or resume, or can agree with the data holder to refer the matter to a dispute settlement body.
在不损害向成员国法院或法庭寻求补救的权利的情况下,如果用户或第三方希望对数据持有者拒绝、扣留或暂停数据共享的决定提出质疑,则用户或第三方可以提出申诉向主管当局提出投诉,主管当局应立即决定是否以及在什么条件下开始或恢复数据共享,或者可以与数据持有者商定将此事提交给争端解决机构。

The exceptions to data access rights in this Regulation should not in any case limit the right of access and right to data portability of data subjects under Regulation (EU) 2016/679.
本法规中数据访问权的例外情况在任何情况下都不应限制法规 (EU) 2016/679 规定的数据主体的访问权和数据可移植性。

(32)

The aim of this Regulation is not only to foster the development of new, innovative connected products or related services, stimulate innovation on aftermarkets, but also to stimulate the development of entirely novel services making use of the data concerned, including based on data from a variety of connected products or related services.
该法规的目的不仅是促进新的创新互联产品或相关服务的开发,刺激售后市场的创新,而且是利用相关数据(包括基于来自第三方的数据)刺激全新服务的开发。各种连接产品或相关服务。

At the same time, this Regulations aims to avoid undermining the investment incentives for the type of connected product from which the data are obtained, for instance, by the use of data to develop a competing connected product which is considered to be interchangeable or substitutable by users, in particular on the basis of the connected product’s characteristics, its price and intended use.
同时,该规定旨在避免损害对获取数据的联网产品类型的投资激励,例如利用数据开发被认为可以互换或替代的竞争性联网产品。用户,特别是基于连接产品的特性、价格和预期用途。

This Regulation provides for no prohibition on the development of a related service using data obtained under this Regulation as this would have an undesirable discouraging effect on innovation.
本法规并未禁止使用根据本法规获得的数据开发相关服务,因为这会对创新产生不良的阻碍作用。

Prohibiting the use of data accessed under this Regulation for developing a competing connected product protects data holders’ innovation efforts.
禁止使用根据本法规访问的数据来开发竞争性互联产品,可以保护数据持有者的创新努力。

Whether a connected product competes with the connected product from which the data originates depends on whether the two connected products are in competition on the same product market.
互联产品是否与数据来源的互联产品竞争取决于这两个互联产品是否在同一产品市场上竞争。

This is to be determined on the basis of the established principles of Union competition law for defining the relevant product market.
这将根据欧盟竞争法界定相关产品市场的既定原则来确定。

However, lawful purposes for the use of the data could include reverse engineering, provided that it complies with the requirements laid down in this Regulation and in Union or national law.
然而,使用数据的合法目的可以包括逆向工程,前提是它符合本法规以及联盟或国家法律规定的要求。

This may be the case for the purposes of repairing or prolonging the lifetime of a connected product or for the provision of aftermarket services to connected products.
这可能是为了维修或延长互联产品的使用寿命或为互联产品提供售后服务。

(33)

A third party to whom data is made available may be a natural or legal person, such as a consumer, an enterprise, a research organisation, a not-for-profit organisation or an entity acting in a professional capacity.
提供数据的第三方可以是自然人或法人,例如消费者、企业、研究组织、非营利组织或以专业身份行事的实体。

In making the data available to the third party, a data holder should not abuse its position to seek a competitive advantage in markets where the data holder and the third party may be in direct competition.
在向第三方提供数据时,数据持有者不应滥用其地位,在数据持有者与第三方可能存在直接竞争的市场中寻求竞争优势。

The data holder should not therefore use any readily available data in order to derive insights about the economic situation, assets or production methods of, or the use by, the third party in any other manner that could undermine the commercial position of the third party on the markets in which the third party is active.
因此,数据持有者不应使用任何现成的数据来了解第三方的经济状况、资产或生产方法,或以任何其他可能损害第三方商业地位的方式使用第三方。第三方活跃的市场。

The user should be able to share non-personal data with third parties for commercial purposes.
用户应该能够出于商业目的与第三方共享非个人数据。

Upon the agreement with the user, and subject to the provisions of this Regulation, third parties should be able to transfer the data access rights granted by the user to other third parties, including in exchange for compensation.
经与用户同意,并在符合本条例规定的情况下,第三方应能够将用户授予的数据访问权转让给其他第三方,包括有偿转让。

Business-to-business data intermediaries and personal information management systems (PIMS), referred to as data intermediation services in Regulation (EU) 2022/868, may support users or third parties in establishing commercial relations with an undetermined number of potential counterparties for any lawful purpose falling within the scope of this Regulation.
企业对企业数据中介和个人信息管理系统 (PIMS),在法规 (EU) 2022/868 中被称为数据中介服务,可以支持用户或第三方与不确定数量的潜在交易对手建立商业关系,以实现任何目的。属于本条例范围的合法目的。

They could play an instrumental role in aggregating access to data so that big data analyses or machine learning can be facilitated, provided that users remain in full control of whether to provide their data to such aggregation and the commercial terms under which their data are to be used.
它们可以在聚合数据访问方面发挥重要作用,从而促进大数据分析或机器学习,前提是用户完全控制是否向此类聚合提供数据以及数据的商业条款。用过的。

(34)

The use of a connected product or related service may, in particular when the user is a natural person, generate data that relates to the data subject.
使用互联产品或相关服务可能会生成与数据主体相关的数据,特别是当用户是自然人时。

Processing of such data is subject to the rules established under Regulation (EU) 2016/679, including where personal and non-personal data in a dataset are inextricably linked. The data subject may be the user or another natural person.
此类数据的处理须遵守 (EU) 2016/679 号法规制定的规则,包括数据集中的个人数据和非个人数据之间存在密不可分的联系。数据主体可以是用户或其他自然人。

Personal data may only be requested by a controller or a data subject. A user who is the data subject is, under certain circumstances, entitled under Regulation (EU) 2016/679 to access personal data concerning that user and such rights are unaffected by this Regulation.
个人数据只能由控制者或数据主体请求。在某些情况下,作为数据主体的用户有权根据法规 (EU) 2016/679 访问有关该用户的个人数据,并且此类权利不受本法规的影响。

Under this Regulation, the user who is a natural person is further entitled to access all data generated by the use of a connected product, whether personal or non-personal.
根据本条例,自然人用户还有权访问使用互联产品生成的所有数据,无论是个人数据还是非个人数据。

Where the user is not the data subject but an enterprise, including a sole trader, and not in cases of shared household use of the connected product, the user is considered to be a controller.
如果用户不是数据主体,而是企业(包括个体经营者),并且不在家庭共享连接产品的情况下,则该用户被视为控制者。

Accordingly, such a user who as controller intends to request personal data generated by the use of a connected product or related service is required to have a legal basis for processing the data as required by Article 6(1) of Regulation (EU) 2016/679, such as the consent of the data subject or the performance of a contract to which the data subject is a party.
因此,作为控制者想要请求通过使用连接产品或相关服务生成的个人数据的用户必须具备根据《2016 年欧盟法规》第 6(1) 条的要求处理数据的法律依据/ 679,例如数据主体的同意或数据主体作为一方的合同的履行。

Such user should ensure that the data subject is appropriately informed of the specified, explicit and legitimate purposes for processing those data, and of how the data subject may exercise their rights effectively.
此类用户应确保数据主体适当地了解处理这些数据的指定、明确和合法的目的,以及数据主体如何有效行使其权利。

Where the data holder and the user are joint controllers within the meaning of Article 26 of Regulation (EU) 2016/679, they are required to determine, in a transparent manner by means of an arrangement between them, their respective responsibilities for compliance with that Regulation.
如果数据持有者和用户是法规 (EU) 2016/679 第 26 条含义内的联合控制者,则他们需要通过他们之间的安排以透明的方式确定各自的遵守该规定的责任规定。

It should be understood that such a user, once data has been made available, may in turn become a data holder if that user meets the criteria under this Regulation and thus becomes subject to the obligations to make data available under this Regulation.
应该理解的是,一旦数据可用,如果该用户符合本条例规定的标准,则该用户可能会成为数据持有者,并因此承担本条例规定的提供数据的义务。

(35)

Product data or related service data should only be made available to a third party at the request of the user.
产品数据或相关服务数据仅应用户的请求提供给第三方。

This Regulation complements accordingly the right, provided for in Article 20 of Regulation (EU) 2016/679, of data subjects to receive personal data concerning them in a structured, commonly used and machine-readable format, as well as to port those data to another controller, where those data are processed by automated means on the basis of Article 6(1), point (a), or Article 9(2), point (a), or of a contract pursuant to Article 6(1), point (b) of that Regulation.
该法规相应地补充了法规 (EU) 2016/679 第 20 条规定的数据主体以结构化、常用和机器可读格式接收与其相关的个人数据的权利,以及将这些数据移植到另一个控制者,其中这些数据是根据第 6(1) 条 (a) 点或第 9(2) 条 (a) 点或根据第 6(1) 条签订的合同通过自动方式处理的,该条例的(b)点。

Data subjects also have the right to have the personal data transmitted directly from one controller to another, but only where that is technically feasible.
数据主体还有权将个人数据直接从一个控制者传输到另一个控制者,但前提是技术上可行。

Article 20 of Regulation (EU) 2016/679 specifies that it pertains to data provided by the data subject but does not specify whether this necessitates active behaviour on the side of the data subject or whether it also applies to situations where a connected product or related service, by its design, observes the behaviour of a data subject or other information in relation to a data subject in a passive manner.
(EU) 2016/679 号法规第 20 条规定,它涉及数据主体提供的数据,但没有具体说明这是否需要数据主体方面采取主动行为,或者是否也适用于连接产品或相关产品的情况。根据其设计,服务以被动方式观察数据主体的行为或与数据主体相关的其他信息。

The rights provided for under this Regulation complement the right to receive and port personal data under Article 20 of Regulation (EU) 2016/679 in a number of ways.
本条例规定的权利以多种方式补充了 (EU) 2016/679 条例第 20 条规定的接收和传输个人数据的权利。

This Regulation grants users the right to access and make available to a third party any product data or related service data, irrespective of their nature as personal data, of the distinction between actively provided or passively observed data, and irrespective of the legal basis of processing.
本条例授予用户访问并向第三方提供任何产品数据或相关服务数据的权利,无论其个人数据的性质如何,主动提供的数据还是被动观察的数据之间的区别,也无论处理的法律依据如何。

Unlike Article 20 of Regulation (EU) 2016/679, this Regulation mandates and ensures the technical feasibility of third party access for all types of data falling within its scope, whether personal or non-personal, thereby ensuring that technical obstacles no longer hinder or prevent access to such data.
与法规 (EU) 2016/679 第 20 条不同,该法规规定并确保第三方访问其范围内的所有类型数据(无论是个人数据还是非个人数据)的技术可行性,从而确保技术障碍不再阻碍或阻止访问此类数据。

It also allows data holders to set reasonable compensation to be met by third parties, but not by the user, for costs incurred in providing direct access to the data generated by the user’s connected product.
它还允许数据持有者设定合理的补偿,由第三方支付,但不由用户支付,以支付直接访问用户连接产品生成的数据所产生的费用。

If a data holder and a third party are unable to agree on terms for such direct access, the data subject should in no way be prevented from exercising the rights laid down in Regulation (EU) 2016/679, including the right to data portability, by seeking remedies in accordance with that Regulation.
如果数据持有者和第三方无法就此类直接访问的条款达成一致,则不应阻止数据主体行使第 (EU) 2016/679 号法规中规定的权利,包括数据可移植性的权利,根据该条例寻求补救措施。

It is to be understood in this context that, in accordance with Regulation (EU) 2016/679, a contract does not allow for the processing of special categories of personal data by the data holder or the third party.
在这种情况下,应理解,根据法规 (EU) 2016/679,合同不允许数据持有者或第三方处理特殊类别的个人数据。

(36)

Access to any data stored in and accessed from terminal equipment is subject to Directive 2002/58/EC and requires the consent of the subscriber or user within the meaning of that Directive unless it is strictly necessary for the provision of an information society service explicitly requested by the user or by the subscriber or for the sole purpose of the transmission of a communication.
访问存储在终端设备中和从终端设备访问的任何数据均须遵守指令 2002/58/EC,并需要获得该指令含义内的订户或用户的同意,除非对于提供明确要求的信息社会服务是绝对必要的。由用户或订户或仅出于通信传输的目的。

Directive 2002/58/EC protects the integrity of a user’s terminal equipment regarding the use of processing and storage capabilities and the collection of information.
指令 2002/58/EC 保护用户终端设备在处理和存储功能的使用以及信息收集方面的完整性。

Internet of Things equipment is considered to be terminal equipment if it is directly or indirectly connected to a public communications network.
如果物联网设备直接或间接连接到公共通信网络,则被视为终端设备。

(37)

In order to prevent the exploitation of users, third parties to whom data has been made available at the request of the user should process those data only for the purposes agreed with the user and share them with another third party only with the agreement of the user to such data sharing.
为了防止用户被利用,应用户请求而向其提供数据的第三方应仅出于与用户同意的目的处理这些数据,并仅在征得用户同意的情况下与其他第三方共享这些数据进行此类数据共享。

(38)

In line with the data minimisation principle, third parties should access only information that is necessary for the provision of the service requested by the user.
根据数据最小化原则,第三方应仅访问提供用户请求的服务所需的信息。

Having received access to data, the third party should process it for the purposes agreed with the user without interference from the data holder.
获得数据访问权限后,第三方应按照与用户同意的目的对其进行处理,而不受数据持有者的干扰。

It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access.
用户拒绝或停止第三方访问数据应该像用户授权访问一样容易。

Neither third parties nor data holders should make the exercise of choices or rights by the user unduly difficult, including by offering choices to the user in a non-neutral manner, or by coercing, deceiving or manipulating the user, or by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a user digital interface or a part thereof.
第三方或数据持有者均不得使用户行使选择或权利变得过于困难,包括以非中立的方式向用户提供选择,或胁迫、欺骗或操纵用户,或颠覆或损害用户的权利。用户的自主权、决策或选择,包括通过用户数字界面或其一部分。

In that context, third parties or data holders should not rely on so-called ‘dark patterns’ in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them.
在这种情况下,第三方或数据持有者在设计其数字界面时不应依赖所谓的“黑暗模式”。黑暗模式是一种设计技术,会推动或欺骗消费者做出对他们产生负面影响的决定。

Those manipulative techniques can be used to persuade users, in particular vulnerable consumers, to engage in unwanted behaviour, to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service in such a way as to subvert or impair their autonomy, decision-making and choice.
这些操纵技术可用于说服用户,特别是弱势消费者,参与不良行为,通过促使用户做出有关数据披露交易的决定来欺骗用户,或在此类情况下不合理地偏向服务用户的决策。颠覆或损害他们的自主权、决策和选择的方式。

Common and legitimate commercial practices that comply with Union law should not in themselves be regarded as constituting dark patterns.
符合欧盟法律的常见合法商业惯例本身不应被视为构成黑暗模式。

Third parties and data holders should comply with their obligations under relevant Union law, in particular the requirements laid down in Directives 98/6/EC (24) and 2000/31/EC (25) of the European Parliament and of the Council and in Directives 2005/29/EC and 2011/83/EU.
第三方和数据持有者应遵守相关欧盟法律规定的义务,特别是欧洲议会和理事会指令 98/6/EC ( 24 )和 2000/31/EC ( 25 )以及指令 2005/29/EC 和 2011/83/EU。

(39)

Third parties should also refrain from using data falling within the scope of this Regulation to profile individuals unless such processing activities are strictly necessary to provide the service requested by the user, including in the context of automated decision-making.
第三方还应避免使用本条例范围内的数据来分析个人,除非此类处理活动对于提供用户请求的服务是绝对必要的,包括在自动决策的背景下。

The requirement to erase data when no longer required for the purpose agreed with the user, unless otherwise agreed in relation to non-personal data, complements the data subject’s right to erasure pursuant to Article 17 of Regulation (EU) 2016/679.
除非就非个人数据另有约定,否则在与用户约定的目的不再需要时删除数据的要求是对数据主体根据法规 (EU) 2016/679 第 17 条的删除权的补充。

Where a third party is a provider of a data intermediation service, the safeguards for the data subject provided for by Regulation (EU) 2022/868 apply.
如果第三方是数据中介服务提供商,则适用法规 (EU) 2022/868 规定的数据主体保护措施。

The third party may use the data to develop a new and innovative connected product or related service but not to develop a competing connected product.
第三方可以使用这些数据来开发新的创新互联产品或相关服务,但不得开发竞争性互联产品。

(40)

Start-ups, small enterprises, enterprises that qualify as a medium-sized enterprises under Article 2 of the Annex to Recommendation 2003/361/EC and enterprises from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data.
初创企业、小型企业、符合第 2003/361/EC 建议书附件第 2 条规定的中型企业以及数字能力欠发达的传统行业企业很难获取相关数据。

This Regulation aims to facilitate access to data for those entities, while ensuring that the corresponding obligations are as proportionate as possible to avoid overreach.
该法规旨在促进这些实体获取数据,同时确保相应义务尽可能相称,以避免越权。

At the same time, a small number of very large enterprises have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them.
与此同时,通过海量数据的积累和聚合以及将其货币化的技术基础设施,在数字经济中出现了少数具有相当经济实力的超大型企业。

Those very large enterprises include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and which existing or new market operators are unable to challenge or contest. Regulation (EU) 2022/1925 of the European Parliament and of the Council (26) aims to redress those inefficiencies and imbalances by allowing the Commission to designate an undertaking as a ‘gatekeeper’, and imposes a number of obligations on such gatekeepers, including a prohibition to combine certain data without consent and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679.
这些超大型企业包括提供控制数字经济中整个平台生态系统的核心平台服务的企业,而现有或新的市场运营商无法挑战或竞争这些企业。欧洲议会和理事会的第 (EU) 2022/1925 号法规( 26 )旨在通过允许委员会指定一家企业作为“看门人”来纠正这些低效率和不平衡的问题,并对此类看门人施加了一系列义务,包括禁止未经同意合并某些数据,并有义务根据 (EU) 2016/679 法规第 20 条确保数据可移植性的有效权利。

In accordance with Regulation (EU) 2022/1925, and given the unrivalled ability of those undertakings to acquire data, it is not necessary to achieve the objective of this Regulation, and would therefore be disproportionate for data holders made subject to such obligations, to include gatekeeper as beneficiaries of the data access right.
根据法规 (EU) 2022/1925,并考虑到这些企业获取数据的无与伦比的能力,没有必要实现本法规的目标,因此对于受此类义务约束的数据持有者来说,将网守作为数据访问权的受益人。

Such inclusion would also likely limit the benefits of this Regulation for SMEs, linked to the fairness of the distribution of data value across market actors.
这种纳入也可能会限制该法规对中小企业的好处,这与市场参与者之间数据价值分配的公平性有关。

This means that an undertaking that provides core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a connected product or related service or by a virtual assistant pursuant to this Regulation.
这意味着,提供核心平台服务并被指定为看门人的企业不能根据本条例请求或被授予访问通过使用互联产品或相关服务或虚拟助理生成的用户数据的权限。

Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a gatekeeper. For instance, the third party may not subcontract the service provision to a gatekeeper.
此外,应用户请求向其提供数据的第三方可能不会向网守提供数据。例如,第三方不得将服务提供分包给看门人。

However, this does not prevent third parties from using data processing services offered by a gatekeeper. Nor does it prevent those undertakings from obtaining and using the same data through other lawful means.
然而,这并不妨碍第三方使用网守提供的数据处理服务。它也不阻止这些企业通过其他合法手段获取和使用相同的数据。

The access rights provided for in this Regulation contribute to a wider choice of services for consumers.
本条例规定的访问权有助于为消费者提供更广泛的服务选择。

As voluntary agreements between gatekeepers and data holders remain unaffected, the limitation on granting access to gatekeepers would not exclude them from the market or prevent them from offering their services.
由于看门人和数据持有者之间的自愿协议不受影响,对看门人访问权限的限制不会将他们排除在市场之外或阻止他们提供服务。

(41)

Given the current state of technology, it would be overly burdensome on microenterprises and small enterprises to impose further design obligations in relation to connected products manufactured or designed, or the related services provided, by them.
鉴于目前的技术状况,对微型企业和小型企业来说,对其制造或设计的互联产品或提供的相关服务施加进一步的设计义务将过于繁重。

That is not the case, however, where a microenterprise or a small enterprise has a partner enterprise or a linked enterprise within the meaning of Article 3 of the Annex to Recommendation 2003/361/EC that does not qualify as a microenterprise or a small enterprise and where it is subcontracted to manufacture or design a connected product or to provide a related service.
然而,如果微型企业或小型企业拥有第 2003/361/EC 建议书附件第 3 条含义内的伙伴企业或关联企业,但不符合微型企业或小型企业的资格,则情况并非如此以及分包制造或设计互联产品或提供相关服务的情况。

In such situations, the enterprise which has subcontracted the manufacturing or design to a microenterprise or a small enterprise is able to compensate the subcontractor appropriately.
在这种情况下,将制造或设计分包给小微企业的企业可以对分包商给予适当补偿。

A microenterprise or a small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder where it is not the manufacturer of the connected product or a provider of related services.
然而,如果微型企业或小型企业不是互联产品的制造商或相关服务的提供商,则其作为数据持有者可能需要遵守本条例规定的要求。

A transitional period should apply to an enterprise that has qualified as a medium-sized enterprise for less than one year and to connected products for one year after the date on which they were placed on the market by a medium-sized enterprise.
取得中型企业资格不足一年的企业和关联产品自上市之日起一年内适用过渡期。

Such a one-year period allows such a medium-sized enterprise to adjust and prepare before facing competition in the market for services for the connected products that it manufactures on the basis of the access rights provided by this Regulation.
这样的一年期限可以让中型企业根据本条例规定的准入权,在其生产的互联产品的服务面临市场竞争之前进行调整和准备。

Such a transitional period does not apply where such a medium-sized enterprise has a partner enterprise or a linked enterprise that does not qualify as a microenterprise or a small enterprise or where such a medium-sized enterprise was subcontracted to manufacture or design the connected product or to provide the related service.
如果此类中型企业有不符合微型企业或小型企业资格的合作企业或关联企业,或者此类中型企业被分包制造或设计关联产品,则不适用此类过渡期或提供相关服务。

(42)

Taking into account the variety of connected products producing data of different nature, volume and frequency, presenting different levels of data and cybersecurity risks and providing economic opportunities of different value, and for the purpose of ensuring consistency of data sharing practices in the internal market, including across sectors, and to encourage and promote fair data sharing practices even in areas where no such right to data access is provided for, this Regulation provides for horizontal rules on the arrangements for access to data whenever a data holder is obliged by Union law or national legislation adopted in accordance with Union law to make data available to a data recipient.
考虑到各种互联产品产生不同性质、数量和频率的数据,呈现不同程度的数据和网络安全风险并提供不同价值的经济机会,并为了确保内部市场数据共享实践的一致性,包括跨部门,并鼓励和促进公平的数据共享做法,即使在没有规定此类数据访问权的领域,本条例规定了数据持有者在欧盟法律或有义务时的数据访问安排的横向规则。根据欧盟法律通过的国家立法,向数据接收者提供数据。

Such access should be based on fair, reasonable, non-discriminatory and transparent terms and conditions. Those general access rules do not apply to obligations to make data available under Regulation (EU) 2016/679. Voluntary data sharing remains unaffected by those rules.
此类访问应基于公平、合理、非歧视和透明的条款和条件。这些一般访问规则不适用于根据 (EU) 2016/679 法规提供数据的义务。自愿数据共享不受这些规则的影响。

The non-binding model contractual terms for business-to-business data sharing to be developed and recommended by the Commission may help parties to conclude contracts which include fair, reasonable and non-discriminatory terms and conditions and which are to be implemented in a transparent way.
委员会将制定和推荐的企业对企业数据共享的非约束性示范合同条款可以帮助各方签订包含公平、合理和非歧视性条款和条件的合同,并以透明的方式实施。方式。

The conclusion of contracts, which may include the non-binding model contractual terms, should not mean that the right to share data with third parties is in any way conditional upon the existence of such a contract.
合同的签订(可能包括不具约束力的示范合同条款)不应意味着与第三方共享数据的权利以任何方式以此类合同的存在为条件。

Should parties be unable to conclude a contract on data sharing, including with the support of dispute settlement bodies, the right to share data with third parties is enforceable in national courts or tribunals.
如果各方无法签订数据共享合同,包括在争端解决机构的支持下,则可以在国家法院或法庭强制执行与第三方共享数据的权利。

(43)

On the basis of the principle of contractual freedom, parties should remain free to negotiate the precise conditions for making data available in their contracts within the framework for the general access rules for making data available.
基于合同自由原则,各方应在数据可用的一般访问规则框架内自由协商合同中数据可用的具体条件。

Terms of such contracts could include technical and organisational measures, including in relation to data security.
此类合同的条款可能包括技术和组织措施,包括与数据安全相关的措施。

(44)

In order to ensure that the conditions for mandatory data access are fair for both parties to a contract, the general rules on data access rights should refer to the rule on avoiding unfair contractual terms.
为了确保强制数据访问的条件对于合同双方而言是公平的,数据访问权的一般规则应参照避免不公平合同条款的规则。

(45)

Any agreement concluded in business-to-business relations for making data available should be non-discriminatory between comparable categories of data recipients, independently of whether the parties are large enterprises or SMEs.
在企业对企业关系中为提供数据而达成的任何协议在可比类别的数据接收者之间应是非歧视性的,无论双方是大型企业还是中小企业。

In order to compensate for the lack of information on the conditions contained in different contracts, which makes it difficult for the data recipient to assess whether the terms for making the data available are non-discriminatory, it should be the responsibility of data holders to demonstrate that a contractual term is not discriminatory.
为了弥补不同合同中所含条件信息的缺乏,导致数据接收者难以评估提供数据的条款是否具有非歧视性,数据持有者应有责任证明合同条款不具有歧视性。

It is not unlawful discrimination where a data holder uses different contractual terms for making data available if those differences are justified by objective reasons. Those obligations are without prejudice to Regulation (EU) 2016/679.
如果数据持有者使用不同的合同条款来提供数据,如果这些差异有客观原因,则不构成非法歧视。这些义务不影响 (EU) 2016/679 法规。

(46)

In order to promote continued investment in generating and making available valuable data, including investments in relevant technical tools, while at the same time avoiding excessive burdens on access to and the use of data which make data sharing no longer commercially viable, this Regulation contains the principle that in business-to-business relations data holders may request reasonable compensation when obliged pursuant to Union law or national legislation adopted in accordance with Union law to make data available to a data recipient.
为了促进对生成和提供有价值数据的持续投资,包括对相关技术工具的投资,同时避免对数据的获取和使用造成过度负担,从而使数据共享不再具有商业可行性,本条例包含以下内容:原则是,在企业对企业关系中,当根据欧盟法律或根据欧盟法律通过的国家立法有义务向数据接收者提供数据时,数据持有者可以要求合理的补偿。

Such compensation should not be understood to constitute payment for the data itself. The Commission should adopt guidelines on the calculation of reasonable compensation in the data economy.
此类补偿不应被理解为构成对数据本身的付款。委员会应采用数据经济合理补偿计算指南。

(47)

First, reasonable compensation for meeting the obligation pursuant to Union law or national legislation adopted in accordance with Union law to comply with a request to make data available may include compensation for the costs incurred in making the data available.
首先,根据联邦法律或根据联邦法律通过的国家立法履行提供数据请求的合理补偿可能包括对提供数据所产生的费用的补偿。

Those costs may be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not for data collection or production.
这些成本可能是技术成本,例如数据复制、通过电子方式传播和存储所需的成本,但不是数据收集或生产所需的成本。

Such technical costs may also include the costs for processing, necessary to make data available, including costs associated with the formatting of data. Costs related to making the data available may also include the costs of facilitating concrete data sharing requests.
此类技术成本还可能包括使数据可用所需的处理成本,包括与数据格式化相关的成本。与提供数据相关的成本还可能包括促进具体数据共享请求的成本。

They may also vary depending on the volume of the data as well as the arrangements taken for making the data available.
它们还可能根据数据量以及为提供数据而采取的安排而变化。

Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, may reduce the costs in regular or repetitive transactions in a business relationship.
数据持有者和数据接收者之间的长期安排,例如通过订阅模式或使用智能合约,可以降低业务关系中定期或重复交易的成本。

Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available.
与提供数据相关的成本要么特定于特定请求,要么与其他请求共享。在后一种情况下,单个数据接收者不应支付提供数据的全部费用。

Second, reasonable compensation may also include a margin, except regarding SMEs and not-for-profit research organisations. A margin may vary depending on factors related to the data itself, such as volume, format or nature of the data.
其次,合理的薪酬还可能包括利润,但中小企业和非营利性研究机构除外。余量可能会根据与数据本身相关的因素而变化,例如数据的数量、格式或性质。

It may consider the costs for collecting the data.
它可能会考虑收集数据的成本。

A margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high.
因此,如果数据持有者在没有大量投资的情况下为其自己的业务收集了数据,则利润可能会减少;如果为了数据持有者的业务目的而对数据收集的投资较高,则利润可能会增加。

It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the data holder’s own activities.
在数据接收者对数据的使用不影响数据持有者自身活动的情况下,可能会受到限制甚至排除。

The fact that the data is co-generated by a connected product owned, rented or leased by the user could also reduce the amount of the compensation in comparison to other situations where the data are generated by the data holder for example during the provision of a related service.
与数据持有者生成数据的其他情况相比,例如在提供数据期间,数据由用户拥有、租用或租赁的连接产品共同生成的事实也可以减少补偿金额。相关服务。

(48)

It is not necessary to intervene in the case of data sharing between large enterprises, or where the data holder is a small enterprise or a medium-sized enterprise and the data recipient is a large enterprise.
对于大型企业之间的数据共享,或者数据持有者为中小型企业、数据接收者为大型企业的情况,无需干预。

In such cases, the enterprises are considered to be capable of negotiating the compensation within the limits of what is reasonable and non-discriminatory.
在这种情况下,企业被认为有能力在合理和非歧视的范围内就赔偿进行谈判。

(49)

To protect SMEs from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the reasonable compensation for making data available to be paid by them should not exceed the costs directly related to making the data available.
为了保护中小企业免受过度的经济负担,使其在商业上难以开发和运营创新的商业模式,中小企业为提供数据而支付的合理补偿不应超过与提供数据直接相关的成本。

Directly related costs are those costs which are attributable to individual requests, taking into account that the necessary technical interfaces or related software and connectivity is to be established on a permanent basis by the data holder.
直接相关成本是指因个人请求而产生的成本,考虑到数据持有者将永久建立必要的技术接口或相关软件和连接。

The same regime should apply to not-for-profit research organisations.
同样的制度也应适用于非营利研究组织。

(50)

In duly justified cases, including where there is a need to safeguard consumer participation and competition or to promote innovation in certain markets, regulated compensation for making available specific data types may be provided for in Union law or national legislation adopted in accordance with Union law.
在正当合理的情况下,包括需要保障消费者参与和竞争或促进某些市场的创新时,可以在联盟法或根据联盟法通过的国家立法中规定对提供特定数据类型的受监管补偿。

(51)

Transparency is an important principle for ensuring that the compensation requested by a data holder is reasonable, or, if the data recipient is an SME or a not-for-profit research organisation, that the compensation does not exceed the costs directly related to making the data available to the data recipient and is attributable to the individual request concerned.
透明度是确保数据持有者要求的赔偿合理的重要原则,或者,如果数据接收者是中小企业或非营利性研究机构,则赔偿不超过与数据获取直接相关的成本。数据接收者可获得的数据可归因于有关的个人请求。

In order to put data recipients in a position to assess and verify that the compensation complies with the requirements of this Regulation, the data holder should provide to the data recipient sufficiently detailed information for the calculation of the compensation.
为了使数据接收者能够评估和验证补偿是否符合本条例的要求,数据持有者应向数据接收者提供足够详细的信息以计算补偿。

(52)

Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing.
确保采用替代方式解决因提供数据而产生的国内和跨境争端,应有利于数据持有者和数据接收者,从而增强对数据共享的信任。

Where parties cannot agree on fair, reasonable and non-discriminatory terms and conditions of making data available, dispute settlement bodies should offer a simple, fast and low-cost solution to the parties.
如果各方无法就提供数据的公平、合理和非歧视性条款和条件达成一致,争端解决机构应为各方提供简单、快速和低成本的解决方案。

While this Regulation only lays down the conditions that dispute settlement bodies need to fulfil to be certified, Member States are free to adopt any specific rules for the certification procedure, including the expiry or revocation of certification.
虽然该法规仅规定了争端解决机构获得认证所需满足的条件,但成员国可以自由采用认证程序的任何具体规则,包括认证到期或撤销。

The provisions of this Regulation on dispute settlement should not require Member States to establish dispute settlement bodies.
本条例关于争端解决的规定不应要求成员国设立争端解决机构。

(53)

The dispute settlement procedure under this Regulation is a voluntary procedure that enables users, data holders and data recipients to agree to bring their disputes before dispute settlement bodies.
本条例规定的争议解决程序是一个自愿程序,使用户、数据持有者和数据接收者同意将其争议提交争议解决机构。

Therefore, the parties should be free to address a dispute settlement body of their choice, be it within or outside of the Member States in which those parties are established.
因此,各方应可以自由地向自己选择的争端解决机构提出诉讼,无论该机构是在各方成立的成员国境内还是境外。

(54)

To avoid cases in which two or more dispute settlement bodies are seized for the same dispute, in particular in a cross-border situation, a dispute settlement body should be able to refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.
为了避免两个或多个争端解决机构因同一争端而被起诉的情况,特别是在跨境情况下,争端解决机构应该能够拒绝处理已经提交的争端解决请求在另一个争端解决机构或成员国的法院或法庭面前。

(55)

In order to ensure the uniform application of this Regulation, the dispute settlement bodies should take into account the non-binding model contractual terms to be developed and recommended by the Commission as well as Union or national law specifying data sharing obligations or guidelines issued by sectoral authorities for the application of such law.
为了确保本条例的统一适用,争端解决机构应考虑委员会制定和建议的非约束性示范合同条款以及规定数据共享义务的联盟或国家法律或部门发布的指南。适用此类法律的当局。

(56)

Parties to dispute settlement proceedings should not be prevented from exercising their fundamental rights to an effective remedy and a fair trial.
不应阻止争端解决程序各方行使其获得有效补救和公平审判的基本权利。

Therefore, the decision to submit a dispute to a dispute settlement body should not deprive those parties of their right to seek redress before a court or tribunal of a Member State. Dispute settlement bodies should make annual activity reports publicly available.
因此,将争端提交争端解决机构的决定不应剥夺当事方向成员国法院或法庭寻求补救的权利。争端解决机构应公开年度活动报告。

(57)

Data holders may apply appropriate technical protection measures to prevent the unlawful disclosure of or access to data. However, those measures should neither discriminate between data recipients, nor hinder access to or the use of data for users or data recipients.
数据持有者可以采取适当的技术保护措施,以防止非法披露或访问数据。然而,这些措施不应歧视数据接收者,也不应阻碍用户或数据接收者访问或使用数据。

In the case of abusive practices on the part of a data recipient, such as misleading the data holder by providing false information with the intent to use the data for unlawful purposes, including developing a competing connected product on the basis of the data, the data holder and, where applicable and where they are not the same person, the trade secret holder or the user can request the third party or data recipient to implement corrective or remedial measures without undue delay.
如果数据接收者有滥用行为,例如通过提供虚假信息误导数据持有者,意图将数据用于非法目的,包括基于数据开发竞争性互联产品,则数据持有人,以及在适用的情况下,如果他们不是同一个人,商业秘密持有人或用户可以要求第三方或数据接收者立即实施纠正或补救措施。

Any such requests, and in particular requests to end the production, offering or placing on the market of goods, derivative data or services, as well as those to end importation, export, storage of infringing goods or their destruction, should be assessed in the light of their proportionality in relation to the interests of the data holder, the trade secret holder or the user.
任何此类请求,特别是停止生产、提供或将商品、衍生数据或服务投放市场的请求,以及停止进口、出口、存储侵权商品或销毁侵权商品的请求,均应在考虑到它们与数据持有者、商业秘密持有者或用户利益的比例。

(58)

Where one party is in a stronger bargaining position, there is a risk that that party could leverage such a position to the detriment of the other contracting party when negotiating access to data with the result that access to data is commercially less viable and sometimes economically prohibitive.
如果一方处于更有利的谈判地位,则该方可能会在谈判数据访问时利用这一地位损害另一方的利益,从而导致数据访问在商业上不太可行,有时在经济上令人望而却步。 。

Such contractual imbalances harm all enterprises without a meaningful ability to negotiate the conditions for access to data, and which may have no choice but to accept take-it-or-leave-it contractual terms. Therefore, unfair contractual terms regulating access to and the use of data, or liability and remedies for the breach or the termination of data related obligations, should not be binding on enterprises when those terms have been unilaterally imposed on those enterprises.
这种合同不平衡会损害所有没有能力就数据访问条件进行谈判的企业,并且它们可能别无选择,只能接受要么接受要么放弃的合同条款。因此,规范数据访问和使用的不公平合同条款,或者违反或终止数据相关义务的责任和补救措施,如果这些条款是单方面强加给企业的,则不应对企业具有约束力。

(59)

Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships.
合同条款规则应考虑合同自由原则,将其作为企业对企业关系的基本概念。

Therefore, not all contractual terms should be subject to an unfairness test, but only those terms that are unilaterally imposed.
因此,并不是所有的合同条款都应该接受不公平性测试,而只有那些单方面强加的条款才应该接受不公平测试。

This concerns take-it-or-leave-it situations where one party supplies a certain contractual term and the other enterprise cannot influence the content of that term despite an attempt to negotiate it.
这涉及“要么接受要么放弃”的情况,即一方提供某一合同条款,而另一方尽管试图进行谈判,但无法影响该条款的内容。

A contractual term that is simply provided by one party and accepted by the other enterprise or a term that is negotiated and subsequently agreed in an amended form between contracting parties should not be considered to have been unilaterally imposed.
一方简单提供并被另一方接受的合同条款,或者缔约方之间经过谈判并随后以修订形式达成一致的条款,不应被视为单方面强加的。

(60)

Furthermore, the rules on unfair contractual terms should apply only to those elements of a contract that are related to making data available, that is contractual terms concerning access to and use of the data as well as liability or remedies for breach and termination of data related obligations.
此外,关于不公平合同条款的规则应仅适用于与提供数据相关的合同要素,即涉及访问和使用数据以及违反和终止相关数据的责任或补救措施的合同条款。义务。

Other parts of the same contract, unrelated to making data available, should not be subject to the unfairness test laid down in this Regulation.
同一合同的其他部分,与提供数据无关的,不应接受本条例规定的不公平性测试。

(61)

Criteria for identifying unfair contractual terms should be applied only to excessive contractual terms where a stronger bargaining position has been abused.
识别不公平合同条款的标准应仅适用于滥用更强谈判地位的过度合同条款。

The vast majority of contractual terms that are commercially more favourable to one party than to the other, including those that are normal in business-to-business contracts, are a normal expression of the principle of contractual freedom and continue to apply.
绝大多数在商业上对一方比另一方更有利的合同条款,包括企业对企业合同中的正常条款,是合同自由原则的正常表达,并继续适用。

For the purposes of this Regulation, grossly deviating from good commercial practice would include, inter alia, objectively impairing the ability of the party upon whom the term has been unilaterally imposed to protect its legitimate commercial interest in the data in question.
就本条例而言,严重偏离良好商业惯例尤其包括客观上损害单方面施加该条款的一方保护其对相关数据的合法商业利益的能力。

(62)

In order to ensure legal certainty, this Regulation establishes a list of clauses that are always considered unfair and a list of clauses that are presumed to be unfair.
为了确保法律的确定性,本条例制定了始终被视为不公平的条款清单和推定不公平的条款清单。

In the latter case, the enterprise that imposes the contractual term should be able to rebut the presumption of unfairness by demonstrating that the contractual term listed in this Regulation is not unfair in the specific case in question.
在后一种情况下,施加合同条款的企业应当能够通过证明本条例所列合同条款在具体案件中并不不公平来反驳不公平推定。

If a contractual term is not included in the list of terms that are always considered unfair or that are presumed to be unfair, the general unfairness provision applies.
如果合同条款未包含在始终被认为不公平或推定不公平的条款列表中,则适用一般不公平条款。

In that regard, the terms listed as unfair contractual terms in this Regulation should serve as a yardstick to interpret the general unfairness provision.
就此而言,本条例中列为不公平合同条款的条款应作为解释一般不公平条款的标准。

Finally, non-binding model contractual terms for business-to-business data sharing contracts to be developed and recommended by the Commission may also be helpful to commercial parties when negotiating contracts.
最后,委员会制定和推荐的企业对企业数据共享合同的非约束性示范合同条款也可能对商业方在合同谈判时有所帮助。

If a contractual term is declared to be unfair, the contract concerned should continue to apply without that term, unless the unfair contractual term is not severable from the other terms of the contract.
如果合同条款被宣布为不公平的,则有关合同应在没有该条款的情况下继续适用,除非不公平的合同条款与合同的其他条款不可分割。

(63)

In situations of exceptional need, it may be necessary for public sector bodies, the Commission, the European Central Bank or Union bodies to use in the performance of their statutory duties in the public interest existing data, including, where relevant, accompanying metadata, to respond to public emergencies or in other exceptional cases.
在特殊需要的情况下,公共部门机构、委员会、欧洲中央银行或联盟机构可能有必要在履行其符合公共利益的法定职责时使用现有数据,包括相关的随附元数据,以应对突发公共事件或其他特殊情况。

Exceptional needs are circumstances which are unforeseeable and limited in time, in contrast to other circumstances which might be planned, scheduled, periodic or frequent.
特殊需求是指不可预见且时间有限的情况,与其他可能计划、安排、定期或频繁的情况不同。

While the notion of ‘data holder’ does not, generally, include public sector bodies, it may include public undertakings. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law.
虽然“数据持有者”的概念通常不包括公共部门机构,但它可能包括公共事业。研究执行组织和研究资助组织也可以组织为公共部门机构或受公法管辖的机构。

To limit the burden on businesses, microenterprises and small enterprises should only be under the obligation to provide data to public sector bodies, the Commission, the European Central Bank or Union bodies in situations of exceptional need where such data is required to respond to a public emergency and the public sector body, the Commission, the European Central Bank or the Union body is unable to obtain such data by alternative means in a timely and effective manner under equivalent conditions.
为了限制企业的负担,微型企业和小型企业只有在特殊需要的情况下才有义务向公共部门机构、委员会、欧洲中央银行或联盟机构提供数据,以回应公众的要求。紧急情况下,公共部门机构、委员会、欧洲中央银行或欧盟机构无法在同等条件下通过其他方式及时有效地获取此类数据。

(64)

In the case of public emergencies, such as public health emergencies, emergencies resulting from natural disasters including those aggravated by climate change and environmental degradation, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold.
在突发公共卫生事件等突发公共事件、气候变化、环境恶化等自然灾害引发的突发事件以及重大网络安全事件等人为引发的重大灾害中,因使用信息而产生的公共利益数据的使用权将超过数据持有者自由处置其所持有数据的利益。

In such a case, data holders should be placed under an obligation to make the data available to public sector bodies, the Commission, the European Central Bank or Union bodies upon their request. The existence of a public emergency should be determined or declared in accordance with Union or national law and based on the relevant procedures, including those of the relevant international organisations.
在这种情况下,数据持有者应有义务根据公共部门机构、委员会、欧洲中央银行或联盟机构的要求向其提供数据。应根据欧盟或国家法律并根据相关程序(包括相关国际组织的程序)确定或宣布公共紧急状态的存在。

In such cases, the public sector body should demonstrate that the data in scope of the request could not otherwise be obtained in a timely and effective manner and under equivalent conditions, for instance by way of the voluntary provision of data by another enterprise or the consultation of a public database.
在这种情况下,公共部门机构应证明无法在同等条件下及时有效地获取请求范围内的数据,例如通过其他企业自愿提供数据或咨询的公共数据库。

(65)

An exceptional need may also arise from non-emergency situations. In such cases, a public sector body, the Commission, the European Central Bank or a Union body should be allowed to request only non-personal data.
非紧急情况也可能出现特殊需求。在这种情况下,应允许公共部门机构、委员会、欧洲中央银行或联盟机构仅请求非个人数据。

The public sector body should demonstrate that the data are necessary for the fulfilment of a specific task carried out in the public interest that has been explicitly provided for by law, such as the production of official statistics or the mitigation of or recovery from a public emergency.
公共部门机构应证明这些数据对于完成法律明确规定的公共利益所执行的特定任务是必要的,例如官方统计数据的编制或公共紧急情况的缓解或恢复。

In addition, such a request can be made only when the public sector body, the Commission, the European Central Bank or a Union body has identified specific data that could not otherwise be obtained in a timely and effective manner and under equivalent conditions and only if it has exhausted all other means at its disposal to obtain such data, such as obtaining the data through voluntary agreements, including purchasing of non-personal data on the market by offering market rates, or by relying on existing obligations to make data available or the adoption of new legislative measures which could guarantee the timely availability of data.
此外,只有当公共部门机构、委员会、欧洲中央银行或欧盟机构已确定无法在同等条件下及时有效地获取的具体数据时,才能提出此类请求它已用尽所有其他手段来获取此类数据,例如通过自愿协议获取数据,包括通过提供市场价格在市场上购买非个人数据,或依靠现有的提供数据的义务或采取新的立法措施,保证及时提供数据。

The conditions and principles governing requests, such as those related to purpose limitation, proportionality, transparency and time limitation, should also apply.
管理请求的条件和原则,例如与目的限制、相称性、透明度和时间限制相关的条件和原则,也应适用。

In cases of requests for data necessary for the production of official statistics, the requesting public sector body should also demonstrate whether the national law allows it to purchase non-personal data on the market.
如果请求提供官方统计数据所需的数据,提出请求的公共部门机构还应证明国家法律是否允许其在市场上购买非个人数据。

(66)

This Regulation should not apply to, or pre-empt, voluntary arrangements for the exchange of data between private and public entities, including the provision of data by SMEs, and is without prejudice to Union legal acts providing for mandatory information requests by public entities to private entities.
本条例不应适用于或优先于私营和公共实体之间交换数据的自愿安排,包括中小企业提供的数据,并且不妨碍规定公共实体强制要求信息的欧盟法律法案私人实体。

Obligations placed on data holders to provide data that are motivated by needs of a non-exceptional nature, in particular where the range of data and of data holders is known or where data use can take place on a regular basis, as in the case of reporting obligations and internal market obligations, should not be affected by this Regulation.
数据持有者有义务出于非特殊性质的需要而提供数据,特别是在数据和数据持有者的范围已知或可以定期使用数据的情况下,例如报告义务和内部市场义务不应受到本条例的影响。

Requirements to access data to verify compliance with applicable rules, including where public sector bodies assign the task of the verification of compliance to entities other than public sector bodies, should also not be affected by this Regulation.
访问数据以验证是否遵守适用规则的要求,包括公共部门机构将验证合规性任务分配给公共部门机构以外的实体的情况,也不应受到本条例的影响。

(67)

This Regulation complements and is without prejudice to the Union and national law providing for access to and the use of data for statistical purposes, in particular Regulation (EC) No 223/2009 of the European Parliament and of the Council (27) as well as national legal acts related to official statistics.
本法规补充且不损害为统计目的而获取和使用数据的欧盟和国家法律,特别是欧洲议会和理事会第 223/2009 号法规 (EC) ( 27 )以及与官方统计有关的国家法律行为。

(68)

For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies, the Commission, the European Central Bank or Union bodies should rely on their powers under Union or national law.
为了在预防、调查、侦查或起诉刑事或行政犯罪或执行刑事和行政处罚以及收集用于税收或海关目的的数据方面执行任务,公共部门机构、委员会,欧洲中央银行或联盟机构应依靠联盟或国家法律赋予的权力。

This Regulation accordingly does not affect legislative acts on the sharing, access to and use of data in those areas.
因此,本条例不影响这些领域有关数据共享、访问和使用的立法行为。

(69)

In accordance with Article 6(1) and (3) of Regulation (EU) 2016/679, a proportionate, limited and predictable framework at Union level is necessary when providing for the legal basis for the making available of data by data holders, in cases of exceptional needs, to public sector bodies, the Commission, the European Central Bank or Union bodies, both to ensure legal certainty and to minimise the administrative burdens placed on businesses.
根据 (EU) 2016/679 条例第 6(1) 和 (3) 条,在为数据持有者提供数据提供法律依据时,欧盟层面需要有一个相称、有限和可预测的框架,在特殊需要的情况下,向公共部门机构、委员会、欧洲中央银行或联盟机构提供帮助,以确保法律确定性并尽量减少企业的行政负担。

To that end, data requests from public sector bodies, the Commission, the European Central Bank or Union bodies to data holders should be specific, transparent and proportionate in their scope of content and their granularity.
为此,公共部门机构、委员会、欧洲中央银行或联盟机构向数据持有者提出的数据请求应具体、透明且内容范围和粒度相称。

The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to carry out its specific tasks in the public interest. The request should also respect the legitimate interests of the data holder to whom the request is made.
请求的目的和所请求数据的预期用途应具体且清楚地解释,同时允许请求实体具有适当的灵活性,以便为了公共利益执行其特定任务。该请求还应尊重收到请求的数据持有者的合法利益。

The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or the Commission, the European Central Bank or Union bodies.
应通过要求请求实体遵守一次性原则来最大程度地减少数据持有者的负担,该原则可防止多个公共部门机构或委员会、欧洲中央银行或联盟机构多次请求相同的数据。

To ensure transparency, data requests made by the Commission, the European Central Bank or Union bodies should be made public without undue delay by the entity requesting the data. The European Central Bank and Union bodies should inform the Commission of their requests.
为了确保透明度,请求数据的实体应立即公开委员会、欧洲中央银行或联盟机构提出的数据请求,不得无故拖延。欧洲中央银行和联盟机构应将其请求告知委员会。

If the data request has been made by a public sector body, that body should also notify the data coordinator of the Member State where the public sector body is established. Online public availability of all requests should be ensured.
如果数据请求是由公共部门机构提出的,该机构还应通知该公共部门机构所在成员国的数据协调员。应确保所有请求均可在线公开。

Upon the receipt of a notification of a data request, the competent authority can decide to assess the lawfulness of the request and exercise its functions in relation to the enforcement and application of this Regulation.
收到数据请求通知后,主管机关可以决定评估请求的合法性,并行使其与本条例的执行和适用有关的职能。

Online public availability of all requests made by public sector bodies should be ensured by the data coordinator.
数据协调员应确保公共部门机构提出的所有请求均可在线公开获取。

(70)

The objective of the obligation to provide the data is to ensure that public sector bodies, the Commission, the European Central Bank or Union bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided for by law.
提供数据义务的目的是确保公共部门机构、委员会、欧洲中央银行或联盟机构拥有必要的知识来应对、预防公共紧急情况或从公共紧急情况中恢复,或保持完成特定任务的能力法律有明确规定。

The data obtained by those entities may be commercially sensitive. Therefore, neither Regulation (EU) 2022/868 nor Directive (EU) 2019/1024 of the European Parliament and of the Council (28) should apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties.
这些实体获得的数据可能具有商业敏感性。因此,欧洲议会和理事会的法规 (EU) 2022/868 和指令 (EU) 2019/1024 ( 28 )均不应适用于根据本法规提供的数据,并且不应被视为可供重复使用的开放数据。第三方。

This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data.
然而,这不应影响指令 (EU) 2019/1024 对官方统计数据的再利用的适用性,前提是再利用不包括基础数据。

In addition, provided the conditions laid down in this Regulation are met, the possibility of sharing the data for conducting research or for the development, production and dissemination of official statistics should not be affected.
此外,只要满足本条例规定的条件,为开展研究或开发、制作和传播官方统计数据而共享数据的可能性不应受到影响。

Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies, the Commission, the European Central Bank or Union bodies in order to address the exceptional needs for which the data has been requested.
还应允许公共部门机构与其他公共部门机构、委员会、欧洲中央银行或联盟机构交换根据本条例获得的数据,以满足请求数据的特殊需求。

(71)

Data holders should have the possibility to either decline a request made by a public sector body, the Commission, the European Central Bank or a Union body or seek its modification without undue delay and, in any event, no later than within a period of five or 30 working days, depending on the nature of the exceptional need invoked in the request. Where relevant, the data holder should have this possibility where it does not have control over the data requested, namely where it does not have immediate access to the data and cannot determine its availability.
数据持有者应有权拒绝公共部门机构、委员会、欧洲中央银行或欧盟机构提出的请求,或寻求修改,不得无故拖延,并且在任何情况下不得迟于五年内或 30 个工作日,具体取决于请求中提到的特殊需要的性质。在相关的情况下,数据持有者在无法控制所请求的数据的情况下,即在无法立即访问数据且无法确定其可用性的情况下,应该具有这种可能性。

A valid reason not to make the data available should exist if it can be shown that the request is similar to a previously submitted request for the same purpose by another public sector body or the Commission, the European Central Bank or a Union body and the data holder has not been notified of the erasure of the data pursuant to this Regulation.
如果可以证明该请求与另一个公共部门机构或委员会、欧洲中央银行或欧盟机构之前出于同一目的提交的请求相似,并且该数据是不提供数据的,则应存在不提供数据的正当理由。持有人尚未收到根据本条例删除数据的通知。

A data holder declining the request or seeking its modification should communicate the underlying justification to the public sector body, the Commission, the European Central Bank or a Union body requesting the data. Where the sui generis database rights under Directive 96/9/EC of the European Parliament and of the Council (29) apply in relation to the requested datasets, data holders should exercise their rights in such a way that does not prevent the public sector body, the Commission, the European Central Bank or Union body from obtaining the data, or from sharing it, in accordance with this Regulation.
拒绝请求或寻求修改的数据持有者应向请求数据的公共部门机构、委员会、欧洲中央银行或欧盟机构传达基本理由。如果欧洲议会和理事会第 96/9/EC 号指令( 29 )规定的特殊数据库权利适用于所请求的数据集,则数据持有者应以不妨碍公共部门机构的方式行使其权利。 、委员会、欧洲中央银行或联盟机构根据本条例获取或共享数据。

(72)

In the case of an exceptional need related to a public emergency response, public sector bodies should use non-personal data wherever possible. In the case of requests on the basis of an exceptional need not related to a public emergency, personal data cannot be requested.
在与公共应急响应相关的特殊需要的情况下,公共部门机构应尽可能使用非个人数据。如果是基于与公共紧急情况无关的特殊需要而提出的请求,则不能请求个人数据。

Where personal data fall within the scope of the request, the data holder should anonymise the data.
如果个人数据属于请求范围,数据持有者应对数据进行匿名化处理。

Where it is strictly necessary to include personal data in the data to be made available to a public sector body, the Commission, the European Central Bank or a Union body or where anonymisation proves impossible, the entity requesting the data should demonstrate the strict necessity and the specific and limited purposes for processing.
如果绝对有必要将个人数据包含在向公共部门机构、委员会、欧洲中央银行或欧盟机构提供的数据中,或者在事实证明无法匿名化的情况下,请求数据的实体应证明其严格必要性和处理的具体和有限目的。

The applicable rules on personal data protection should be complied with. The making available of the data and their subsequent use should be accompanied by safeguards for the rights and interests of individuals concerned by those data.
应遵守有关个人数据保护的适用规则。数据的提供及其后续使用应同时保障与这些数据相关的个人的权利和利益。

(73)

Data made available to public sector bodies, the Commission, the European Central Bank or Union bodies on the basis of an exceptional need should be used only for the purposes for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes.
出于特殊需要向公共部门机构、委员会、欧洲中央银行或联盟机构提供的数据只能用于所要求的目的,除非提供数据的数据持有者明确同意将数据用于其他目的。

The data should be erased once it is no longer necessary for the purposes stated in the request, unless agreed otherwise, and the data holder should be informed thereof.
除非另有约定,一旦不再需要用于请求中所述的目的,则应删除数据,并应将此情况通知数据持有者。

This Regulation builds on the existing access regimes in the Union and the Member States and does not change the national law on public access to documents in the context of transparency obligations.
该法规建立在欧盟和成员国现有的获取制度的基础上,不会改变关于在透明度义务的背景下公众获取文件的国家法律。

Data should be erased once it is no longer needed to comply with such transparency obligations.
一旦不再需要遵守此类透明度义务,数据就应被删除。

(74)

When reusing data provided by data holders, public sector bodies, the Commission, the European Central Bank or Union bodies should respect both existing applicable Union or national law and contractual obligations to which the data holder is subject.
在重复使用数据持有者、公共部门机构、委员会、欧洲中央银行或联盟机构提供的数据时,应尊重现有适用的联盟或国家法律以及数据持有者应遵守的合同义务。

They should refrain from developing or enhancing a connected product or related service that compete with the connected product or related service of the data holder as well as from sharing the data with a third party for those purposes.
他们应避免开发或增强与数据持有者的互联产品或相关服务竞争的互联产品或相关服务,以及出于这些目的与第三方共享数据。

They should likewise provide public acknowledgement to the data holders upon their request and should be responsible for maintaining the security of the data received.
他们同样应根据数据持有者的要求向其提供公开确认,并应负责维护所收到数据的安全。

Where the disclosure of trade secrets of the data holder to public sector bodies, the Commission, the European Central Bank or Union bodies is strictly necessary to fulfil the purpose for which the data has been requested, confidentiality of such disclosure should be guaranteed prior to the disclosure of data.
如果向公共部门机构、委员会、欧洲中央银行或联盟机构披露数据持有者的商业秘密对于实现所要求的数据的目的是绝对必要的,则应在披露之前保证此类披露的机密性。数据披露。

(75)

When the safeguarding of a significant public good is at stake, such as responding to public emergencies, the public sector body, the Commission, the European Central Bank or the Union body concerned should not be expected to compensate enterprises for the data obtained.
当保护重大公共利益受到威胁时,例如应对公共紧急情况,不应期望公共部门机构、委员会、欧洲中央银行或相关联盟机构就所获得的数据向企业提供补偿。

Public emergencies are rare events and not all such emergencies require the use of data held by enterprises. At the same time, the obligation to provide data might constitute a considerable burden on microenterprises and small enterprises.
突发公共事件属于罕见事件,并非所有此类突发事件都需要使用企业掌握的数据。同时,提供数据的义务可能对微型企业和小型企业构成相当大的负担。

They should therefore be allowed to claim compensation even in the context of a public emergency response.
因此,即使是在公共紧急响应的情况下,也应该允许他们要求赔偿。

The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies, the Commission, the European Central Bank or Union bodies having recourse to this Regulation.
因此,数据持有者的商业活动不太可能因公共部门机构、委员会、欧洲中央银行或联盟机构诉诸本法规而受到负面影响。

However, as cases of an exceptional need, other than cases of responding to public emergencies, might be more frequent, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body, the Commission, the European Central Bank or the Union body.
然而,由于除了应对公共紧急情况之外的特殊需要的情况可能会更加频繁,因此在这种情况下,数据持有者应有权获得合理的补偿,该补偿不应超过为满足请求而产生的技术和组织成本以及向公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据所需的合理余量。

The compensation should not be understood as constituting payment for the data itself or as being compulsory.
补偿不应被理解为构成对数据本身的支付或被理解为强制性的。

Data holders should not be able to claim compensation where national law prevents national statistical institutes or other national authorities responsible for the production of statistics from compensating data holders for making data available.
如果国家法律禁止国家统计机构或负责统计数据制作的其他国家当局因提供数据而向数据持有者提供补偿,则数据持有者不应要求赔偿。

The public sector body, the Commission, the European Central Bank or the Union body concerned should be able to challenge the level of compensation requested by the data holder by bringing the matter to the competent authority of the Member State where the data holder is established.
公共部门机构、委员会、欧洲中央银行或相关联盟机构应能够通过将此事提交给数据持有者所在成员国的主管当局,对数据持有者要求的赔偿水平提出质疑。

(76)

A public sector body, the Commission, the European Central Bank or a Union body should be entitled to share the data it has obtained pursuant to the request with other entities or persons when this is necessary to carry out scientific research activities or analytical activities it cannot perform itself, provided that those activities are compatible with the purpose for which the data was requested.
公共部门机构、委员会、欧洲中央银行或联盟机构应有权在有必要开展其无法开展的科学研究活动或分析活动时,与其他实体或个人分享其根据请求获得的数据。自行执行,前提是这些活动符合所请求数据的目的。

It should inform the data holder of such sharing in a timely manner. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the development, production and dissemination of official statistics.
应及时告知数据持有者此类共享情况。在相同情况下,此类数据还可与国家统计机构和欧盟统计局共享,以开发、制作和传播官方统计数据。

Such research activities should, however, be compatible with the purpose for which the data was requested and the data holder should be informed about the further sharing of the data it has provided.
然而,此类研究活动应与请求数据的目的相一致,并且应告知数据持有者有关其所提供数据的进一步共享的信息。

Individuals conducting research or research organisations with whom those data may be shared should act either on a not-for-profit basis or in the context of a public-interest mission recognised by the State.
进行研究的个人或可能与之共享这些数据的研究组织应该在非营利的基础上或在国家认可的公共利益使命的背景下行事。

Organisations upon which commercial undertakings have a significant influence, allowing such undertakings to exercise control due to structural situations which could result in preferential access to the results of the research, should not be considered to be research organisations for the purposes of this Regulation.
就本条例而言,商业企业对其具有重大影响力的组织,由于可能导致优先获得研究结果的结构性情况而允许此类企业行使控制权,不应被视为研究组织。

(77)

In order to handle a cross-border public emergency or another exceptional need, data requests may be addressed to data holders in Member States other than that of the requesting public sector body.
为了处理跨境公共紧急情况或其他特殊需求,数据请求可能会向请求公共部门机构以外的成员国的数据持有者提出。

In such a case, the requesting public sector body should notify the competent authority of the Member State where the data holder is established in order to allow it to examine the request against the criteria established in this Regulation.
在这种情况下,提出请求的公共部门机构应通知数据持有者所在成员国的主管当局,以便其根据本条例规定的标准审查请求。

The same should apply to requests made by the Commission, the European Central Bank or a Union body.
这同样适用于委员会、欧洲中央银行或欧盟机构提出的请求。

Where personal data are requested, the public sector body should notify the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 in the Member State where the public sector body is established.
如果要求提供个人数据,公共部门机构应通知负责监督该公共部门机构所在成员国的 (EU) 2016/679 条例实施情况的监管机构。

The competent authority concerned should be entitled to advise the public sector body, the Commission, the European Central Bank or the Union body to cooperate with the public sector bodies of the Member State in which the data holder is established on the need to ensure a minimised administrative burden on the data holder.
有关主管当局应有权建议公共部门机构、委员会、欧洲中央银行或欧盟机构与数据持有者所在成员国的公共部门机构合作,以确保最大限度地减少数据损失。数据持有者的行政负担。

When the competent authority has substantiated objections as regards the compliance of the request with this Regulation, it should reject the request of the public sector body, the Commission, the European Central Bank or the Union body, which should take those objections into account before taking any further action, including resubmitting the request.
当主管当局对请求符合本条例提出异议时,应拒绝公共部门机构、委员会、欧洲中央银行或联盟机构的请求,这些机构在采取行动之前应考虑这些异议任何进一步的行动,包括重新提交请求。

(78)

The ability of customers of data processing services, including cloud and edge services, to switch from one data processing service to another while maintaining a minimum functionality of service and without downtime of services, or to use the services of several providers simultaneously without undue obstacles and data transfer costs, is a key condition for a more competitive market with lower entry barriers for new providers of data processing services, and for ensuring further resilience for the users of those services.
数据处理服务(包括云和边缘服务)的客户能够从一种数据处理服务切换到另一种数据处理服务,同时保持最低限度的服务功能且不会造成服务停机,或者在没有不当障碍的情况下同时使用多个提供商的服务,以及数据传输成本是市场竞争更加激烈、新的数据处理服务提供商进入门槛较低以及确保这些服务用户进一步适应能力的关键条件。

Customers benefiting from free-tier offerings should also benefit from the provisions for switching that are laid down in this Regulation, so that those offerings do not result in a lock-in situation for customers.
受益于免费套餐产品的客户还应受益于本法规中规定的转换条款,以便这些产品不会导致客户被锁定。

(79)

Regulation (EU) 2018/1807 of the European Parliament and of the Council (30) encourages providers of data processing services to develop and effectively implement self-regulatory codes of conduct covering best practices for, inter alia, facilitating the switching of providers of data processing services and the porting of data.
欧洲议会和理事会 (EU) 2018/1807 号法规( 30 )鼓励数据处理服务提供商制定并有效实施自律行为准则,涵盖最佳实践,尤其是促进数据提供商的转换处理服务和数据移植。

Given the limited uptake of the self-regulatory frameworks developed in response, and the general unavailability of open standards and interfaces, it is necessary to adopt a set of minimum regulatory obligations for providers of data processing services to eliminate pre-commercial, commercial, technical, contractual and organisational obstacles, which are not limited to reduced speed of data transfer at the customer’s exit, which hamper effective switching between data processing services.
鉴于相应制定的自律框架的采用有限,并且开放标准和接口普遍不可用,有必要对数据处理服务提供商采取一套最低监管义务,以消除预商业、商业、技术方面的风险。 、合同和组织障碍,这些障碍不仅限于客户出口处数据传输速度的降低,这阻碍了数据处理服务之间的有效切换。

(80)

Data processing services should cover services that allow ubiquitous and on-demand network access to a configurable, scalable and elastic shared pool of distributed computing resources.
数据处理服务应涵盖允许无处不在且按需网络访问可配置、可扩展和弹性的分布式计算资源共享池的服务。

Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, software, including software development tools, storage, applications and services.
这些计算资源包括网络、服务器或其他虚拟或物理基础设施、软件(包括软件开发工具)、存储、应用程序和服务等资源。

The capability of the customer of the data processing service to unilaterally self-provision computing capabilities, such as server time or network storage, without any human interaction by the provider of data processing services could be described as requiring minimal management effort and as entailing minimal interaction between provider and customer.
数据处理服务的客户单方面自行提供计算能力(例如服务器时间或网络存储)而无需数据处理服务提供商进行任何人工交互的能力可以被描述为需要最少的管理工作并需要最少的交互供应商和客户之间。

The term ‘ubiquitous’ is used to describe the computing capabilities provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations).
“无处不在”一词用于描述通过网络提供的计算能力,并通过促进使用异构瘦客户端或胖客户端平台(从网络浏览器到移动设备和工作站)的机制来访问。

The term ‘scalable’ refers to computing resources that are flexibly allocated by the provider of data processing services, irrespective of the geographical location of the resources, in order to handle fluctuations in demand.
术语“可扩展”是指数据处理服务提供商可以灵活地分配计算资源,而不管资源的地理位置如何,以应对需求的波动。

The term ‘elastic’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload.
术语“弹性”用于描述根据需求配置和释放的计算资源,以便根据工作负载快速增加或减少可用资源。

The term ‘shared pool’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment.
术语“共享池”用于描述那些提供给多个用户的计算资源,这些用户共享对服务的共同访问,但其中处理是针对每个用户单独执行的,尽管服务是从相同的电子设备提供的。

The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing.
术语“分布式”用于描述位于不同联网计算机或设备上并且通过消息传递在它们之间进行通信和协调的那些计算资源。

The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device.
术语“高度分布式”用于描述涉及更接近数据生成或收集位置的数据处理的数据处理服务,例如在连接的数据处理设备中。

Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset.
边缘计算是这种高度分布式数据处理的一种形式,预计将产生新的业务模型和云服务交付模型,这些模型从一开始就应该是开放和可互操作的。

(81)

The generic concept ‘data processing services’ covers a substantial number of services with a very broad range of different purposes, functionalities and technical set-ups.
“数据处理服务”这一通用概念涵盖了大量具有不同目的、功能和技术设置的服务。

As commonly understood by providers and users and in line with broadly used standards, data processing services fall into one or more of the following three data processing service delivery models, namely Infrastructure as a Service (IaaS), Platform as a service (PaaS) and Software as a Service (SaaS).
正如提供商和用户普遍理解的那样,根据广泛使用的标准,数据处理服务属于以下三种数据处理服务交付模型中的一种或多种,​​即基础设施即服务(IaaS)、平台即服务(PaaS)和软件即服务 (SaaS)。

Those service delivery models represent a specific, pre-packaged combination of ICT resources offered by a provider of data processing service.
这些服务交付模型代表了数据处理服务提供商提供的特定的、预先打包的 ICT 资源组合。

Those three fundamental data processing delivery models are further complemented by emerging variations, each comprised of a distinct combination of ICT resources, such as Storage as a Service and Database as a Service.
这三种基本的数据处理交付模型得到了新兴变体的进一步补充,每种模型都由 ICT 资源的独特组合组成,例如存储即服务和数据库即服务。

Data processing services can be categorised in a more granular way and div