这是用户在 2024-8-8 22:13 为 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R2854 保存的双语快照页面,由 沉浸式翻译 提供双语支持。了解如何保存?
An official website of the European UnionAn official EU website

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32023R2854

Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)
欧洲议会和理事会 2023 年 12 月 13 日颁布的关于公平访问和使用数据的统一规则的条例 (EU) 2023/2854 以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法) )(与欧洲经济区相关的文本)

PE/49/2023/REV/1

OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
OJ L,2023/2854,2023 年 12 月 22 日,ELI: http://data.europa.eu/eli/reg/2023/2854/oj (BG、ES、CS、DA、DE、ET、EL、EN、FR 、GA、HR、IT、LV、LT、HU、MT、NL、PL、PT、RO、SK、SL、FI、SV)

Legal status of the document In force
Legal status of the document 现行

ELI: http://data.europa.eu/eli/reg/2023/2854/oj
ELI: http://data.europa.eu/eli/reg/2023/2854/oj

European flag

Official Journal  官方期刊
of the European Union 欧盟的

EN CN

Series L L系列


2023/2854

22.12.2023

REGULATION (EU) 2023/2854 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
欧洲议会和理事会 (EU) 2023/2854 号条例

of 13 December 2023  2023 年 12 月 13 日

on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
关于公平访问和使用数据的统一规则以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法)

(Text with EEA relevance)
(与欧洲经济区相关的文本)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
欧洲议会和欧盟理事会,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
考虑到《欧洲联盟运作条约》,特别是其中第 114 条,

Having regard to the proposal from the European Commission,
考虑到欧盟委员会的提议,

After transmission of the draft legislative act to the national parliaments,
在将立法法案草案转交各国议会后,

Having regard to the opinion of the European Central Bank (1),
考虑到欧洲央行的意见( 1 )

Having regard to the opinion of the European Economic and Social Committee (2),
考虑到欧洲经济和社会委员会的意见( 2 )

Having regard to the opinion of the Committee of the Regions (3),
考虑到地区委员会的意见( 3 )

Acting in accordance with the ordinary legislative procedure (4),
按照普通立法程序行事( 4 ) ,

Whereas: 然而:

(1)

In recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation of products connected to the internet in particular has increased the volume and potential value of data for consumers, businesses and society.
近年来,数据驱动技术对所有经济部门产生了变革性影响。特别是连接到互联网的产品的激增增加了消费者、企业和社会的数据量和潜在价值。

High-quality and interoperable data from different domains increase competitiveness and innovation and ensure sustainable economic growth. The same data may be used and reused for a variety of purposes and to an unlimited degree, without any loss of quality or quantity.
来自不同领域的高质量和可互操作的数据可以提高竞争力和创新,并确保可持续的经济增长。相同的数据可以无限程度地用于各种目的和重复使用,而不会造成质量或数量的损失。

(2)

Barriers to data sharing prevent an optimal allocation of data for the benefit of society.
数据共享的障碍阻碍了数据的优化分配以造福社会。

Those barriers include a lack of incentives for data holders to enter voluntarily into data sharing agreements, uncertainty about rights and obligations in relation to data, the costs of contracting and implementing technical interfaces, the high level of fragmentation of information in data silos, poor metadata management, the absence of standards for semantic and technical interoperability, bottlenecks impeding data access, a lack of common data sharing practices and the abuse of contractual imbalances with regard to data access and use.
这些障碍包括数据持有者缺乏自愿签订数据共享协议的激励、数据相关权利和义务的不确定性、签订合同和实施技术接口的成本、数据孤岛中信息的高度碎片化、元数据匮乏管理、缺乏语义和技术互操作性标准、阻碍数据访问的瓶颈、缺乏共同的数据共享做法以及滥用数据访问和使用方面的合同不平衡。

(3)

In sectors characterised by the presence of microenterprises, small enterprises and medium-sized enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC (5) (SMEs), there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds them in the system or due to a lack of interoperability between data, between data services or across borders.
在委员会建议 2003/361/EC ( 5 )附件第 2 条所定义的以微型企业、小型企业和中型企业(中小企业)为特征的部门中,往往缺乏数字能力和技能来收集、分析和使用数据,如果一个参与者将数据保存在系统中,或者由于数据之间、数据服务之间或跨境缺乏互操作性,访问通常会受到限制。

(4)

In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, it is necessary to lay down a harmonised framework specifying who is entitled to use product data or related service data, under which conditions and on what basis.
为了满足数字经济的需求并消除内部数据市场运作良好的障碍,有必要制定一个统一的框架,规定谁有权使用产品数据或相关服务数据,在什么条件下以及基于什么基础。

Accordingly, Member States should not adopt or maintain additional national requirements regarding matters falling within the scope of this Regulation, unless explicitly provided for herein, since this would affect its direct and uniform application.
因此,除非本条例明确规定,否则成员国不应就本条例范围内的事项采用或维持额外的国家要求,因为这将影响其直接和统一的适用。

Moreover, action at Union level should be without prejudice to obligations and commitments in the international trade agreements concluded by the Union.
此外,联盟层面的行动不应损害联盟缔结的国际贸易协定中的义务和承诺。

(5)

This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice.
该法规确保欧盟内联网产品或相关服务的用户能够及时访问使用该联网产品或相关服务所生成的数据,并且这些用户可以使用这些数据,包括通过与其他人共享这些数据。他们选择的第三方。

It imposes the obligation on data holders to make data available to users and third parties of the user’s choice in certain circumstances.
它规定数据持有者有义务在某些情况下向用户和用户选择的第三方提供数据。

It also ensures that data holders make data available to data recipients in the Union under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner. Private law rules are key in the overall framework for data sharing.
它还确保数据持有者根据公平、合理和非歧视性的条款和条件并以透明的方式向欧盟的数据接收者提供数据。私法规则是数据共享整体框架的关键。

Therefore, this Regulation adapts rules of contract law and prevents the exploitation of contractual imbalances that hinder fair access to and use of data.
因此,该条例适应了合同法的规则,并防止利用合同不平衡来阻碍数据的公平访问和使用。

This Regulation also ensures that data holders make available to public sector bodies, the Commission, the European Central Bank or Union bodies, where there is an exceptional need, the data that are necessary for the performance of a specific task carried out in the public interest. In addition, this Regulation seeks to facilitate switching between data processing services and to enhance the interoperability of data and of data sharing mechanisms and services in the Union.
该法规还确保数据持有者在有特殊需要时向公共部门机构、委员会、欧洲中央银行或联盟机构提供执行为了公共利益而执行的特定任务所需的数据。此外,该条例旨在促进数据处理服务之间的切换,并增强联盟内数据以及数据共享机制和服务的互操作性。

This Regulation should not be interpreted as recognising or conferring any new right on data holders to use data generated by the use of a connected product or related service.
本法规不应被解释为承认或授予数据持有者使用通过连接产品或相关服务生成的数据的任何新权利。

(6)

Data generation is the result of the actions of at least two actors, in particular the designer or manufacturer of a connected product, who may in many cases also be a provider of related services, and the user of the connected product or related service.
数据生成是至少两个参与者的行为的结果,特别是互联产品的设计者或制造商,他们在许多情况下也可能是相关服务的提供商,以及互联产品或相关服务的用户。

It gives rise to questions of fairness in the digital economy as the data recorded by connected products or related services are an important input for aftermarket, ancillary and other services.
它引发了数字经济的公平问题,因为互联产品或相关服务记录的数据是售后、辅助和其他服务的重要输入。

In order to realise the important economic benefits of data, including by way of data sharing on the basis of voluntary agreements and the development of data-driven value creation by Union enterprises, a general approach to assigning rights regarding access to and the use of data is preferable to awarding exclusive rights of access and use.
为了实现数据的重要经济利益,包括通过基于自愿协议的数据共享以及联盟企业数据驱动的价值创造的发展,制定了分配数据访问和使用权利的通用方法优于授予访问和使用的专有权。

This Regulation provides for horizontal rules which could be followed by Union or national law that addresses the specific situations of the relevant sectors.
该法规规定了横向规则,联盟或国家法律可以遵循这些规则来解决相关部门的具体情况。

(7)

The fundamental right to the protection of personal data is safeguarded, in particular, by Regulations (EU) 2016/679 (6) and (EU) 2018/1725 (7) of the European Parliament and of the Council. Directive 2002/58/EC of the European Parliament and of the Council (8) additionally protects private life and the confidentiality of communications, including by way of conditions on any personal and non-personal data storing in, and access from, terminal equipment.
保护个人数据的基本权利尤其受到欧洲议会和理事会条例 (EU) 2016/679 ( 6 )和 (EU) 2018/1725 ( 7 ) 的保障。欧洲议会和理事会的指令 2002/58/EC ( 8 )还保护私人生活和通信的机密性,包括对终端设备中存储和访问的任何个人和非个人数据设定条件。

Those Union legislative acts provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data.
这些欧盟立法法案为可持续和负责任的数据处理提供了基础,包括数据集包含个人和非个人数据的情况。

This Regulation complements and is without prejudice to Union law on the protection of personal data and privacy, in particular Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive 2002/58/EC.
本法规补充且不影响关于保护个人数据和隐私的欧盟法律,特别是法规 (EU) 2016/679 和 (EU) 2018/1725 以及指令 2002/58/EC。

No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications.
本条例的任何条款的应用或解释均不应削弱或限制个人数据保护权或通信隐私权和保密权。

Any processing of personal data pursuant to this Regulation should comply with Union data protection law, including the requirement of a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC.
根据本条例对个人数据进行的任何处理均应遵守欧盟数据保护法,包括根据 (EU) 2016/679 条例第 6 条进行处理的有效法律依据的要求,以及(如果相关)该条例第 9 条的条件2002/58/EC 指令第 5(3) 条的规定。

This Regulation does not constitute a legal basis for the collection or generation of personal data by the data holder.
本条例不构成数据持有者收集或生成个人数据的法律依据。

This Regulation imposes an obligation on data holders to make personal data available to users or third parties of a user’s choice upon that user’s request. Such access should be provided to personal data that are processed by the data holder on the basis of any of the legal bases referred to in Article 6 of Regulation (EU) 2016/679.
该法规规定数据持有者有义务根据用户的请求向用户或用户选择的第三方提供个人数据。应向数据持有者根据 (EU) 2016/679 法规第 6 条中提到的任何法律依据处理的个人数据提供此类访问权限。

Where the user is not the data subject, this Regulation does not create a legal basis for providing access to personal data or for making personal data available to a third party and should not be understood as conferring any new right on the data holder to use personal data generated by the use of a connected product or related service.
如果用户不是数据主体,本条例并不为提供个人数据访问或向第三方提供个人数据建立法律依据,并且不应被理解为授予数据持有者使用个人数据的任何新权利。使用连接产品或相关服务生成的数据。

In those cases, it could be in the interest of the user to facilitate meeting the requirements of Article 6 of Regulation (EU) 2016/679.
在这些情况下,促进满足 (EU) 2016/679 法规第 6 条的要求可能符合用户的利益。

As this Regulation should not adversely affect the data protection rights of data subjects, the data holder can comply with requests in those cases, inter alia, by anonymising personal data or, where the readily available data contains personal data of several data subjects, transmitting only personal data relating to the user.
由于本条例不应对数据主体的数据保护权利产生不利影响,因此数据持有者可以在这些情况下满足请求,除其他外,通过匿名化个人数据,或者在现成数据包含多个数据主体的个人数据的情况下,仅传输与用户相关的个人数据。

(8)

The principles of data minimisation and data protection by design and by default are essential when processing involves significant risks to the fundamental rights of individuals.
当处理涉及对个人基本权利的重大风险时,数据最小化和数据设计和默认保护的原则至关重要。

Taking into account the state of the art, all parties to data sharing, including data sharing falling within scope of this Regulation, should implement technical and organisational measures to protect those rights.
考虑到现有技术,数据共享的各方,包括属于本条例范围内的数据共享,应采取技术和组织措施来保护这些权利。

Such measures include not only pseudonymisation and encryption, but also the use of increasingly available technology that permits algorithms to be brought to the data and allow valuable insights to be derived without the transmission between parties or unnecessary copying of the raw or structured data themselves.
这些措施不仅包括假名和加密,还包括使用日益可用的技术,这些技术允许将算法引入数据,并允许在无需各方之间传输或不必要地复制原始或结构化数据本身的情况下得出有价值的见解。

(9)

Unless otherwise provided for in this Regulation, it does not affect national contract law, including rules on the formation, validity or effect of contracts, or the consequences of the termination of a contract.
除本条例另有规定外,不影响国家合同法,包括关于合同的成立、有效性、效力或者合同终止后果的规则。

This Regulation complements and is without prejudice to Union law which aims to promote the interests of consumers and ensure a high level of consumer protection, and to protect their health, safety and economic interests, in particular Council Directive 93/13/EEC (9) and Directives 2005/29/EC (10) and 2011/83/EU (11) of the European Parliament and of the Council.
本法规补充且不损害欧盟法律,旨在促进消费者利益并确保高水平的消费者保护,并保护他们的健康、安全和经济利益,特别是理事会指令 93/13/EEC ( 9 )以及欧洲议会和理事会指令 2005/29/EC ( 10 )和 2011/83/EU ( 11 )

(10)

This Regulation is without prejudice to Union and national legal acts providing for the sharing of, access to and the use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties, or for customs and taxation purposes, irrespective of the legal basis under the Treaty on the Functioning of the European Union (TFEU) on which such Union legal acts were adopted, as well as to international cooperation in that area, in particular on the basis of the Council of Europe Convention on Cybercrime, (ETS No 185), done at Budapest on 23 November 2001.
本条例不妨碍为预防、调查、侦查或起诉刑事犯罪或执行刑事处罚或海关目的而规定共享、访问和使用数据的欧盟和国家法律行为和税收目的,无论通过此类欧盟法律行为所依据的《欧盟运作条约》(TFEU)的法律依据如何,以及该领域的国际合作,特别是在欧盟理事会的基础上《欧洲网络犯罪公约》(ETS No 185),2001 年 11 月 23 日在布达佩斯签署。

Such acts include Regulations (EU) 2021/784 (12), (EU) 2022/2065 (13) and (EU) 2023/1543 (14) of the European Parliament and of the Council and Directive (EU) 2023/1544 of the European Parliament and of the Council (15). This Regulation does not apply to the collection or sharing of, access to or the use of data under Regulation (EU) 2015/847 of the European Parliament and of the Council (16) and Directive (EU) 2015/849 of the European Parliament and of the Council (17).
此类法案包括欧洲议会和理事会的 (EU) 2021/784 ( 12 ) 号条例、(EU) 2022/2065 ( 13 ) 号条例和 (EU) 2023/1543 ( 14 ) 号条例以及欧洲议会和理事会的 (EU) 2023/1544 号指令欧洲议会和理事会15 。本法规不适用于根据欧洲议会和理事会( 16 )法规 (EU) 2015/847 以及欧洲议会指令 (EU) 2015/849 收集或共享、访问或使用数据和理事会17

This Regulation does not apply to areas that fall outside the scope of Union law and in any event does not affect the competences of the Member States concerning public security, defence or national security, customs and tax administration or the health and safety of citizens, regardless of the type of entity entrusted by the Member States to carry out tasks in relation to those competences.
本条例不适用于欧盟法律范围之外的领域,并且在任何情况下都不影响成员国在公共安全、国防或国家安全、海关和税务管理或公民健康和安全方面的权限,无论成员国委托执行与这些权限相关的任务的实体类型。

(11)

Union law establishing physical design and data requirements for products to be placed on the Union market should not be affected unless specifically provided for by this Regulation.
除非本法规特别规定,欧盟法律规定了投放到欧盟市场的产品的物理设计和数据要求,不应受到影响。

(12)

This Regulation complements and is without prejudice to Union law aiming to establish accessibility requirements on certain products and services, in particular Directive (EU) 2019/882 of the European Parliament and of the Council (18).
该法规补充且不影响旨在对某些产品和服务制定无障碍要求的欧盟法律,特别是欧洲议会和理事会的指令 (EU) 2019/882 ( 18 )

(13)

This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directives 2001/29/EC (19), 2004/48/EC (20) and (EU) 2019/790 (21) of the European Parliament and of the Council.
本法规不影响规定保护知识产权的欧盟和国家法律行为,包括欧盟指令 2001/29/EC ( 19 ) 、2004/48/EC ( 20 )和 (EU) 2019/790 ( 21 )欧洲议会和理事会。

(14)

Connected products that obtain, generate or collect, by means of their components or operating systems, data concerning their performance, use or environment and that are able to communicate those data via an electronic communications service, a physical connection, or on-device access, often referred to as the Internet of Things, should fall within the scope of this Regulation, with the exception of prototypes.
通过其组件或操作系统获取、生成或收集有关其性能、使用或环境的数据的联网产品,并且能够通过电子通信服务、物理连接或设备上访问来传达这些数据,通常被称为物联网的设备应属于本法规的范围,但原型除外。

Examples of such electronic communications services include, in particular, land-based telephone networks, television cable networks, satellite-based networks and near-field communication networks.
这种电子通信服务的示例尤其包括陆基电话网络、有线电视网络、基于卫星的网络和近场通信网络。

Connected products are found in all aspects of the economy and society, including in private, civil or commercial infrastructure, vehicles, health and lifestyle equipment, ships, aircraft, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery.
互联产品存在于经济和社会的各个方面,包括私人、民用或商业基础设施、车辆、健康和生活方式设备、船舶、飞机、家用设备和消费品、医疗和健康设备或农业和工业机械。

Manufacturers’ design choices, and, where relevant, Union or national law that addresses sector-specific needs and objectives or relevant decisions of competent authorities, should determine which data a connected product is capable of making available.
制造商的设计选择,以及解决行业特定需求和目标的相关联盟或国家法律或主管当局的相关决定,应确定互联产品能够提供哪些数据。

(15)

The data represent the digitisation of user actions and events and should accordingly be accessible to the user. The rules for access to and the use of data from connected products and related services under this Regulation address both product data and related service data.
这些数据代表用户操作和事件的数字化,因此用户应该可以访问。本条例规定的连接产品和相关服务数据的访问和使用规则涉及产品数据和相关服务数据。

Product data refers to data generated by the use of a connected product that the manufacturer designed to be retrievable from the connected product by a user, data holder or a third party, including, where relevant, the manufacturer.
产品数据是指通过使用制造商设计的连接产品而生成的数据,该数据可由用户、数据持有者或第三方(包括制造商)从连接产品中检索。

Related service data refers to data, which also represent the digitisation of user actions or events related to the connected product which are generated during the provision of a related service by the provider.
相关服务数据是指提供商在提供相关服务期间产生的与连接产品相关的用户动作或事件的数字化数据。

Data generated by the use of a connected product or related service should be understood to cover data recorded intentionally or data which result indirectly from the user’s action, such as data about the connected product’s environment or interactions.
使用互联产品或相关服务生成的数据应理解为涵盖有意记录的数据或由用户行为间接产生的数据,例如有关互联产品的环境或交互的数据。

This should include data on the use of a connected product generated by a user interface or via a related service, and should not be limited to the information that such use took place, but should include all data that the connected product generates as a result of such use, such as data generated automatically by sensors and data recorded by embedded applications, including applications indicating hardware status and malfunctions.
这应包括由用户界面或通过相关服务生成的有关互联产品使用情况的数据,并且不应限于发生此类使用的信息,而应包括互联产品由于以下原因而生成的所有数据:此类使用,例如传感器自动生成的数据和嵌入式应用程序记录的数据,包括指示硬件状态和故障的应用程序。

This should also include data generated by the connected product or related service during times of inaction by the user, such as when the user chooses not to use a connected product for a given period of time and instead to keep it in stand-by mode or even switched off, as the status of a connected product or its components, for example its batteries, can vary when the connected product is in stand-by mode or switched off.
这还应包括在用户不活动期间由连接的产品或相关服务生成的数据,例如当用户选择在给定的时间内不使用连接的产品而是将其保持在待机模式或即使已关闭,因为当所连接的产品处于待机模式或关闭时,所连接的产品或其组件(例如其电池)的状态可能会发生变化。

Data which are not substantially modified, meaning data in raw form, also known as source or primary data which refer to data points that are automatically generated without any further form of processing, as well as data which have been pre-processed for the purpose of making them understandable and useable prior to subsequent processing and analysis fall within the scope of this Regulation.
未经过实质性修改的数据,是指原始形式的数据,也称为源数据或原始数据,是指未经任何进一步形式的处理而自动生成的数据点,以及经过预处理的数据在后续处理和分析之前使它们易于理解和使用属于本法规的范围。

Such data includes data collected from a single sensor or a connected group of sensors for the purpose of making the collected data comprehensible for wider use-cases by determining a physical quantity or quality or the change in a physical quantity, such as temperature, pressure, flow rate, audio, pH value, liquid level, position, acceleration or speed.
此类数据包括从单个传感器或连接的传感器组收集的数据,其目的是通过确定物理量或质量或物理量的变化(例如温度、压力、流量、音频、pH 值、液位、位置、加速度或速度。

The term ‘pre-processed data’ should not be interpreted in such a manner as to impose an obligation on the data holder to make substantial investments in cleaning and transforming the data.
“预处理数据”一词不应被解释为强加给数据持有者在数据清理和转换方面进行大量投资的义务。

The data to be made available should include the relevant metadata, including its basic context and timestamp, to make the data usable, combined with other data, such as data sorted and classified with other data points relating to them, or re-formatted into a commonly used format.
要提供的数据应包括相关元数据,包括其基本上下文和时间戳,以使数据与其他数据结合使用,例如与与其相关的其他数据点进行排序和分类的数据,或重新格式化为常用格式。

Such data are potentially valuable to the user and support innovation and the development of digital and other services to protect the environment, health and the circular economy, including through facilitating the maintenance and repair of the connected products in question.
此类数据对用户具有潜在价值,并支持数字和其他服务的创新和发展,以保护环境、健康和循环经济,包括促进相关连接产品的维护和维修。

By contrast, information inferred or derived from such data, which is the outcome of additional investments into assigning values or insights from the data, in particular by means of proprietary, complex algorithms, including those that are a part of proprietary software, should not be considered to fall within the scope of this Regulation and consequently should not be subject to the obligation of a data holder to make it available to a user or a data recipient, unless otherwise agreed between the user and the data holder.
相比之下,从此类数据推断或派生的信息,是对数据赋值或见解进行额外投资的结果,特别是通过专有的复杂算法,包括属于专有软件一部分的算法,不应该被认为属于本条例的范围,因此不应受到数据持有者向用户或数据接收者提供其可用的义务的约束,除非用户和数据持有者之间另有约定。

Such data could include, in particular, information derived by means of sensor fusion, which infers or derives data from multiple sensors, collected in the connected product, using proprietary, complex algorithms and which could be subject to intellectual property rights.
此类数据尤其可以包括通过传感器融合得出的信息,传感器融合使用专有的复杂算法从多个传感器推断或得出数据,这些数据在连接的产品中收集,并且可能受到知识产权的约束。

(16)

This Regulation enables users of connected products to benefit from aftermarket, ancillary and other services based on data collected by sensors embedded in such products, the collection of those data being of potential value in improving the performance of the connected products.
该法规使互联产品的用户能够从基于此类产品中嵌入的传感器收集的数据的售后、辅助和其他服务中受益,这些数据的收集对于提高互联产品的性能具有潜在价值。

It is important to delineate between, on the one hand, markets for the provision of such sensor-equipped connected products and related services and, on the other, markets for unrelated software and content such as textual, audio or audiovisual content often covered by intellectual property rights.
重要的是要区分一方面是提供此类配备传感器的互联产品和相关服务的市场,另一方面是不相关软件和内容(例如通常由知识分子涵盖的文本、音频或视听内容)的市场。财产权。

As a result, data that such sensor-equipped connected products generate when the user records, transmits, displays or plays content, as well as the content itself, which is often covered by intellectual property rights, inter alia for use by an online service, should not be covered by this Regulation.
因此,此类配备传感器的互联产品在用户记录、传输、显示或播放内容时生成的数据以及内容本身通常受知识产权保护,尤其供在线服务使用,不应属于本条例的范围。

This Regulation should also not cover data which was obtained, generated or accessed from the connected product, or which was transmitted to it, for the purpose of storage or other processing operations on behalf of other parties, who are not the user, such as may be the case with regard to servers or cloud infrastructure operated by their owners entirely on behalf of third parties, inter alia for use by an online service.
本法规也不应涵盖从连接产品获取、生成或访问的数据,或出于存储或代表非用户的其他方(例如可能的其他方)进行其他处理操作的目的而传输给连接产品的数据。其所有者完全代表第三方运营的服务器或云基础设施,尤其是供在线服务使用的服务器或云基础设施就是这种情况。

(17)

It is necessary to lay down rules regarding products that are connected to a related service at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to or adapt the functionality of the connected product.
有必要在购买、出租或租赁时制定有关与相关服务连接的产品的规则,以确保其不存在将阻止连接的产品执行一项或多项功能,或者随后由制造商或第三方连接到产品,以添加或调整所连接产品的功能。

Such related services involve the exchange of data between the connected product and the service provider and should be understood to be explicitly linked to the operation of the connected product’s functions, such as services that, where applicable, transmit commands to the connected product that are able to have an impact on its action or behaviour.
此类相关服务涉及连接产品和服务提供商之间的数据交换,并且应被理解为明确链接到连接产品功能的操作,例如在适用的情况下向连接产品传输命令的服务,这些服务能够对其行动或行为产生影响。

Services which do not have an impact on the operation of the connected product and which do not involve the transmitting of data or commands to the connected product by the service provider should not be considered to be related services.
不影响连接产品的运行且不涉及服务提供商向连接产品传输数据或命令的服务不应被视为相关服务。

Such services could include, for example, auxiliary consulting, analytics or financial services, or regular repair and maintenance. Related services can be offered as part of the purchase, rent or lease contract.
例如,此类服务可能包括辅助咨询、分析或金融服务,或定期维修和维护。相关服务可以作为购买、租赁或租赁合同的一部分提供。

Related services could also be provided for products of the same type and users could reasonably expect them to be provided taking into account the nature of the connected product and any public statement made by or on behalf of the seller, rentor, lessor or other persons in previous links of the chain of transactions, including the manufacturer.
也可以为同类产品提供相关服务,并且考虑到相关产品的性质以及卖方、承租人、出租人或其他人或代表其发表的任何公开声明,用户可以合理预期提供相关服务。交易链的先前环节,包括制造商。

Those related services may themselves generate data of value to the user independently of the data collection capabilities of the connected product with which they are interconnected.
这些相关服务本身可以生成对用户有价值的数据,而与它们互连的连接产品的数据收集能力无关。

This Regulation should also apply to a related service that is not supplied by the seller, rentor or lessor itself, but which is provided by a third party.
本规定也适用于非出卖人、承租人或出租人本身提供而是由第三方提供的相关服务。

In the event of doubt as to whether the service is provided as part of the purchase, rent or lease contract, this Regulation should apply. Neither the power supply, nor the supply of the connectivity are to be interpreted as related services under this Regulation.
如果对服务是否作为购买、租赁或租赁合同的一部分提供有疑问,则应适用本条例。电源或连接的提供均不应被解释为本条例规定的相关服务。

(18)

The user of a connected product should be understood to be a natural or legal person, such as a business, a consumer or a public sector body, that owns a connected product, has received certain temporary rights, for example by means of a rental or lease agreement, to access or use data obtained from the connected product, or receives related services for the connected product.
互联产品的用户应理解为自然人或法人,例如拥有互联产品的企业、消费者或公共部门机构,已获得某些临时权利,例如通过租赁或租赁协议,访问或使用从连接产品获得的数据,或接收连接产品的相关服务。

Those access rights should in no way alter or interfere with the rights of data subjects who may be interacting with a connected product or a related service regarding personal data generated by the connected product or during the provision of the related service.
这些访问权不得以任何方式改变或干扰可能与联网产品或相关服务进行交互的、有关联网产品生成的或在提供相关服务期间的个人数据的数据主体的权利。

The user bears the risks and enjoys the benefits of using the connected product and should also enjoy access to the data it generates. The user should therefore be entitled to derive benefit from data generated by that connected product and any related service.
用户承担风险并享受使用连接产品的好处,并且还应该有权访问其生成的数据。因此,用户应有权从该连接产品和任何相关服务生成的数据中获益。

An owner, renter or lessee should also be considered to be a user, including where several entities can be considered to be users.
所有者、承租人或承租人也应被视为用户,包括多个实体可被视为用户的情况。

In the context of multiple users, each user may contribute in a different manner to the data generation and have an interest in several forms of use, such as fleet management for a leasing enterprise, or mobility solutions for individuals using a car sharing service.
在多个用户的情况下,每个用户可能以不同的方式对数据生成做出贡献,并对多种使用形式感兴趣,例如租赁企业的车队管理,或使用汽车共享服务的个人的移动解决方案。

(19)

Data literacy refers to the skills, knowledge and understanding that allows users, consumers and businesses, in particular SMEs falling within the scope of this Regulation, to gain awareness of the potential value of the data they generate, produce and share and that they are motivated to offer and provide access to in accordance with relevant legal rules.
数据素养是指使用户、消费者和企业,特别是属于本条例范围内的中小企业,能够认识到他们生成、生产和共享的数据的潜在价值并有动力的技能、知识和理解。根据相关法律规则提供和提供访问权限。

Data literacy should go beyond learning about tools and technologies and aim to equip and empower citizens and businesses with the ability to benefit from an inclusive and fair data market.
数据素养不应局限于学习工具和技术,而是旨在让公民和企业具备从包容和公平的数据市场中受益的能力。

The spread of data literacy measures and the introduction of appropriate follow-up actions could contribute to improving working conditions and ultimately sustain the consolidation, and innovation path of, the data economy in the Union.
数据素养措施的推广和采取适当的后续行动可能有助于改善工作条件,并最终维持欧盟数据经济的巩固和创新之路。

Competent authorities should promote tools and adopt measures to advance data literacy among users and entities falling within the scope of this Regulation and an awareness of their rights and obligations thereunder.
主管当局应推广工具并采取措施,提高本条例范围内的用户和实体的数据素养,并提高其权利和义务的认识。

(20)

In practice, not all data generated by connected products or related services are easily accessible to their users and there are often limited possibilities regarding the portability of data generated by products connected to the internet.
在实践中,并非所有由连接产品或相关服务生成的数据都可以被用户轻松访问,并且连接到互联网的产品生成的数据的可移植性通常有限。

Users are unable to obtain the data necessary to make use of providers of repair and other services and businesses are unable to launch innovative, convenient and more efficient services.
用户无法获取使用维修和其他服务提供商所需的数据,企业无法推出创新、便捷和更高效的服务。

In many sectors, manufacturers are able to determine, through their control of the technical design of the connected products or related services, what data are generated and how they can be accessed, despite having no legal right to those data.
在许多领域,制造商能够通过对互联产品或相关服务的技术设计的控制来确定生成哪些数据以及如何访问这些数据,尽管他们对这些数据没有合法权利。

It is therefore necessary to ensure that connected products are designed and manufactured, and related services are designed and provided, in such a manner that product data and related service data, including the relevant metadata necessary to interpret and use those data, including for the purpose of retrieving, using or sharing them, are always easily and securely accessible to a user, free of charge, in a comprehensive, structured, commonly used and machine-readable format.
因此,有必要确保互联产品的设计和制造以及相关服务的设计和提供,确保产品数据和相关服务数据,包括解释和使用这些数据所需的相关元数据,包括用于以下目的:用户始终能够以全面、结构化、常用和机器可读的格式轻松、安全、免费地获取、使用或共享它们。

Product data and related service data that a data holder lawfully obtains or can lawfully obtain from the connected product or related service, such as by means of the connected product design, the data holder’s contract with the user for the provision of related services, and its technical means of data access, without disproportionate effort, are referred to as ‘readily available data’.
数据持有者通过互联产品或相关服务合法获取或可以合法获取的产品数据和相关服务数据,例如通过互联产品设计、数据持有者与用户签订的提供相关服务的合同及其无需付出过多努力即可访问数据的技术手段被称为“随时可用的数据”。

Readily available data does not include data generated by the use of a connected product where the design of the connected product does not provide for such data being stored or transmitted outside the component in which they are generated or the connected product as a whole.
随时可用的数据不包括通过使用连接产品生成的数据,其中连接产品的设计未规定此类数据在生成数据的组件或整个连接产品之外存储或传输。

This Regulation should therefore not be understood to impose an obligation to store data on the central computing unit of a connected product.
因此,本法规不应被理解为强加了在互联产品的中央计算单元上存储数据的义务。

The absence of such an obligation should not prevent the manufacturer or data holder from voluntarily agreeing with the user on the making of such adaptations.
缺乏此类义务不应妨碍制造商或数据持有者自愿同意用户进行此类调整。

The design obligations in this Regulation are also without prejudice to the data minimisation principle laid down in Article 5(1), point (c), of Regulation (EU) 2016/679 and should not be understood as imposing an obligation to design connected products and related services in such a way that they store or otherwise process any personal data other than the personal data necessary in relation to the purposes for which they are processed.
本法规中的设计义务也不妨碍法规 (EU) 2016/679 第 5(1) 条 (c) 点规定的数据最小化原则,并且不应被理解为强加设计互联产品的义务和相关服务,以这样的方式存储或以其他方式处理任何个人数据,但与处理目的相关的必要个人数据除外。

Union or national law could be introduced to outline further specificities, such as the product data that should be accessible from connected products or related services, given that such data may be essential for the efficient operation, repair or maintenance of those connected products or related services.
可以引入联盟或国家法律来概述进一步的细节,例如应从连接的产品或相关服务访问的产品数据,因为此类数据可能对于这些连接的产品或相关服务的有效操作、维修或维护至关重要。

Where subsequent updates or alterations to a connected product or a related service, by the manufacturer or another party, lead to additional accessible data or a restriction of initially accessible data, such changes should be communicated to the user in the context of the update or alteration.
如果制造商或另一方对连接的产品或相关服务进行后续更新或更改,导致额外的可访问数据或最初可访问的数据受到限制,则应在更新或更改的情况下将此类更改传达给用户。

(21)

Where several persons or entities are considered to be users, for example in the case of co-ownership or where an owner, renter or lessee shares rights of data access or use, the design of the connected product or related service, or the relevant interface, should enable each user to have access to the data they generate.
如果多个人或实体被视为用户,例如在共同所有权或所有者、承租人或承租人共享数据访问或使用权的情况下,连接产品或相关服务的设计或相关接口,应该使每个用户都能够访问他们生成的数据。

Use of connected products that generate data typically requires a user account to be set up. Such an account allows the user to be identified by the data holder, which may be the manufacturer.
使用生成数据的连接产品通常需要设置用户帐户。这样的帐户允许数据持有者(可以是制造商)识别用户。

It can also be used as a means of communication and to submit and process data access requests.
它还可以用作通信手段以及提交和处理数据访问请求。

Where several manufacturers or related services providers have sold, rented or leased connected products or provided related services, integrated together, to the same user, the user should turn to each of the parties with which it has a contract.
如果多个制造商或相关服务提供商向同一用户销售、出租或出租连接产品或提供集成的相关服务,则该用户应向与其签订合同的各方求助。

Manufacturers or designers of a connected product that is typically used by several persons should put in place the necessary mechanisms to allow separate user accounts for individual persons, where relevant, or for the possibility of several persons using the same user account.
通常由多人使用的互联产品的制造商或设计者应建立必要的机制,以允许个人(如果相关)使用单独的用户帐户,或者允许多个人使用同一用户帐户的可能性。

Account solutions should allow users to delete their accounts and erase the data related to them and could allow users to terminate data access, use or sharing, or submit requests to terminate, in particular taking into account situations in which the ownership or usage of the connected product changes.
帐户解决方案应允许用户删除其帐户并删除与其相关的数据,并允许用户终止数据访问、使用或共享,或提交终止请求,特别是考虑到所连接的帐户的所有权或使用情况产品变更。

Access should be granted to the user on the basis of simple request mechanism granting automatic execution and not requiring examination or clearance by the manufacturer or data holder. This means that the data should be made available only when the user actually wants access.
应基于授予自动执行的简单请求机制来授予用户访问权限,而不需要制造商或数据持有者进行检查或许可。这意味着只有当用户真正需要访问时才应提供数据。

Where automated execution of the data access request is not possible, for example via a user account or accompanying mobile application provided with the connected product or related service, the manufacturer should inform the user as to how the data may be accessed.
如果无法自动执行数据访问请求,例如通过连接产品或相关服务提供的用户帐户或随附的移动应用程序,制造商应告知用户如何访问数据。

(22)

Connected products may be designed to make certain data directly accessible from on-device data storage or from a remote server to which the data are communicated.
互联产品可被设计为使得某些数据可以从设备上的数据存储或从数据所传送到的远程服务器直接访问。

Access to on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or mobile network.
可以通过连接到公共可用的电子通信服务或移动网络的基于电缆或无线的局域网来实现对设备上数据存储的访问。

The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider. Processors as defined in Article 4, point (8), of Regulation (EU) 2016/679 are not considered to act as data holders.
服务器可以是制造商自己的本地服务器容量,也可以是第三方或云服务提供商的服务器容量。 (EU) 2016/679 法规第 4 条第 (8) 点定义的处理者不被视为数据持有者。

However, they can be specifically tasked with making data available by the controller as defined in Article 4, point (7), of Regulation (EU) 2016/679.
然而,他们可以专门负责向控制者提供数据,如法规 (EU) 2016/679 第 4 条第 (7) 点所定义。

Connected products may be designed to permit the user or a third party to process the data on the connected product, on a computing instance of the manufacturer or within an information and communications technology (ICT) environment chosen by the user or the third party.
连接产品可被设计为允许用户或第三方处理连接产品上、制造商的计算实例上或用户或第三方选择的信息和通信技术(ICT)环境内的数据。

(23)

Virtual assistants play an increasing role in digitising consumer and professional environments and serve as an easy-to-use interface to play content, obtain information, or activate products connected to the internet.
虚拟助手在数字化消费者和专业环境中发挥着越来越重要的作用,并作为一个易于使用的界面来播放内容、获取信息或激活连接到互联网的产品。

Virtual assistants can act as a single gateway in, for example, a smart home environment and record significant amounts of relevant data on how users interact with products connected to the internet, including those manufactured by other parties, and can replace the use of manufacturer-provided interfaces such as touch screens or smartphone apps.
例如,虚拟助理可以充当智能家居环境中的单一网关,并记录有关用户如何与连接到互联网的产品(包括其他方制造的产品)交互的大量相关数据,并且可以取代制造商的使用提供触摸屏或智能手机应用程序等界面。

The user may wish to make available such data to third party manufacturers and enable novel smart services. Virtual assistants should be covered by the data access rights provided for in this Regulation.
用户可能希望向第三方制造商提供此类数据并启用新颖的智能服务。虚拟助理应受到本条例规定的数据访问权限的保护。

Data generated when a user interacts with a connected product via a virtual assistant provided by an entity other than the manufacturer of the connected product should also be covered by the data access rights provided for in this Regulation.
用户通过互联产品制造商以外的实体提供的虚拟助手与互联产品交互时生成的数据也应受到本条例规定的数据访问权的保护。

However, only the data arising from the interaction between the user and a connected product or related service through the virtual assistant should be covered by this Regulation.
然而,只有用户通过虚拟助手与连接的产品或相关服务之间的交互产生的数据才应受到本条例的管辖。

Data produced by the virtual assistant which are unrelated to the use of a connected product or related service are not covered by this Regulation.
虚拟助手产生的与连接产品或相关服务的使用无关的数据不属于本法规的范围。

(24)

Before concluding a contract for the purchase, rent, or lease of a connected product, the seller, rentor or lessor, which may be the manufacturer, should provide to the user information regarding the product data which the connected product is capable of generating, including the type, format and the estimated volume of such data, in a clear and comprehensible manner.
在签订购买、租赁或租用互联产品的合同之前,卖方、承租人或出租人(可能是制造商)应向用户提供有关互联产品能够生成的产品数据的信息,包括以清晰易懂的方式说明此类数据的类型、格式和估计数量。

This could include information on data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, as well as clear and sufficient information relevant for the exercise of the user’s rights on how the data may be stored, retrieved or accessed, including the terms of use and quality of service of application programming interfaces or, where applicable, the provision of software development kits.
这可能包括有关数据结构、数据格式、词汇、分类方案、分类法和代码列表(如果有)的信息,以及与用户行使如何存储、检索或访问数据的权利相关的清晰且充分的信息,包括应用程序编程接口的使用条款和服务质量,或在适用的情况下提供软件开发工具包。

That obligation provides transparency over the product data generated and enhances easy access for the user.
该义务提供了生成的产品数据的透明度,并增强了用户的访问便利性。

The information obligation could be fulfilled, for example by maintaining a stable uniform resource locator (URL) on the web, which can be distributed as a web link or QR code, pointing to the relevant information, which could be provided by the seller, rentor or lessor, which may be the manufacturer, to the user before concluding the contract for the purchase, rent or lease of a connected product.
信息义务可以通过在网络上维护一个稳定的统一资源定位器(URL)来履行,该定位器可以作为网络链接或二维码分发,指向相关信息,这些信息可以由卖方、出租人提供或出租人(可能是制造商)在签订连接产品的购买、租赁或租赁合同之前向用户提供的信息。

It is, in any case, necessary that the user is able to store the information in a way that is accessible for future reference and that allows the unchanged reproduction of the information stored.
在任何情况下,用户必须能够以可访问的方式存储信息以供将来参考并且允许不加改变地再现所存储的信息。

The data holder cannot be expected to store the data indefinitely in view of the needs of the user of the connected product, but should implement a reasonable data retention policy, where applicable, in line with storage limitation principle pursuant Article 5(1), point (e), of Regulation (EU) 2016/679, that allows for the effective application of the data access rights provided for in this Regulation.
鉴于连接产品用户的需求,数据持有者不能期望无限期地存储数据,但应根据第 5 条第 (1) 点的存储限制原则,在适用的情况下实施合理的数据保留政策(EU) 2016/679 法规 (e),允许有效应用本法规中规定的数据访问权。

The obligation to provide information does not affect the obligation of the controller to provide information to the data subject pursuant to Articles 12, 13 and 14 of Regulation (EU) 2016/679.
提供信息的义务不影响控制者根据法规 (EU) 2016/679 第 12、13 和 14 条向数据主体提供信息的义务。

The obligation to provide information before concluding a contract for the provision of a related service should lie with the prospective data holder, independently of whether the data holder concludes a contract for the purchase, rent or lease of a connected product.
在签订提供相关服务的合同之前提供信息的义务应由潜在数据持有者承担,无论数据持有者是否签订购买、租赁或租赁关联产品的合同。

Where information changes during the lifetime of the connected product or the contract period for the related service, including where the purpose for which those data are to be used changes from the originally specified purpose, it should also be provided to the user.
如果信息在连接产品的生命周期或相关服务的合同期内发生变化,包括这些数据的使用目的从最初指定的目的发生变化,也应向用户提供。

(25)

This Regulation should not be understood to confer any new right on data holders to use product data or related service data.
本条例不应被理解为授予数据持有者使用产品数据或相关服务数据的任何新权利。

Where the manufacturer of a connected product is a data holder, the basis for the manufacturer to use non-personal data should be a contract between the manufacturer and the user.
如果互联产品的制造商是数据持有者,则制造商使用非个人数据的基础应该是制造商与用户之间的合同。

Such a contract could be part of an agreement for the provision of the related service, which could be concluded together with the purchase, rent or lease agreement relating to the connected product.
此类合同可以是提供相关服务的协议的一部分,该协议可以与关联产品相关的购买、租赁或租赁协议一起签订。

Any contractual term stipulating that the data holder may use product data or related service data should be transparent to the user, including regarding the purposes for which the data holder intends to use the data.
规定数据持有者可以使用产品数据或相关服务数据的任何合同条款应对用户透明,包括关于数据持有者打算使用数据的目的。

Such purposes could include improving the functioning of the connected product or related services, developing new products or services, or aggregating data with the aim of making available the resulting derived data to third parties, provided that such derived data do not allow the identification of specific data transmitted to the data holder from the connected product, or allow a third party to derive those data from the dataset.
此类目的可能包括改进连接产品或相关服务的功能,开发新产品或服务,或聚合数据以向第三方提供所得的派生数据,前提是此类派生数据不允许识别特定的信息。从连接的产品传输到数据持有者的数据,或允许第三方从数据集中导出这些数据。

Any change of the contract should depend on the informed agreement of the user.
合同的任何变更均应征得用户的知情同意。

This Regulation does not prevent parties from agreeing on contractual terms the effect of which is to exclude or limit the use of non-personal data, or certain categories of non-personal data, by a data holder.
本条例并不阻止各方就合同条款达成一致,其效果是排除或限制数据持有者对非个人数据或某些类别的非个人数据的使用。

Neither does it prevent parties from agreeing to make product data or related service data available to third parties, directly or indirectly, including, where applicable, via another data holder.
它也不妨碍各方同意直接或间接(包括在适用的情况下通过其他数据持有者)向第三方提供产品数据或相关服务数据。

Moreover, this Regulation does not prevent sector-specific regulatory requirements under Union law, or national law compatible with Union law, which would exclude or limit the use of certain such data by the data holder on well-defined public policy grounds.
此外,本条例并不妨碍欧盟法律或与欧盟法律兼容的国家法律规定的特定部门监管要求,这些要求将排除或限制数据持有者基于明确的公共政策理由使用某些此类数据。

This Regulation does not prevent users, in the case of business-to-business relations, from making data available to third parties or data holders under any lawful contractual term, including by agreeing to limit or restrict further sharing of such data, or from being compensated proportionately, for example in exchange for waiving their right to use or share such data.
在企业对企业关系的情况下,本条例并不阻止用户根据任何合法合同条款向第三方或数据持有者提供数据,包括同意限制或约束此类数据的进一步共享,或者阻止用户将数据提供给第三方或数据持有者。按比例给予补偿,例如以放弃使用或共享此类数据的权利作为交换。

While the notion of ‘data holder’ generally does not include public sector bodies, it may include public undertakings.
虽然“数据持有者”的概念通常不包括公共部门机构,但它可能包括公共事业。

(26)

To foster the emergence of liquid, fair and efficient markets for non-personal data, users of connected products should be able to share data with others, including for commercial purposes, with minimal legal and technical effort.
为了促进流动、公平和高效的非个人数据市场的出现,互联产品的用户应该能够以最少的法律和技术努力与他人共享数据,包括出于商业目的。

It is currently often difficult for businesses to justify the personnel or computing costs that are necessary for preparing non-personal datasets or data products and to offer them to potential counterparties via data intermediation services, including data marketplaces.
目前,企业通常很难证明准备非个人数据集或数据产品所需的人员或计算成本的合理性,并通过数据中介服务(包括数据市场)将其提供给潜在的交易对手。

A substantial hurdle to the sharing of non-personal data by businesses therefore results from the lack of predictability of economic returns from investing in the curation and making available of datasets or data products.
因此,企业共享非个人数据的一个重大障碍是由于投资于数据集或数据产品的管理和提供而产生的经济回报缺乏可预测性。

In order to allow for the emergence of liquid, fair and efficient markets for non-personal data in the Union, the party that has the right to offer such data on a market must be clarified.
为了在欧盟内出现流动、公平和高效的非个人数据市场,必须明确有权在市场上提供此类数据的一方。

Users should therefore have the right to share non-personal data with data recipients for commercial and non-commercial purposes. Such data sharing could be performed directly by the user, upon the request of the user via a data holder, or through data intermediation services.
因此,用户应有权出于商业和非商业目的与数据接收者共享非个人数据。这种数据共享可以由用户直接执行,也可以根据用户的请求通过数据持有者执行,或者通过数据中介服务执行。

Data intermediation services, as regulated by Regulation (EU) 2022/868 of the European Parliament and of the Council (22) could facilitate a data economy by establishing commercial relationships between users, data recipients and third parties and may support users in exercising their right to use data, such as ensuring the anonymisation of personal data or aggregation of access to data from multiple individual users.
根据欧洲议会和理事会第 (EU) 2022/868 号法规( 22 )的规定,数据中介服务可以通过在用户、数据接收者和第三方之间建立商业关系来促进数据经济,并可以支持用户行使其权利使用数据,例如确保个人数据的匿名化或聚合多个个人用户的数据访问权限。

Where data are excluded from a data holder’s obligation to make them available to users or third parties, the scope of such data could be specified in the contract between the user and the data holder for the provision of a related service so that users can easily determine which data are available to them for sharing with data recipients or third parties.
如果数据持有者不承担向用户或第三方提供数据的义务,则可以在用户与数据持有者之间提供相关服务的合同中明确此类数据的范围,以便用户能够轻松确定他们可以使用哪些数据与数据接收者或第三方共享。

Data holders should not make available non-personal product data to third parties for commercial or non-commercial purposes other than the fulfilment of their contract with the user, without prejudice to legal requirements pursuant to Union or national law for a data holder to make data available.
数据持有者不得出于商业或非商业目的向第三方提供非个人产品数据,除了履行与用户的合同之外,在不影响欧盟或国家法律对数据持有者制作数据的法律要求的情况下可用的。

Where relevant, data holders should contractually bind third parties not to further share data received from them.
在相关情况下,数据持有者应通过合同约束第三方不得进一步共享从他们那里收到的数据。

(27)

In sectors characterised by the concentration of a small number of manufacturers supplying connected products to end users, there may only be limited options available to users for the access to and the use and sharing of data.
在向最终用户提供互联产品的少数制造商集中的行业中,用户访问、使用和共享数据的选择可能有限。

In such circumstances, contracts may be insufficient to achieve the objective of user empowerment, making it difficult for users to obtain value from the data generated by the connected product they purchase, rent or lease.
在这种情况下,合同可能不足以实现用户赋权的目标,导致用户难以从他们购买、租用或租赁的联网产品产生的数据中获取价值。

Consequently, there is limited potential for innovative smaller businesses to offer data-based solutions in a competitive manner and for a diverse data economy in the Union.
因此,创新型小型企业以竞争性方式提供基于数据的解决方案以及欧盟多元化数据经济的潜力有限。

This Regulation should therefore build on recent developments in specific sectors, such as the Code of Conduct on agricultural data sharing by contract. Union or national law may be adopted to address sector-specific needs and objectives.
因此,该法规应以特定部门的最新发展为基础,例如《农业数据合同共享行为准则》。可以采用联盟或国家法律来解决特定部门的需求和目标。

Furthermore, data holders should not use any readily available data that is non-personal data in order to derive insights about the economic situation of the user or its assets or production methods or about such use by the user in any other manner that could undermine the commercial position of that user on the markets in which it is active.
此外,数据持有者不应使用任何现成的非个人数据来了解用户的经济状况或其资产或生产方法,或用户以任何其他可能损害数据的方式使用此类数据。该用户在其活跃市场上的商业地位。

This could include using knowledge about the overall performance of a business or a farm in contractual negotiations with the user on the potential acquisition of the user’s products or agricultural produce to the user’s detriment, or using such information to feed into larger databases on certain markets in the aggregate, for example databases on crop yields for the upcoming harvesting season, as such use could affect the user negatively in an indirect manner.
这可能包括在与用户就可能购买用户产品或农产品而对用户造成损害的合同谈判中使用有关企业或农场整体绩效的知识,或者使用此类信息将其输入到某些市场的更大数据库中。汇总,例如关于即将到来的收获季节的农作物产量的数据库,因为这种使用可能会以间接的方式对用户产生负面影响。

The user should be given the necessary technical interface to manage permissions, preferably with granular permission options such as ‘allow once’ or ‘allow while using this app or service’, including the option to withdraw such permissions.
应为用户提供必要的技术界面来管理权限,最好具有精细的权限选项,例如“允许一次”或“使用此应用程序或服务时允许”,包括撤回此类权限的选项。

(28)

In contracts between a data holder and a consumer as user of a connected product or related service generating data, Union consumer law, in particular Directives 93/13/EEC and 2005/29/EC, applies to ensure that a consumer is not subject to unfair contractual terms. For the purposes of this Regulation, unfair contractual terms unilaterally imposed on an enterprise should not be binding on that enterprise.
在数据持有者与作为生成数据的互联产品或相关服务的用户的消费者之间的合同中,适用欧盟消费者法,特别是指令 93/13/EEC 和 2005/29/EC,以确保消费者不受不公平的合同条款。本条例所称企业单方面施加的不公平合同条款对该企业不具有约束力。

(29)

Data holders may require appropriate user identification to verify a user’s entitlement to access the data.
数据持有者可能需要适当的用户身份来验证用户访问数据的权利。

In the case of personal data processed by a processor on behalf of the controller, data holders should ensure that the access request is received and handled by the processor.
如果处理者代表控制者处理个人数据,数据持有者应确保处理者接收并处理访问请求。

(30)

The user should be free to use the data for any lawful purpose.
用户应可以自由地将数据用于任何合法目的。

This includes providing the data the user has received while exercising its rights under this Regulation to a third party offering an aftermarket service that may be in competition with a service provided by a data holder, or to instruct the data holder to do so.
这包括向提供可能与数据持有者提供的服务竞争的售后服务的第三方提供用户在行使其本条例规定的权利时收到的数据,或指示数据持有者这样做。

The request should be submitted by the user or by an authorised third party acting on a user’s behalf, including a provider of a data intermediation service.
该请求应由用户或代表用户行事的授权第三方(包括数据中介服务提供商)提交。

Data holders should ensure that the data made available to the third party is as accurate, complete, reliable, relevant and up-to-date as the data the data holder itself may be able or entitled to access from the use of the connected product or related service.
数据持有者应确保向第三方提供的数据与数据持有者本身能够或有权通过使用连接产品或访问的数据一样准确、完整、可靠、相关和最新。相关服务。

Any intellectual property rights should be respected in the handling of the data. It is important to preserve incentives to invest in products with functionalities based on the use of data from sensors built into those products.
处理数据时应尊重任何知识产权。重要的是要保持对产品的投资动机,这些产品的功能基于这些产品内置传感器的数据的使用。

(31)

Directive (EU) 2016/943 of the European Parliament and of the Council (23) provides that the acquisition, use or disclosure of a trade secret shall be considered to be lawful, inter alia, where such acquisition, use or disclosure is required or allowed by Union or national law.
欧洲议会和理事会指令 (EU) 2016/943 ( 23 )规定,商业秘密的获取、使用或披露应被视为合法,尤其是在需要获取、使用或披露的情况下,或联盟或国家法律允许。

While this Regulation requires data holders to disclose certain data to users, or third parties of a user’s choice, even when such data qualify for protection as trade secrets, it should be interpreted in such a manner as to preserve the protection afforded to trade secrets under Directive (EU) 2016/943.
虽然本条例要求数据持有者向用户或用户选择的第三方披露某些数据,但即使这些数据符合商业秘密的保护条件,也应以保留对商业秘密提供的保护的方式进行解释。指令(欧盟)2016/943。

In this context, data holders should be able to require users, or third parties of a user’s choice, to preserve the confidentiality of data considered to be trade secrets.
在这种情况下,数据持有者应该能够要求用户或用户选择的第三方保护被视为商业秘密的数据的机密性。

To that end, data holders should identify trade secrets prior to the disclosure, and should have the possibility to agree with users, or third parties of a user’s choice, on necessary measures to preserve their confidentiality, including by the use of model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
为此,数据持有者应在披露之前识别商业秘密,并应有可能与用户或用户选择的第三方就保护其机密性的必要措施达成一致,包括使用示范合同条款,保密协议、严格的访问协议、技术标准和行为准则的应用。

In addition to the use of model contractual terms to be developed and recommended by the Commission, the establishment of codes of conduct and technical standards related to the protection of trade secrets in handling the data could help achieve the aim of this Regulation and should be encouraged.
除了使用委员会制定和推荐的示范合同条款外,建立与处理数据时保护商业秘密相关的行为准则和技术标准也有助于实现本条例的目标,应予以鼓励。

Where there is no agreement on the necessary measures or where a user, or third parties of the user’s choice, fail to implement agreed measures or undermine the confidentiality of the trade secrets, the data holder should be able to withhold or suspend the sharing of data identified as trade secrets.
如果没有就必要措施达成一致,或者用户或用户选择的第三方未能执行商定的措施或破坏商业秘密的机密性,数据持有者应能够扣留或暂停数据共享被认定为商业秘密。

In such cases, the data holder should provide the decision in writing to the user or to the third party without undue delay and notify the competent authority of the Member State in which the data holder is established that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应立即向用户或第三方提供书面决定,并通知数据持有者所在成员国的主管当局其已扣留或暂停数据共享并识别哪些措施尚未商定或实施,以及哪些商业秘密的机密性已受到损害(如果相关)。

Data holders cannot, in principle, refuse a data access request under this Regulation solely on the basis that certain data is considered to be a trade secret, as this would subvert the intended effects of this Regulation.
原则上,数据持有者不能仅仅因为某些数据被视为商业秘密而拒绝本条例规定的数据访问请求,因为这会破坏本条例的预期效果。

However, in exceptional circumstances, a data holder who is a trade secret holder should be able, on a case-by-case basis, to refuse a request for the specific data in question if it is able to demonstrate to the user or to the third party that, despite the technical and organisational measures taken by the user or by the third party, serious economic damage is highly likely to result from the disclosure of that trade secret.
然而,在特殊情况下,作为商业秘密持有者的数据持有者应该能够根据具体情况拒绝对相关特定数据的请求,如果它能够向用户或向其证明第三方认为,尽管用户或第三方采取了技术和组织措施,但该商业秘密的泄露很可能导致严重的经济损失。

Serious economic damage implies serious and irreparable economic loss. The data holder should duly substantiate its refusal in writing without undue delay to the user or to the third party and notify the competent authority.
严重经济损失意味着严重且无法挽回的经济损失。数据持有者应立即以书面形式向用户或第三方充分证实其拒绝,并通知主管当局。

Such a substantiation should be based on objective elements, demonstrating the concrete risk of serious economic damage expected to result from a specific data disclosure and the reasons why the measures taken to safeguard the requested data are not considered to be sufficient.
这种证实应基于客观要素,证明特定数据披露预计会造成严重经济损失的具体风险,以及为保护所请求数据而采取的措施被认为不充分的原因。

A possible negative impact on cybersecurity can be taken into account in that context.
在这种情况下可以考虑对网络安全可能产生的负面影响。

Without prejudice to the right to seek redress before a court or tribunal of a Member State, where the user or a third party wishes to challenge the data holder’s decision to refuse or to withhold or suspend data sharing, the user or the third party can lodge a complaint with the competent authority, which should, without undue delay, decide whether and under which conditions data sharing should start or resume, or can agree with the data holder to refer the matter to a dispute settlement body.
在不损害向成员国法院或法庭寻求补救的权利的情况下,如果用户或第三方希望对数据持有者拒绝、扣留或暂停数据共享的决定提出质疑,则用户或第三方可以提出申诉向主管当局提出投诉,主管当局应立即决定是否以及在什么条件下开始或恢复数据共享,或者可以与数据持有者商定将此事提交给争端解决机构。

The exceptions to data access rights in this Regulation should not in any case limit the right of access and right to data portability of data subjects under Regulation (EU) 2016/679.
本法规中数据访问权的例外情况在任何情况下都不应限制法规 (EU) 2016/679 规定的数据主体的访问权和数据可移植性。

(32)

The aim of this Regulation is not only to foster the development of new, innovative connected products or related services, stimulate innovation on aftermarkets, but also to stimulate the development of entirely novel services making use of the data concerned, including based on data from a variety of connected products or related services.
该法规的目的不仅是促进新的创新互联产品或相关服务的开发,刺激售后市场的创新,而且是利用相关数据(包括基于来自第三方的数据)刺激全新服务的开发。各种连接产品或相关服务。

At the same time, this Regulations aims to avoid undermining the investment incentives for the type of connected product from which the data are obtained, for instance, by the use of data to develop a competing connected product which is considered to be interchangeable or substitutable by users, in particular on the basis of the connected product’s characteristics, its price and intended use.
同时,该规定旨在避免损害对获取数据的联网产品类型的投资激励,例如利用数据开发被认为可以互换或替代的竞争性联网产品。用户,特别是基于连接产品的特性、价格和预期用途。

This Regulation provides for no prohibition on the development of a related service using data obtained under this Regulation as this would have an undesirable discouraging effect on innovation.
本法规并未禁止使用根据本法规获得的数据开发相关服务,因为这会对创新产生不良的阻碍作用。

Prohibiting the use of data accessed under this Regulation for developing a competing connected product protects data holders’ innovation efforts.
禁止使用根据本法规访问的数据来开发竞争性互联产品,可以保护数据持有者的创新努力。

Whether a connected product competes with the connected product from which the data originates depends on whether the two connected products are in competition on the same product market.
互联产品是否与数据来源的互联产品竞争取决于这两个互联产品是否在同一产品市场上竞争。

This is to be determined on the basis of the established principles of Union competition law for defining the relevant product market.
这将根据欧盟竞争法界定相关产品市场的既定原则来确定。

However, lawful purposes for the use of the data could include reverse engineering, provided that it complies with the requirements laid down in this Regulation and in Union or national law.
然而,使用数据的合法目的可以包括逆向工程,前提是它符合本法规以及联盟或国家法律规定的要求。

This may be the case for the purposes of repairing or prolonging the lifetime of a connected product or for the provision of aftermarket services to connected products.
这可能是为了维修或延长互联产品的使用寿命或为互联产品提供售后服务。

(33)

A third party to whom data is made available may be a natural or legal person, such as a consumer, an enterprise, a research organisation, a not-for-profit organisation or an entity acting in a professional capacity.
提供数据的第三方可以是自然人或法人,例如消费者、企业、研究组织、非营利组织或以专业身份行事的实体。

In making the data available to the third party, a data holder should not abuse its position to seek a competitive advantage in markets where the data holder and the third party may be in direct competition.
在向第三方提供数据时,数据持有者不应滥用其地位,在数据持有者与第三方可能存在直接竞争的市场中寻求竞争优势。

The data holder should not therefore use any readily available data in order to derive insights about the economic situation, assets or production methods of, or the use by, the third party in any other manner that could undermine the commercial position of the third party on the markets in which the third party is active.
因此,数据持有者不应使用任何现成的数据来了解第三方的经济状况、资产或生产方法,或以任何其他可能损害第三方商业地位的方式使用第三方。第三方活跃的市场。

The user should be able to share non-personal data with third parties for commercial purposes.
用户应该能够出于商业目的与第三方共享非个人数据。

Upon the agreement with the user, and subject to the provisions of this Regulation, third parties should be able to transfer the data access rights granted by the user to other third parties, including in exchange for compensation.
经与用户同意,并在符合本条例规定的情况下,第三方应能够将用户授予的数据访问权转让给其他第三方,包括有偿转让。

Business-to-business data intermediaries and personal information management systems (PIMS), referred to as data intermediation services in Regulation (EU) 2022/868, may support users or third parties in establishing commercial relations with an undetermined number of potential counterparties for any lawful purpose falling within the scope of this Regulation.
企业对企业数据中介和个人信息管理系统 (PIMS),在法规 (EU) 2022/868 中被称为数据中介服务,可以支持用户或第三方与不确定数量的潜在交易对手建立商业关系,以实现任何目的。属于本条例范围的合法目的。

They could play an instrumental role in aggregating access to data so that big data analyses or machine learning can be facilitated, provided that users remain in full control of whether to provide their data to such aggregation and the commercial terms under which their data are to be used.
它们可以在聚合数据访问方面发挥重要作用,从而促进大数据分析或机器学习,前提是用户完全控制是否向此类聚合提供数据以及数据的商业条款。用过的。

(34)

The use of a connected product or related service may, in particular when the user is a natural person, generate data that relates to the data subject.
使用互联产品或相关服务可能会生成与数据主体相关的数据,特别是当用户是自然人时。

Processing of such data is subject to the rules established under Regulation (EU) 2016/679, including where personal and non-personal data in a dataset are inextricably linked. The data subject may be the user or another natural person.
此类数据的处理须遵守 (EU) 2016/679 号法规制定的规则,包括数据集中的个人数据和非个人数据之间存在密不可分的联系。数据主体可以是用户或其他自然人。

Personal data may only be requested by a controller or a data subject. A user who is the data subject is, under certain circumstances, entitled under Regulation (EU) 2016/679 to access personal data concerning that user and such rights are unaffected by this Regulation.
个人数据只能由控制者或数据主体请求。在某些情况下,作为数据主体的用户有权根据法规 (EU) 2016/679 访问有关该用户的个人数据,并且此类权利不受本法规的影响。

Under this Regulation, the user who is a natural person is further entitled to access all data generated by the use of a connected product, whether personal or non-personal.
根据本条例,自然人用户还有权访问使用互联产品生成的所有数据,无论是个人数据还是非个人数据。

Where the user is not the data subject but an enterprise, including a sole trader, and not in cases of shared household use of the connected product, the user is considered to be a controller.
如果用户不是数据主体,而是企业(包括个体经营者),并且不在家庭共享连接产品的情况下,则该用户被视为控制者。

Accordingly, such a user who as controller intends to request personal data generated by the use of a connected product or related service is required to have a legal basis for processing the data as required by Article 6(1) of Regulation (EU) 2016/679, such as the consent of the data subject or the performance of a contract to which the data subject is a party.
因此,作为控制者想要请求通过使用连接产品或相关服务生成的个人数据的用户必须具备根据《2016 年欧盟法规》第 6(1) 条的要求处理数据的法律依据/ 679,例如数据主体的同意或数据主体作为一方的合同的履行。

Such user should ensure that the data subject is appropriately informed of the specified, explicit and legitimate purposes for processing those data, and of how the data subject may exercise their rights effectively.
此类用户应确保数据主体适当地了解处理这些数据的指定、明确和合法的目的,以及数据主体如何有效行使其权利。

Where the data holder and the user are joint controllers within the meaning of Article 26 of Regulation (EU) 2016/679, they are required to determine, in a transparent manner by means of an arrangement between them, their respective responsibilities for compliance with that Regulation.
如果数据持有者和用户是法规 (EU) 2016/679 第 26 条含义内的联合控制者,则他们需要通过他们之间的安排以透明的方式确定各自的遵守该规定的责任规定。

It should be understood that such a user, once data has been made available, may in turn become a data holder if that user meets the criteria under this Regulation and thus becomes subject to the obligations to make data available under this Regulation.
应该理解的是,一旦数据可用,如果该用户符合本条例规定的标准,则该用户可能会成为数据持有者,并因此承担本条例规定的提供数据的义务。

(35)

Product data or related service data should only be made available to a third party at the request of the user.
产品数据或相关服务数据仅应用户的请求提供给第三方。

This Regulation complements accordingly the right, provided for in Article 20 of Regulation (EU) 2016/679, of data subjects to receive personal data concerning them in a structured, commonly used and machine-readable format, as well as to port those data to another controller, where those data are processed by automated means on the basis of Article 6(1), point (a), or Article 9(2), point (a), or of a contract pursuant to Article 6(1), point (b) of that Regulation.
该法规相应地补充了法规 (EU) 2016/679 第 20 条规定的数据主体以结构化、常用和机器可读格式接收与其相关的个人数据的权利,以及将这些数据移植到另一个控制者,其中这些数据是根据第 6(1) 条 (a) 点或第 9(2) 条 (a) 点或根据第 6(1) 条签订的合同通过自动方式处理的,该条例的(b)点。

Data subjects also have the right to have the personal data transmitted directly from one controller to another, but only where that is technically feasible.
数据主体还有权将个人数据直接从一个控制者传输到另一个控制者,但前提是技术上可行。

Article 20 of Regulation (EU) 2016/679 specifies that it pertains to data provided by the data subject but does not specify whether this necessitates active behaviour on the side of the data subject or whether it also applies to situations where a connected product or related service, by its design, observes the behaviour of a data subject or other information in relation to a data subject in a passive manner.
(EU) 2016/679 号法规第 20 条规定,它涉及数据主体提供的数据,但没有具体说明这是否需要数据主体方面采取主动行为,或者是否也适用于连接产品或相关产品的情况。根据其设计,服务以被动方式观察数据主体的行为或与数据主体相关的其他信息。

The rights provided for under this Regulation complement the right to receive and port personal data under Article 20 of Regulation (EU) 2016/679 in a number of ways.
本条例规定的权利以多种方式补充了 (EU) 2016/679 条例第 20 条规定的接收和传输个人数据的权利。

This Regulation grants users the right to access and make available to a third party any product data or related service data, irrespective of their nature as personal data, of the distinction between actively provided or passively observed data, and irrespective of the legal basis of processing.
本条例授予用户访问并向第三方提供任何产品数据或相关服务数据的权利,无论其个人数据的性质如何,主动提供的数据还是被动观察的数据之间的区别,也无论处理的法律依据如何。

Unlike Article 20 of Regulation (EU) 2016/679, this Regulation mandates and ensures the technical feasibility of third party access for all types of data falling within its scope, whether personal or non-personal, thereby ensuring that technical obstacles no longer hinder or prevent access to such data.
与法规 (EU) 2016/679 第 20 条不同,该法规规定并确保第三方访问其范围内的所有类型数据(无论是个人数据还是非个人数据)的技术可行性,从而确保技术障碍不再阻碍或阻止访问此类数据。

It also allows data holders to set reasonable compensation to be met by third parties, but not by the user, for costs incurred in providing direct access to the data generated by the user’s connected product.
它还允许数据持有者设定合理的补偿,由第三方支付,但不由用户支付,以支付直接访问用户连接产品生成的数据所产生的费用。

If a data holder and a third party are unable to agree on terms for such direct access, the data subject should in no way be prevented from exercising the rights laid down in Regulation (EU) 2016/679, including the right to data portability, by seeking remedies in accordance with that Regulation.
如果数据持有者和第三方无法就此类直接访问的条款达成一致,则不应阻止数据主体行使第 (EU) 2016/679 号法规中规定的权利,包括数据可移植性的权利,根据该条例寻求补救措施。

It is to be understood in this context that, in accordance with Regulation (EU) 2016/679, a contract does not allow for the processing of special categories of personal data by the data holder or the third party.
在这种情况下,应理解,根据法规 (EU) 2016/679,合同不允许数据持有者或第三方处理特殊类别的个人数据。

(36)

Access to any data stored in and accessed from terminal equipment is subject to Directive 2002/58/EC and requires the consent of the subscriber or user within the meaning of that Directive unless it is strictly necessary for the provision of an information society service explicitly requested by the user or by the subscriber or for the sole purpose of the transmission of a communication.
访问存储在终端设备中和从终端设备访问的任何数据均须遵守指令 2002/58/EC,并需要获得该指令含义内的订户或用户的同意,除非对于提供明确要求的信息社会服务是绝对必要的。由用户或订户或仅出于通信传输的目的。

Directive 2002/58/EC protects the integrity of a user’s terminal equipment regarding the use of processing and storage capabilities and the collection of information.
指令 2002/58/EC 保护用户终端设备在处理和存储功能的使用以及信息收集方面的完整性。

Internet of Things equipment is considered to be terminal equipment if it is directly or indirectly connected to a public communications network.
如果物联网设备直接或间接连接到公共通信网络,则被视为终端设备。

(37)

In order to prevent the exploitation of users, third parties to whom data has been made available at the request of the user should process those data only for the purposes agreed with the user and share them with another third party only with the agreement of the user to such data sharing.
为了防止用户被利用,应用户请求而向其提供数据的第三方应仅出于与用户同意的目的处理这些数据,并仅在征得用户同意的情况下与其他第三方共享这些数据进行此类数据共享。

(38)

In line with the data minimisation principle, third parties should access only information that is necessary for the provision of the service requested by the user.
根据数据最小化原则,第三方应仅访问提供用户请求的服务所需的信息。

Having received access to data, the third party should process it for the purposes agreed with the user without interference from the data holder.
获得数据访问权限后,第三方应按照与用户同意的目的对其进行处理,而不受数据持有者的干扰。

It should be as easy for the user to refuse or discontinue access by the third party to the data as it is for the user to authorise access.
用户拒绝或停止第三方访问数据应该像用户授权访问一样容易。

Neither third parties nor data holders should make the exercise of choices or rights by the user unduly difficult, including by offering choices to the user in a non-neutral manner, or by coercing, deceiving or manipulating the user, or by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a user digital interface or a part thereof.
第三方或数据持有者均不得使用户行使选择或权利变得过于困难,包括以非中立的方式向用户提供选择,或胁迫、欺骗或操纵用户,或颠覆或损害用户的权利。用户的自主权、决策或选择,包括通过用户数字界面或其一部分。

In that context, third parties or data holders should not rely on so-called ‘dark patterns’ in designing their digital interfaces. Dark patterns are design techniques that push or deceive consumers into decisions that have negative consequences for them.
在这种情况下,第三方或数据持有者在设计其数字界面时不应依赖所谓的“黑暗模式”。黑暗模式是一种设计技术,会推动或欺骗消费者做出对他们产生负面影响的决定。

Those manipulative techniques can be used to persuade users, in particular vulnerable consumers, to engage in unwanted behaviour, to deceive users by nudging them into decisions on data disclosure transactions or to unreasonably bias the decision-making of the users of the service in such a way as to subvert or impair their autonomy, decision-making and choice.
这些操纵技术可用于说服用户,特别是弱势消费者,参与不良行为,通过促使用户做出有关数据披露交易的决定来欺骗用户,或在此类情况下不合理地偏向服务用户的决策。颠覆或损害他们的自主权、决策和选择的方式。

Common and legitimate commercial practices that comply with Union law should not in themselves be regarded as constituting dark patterns.
符合欧盟法律的常见合法商业惯例本身不应被视为构成黑暗模式。

Third parties and data holders should comply with their obligations under relevant Union law, in particular the requirements laid down in Directives 98/6/EC (24) and 2000/31/EC (25) of the European Parliament and of the Council and in Directives 2005/29/EC and 2011/83/EU.
第三方和数据持有者应遵守相关欧盟法律规定的义务,特别是欧洲议会和理事会指令 98/6/EC ( 24 )和 2000/31/EC ( 25 )以及指令 2005/29/EC 和 2011/83/EU。

(39)

Third parties should also refrain from using data falling within the scope of this Regulation to profile individuals unless such processing activities are strictly necessary to provide the service requested by the user, including in the context of automated decision-making.
第三方还应避免使用本条例范围内的数据来分析个人,除非此类处理活动对于提供用户请求的服务是绝对必要的,包括在自动决策的背景下。

The requirement to erase data when no longer required for the purpose agreed with the user, unless otherwise agreed in relation to non-personal data, complements the data subject’s right to erasure pursuant to Article 17 of Regulation (EU) 2016/679.
除非就非个人数据另有约定,否则在与用户约定的目的不再需要时删除数据的要求是对数据主体根据法规 (EU) 2016/679 第 17 条的删除权的补充。

Where a third party is a provider of a data intermediation service, the safeguards for the data subject provided for by Regulation (EU) 2022/868 apply.
如果第三方是数据中介服务提供商,则适用法规 (EU) 2022/868 规定的数据主体保护措施。

The third party may use the data to develop a new and innovative connected product or related service but not to develop a competing connected product.
第三方可以使用这些数据来开发新的创新互联产品或相关服务,但不得开发竞争性互联产品。

(40)

Start-ups, small enterprises, enterprises that qualify as a medium-sized enterprises under Article 2 of the Annex to Recommendation 2003/361/EC and enterprises from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data.
初创企业、小型企业、符合第 2003/361/EC 建议书附件第 2 条规定的中型企业以及数字能力欠发达的传统行业企业很难获取相关数据。

This Regulation aims to facilitate access to data for those entities, while ensuring that the corresponding obligations are as proportionate as possible to avoid overreach.
该法规旨在促进这些实体获取数据,同时确保相应义务尽可能相称,以避免越权。

At the same time, a small number of very large enterprises have emerged with considerable economic power in the digital economy through the accumulation and aggregation of vast volumes of data and the technological infrastructure for monetising them.
与此同时,通过海量数据的积累和聚合以及将其货币化的技术基础设施,在数字经济中出现了少数具有相当经济实力的超大型企业。

Those very large enterprises include undertakings that provide core platform services controlling whole platform ecosystems in the digital economy and which existing or new market operators are unable to challenge or contest. Regulation (EU) 2022/1925 of the European Parliament and of the Council (26) aims to redress those inefficiencies and imbalances by allowing the Commission to designate an undertaking as a ‘gatekeeper’, and imposes a number of obligations on such gatekeepers, including a prohibition to combine certain data without consent and an obligation to ensure effective rights to data portability under Article 20 of Regulation (EU) 2016/679.
这些超大型企业包括提供控制数字经济中整个平台生态系统的核心平台服务的企业,而现有或新的市场运营商无法挑战或竞争这些企业。欧洲议会和理事会的第 (EU) 2022/1925 号法规( 26 )旨在通过允许委员会指定一家企业作为“看门人”来纠正这些低效率和不平衡的问题,并对此类看门人施加了一系列义务,包括禁止未经同意合并某些数据,并有义务根据 (EU) 2016/679 法规第 20 条确保数据可移植性的有效权利。

In accordance with Regulation (EU) 2022/1925, and given the unrivalled ability of those undertakings to acquire data, it is not necessary to achieve the objective of this Regulation, and would therefore be disproportionate for data holders made subject to such obligations, to include gatekeeper as beneficiaries of the data access right.
根据法规 (EU) 2022/1925,并考虑到这些企业获取数据的无与伦比的能力,没有必要实现本法规的目标,因此对于受此类义务约束的数据持有者来说,将网守作为数据访问权的受益人。

Such inclusion would also likely limit the benefits of this Regulation for SMEs, linked to the fairness of the distribution of data value across market actors.
这种纳入也可能会限制该法规对中小企业的好处,这与市场参与者之间数据价值分配的公平性有关。

This means that an undertaking that provides core platform services that has been designated as a gatekeeper cannot request or be granted access to users’ data generated by the use of a connected product or related service or by a virtual assistant pursuant to this Regulation.
这意味着,提供核心平台服务并被指定为看门人的企业不能根据本条例请求或被授予访问通过使用互联产品或相关服务或虚拟助理生成的用户数据的权限。

Furthermore, third parties to whom data are made available at the request of the user may not make the data available to a gatekeeper. For instance, the third party may not subcontract the service provision to a gatekeeper.
此外,应用户请求向其提供数据的第三方可能不会向网守提供数据。例如,第三方不得将服务提供分包给看门人。

However, this does not prevent third parties from using data processing services offered by a gatekeeper. Nor does it prevent those undertakings from obtaining and using the same data through other lawful means.
然而,这并不妨碍第三方使用网守提供的数据处理服务。它也不阻止这些企业通过其他合法手段获取和使用相同的数据。

The access rights provided for in this Regulation contribute to a wider choice of services for consumers.
本条例规定的访问权有助于为消费者提供更广泛的服务选择。

As voluntary agreements between gatekeepers and data holders remain unaffected, the limitation on granting access to gatekeepers would not exclude them from the market or prevent them from offering their services.
由于看门人和数据持有者之间的自愿协议不受影响,对看门人访问权限的限制不会将他们排除在市场之外或阻止他们提供服务。

(41)

Given the current state of technology, it would be overly burdensome on microenterprises and small enterprises to impose further design obligations in relation to connected products manufactured or designed, or the related services provided, by them.
鉴于目前的技术状况,对微型企业和小型企业来说,对其制造或设计的互联产品或提供的相关服务施加进一步的设计义务将过于繁重。

That is not the case, however, where a microenterprise or a small enterprise has a partner enterprise or a linked enterprise within the meaning of Article 3 of the Annex to Recommendation 2003/361/EC that does not qualify as a microenterprise or a small enterprise and where it is subcontracted to manufacture or design a connected product or to provide a related service.
然而,如果微型企业或小型企业拥有第 2003/361/EC 建议书附件第 3 条含义内的伙伴企业或关联企业,但不符合微型企业或小型企业的资格,则情况并非如此以及分包制造或设计互联产品或提供相关服务的情况。

In such situations, the enterprise which has subcontracted the manufacturing or design to a microenterprise or a small enterprise is able to compensate the subcontractor appropriately.
在这种情况下,将制造或设计分包给小微企业的企业可以对分包商给予适当补偿。

A microenterprise or a small enterprise may nevertheless be subject to the requirements laid down by this Regulation as data holder where it is not the manufacturer of the connected product or a provider of related services.
然而,如果微型企业或小型企业不是互联产品的制造商或相关服务的提供商,则其作为数据持有者可能需要遵守本条例规定的要求。

A transitional period should apply to an enterprise that has qualified as a medium-sized enterprise for less than one year and to connected products for one year after the date on which they were placed on the market by a medium-sized enterprise.
取得中型企业资格不足一年的企业和关联产品自上市之日起一年内适用过渡期。

Such a one-year period allows such a medium-sized enterprise to adjust and prepare before facing competition in the market for services for the connected products that it manufactures on the basis of the access rights provided by this Regulation.
这样的一年期限可以让中型企业根据本条例规定的准入权,在其生产的互联产品的服务面临市场竞争之前进行调整和准备。

Such a transitional period does not apply where such a medium-sized enterprise has a partner enterprise or a linked enterprise that does not qualify as a microenterprise or a small enterprise or where such a medium-sized enterprise was subcontracted to manufacture or design the connected product or to provide the related service.
如果此类中型企业有不符合微型企业或小型企业资格的合作企业或关联企业,或者此类中型企业被分包制造或设计关联产品,则不适用此类过渡期或提供相关服务。

(42)

Taking into account the variety of connected products producing data of different nature, volume and frequency, presenting different levels of data and cybersecurity risks and providing economic opportunities of different value, and for the purpose of ensuring consistency of data sharing practices in the internal market, including across sectors, and to encourage and promote fair data sharing practices even in areas where no such right to data access is provided for, this Regulation provides for horizontal rules on the arrangements for access to data whenever a data holder is obliged by Union law or national legislation adopted in accordance with Union law to make data available to a data recipient.
考虑到各种互联产品产生不同性质、数量和频率的数据,呈现不同程度的数据和网络安全风险并提供不同价值的经济机会,并为了确保内部市场数据共享实践的一致性,包括跨部门,并鼓励和促进公平的数据共享做法,即使在没有规定此类数据访问权的领域,本条例规定了数据持有者在欧盟法律或有义务时的数据访问安排的横向规则。根据欧盟法律通过的国家立法,向数据接收者提供数据。

Such access should be based on fair, reasonable, non-discriminatory and transparent terms and conditions. Those general access rules do not apply to obligations to make data available under Regulation (EU) 2016/679. Voluntary data sharing remains unaffected by those rules.
此类访问应基于公平、合理、非歧视和透明的条款和条件。这些一般访问规则不适用于根据 (EU) 2016/679 法规提供数据的义务。自愿数据共享不受这些规则的影响。

The non-binding model contractual terms for business-to-business data sharing to be developed and recommended by the Commission may help parties to conclude contracts which include fair, reasonable and non-discriminatory terms and conditions and which are to be implemented in a transparent way.
委员会将制定和推荐的企业对企业数据共享的非约束性示范合同条款可以帮助各方签订包含公平、合理和非歧视性条款和条件的合同,并以透明的方式实施。方式。

The conclusion of contracts, which may include the non-binding model contractual terms, should not mean that the right to share data with third parties is in any way conditional upon the existence of such a contract.
合同的签订(可能包括不具约束力的示范合同条款)不应意味着与第三方共享数据的权利以任何方式以此类合同的存在为条件。

Should parties be unable to conclude a contract on data sharing, including with the support of dispute settlement bodies, the right to share data with third parties is enforceable in national courts or tribunals.
如果各方无法签订数据共享合同,包括在争端解决机构的支持下,则可以在国家法院或法庭强制执行与第三方共享数据的权利。

(43)

On the basis of the principle of contractual freedom, parties should remain free to negotiate the precise conditions for making data available in their contracts within the framework for the general access rules for making data available.
基于合同自由原则,各方应在数据可用的一般访问规则框架内自由协商合同中数据可用的具体条件。

Terms of such contracts could include technical and organisational measures, including in relation to data security.
此类合同的条款可能包括技术和组织措施,包括与数据安全相关的措施。

(44)

In order to ensure that the conditions for mandatory data access are fair for both parties to a contract, the general rules on data access rights should refer to the rule on avoiding unfair contractual terms.
为了确保强制数据访问的条件对于合同双方而言是公平的,数据访问权的一般规则应参照避免不公平合同条款的规则。

(45)

Any agreement concluded in business-to-business relations for making data available should be non-discriminatory between comparable categories of data recipients, independently of whether the parties are large enterprises or SMEs.
在企业对企业关系中为提供数据而达成的任何协议在可比类别的数据接收者之间应是非歧视性的,无论双方是大型企业还是中小企业。

In order to compensate for the lack of information on the conditions contained in different contracts, which makes it difficult for the data recipient to assess whether the terms for making the data available are non-discriminatory, it should be the responsibility of data holders to demonstrate that a contractual term is not discriminatory.
为了弥补不同合同中所含条件信息的缺乏,导致数据接收者难以评估提供数据的条款是否具有非歧视性,数据持有者应有责任证明合同条款不具有歧视性。

It is not unlawful discrimination where a data holder uses different contractual terms for making data available if those differences are justified by objective reasons. Those obligations are without prejudice to Regulation (EU) 2016/679.
如果数据持有者使用不同的合同条款来提供数据,如果这些差异有客观原因,则不构成非法歧视。这些义务不影响 (EU) 2016/679 法规。

(46)

In order to promote continued investment in generating and making available valuable data, including investments in relevant technical tools, while at the same time avoiding excessive burdens on access to and the use of data which make data sharing no longer commercially viable, this Regulation contains the principle that in business-to-business relations data holders may request reasonable compensation when obliged pursuant to Union law or national legislation adopted in accordance with Union law to make data available to a data recipient.
为了促进对生成和提供有价值数据的持续投资,包括对相关技术工具的投资,同时避免对数据的获取和使用造成过度负担,从而使数据共享不再具有商业可行性,本条例包含以下内容:原则是,在企业对企业关系中,当根据欧盟法律或根据欧盟法律通过的国家立法有义务向数据接收者提供数据时,数据持有者可以要求合理的补偿。

Such compensation should not be understood to constitute payment for the data itself. The Commission should adopt guidelines on the calculation of reasonable compensation in the data economy.
此类补偿不应被理解为构成对数据本身的付款。委员会应采用数据经济合理补偿计算指南。

(47)

First, reasonable compensation for meeting the obligation pursuant to Union law or national legislation adopted in accordance with Union law to comply with a request to make data available may include compensation for the costs incurred in making the data available.
首先,根据联邦法律或根据联邦法律通过的国家立法履行提供数据请求的合理补偿可能包括对提供数据所产生的费用的补偿。

Those costs may be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not for data collection or production.
这些成本可能是技术成本,例如数据复制、通过电子方式传播和存储所需的成本,但不是数据收集或生产所需的成本。

Such technical costs may also include the costs for processing, necessary to make data available, including costs associated with the formatting of data. Costs related to making the data available may also include the costs of facilitating concrete data sharing requests.
此类技术成本还可能包括使数据可用所需的处理成本,包括与数据格式化相关的成本。与提供数据相关的成本还可能包括促进具体数据共享请求的成本。

They may also vary depending on the volume of the data as well as the arrangements taken for making the data available.
它们还可能根据数据量以及为提供数据而采取的安排而变化。

Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, may reduce the costs in regular or repetitive transactions in a business relationship.
数据持有者和数据接收者之间的长期安排,例如通过订阅模式或使用智能合约,可以降低业务关系中定期或重复交易的成本。

Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available.
与提供数据相关的成本要么特定于特定请求,要么与其他请求共享。在后一种情况下,单个数据接收者不应支付提供数据的全部费用。

Second, reasonable compensation may also include a margin, except regarding SMEs and not-for-profit research organisations. A margin may vary depending on factors related to the data itself, such as volume, format or nature of the data.
其次,合理的薪酬还可能包括利润,但中小企业和非营利性研究机构除外。余量可能会根据与数据本身相关的因素而变化,例如数据的数量、格式或性质。

It may consider the costs for collecting the data.
它可能会考虑收集数据的成本。

A margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high.
因此,如果数据持有者在没有大量投资的情况下为其自己的业务收集了数据,则利润可能会减少;如果为了数据持有者的业务目的而对数据收集的投资较高,则利润可能会增加。

It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the data holder’s own activities.
在数据接收者对数据的使用不影响数据持有者自身活动的情况下,可能会受到限制甚至排除。

The fact that the data is co-generated by a connected product owned, rented or leased by the user could also reduce the amount of the compensation in comparison to other situations where the data are generated by the data holder for example during the provision of a related service.
与数据持有者生成数据的其他情况相比,例如在提供数据期间,数据由用户拥有、租用或租赁的连接产品共同生成的事实也可以减少补偿金额。相关服务。

(48)

It is not necessary to intervene in the case of data sharing between large enterprises, or where the data holder is a small enterprise or a medium-sized enterprise and the data recipient is a large enterprise.
对于大型企业之间的数据共享,或者数据持有者为中小型企业、数据接收者为大型企业的情况,无需干预。

In such cases, the enterprises are considered to be capable of negotiating the compensation within the limits of what is reasonable and non-discriminatory.
在这种情况下,企业被认为有能力在合理和非歧视的范围内就赔偿进行谈判。

(49)

To protect SMEs from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the reasonable compensation for making data available to be paid by them should not exceed the costs directly related to making the data available.
为了保护中小企业免受过度的经济负担,使其在商业上难以开发和运营创新的商业模式,中小企业为提供数据而支付的合理补偿不应超过与提供数据直接相关的成本。

Directly related costs are those costs which are attributable to individual requests, taking into account that the necessary technical interfaces or related software and connectivity is to be established on a permanent basis by the data holder.
直接相关成本是指因个人请求而产生的成本,考虑到数据持有者将永久建立必要的技术接口或相关软件和连接。

The same regime should apply to not-for-profit research organisations.
同样的制度也应适用于非营利研究组织。

(50)

In duly justified cases, including where there is a need to safeguard consumer participation and competition or to promote innovation in certain markets, regulated compensation for making available specific data types may be provided for in Union law or national legislation adopted in accordance with Union law.
在正当合理的情况下,包括需要保障消费者参与和竞争或促进某些市场的创新时,可以在联盟法或根据联盟法通过的国家立法中规定对提供特定数据类型的受监管补偿。

(51)

Transparency is an important principle for ensuring that the compensation requested by a data holder is reasonable, or, if the data recipient is an SME or a not-for-profit research organisation, that the compensation does not exceed the costs directly related to making the data available to the data recipient and is attributable to the individual request concerned.
透明度是确保数据持有者要求的赔偿合理的重要原则,或者,如果数据接收者是中小企业或非营利性研究机构,则赔偿不超过与数据获取直接相关的成本。数据接收者可获得的数据可归因于有关的个人请求。

In order to put data recipients in a position to assess and verify that the compensation complies with the requirements of this Regulation, the data holder should provide to the data recipient sufficiently detailed information for the calculation of the compensation.
为了使数据接收者能够评估和验证补偿是否符合本条例的要求,数据持有者应向数据接收者提供足够详细的信息以计算补偿。

(52)

Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing.
确保采用替代方式解决因提供数据而产生的国内和跨境争端,应有利于数据持有者和数据接收者,从而增强对数据共享的信任。

Where parties cannot agree on fair, reasonable and non-discriminatory terms and conditions of making data available, dispute settlement bodies should offer a simple, fast and low-cost solution to the parties.
如果各方无法就提供数据的公平、合理和非歧视性条款和条件达成一致,争端解决机构应为各方提供简单、快速和低成本的解决方案。

While this Regulation only lays down the conditions that dispute settlement bodies need to fulfil to be certified, Member States are free to adopt any specific rules for the certification procedure, including the expiry or revocation of certification.
虽然该法规仅规定了争端解决机构获得认证所需满足的条件,但成员国可以自由采用认证程序的任何具体规则,包括认证到期或撤销。

The provisions of this Regulation on dispute settlement should not require Member States to establish dispute settlement bodies.
本条例关于争端解决的规定不应要求成员国设立争端解决机构。

(53)

The dispute settlement procedure under this Regulation is a voluntary procedure that enables users, data holders and data recipients to agree to bring their disputes before dispute settlement bodies.
本条例规定的争议解决程序是一个自愿程序,使用户、数据持有者和数据接收者同意将其争议提交争议解决机构。

Therefore, the parties should be free to address a dispute settlement body of their choice, be it within or outside of the Member States in which those parties are established.
因此,各方应可以自由地向自己选择的争端解决机构提出诉讼,无论该机构是在各方成立的成员国境内还是境外。

(54)

To avoid cases in which two or more dispute settlement bodies are seized for the same dispute, in particular in a cross-border situation, a dispute settlement body should be able to refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.
为了避免两个或多个争端解决机构因同一争端而被起诉的情况,特别是在跨境情况下,争端解决机构应该能够拒绝处理已经提交的争端解决请求在另一个争端解决机构或成员国的法院或法庭面前。

(55)

In order to ensure the uniform application of this Regulation, the dispute settlement bodies should take into account the non-binding model contractual terms to be developed and recommended by the Commission as well as Union or national law specifying data sharing obligations or guidelines issued by sectoral authorities for the application of such law.
为了确保本条例的统一适用,争端解决机构应考虑委员会制定和建议的非约束性示范合同条款以及规定数据共享义务的联盟或国家法律或部门发布的指南。适用此类法律的当局。

(56)

Parties to dispute settlement proceedings should not be prevented from exercising their fundamental rights to an effective remedy and a fair trial.
不应阻止争端解决程序各方行使其获得有效补救和公平审判的基本权利。

Therefore, the decision to submit a dispute to a dispute settlement body should not deprive those parties of their right to seek redress before a court or tribunal of a Member State. Dispute settlement bodies should make annual activity reports publicly available.
因此,将争端提交争端解决机构的决定不应剥夺当事方向成员国法院或法庭寻求补救的权利。争端解决机构应公开年度活动报告。

(57)

Data holders may apply appropriate technical protection measures to prevent the unlawful disclosure of or access to data. However, those measures should neither discriminate between data recipients, nor hinder access to or the use of data for users or data recipients.
数据持有者可以采取适当的技术保护措施,以防止非法披露或访问数据。然而,这些措施不应歧视数据接收者,也不应阻碍用户或数据接收者访问或使用数据。

In the case of abusive practices on the part of a data recipient, such as misleading the data holder by providing false information with the intent to use the data for unlawful purposes, including developing a competing connected product on the basis of the data, the data holder and, where applicable and where they are not the same person, the trade secret holder or the user can request the third party or data recipient to implement corrective or remedial measures without undue delay.
如果数据接收者有滥用行为,例如通过提供虚假信息误导数据持有者,意图将数据用于非法目的,包括基于数据开发竞争性互联产品,则数据持有人,以及在适用的情况下,如果他们不是同一个人,商业秘密持有人或用户可以要求第三方或数据接收者立即实施纠正或补救措施。

Any such requests, and in particular requests to end the production, offering or placing on the market of goods, derivative data or services, as well as those to end importation, export, storage of infringing goods or their destruction, should be assessed in the light of their proportionality in relation to the interests of the data holder, the trade secret holder or the user.
任何此类请求,特别是停止生产、提供或将商品、衍生数据或服务投放市场的请求,以及停止进口、出口、存储侵权商品或销毁侵权商品的请求,均应在考虑到它们与数据持有者、商业秘密持有者或用户利益的比例。

(58)

Where one party is in a stronger bargaining position, there is a risk that that party could leverage such a position to the detriment of the other contracting party when negotiating access to data with the result that access to data is commercially less viable and sometimes economically prohibitive.
如果一方处于更有利的谈判地位,则该方可能会在谈判数据访问时利用这一地位损害另一方的利益,从而导致数据访问在商业上不太可行,有时在经济上令人望而却步。 。

Such contractual imbalances harm all enterprises without a meaningful ability to negotiate the conditions for access to data, and which may have no choice but to accept take-it-or-leave-it contractual terms. Therefore, unfair contractual terms regulating access to and the use of data, or liability and remedies for the breach or the termination of data related obligations, should not be binding on enterprises when those terms have been unilaterally imposed on those enterprises.
这种合同不平衡会损害所有没有能力就数据访问条件进行谈判的企业,并且它们可能别无选择,只能接受要么接受要么放弃的合同条款。因此,规范数据访问和使用的不公平合同条款,或者违反或终止数据相关义务的责任和补救措施,如果这些条款是单方面强加给企业的,则不应对企业具有约束力。

(59)

Rules on contractual terms should take into account the principle of contractual freedom as an essential concept in business-to-business relationships.
合同条款规则应考虑合同自由原则,将其作为企业对企业关系的基本概念。

Therefore, not all contractual terms should be subject to an unfairness test, but only those terms that are unilaterally imposed.
因此,并不是所有的合同条款都应该接受不公平性测试,而只有那些单方面强加的条款才应该接受不公平测试。

This concerns take-it-or-leave-it situations where one party supplies a certain contractual term and the other enterprise cannot influence the content of that term despite an attempt to negotiate it.
这涉及“要么接受要么放弃”的情况,即一方提供某一合同条款,而另一方尽管试图进行谈判,但无法影响该条款的内容。

A contractual term that is simply provided by one party and accepted by the other enterprise or a term that is negotiated and subsequently agreed in an amended form between contracting parties should not be considered to have been unilaterally imposed.
一方简单提供并被另一方接受的合同条款,或者缔约方之间经过谈判并随后以修订形式达成一致的条款,不应被视为单方面强加的。

(60)

Furthermore, the rules on unfair contractual terms should apply only to those elements of a contract that are related to making data available, that is contractual terms concerning access to and use of the data as well as liability or remedies for breach and termination of data related obligations.
此外,关于不公平合同条款的规则应仅适用于与提供数据相关的合同要素,即涉及访问和使用数据以及违反和终止相关数据的责任或补救措施的合同条款。义务。

Other parts of the same contract, unrelated to making data available, should not be subject to the unfairness test laid down in this Regulation.
同一合同的其他部分,与提供数据无关的,不应接受本条例规定的不公平性测试。

(61)

Criteria for identifying unfair contractual terms should be applied only to excessive contractual terms where a stronger bargaining position has been abused.
识别不公平合同条款的标准应仅适用于滥用更强谈判地位的过度合同条款。

The vast majority of contractual terms that are commercially more favourable to one party than to the other, including those that are normal in business-to-business contracts, are a normal expression of the principle of contractual freedom and continue to apply.
绝大多数在商业上对一方比另一方更有利的合同条款,包括企业对企业合同中的正常条款,是合同自由原则的正常表达,并继续适用。

For the purposes of this Regulation, grossly deviating from good commercial practice would include, inter alia, objectively impairing the ability of the party upon whom the term has been unilaterally imposed to protect its legitimate commercial interest in the data in question.
就本条例而言,严重偏离良好商业惯例尤其包括客观上损害单方面施加该条款的一方保护其对相关数据的合法商业利益的能力。

(62)

In order to ensure legal certainty, this Regulation establishes a list of clauses that are always considered unfair and a list of clauses that are presumed to be unfair.
为了确保法律的确定性,本条例制定了始终被视为不公平的条款清单和推定不公平的条款清单。

In the latter case, the enterprise that imposes the contractual term should be able to rebut the presumption of unfairness by demonstrating that the contractual term listed in this Regulation is not unfair in the specific case in question.
在后一种情况下,施加合同条款的企业应当能够通过证明本条例所列合同条款在具体案件中并不不公平来反驳不公平推定。

If a contractual term is not included in the list of terms that are always considered unfair or that are presumed to be unfair, the general unfairness provision applies.
如果合同条款未包含在始终被认为不公平或推定不公平的条款列表中,则适用一般不公平条款。

In that regard, the terms listed as unfair contractual terms in this Regulation should serve as a yardstick to interpret the general unfairness provision.
就此而言,本条例中列为不公平合同条款的条款应作为解释一般不公平条款的标准。

Finally, non-binding model contractual terms for business-to-business data sharing contracts to be developed and recommended by the Commission may also be helpful to commercial parties when negotiating contracts.
最后,委员会制定和推荐的企业对企业数据共享合同的非约束性示范合同条款也可能对商业方在合同谈判时有所帮助。

If a contractual term is declared to be unfair, the contract concerned should continue to apply without that term, unless the unfair contractual term is not severable from the other terms of the contract.
如果合同条款被宣布为不公平的,则有关合同应在没有该条款的情况下继续适用,除非不公平的合同条款与合同的其他条款不可分割。

(63)

In situations of exceptional need, it may be necessary for public sector bodies, the Commission, the European Central Bank or Union bodies to use in the performance of their statutory duties in the public interest existing data, including, where relevant, accompanying metadata, to respond to public emergencies or in other exceptional cases.
在特殊需要的情况下,公共部门机构、委员会、欧洲中央银行或联盟机构可能有必要在履行其符合公共利益的法定职责时使用现有数据,包括相关的随附元数据,以应对突发公共事件或其他特殊情况。

Exceptional needs are circumstances which are unforeseeable and limited in time, in contrast to other circumstances which might be planned, scheduled, periodic or frequent.
特殊需求是指不可预见且时间有限的情况,与其他可能计划、安排、定期或频繁的情况不同。

While the notion of ‘data holder’ does not, generally, include public sector bodies, it may include public undertakings. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law.
虽然“数据持有者”的概念通常不包括公共部门机构,但它可能包括公共事业。研究执行组织和研究资助组织也可以组织为公共部门机构或受公法管辖的机构。

To limit the burden on businesses, microenterprises and small enterprises should only be under the obligation to provide data to public sector bodies, the Commission, the European Central Bank or Union bodies in situations of exceptional need where such data is required to respond to a public emergency and the public sector body, the Commission, the European Central Bank or the Union body is unable to obtain such data by alternative means in a timely and effective manner under equivalent conditions.
为了限制企业的负担,微型企业和小型企业只有在特殊需要的情况下才有义务向公共部门机构、委员会、欧洲中央银行或联盟机构提供数据,以回应公众的要求。紧急情况下,公共部门机构、委员会、欧洲中央银行或欧盟机构无法在同等条件下通过其他方式及时有效地获取此类数据。

(64)

In the case of public emergencies, such as public health emergencies, emergencies resulting from natural disasters including those aggravated by climate change and environmental degradation, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold.
在突发公共卫生事件等突发公共事件、气候变化、环境恶化等自然灾害引发的突发事件以及重大网络安全事件等人为引发的重大灾害中,因使用信息而产生的公共利益数据的使用权将超过数据持有者自由处置其所持有数据的利益。

In such a case, data holders should be placed under an obligation to make the data available to public sector bodies, the Commission, the European Central Bank or Union bodies upon their request. The existence of a public emergency should be determined or declared in accordance with Union or national law and based on the relevant procedures, including those of the relevant international organisations.
在这种情况下,数据持有者应有义务根据公共部门机构、委员会、欧洲中央银行或联盟机构的要求向其提供数据。应根据欧盟或国家法律并根据相关程序(包括相关国际组织的程序)确定或宣布公共紧急状态的存在。

In such cases, the public sector body should demonstrate that the data in scope of the request could not otherwise be obtained in a timely and effective manner and under equivalent conditions, for instance by way of the voluntary provision of data by another enterprise or the consultation of a public database.
在这种情况下,公共部门机构应证明无法在同等条件下及时有效地获取请求范围内的数据,例如通过其他企业自愿提供数据或咨询的公共数据库。

(65)

An exceptional need may also arise from non-emergency situations. In such cases, a public sector body, the Commission, the European Central Bank or a Union body should be allowed to request only non-personal data.
非紧急情况也可能出现特殊需求。在这种情况下,应允许公共部门机构、委员会、欧洲中央银行或联盟机构仅请求非个人数据。

The public sector body should demonstrate that the data are necessary for the fulfilment of a specific task carried out in the public interest that has been explicitly provided for by law, such as the production of official statistics or the mitigation of or recovery from a public emergency.
公共部门机构应证明这些数据对于完成法律明确规定的公共利益所执行的特定任务是必要的,例如官方统计数据的编制或公共紧急情况的缓解或恢复。

In addition, such a request can be made only when the public sector body, the Commission, the European Central Bank or a Union body has identified specific data that could not otherwise be obtained in a timely and effective manner and under equivalent conditions and only if it has exhausted all other means at its disposal to obtain such data, such as obtaining the data through voluntary agreements, including purchasing of non-personal data on the market by offering market rates, or by relying on existing obligations to make data available or the adoption of new legislative measures which could guarantee the timely availability of data.
此外,只有当公共部门机构、委员会、欧洲中央银行或欧盟机构已确定无法在同等条件下及时有效地获取的具体数据时,才能提出此类请求它已用尽所有其他手段来获取此类数据,例如通过自愿协议获取数据,包括通过提供市场价格在市场上购买非个人数据,或依靠现有的提供数据的义务或采取新的立法措施,保证及时提供数据。

The conditions and principles governing requests, such as those related to purpose limitation, proportionality, transparency and time limitation, should also apply.
管理请求的条件和原则,例如与目的限制、相称性、透明度和时间限制相关的条件和原则,也应适用。

In cases of requests for data necessary for the production of official statistics, the requesting public sector body should also demonstrate whether the national law allows it to purchase non-personal data on the market.
如果请求提供官方统计数据所需的数据,提出请求的公共部门机构还应证明国家法律是否允许其在市场上购买非个人数据。

(66)

This Regulation should not apply to, or pre-empt, voluntary arrangements for the exchange of data between private and public entities, including the provision of data by SMEs, and is without prejudice to Union legal acts providing for mandatory information requests by public entities to private entities.
本条例不应适用于或优先于私营和公共实体之间交换数据的自愿安排,包括中小企业提供的数据,并且不妨碍规定公共实体强制要求信息的欧盟法律法案私人实体。

Obligations placed on data holders to provide data that are motivated by needs of a non-exceptional nature, in particular where the range of data and of data holders is known or where data use can take place on a regular basis, as in the case of reporting obligations and internal market obligations, should not be affected by this Regulation.
数据持有者有义务出于非特殊性质的需要而提供数据,特别是在数据和数据持有者的范围已知或可以定期使用数据的情况下,例如报告义务和内部市场义务不应受到本条例的影响。

Requirements to access data to verify compliance with applicable rules, including where public sector bodies assign the task of the verification of compliance to entities other than public sector bodies, should also not be affected by this Regulation.
访问数据以验证是否遵守适用规则的要求,包括公共部门机构将验证合规性任务分配给公共部门机构以外的实体的情况,也不应受到本条例的影响。

(67)

This Regulation complements and is without prejudice to the Union and national law providing for access to and the use of data for statistical purposes, in particular Regulation (EC) No 223/2009 of the European Parliament and of the Council (27) as well as national legal acts related to official statistics.
本法规补充且不损害为统计目的而获取和使用数据的欧盟和国家法律,特别是欧洲议会和理事会第 223/2009 号法规 (EC) ( 27 )以及与官方统计有关的国家法律行为。

(68)

For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies, the Commission, the European Central Bank or Union bodies should rely on their powers under Union or national law.
为了在预防、调查、侦查或起诉刑事或行政犯罪或执行刑事和行政处罚以及收集用于税收或海关目的的数据方面执行任务,公共部门机构、委员会,欧洲中央银行或联盟机构应依靠联盟或国家法律赋予的权力。

This Regulation accordingly does not affect legislative acts on the sharing, access to and use of data in those areas.
因此,本条例不影响这些领域有关数据共享、访问和使用的立法行为。

(69)

In accordance with Article 6(1) and (3) of Regulation (EU) 2016/679, a proportionate, limited and predictable framework at Union level is necessary when providing for the legal basis for the making available of data by data holders, in cases of exceptional needs, to public sector bodies, the Commission, the European Central Bank or Union bodies, both to ensure legal certainty and to minimise the administrative burdens placed on businesses.
根据 (EU) 2016/679 条例第 6(1) 和 (3) 条,在为数据持有者提供数据提供法律依据时,欧盟层面需要有一个相称、有限和可预测的框架,在特殊需要的情况下,向公共部门机构、委员会、欧洲中央银行或联盟机构提供帮助,以确保法律确定性并尽量减少企业的行政负担。

To that end, data requests from public sector bodies, the Commission, the European Central Bank or Union bodies to data holders should be specific, transparent and proportionate in their scope of content and their granularity.
为此,公共部门机构、委员会、欧洲中央银行或联盟机构向数据持有者提出的数据请求应具体、透明且内容范围和粒度相称。

The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to carry out its specific tasks in the public interest. The request should also respect the legitimate interests of the data holder to whom the request is made.
请求的目的和所请求数据的预期用途应具体且清楚地解释,同时允许请求实体具有适当的灵活性,以便为了公共利益执行其特定任务。该请求还应尊重收到请求的数据持有者的合法利益。

The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or the Commission, the European Central Bank or Union bodies.
应通过要求请求实体遵守一次性原则来最大程度地减少数据持有者的负担,该原则可防止多个公共部门机构或委员会、欧洲中央银行或联盟机构多次请求相同的数据。

To ensure transparency, data requests made by the Commission, the European Central Bank or Union bodies should be made public without undue delay by the entity requesting the data. The European Central Bank and Union bodies should inform the Commission of their requests.
为了确保透明度,请求数据的实体应立即公开委员会、欧洲中央银行或联盟机构提出的数据请求,不得无故拖延。欧洲中央银行和联盟机构应将其请求告知委员会。

If the data request has been made by a public sector body, that body should also notify the data coordinator of the Member State where the public sector body is established. Online public availability of all requests should be ensured.
如果数据请求是由公共部门机构提出的,该机构还应通知该公共部门机构所在成员国的数据协调员。应确保所有请求均可在线公开。

Upon the receipt of a notification of a data request, the competent authority can decide to assess the lawfulness of the request and exercise its functions in relation to the enforcement and application of this Regulation.
收到数据请求通知后,主管机关可以决定评估请求的合法性,并行使其与本条例的执行和适用有关的职能。

Online public availability of all requests made by public sector bodies should be ensured by the data coordinator.
数据协调员应确保公共部门机构提出的所有请求均可在线公开获取。

(70)

The objective of the obligation to provide the data is to ensure that public sector bodies, the Commission, the European Central Bank or Union bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided for by law.
提供数据义务的目的是确保公共部门机构、委员会、欧洲中央银行或联盟机构拥有必要的知识来应对、预防公共紧急情况或从公共紧急情况中恢复,或保持完成特定任务的能力法律有明确规定。

The data obtained by those entities may be commercially sensitive. Therefore, neither Regulation (EU) 2022/868 nor Directive (EU) 2019/1024 of the European Parliament and of the Council (28) should apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties.
这些实体获得的数据可能具有商业敏感性。因此,欧洲议会和理事会的法规 (EU) 2022/868 和指令 (EU) 2019/1024 ( 28 )均不应适用于根据本法规提供的数据,并且不应被视为可供重复使用的开放数据。第三方。

This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data.
然而,这不应影响指令 (EU) 2019/1024 对官方统计数据的再利用的适用性,前提是再利用不包括基础数据。

In addition, provided the conditions laid down in this Regulation are met, the possibility of sharing the data for conducting research or for the development, production and dissemination of official statistics should not be affected.
此外,只要满足本条例规定的条件,为开展研究或开发、制作和传播官方统计数据而共享数据的可能性不应受到影响。

Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies, the Commission, the European Central Bank or Union bodies in order to address the exceptional needs for which the data has been requested.
还应允许公共部门机构与其他公共部门机构、委员会、欧洲中央银行或联盟机构交换根据本条例获得的数据,以满足请求数据的特殊需求。

(71)

Data holders should have the possibility to either decline a request made by a public sector body, the Commission, the European Central Bank or a Union body or seek its modification without undue delay and, in any event, no later than within a period of five or 30 working days, depending on the nature of the exceptional need invoked in the request. Where relevant, the data holder should have this possibility where it does not have control over the data requested, namely where it does not have immediate access to the data and cannot determine its availability.
数据持有者应有权拒绝公共部门机构、委员会、欧洲中央银行或欧盟机构提出的请求,或寻求修改,不得无故拖延,并且在任何情况下不得迟于五年内或 30 个工作日,具体取决于请求中提到的特殊需要的性质。在相关的情况下,数据持有者在无法控制所请求的数据的情况下,即在无法立即访问数据且无法确定其可用性的情况下,应该具有这种可能性。

A valid reason not to make the data available should exist if it can be shown that the request is similar to a previously submitted request for the same purpose by another public sector body or the Commission, the European Central Bank or a Union body and the data holder has not been notified of the erasure of the data pursuant to this Regulation.
如果可以证明该请求与另一个公共部门机构或委员会、欧洲中央银行或欧盟机构之前出于同一目的提交的请求相似,并且该数据是不提供数据的,则应存在不提供数据的正当理由。持有人尚未收到根据本条例删除数据的通知。

A data holder declining the request or seeking its modification should communicate the underlying justification to the public sector body, the Commission, the European Central Bank or a Union body requesting the data. Where the sui generis database rights under Directive 96/9/EC of the European Parliament and of the Council (29) apply in relation to the requested datasets, data holders should exercise their rights in such a way that does not prevent the public sector body, the Commission, the European Central Bank or Union body from obtaining the data, or from sharing it, in accordance with this Regulation.
拒绝请求或寻求修改的数据持有者应向请求数据的公共部门机构、委员会、欧洲中央银行或欧盟机构传达基本理由。如果欧洲议会和理事会第 96/9/EC 号指令( 29 )规定的特殊数据库权利适用于所请求的数据集,则数据持有者应以不妨碍公共部门机构的方式行使其权利。 、委员会、欧洲中央银行或联盟机构根据本条例获取或共享数据。

(72)

In the case of an exceptional need related to a public emergency response, public sector bodies should use non-personal data wherever possible. In the case of requests on the basis of an exceptional need not related to a public emergency, personal data cannot be requested.
在与公共应急响应相关的特殊需要的情况下,公共部门机构应尽可能使用非个人数据。如果是基于与公共紧急情况无关的特殊需要而提出的请求,则不能请求个人数据。

Where personal data fall within the scope of the request, the data holder should anonymise the data.
如果个人数据属于请求范围,数据持有者应对数据进行匿名化处理。

Where it is strictly necessary to include personal data in the data to be made available to a public sector body, the Commission, the European Central Bank or a Union body or where anonymisation proves impossible, the entity requesting the data should demonstrate the strict necessity and the specific and limited purposes for processing.
如果绝对有必要将个人数据包含在向公共部门机构、委员会、欧洲中央银行或欧盟机构提供的数据中,或者在事实证明无法匿名化的情况下,请求数据的实体应证明其严格必要性和处理的具体和有限目的。

The applicable rules on personal data protection should be complied with. The making available of the data and their subsequent use should be accompanied by safeguards for the rights and interests of individuals concerned by those data.
应遵守有关个人数据保护的适用规则。数据的提供及其后续使用应同时保障与这些数据相关的个人的权利和利益。

(73)

Data made available to public sector bodies, the Commission, the European Central Bank or Union bodies on the basis of an exceptional need should be used only for the purposes for which they were requested, unless the data holder that made the data available has expressly agreed for the data to be used for other purposes.
出于特殊需要向公共部门机构、委员会、欧洲中央银行或联盟机构提供的数据只能用于所要求的目的,除非提供数据的数据持有者明确同意将数据用于其他目的。

The data should be erased once it is no longer necessary for the purposes stated in the request, unless agreed otherwise, and the data holder should be informed thereof.
除非另有约定,一旦不再需要用于请求中所述的目的,则应删除数据,并应将此情况通知数据持有者。

This Regulation builds on the existing access regimes in the Union and the Member States and does not change the national law on public access to documents in the context of transparency obligations.
该法规建立在欧盟和成员国现有的获取制度的基础上,不会改变关于在透明度义务的背景下公众获取文件的国家法律。

Data should be erased once it is no longer needed to comply with such transparency obligations.
一旦不再需要遵守此类透明度义务,数据就应被删除。

(74)

When reusing data provided by data holders, public sector bodies, the Commission, the European Central Bank or Union bodies should respect both existing applicable Union or national law and contractual obligations to which the data holder is subject.
在重复使用数据持有者、公共部门机构、委员会、欧洲中央银行或联盟机构提供的数据时,应尊重现有适用的联盟或国家法律以及数据持有者应遵守的合同义务。

They should refrain from developing or enhancing a connected product or related service that compete with the connected product or related service of the data holder as well as from sharing the data with a third party for those purposes.
他们应避免开发或增强与数据持有者的互联产品或相关服务竞争的互联产品或相关服务,以及出于这些目的与第三方共享数据。

They should likewise provide public acknowledgement to the data holders upon their request and should be responsible for maintaining the security of the data received.
他们同样应根据数据持有者的要求向其提供公开确认,并应负责维护所收到数据的安全。

Where the disclosure of trade secrets of the data holder to public sector bodies, the Commission, the European Central Bank or Union bodies is strictly necessary to fulfil the purpose for which the data has been requested, confidentiality of such disclosure should be guaranteed prior to the disclosure of data.
如果向公共部门机构、委员会、欧洲中央银行或联盟机构披露数据持有者的商业秘密对于实现所要求的数据的目的是绝对必要的,则应在披露之前保证此类披露的机密性。数据披露。

(75)

When the safeguarding of a significant public good is at stake, such as responding to public emergencies, the public sector body, the Commission, the European Central Bank or the Union body concerned should not be expected to compensate enterprises for the data obtained.
当保护重大公共利益受到威胁时,例如应对公共紧急情况,不应期望公共部门机构、委员会、欧洲中央银行或相关联盟机构就所获得的数据向企业提供补偿。

Public emergencies are rare events and not all such emergencies require the use of data held by enterprises. At the same time, the obligation to provide data might constitute a considerable burden on microenterprises and small enterprises.
突发公共事件属于罕见事件,并非所有此类突发事件都需要使用企业掌握的数据。同时,提供数据的义务可能对微型企业和小型企业构成相当大的负担。

They should therefore be allowed to claim compensation even in the context of a public emergency response.
因此,即使是在公共紧急响应的情况下,也应该允许他们要求赔偿。

The business activities of the data holders are therefore not likely to be negatively affected as a consequence of the public sector bodies, the Commission, the European Central Bank or Union bodies having recourse to this Regulation.
因此,数据持有者的商业活动不太可能因公共部门机构、委员会、欧洲中央银行或联盟机构诉诸本法规而受到负面影响。

However, as cases of an exceptional need, other than cases of responding to public emergencies, might be more frequent, data holders should in such cases be entitled to a reasonable compensation which should not exceed the technical and organisational costs incurred in complying with the request and the reasonable margin required for making the data available to the public sector body, the Commission, the European Central Bank or the Union body.
然而,由于除了应对公共紧急情况之外的特殊需要的情况可能会更加频繁,因此在这种情况下,数据持有者应有权获得合理的补偿,该补偿不应超过为满足请求而产生的技术和组织成本以及向公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据所需的合理余量。

The compensation should not be understood as constituting payment for the data itself or as being compulsory.
补偿不应被理解为构成对数据本身的支付或被理解为强制性的。

Data holders should not be able to claim compensation where national law prevents national statistical institutes or other national authorities responsible for the production of statistics from compensating data holders for making data available.
如果国家法律禁止国家统计机构或负责统计数据制作的其他国家当局因提供数据而向数据持有者提供补偿,则数据持有者不应要求赔偿。

The public sector body, the Commission, the European Central Bank or the Union body concerned should be able to challenge the level of compensation requested by the data holder by bringing the matter to the competent authority of the Member State where the data holder is established.
公共部门机构、委员会、欧洲中央银行或相关联盟机构应能够通过将此事提交给数据持有者所在成员国的主管当局,对数据持有者要求的赔偿水平提出质疑。

(76)

A public sector body, the Commission, the European Central Bank or a Union body should be entitled to share the data it has obtained pursuant to the request with other entities or persons when this is necessary to carry out scientific research activities or analytical activities it cannot perform itself, provided that those activities are compatible with the purpose for which the data was requested.
公共部门机构、委员会、欧洲中央银行或联盟机构应有权在有必要开展其无法开展的科学研究活动或分析活动时,与其他实体或个人分享其根据请求获得的数据。自行执行,前提是这些活动符合所请求数据的目的。

It should inform the data holder of such sharing in a timely manner. Such data may also be shared under the same circumstances with the national statistical institutes and Eurostat for the development, production and dissemination of official statistics.
应及时告知数据持有者此类共享情况。在相同情况下,此类数据还可与国家统计机构和欧盟统计局共享,以开发、制作和传播官方统计数据。

Such research activities should, however, be compatible with the purpose for which the data was requested and the data holder should be informed about the further sharing of the data it has provided.
然而,此类研究活动应与请求数据的目的相一致,并且应告知数据持有者有关其所提供数据的进一步共享的信息。

Individuals conducting research or research organisations with whom those data may be shared should act either on a not-for-profit basis or in the context of a public-interest mission recognised by the State.
进行研究的个人或可能与之共享这些数据的研究组织应该在非营利的基础上或在国家认可的公共利益使命的背景下行事。

Organisations upon which commercial undertakings have a significant influence, allowing such undertakings to exercise control due to structural situations which could result in preferential access to the results of the research, should not be considered to be research organisations for the purposes of this Regulation.
就本条例而言,商业企业对其具有重大影响力的组织,由于可能导致优先获得研究结果的结构性情况而允许此类企业行使控制权,不应被视为研究组织。

(77)

In order to handle a cross-border public emergency or another exceptional need, data requests may be addressed to data holders in Member States other than that of the requesting public sector body.
为了处理跨境公共紧急情况或其他特殊需求,数据请求可能会向请求公共部门机构以外的成员国的数据持有者提出。

In such a case, the requesting public sector body should notify the competent authority of the Member State where the data holder is established in order to allow it to examine the request against the criteria established in this Regulation.
在这种情况下,提出请求的公共部门机构应通知数据持有者所在成员国的主管当局,以便其根据本条例规定的标准审查请求。

The same should apply to requests made by the Commission, the European Central Bank or a Union body.
这同样适用于委员会、欧洲中央银行或欧盟机构提出的请求。

Where personal data are requested, the public sector body should notify the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 in the Member State where the public sector body is established.
如果要求提供个人数据,公共部门机构应通知负责监督该公共部门机构所在成员国的 (EU) 2016/679 条例实施情况的监管机构。

The competent authority concerned should be entitled to advise the public sector body, the Commission, the European Central Bank or the Union body to cooperate with the public sector bodies of the Member State in which the data holder is established on the need to ensure a minimised administrative burden on the data holder.
有关主管当局应有权建议公共部门机构、委员会、欧洲中央银行或欧盟机构与数据持有者所在成员国的公共部门机构合作,以确保最大限度地减少数据损失。数据持有者的行政负担。

When the competent authority has substantiated objections as regards the compliance of the request with this Regulation, it should reject the request of the public sector body, the Commission, the European Central Bank or the Union body, which should take those objections into account before taking any further action, including resubmitting the request.
当主管当局对请求符合本条例提出异议时,应拒绝公共部门机构、委员会、欧洲中央银行或联盟机构的请求,这些机构在采取行动之前应考虑这些异议任何进一步的行动,包括重新提交请求。

(78)

The ability of customers of data processing services, including cloud and edge services, to switch from one data processing service to another while maintaining a minimum functionality of service and without downtime of services, or to use the services of several providers simultaneously without undue obstacles and data transfer costs, is a key condition for a more competitive market with lower entry barriers for new providers of data processing services, and for ensuring further resilience for the users of those services.
数据处理服务(包括云和边缘服务)的客户能够从一种数据处理服务切换到另一种数据处理服务,同时保持最低限度的服务功能且不会造成服务停机,或者在没有不当障碍的情况下同时使用多个提供商的服务,以及数据传输成本是市场竞争更加激烈、新的数据处理服务提供商进入门槛较低以及确保这些服务用户进一步适应能力的关键条件。

Customers benefiting from free-tier offerings should also benefit from the provisions for switching that are laid down in this Regulation, so that those offerings do not result in a lock-in situation for customers.
受益于免费套餐产品的客户还应受益于本法规中规定的转换条款,以便这些产品不会导致客户被锁定。

(79)

Regulation (EU) 2018/1807 of the European Parliament and of the Council (30) encourages providers of data processing services to develop and effectively implement self-regulatory codes of conduct covering best practices for, inter alia, facilitating the switching of providers of data processing services and the porting of data.
欧洲议会和理事会 (EU) 2018/1807 号法规( 30 )鼓励数据处理服务提供商制定并有效实施自律行为准则,涵盖最佳实践,尤其是促进数据提供商的转换处理服务和数据移植。

Given the limited uptake of the self-regulatory frameworks developed in response, and the general unavailability of open standards and interfaces, it is necessary to adopt a set of minimum regulatory obligations for providers of data processing services to eliminate pre-commercial, commercial, technical, contractual and organisational obstacles, which are not limited to reduced speed of data transfer at the customer’s exit, which hamper effective switching between data processing services.
鉴于相应制定的自律框架的采用有限,并且开放标准和接口普遍不可用,有必要对数据处理服务提供商采取一套最低监管义务,以消除预商业、商业、技术方面的风险。 、合同和组织障碍,这些障碍不仅限于客户出口处数据传输速度的降低,这阻碍了数据处理服务之间的有效切换。

(80)

Data processing services should cover services that allow ubiquitous and on-demand network access to a configurable, scalable and elastic shared pool of distributed computing resources.
数据处理服务应涵盖允许无处不在且按需网络访问可配置、可扩展和弹性的分布式计算资源共享池的服务。

Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, software, including software development tools, storage, applications and services.
这些计算资源包括网络、服务器或其他虚拟或物理基础设施、软件(包括软件开发工具)、存储、应用程序和服务等资源。

The capability of the customer of the data processing service to unilaterally self-provision computing capabilities, such as server time or network storage, without any human interaction by the provider of data processing services could be described as requiring minimal management effort and as entailing minimal interaction between provider and customer.
数据处理服务的客户单方面自行提供计算能力(例如服务器时间或网络存储)而无需数据处理服务提供商进行任何人工交互的能力可以被描述为需要最少的管理工作并需要最少的交互供应商和客户之间。

The term ‘ubiquitous’ is used to describe the computing capabilities provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations).
“无处不在”一词用于描述通过网络提供的计算能力,并通过促进使用异构瘦客户端或胖客户端平台(从网络浏览器到移动设备和工作站)的机制来访问。

The term ‘scalable’ refers to computing resources that are flexibly allocated by the provider of data processing services, irrespective of the geographical location of the resources, in order to handle fluctuations in demand.
术语“可扩展”是指数据处理服务提供商可以灵活地分配计算资源,而不管资源的地理位置如何,以应对需求的波动。

The term ‘elastic’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload.
术语“弹性”用于描述根据需求配置和释放的计算资源,以便根据工作负载快速增加或减少可用资源。

The term ‘shared pool’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment.
术语“共享池”用于描述那些提供给多个用户的计算资源,这些用户共享对服务的共同访问,但其中处理是针对每个用户单独执行的,尽管服务是从相同的电子设备提供的。

The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing.
术语“分布式”用于描述位于不同联网计算机或设备上并且通过消息传递在它们之间进行通信和协调的那些计算资源。

The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device.
术语“高度分布式”用于描述涉及更接近数据生成或收集位置的数据处理的数据处理服务,例如在连接的数据处理设备中。

Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset.
边缘计算是这种高度分布式数据处理的一种形式,预计将产生新的业务模型和云服务交付模型,这些模型从一开始就应该是开放和可互操作的。

(81)

The generic concept ‘data processing services’ covers a substantial number of services with a very broad range of different purposes, functionalities and technical set-ups.
“数据处理服务”这一通用概念涵盖了大量具有不同目的、功能和技术设置的服务。

As commonly understood by providers and users and in line with broadly used standards, data processing services fall into one or more of the following three data processing service delivery models, namely Infrastructure as a Service (IaaS), Platform as a service (PaaS) and Software as a Service (SaaS).
正如提供商和用户普遍理解的那样,根据广泛使用的标准,数据处理服务属于以下三种数据处理服务交付模型中的一种或多种,​​即基础设施即服务(IaaS)、平台即服务(PaaS)和软件即服务 (SaaS)。

Those service delivery models represent a specific, pre-packaged combination of ICT resources offered by a provider of data processing service.
这些服务交付模型代表了数据处理服务提供商提供的特定的、预先打包的 ICT 资源组合。

Those three fundamental data processing delivery models are further complemented by emerging variations, each comprised of a distinct combination of ICT resources, such as Storage as a Service and Database as a Service.
这三种基本的数据处理交付模型得到了新兴变体的进一步补充,每种模型都由 ICT 资源的独特组合组成,例如存储即服务和数据库即服务。

Data processing services can be categorised in a more granular way and divided into a non-exhaustive list of sets of data processing services that share the same primary objective and main functionalities as well as the same type of data processing models, that are not related to the service’s operational characteristics (same service type).
数据处理服务可以以更细粒度的方式分类,并分为一组数据处理服务的非详尽列表,这些服务共享相同的主要目标和主要功能以及相同类型的数据处理模型,但与服务的操作特征(相同服务类型)。

Services falling under the same service type may share the same data processing service model, however, two databases might appear to share the same primary objective, but after considering their data processing model, distribution model and the use cases that they are targeted at, such databases could fall into a more granular subcategory of similar services.
属于同一服务类型的服务可能共享相同的数据处理服务模型,但是,两个数据库可能看起来共享相同的主要目标,但在考虑它们的数据处理模型、分发模型以及它们所针对的用例之后,例如数据库可能属于类似服务的更细粒度的子类别。

Services of the same service type may have different and competing characteristics such as performance, security, resilience, and quality of service.
相同服务类型的服务可能具有不同且相互竞争的特征,例如性能、安全性、弹性和服务质量。

(82)

Undermining the extraction of the exportable data that belongs to the customer from the source provider of data processing services can impede the restoration of the service functionalities in the infrastructure of the destination provider of data processing services.
破坏从数据处理服务的源提供商提取属于客户的可导出数据可能会阻碍数据处理服务的目标提供商的基础设施中的服务功能的恢复。

In order to facilitate the customer’s exit strategy, avoid unnecessary and burdensome tasks and to ensure that the customer does not lose any of their data as a consequence of the switching process, the source provider of data processing services should inform the customer in advance of the scope of the data that can be exported once that customer decides to switch to a different service provided by a different provider of data processing services or to move to an on-premises ICT infrastructure.
为了便于客户制定退出策略,避免不必要和繁重的任务,并确保客户不会因切换过程而丢失任何数据,数据处理服务的源提供者应提前告知客户。一旦客户决定切换到不同数据处理服务提供商提供的不同服务或迁移到本地 ICT 基础设施,可以导出的数据范围。

The scope of exportable data should include, at a minimum, input and output data, including metadata, directly or indirectly generated, or cogenerated, by the customer’s use of the data processing service, excluding any assets or data of the provider of data processing services or a third party.
可导出数据的范围应至少包括输入和输出数据,包括客户使用数据处理服务直接或间接生成或共同生成的元数据,但不包括数据处理服务提供商的任何资产或数据或第三方。

The exportable data should exclude any assets or data of the provider of data processing services or of the third party that are protected by intellectual property rights or constituting trade secrets of that provider or of that third party, or data related to the integrity and security of the service, the export of which will expose the providers of data processing services to cybersecurity vulnerabilities.
可导出的数据应排除数据处理服务提供商或第三方受知识产权保护或构成该提供商或第三方商业秘密的任何资产或数据,或与数据处理服务的完整性和安全性相关的数据。该服务的出口将使数据处理服务提供商面临网络安全漏洞。

Those exemptions should not impede or delay the switching process.
这些豁免不应妨碍或延迟转换过程。

(83)

Digital assets refer to elements in digital form for which the customer has the right of use, including applications and metadata related to the configuration of settings, security, and access and control rights management, and other elements such as manifestations of virtualisation technologies, including virtual machines and containers.
数字资产是指客户有权使用的数字形式的元素,包括与设置配置、安全性、访问和控制权管理相关的应用程序和元数据,以及虚拟化技术的表现形式等其他元素,包括虚拟化技术的表现形式。机器和容器。

Digital assets can be transferred where the customer has the right of use independent of the contractual relationship with the data processing service it intends to switch from.
如果客户拥有独立于其打算转换的数据处理服务的合同关系的使用权,则可以转移数字资产。

Those other elements are essential for the effective use of the customer’s data and applications in the environment of the destination provider of data processing services.
这些其他元素对于在数据处理服务的目标提供商的环境中有效使用客户的数据和应用程序至关重要。

(84)

This Regulation aims to facilitate switching between data processing services, which encompasses conditions and actions that are necessary for a customer to terminate a contract for a data processing service, to conclude one or more new contracts with different providers of data processing services, to port its exportable data and digital assets, and where applicable, benefit from functional equivalence.
该法规旨在促进数据处理服务之间的转换,其中包括客户终止数据处理服务合同、与不同数据处理服务提供商签订一份或多项新合同、移植其数据处理服务所需的条件和行动。可导出的数据和数字资产,并在适用的情况下,受益于功能等效性。

(85)

Switching is a customer-driven operation consisting of several steps, including data extraction, which refers to the downloading of data from the ecosystem of the source provider of data processing services; transformation, where the data is structured in a way that does not match the schema of the target location; and the uploading of the data in a new destination location.
切换是客户驱动的操作,由多个步骤组成,包括数据提取,是指从数据处理服务源提供商的生态系统中下载数据;转换,其中数据的结构方式与目标位置的架构不匹配;以及将数据上传到新的目标位置。

In a specific situation outlined in this Regulation, unbundling of a particular service from the contract and moving it to a different provider should also be considered to be switching.
在本条例概述的特定情况下,将特定服务从合同中分拆并将其转移到不同的提供商也应被视为转换。

The switching process is sometimes managed on behalf of the customer by a third-party entity.
切换过程有时由第三方实体代表客户进行管理。

Accordingly, all rights and obligations of the customer established by this Regulation, including the obligation to cooperate in good faith, should be understood to apply to such a third-party entity in those circumstances.
因此,本法规规定的客户的所有权利和义务,包括真诚合作的义务,应理解为适用于此类情况下的此类第三方实体。

Providers of data processing services and customers have different levels of responsibilities, depending on the steps of the process referred to.
数据处理服务提供商和客户承担不同级别的责任,具体取决于所涉及流程的步骤。

For instance, the source provider of data processing services is responsible for extracting the data to a machine-readable format, but it is the customer and the destination provider of data processing services who are to upload the data to the new environment, unless a specific professional transition service has been obtained.
例如,数据处理服务的源提供商负责将数据提取为机器可读的格式,但将数据上传到新环境的是客户和数据处理服务的目标提供商,除非有特定的规定。已获得专业的过渡服务。

A customer who intends to exercise rights related to switching, which are provided for in this Regulation, should inform the source provider of data processing services of the decision to either switch to a different provider of data processing services, switch to an on-premises ICT infrastructure or to delete that customer’s assets and erase its exportable data.
打算行使本条例规定的与转换相关的权利的客户应将决定切换到其他数据处理服务提供商、切换到本地 ICT 的决定通知数据处理服务的来源提供商。基础设施或删除该客户的资产并删除其可导出数据。

(86)

Functional equivalence means re-establishing, on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after switching, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the customer under the contract.
功能对等是指在切换后,在客户可导出的数据和数字资产的基础上,在相同服务类型的新数据处理服务环境中重新建立最低水平的功能,其中目标数据处理服务提供实质上的功能。根据合同向客户提供的共享功能的相同输入,可得到可比较的结果。

Providers of data processing services can only be expected to facilitate functional equivalence for the features that both the source and destination data processing services offer independently.
数据处理服务提供商只能期望促进源数据处理服务和目标数据处理服务独立提供的功能的功能等效。

This Regulation does not constitute an obligation to facilitate functional equivalence for providers of data processing services other than those offering services of the IaaS delivery model.
本法规不构成促进除提供 IaaS 交付模型服务之外的数据处理服务提供商功能等效的义务。

(87)

Data processing services are used across sectors and vary in complexity and service type. This is an important consideration with regard to the porting process and timeframes.
数据处理服务跨部门使用,其复杂性和服务类型各不相同。这是关于移植过程和时间框架的重要考虑因素。

Nonetheless, an extension of the transitional period on the grounds of technical unfeasibility to allow the finalisation of the switching process in the given timeframe should be invoked only in duly justified cases.
尽管如此,只有在有正当理由的情况下,才应以技术不可行为由延长过渡期,以便在给定的时间内完成转换过程。

The burden of proof in that regard should fall fully on the provider of the data processing service concerned.
这方面的举证责任应完全由相关数据处理服务的提供者承担。

This is without prejudice to the exclusive right of the customer to extend the transitional period once for a period that the customer considers to be more appropriate for its own purposes.
这并不妨碍客户将过渡期延长一次其认为更适合其自身目的的专有权利。

The customer may evoke that right to an extension prior to or during the transitional period, taking into account that the contract remains applicable during the transitional period.
考虑到合同在过渡期内仍然适用,客户可以在过渡期之前或过渡期间行使延期权利。

(88)

Switching charges are charges imposed by providers of data processing services on the customers for the switching process.
转换费用是数据处理服务提供商针对转换过程向客户收取的费用。

Typically, those charges are intended to pass on costs which the source provider of data processing services may incur because of the switching process to the customer who wishes to switch.
通常,这些费用旨在将数据处理服务的源提供商因转换过程而可能产生的成本转嫁给希望转换的客户。

Common examples of switching charges are costs related to the transit of data from one provider of data processing services to another or to an on-premises ICT infrastructure (data egress charges) or the costs incurred for specific support actions during the switching process.
转换费用的常见示例包括与数据从一个数据处理服务提供商传输到另一个数据处理服务提供商或本地 ICT 基础设施(数据出口费用)相关的成本,或者在转换过程中因特定支持操作而产生的成本。

Unnecessarily high data egress charges and other unjustified charges unrelated to actual switching costs inhibit customers from switching, restrict the free flow of data, have the potential to limit competition and cause lock-in effects for the customers by reducing incentives to choose a different or additional service provider.
不必要的高额数据出口费用和其他与实际转换成本无关的不合理费用会抑制客户转换,限制数据的自由流动,有可能限制竞争,并通过减少选择不同或额外的激励来对客户造成锁定效应服务提供者。

Switching charges should therefore be abolished after three years from the date of entry into force of this Regulation. Providers of data processing services should be able to impose reduced switching charges up to that date.
因此,转换费应自本条例生效之日起三年后取消。到该日期为止,数据处理服务提供商应该能够降低转换费用。

(89)

A source provider of data processing services should be able to outsource certain tasks and compensate third-party entities in order to comply with the obligations provided for in this Regulation.
数据处理服务的来源提供者应能够外包某些任务并对第三方实体进行补偿,以遵守本条例规定的义务。

A customer should not bear the costs arising from the outsourcing of services concluded by the source provider of data processing services during the switching process and such costs should be considered to be unjustified unless they cover work undertaken by the provider of data processing services at the customer’s request for additional support in the switching process which goes beyond the switching obligations of the provider as expressly provided for in this Regulation.
客户不应承担数据处理服务来源提供商在转换过程中外包服务所产生的费用,并且此类费用应被视为不合理,除非它们涵盖了数据处理服务提供商在客户所在地承担的工作。请求在转换过程中提供超出本条例明确规定的提供商转换义务的额外支持。

Nothing in this Regulation prevents a customer from compensating third-party entities for support in the migration process or parties from agreeing on contracts for data processing services of a fixed duration, including proportionate early termination penalties to cover the early termination of such contracts, in accordance with Union or national law.
本条例中的任何内容均不阻止客户向第三方实体补偿迁移过程中的支持,也不阻止各方就固定期限的数据处理服务合同达成一致,包括按比例提前终止罚款以弥补此类合同的提前终止。符合联邦或国家法律。

In order to foster competition, the gradual withdrawal of the charges associated with switching between different providers of data processing services should specifically include data egress charges imposed by a provider of data processing services on a customer.
为了促进竞争,逐步取消与不同数据处理服务提供商之间切换相关的费用应具体包括数据处理服务提供商向客户征收的数据出口费用。

Standard service fees for the provision of the data processing services themselves are not switching charges. Those standard service fees are not subject to withdrawal and remain applicable until the contract for the provision of the relevant services ceases to apply.
提供数据处理服务本身的标准服务费不属于转换费用。这些标准服务费不得撤销,并且在提供相关服务的合同不再适用之前仍然适用。

This Regulation allows the customer to request the provision of additional services that go beyond the provider’s switching obligations under this Regulation.
本法规允许客户请求提供超出本法规规定的提供商转换义务的额外服务。

Those additional services, can be performed and charged for by the provider when they are performed at the customer’s request and the customer agrees to the price of those services in advance.
当这些附加服务根据客户的要求执行并且客户事先同意这些服务的价格时,提供商可以执行这些附加服务并收取费用。

(90)

An ambitious and innovation-inspiring regulatory approach to interoperability is needed to overcome vendor lock-in, which undermines competition and the development of new services.
需要采取雄心勃勃且激发创新的互操作性监管方法来克服供应商锁定,这种锁定会破坏竞争和新服务的开发。

Interoperability between data processing services involves multiple interfaces and layers of infrastructure and software and is rarely confined to a binary test of being achievable or not.
数据处理服务之间的互操作性涉及多个接口以及基础设施和软件层,并且很少局限于可实现或不可实现的二进制测试。

Instead, the building of such interoperability is subject to a cost-benefit analysis which is necessary to establish whether it is worthwhile to pursue reasonably predictable results.
相反,建立这种互操作性需要进行成本效益分析,以确定是否值得追求合理可预测的结果。

The ISO/IEC 19941:2017 is an important international standard constituting a reference for the achievement of the objectives of this Regulation, as it contains technical considerations clarifying the complexity of such a process.
ISO/IEC 19941:2017 是一项重要的国际标准,构成了实现本法规目标的参考,因为它包含澄清这一过程复杂性的技术考虑因素。

(91)

Where providers of data processing services are in turn customers of data processing services provided by a third-party provider, they will benefit from more effective switching themselves while simultaneously remaining bound by this Regulation’s obligations regarding their own service offerings.
如果数据处理服务提供商又是第三方提供商提供的数据处理服务的客户,他们将受益于更有效的自我转换,同时仍受本法规有关其自身服务产品的义务的约束。

(92)

Providers of data processing services should be required to offer all the assistance and support within their capacity, proportionate to their respective obligations, that is required to make the switching process to a service of a different provider of data processing services successful, effective and secure.
应要求数据处理服务提供商在其能力范围内提供与各自义务相称的所有协助和支持,以使向不同数据处理服务提供商的服务的转换过程成功、有效和安全。

This Regulation does not require providers of data processing services to develop new categories of data processing services, including within, or on the basis of, the ICT infrastructure of different providers of data processing services in order to guarantee functional equivalence in an environment other than their own systems. A source provider of data processing services does not have access to or insights into the environment of the destination provider of data processing services.
本条例不要求数据处理服务提供商开发新类别的数据处理服务,包括在不同数据处理服务提供商的 ICT 基础设施内或基于其基础设施,以保证在其以外的环境中的功能等效性。自己的系统。数据处理服务的源提供商无法访问或洞察数据处理服务的目标提供商的环境。

Functional equivalence should not be understood to oblige the source provider of data processing services to rebuild the service in question within the infrastructure of the destination provider of data processing services.
功能等同不应被理解为迫使数据处理服务的源提供商在数据处理服务的目标提供商的基础设施内重建相关服务。

Instead, the source provider of data processing services should take all reasonable measures within its power to facilitate the process of achieving functional equivalence through the provision of capabilities, adequate information, documentation, technical support and, where appropriate, the necessary tools.
相反,数据处理服务的来源提供者应在其权力范围内采取一切合理措施,通过提供能力、充分的信息、文件、技术支持以及必要的工具来促进实现功能等效的过程。

(93)

Providers of data processing services should also be required to remove existing obstacles and not impose new ones, including for customers wishing to switch to an on-premises ICT infrastructure.
还应要求数据处理服务提供商消除现有障碍,而不是施加新障碍,包括希望转向本地 ICT 基础设施的客户。

Obstacles can, inter alia, be of a pre-commercial, commercial, technical, contractual or organisational nature.
障碍尤其可以是商业前、商业、技术、合同或组织性质的。

Providers of data processing services should also be required to remove obstacles to unbundling a specific individual service from other data processing services provided under a contract and make the relevant service available for switching, in the absence of major and demonstrated technical obstacles that prevent such unbundling.
还应要求数据处理服务提供商消除将特定个人服务与合同下提供的其他数据处理服务分拆的障碍,并在不存在妨碍这种分拆的重大且已证明的技术障碍的情况下,使相关服务可供转换。

(94)

Throughout the switching process, a high level of security should be maintained.
在整个切换过程中,应保持高度的安全性。

This means that the source provider of data processing services should extend the level of security to which it committed for the service to all technical arrangements for which such provider is responsible during the switching process, such as network connections or physical devices.
这意味着数据处理服务的源提供商应将其承诺的服务安全级别扩展到该提供商在切换过程中负责的所有技术安排,例如网络连接或物理设备。

Existing rights relating to the termination of contracts, including those introduced by Regulation (EU) 2016/679 and Directive (EU) 2019/770 of the European Parliament and of the Council (31) should not be affected.
与合同终止相关的现有权利,包括欧洲议会和理事会( 31 )法规 (EU) 2016/679 和指令 (EU) 2019/770 引入的权利不应受到影响。

This Regulation should not be understood to prevent a provider of data processing services from providing to customers new and improved services, features and functionalities or from competing with other providers of data processing services on that basis.
本法规不应被理解为阻止数据处理服务提供商向客户提供新的和改进的服务、特性和功能,或阻止在此基础上与其他数据处理服务提供商竞争。

(95)

The information to be provided by providers of data processing services to the customer could support the customer’s exit strategy.
数据处理服务提供商向客户提供的信息可以支持客户的退出策略。

That information should include procedures for initiating switching from the data processing service; the machine-readable data formats to which the user’s data can be exported; the tools intended to export data, including open interfaces as well as information on compatibility with harmonised standards or common specifications based on open interoperability specifications; information on known technical restrictions and limitations that could have an impact on the switching process; and the estimated time necessary to complete the switching process.
该信息应包括启动从数据处理服务切换的程序;用户数据可以导出到的机器可读数据格式;用于导出数据的工具,包括开放接口以及基于开放互操作性规范的协调标准或通用规范的兼容性信息;有关可能影响转换过程的已知技术限制和限制的信息;以及完成切换过程所需的估计时间。

(96)

To facilitate interoperability and switching between data processing services, users and providers of data processing services should consider the use of implementation and compliance tools, in particular those published by the Commission in the form of an EU Cloud Rulebook and a Guidance on public procurement of data processing services.
为了促进数据处理服务之间的互操作性和切换,数据处理服务的用户和提供商应考虑使用实施和合规工具,特别是委员会以欧盟云规则手册和数据公共采购指南形式发布的工具加工服务。

In particular, standard contractual clauses are beneficial because they increase confidence in data processing services, create a more balanced relationship between users and providers of data processing services and improve legal certainty with regard to the conditions that apply for switching to other data processing services.
特别是,标准合同条款是有益的,因为它们增加了对数据处理服务的信心,在数据处理服务的用户和提供商之间建立了更加平衡的关系,并提高了适用于切换到其他数据处理服务的条件的法律确定性。

In that context, users and providers of data processing services should consider the use of standard contractual clauses or other self-regulatory compliance tools provided that they fully comply with this Regulation, developed by relevant bodies or expert groups established under Union law.
在这种情况下,数据处理服务的用户和提供商应考虑使用标准合同条款或其他自律合规工具,前提是它们完全遵守由根据欧盟法律设立的相关机构或专家组制定的本条例。

(97)

In order to facilitate switching between data processing services, all parties involved, including both source and destination providers of data processing services, should cooperate in good faith to make the switching process effective, enable the secure and timely transfer of necessary data in a commonly used, machine-readable format, and by means of open interfaces, while avoiding service disruptions and maintaining continuity of the service.
为了促进数据处理服务之间的切换,包括数据处理服务的源提供者和目的地提供者在内的所有相关方都应真诚合作,使切换过程有效,使必要的数据能够以常用的方式安全、及时地传输。 、机器可读的格式,并通过开放接口的方式,同时避免服务中断并保持服务的连续性。

(98)

Data processing services which concern services of which the majority of main features has been custom-built to respond to the specific demands of an individual customer or where all components have been developed for the purposes of an individual customer should be exempted from some of the obligations applicable to data processing service switching.
数据处理服务涉及的服务的大部分主要功能都是定制的,以响应个人客户的特定需求,或者所有组件都是为了个人客户的目的而开发的,应免除某些义务适用于数据处理业务切换。

This should not include services which the provider of data processing services offers at a broad commercial scale via its service catalogue.
这不应包括数据处理服务提供商通过其服务目录以广泛的商业规模提供的服务。

It is among the obligations of the provider of data processing services to duly inform prospective customers of such services, prior to the conclusion of a contract, of the obligations laid down in this Regulation that do not apply to the relevant services.
数据处理服务提供商有义务在签订合同之前向此类服务的潜在客户适当告知本条例中规定的不适用于相关服务的义务。

Nothing prevents the provider of data processing services from eventually deploying such services at scale, in which case that provider would have to comply with all obligations for switching laid down in this Regulation.
没有什么可以阻止数据处理服务提供商最终大规模部署此类服务,在这种情况下,提供商必须遵守本法规中规定的所有转换义务。

(99)

In line with the minimum requirement allowing switching between providers of data processing services, this Regulation also aims to improve interoperability for in-parallel use of multiple data processing services with complementary functionalities.
根据允许数据处理服务提供商之间切换的最低要求,该法规还旨在提高并行使用具有互补功能的多个数据处理服务的互操作性。

This relates to situations in which customers do not terminate a contract to switch to a different provider of data processing services, but where multiple services of different providers are used in parallel, in an interoperable manner, to benefit from the complementary functionalities of the different services in the set-up of the customer’s system.
这涉及这样的情况:客户不会终止合同以切换到不同的数据处理服务提供商,而是以可互操作的方式并行使用不同提供商的多项服务,以从不同服务的互补功能中受益。在客户系统的设置中。

However, it is recognised that the egress of data from one provider of data processing services to another in order to facilitate the in-parallel use of services can be an ongoing activity, in contrast with the one-off egress required as part of the switching process.
然而,人们认识到,为了促进服务的并行使用,将数据从一个数据处理服务提供商传出到另一个提供商可能是一项持续的活动,这与作为切换一部分所需的一次性传出形成鲜明对比。过程。

Providers of data processing services should therefore continue to be able to impose data egress charges, not exceeding the costs incurred, for the purposes of in-parallel use after three years from the date of entry into force of this Regulation.
因此,自本条例生效之日起三年后,数据处理服务提供商应继续能够征收数据出口费用,但不得超过为并行使用而产生的成本。

This is important, inter alia, for the successful deployment of multi-cloud strategies, which allow customers to implement future-proof ICT strategies and which decrease dependence on individual providers of data processing services.
这对于成功部署多云战略非常重要,多云战略使客户能够实施面向未来的 ICT 战略,并减少对单个数据处理服务提供商的依赖。

Facilitating a multi-cloud approach for customers of data processing services can also contribute to increasing their digital operational resilience, as recognised for financial service institutions in Regulation (EU) 2022/2554 of the European Parliament and of the Council (32).
为数据处理服务客户提供多云方法还有助于提高其数字运营弹性,正如欧洲议会和理事会第 (EU) 2022/2554 号法规 (EU) 2022/2554 中对金融服务机构所认可的那样( 32 )

(100)

Open interoperability specifications and standards developed in accordance with Annex II to Regulation (EU) No 1025/2012 of the European Parliament and of the Council (33) in the field of interoperability and portability are expected to enable a multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy.
根据欧洲议会和理事会( 33 )法规 (EU) No 1025/2012 附件 II 在互操作性和可移植性领域制定的开放式互操作性规范和标准预计将实现多供应商云环境,是欧洲数据经济开放创新的关键要求。

As the market adoption of identified standards under the cloud standardisation coordination (CSC) initiative concluded in 2016 has been limited, it is also necessary that the Commission relies on parties in the market to develop relevant open interoperability specifications to keep up with the fast pace of technological development in this industry.
由于2016年达成的云标准化协调(CSC)倡议下确定的标准的市场采用有限,委员会还需要依靠市场各方制定相关的开放互操作性规范,以跟上云标准化协调的快速发展步伐。该行业的技术发展。

Such open interoperability specifications can then be adopted by the Commission in the form of common specifications.
然后,委员会可以以通用规范的形式采用这种开放的互操作性规范。

In addition, where market-driven processes have not demonstrated a capacity to establish common specifications or standards that facilitate effective cloud interoperability at the PaaS and SaaS levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards for specific service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications.
此外,如果市场驱动的流程尚未表现出建立通用规范或标准的能力,以促进 PaaS 和 SaaS 级别的有效云互操作性,则委员会应该能够根据本法规并按照法规(欧盟) No 1025/2012,要求欧洲标准化机构为尚未存在此类标准的特定服务类型制定此类标准。除此之外,委员会还将鼓励市场各方制定相关的开放互操作性规范。

After consulting stakeholders, the Commission, by means of implementing acts, should be able to mandate the use of harmonised standards for interoperability or common specifications for specific service types through a reference in a central Union standards repository for the interoperability of data processing services.
在咨询利益相关者后,委员会应能够通过实施法案,通过参考中央联盟标准存储库中的数据处理服务互操作性,强制使用互操作性的统一标准或特定服务类型的通用规范。

Providers of data processing services should ensure compatibility with those harmonised standards and common specifications based on open interoperability specifications, which should not have an adverse impact on the security or integrity of data.
数据处理服务提供商应确保与基于开放互操作性规范的协调标准和通用规范的兼容性,这不应对数据的安全性或完整性产生不利影响。

Harmonised standards for the interoperability of data processing services and common specifications based on open interoperability specifications will be referenced only if they comply with the criteria specified in this Regulation, which have the same meaning as the requirements in Annex II to Regulation (EU) No 1025/2012 and the interoperability facets defined under the international standard ISO/IEC 19941:2017.
数据处理服务互操作性协调标准和基于开放互操作性规范的通用规范,只有符合本法规规定的标准才会被引用,其含义与(EU) No 1025法规附件二的要求相同/2012 以及国际标准 ISO/IEC 19941:2017 定义的互操作性方面。

In addition, standardisation should take into account the needs of SMEs.
此外,标准化还应考虑中小企业的需求。

(101)

Third countries may adopt laws, regulations and other legal acts that aim to directly transfer or provide governmental access to non-personal data located outside their borders, including in the Union.
第三国可能会通过旨在直接转移位于其境外(包括欧盟境内)的非个人数据或提供政府访问权限的法律、法规和其他法律行为。

Judgments of courts or tribunals or decisions of other judicial or administrative authorities, including law enforcement authorities in third countries requiring such transfer or access to non-personal data should be enforceable when based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State.
法院或法庭的判决或其他司法或行政当局(包括第三国执法当局)要求此类传输或访问非个人数据的决定,如果基于国际协议(例如司法协助条约),则应具有可执行性。提出请求的第三国与欧盟或成员国之间的武力。

In other cases, situations may arise where a request to transfer or provide access to non-personal data arising from a third country law conflicts with an obligation to protect such data under Union law or under the national law of the relevant Member State, in particular regarding the protection of fundamental rights of the individual, such as the right to security and the right to an effective remedy, or the fundamental interests of a Member State related to national security or defence, as well as the protection of commercially sensitive data, including the protection of trade secrets, and the protection of intellectual property rights, including its contractual undertakings regarding confidentiality in accordance with such law.
在其他情况下,可能会出现以下情况:第三国法律提出的转移或提供对非个人数据的访问的请求与欧盟法律或相关成员国的国家法律下保护此类数据的义务相冲突,特别是关于保护个人的基本权利,例如安全权和有效补救的权利,或与国家安全或国防相关的成员国的基本利益,以及商业敏感数据的保护,包括保护商业秘密和知识产权,包括根据该法作出的保密合同承诺。

In the absence of international agreements regulating such matters, transfer of or access to non-personal data should be allowed only if it has been verified that the third country’s legal system requires the reasons and proportionality of the decision to be set out, that the court order or the decision is specific in character, and that the reasoned objection of the addressee is subject to a review by a competent third-country court or tribunal which is empowered to take duly into account the relevant legal interests of the provider of such data.
在没有规范此类事项的国际协议的情况下,只有在已核实第三国的法律制度要求说明决定的理由和相称性、法院命令或决定具有具体性质,并且收件人的合理反对意见须接受有权适当考虑此类数据提供者的相关合法利益的第三国主管法院或法庭的审查。

Wherever possible under the terms of the data access request of the third country’s authority, the provider of data processing services should be able to inform the customer whose data are being requested before granting access to those data in order to verify the presence of a potential conflict of such access with Union or national law, such as that on the protection of commercially sensitive data, including the protection of trade secrets and intellectual property rights and the contractual undertakings regarding confidentiality.
只要有可能,根据第三国当局的数据访问请求条款,数据处理服务提供商应能够在授予数据访问权限之前通知被请求数据的客户,以验证是否存在潜在冲突此类访问符合欧盟或国家法律,例如保护商业敏感数据的法律,包括保护商业秘密和知识产权以及有关保密的合同承诺。

(102)

To foster further trust in data, it is important that safeguards to ensure control of their data by Union citizens, the public sector bodies and businesses are implemented to the extent possible.
为了进一步增强对数据的信任,重要的是尽可能实施保障措施,确保欧盟公民、公共部门机构和企业控制其数据。

In addition, Union law, values and standards regarding, inter alia, security, data protection and privacy, and consumer protection should be upheld.
此外,应维护有关安全、数据保护和隐私以及消费者保护等方面的联盟法律、价值观和标准。

In order to prevent unlawful governmental access to non-personal data by third-country authorities, providers of data processing services subject to this Regulation, such as cloud and edge services, should take all reasonable measures to prevent access to systems on which non-personal data are stored, including, where relevant, through the encryption of data, frequent submission to audits, verified adherence to relevant security reassurance certification schemes, and by the modification of corporate policies.
为了防止第三国当局非法政府访问非个人数据,受本条例约束的数据处理服务(例如云和边缘服务)的提供商应采取一切合理措施,防止访问非个人数据所在的系统。存储数据,包括在相关情况下通过数据加密、频繁提交审计、验证是否遵守相关安全保证认证计划以及修改公司政策。

(103)

Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within and among common European data spaces which are purpose or sector specific or cross-sectoral interoperable frameworks for common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives.
标准化和语义互操作性应发挥关键作用,提供技术解决方案,确保欧洲共同数据空间内部和之间的互操作性,这些数据空间是针对特定目的或部门的或跨部门的可互操作框架,用于共享或联合处理数据的共同标准和实践、新产品和服务的开发、科学研究或民间社会倡议。

This Regulation lays down certain essential requirements for interoperability.
该法规规定了互操作性的某些基本要求。

Participants in data spaces that offer data or data services to other participants, which are entities facilitating or engaging in data sharing within common European data spaces, including data holders, should comply with those requirements insofar as elements under their control are concerned.
向其他参与者提供数据或数据服务的数据空间参与者,即促进或参与欧洲共同数据空间内数据共享的实体,包括数据持有者,应在其控制的要素范围内遵守这些要求。

Compliance with those rules can be ensured by adhering to the essential requirements laid down in this Regulation, or presumed by complying with harmonised standards or common specifications via a presumption of conformity.
可以通过遵守本法规中规定的基本要求来确保遵守这些规则,或者通过推定符合性来推定遵守协调标准或通用规范。

In order to facilitate conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity of interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012, which represents the framework by default to elaborate standards that provide for such presumptions.
为了促进符合互操作性要求,有必要根据第 (EU) No 1025/2012 号法规(该法规默认代表框架)提供满足协调标准或其部分内容的互操作性解决方案的合规性推定提供此类推定的详细标准。

The Commission should assess barriers to interoperability and prioritise standardisation needs, on the basis of which it may request one or more European standardisation organisations, pursuant to Regulation (EU) No 1025/2012, to draft harmonised standards which satisfy the essential requirements laid down in this Regulation.
委员会应评估互操作性障碍并优先考虑标准化需求,在此基础上,委员会可以要求一个或多个欧洲标准化组织根据第 1025/2012 号法规 (EU) 起草协调标准,以满足第 1025/2012 号法规中规定的基本要求。本条例。

Where such requests do not result in harmonised standards or such harmonised standards are insufficient to ensure conformity with the essential requirements of this Regulation, the Commission should be able to adopt common specifications in those areas provided that in so doing it duly respects the role and functions of standardisation organisations.
如果此类请求没有产生统一标准,或者此类统一标准不足以确保符合本法规的基本要求,则委员会应能够在这些领域采用共同规范,前提是在这样做时适当尊重角色和职能的标准化组织。

Common specification should be adopted only as an exceptional fall-back solution to facilitate compliance with the essential requirements of this Regulation, or when the standardisation process is blocked, or when there are delays in the establishment of appropriate harmonised standards.
通用规范仅应作为一种特殊的后备解决方案来采用,以促进遵守本法规的基本要求,或者当标准化进程受阻时,或者当建立适当的统一标准出现延误时。

Where a delay is due to the technical complexity of the standard in question, this should be considered by the Commission before contemplating the establishment of common specifications.
如果延迟是由于相关标准的技术复杂性造成的,委员会应在考虑建立通用规范之前考虑这一点。

Common specifications should be developed in an open and inclusive manner and take into account, where relevant, the advice of the European Data Innovation Board (EDIB) established by Regulation (EU) 2022/868.
通用规范应以开放和包容的方式制定,并在相关时考虑根据法规 (EU) 2022/868 建立的欧洲数据创新委员会 (EDIB) 的建议。

Additionally, common specifications in different sectors could be adopted, in accordance with Union or national law, on the basis of specific needs of those sectors.
此外,根据欧盟或国家法律,根据这些部门的具体需求,可以采用不同部门的通用规范。

Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services.
此外,委员会应有权授权制定数据处理服务互操作性的统一标准。

(104)

To promote the interoperability of tools for the automated execution of data sharing agreements, it is necessary to lay down essential requirements for smart contracts which professionals create for others or integrate in applications that support the implementation of agreements for data sharing.
为了促进自动执行数据共享协议的工具的互操作性,有必要对专业人员为他人创建或集成到支持数据共享协议实施的应用程序中的智能合约制定基本要求。

In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity of smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012.
为了促进此类智能合约符合这些基本要求,有必要根据 (EU) No 1025/2012 法规,对符合统一标准或部分标准的智能合约进行合规推定。

The notion of ‘smart contract’ in this Regulation is technologically neutral. Smart contracts can, for example, be connected to an electronic ledger.
本条例中的“智能合约”概念在技术上是中立的。例如,智能合约可以连接到电子分类账。

The essential requirements should apply only to the vendors of smart contracts, although not where they develop smart contracts in-house exclusively for internal use.
基本要求应仅适用于智能合约供应商,但不适用于他们内部开发专门供内部使用的智能合约的情况。

The essential requirement to ensure that smart contracts can be interrupted and terminated implies mutual consent by the parties to the data sharing agreement.
确保智能合约可以中断和终止的基本要求意味着数据共享协议各方的相互同意。

The applicability of the relevant rules of civil, contractual and consumer protection law to data sharing agreements remains or should remain unaffected by the use of smart contracts for the automated execution of such agreements.
民事、合同和消费者保护法的相关规则对数据共享协议的适用性仍然或不应受到使用智能合约自动执行此类协议的影响。

(105)

To demonstrate fulfilment of the essential requirements of this Regulation, the vendor of a smart contract, or in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available in the context of this Regulation, should perform a conformity assessment and issue an EU declaration of conformity.
为了证明满足本法规的基本要求,智能合约的供应商,或者在没有智能合约的情况下,其贸易、业务或专业涉及在执行协议或部分协议的背景下为他人部署智能合约的人为了在本法规的范围内提供数据,应进行合格评定并发布欧盟合格声明。

Such a conformity assessment should be subject to the general principles set out in Regulation (EC) No 765/2008 of the European Parliament and of the Council (34) and Decision No 768/2008/EC of the European Parliament and of the Council (35).
此类合格评定应遵守欧洲议会和理事会 ( 34 ) 第 765/2008 号法规 (EC)以及欧洲议会和理事会 (34) 第 768/2008/EC 号决定( 35 ) .

(106)

Besides the obligation on professional developers of smart contracts to comply with essential requirements, it is also important to encourage those participants within data spaces that offer data or data-based services to other participants within and across common European data spaces to support interoperability of tools for data sharing including smart contracts.
除了智能合约的专业开发人员有义务遵守基本要求外,鼓励数据空间内的参与者向欧洲共同数据空间内和跨共同数据空间的其他参与者提供数据或基于数据的服务以支持工具的互操作性也很重要。数据共享,包括智能合约。

(107)

In order to ensure the application and enforcement of this Regulation, Member States should designate one or more competent authorities. If a Member State designates more than one competent authority, it should also designate from among them a data coordinator.
为了确保本法规的适用和执行,成员国应指定一个或多个主管当局。如果一个成员国指定了多个主管机构,还应从其中指定一名数据协调员。

Competent authorities should cooperate with each other.
主管部门应相互合作。

Through the exercise of their powers of investigation in accordance with applicable national procedures, competent authorities should be able to search for and obtain information, in particular in relation to the activities of entities within their competence and, including in the context of joint investigations, with due regard to the fact that oversight and enforcement measures concerning an entity under the competence of another Member State should be adopted by the competent authority of that other Member State, where relevant, in accordance with the procedures relating to cross-border cooperation.
通过根据适用的国家程序行使其调查权,主管当局应能够搜寻和获取信息,特别是有关实体在其职权范围内的活动的信息,包括在联合调查的背景下,适当考虑以下事实:针对另一成员国管辖范围内的实体的监督和执法措施应由该另一成员国的主管当局酌情根据跨境合作相关程序采取。

Competent authorities should assist each other in a timely manner, in particular when a competent authority in a Member State holds relevant information for an investigation carried out by the competent authorities in other Member States, or is able to gather such information to which the competent authorities in the Member State where the entity is established do not have access.
主管当局应及时相互协助,特别是当一个成员国的主管当局掌握其他成员国主管当局进行调查的相关信息,或能够收集主管当局提供的此类信息时该实体所在的成员国无权访问。

Competent authorities and data coordinators should be identified in a public register maintained by the Commission.
应在委员会维护的公共登记册中确定主管当局和数据协调员的身份。

The data coordinator could be an additional means for facilitating cooperation in cross-border situations, such as when a competent authority from a given Member State does not know which authority it should approach in the data coordinator’s Member State, for example where the case is related to more than one competent authority or sector.
数据协调员可以成为促进跨境情况下合作的额外手段,例如当特定成员国的主管当局不知道应与数据协调员所在成员国的哪个当局联系时,例如案件相关的情况向多个主管当局或部门。

The data coordinator should act, inter alia, as a single point of contact for all issues related to the application of this Regulation.
除其他外,数据协调员应充当与本条例适用相关的所有问题的单一联络点。

Where no data coordinator has been designated, the competent authority should assume the tasks assigned to the data coordinator under this Regulation.
未指定数据协调员的,主管机关应当承担本条例规定的数据协调员的任务。

The authorities responsible for the supervision of compliance with data protection law and competent authorities designated under Union or national law should be responsible for the application of this Regulation in their areas of competence.
负责监督数据保护法遵守情况的机构以及根据联盟或国家法律指定的主管机构应负责在其职权范围内实施本条例。

In order to avoid conflicts of interest, the competent authorities responsible for the application and enforcement of this Regulation in the area of making data available following a request on the basis of an exceptional need should not benefit from the right to submit such a request.
为了避免利益冲突,负责在根据特殊需要提出请求后提供数据方面适用和执行本条例的主管当局不应受益于提交此类请求的权利。

(108)

In order to enforce their rights under this Regulation, natural and legal persons should be entitled to seek redress for infringements of their rights under this Regulation by lodging complaints.
为了行使其在本条例下的权利,自然人和法人应有权通过提出投诉来寻求对侵犯其在本条例下的权利的补救措施。

The data coordinator should, upon request, provide all the necessary information to natural and legal persons for the lodging of their complaints with the appropriate competent authority.
数据协调员应根据要求向自然人和法人提供向适当主管当局提出投诉所需的所有信息。

Those authorities should be obliged to cooperate to ensure a complaint is appropriately handled and resolved effectively and in a timely manner.
这些当局有义务合作,确保投诉得到及时、有效的妥善处理和解决。

In order to make use of the consumer protection cooperation network mechanism and to enable representative actions, this Regulation amends the Annexes to Regulation (EU) 2017/2394 of the European Parliament and of the Council (36) and Directive (EU) 2020/1828 of the European Parliament and of the Council (37).
为了利用消费者保护合作网络机制并促进代表行动,本法规修订了欧洲议会和理事会第 (EU) 2017/2394 号法规 (EU) 2017/2394 的附件和( 36 )号指令 (EU) 2020/1828欧洲议会和理事会37

(109)

Competent authorities should ensure that infringements of the obligations laid down in this Regulation are subject to penalties.
主管当局应确保违反本条例规定的义务的行为受到处罚。

Such penalties could include financial penalties, warnings, reprimands or orders to bring business practices into compliance with the obligations imposed by this Regulation.
此类处罚可能包括经济处罚、警告、谴责或责令商业行为符合本条例规定的义务。

Penalties established by the Member States should be effective, proportionate and dissuasive, and should take into account the recommendations of the EDIB, thus contributing to achieving the greatest possible level of consistency in the establishment and application of penalties.
成员国制定的处罚措施应有效、相称和具有劝诫性,并应考虑到 EDIB 的建议,从而有助于在处罚措施的制定和实施方面实现最大程度的一致性。

Where appropriate, competent authorities should make use of interim measures to limit the effects of an alleged infringement while the investigation of that infringement is ongoing.
在适当情况下,主管当局应在对侵权行为进行调查的同时,采取临时措施限制涉嫌侵权行为的影响。

In so doing, they should take into account, inter alia the nature, gravity, scale and duration of the infringement in view of the public interest at stake, the scope and kind of activities carried out, and the economic capacity of the infringing party.
在此过程中,他们应考虑到所涉公共利益的侵权性质、严重性、规模和持续时间、所进行活动的范围和种类以及侵权方的经济能力。

They should also take into account whether the infringing party systematically or recurrently fails to comply with its obligations under this Regulation. In order to ensure that the principle of ne bis in idem is respected, and in particular to avoid that the same infringement of the obligations laid down in this Regulation is penalised more than once, a Member State that intends to exercise its competence in relation to an infringing party that is not established and has not designated a legal representative in the Union should, without undue delay, inform all data coordinators as well as the Commission.
他们还应考虑侵权方是否系统地或经常不遵守本条例规定的义务。为了确保一罪不二审原则得到尊重,特别是避免对本条例规定的义务的同一违反行为受到多次处罚,打算行使其与以下方面有关的权限的成员国未在联盟成立且未指定法定代表人的侵权方应立即通知所有数据协调员以及委员会。

(110)

The EDIB should advise and assist the Commission in coordinating national practices and policies on the topics covered by this Regulation as well as in delivering on its objectives in relation to technical standardisation to enhance interoperability.
EDIB 应建议和协助委员会协调本法规所涵盖主题的国家实践和政策,并实现其与技术标准化相关的目标,以增强互操作性。

It should also play a key role in facilitating comprehensive discussions between competent authorities concerning the application and enforcement of this Regulation.
它还应在促进主管当局之间就本条例的适用和执行进行全面讨论方面发挥关键作用。

That exchange of information is designed to increase effective access to justice as well as enforcement and judicial cooperation across the Union.
这种信息交流旨在增加有效诉诸司法的机会以及整个联盟的执法和司法合作。

Among other functions, the competent authorities should make use of the EDIB as a platform to evaluate, coordinate and adopt recommendations on the setting of penalties for infringements of this Regulation.
除其他职能外,主管当局应利用 EDIB 作为平台来评估、协调和采纳关于制定违反本条例的处罚措施的建议。

It should allow for competent authorities, with the assistance of the Commission, to coordinate the optimal approach to determining and imposing such penalties.
它应允许主管当局在委员会的协助下协调确定和实施此类处罚的最佳方法。

That approach prevents fragmentation while allowing for Member State’s flexibility and should lead to effective recommendations that support the consistent application of this Regulation.
这种方法可以防止碎片化,同时允许成员国保持灵活性,并应产生有效的建议,支持本条例的一致应用。

The EDIB should also have an advisory role in the standardisation processes and the adoption of common specifications by means of implementing acts, in the adoption of delegated acts to establish a monitoring mechanism for switching charges, imposed by providers of data processing services and to further specify the essential requirements for the interoperability of data, of data sharing mechanisms and services, as well as of the common European data spaces.
EDIB 还应在标准化过程中发挥咨询作用,并通过实施法案的方式采用通用规范,通过授权法案建立数据处理服务提供商征收的转换费用监测机制,并进一步规定数据互操作性、数据共享机制和服务以及欧洲共同数据空间的基本要求。

It should also advise and assist the Commission in the adoption of the guidelines laying down interoperability specifications for the functioning of the common European data spaces.
它还应建议和协助委员会通过指导方针,为欧洲共同数据空间的运作制定互操作性规范。

(111)

In order to help enterprises to draft and negotiate contracts, the Commission should develop and recommend non-binding model contractual terms for business-to-business data sharing contracts, where necessary taking into account the conditions in specific sectors and the existing practices with voluntary data sharing mechanisms. Those model contractual terms should be primarily a practical tool to help in particular SMEs to conclude a contract.
为了帮助企业起草和谈判合同,委员会应制定和推荐企业对企业数据共享合同的非约束性示范合同条款,必要时考虑特定行业的条件和自愿数据的现有做法共享机制。这些示范合同条款主要应该是帮助特定中小企业签订合同的实用工具。

When used widely and integrally, those model contractual terms should also have the beneficial effect of influencing the design of contracts regarding access to and the use of data and therefore lead more broadly towards fairer contractual relations when accessing and sharing data.
当广泛和完整地使用时,这些示范合同条款还应具有影响有关数据访问和使用的合同设计的有益效果,从而在访问和共享数据时更广泛地导致更公平的合同关系。

(112)

In order to eliminate the risk that holders of data in databases obtained or generated by means of physical components, such as sensors, of a connected product and a related service or other machine-generated data, claim the sui generis right under Article 7 of Directive 96/9/EC, and in so doing hinder, in particular, the effective exercise of the right of users to access and use data and the right to share data with third parties under this Regulation, it should be clarified that the sui generis right does not apply to such databases. That does not affect the possible application of the sui generis right under Article 7 of Directive 96/9/EC to databases containing data falling outside the scope of this Regulation, provided that the requirements for protection pursuant to paragraph 1 of that Article are fulfilled.
为了消除数据库中的数据持有者通过连接产品和相关服务的物理组件(例如传感器)或其他机器生成的数据获取或生成的风险,根据指令第 7 条主张特殊权利96/9/EC,并且这样做特别阻碍了用户根据本条例有效行使访问和使用数据的权利以及与第三方共享数据的权利,应该澄清的是,特殊权利不适用于此类数据库。这并不影响 96/9/EC 指令第 7 条规定的特殊权利可能适用于包含本法规范围之外的数据的数据库,前提是满足该条第 1 款规定的保护要求。

(113)

In order to take account of technical aspects of data processing services, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of supplementing this Regulation in order to establish a monitoring mechanism on switching charges imposed by providers of data processing services on the market, and to further specify the essential requirements in respect of interoperability for participants in data spaces that offer data or data services to other participants.
为了考虑到数据处理服务的技术问题,应将根据 TFEU 第 290 条采取行动的权力授予委员会,以补充本条例,以便建立对数据处理服务提供商征收的转换费用的监督机制。市场上的数据处理服务,并进一步明确向其他参与者提供数据或数据服务的数据空间参与者的互操作性的基本要求。

It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (38).
特别重要的是,委员会在其准备工作期间开展适当的磋商,包括专家级磋商,并且这些磋商应根据 2016 年 4 月 13 日关于更好立法的机构间协议中规定的原则进行38

In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
特别是,为了确保平等参与授权法案的制定,欧洲议会和理事会与成员国专家同时收到所有文件,并且其专家可以系统地参加负责制定授权法案的委员会专家组会议。授权行为。

(114)

In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission in respect of the adoption of common specifications to ensure the interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces, common specifications on the interoperability of data processing services, and common specifications on the interoperability of smart contracts.
为了确保实施本条例的条件统一,应授予委员会采用共同规范的实施权,以确保数据、数据共享机制和服务以及共同欧洲数据的互操作性空间、数据处理服务互操作性通用规范以及智能合约互操作性通用规范。

Implementing powers should also be conferred on the Commission for the purpose of publishing the references of harmonised standards and common specifications for the interoperability of data processing services in a central Union standards repository for the interoperability of data processing services.
还应授予委员会执行权,以便在数据处理服务互操作性的中央联盟标准存储库中发布数据处理服务互操作性的统一标准和通用规范的参考。

Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (39).
这些权力应根据欧洲议会和理事会( 39 )的 (EU) No 182/2011 条例行使。

(115)

This Regulation should be without prejudice to rules addressing needs specific to individual sectors or areas of public interest. Such rules may include additional requirements on the technical aspects of data access, such as interfaces for data access, or how data access could be provided, for example directly from the product or via data intermediation services.
本条例不应损害满足个别部门或公共利益领域特定需求的规则。此类规则可能包括对数据访问技术方面的附加要求,例如数据访问接口,或如何提供数据访问,例如直接从产品或通过数据中介服务提供数据访问。

Such rules may also include limits on the rights of data holders to access or use user data, or other aspects beyond data access and use, such as governance aspects or security requirements, including cybersecurity requirements.
此类规则还可能包括对数据持有者访问或使用用户数据的权利的限制,或数据访问和使用之外的其他方面,例如治理方面或安全要求,包括网络安全要求。

This Regulation should also be without prejudice to more specific rules in the context of the development of common European data spaces or, subject to the exceptions provided for in this Regulation, to Union and national law providing for access to and authorising the use of data for scientific research purposes.
本条例还应不妨碍欧洲共同数据空间开发中更具体的规则,或者在本条例规定的例外情况下,不损害规定访问和授权使用数据的欧盟和国家法律。科学研究目的。

(116)

This Regulation should not affect the application of the rules of competition, in particular Articles 101 and 102 TFEU. The measures provided for in this Regulation should not be used to restrict competition in a manner contrary to the TFEU.
本条例不应影响竞争规则的适用,特别是 TFEU 第 101 条和 102 条。本条例规定的措施不得用于以违反 TFEU 的方式限制竞争。

(117)

In order to allow actors within the scope of this Regulation to adapt to the new rules provided for herein, and to make the necessary technical arrangements, those rules should apply from 12 September 2025.
为了使本条例范围内的行为者适应本条例规定的新规则,并做出必要的技术安排,这些规则应自2025年9月12日起适用。

(118)

The European Data Protection Supervisor and the European Data Protection Board were consulted in accordance with Article 42(1) and (2) of Regulation (EU) 2018/1725 and delivered their opinion on 4 May 2022.
根据法规(EU) 2018/1725第42(1)和(2)条,咨询了欧洲数据保护监管机构和欧洲数据保护委员会,并于2022年5月4日发表了意见。

(119)

Since the objectives of this Regulation, namely ensuring fairness in the allocation of value from data among actors in the data economy and fostering fair access to and use of data in order to contribute to establishing a genuine internal market for data, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale or effects of the action and cross-border use of data, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union.
由于本条例的目标,即确保数据经济参与者之间数据价值分配的公平性,以及促进数据的公平获取和使用,以促进建立真正的数据内部市场,无法通过以下方式充分实现:成员国,但由于行动的规模或影响以及数据的跨境使用,可以在联盟层面更好地实现,联盟可以根据第 1 条规定的辅助原则采取措施欧洲联盟条约第 5 条。

In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives,
根据该条规定的比例原则,本条例不超出实现这些目标所必需的范围,

HAVE ADOPTED THIS REGULATION:
已通过本规定:

CHAPTER I 第一章

GENERAL PROVISIONS 一般规定

Article 1 第1条

Subject matter and scope 主题和范围

1.   This Regulation lays down harmonised rules, inter alia, on:
1. 本条例特别规定了以下方面的统一规则:

(a) (A)

the making available of product data and related service data to the user of the connected product or related service;
向连接产品或相关服务的用户提供产品数据和相关服务数据;

(b) (二)

the making available of data by data holders to data recipients;
数据持有者向数据接收者提供数据;

(c) (C)

the making available of data by data holders to public sector bodies, the Commission, the European Central Bank and Union bodies, where there is an exceptional need for those data for the performance of a specific task carried out in the public interest;
数据持有者向公共部门机构、委员会、欧洲中央银行和联盟机构提供数据,如果特别需要这些数据来执行为公共利益而执行的特定任务;

(d) (四)

facilitating switching between data processing services;
促进数据处理服务之间的切换;

(e) (五)

introducing safeguards against unlawful third-party access to non-personal data; and
引入保护措施,防止第三方非法访问非个人数据;和

(f) (F)

the development of interoperability standards for data to be accessed, transferred and used.
制定数据访问、传输和使用的互操作性标准。

2.   This Regulation covers personal and non-personal data, including the following types of data, in the following contexts:
2. 本条例涵盖以下情况下的个人和非个人数据,包括以下类型的数据:

(a) (A)

Chapter II applies to data, with the exception of content, concerning the performance, use and environment of connected products and related services;
第二章适用于有关互联产品和相关服务的性能、使用和环境的数据(内容除外);

(b) (二)

Chapter III applies to any private sector data that is subject to statutory data sharing obligations;
第三章适用于任何受法定数据共享义务约束的私营部门数据;

(c) (C)

Chapter IV applies to any private sector data accessed and used on the basis of contract between enterprises;
第四章适用于根据企业间合同访问和使用的任何私营部门数据;

(d) (四)

Chapter V applies to any private sector data with a focus on non-personal data;
第五章适用于任何私营部门数据,重点关注非个人数据;

(e) (五)

Chapter VI applies to any data and services processed by providers of data processing services;
第六章适用于数据处理服务提供商处理的任何数据和服务;

(f) (F)

Chapter VII applies to any non-personal data held in the Union by providers of data processing services.
第七章适用于数据处理服务提供商在联盟中持有的任何非个人数据。

3.   This Regulation applies to:
三、本规定适用于:

(a) (A)

manufacturers of connected products placed on the market in the Union and providers of related services, irrespective of the place of establishment of those manufacturers and providers;
在欧盟市场上投放的互联产品的制造商以及相关服务的提供商,无论这些制造商和提供商的成立地点在哪里;

(b) (二)

users in the Union of connected products or related services as referred to in point (a);
(a) 点中提到的互联产品或相关服务联盟中的用户;

(c) (C)

data holders, irrespective of their place of establishment, that make data available to data recipients in the Union;
向欧盟数据接收者提供数据的数据持有者,无论其设立地点为何;

(d) (四)

data recipients in the Union to whom data are made available;
欧盟内可获取数据的数据接收者;

(e) (五)

public sector bodies, the Commission, the European Central Bank and Union bodies that request data holders to make data available where there is an exceptional need for those data for the performance of a specific task carried out in the public interest and to the data holders that provide those data in response to such request;
公共部门机构、委员会、欧洲中央银行和联盟机构,要求数据持有者在出于公共利益执行特定任务而特别需要这些数据的情况下向数据持有者提供数据根据此类请求提供这些数据;

(f) (F)

providers of data processing services, irrespective of their place of establishment, providing such services to customers in the Union;
向欧盟客户提供此类服务的数据处理服务提供商,无论其设立地点为何;

(g) (G)

participants in data spaces and vendors of applications using smart contracts and persons whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement.
数据空间的参与者和使用智能合约的应用程序供应商以及其贸易、业务或专业涉及在执行协议的背景下为他人部署智能合约的人员。

4.   Where this Regulation refers to connected products or related services, such references are also understood to include virtual assistants insofar as they interact with a connected product or related service.
4. 当本法规提及互联产品或相关服务时,此类提及也被理解为包括与互联产品或相关服务交互的虚拟助手。

5.
   This Regulation is without prejudice to Union and national law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment, which shall apply to personal data processed in connection with the rights and obligations laid down herein, in particular Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive 2002/58/EC, including the powers and competences of supervisory authorities and the rights of data subjects.
本条例不损害关于保护个人数据、通信隐私和保密性以及终端设备完整性的欧盟和国家法律,这些法律应适用于与本条例规定的权利和义务相关的个人数据处理,特别是条例( EU) 2016/679 和 (EU) 2018/1725 以及指令 2002/58/EC,包括监管机构的权力和权限以及数据主体的权利。

Insofar as users are data subjects, the rights laid down in Chapter II of this Regulation shall complement the rights of access by data subjects and rights to data portability under Articles 15 and 20 of Regulation (EU) 2016/679.
只要用户是数据主体,本法规第二章规定的权利应补充法规 (EU) 2016/679 第 15 条和第 20 条规定的数据主体访问权和数据可移植性权利。

In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy, or national legislation adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail.
如果本条例与关于保护个人数据或隐私的欧盟法律或根据该欧盟法律通过的国家立法发生冲突,则以有关保护个人数据或隐私的相关联盟或国家法律为准。

6.   This Regulation does not apply to or pre-empt voluntary arrangements for the exchange of data between private and public entities, in particular voluntary arrangements for data sharing.
6. 本条例不适用于或优先于私人和公共实体之间数据交换的自愿安排,特别是数据共享的自愿安排。

This Regulation does not affect Union or national legal acts providing for the sharing of, access to and the use of data for the purpose of the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties, or for customs and taxation purposes, in particular Regulations (EU) 2021/784, (EU) 2022/2065 and (EU) 2023/1543 and Directive (EU) 2023/1544, or international cooperation in that area.
本条例不影响为预防、调查、侦查或起诉刑事犯罪或执行刑事处罚或海关和司法目的而规定共享、访问和使用数据的联盟或国家法律行为。税收目的,特别是法规 (EU) 2021/784、(EU) 2022/2065 和 (EU) 2023/1543 以及指令 (EU) 2023/1544,或该领域的国际合作。

This Regulation does not apply to the collection or sharing of, access to or the use of data under Regulation (EU) 2015/847 and Directive (EU) 2015/849.
本法规不适用于法规 (EU) 2015/847 和指令 (EU) 2015/849 规定的数据收集或共享、访问或使用。

This Regulation does not apply to areas that fall outside the scope of Union law and in any event does not affect the competences of the Member States concerning public security, defence or national security, regardless of the type of entity entrusted by the Member States to carry out tasks in relation to those competences, or their power to safeguard other essential State functions, including ensuring the territorial integrity of the State and the maintenance of law and order.
本条例不适用于欧盟法律范围之外的领域,并且在任何情况下都不影响成员国在公共安全、国防或国家安全方面的权限,无论成员国委托的实体类型如何执行与这些权限或权力有关的任务,以维护其他基本国家职能,包括确保国家领土完整以及维护法律和秩序。

This Regulation does not affect the competences of the Member States concerning customs and tax administration or the health and safety of citizens.
本条例不影响成员国在海关和税务管理或公民健康和安全方面的权限。

7.   This Regulation complements the self-regulatory approach of Regulation (EU) 2018/1807 by adding generally applicable obligations on cloud switching.
7. 本法规通过添加普遍适用的云切换义务,补充了法规 (EU) 2018/1807 的自我监管方法。

8.   This Regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, in particular Directives 2001/29/EC, 2004/48/EC and (EU) 2019/790.
8. 本法规不妨碍规定保护知识产权的欧盟和国家法律行为,特别是指令 2001/29/EC、2004/48/EC 和 (EU) 2019/790。

9.
   This Regulation complements and is without prejudice to Union law which aims to promote the interests of consumers and ensure a high level of consumer protection, and to protect their health, safety and economic interests, in particular Directives 93/13/EEC, 2005/29/EC and 2011/83/EU.
该法规补充且不损害欧盟法律,旨在促进消费者利益并确保高水平的消费者保护,并保护他们的健康、安全和经济利益,特别是指令 93/13/EEC, 2005/29 /EC 和 2011/83/EU。

10.   This Regulation does not preclude the conclusion of voluntary lawful data sharing contracts, including contracts concluded on a reciprocal basis, which comply with the requirements laid down in this Regulation.
10. 本条例不排除自愿合法数据共享合同的签订,包括在互惠基础上签订的符合本条例规定要求的合同。

Article 2 第二条

Definitions 定义

For the purposes of this Regulation, the following definitions apply:
就本条例而言,适用以下定义:

(1)

‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording;
“数据”是指行为、事实或信息的任何数字表示以及此类行为、事实或信息的任何汇编,包括声音、视频或视听记录的形式;

(2)

‘metadata’ means a structured description of the contents or the use of data facilitating the discovery or use of that data;
“元数据”是指对数据内容或数据使用的结构化描述,有助于发现或使用该数据;

(3)

‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;
“个人数据”是指 (EU) 2016/679 法规第 4 条第 (1) 点定义的个人数据;

(4)

‘non-personal data’ means data other than personal data;
“非个人数据”是指个人数据以外的数据;

(5)

‘connected product’ means an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user;
“连接产品”是指获取、生成或收集有关其使用或环境的数据的物品,并且能够通过电子通信服务、物理连接或设备上访问来传达产品数据,其主要功能不是存储、代表用户以外的任何一方处理或传输数据;

(6)

‘related service’ means a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product;
“相关服务”是指除电子通信服务之外的数字服务,包括软件,在购买、出租或租赁时与产品连接,如果缺少该服务,连接的产品将无法执行某项操作或更多功能,或者随后由制造商或第三方连接到产品以添加、更新或调整所连接产品的功能;

(7)

‘processing’ means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or other means of making them available, alignment or combination, restriction, erasure or destruction;
“处理”是指对数据或数据集执行的任何操作或一组操作,无论是否通过自动化方式,例如收集、记录、组织、结构化、存储、改编或更改、检索、咨询、使用、通过传输、传播或其他可用方式进行披露、调整或组合、限制、删除或销毁;

(8)

‘data processing service’ means a digital service that is provided to a customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction;
“数据处理服务”是指向客户提供的数字服务,使客户能够通过无处不在的按需网络访问可配置、可扩展和弹性的计算资源共享池,这些计算资源具有集中式、分布式或高度分布式的性质,可以快速访问。以最少的管理工作或服务提供商交互来配置和发布;

(9)

‘same service type’ means a set of data processing services that share the same primary objective, data processing service model and main functionalities;
“相同服务类型”是指具有相同主要目标、数据处理服务模型和主要功能的一组数据处理服务;

(10)

‘data intermediation service’ means data intermediation service as defined in Article 2, point (11), of Regulation (EU) 2022/868;
“数据中介服务”是指 (EU) 2022/868 法规第 2 条第 (11) 点定义的数据中介服务;

(11)

‘data subject’ means data subject as referred to in Article 4, point (1), of Regulation (EU) 2016/679;
“数据主体”是指 (EU) 2016/679 法规第 4 条第 (1) 点中提到的数据主体;

(12)

‘user’ means a natural or legal person that owns a connected product or to whom temporary rights to use that connected product have been contractually transferred, or that receives related services;
“用户”是指拥有关联产品或已通过合同转让临时使用该关联产品的权利或接受相关服务的自然人或法人;

(13)

‘data holder’ means a natural or legal person that has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation adopted in accordance with Union law, to use and make available data, including, where contractually agreed, product data or related service data which it has retrieved or generated during the provision of a related service;
“数据持有者”是指根据本条例、适用的联盟法律或根据联盟法律通过的国家立法,有权利或义务使用和提供数据的自然人或法人,包括合同约定的产品数据在提供相关服务过程中检索或生成的数据或相关服务数据;

(14)

‘data recipient’ means a natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under Union law or national legislation adopted in accordance with Union law;
“数据接收者”是指出于与该人的贸易、业务、工艺或专业相关的目的行事的自然人或法人,数据持有者向其提供数据的互联产品或相关服务的用户除外,包括根据用户向数据持有者提出请求或根据欧盟法律或根据欧盟法律通过的国家立法规定的法律义务的第三方;

(15)

‘product data’ means data generated by the use of a connected product that the manufacturer designed to be retrievable, via an electronic communications service, physical connection or on-device access, by a user, data holder or a third party, including, where relevant, the manufacturer;
“产品数据”是指通过使用制造商设计的可由用户、数据持有者或第三方通过电子通信服务、物理连接或设备上访问来检索的联网产品而生成的数据,包括在以下情况下:相关的制造商;

(16)

‘related service data’ means data representing the digitisation of user actions or of events related to the connected product, recorded intentionally by the user or generated as a by-product of the user’s action during the provision of a related service by the provider;
“相关服务数据”是指代表用户操作或与连接产品相关的事件的数字化的数据,由用户有意记录或在提供商提供相关服务期间作为用户操作的副产品生成;

(17)

‘readily available data’ means product data and related service data that a data holder lawfully obtains or can lawfully obtain from the connected product or related service, without disproportionate effort going beyond a simple operation;
“随时可用的数据”是指数据持有者合法获取或可以从连接的产品或相关服务中合法获取的产品数据和相关服务数据,无需付出超出简单操作的过度努力;

(18)

‘trade secret’ means trade secret as defined in Article 2, point (1), of Directive (EU) 2016/943;
“商业秘密”是指 (EU) 2016/943 指令第 2 条第 (1) 点定义的商业秘密;

(19)

‘trade secret holder’ means a trade secret holder as defined in Article 2, point (2), of Directive (EU) 2016/943;
“商业秘密持有人”是指 (EU) 2016/943 指令第 2 条第 (2) 点定义的商业秘密持有人;

(20)

‘profiling’ means profiling as defined in Article 4, point (4), of Regulation (EU) 2016/679;
“分析”是指 (EU) 2016/679 法规第 4 条第 (4) 点所定义的分析;

(21)

‘making available on the market’ means any supply of a connected product for distribution, consumption or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;
“在市场上提供”是指在商业活动过程中为在联盟市场上分销、消费或使用而提供的任何关联产品,无论是有偿还是免费;

(22)

‘placing on the market’ means the first making available of a connected product on the Union market;
“投放市场”是指互联产品首次在联盟市场上上市;

(23)

‘consumer’ means any natural person who is acting for purposes which are outside that person’s trade, business, craft or profession;
“消费者”是指出于其贸易、业务、工艺或专业之外的目的行事的任何自然人;

(24)

‘enterprise’ means a natural or legal person that, in relation to contracts and practices covered by this Regulation, is acting for purposes which are related to that person’s trade, business, craft or profession;
“企业”是指自然人或法人,就本条例涵盖的合同和做法而言,其行为目的与其贸易、业务、工艺或专业有关;

(25)

‘small enterprise’ means a small enterprise as defined in Article 2(2) of the Annex to Recommendation 2003/361/EC;
“小型企业”是指第 2003/361/EC 建议书附件第 2(2) 条中定义的小型企业;

(26)

‘microenterprise’ means a microenterprise as defined in Article 2(3) of the Annex to Recommendation 2003/361/EC;
“微型企业”是指第 2003/361/EC 建议书附件第 2(3) 条定义的微型企业;

(27)

‘Union bodies’ means the Union bodies, offices and agencies set up by or pursuant to acts adopted on the basis of the Treaty on European Union, the TFEU or the Treaty establishing the European Atomic Energy Community;
“联盟机构”是指根据《欧洲联盟条约》、TFEU 或建立欧洲原子能共同体条约通过的法案设立的联盟机构、办事处和机构;

(28)

‘public sector body’ means national, regional or local authorities of the Member States and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies;
“公共部门机构”是指成员国的国家、地区或地方当局以及受成员国公法管辖的机构,或由一个或多个此类当局或一个或多个此类机构组成的协会;

(29)

‘public emergency’ means an exceptional situation, limited in time, such as a public health emergency, an emergency resulting from natural disasters, a human-induced major disaster, including a major cybersecurity incident, negatively affecting the population of the Union or the whole or part of a Member State, with a risk of serious and lasting repercussions for living conditions or economic stability, financial stability, or the substantial and immediate degradation of economic assets in the Union or the relevant Member State and which is determined or officially declared in accordance with the relevant procedures under Union or national law;
“公共紧急情况”是指有时间限制的特殊情况,例如突发公共卫生事件、自然灾害引起的紧急情况、人为造成的重大灾难,包括重大网络安全事件,对欧盟或整个国家的人口产生负面影响或成员国的一部分,对欧盟或相关成员国的生活条件或经济稳定、金融稳定造成严重和持久的影响,或经济资产立即大幅退化的风险,并在根据联盟或国家法律的相关程序;

(30)

‘customer’ means a natural or legal person that has entered into a contractual relationship with a provider of data processing services with the objective of using one or more data processing services;
“客户”是指为了使用一项或多项数据处理服务而与数据处理服务提供商建立合同关系的自然人或法人;

(31)

‘virtual assistants’ means software that can process demands, tasks or questions including those based on audio, written input, gestures or motions, and that, based on those demands, tasks or questions, provides access to other services or controls the functions of connected products;
“虚拟助手”是指可以处理需求、任务或问题的软件,包括基于音频、书面输入、手势或动作的需求、任务或问题,并且根据这些需求、任务或问题,提供对其他服务的访问或控制所连接的功能产品;

(32)

‘digital assets’ means elements in digital form, including applications, for which the customer has the right of use, independently from the contractual relationship with the data processing service it intends to switch from;
“数字资产”是指数字形式的元素,包括客户有权使用的应用程序,独立于与其打算转换的数据处理服务的合同关系;

(33)

‘on-premises ICT infrastructure’ means ICT infrastructure and computing resources owned, rented or leased by the customer, located in the data centre of the customer itself and operated by the customer or by a third-party;
“本地ICT基础设施”是指客户拥有、租用或租赁、位于客户自身数据中心并由客户或第三方运营的ICT基础设施和计算资源;

(34)

‘switching’ means the process involving a source provider of data processing services, a customer of a data processing service and, where relevant, a destination provider of data processing services, whereby the customer of a data processing service changes from using one data processing service to using another data processing service of the same service type, or other service, offered by a different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data;
“转换”是指涉及数据处理服务的源提供商、数据处理服务的客户以及相关的数据处理服务的目标提供商的过程,由此数据处理服务的客户不再使用一种数据处理服务使用相同服务类型的另一数据处理服务,或由不同数据处理服务提供商提供的其他服务,或本地 ICT 基础设施,包括通过提取、转换和上传数据;

(35)

‘data egress charges’ means data transfer fees charged to customers for extracting their data through the network from the ICT infrastructure of a provider of data processing services to the system of a different provider or to on-premises ICT infrastructure;
“数据出口费用”是指客户通过网络从数据处理服务提供商的 ICT 基础设施提取数据到其他提供商的系统或本地 ICT 基础设施时收取的数据传输费;

(36)

‘switching charges’ means charges, other than standard service fees or early termination penalties, imposed by a provider of data processing services on a customer for the actions mandated by this Regulation for switching to the system of a different provider or to on-premises ICT infrastructure, including data egress charges;
“转换费用”是指除标准服务费或提前终止罚款之外,数据处理服务提供商针对本条例规定的转换到其他提供商的系统或本地 ICT 的行为向客户收取的费用基础设施,包括数据出口费用;

(37)

‘functional equivalence’ means re-establishing on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after the switching process, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the customer under the contract;
“功能对等”是指在客户可导出数据和数字资产的基础上,在切换过程后在相同服务类型的新数据处理服务环境中重新建立最低功能水平,其中目的地数据处理服务根据合同下向客户提供的共享功能的相同输入,提供实质上可比的结果;

(38)

‘exportable data’, for the purpose of Articles 23 to 31 and Article 35, means the input and output data, including metadata, directly or indirectly generated, or cogenerated, by the customer’s use of the data processing service, excluding any assets or data protected by intellectual property rights, or constituting a trade secret, of providers of data processing services or third parties;
就第 23 条至第 31 条和第 35 条而言,“可导出数据”是指客户使用数据处理服务直接或间接生成或共同生成的输入和输出数据,包括元数据,不包括任何资产或数据受数据处理服务提供商或第三方的知识产权保护或构成商业秘密;

(39)

‘smart contract’ means a computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering;
“智能合约”是指用于自动执行协议或其一部分的计算机程序,使用一系列电子数据记录并确保其完整性和时间顺序的准确性;

(40)

‘interoperability’ means the ability of two or more data spaces or communication networks, systems, connected products, applications, data processing services or components to exchange and use data in order to perform their functions;
“互操作性”是指两个或多个数据空间或通信网络、系统、连接产品、应用程序、数据处理服务或组件交换和使用数据以执行其功能的能力;

(41)

open interoperability specification’ means a technical specification in the field of information and communication technologies which is performance oriented towards achieving interoperability between data processing services;
开放互操作性规范是指信息和通信技术领域中以实现数据处理服务之间的互操作性为目的的技术规范;

(42)

‘common specifications’ means a document, other than a standard, containing technical solutions providing a means to comply with certain requirements and obligations established under this Regulation;
“通用规范”是指标准以外的文件,其中包含提供遵守本法规规定的某些要求和义务的方法的技术解决方案;

(43)

‘harmonised standard’ means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012.
“协调标准”是指 (EU) 第 1025/2012 号法规第 2 条第 (1)(c) 点定义的协调标准。

CHAPTER II 第二章

BUSINESS TO CONSUMER AND BUSINESS TO BUSINESS DATA SHARING
企业对消费者和企业对企业数据共享

Article 3 第三条

Obligation to make product data and related service data accessible to the user
使用户可以访问产品数据和相关服务数据的义务

1.
   Connected products shall be designed and manufactured, and related services shall be designed and provided, in such a manner that product data and related service data, including the relevant metadata necessary to interpret and use those data, are, by default, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format, and, where relevant and technically feasible, directly accessible to the user.
互联产品的设计和制造以及相关服务的设计和提供应确保产品数据和相关服务数据(包括解释和使用这些数据所需的相关元数据)在默认情况下能够轻松、安全、免费,以全面的、结构化的、常用的和机器可读的格式,并且在相关和技术上可行的情况下,可以直接供用户访问。

2.   Before concluding a contract for the purchase, rent or lease of a connected product, the seller, rentor or lessor, which may be the manufacturer, shall provide at least the following information to the user, in a clear and comprehensible manner:
2. 在签订关联产品的购买、租赁或租赁合同之前,卖方、承租人或出租人(可能是制造商)应至少以清晰易懂的方式向用户提供以下信息:

(a) (A)

the type, format and estimated volume of product data which the connected product is capable of generating;
连接产品能够生成的产品数据的类型、格式和预计数量;

(b) (二)

whether the connected product is capable of generating data continuously and in real-time;
连接的产品是否能够连续、实时地生成数据;

(c) (C)

whether the connected product is capable of storing data on-device or on a remote server, including, where applicable, the intended duration of retention;
连接的产品是否能够在设备上或远程服务器上存储数据,包括(如果适用)预期的保留期限;

(d) (四)

how the user may access, retrieve or, where relevant, erase the data, including the technical means to do so, as well as their terms of use and quality of service.
用户如何访问、检索或在相关情况下删除数据,包括这样做的技术手段,以及其使用条款和服务质量。

3.   Before concluding a contract for the provision of a related service, the provider of such related service shall provide at least the following information to the user, in a clear and comprehensible manner:
3、在签订相关服务提供合同之前,相关服务提供者应当至少向用户提供清晰、易懂的以下信息:

(a) (A)

the nature, estimated volume and collection frequency of product data that the prospective data holder is expected to obtain and, where relevant, the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention;
预期数据持有者预期获得的产品数据的性质、估计数量和收集频率,以及相关的用户访问或检索此类数据的安排,包括预期数据持有者的数据存储安排和保留期限;

(b) (二)

the nature and estimated volume of related service data to be generated, as well as the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention;
将生成的相关服务数据的性质和预计数量,以及用户访问或检索此类数据的安排,包括潜在数据持有者的数据存储安排和保留期限;

(c) (C)

whether the prospective data holder expects to use readily available data itself and the purposes for which those data are to be used, and whether it intends to allow one or more third parties to use the data for purposes agreed upon with the user;
潜在数据持有者是否期望使用现成的数据本身以及这些数据的使用目的,以及是否打算允许一个或多个第三方将数据用于与用户商定的目的;

(d) (四)

the identity of the prospective data holder, such as its trading name and the geographical address at which it is established and, where applicable, of other data processing parties;
潜在数据持有者的身份,例如其商业名称和成立的地理地址,以及其他数据处理方(如适用)的身份;

(e) (五)

the means of communication which make it possible to contact the prospective data holder quickly and communicate with that data holder efficiently;
能够快速联系潜在数据持有者并与该数据持有者有效沟通的通信方式;

(f) (F)

how the user can request that the data are shared with a third party and, where applicable, end the data sharing;
用户如何请求与第三方共享数据,并在适用的情况下结束数据共享;

(g) (G)

the user’s right to lodge a complaint alleging an infringement of any of the provisions of this Chapter with the competent authority designated pursuant to Article 37;
用户有权就违反本章规定的行为向第三十七条规定的主管机关提出投诉;

(h) (H)

whether a prospective data holder is the holder of trade secrets contained in the data that is accessible from the connected product or generated during the provision of a related service, and, where the prospective data holder is not the trade secret holder, the identity of the trade secret holder;
潜在数据持有者是否是可从连接产品访问或在提供相关服务期间生成的数据中包含的商业秘密的持有者,以及,如果潜在数据持有者不是商业秘密持有者,则该数据持有者的身份商业秘密持有人;

(i) (我)

the duration of the contract between the user and the prospective data holder, as well as the arrangements for terminating such a contract.
用户和潜在数据持有者之间的合同期限,以及终止此类合同的安排。

Article 4 第四条

The rights and obligations of users and data holders with regard to access, use and making available product data and related service data
用户和数据持有者在访问、使用和提供产品数据及相关服务数据方面的权利和义务

1.
   Where data cannot be directly accessed by the user from the connected product or related service, data holders shall make readily available data, as well as the relevant metadata necessary to interpret and use those data, accessible to the user without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time.
如果用户无法从连接的产品或相关服务直接访问数据,则数据持有者应立即提供数据以及解释和使用这些数据所需的相关元数据,使用户能够立即访问该数据,不得无故拖延。以全面、结构化、常用和机器可读的格式,轻松、安全、免费地向数据持有者提供可用的质量,并且在相关且技术上可行的情况下,连续、实时地提供数据。

This shall be done on the basis of a simple request through electronic means where technically feasible.
在技​​术可行的情况下,这应基于通过电子方式提出的简单请求来完成。

2.
   Users and data holders may contractually restrict or prohibit accessing, using or further sharing data, if such processing could undermine security requirements of the connected product, as laid down by Union or national law, resulting in a serious adverse effect on the health, safety or security of natural persons.
如果此类处理可能破坏联盟或国家法律规定的互联产品的安全要求,从而对健康、安全或健康造成严重不利影响,则用户和数据持有者可以通过合同限制或禁止访问、使用或进一步共享数据。自然人的安全。

Sectoral authorities may provide users and data holders with technical expertise in that context. Where the data holder refuses to share data pursuant to this Article, it shall notify the competent authority designated pursuant to Article 37.
部门当局可以向用户和数据持有者提供这方面的技术专业知识。资料持有者拒绝依本条规定共享资料者,应通知依第三十七条指定之主管机关。

3.   Without prejudice to the user’s right to seek redress at any stage before a court or tribunal of a Member State, the user may, in relation to any dispute with the data holder concerning the contractual restrictions or prohibitions referred to in paragraph 2:
3. 在不损害用户在任何阶段向成员国法院或法庭寻求补救的权利的情况下,对于与数据持有者就第 2 款中提到的合同限制或禁止产生的任何争议,用户可以:

(a) (A)

lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority; or
根据第 37 条第(5)款(b)点,向主管当局提出投诉;或者

(b) (二)

agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1).
同意数据持有者根据第 10(1) 条将此事提交争议解决机构。

4.
   Data holders shall not make the exercise of choices or rights under this Article by the user unduly difficult, including by offering choices to the user in a non-neutral manner or by subverting or impairing the autonomy, decision-making or choices of the user via the structure, design, function or manner of operation of a user digital interface or a part thereof.
数据持有者不得使用户行使本条规定的选择或权利变得过于困难,包括以非中立的方式向用户提供选择,或者通过以下方式颠覆或损害用户的自主权、决策或选择:用户数字界面或其一部分的结构、设计、功能或操作方式。

5.   For the purpose of verifying whether a natural or legal person qualifies as a user for the purposes of paragraph 1, a data holder shall not require that person to provide any information beyond what is necessary.
5. 为了验证自然人或法人是否符合第 1 款的用户资格,数据持有者不得要求该人提供超出必要范围的任何信息。

Data holders shall not keep any information, in particular log data, on the user’s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and maintenance of the data infrastructure.
数据持有者不得保留有关用户访问所请求数据的任何信息,特别是日志数据,超出了正确执行用户访问请求以及数据基础设施安全和维护所必需的信息。

6.   Trade secrets shall be preserved and shall be disclosed only where the data holder and the user take all necessary measures prior to the disclosure to preserve their confidentiality in particular regarding third parties.
6. 只有当数据持有者和用户在披露之前采取一切必要措施以保护其机密性(特别是有关第三方的机密性)时,才应保存和披露商业秘密。

The data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata, and shall agree with the user proportionate technical and organisational measures necessary to preserve the confidentiality of the shared data, in particular in relation to third parties, such as model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据,并应同意用户采取适当的技术和组织措施以保护机密性共享数据,特别是与第三方相关的数据,例如示范合同条款、保密协议、严格的访问协议、技术标准和行为准则的应用。

7.
   Where there is no agreement on the necessary measures referred to in paragraph 6, or if the user fails to implement the measures agreed pursuant to paragraph 6 or undermines the confidentiality of the trade secrets, the data holder may withhold or, as the case may be, suspend the sharing of data identified as trade secrets.
如果没有就第 6 款所述的必要措施达成一致,或者如果用户未执行根据第 6 款商定的措施或破坏商业秘密的机密性,数据持有者可以扣留或视情况而定,暂停共享被认定为商业秘密的数据。

The decision of the data holder shall be duly substantiated and provided in writing to the user without undue delay.
数据持有者的决定应得到充分证实并以书面形式提供给用户,不得无故拖延。

In such cases, the data holder shall notify the competent authority designated pursuant to Article 37 that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应通知根据第 37 条指定的主管当局,其已扣留或暂停数据共享,并确定哪些措施尚未商定或实施,以及(如果相关)哪些商业秘密的机密性已被破坏。

8.
   In exceptional circumstances, where the data holder who is a trade secret holder is able to demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the user pursuant to paragraph 6 of this Article, that data holder may refuse on a case-by-case basis a request for access to the specific data in question.
在特殊情况下,作为商业秘密持有者的数据持有者能够证明,尽管用户根据第 6 款采取了技术和组织措施,但其极有可能因商业秘密的披露而遭受严重的经济损失。根据本条规定,数据持有者可以根据具体情况拒绝访问相关特定数据的请求。

That demonstration shall be duly substantiated on the basis of objective elements, in particular the enforceability of trade secrets protection in third countries, the nature and level of confidentiality of the data requested, and the uniqueness and novelty of the connected product, and shall be provided in writing to the user without undue delay.
该论证应根据客观要素,特别是第三国商业秘密保护的可执行性、所请求数据的保密性和级别以及所连接产品的独特性和新颖性来充分证实,并应提供以书面形式通知用户,不得无故拖延。

Where the data holder refuses to share data pursuant to this paragraph, it shall notify the competent authority designated pursuant to Article 37.
资料持有者拒绝依本项规定共享资料者,应通知依第三十七条指定之主管机关。

9.   Without prejudice to a user’s right to seek redress at any stage before a court or tribunal of a Member State, a user wishing to challenge a data holder’s decision to refuse or to withhold or suspend data sharing pursuant to paragraphs 7 and 8 may:
9. 在不损害用户在任何阶段向成员国法院或法庭寻求补救的权利的情况下,希望对数据持有者根据第 7 段和第 8 段拒绝、扣留或暂停数据共享的决定提出质疑的用户可以:

(a) (A)

lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority, which shall, without undue delay, decide whether and under which conditions data sharing is to start or resume; or
根据第 37 条第(5)款(b)点向主管当局提出投诉,主管当局应立即决定是否以及在何种条件下开始或恢复数据共享;或者

(b) (二)

agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1).
同意数据持有者根据第 10(1) 条将此事提交争议解决机构。

10.
   The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a connected product that competes with the connected product from which the data originate, nor share the data with a third party with that intent and shall not use such data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the data holder.
用户不得使用根据第 1 款所述请求获得的数据来开发与数据来源的连接产品竞争的连接产品,也不得出于此目的与第三方共享数据,并且不得使用此类数据数据以获得有关制造商或数据持有者(如适用)的经济状况、资产和生产方法的见解。

11.   The user shall not use coercive means or abuse gaps in the technical infrastructure of a data holder which is designed to protect the data in order to obtain access to data.
11. 用户不得使用强制手段或滥用数据持有者旨在保护数据的技术基础设施中的漏洞来获取数据访问权限。

12.
   Where the user is not the data subject whose personal data is requested, any personal data generated by the use of a connected product or related service shall be made available by the data holder to the user only where there is a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC are fulfilled.
如果用户不是被请求提供个人数据的数据主体,则只有在具有有效的法律依据的情况下,数据持有者才可以向用户提供通过使用连接产品或相关服务而生成的任何个人数据。 (EU) 2016/679 法规第 6 条以及相关法规第 9 条和指令 2002/58/EC 第 5(3) 条的条件均得到满足。

13.   A data holder shall only use any readily available data that is non-personal data on the basis of a contract with the user.
13. 数据持有者只能根据与用户签订的合同使用任何现成的非个人数据。

A data holder shall not use such data to derive insights about the economic situation, assets and production methods of, or the use by, the user in any other manner that could undermine the commercial position of that user on the markets in which the user is active.
数据持有者不得使用此类数据来深入了解用户的经济状况、资产和生产方法,或以任何其他可能损害该用户在其所在市场的商业地位的方式使用该用户。积极的。

14.   Data holders shall not make available non-personal product data to third parties for commercial or non-commercial purposes other than the fulfilment of their contract with the user.
14. 除履行与用户的合同外,数据持有者不得出于商业或非商业目的向第三方提供非个人产品数据。

Where relevant, data holders shall contractually bind third parties not to further share data received from them.
在相关情况下,数据持有者应通过合同约束第三方不得进一步共享从其收到的数据。

Article 5 第五条

Right of the user to share data with third parties
用户与第三方共享数据的权利

1.
   Upon request by a user, or by a party acting on behalf of a user, the data holder shall make available readily available data, as well as the relevant metadata necessary to interpret and use those data, to a third party without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge to the user, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time.
根据用户或代表用户的一方的请求,数据持有者应立即向第三方提供可用的数据以及解释和使用这些数据所需的相关元数据,不得无故拖延,与数据持有者可获得的质量相同,以全面、结构化、常用和机器可读的格式,轻松、安全、免费地向用户免费提供数据,并且在相关且技术上可行的情况下,连续、实时地提供数据。

The data shall be made available by the data holder to the third party in accordance with Articles 8 and 9.
数据持有者应根据第 8 条和第 9 条向第三方提供数据。

2.   Paragraph 1 shall not apply to readily available data in the context of the testing of new connected products, substances or processes that are not yet placed on the market unless their use by a third party is contractually permitted.
2. 第 1 款不适用于测试尚未投放市场的新连接产品、物质或工艺时容易获得的数据,除非合同允许第三方使用这些数据。

3.   Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible third party under this Article and therefore shall not:
3. 根据法规 (EU) 2022/1925 第 3 条,任何被指定为看门人的企业均不属于本条规定的合格第三方,因此不得:

(a) (A)

solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1);
以任何方式(包括提供金钱或任何其他补偿)招揽或商业激励用户将数据提供给用户根据第 4(1) 条的请求获得的其中一项服务;

(b) (二)

solicit or commercially incentivise a user to request the data holder to make data available to one of its services pursuant to paragraph 1 of this Article;
招揽或商业激励用户要求数据持有者根据本条第 1 款向其一项服务提供数据;

(c) (C)

receive data from a user that the user has obtained pursuant to a request under Article 4(1).
接收用户根据第 4 条第 (1) 款的请求获得的数据。

4.   For the purpose of verifying whether a natural or legal person qualifies as a user or as a third party for the purposes of paragraph 1, the user or the third party shall not be required to provide any information beyond what is necessary.
4. 为了验证自然人或法人是否符合第 1 款规定的用户或第三方的资格,不得要求用户或第三方提供超出必要范围的任何信息。

Data holders shall not keep any information on the third party’s access to the data requested beyond what is necessary for the sound execution of the third party’s access request and for the security and maintenance of the data infrastructure.
数据持有者不得保留有关第三方访问所请求数据的任何信息,除非是妥善执行第三方访问请求以及数据基础设施安全和维护所必需的信息。

5.   The third party shall not use coercive means or abuse gaps in the technical infrastructure of a data holder which is designed to protect the data in order to obtain access to data.
5. 第三方不得使用强制手段或滥用数据持有者旨在保护数据的技术基础设施中的漏洞来获取数据访问权。

6.
   A data holder shall not use any readily available data to derive insights about the economic situation, assets and production methods of, or the use by, the third party in any other manner that could undermine the commercial position of the third party on the markets in which the third party is active, unless the third party has given permission to such use and has the technical possibility to easily withdraw that permission at any time.
数据持有者不得使用任何现成的数据来深入了解第三方的经济状况、资产和生产方法,或以任何其他可能损害第三方在市场上的商业地位的方式使用第三方。第三方是活跃的,除非第三方已授予此类使用许可,并且在技术上可以随时轻松撤回该许可。

7.
   Where the user is not the data subject whose personal data is requested, any personal data generated by the use of a connected product or related service shall be made available by the data holder to the third party only where there is a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC are fulfilled.
如果用户不是被请求提供个人数据的数据主体,则只有在存在有效的处理法律依据的情况下,数据持有者才应将使用连接产品或相关服务生成的任何个人数据提供给第三方根据 (EU) 2016/679 法规第 6 条的规定,以及在相关情况下,满足该法规第 9 条和指令 2002/58/EC 第 5(3) 条的条件。

8.
   Any failure on the part of the data holder and the third party to agree on arrangements for transmitting the data shall not hinder, prevent or interfere with the exercise of the rights of the data subject under Regulation (EU) 2016/679 and, in particular, with the right to data portability under Article 20 of that Regulation.
数据持有者和第三方未能就数据传输安排达成一致,不得阻碍、阻止或干扰数据主体根据法规 (EU) 2016/679 行使权利,特别是,具有该条例第 20 条规定的数据可移植权。

9.   Trade secrets shall be preserved and shall be disclosed to third parties only to the extent that such disclosure is strictly necessary to fulfil the purpose agreed between the user and the third party.
9. 应保留商业秘密,并仅在为实现用户与第三方约定的目的绝对必要的情况下才向第三方披露商业秘密。

The data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata, and shall agree with the third party all proportionate technical and organisational measures necessary to preserve the confidentiality of the shared data, such as model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.
数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据,并应与第三方同意采取所有必要的相称技术和组织措施,以保护商业秘密。共享数据的机密性,例如示范合同条款、保密协议、严格的访问协议、技术标准和行为准则的应用。

10.
   Where there is no agreement on the necessary measures referred to in paragraph 9 of this Article or if the third party fails to implement the measures agreed pursuant to paragraph 9 of this Article or undermines the confidentiality of the trade secrets, the data holder may withhold or, as the case may be, suspend the sharing of data identified as trade secrets.
如果未就本条第 9 款所述的必要措施达成一致,或者第三方未执行本条第 9 款规定的措施或破坏商业秘密的,数据持有者可以扣留或视情况暂停共享被认定为商业秘密的数据。

The decision of the data holder shall be duly substantiated and provided in writing to the third party without undue delay.
数据持有者的决定应得到充分证实并以书面形式提供给第三方,不得无故拖延。

In such cases, the data holder shall notify the competent authority designated pursuant to Article 37 that it has withheld or suspended data sharing and identify which measures have not been agreed or implemented and, where relevant, which trade secrets have had their confidentiality undermined.
在这种情况下,数据持有者应通知根据第 37 条指定的主管当局,其已扣留或暂停数据共享,并确定哪些措施尚未商定或实施,以及(如果相关)哪些商业秘密的机密性已被破坏。

11.
   In exceptional circumstances, where the data holder who is a trade secret holder is able to demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets, despite the technical and organisational measures taken by the third party pursuant to paragraph 9 of this Article, that data holder may refuse on a case-by-case basis a request for access to the specific data in question.
在特殊情况下,作为商业秘密持有者的数据持有者能够证明,尽管第三方根据第 9 款采取了技术和组织措施,但其极有可能因商业秘密的披露而遭受严重的经济损失根据本条规定,数据持有者可以根据具体情况拒绝访问相关特定数据的请求。

That demonstration shall be duly substantiated on the basis of objective elements, in particular the enforceability of trade secrets protection in third countries, the nature and level of confidentiality of the data requested, and the uniqueness and novelty of the connected product, and shall be provided in writing to the third party without undue delay.
该论证应根据客观要素,特别是第三国商业秘密保护的可执行性、所请求数据的保密性和级别以及所连接产品的独特性和新颖性来充分证实,并应提供不得无故拖延地书面通知第三方。

Where the data holder refuses to share data pursuant to this paragraph, it shall notify the competent authority designated pursuant to Article 37.
资料持有者拒绝依本项规定共享资料者,应通知依第三十七条指定之主管机关。

12.   Without prejudice to the third party’s right to seek redress at any stage before a court or tribunal of a Member State, a third party wishing to challenge a data holder’s decision to refuse or to withhold or suspend data sharing pursuant to paragraphs 10 and 11 may:
12. 在不损害第三方在任何阶段向成员国法院或法庭寻求补救的权利的情况下,希望对数据持有者根据第 10 和 11 段拒绝、扣留或暂停数据共享的决定提出质疑的第三方可能:

(a) (A)

lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority, which shall, without undue delay, decide whether and under which conditions the data sharing is to start or resume; or
根据第 37 条第(5)款(b)点向主管当局提出投诉,主管当局应立即决定是否以及在何种条件下开始或恢复数据共享;或者

(b) (二)

agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1).
同意数据持有者根据第 10(1) 条将此事提交争议解决机构。

13.   The right referred to in paragraph 1 shall not adversely affect the rights of data subjects pursuant to the applicable Union and national law on the protection of personal data.
13. 第 1 款中提到的权利不得对数据主体根据适用的欧盟和国家保护个人数据法律所享有的权利产生不利影响。

Article 6 第六条

Obligations of third parties receiving data at the request of the user
第三方应用户请求接收数据的义务

1.
   A third party shall process the data made available to it pursuant to Article 5 only for the purposes and under the conditions agreed with the user and subject to Union and national law on the protection of personal data including the rights of the data subject insofar as personal data are concerned.
第三方应仅出于与用户同意的目的和条件下处理根据第 5 条提供的数据,并遵守欧盟和国家有关个人数据保护的法律,包括数据主体在个人数据方面的权利。数据有关。

The third party shall erase the data when they are no longer necessary for the agreed purpose, unless otherwise agreed with the user in relation to non-personal data.
当约定目的不再需要这些数据时,第三方应删除这些数据,除非与用户就非个人数据另有约定。

2.   The third party shall not:
2. 第三方不得:

(a) (A)

make the exercise of choices or rights under Article 5 and this Article by the user unduly difficult, including by offering choices to the user in a non-neutral manner, or by coercing, deceiving or manipulating the user, or by subverting or impairing the autonomy, decision-making or choices of the user, including by means of a user digital interface or a part thereof;
使用户行使第5条和本条规定的选择或权利变得过于困难,包括以非中立的方式向用户提供选择,或胁迫、欺骗或操纵用户,或颠覆或损害自主权用户的决策或选择,包括通过用户数字界面或其一部分;

(b) (二)

notwithstanding Article 22(2), points (a) and (c), of Regulation (EU) 2016/679, use the data it receives for the profiling, unless it is necessary to provide the service requested by the user;
尽管有法规 (EU) 2016/679 第 22(2) 条 (a) 和 (c) 点的规定,仍使用其收到的数据进行分析,除非有必要提供用户请求的服务;

(c) (C)

make the data it receives available to another third party, unless the data is made available on the basis of a contract with the user, and provided that the other third party takes all necessary measures agreed between the data holder and the third party to preserve the confidentiality of trade secrets;
将其收到的数据提供给其他第三方,除非该数据是根据与用户签订的合同提供的,并且前提是其他第三方采取数据持有者和第三方同意的所有必要措施来保存数据商业秘密的保密性;

(d) (四)

make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
将其收到的数据提供给根据 (EU) 2022/1925 法规第 3 条指定为看门人的企业;

(e) (五)

use the data it receives to develop a product that competes with the connected product from which the accessed data originate or share the data with another third party for that purpose; third parties shall also not use any non-personal product data or related service data made available to them to derive insights about the economic situation, assets and production methods of, or use by, the data holder;
使用其收到的数据来开发与所访问数据所源自的联网产品竞争的产品,或为此目的与其他第三方共享数据;第三方也不得使用向其提供的任何非个人产品数据或相关服务数据来深入了解数据持有者的经济状况、资产和生产方法或使用情况;

(f) (F)

use the data it receives in a manner that has an adverse impact on the security of the connected product or related service;
以对互联产品或相关服务的安全产生不利影响的方式使用其收到的数据;

(g) (G)

disregard the specific measures agreed with a data holder or with the trade secrets holder pursuant to Article 5(9) and undermine the confidentiality of trade secrets;
无视根据第 5 条第(9)款与数据持有者或商业秘密持有者商定的具体措施,破坏商业秘密的保密性;

(h) (H)

prevent the user that is a consumer, including on the basis of a contract, from making the data it receives available to other parties.
防止作为消费者的用户(包括基于合同)将其收到的数据提供给其他方。

Article 7 第七条

Scope of business-to-consumer and business-to-business data sharing obligations
企业对消费者和企业对企业数据共享义务的范围

1.
   The obligations of this Chapter shall not apply to data generated through the use of connected products manufactured or designed or related services provided by a microenterprise or a small enterprise, provided that that enterprise does not have a partner enterprise or a linked enterprise within the meaning of Article 3 of the Annex to Recommendation 2003/361/EC that does not qualify as a microenterprise or a small enterprise and where the microenterprise and small enterprise is not subcontracted to manufacture or design a connected product or to provide a related service.
本章义务不适用于通过使用微型企业或小型企业制造或设计的互联产品或提供的相关服务所产生的数据,但该企业不具有以下含义的合作企业或关联企业:第 2003/361/EC 建议书附件第 3 条不符合微型企业或小型企业的资格,并且微型企业和小型企业未分包制造或设计互联产品或提供相关服务。

The same shall apply to data generated through the use of connected products manufactured by or related services provided by an enterprise that has qualified as a medium-sized enterprise under Article 2 of the Annex to Recommendation 2003/361/EC for less than one year and to connected products for one year after the date on which they were placed on the market by a medium-sized enterprise.
同样适用于通过使用由符合建议 2003/361/EC 附件第 2 条规定的中型企业资格的企业生产的联网产品或提供的相关服务不足一年而产生的数据,并且中型企业将联网产品投放市场之日起一年内。

2.   Any contractual term which, to the detriment of the user, excludes the application of, derogates from or varies the effect of the user’s rights under this Chapter shall not be binding on the user.
2. 任何损害用户利益、排除本章规定的用户权利的适用、减损或改变其效力的合同条款对用户不具有约束力。

CHAPTER III 第三章

OBLIGATIONS FOR DATA HOLDERS OBLIGED TO MAKE DATA AVAILABLE PURSUANT TO UNION LAW
数据持有者根据工会法提供数据的义务

Article 8 第八条

Conditions under which data holders make data available to data recipients
数据持有者向数据接收者提供数据的条件

1.
   Where, in business-to-business relations, a data holder is obliged to make data available to a data recipient under Article 5 or under other applicable Union law or national legislation adopted in accordance with Union law, it shall agree with a data recipient the arrangements for making the data available and shall do so under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner in accordance with this Chapter and Chapter IV.
在企业对企业关系中,如果数据持有者有义务根据第 5 条或其他适用的联盟法律或根据联盟法律通过的国家立法向数据接收者提供数据,则数据持有者应与数据接收者同意提供数据的安排,并应按照本章和第四章的规定,在公平、合理和非歧视性的条款和条件下并以透明的方式进行。

2.
   A contractual term concerning access to and the use of data, or liability and remedies for the breach or termination of data-related obligations, shall not be binding if it constitutes an unfair contractual term within the meaning of Article 13 or if, to the detriment of the user, it excludes the application of, derogates from or varies the effect of the user’s rights under Chapter II.
有关数据访问和使用的合同条款,或者违反或终止数据相关义务的责任和补救措施,如果构成第 13 条含义内的不公平合同条款,或者损害排除用户根据第二章享有的权利的适用、减损或改变其效力。

3.   A data holder shall not discriminate regarding the arrangements for making data available between comparable categories of data recipients, including partner enterprises or linked enterprises of the data holder when making data available.
3. 数据持有者在提供数据的安排上不得对同类数据接收者(包括数据持有者的合作企业或关联企业)之间的数据提供安排实行歧视。

Where a data recipient considers that the conditions under which data has been made available to it are discriminatory, the data holder shall without undue delay provide the data recipient, upon its reasoned request, with information showing that there has been no discrimination.
如果数据接收者认为向其提供数据的条件具有歧视性,则数据持有者应根据数据接收者的合理要求,立即向其提供表明不存在歧视的信息。

4.   A data holder shall not make data available to a data recipient, including on an exclusive basis, unless requested to do so by the user under Chapter II.
4. 数据持有者不得向数据接收者提供数据,包括独家提供数据,除非用户根据第二章要求这样做。

5.
   Data holders and data recipients shall not be required to provide any information beyond what is necessary to verify compliance with the contractual terms agreed for making data available or with their obligations under this Regulation or other applicable Union law or national legislation adopted in accordance with Union law.
数据持有者和数据接收者无需提供任何必要信息,以验证是否遵守提供数据所商定的合同条款或本条例或其他适用的欧盟法律或根据欧盟法律通过的国家立法规定的义务。

6.   Unless otherwise provided for in Union law, including Article 4(6) and Article 5(9) of this Regulation, or by national legislation adopted in accordance with Union law, an obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets.
6. 除非欧盟法律(包括本条例第 4 条第 6 款和第 5 条第 9 款)或根据欧盟法律通过的国家立法另有规定,否则向数据接收者提供数据的义务不构成义务。商业秘密的披露。

Article 9 第九条

Compensation for making data available
对提供数据的补偿

1.   Any compensation agreed upon between a data holder and a data recipient for making data available in business-to-business relations shall be non- discriminatory and reasonable and may include a margin.
1. 数据持有者和数据接收者之间就在企业对企业关系中提供数据而商定的任何补偿均应是非歧视性的、合理的,并且可以包括利润。

2.   When agreeing on any compensation, the data holder and the data recipient shall take into account in particular:
2. 在就任何补偿达成一致时,数据持有者和数据接收者应特别考虑:

(a) (A)

costs incurred in making the data available, including, in particular, the costs necessary for the formatting of data, dissemination via electronic means and storage;
提供数据所产生的费用,特别包括数据格式化、通过电子方式传播和存储所需的费用;

(b) (二)

investments in the collection and production of data, where applicable, taking into account whether other parties contributed to obtaining, generating or collecting the data in question.
在适用的情况下,对数据收集和生产的投资,考虑其他各方是否为获取、生成或收集相关数据做出了贡献。

3.   The compensation referred to in paragraph 1 may also depend on the volume, format and nature of the data.
3. 第 1 款中提及的补偿还可能取决于数据的数量、格式和性质。

4.
   Where the data recipient is an SME or a not-for-profit research organisation and where such a data recipient does not have partner enterprises or linked enterprises that do not qualify as SMEs, any compensation agreed shall not exceed the costs referred to in paragraph 2, point (a).
如果数据接收者是中小企业或非营利性研究机构,并且该数据接收者没有不符合中小企业资格的合作企业或关联企业,则约定的任何补偿不得超过第二款所述的成本,点(a)。

5.   The Commission shall adopt guidelines on the calculation of reasonable compensation, taking into account the advice of the European Data Innovation Board (EDIB) referred to in Article 42.
5. 委员会应考虑第 42 条中提及的欧洲数据创新委员会 (EDIB) 的建议,采用合理补偿计算指南。

6.   This Article shall not preclude other Union law or national legislation adopted in accordance with Union law from excluding compensation for making data available or providing for lower compensation.
6. 本条并不排除其他欧盟法律或根据欧盟法律通过的国家立法排除对提供数据的补偿或规定较低的补偿。

7.   The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can assess whether the requirements of paragraphs 1 to 4 are met.
7. 数据持有者应向数据接收者提供足够详细的信息,说明赔偿计算的依据,以便数据接收者能够评估是否满足第 1 款至第 4 款的要求。

Article 10 第十条

Dispute settlement 纠纷解决

1.
   Users, data holders and data recipients shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes pursuant to Article 4(3) and (9) and Article 5(12) as well as disputes relating to the fair, reasonable and non-discriminatory terms and conditions for, and transparent manner of, making data available in accordance with this Chapter and Chapter IV.
用户、数据持有者和数据接收者应有权联系根据本条第 5 款认证的争议解决机构,根据第 4 条第(3)款和第(9)款以及第 5 条第(12)款解决争议以及争议涉及根据本章和第四章提供数据的公平、合理和非歧视性条款和条件以及透明方式。

2.   Dispute settlement bodies shall make the fees, or the mechanisms used to determine the fees, known to the parties concerned before those parties request a decision.
2. 争议解决机构应在有关各方请求作出决定之前告知其费用或用于确定费用的机制。

3.
   For disputes referred to a dispute settlement body pursuant to Article 4(3) and (9) and Article 5(12), where the dispute settlement body decides a dispute in favour of the user or of the data recipient, the data holder shall bear all the fees charged by the dispute settlement body and shall reimburse that user or that data recipient for any other reasonable expenses that it has incurred in relation to the dispute settlement.
对于根据第四条第(三)项和第(九)项以及第五条第(十二)项提交争议解决机构的争议,如果争议解决机构做出有利于用户或数据接收者的争议,数据持有者应承担以下责任:争议解决机构收取的所有费用,并应补偿该用户或数据接收者因争议解决而产生的任何其他合理费用。

If the dispute settlement body decides a dispute in favour of the data holder, the user or the data recipient shall not be required to reimburse any fees or other expenses that the data holder paid or is to pay in relation to the dispute settlement, unless the dispute settlement body finds that the user or the data recipient manifestly acted in bad faith.
如果争议解决机构裁定争议有利于数据持有者,则用户或数据接收者无需偿还数据持有者已经支付或将支付的与争议解决相关的任何费用或其他费用,除非争议解决机构认为用户或数据接收者的行为明显具有恶意。

4.
   Customers and providers of data processing services shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes relating to breaches of the rights of customers and the obligations of providers of data processing services, in accordance with Articles 23 to 31.
客户和数据处理服务提供商应有权根据本条第 5 款规定,通过经认证的争议解决机构来解决与侵犯客户权利和数据处理服务提供商义务相关的争议。第二十三条至第三十一条。

5.   The Member State where the dispute settlement body is established shall, at the request of that body, certify that body where it has demonstrated that it meets all of the following conditions:
5. 设立争端解决机构的成员国应根据该机构的要求,对该机构进行认证,证明其满足以下所有条件:

(a) (A)

it is impartial and independent, and it is to issue its decisions in accordance with clear, non-discriminatory and fair rules of procedure;
它是公正和独立的,并根据明确、非歧视和公平的议事规则作出决定;

(b) (二)

it has the necessary expertise, in particular in relation to fair, reasonable and non-discriminatory terms and conditions, including compensation, and on making data available in a transparent manner, allowing the body to effectively determine those terms and conditions;
它拥有必要的专业知识,特别是在公平、合理和非歧视性的条款和条件(包括赔偿)方面,以及以透明的方式提供数据方面,使该机构能够有效地确定这些条款和条件;

(c) (C)

it is easily accessible through electronic communication technology;
通过电子通信技术可以轻松获取;

(d) (四)

it is capable of adopting its decisions in a swift, efficient and cost-effective manner in at least one official language of the Union.
它能够以至少一种欧盟官方语言迅速、高效和具有成本效益的方式通过其决定。

6.   Member States shall notify to the Commission the dispute settlement bodies certified in accordance with paragraph 5. The Commission shall publish a list of those bodies on a dedicated website and keep it updated.
6. 成员国应向委员会通报根据第 5 款认证的争端解决机构。委员会应在专门网站上公布这些机构的名单并保持更新。

7.   A dispute settlement body shall refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.
7. 争端解决机构应拒绝处理已提交另一争端解决机构或成员国法院或法庭的争端解决请求。

8.   A dispute settlement body shall grant parties the possibility, within a reasonable period of time, to express their points of view on the matters those parties have brought before that body.
8. 争端解决机构应给予各方在合理时间内就各方向该机构提交的事项表达观点的可能性。

In that context, each party to a dispute shall be provided with the submissions of the other party to their dispute and any statements made by experts. The parties shall be given the possibility to comment on those submissions and statements.
在这种情况下,应向争议各方提供争议另一方提交的材料以及专家的任何陈述。各方应有权对这些提交和声明发表评论。

9.   A dispute settlement body shall adopt its decision on a matter referred to it within 90 days of receipt of a request pursuant to paragraphs 1 and 4. That decision shall be in writing or on a durable medium and shall be supported by a statement of reasons.
9. 争端解决机构应在收到根据第 1 款和第 4 款提出的请求后 90 天内就提交给它的事项作出决定。该决定应采用书面形式或采用持久介质,并应有以下声明的支持:原因。

10.   Dispute settlement bodies shall draw up and make publicly available annual activity reports. Such annual reports shall include, in particular, the following general information:
10. 争端解决机构应起草并公布年度活动报告。此类年度报告应特别包括以下一般信息:

(a) (A)

an aggregation of the outcomes of disputes;
争议结果的汇总;

(b) (二)

the average time taken to resolve disputes;
解决争议所需的平均时间;

(c) (C)

the most common reasons for disputes.
最常见的争议原因。

11.   In order to facilitate the exchange of information and best practices, a dispute settlement body may decide to include recommendations in the report referred to in paragraph 10 as to how problems can be avoided or resolved.
11. 为了促进信息和最佳做法的交流,争端解决机构可决定在第 10 段提及的报告中纳入关于如何避免或解决问题的建议。

12.   The decision of a dispute settlement body shall be binding on the parties only if the parties have explicitly consented to its binding nature prior to the start of the dispute settlement proceedings.
12. 只有当事方在争端解决程序开始前明确同意其裁决的约束力时,争端解决机构的决定才对各方具有约束力。

13.   This Article does not affect the right of parties to seek an effective remedy before a court or tribunal of a Member State.
13. 本条不影响当事人向成员国法院或法庭寻求有效补救的权利。

Article 11 第十一条

Technical protection measures on the unauthorised use or disclosure of data
针对未经授权使用或泄露数据的技术保护措施

1.
   A data holder may apply appropriate technical protection measures, including smart contracts and encryption, to prevent unauthorised access to data, including metadata, and to ensure compliance with Articles 4, 5, 6, 8 and 9, as well as with the agreed contractual terms for making data available.
数据持有者可以采用适当的技术保护措施,包括智能合约和加密,以防止未经授权访问数据,包括元数据,并确保遵守第4、5、6、8和9条以及商定的合同条款使数据可用。

Such technical protection measures shall not discriminate between data recipients or hinder a user’s right to obtain a copy of, retrieve, use or access data, to provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation adopted in accordance with Union law.
此类技术保护措施不得歧视数据接收者,也不得妨碍用户获取数据副本、检索、使用或访问数据的权利,根据第 5 条向第三方提供数据的权利,或第三方根据欧盟法律或国家法律享有的任何权利。根据联盟法通过的立法。

Users, third parties and data recipients shall not alter or remove such technical protection measures unless agreed by the data holder.
除非数据持有者同意,用户、第三方和数据接收者不得改变或解除该等技术保护措施。

2.   In the circumstances referred to in paragraph 3, the third party or data recipient shall comply, without undue delay, with the requests of the data holder and, where applicable and where they are not the same person, the trade secret holder or the user:
2. 在第 3 款所述情况下,第三方或数据接收方应立即遵守数据持有者的要求,并且在适用的情况下且如果他们不是同一个人,则应遵守商业秘密持有者或数据持有者的要求。用户:

(a) (A)

to erase the data made available by the data holder and any copies thereof;
删除数据持有者提供的数据及其任何副本;

(b) (二)

to end the production, offering or placing on the market or use of goods, derivative data or services produced on the basis of knowledge obtained through such data, or the importation, export or storage of infringing goods for those purposes, and destroy any infringing goods, where there is a serious risk that the unlawful use of those data will cause significant harm to the data holder, the trade secret holder or the user or where such a measure would not be disproportionate in light of the interests of the data holder, the trade secret holder or the user;
停止生产、提供或投放市场或使用商品、基于通过此类数据获得的知识而产生的衍生数据或服务,或停止为此目的进口、出口或储存侵权商品,并销毁任何侵权商品,如果非法使用这些数据存在对数据持有者、商业秘密持有者或用户造成重大损害的严重风险,或者考虑到数据持有者的利益,这种措施不会不相称,则商业秘密持有人或用户;

(c) (C)

to inform the user of the unauthorised use or disclosure of the data and of the measures taken to put an end to the unauthorised use or disclosure of the data;
告知用户未经授权使用或披露数据以及为制止未经授权使用或披露数据而采取的措施;

(d) (四)

to compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data.
赔偿因滥用或披露此类非法访问或使用的数据而遭受损失的一方。

3.   Paragraph 2 shall apply where a third party or a data recipient has:
3. 第 2 款适用于第三方或数据接收者有以下情况的情况:

(a) (A)

for the purposes of obtaining data, provided false information to a data holder, deployed deceptive or coercive means or abused gaps in the technical infrastructure of the data holder designed to protect the data;
为了获取数据的目的,向数据持有者提供虚假信息,采用欺骗或胁迫手段或滥用数据持有者旨在保护数据的技术基础设施中的漏洞;

(b) (二)

used the data made available for unauthorised purposes, including the development of a competing connected product within the meaning of Article 6(2), point (e);
将提供的数据用于未经授权的目的,包括开发第 6(2) 条 (e) 点含义内的竞争性互联产品;

(c) (C)

unlawfully disclosed data to another party;
向另一方非法披露数据;

(d) (四)

not maintained the technical and organisational measures agreed pursuant to Article 5(9); or
未维持根据第 5 条第(9)款商定的技术和组织措施;或者

(e) (五)

altered or removed technical protection measures applied by the data holder pursuant to paragraph 1 of this Article without the agreement of the data holder.
未经数据持有者同意,变更或者取消数据持有者依照本条第一款规定实施的技术保护措施。

4.
   Paragraph 2 shall also apply where a user alters or removes technical protection measures applied by the data holder or does not maintain the technical and organisational measures taken by the user in agreement with the data holder or, where they are not the same person, the trade secrets holder, in order to preserve trade secrets, as well as in respect of any other party that receives the data from the user by means of an infringement of this Regulation.
如果用户更改或删除数据持有者所采用的技术保护措施,或者不按照与数据持有者或(如果他们不是同一个人)协议维持用户所采取的技术和组织措施,则第 2 款也适用。秘密持有人,以保护商业秘密,以及通过违反本条例的方式从用户处接收数据的任何其他方。

5.   Where the data recipient infringes Article 6(2), point (a) or (b), users shall have the same rights as data holders under paragraph 2 of this Article.
5. 如果数据接收者违反第 6 条第(2)款(a)或(b)点的规定,用户应享有与数据持有者相同的本条第 2 款规定的权利。

Article 12 第十二条

Scope of obligations for data holders obliged pursuant to Union law to make data available
根据欧盟法律,数据持有者有义务提供数据的义务范围

1.   This Chapter shall apply where, in business-to-business relations, a data holder is obliged under Article 5 or under applicable Union law or national legislation adopted in accordance with Union law, to make data available to a data recipient.
1. 本章适用于在企业对企业关系中,数据持有者根据第 5 条或适用的联盟法律或根据联盟法律通过的国家立法有义务向数据接收者提供数据的情况。

2.   A contractual term in a data sharing agreement which, to the detriment of one party, or, where applicable, to the detriment of the user, excludes the application of this Chapter, derogates from it, or varies its effect, shall not be binding on that party.
2. 数据共享协议中的合同条款,若损害一方利益,或在适用的情况下损害用户利益,排除本章的适用、减损本章或改变其效果,则不得对该方具有约束力。

CHAPTER IV 第四章

UNFAIR CONTRACTUAL TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
与企业间数据访问和使用相关的不公平合同条款

Article 13 第十三条

Unfair contractual terms unilaterally imposed on another enterprise
单方面向另一企业强加不公平的合同条款

1.
   A contractual term concerning access to and the use of data or liability and remedies for the breach or the termination of data related obligations, which has been unilaterally imposed by an enterprise on another enterprise, shall not be binding on the latter enterprise if it is unfair.
一个企业单方面向另一企业强加的涉及数据访问和使用的合同条款或者违反或终止数据相关义务的责任和补救措施,如果不公平,则对该企业不具有约束力。

2.   A contractual term which reflects mandatory provisions of Union law, or provisions of Union law which would apply if the contractual terms did not regulate the matter, shall not be considered to be unfair.
2. 反映联盟法强制性规定的合同条款,或在合同条款未规范该事项时适用的联盟法规定,不应被视为不公平。

3.   A contractual term is unfair if it is of such a nature that its use grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing.
3. 如果合同条款的使用严重偏离数据访问和使用方面的良好商业惯例,违反诚信和公平交易,则该合同条款不公平。

4.   In particular, a contractual term shall be unfair for the purposes of paragraph 3, if its object or effect is to:
4. 特别是,就第 3 款而言,如果合同条款的目的或效果是:

(a) (A)

exclude or limit the liability of the party that unilaterally imposed the term for intentional acts or gross negligence;
排除或限制单方面施加该条款的一方因故意行为或重大过失而承担的责任;

(b) (二)

exclude the remedies available to the party upon whom the term has been unilaterally imposed in the case of non-performance of contractual obligations, or the liability of the party that unilaterally imposed the term in the case of a breach of those obligations;
排除在不履行合同义务的情况下单方面施加该条款的一方可以采取的补救措施,或者在违反这些义务的情况下单方面施加该条款的一方的责任;

(c) (C)

give the party that unilaterally imposed the term the exclusive right to determine whether the data supplied are in conformity with the contract or to interpret any contractual term.
赋予单方面施加该条款的一方确定所提供的数据是否符合合同或解释任何合同条款的专有权利。

5.   A contractual term shall be presumed to be unfair for the purposes of paragraph 3 if its object or effect is to:
5. 就第 3 款而言,如果合同条款的目的或效果是:

(a) (A)

inappropriately limit remedies in the case of non-performance of contractual obligations or liability in the case of a breach of those obligations, or extend the liability of the enterprise upon whom the term has been unilaterally imposed;
不适当地限制不履行合同义务时的补救措施或违反这些义务时的责任,或扩大单方面施加该条款的企业的责任;

(b) (二)

allow the party that unilaterally imposed the term to access and use the data of the other contracting party in a manner that is significantly detrimental to the legitimate interests of the other contracting party, in particular when such data contain commercially sensitive data or are protected by trade secrets or by intellectual property rights;
允许单方面施加该条款的一方以严重损害另一缔约方合法利益的方式访问和使用另一缔约方的数据,特别是当此类数据包含商业敏感数据或受到贸易保护时秘密或知识产权;

(c) (C)

prevent the party upon whom the term has been unilaterally imposed from using the data provided or generated by that party during the period of the contract, or to limit the use of such data to the extent that that party is not entitled to use, capture, access or control such data or exploit the value of such data in an adequate manner;
阻止单方面施加该条款的一方使用该方在合同期间提供或生成的数据,或将此类数据的使用限制在该方无权使用、捕获、以适当的方式访问或控制此类数据或利用此类数据的价值;

(d) (四)

prevent the party upon whom the term has been unilaterally imposed from terminating the agreement within a reasonable period;
防止单方面施加该条款的一方在合理期限内终止协议;

(e) (五)

prevent the party upon whom the term has been unilaterally imposed from obtaining a copy of the data provided or generated by that party during the period of the contract or within a reasonable period after the termination thereof;
阻止单方面施加该条款的一方获取该方在合同期间或合同终止后合理期限内提供或生成的数据的副本;

(f) (F)

enable the party that unilaterally imposed the term to terminate the contract at unreasonably short notice, taking into consideration any reasonable possibility of the other contracting party to switch to an alternative and comparable service and the financial detriment caused by such termination, except where there are serious grounds for so doing;
允许单方面施加该条款的一方在不合理的短时间内终止合同,同时考虑另一缔约方转向替代和类似服务的任何合理可能性以及此类终止造成的财务损失,除非存在严重的情况这样做的理由;

(g) (G)

enable the party that unilaterally imposed the term to substantially change the price specified in the contract or any other substantive condition related to the nature, format, quality or quantity of the data to be shared, where no valid reason and no right of the other party to terminate the contract in the case of such a change is specified in the contract.
使单方面施加该条款的一方能够大幅改变合同中规定的价格或与共享数据的性质、格式、质量或数量相关的任何其他实质性条件,而另一方无正当理由且无权利合同中有明确变更的情况下,合同终止。

Point (g) of the first subparagraph shall not affect terms by which the party that unilaterally imposed the term reserves the right to unilaterally change the terms of a contract of an indeterminate duration, provided that the contract specified a valid reason for such unilateral changes, that the party that unilaterally imposed the term is required to provide the other contracting party with reasonable notice of any such intended change, and that the other contracting party is free to terminate the contract at no cost in the case of a change.
第一段 (g) 点不应影响单方面施加该条款的一方保留单方面更改无限期合同条款的权利的条款,前提是合同规定了此类单方面更改的有效理由,单方面施加该条款的一方必须就任何此类预期变更向另一缔约方提供合理通知,并且在发生变更的情况下,另一缔约方可以免费终止合同。

6.   A contractual term shall be considered to be unilaterally imposed within the meaning of this Article if it has been supplied by one contracting party and the other contracting party has not been able to influence its content despite an attempt to negotiate it.
6. 如果合同条款是由一个缔约方提供的,而另一缔约方尽管试图对其进行谈判但仍无法影响其内容,则应被视为本条含义内单方面强加的合同条款。

The contracting party that supplied the contractual term bears the burden of proving that that term has not been unilaterally imposed. The contracting party that supplied the contested contractual term may not argue that the term is an unfair contractual term.
提供合同条款的缔约方有责任证明该条款不是单方面强加的。提供有争议的合同条款的缔约方不得辩称该条款是不公平的合同条款。

7.   Where the unfair contractual term is severable from the remaining terms of the contract, those remaining terms shall be binding.
7. 如果不公平合同条款与合同的其余条款可分割,则其余条款具有约束力。

8.   This Article does not apply to contractual terms defining the main subject matter of the contract or to the adequacy of the price, as against the data supplied in exchange.
8. 本条不适用于定义合同主要标的的合同条款,也不适用于相对于交换中提供的数据的价格的充足性。

9.   The parties to a contract covered by paragraph 1 shall not exclude the application of this Article, derogate from it, or vary its effects.
9. 第 1 款所涵盖的合同当事人不得排除本条的适用、减损本条或改变其效力。

CHAPTER V 第五章

MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES, THE COMMISSION, THE EUROPEAN CENTRAL BANK AND UNION BODIES ON THE BASIS OF AN EXCEPTIONAL NEED
根据特殊需要向公共部门机构、委员会、欧洲中央银行和工会机构提供数据

Article 14 第十四条

Obligation to make data available on the basis of an exceptional need
根据特殊需要提供数据的义务

Where a public sector body, the Commission, the European Central Bank or a Union body demonstrates an exceptional need, as set out in Article 15, to use certain data, including the relevant metadata necessary to interpret and use those data, to carry out its statutory duties in the public interest, data holders that are legal persons, other than public sectors bodies, which hold those data shall make them available upon a duly reasoned request.
当公共部门机构、委员会、欧洲中央银行或联盟机构表现出第 15 条规定的特殊需要时,需要使用某些数据,包括解释和使用这些数据所需的相关元数据,以执行其出于公共利益的法定职责,持有这些数据的法人(公共部门机构除外)的数据持有者应根据合理的请求提供这些数据。

Article 15 第十五条

Exceptional need to use data
特殊情况需要使用数据

1.   An exceptional need to use certain data within the meaning of this Chapter shall be limited in time and scope and shall be considered to exist only in any of the following circumstances:
1. 本章含义内的某些数据的特殊需要应在时间和范围上受到限制,并且仅在下列情况之一时才被视为存在:

(a) (A)

where the data requested is necessary to respond to a public emergency and the public sector body, the Commission, the European Central Bank or the Union body is unable to obtain such data by alternative means in a timely and effective manner under equivalent conditions;
如果所请求的数据是应对公共紧急情况所必需的,并且公共部门机构、委员会、欧洲中央银行或欧盟机构无法在同等条件下通过其他方式及时有效地获取此类数据;

(b) (二)

in circumstances not covered by point (a) and only insofar as non-personal data is concerned, where:
在 (a) 点未涵盖的情况下且仅就非个人数据而言,其中:

(i) (我)

a public sector body, the Commission, the European Central Bank or a Union body is acting on the basis of Union or national law and has identified specific data, the lack of which prevents it from fulfilling a specific task carried out in the public interest, that has been explicitly provided for by law, such as the production of official statistics or the mitigation of or recovery from a public emergency; and
公共部门机构、委员会、欧洲中央银行或联盟机构根据联盟或国家法律行事,并已确定具体数据,但缺乏这些数据会妨碍其完成为公共利益而执行的具体任务,法律明确规定的,例如官方统计数据的编制或公共紧急情况的缓解或恢复;和

(ii) (二)

the public sector body, the Commission, the European Central Bank or the Union body has exhausted all other means at its disposal to obtain such data, including purchase of non-personal data on the market by offering market rates, or by relying on existing obligations to make data available or the adoption of new legislative measures which could guarantee the timely availability of the data.
公共部门机构、委员会、欧洲中央银行或联盟机构已用尽其所能使用的所有其他手段来获取此类数据,包括通过提供市场价格或依靠现有义务在市场上购买非个人数据提供数据或采取新的立法措施来保证数据的及时提供。

2.   Paragraph 1, point (b), shall not apply to microenterprises and small enterprises.
2. 第 1 款 (b) 点不适用于微型企业和小型企业。

3.
   The obligation to demonstrate that the public sector body was unable to obtain non-personal data by purchasing them on the market shall not apply where the specific task carried out in the public interest is the production of official statistics and where the purchase of such data is not allowed by national law.
如果为了公共利益而执行的具体任务是编制官方统计数据,并且购买此类数据是为了公共利益,则证明公共部门机构无法通过在市场上购买非个人数据来获取非个人数据的义务不适用。国家法律不允许。

Article 16 第十六条

Relationship with other obligations to make data available to public sector bodies, the Commission, the European Central Bank and Union bodies
与向公共部门机构、委员会、欧洲中央银行和联盟机构提供数据的其他义务的关系

1.   This Chapter shall not affect the obligations laid down in Union or national law for the purposes of reporting, complying with requests for access to information or demonstrating or verifying compliance with legal obligations.
1. 本章不应影响联盟或国家法律规定的报告、遵守信息获取请求或证明或核实遵守法律义务的义务。

2.
   This Chapter shall not apply to public sector bodies, the Commission, the European Central Bank or Union bodies carrying out activities for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal penalties, or to customs or taxation administration.
本章不适用于从事预防、调查、侦查或起诉刑事或行政犯罪或执行刑事处罚活动的公共部门机构、委员会、欧洲中央银行或联盟机构,也不适用于海关或税务管理机构。

This Chapter does not affect applicable Union and national law on the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, or for customs or taxation administration.
本章不影响有关预防、调查、侦查或起诉刑事或行政犯罪或执行刑事或行政处罚或海关或税务管理的适用的欧盟和国家法律。

Article 17 第十七条

Requests for data to be made available
要求提供数据

1.   When requesting data pursuant to Article 14, a public sector body, the Commission, the European Central Bank or a Union body shall:
1. 根据第 14 条要求提供数据时,公共部门机构、委员会、欧洲中央银行或联盟机构应:

(a) (A)

specify the data required, including the relevant metadata necessary to interpret and use those data;
指定所需的数据,包括解释和使用这些数据所需的相关元数据;

(b) (二)

demonstrate that the conditions necessary for the existence of an exceptional need as referred to in Article 15 for the purpose of which the data are requested are met;
证明满足第 15 条所指的请求数据的特殊需要的必要条件;

(c) (C)

explain the purpose of the request, the intended use of the data requested, including, where applicable, by a third party in accordance with paragraph 4 of this Article, the duration of that use, and, where relevant, how the processing of personal data is to address the exceptional need;
解释请求的目的、所请求数据的预期用途,包括在适用的情况下由第三方根据本条第 4 款进行的用途、使用的持续时间,以及在相关的情况下如何处理个人数据是为了解决特殊需要;

(d) (四)

specify, if possible, when the data are expected to be erased by all parties that have access to them;
如果可能,请指定有权访问数据的所有各方预计何时删除数据;

(e) (五)

justify the choice of data holder to which the request is addressed;
证明选择请求所针对的数据持有者的合理性;

(f) (F)

specify any other public sector bodies or the Commission, European Central Bank or Union bodies and the third parties with which the data requested is expected to be shared with;
指定预计将与其共享所请求数据的任何其他公共部门机构或委员会、欧洲中央银行或联盟机构以及第三方;

(g) (G)

where personal data are requested, specify any technical and organisational measures necessary and proportionate to implement data protection principles and necessary safeguards, such as pseudonymisation, and whether anonymisation can be applied by the data holder before making the data available;
如果要求提供个人数据,请具体说明实施数据保护原则和必要保障措施所必需且相称的任何技术和组织措施,例如假名化,以及数据持有者在提供数据之前是否可以应用匿名化;

(h) (H)

state the legal provision allocating to the requesting public sector body, the Commission, the European Central Bank or the Union body the specific task carried out in the public interest relevant for requesting the data;
说明向提出请求的公共部门机构、委员会、欧洲中央银行或联盟机构分配为与请求数据相关的公共利益而执行的具体任务的法律规定;

(i) (我)

specify the deadline by which the data are to be made available and the deadline referred to in Article 18(2) by which the data holder may decline or seek modification of the request;
明确提供数据的截止日期以及第 18(2) 条中提及的数据持有者可以拒绝或寻求修改请求的截止日期;

(j)

make its best efforts to avoid compliance with the data request resulting in the data holders’ liability for infringement of Union or national law.
尽最大努力避免遵守数据请求,从而导致数据持有者承担违反欧盟或国家法律的责任。

2.   A request for data made pursuant to paragraph 1 of this Article shall:
2. 根据本条第 1 款提出的数据请求应:

(a) (A)

be made in writing and expressed in clear, concise and plain language understandable to the data holder;
以书面形式进行,并以数据持有者可以理解的清晰、简洁和通俗易懂的语言表达;

(b) (二)

be specific regarding the type of data requested and correspond to data which the data holder has control over at the time of the request;
具体说明所请求的数据类型,并与数据持有者在请求时可以控制的数据相对应;

(c) (C)

be proportionate to the exceptional need and duly justified, regarding the granularity and volume of the data requested and frequency of access of the data requested;
关于所请求数据的粒度和数量以及所请求数据的访问频率,与特殊需求相称并经过适当论证;

(d) (四)

respect the legitimate aims of the data holder, committing to ensuring the protection of trade secrets in accordance with Article 19(3), and the cost and effort required to make the data available;
尊重数据持有者的合法目的,承诺根据第 19(3) 条确保商业秘密的保护,以及提供数据所需的成本和努力;

(e) (五)

concern non-personal data, and only if this is demonstrated to be insufficient to respond to the exceptional need to use data, in accordance with Article 15(1), point (a), request personal data in pseudonymised form and establish the technical and organisational measures that are to be taken to protect the data;
涉及非个人数据,并且仅当证明这不足以满足使用数据的特殊需要时,根据第 15 条(1)款(a)点,请求以化名形式提供个人数据,并建立技术和为保护数据而采取的组织措施;

(f) (F)

inform the data holder of the penalties that are to be imposed pursuant to Article 40 by the competent authority designated pursuant to Article 37 in the event of non-compliance with the request;
告知数据持有者如果不遵守请求,根据第 37 条指定的主管当局将根据第 40 条实施的处罚;

(g) (G)

where the request is made by a public sector body, be transmitted to the data coordinator referred to in Article 37 of the Member State where the requesting public sector body is established, who shall make the request publicly available online without undue delay unless the data coordinator considers that such publication would create a risk for public security;
如果请求是由公共部门机构提出的,则应将其传送给提出请求的公共部门机构所在成员国第 37 条中提到的数据协调员,该数据协调员应立即在线公开该请求,除非数据协调员认为此类发布会对公共安全造成风险;

(h) (H)

where the request is made by the Commission, the European Central Bank or a Union body, be made available online without undue delay;
如果请求是由委员会、欧洲中央银行或联盟机构提出的,则应立即在线提供;

(i) (我)

where personal data are requested, be notified without undue delay to the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 in the Member State where the public sector body is established.
如果需要提供个人数据,请立即通知负责监督公共部门机构所在成员国的 (EU) 2016/679 条例实施情况的监管机构。

The European Central Bank and Union bodies shall inform the Commission of their requests.
欧洲中央银行和联盟机构应将其请求通知委员会。

3.   A public sector body, the Commission, the European Central Bank or a Union body shall not make data obtained pursuant to this Chapter available for reuse as defined in Article 2, point (2), of Regulation (EU) 2022/868 or Article 2, point (11), of Directive (EU) 2019/1024.
3. 公共部门机构、委员会、欧洲中央银行或联盟机构不得将根据本章获得的数据用于重复使用(如 (EU) 2022/868 条例第 2 条第 (2) 点或(EU) 2019/1024 号指令第 2 条第 (11) 点。

Regulation (EU) 2022/868 and Directive (EU) 2019/1024 shall not apply to the data held by public sector bodies obtained pursuant to this Chapter.
(EU) 2022/868 条例和 (EU) 2019/1024 指令不适用于公共部门机构根据本章获得的数据。

4.
   Paragraph 3 of this Article does not preclude a public sector body, the Commission, the European Central Bank or a Union body to exchange data obtained pursuant to this Chapter with another public sector body or the Commission, the European Central Bank or a Union body in view of completing the tasks referred to in Article 15, as specified in the request in accordance with paragraph 1, point (f), of this Article or to make the data available to a third party where it has delegated, by means of a publicly available agreement, technical inspections or other functions to that third party.
本条第 3 款并不排除公共部门机构、委员会、欧洲中央银行或联盟机构与其他公共部门机构或委员会、欧洲中央银行或联盟机构交换根据本章获得的数据。为了完成根据本条第 1 款第 (f) 点提出的请求中规定的第 15 条所述任务,或通过公开方式将数据提供给其委托的第三方该第三方可用的协议、技术检查或其他功能。

The obligations on public sector bodies pursuant to Article 19, in particular safeguards to preserve the confidentiality of trade secrets, shall apply also to such third parties.
第 19 条规定的公共部门机构的义务,特别是保护商业秘密的保密措施,也适用于此类第三方。

Where a public sector body, the Commission, the European Central Bank or a Union body transmits or makes data available under this paragraph, it shall notify the data holder from whom the data was received without undue delay.
如果公共部门机构、委员会、欧洲中央银行或联盟机构根据本款传输或提供数据,则应立即通知从其接收数据的数据持有者。

5.
   Where the data holder considers that its rights under this Chapter have been infringed by the transmission or making available of data, it may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果数据持有者认为其在本章下的权利因传输或提供数据而受到侵犯,则可以向数据持有者所在成员国根据第 37 条指定的主管当局提出投诉。

6.   The Commission shall develop a model template for requests pursuant to this Article.
6. 委员会应根据本条制定请求的模型模板。

Article 18 第十八条

Compliance with requests for data
遵守数据请求

1.
   A data holder receiving a request to make data available under this Chapter shall make the data available to the requesting public sector body, the Commission, the European Central Bank or a Union body without undue delay, taking into account necessary technical, organisational and legal measures.
收到本章规定的提供数据请求的数据持有者应立即向提出请求的公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据,同时考虑必要的技术、组织和法律措施。

2.
   Without prejudice to specific needs regarding the availability of data defined in Union or national law, a data holder may decline or seek the modification of a request to make data available under this Chapter without undue delay and, in any event, no later than five working days after the receipt of a request for the data necessary to respond to a public emergency and without undue delay and, in any event, no later than 30 working days after the receipt of such a request in other cases of an exceptional need, on any of the following grounds:
在不损害欧盟或国家法律中定义的有关数据可用性的特定需求的情况下,数据持有者可以拒绝或寻求修改根据本章提供数据的请求,不得无故拖延,并且在任何情况下不得迟于五个工作时间在收到应对公共紧急情况所需数据的请求后数天内,并且不得无故拖延,并且在任何情况下,在其他特殊需要的情况下,不得迟于收到此类请求后 30 个工作日,出于以下理由:

(a) (A)

the data holder does not have control over the data requested;
数据持有者无法控制所请求的数据;

(b) (二)

a similar request for the same purpose has been previously submitted by another public sector body or the Commission, the European Central Bank or a Union body and the data holder has not been notified of the erasure of the data pursuant to Article 19(1), point (c);
另一个公共部门机构或委员会、欧洲中央银行或联盟机构之前已出于同一目的提交过类似请求,并且数据持有者未收到根据第 19(1) 条删除数据的通知, (c)点;

(c) (C)

the request does not meet the conditions laid down in Article 17(1) and (2).
该请求不符合第十七条第一款和第二款规定的条件。

3.
   If the data holder decides to decline the request or to seek its modification in accordance with paragraph 2, point (b), it shall indicate the identity of the public sector body or the Commission, the European Central Bank or the Union body that previously submitted a request for the same purpose.
如果数据持有者决定拒绝请求或根据第 2 款 (b) 点寻求修改,则应表明先前提交请求的公共部门机构或委员会、欧洲中央银行或欧盟机构的身份出于同一目的的请求。

4.
   Where the data requested includes personal data, the data holder shall properly anonymise the data, unless the compliance with the request to make data available to a public sector body, the Commission, the European Central Bank or a Union body requires the disclosure of personal data.
如果所请求的数据包括个人数据,数据持有者应适当地匿名化数据,除非为了满足向公共部门机构、委员会、欧洲中央银行或欧盟机构提供数据的要求而要求披露个人数据。

In such cases, the data holder shall pseudonymise the data.
在这种情况下,数据持有者应对数据进行假名处理。

5.
   Where the public sector body, the Commission, the European Central Bank or the Union body wishes to challenge a data holder’s refusal to provide the data requested, or where the data holder wishes to challenge the request and the matter cannot be resolved by an appropriate modification of the request, the matter shall be referred to the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果公共部门机构、委员会、欧洲中央银行或联盟机构希望对数据持有者拒绝提供所请求的数据提出质疑,或者数据持有者希望对请求提出质疑,但问题无法通过适当的修改来解决收到请求后,该事项应提交给数据持有者所在成员国根据第 37 条指定的主管机构。

Article 19 第十九条

Obligations of public sector bodies, the Commission, the European Central Bank and Union bodies
公共部门机构、委员会、欧洲中央银行和联盟机构的义务

1.   A public sector body, the Commission, the European Central Bank or a Union body receiving data pursuant to a request made under Article 14 shall:
1. 根据第 14 条提出的请求接收数据的公共部门机构、委员会、欧洲中央银行或联盟机构应:

(a) (A)

not use the data in a manner incompatible with the purpose for which they were requested;
不得以与请求目的不相符的方式使用数据;

(b) (二)

have implemented technical and organisational measures that preserve the confidentiality and integrity of the requested data and the security of the data transfers, in particular personal data, and safeguard the rights and freedoms of data subjects;
已实施技术和组织措施,以保护所请求数据的机密性和完整性以及数据传输的安全性,特别是个人数据,并保障数据主体的权利和自由;

(c) (C)

erase the data as soon as they are no longer necessary for the stated purpose and inform the data holder and individuals or organisations that received the data pursuant to Article 21(1) without undue delay that the data have been erased, unless archiving of the data is required in accordance with Union or national law on public access to documents in the context of transparency obligations.
一旦数据不再需要用于所述目的,则立即删除数据,并立即通知数据持有者以及根据第 21(1) 条收到数据的个人或组织,数据已被删除,除非数据存档根据欧盟或国家法律关于在透明度义务的背景下公众获取文件的要求。

2.   A public sector body, the Commission, the European Central Bank, a Union body or a third party receiving data under this Chapter shall not:
2. 根据本章规定接收数据的公共部门机构、委员会、欧洲中央银行、欧盟机构或第三方不得:

(a) (A)

use the data or insights about the economic situation, assets and production or operation methods of the data holder to develop or enhance a connected product or related service that competes with the connected product or related service of the data holder;
使用有关数据持有者的经济状况、资产以及生产或经营方法的数据或见解来开发或增强与数据持有者的互联产品或相关服务竞争的互联产品或相关服务;

(b) (二)

share the data with another third party for any of the purposes referred to in point (a).
出于 (a) 点中提到的任何目的与其他第三方共享数据。

3.   Disclosure of trade secrets to a public sector body, the Commission, the European Central Bank or a Union body shall be required only to the extent that it is strictly necessary to achieve the purpose of a request under Article 15.
3. 向公共部门机构、委员会、欧洲中央银行或联盟机构披露商业秘密的要求仅限于为实现第 15 条规定的请求目的所必需的范围内。

In such a case, the data holder or, where they are not the same person, the trade secret holder shall identify the data which are protected as trade secrets, including in the relevant metadata.
在这种情况下,数据持有者或商业秘密持有者(如果不是同一个人)应识别受商业秘密保护的数据,包括相关元数据中的数据。

The public sector body, the Commission, the European Central Bank or the Union body shall, prior to the disclosure of trade secrets, take all necessary and appropriate technical and organisational measures to preserve the confidentiality of the trade secrets, including, as appropriate, the use of model contractual terms, technical standards and the application of codes of conduct.
公共部门机构、委员会、欧洲中央银行或联盟机构应在披露商业秘密之前,采取一切必要和适当的技术和组织措施来保守商业秘密的机密性,包括酌情使用示范合同条款、技术标准和行为准则的应用。

4.   A public sector body, the Commission, the European Central Bank or a Union body shall be responsible for the security of the data it receives.
4. 公共部门机构、委员会、欧洲中央银行或联盟机构应对其收到的数据的安全负责。

Article 20 第二十条

Compensation in cases of an exceptional need
特殊需要时的补偿

1.   Data holders other than microenterprises and small enterprises shall make available data necessary to respond to a public emergency pursuant to Article 15(1), point (a), free of charge.
1.微型企业和小型企业以外的数据持有者应根据第15条第(1)款(a)项免费提供应对公共紧急情况所需的数据。

The public sector body, the Commission, the European Central Bank or the Union body that has received data shall provide public acknowledgement to the data holder if requested by the data holder.
如果数据持有者提出要求,收到数据的公共部门机构、委员会、欧洲中央银行或联盟机构应向数据持有者提供公开确认。

2.   The data holder shall be entitled to fair compensation for making data available in compliance with a request made pursuant to Article 15(1), point (b).
2. 数据持有者应有权因按照第 15 条第 (1) 款 (b) 点提出的请求提供数据而获得公平补偿。

Such compensation shall cover the technical and organisational costs incurred to comply with the request including, where applicable, the costs of anonymisation, pseudonymisation, aggregation and of technical adaptation, and a reasonable margin.
此类补偿应涵盖为遵守请求而产生的技术和组织成本,包括(如适用)匿名化、假名化、聚合和技术适应的成本以及合理的利润。

Upon request of the public sector body, the Commission, the European Central Bank or the Union body, the data holder shall provide information on the basis for the calculation of the costs and the reasonable margin.
应公共部门机构、委员会、欧洲中央银行或联盟机构的要求,数据持有者应提供有关成本和合理利润计算基础的信息。

3.   Paragraph 2 shall also apply where a microenterprise and small enterprise claims compensation for making data available.
三、小微企业因提供数据而要求赔偿的,亦适用第二款规定。

4.
   Data holders shall not be entitled to compensation for making data available in compliance with a request made pursuant to Article 15(1), point (b), where the specific task carried out in the public interest is the production of official statistics and where the purchase of data is not allowed by national law.
如果为了公共利益而执行的具体任务是编制官方统计数据,并且国家法律不允许购买数据。

Member States shall notify the Commission where the purchase of data for the production of official statistics is not allowed by national law.
如果国家法律不允许购买数据用于制作官方统计数据,成员国应通知委员会。

5.
   Where the public sector body, the Commission, the European Central Bank or the Union body disagrees with the level of compensation requested by the data holder, they may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果公共部门机构、委员会、欧洲中央银行或联盟机构不同意数据持有者要求的赔偿水平,他们可以向数据所在成员国根据第 37 条指定的主管当局提出投诉。持有者成立。

Article 21 第二十一条

Sharing of data obtained in the context of an exceptional need with research organisations or statistical bodies
与研究组织或统计机构共享在特殊需要的情况下获得的数据

1.   A public sector body, the Commission, the European Central Bank or a Union body shall be entitled to share data received under this Chapter:
1. 公共部门机构、委员会、欧洲中央银行或联盟机构应有权共享根据本章收到的数据:

(a) (A)

with individuals or organisations in view of carrying out scientific research or analytics compatible with the purpose for which the data was requested; or
与个人或组织进行与所请求数据的目的相一致的科学研究或分析;或者

(b) (二)

with national statistical institutes and Eurostat for the production of official statistics.
与国家统计机构和欧盟统计局合作制作官方统计数据。

2.   Individuals or organisations receiving the data pursuant to paragraph 1 shall act on a not-for-profit basis or in the context of a public-interest mission recognised in Union or national law.
2. 根据第 1 款接收数据的个人或组织应以非营利为目的或在欧盟或国家法律认可的公共利益使命的背景下行事。

They shall not include organisations upon which commercial undertakings have a significant influence which is likely to result in preferential access to the results of the research.
它们不应包括商业企业具有重大影响力并可能导致优先获得研究成果的组织。

3.   Individuals or organisations receiving the data pursuant to paragraph 1 of this Article shall comply with the same obligations that are applicable to the public sector bodies, the Commission, the European Central Bank or Union bodies pursuant to Article 17(3) and Article 19.
3. 根据本条第 1 款接收数据的个人或组织应遵守根据第 17 条第(3)款和第 19 条适用于公共部门机构、委员会、欧洲中央银行或联盟机构的相同义务。

4.
   Notwithstanding Article 19(1), point (c), individuals or organisations receiving the data pursuant to paragraph 1 of this Article may keep the data received for the purpose for which the data was requested for up to six months following erasure of the data by the public sector bodies, the Commission, the European Central Bank and Union bodies.
尽管有第 19 条第 (1) 款 (c) 点的规定,根据本条第 1 款接收数据的个人或组织可以出于请求数据的目的而在删除数据后将收到的数据保留最多六个月。公共部门机构、委员会、欧洲中央银行和联盟机构。

5.
   Where a public sector body, the Commission, the European Central Bank or a Union body intends to transmit or make data available under paragraph 1 of this Article, it shall notify without undue delay the data holder from whom the data was received, stating the identity and contact details of the organisation or the individual receiving the data, the purpose of the transmission or making available of the data, the period for which the data is to be used and the technical protection and organisational measures taken, including where personal data or trade secrets are involved.
如果公共部门机构、委员会、欧洲中央银行或联盟机构打算根据本条第 1 款传输或提供数据,则应立即通知从其收到数据的数据持有者,说明其身份接收数据的组织或个人的联系方式、传输或提供数据的目的、使用数据的期限以及采取的技术保护和组织措施,包括个人数据或交易的地点涉及秘密。

Where the data holder disagrees with the transmission or making available of data, it may lodge a complaint with the competent authority designated pursuant to Article 37 of the Member State where the data holder is established.
如果数据持有者不同意传输或提供数据,可以向数据持有者所在成员国根据第 37 条指定的主管当局提出投诉。

Article 22 第二十二条

Mutual assistance and cross-border cooperation
互助跨境合作

1.   Public sector bodies, the Commission, the European Central Bank and Union bodies shall cooperate and assist one another, to implement this Chapter in a consistent manner.
1. 公共部门机构、委员会、欧洲中央银行和联盟机构应相互合作和协助,以一致的方式实施本章。

2.   Any data exchanged in the context of assistance requested and provided pursuant to paragraph 1 shall not be used in a manner incompatible with the purpose for which they were requested.
2. 在根据第 1 款请求和提供援助时交换的任何数据不得以与请求目的不相符的方式使用。

3.   Where a public sector body intends to request data from a data holder established in another Member State, it shall first notify the competent authority designated pursuant to Article 37 in that Member State of that intention.
3. 如果公共部门机构打算向另一个成员国设立的数据持有者请求数据,则应首先将该意图通知该成员国根据第 37 条指定的主管当局。

This requirement shall also apply to requests by the Commission, the European Central Bank and Union bodies. The request shall be examined by the competent authority of the Member State where the data holder is established.
该要求也适用于委员会、欧洲中央银行和联盟机构的请求。该请求应由数据持有者所在成员国的主管当局进行审查。

4.   After having examined the request in light of the requirements laid down in Article 17, the relevant competent authority shall, without undue delay, take one of the following actions:
4. 根据第十七条规定的要求审查请求后,有关主管当局应立即采取以下行动之一:

(a) (A)

transmit the request to the data holder and, if applicable, advise the requesting public sector body, the Commission, the European Central Bank or the Union body of the need, if any, to cooperate with public sector bodies of the Member State in which the data holder is established with the aim of reducing the administrative burden on the data holder in complying with the request;
将请求转发给数据持有者,并在适用的情况下,告知提出请求的公共部门机构、委员会、欧洲中央银行或欧盟机构是否需要与数据所在成员国的公共部门机构合作(如果有)设立数据持有者的目的是减轻数据持有者在遵守请求方面的行政负担;

(b) (二)

reject the request on duly substantiated grounds in accordance with this Chapter.
根据本章规定,以充分证实的理由拒绝该请求。

The requesting public sector body, the Commission, the European Central Bank and the Union body shall take into account the advice of and the grounds provided by the relevant competent authority pursuant to the first subparagraph before taking any further action such as resubmitting the request, if applicable.
提出请求的公共部门机构、委员会、欧洲中央银行和欧盟机构在采取任何进一步行动(例如重新提交请求)之前,应考虑相关主管当局根据第一分段提供的建议和理由,如果适用的。

CHAPTER VI 第六章

SWITCHING BETWEEN DATA PROCESSING SERVICES
在数据处理服务之间切换

Article 23 第二十三条

Removing obstacles to effective switching
消除有效切换的障碍

Providers of data processing services shall take the measures provided for in Articles 25, 26, 27, 29 and 30 to enable customers to switch to a data processing service, covering the same service type, which is provided by a different provider of data processing services, or to on-premises ICT infrastructure, or, where relevant, to use several providers of data processing services at the same time.
数据处理服务提供者应当采取第二十五条、第二十六条、第二十七条、第二十九条、第三十条规定的措施,使客户能够切换到由不同数据处理服务提供者提供的同一服务类型的数据处理服务。 ,或本地 ICT 基础设施,或在相关情况下同时使用多个数据处理服务提供商。

In particular, providers of data processing services shall not impose and shall remove pre-commercial, commercial, technical, contractual and organisational obstacles, which inhibit customers from:
特别是,数据处理服务提供商不得施加并应消除商业前、商业、技术、合同和组织障碍,这些障碍阻碍客户:

(a)

terminating, after the maximum notice period and the successful completion of the switching process, in accordance with Article 25, the contract of the data processing service;

(b)

concluding new contracts with a different provider of data processing services covering the same service type;

(c)

porting the customer’s exportable data and digital assets, to a different provider of data processing services or to an on-premises ICT infrastructure, including after having benefited from a free-tier offering;

(d)

in accordance with Article 24, achieving functional equivalence in the use of the new data processing service in the ICT environment of a different provider of data processing services covering the same service type;

(e)

unbundling, where technically feasible, data processing services referred to in Article 30(1) from other data processing services provided by the provider of data processing services.
在技​​术上可行的情况下,将第 30 条第(1)款所述的数据处理服务与数据处理服务提供商提供的其他数据处理服务分拆。

Article 24 第二十四条

Scope of the technical obligations
技术义务的范围

The responsibilities of providers of data processing services laid down in Articles 23, 25, 29, 30 and 34 shall apply only to the services, contracts or commercial practices provided by the source provider of data processing services.
第二十三条、第二十五条、第二十九条、第三十条和第三十四条规定的数据处理服务提供者的责任仅适用于数据处理服务来源提供者提供的服务、合同或商业惯例。

Article 25 第二十五条

Contractual terms concerning switching
有关转换的合同条款

1.   The rights of the customer and the obligations of the provider of data processing services in relation to switching between providers of such services or, where applicable, to an on-premises ICT infrastructure shall be clearly set out in a written contract.
1. 应在书面合同中明确规定客户的权利和数据处理服务提供商在此类服务提供商之间或适用的情况下本地 ICT 基础设施之间切换的权利和义务。

The provider of data processing services shall make that contract available to the customer prior to signing the contract in a way that allows the customer to store and reproduce the contract.
数据处理服务提供商应在签署合同之前以允许客户存储和复制合同的方式向客户提供该合同。

2.   Without prejudice to Directive (EU) 2019/770, the contract referred to in paragraph 1 of this Article shall include at least the following:
2. 在不影响指令(EU)2019/770 的情况下,本条第 1 款提及的合同应至少包括以下内容:

(a) (A)

clauses allowing the customer, upon request, to switch to a data processing service offered by a different provider of data processing services or to port all exportable data and digital assets to an on-premises ICT infrastructure, without undue delay and in any event not after the mandatory maximum transitional period of 30 calendar days, to be initiated after the maximum notice period referred to in point (d), during which the service contract remains applicable and during which the provider of data processing services shall:
允许客户根据要求切换到不同数据处理服务提供商提供的数据处理服务,或将所有可导出数据和数字资产移植到本地 ICT 基础设施,不得无故拖延,并且在任何情况下不得超过强制性最长过渡期为 30 个日历日,在 (d) 点提到的最长通知期之后启动,在此期间服务合同仍然适用,并且在此期间数据处理服务提供商应:

(i) (我)

provide reasonable assistance to the customer and third parties authorised by the customer in the switching process;
在转换过程中向客户及客户授权的第三方提供合理协助;

(ii) (二)

act with due care to maintain business continuity, and continue the provision of the functions or services under the contract;
谨慎行事以保持业务连续性,并继续提供合同项下的功能或服务;

(iii) (三)

provide clear information concerning known risks to continuity in the provision of the functions or services on the part of the source provider of data processing services;
提供有关数据处理服务来源提供商提供功能或服务的连续性已知风险的明确信息;

(iv) (四)

ensure that a high level of security is maintained throughout the switching process, in particular the security of the data during their transfer and the continued security of the data during the retrieval period specified in point (g), in accordance with applicable Union or national law;
根据适用的欧盟或国家法律,确保在整个转换过程中保持高水平的安全性,特别是在传输过程中数据的安全性以及在(g)点指定的检索期间数据的持续安全性;

(b) (二)

an obligation of the provider of data processing services to support the customer’s exit strategy relevant to the contracted services, including by providing all relevant information;
数据处理服务提供商有义务支持客户与合同服务相关的退出策略,包括提供所有相关信息;

(c) (C)

a clause specifying that the contract shall be considered to be terminated and the customer shall be notified of the termination, in one of the following cases:
规定在下列情况之一的情况下,合同应被视为终止并应通知客户终止的条款:

(i) (我)

where applicable, upon the successful completion of the switching process;
在适用的情况下,在成功完成转换过程后;

(ii) (二)

at the end of the maximum notice period referred to in paragraph (d), where the customer does not wish to switch but to erase its exportable data and digital assets upon service termination;
在 (d) 段提及的最长通知期结束时,客户不希望切换,而是希望在服务终止时删除其可导出数据和数字资产;

(d) (四)

a maximum notice period for initiation of the switching process, which shall not exceed two months;
启动转换过程的最长通知期不得超过两个月;

(e) (五)

an exhaustive specification of all categories of data and digital assets that can be ported during the switching process, including, at a minimum, all exportable data;
对转换过程中可以移植的所有类别的数据和数字资产的详尽规范,至少包括所有可导出的数据;

(f) (F)

an exhaustive specification of categories of data specific to the internal functioning of the provider’s data processing service that are to be exempted from the exportable data under point (e) of this paragraph where a risk of breach of trade secrets of the provider exists, provided that such exemptions do not impede or delay the switching process provided for in Article 23;
针对供应商数据处理服务内部功能的数据类别的详尽规范,如果存在违反供应商商业秘密的风险,则根据本段 (e) 点,这些数据类别将被豁免于可导出数据,前提是:此类豁免不会妨碍或延迟第 23 条规定的转换过程;

(g) (G)

a minimum period for data retrieval of at least 30 calendar days, starting after the termination of the transitional period that was agreed between the customer and the provider of data processing services, in accordance with point (a) of this paragraph and paragraph 4;
根据本段 (a) 点和第 4 段,数据检索的最短期限为至少 30 个日历日,从客户与数据处理服务提供商商定的过渡期终止后开始;

(h) (H)

a clause guaranteeing full erasure of all exportable data and digital assets generated directly by the customer, or relating to the customer directly, after the expiry of the retrieval period referred to in point (g) or after the expiry of an alternative agreed period at a date later than the date of expiry of the retrieval period referred to in point (g), provided that the switching process has been completed successfully;
保证在 (g) 点提到的检索期届满后或替代商定期限届满后完全删除由客户直接生成或与客户直接相关的所有可导出数据和数字资产的条款晚于 (g) 点中提到的检索期到期日期的日期,前提是转换过程已成功完成;

(i) (我)

switching charges, that may be imposed by providers of data processing services in accordance with Article 29.
数据处理服务提供商可以根据第 29 条征收转换费。

3.
   The contract referred to in paragraph 1 shall include clauses providing that the customer may notify the provider of data processing services of its decision to perform one or more of the following actions upon termination of the maximum notice period referred to in paragraph 2, point (d):
第 1 款中提到的合同应包括这样的条款,规定客户可以通知数据处理服务提供商其决定在第 2 款第 (d) 点中提到的最长通知期限终止时执行以下一项或多项行动: ):

(a) (A)

switch to a different provider of data processing services, in which case the customer shall provide the necessary details of that provider;
切换到不同的数据处理服务提供商,在这种情况下,客户应提供该提供商的必要详细信息;

(b) (二)

switch to an on-premises ICT infrastructure;
切换到本地 ICT 基础设施;

(c) (C)

erase its exportable data and digital assets.
删除其可导出数据和数字资产。

4.
   Where the mandatory maximum transitional period as provided for in paragraph 2, point (a) is technically unfeasible, the provider of data processing services shall notify the customer within 14 working days of the making of the switching request, and shall duly justify the technical unfeasibility and indicate an alternative transitional period, which shall not exceed seven months.
如果第 2 款 (a) 点规定的强制性最长过渡期在技术上不可行,数据处理服务提供商应在提出转换请求后 14 个工作日内通知客户,并应充分证明技术上不可行的理由并注明替代的过渡期,过渡期不得超过七个月。

In accordance with paragraph 1, service continuity shall be ensured throughout the alternative transitional period.
根据第 1 款,应在整个替代过渡期内确保服务连续性。

5.   Without prejudice to paragraph 4, the contract referred to in paragraph 1 shall include clauses providing the customer with the right to extend the transitional period once for a period that the customer considers more appropriate for its own purposes.
5. 在不影响第 4 款的情况下,第 1 款提及的合同应包括条款,规定客户有权将过渡期延长一次,直至客户认为更适合其自身目的的期限。

Article 26 第二十六条

Information obligation of providers of data processing services
数据处理服务提供者的信息义务

The provider of data processing services shall provide the customer with:
数据处理服务提供商应向客户提供:

(a) (A)

information on available procedures for switching and porting to the data processing service, including information on available switching and porting methods and formats as well as restrictions and technical limitations which are known to the provider of data processing services;
有关切换和移植到数据处理服务的可用程序的信息,包括有关可用的切换和移植方法和格式以及数据处理服务提供商已知的限制和技术限制的信息;

(b) (二)

a reference to an up-to-date online register hosted by the provider of data processing services, with details of all the data structures and data formats as well as the relevant standards and open interoperability specifications, in which the exportable data referred to in Article 25(2), point (e), are available.
由数据处理服务提供商托管的最新在线注册的参考,其中包含所有数据结构和数据格式的详细信息以及相关标准和开放互操作性规范,其中第 1 条中提到的可导出数据25(2),第(e)点,可用。

Article 27 第二十七条

Obligation of good faith 诚信义务

All parties involved, including destination providers of data processing services, shall cooperate in good faith to make the switching process effective, enable the timely transfer of data and maintain the continuity of the data processing service.
包括数据处理服务目的地提供者在内的各方应当真诚合作,使切换过程有效,确保数据及时转移,保持数据处理服务的连续性。

Article 28 第二十八条

Contractual transparency obligations on international access and transfer
国际访问和传输的合同透明度义务

1.   Providers of data processing services shall make the following information available on their websites, and keep that information up to date:
1. 数据处理服务提供商应在其网站上提供以下信息,并及时更新该信息:

(a) (A)

the jurisdiction to which the ICT infrastructure deployed for data processing of their individual services is subject;
为其个别服务的数据处理而部署的 ICT 基础设施所受管辖;

(b) (二)

a general description of the technical, organisational and contractual measures adopted by the provider of data processing services in order to prevent international governmental access to or transfer of non-personal data held in the Union where such access or transfer would create a conflict with Union law or the national law of the relevant Member State.
数据处理服务提供商为防止国际政府访问或转移欧盟持有的非个人数据而采取的技术、组织和合同措施的一般说明,因为这种访问或转移会与欧盟法律产生冲突或相关成员国的国家法律。

2.   The websites referred to in paragraph 1 shall be listed in contracts for all data processing services offered by providers of data processing services.
2. 第 1 款中提到的网站应列在数据处理服务提供商提供的所有数据处理服务的合同中。

Article 29 第二十九条

Gradual withdrawal of switching charges
逐步取消转换费用

1.   From 12 January 2027, providers of data processing services shall not impose any switching charges on the customer for the switching process.
1.自2027年1月12日起,数据处理服务提供商不得就转换过程向客户收取任何转换费用。

2.   From 11 January 2024 to 12 January 2027, providers of data processing services may impose reduced switching charges on the customer for the switching process.
2. 2024年1月11日至2027年1月12日期间,数据处理服务提供商可以向客户收取较低的转换费用。

3.   The reduced switching charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processing services that are directly linked to the switching process concerned.
3. 第 2 款中提到的减少的转换费用不得超过与相关转换过程直接相关的数据处理服务提供商所产生的成本。

4.
   Before entering into a contract with a customer, providers of data processing services shall provide the prospective customer with clear information on the standard service fees and early termination penalties that might be imposed, as well as on the reduced switching charges that might be imposed during the timeframe referred to in paragraph 2.
在与客户签订合同之前,数据处理服务提供商应向潜在客户提供有关标准服务费和可能施加的提前终止罚款以及在服务期间可能施加的减少的转换费用的明确信息。第 2 段中提及的时间范围。

5.
   Where relevant, providers of data processing services shall provide information to a customer on data processing services that involve highly complex or costly switching or for which it is impossible to switch without significant interference in the data, digital assets or service architecture.
在相关情况下,数据处理服务提供商应向客户提供涉及高度复杂或成本高昂的转换或在不对数据、数字资产或服务架构造成重大干扰的情况下不可能进行转换的数据处理服务的信息。

6.   Where applicable, providers of data processing services shall make the information referred to in paragraphs 4 and 5 publicly available to customers via a dedicated section of their website or in any other easily accessible way.
6. 在适用的情况下,数据处理服务提供商应通过其网站的专门部分或以任何其他易于访问的方式向客户公开第 4 款和第 5 款中提到的信息。

7.
   The Commission is empowered to adopt delegated acts in accordance with Article 45 to supplement this Regulation by establishing a monitoring mechanism for the Commission to monitor switching charges, imposed by providers of data processing services on the market to ensure that the withdrawal and reduction of switching charges, pursuant to paragraphs 1 and 2 of this Article are to be attained in accordance with the deadlines laid down in those paragraphs.
委员会有权根据第 45 条采取授权行为来补充本条例,建立委员会监督机制来监督市场上数据处理服务提供商征收的转换费用,以确保取消和减少转换费用,根据本条第 1 款和第 2 款,应按照这些款规定的期限完成。

Article 30 第三十条

Technical aspects of switching
切换的技术方面

1.
   Providers of data processing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall, in accordance with Article 27, take all reasonable measures in their power to facilitate that the customer, after switching to a service covering the same service type, achieves functional equivalence in the use of the destination data processing service.
涉及可扩展和弹性计算资源的数据处理服务提供商,这些资源仅限于基础设施元素,例如服务器、网络和操作基础设施所需的虚拟资源,但不提供对所存储的操作服务、软件和应用程序的访问,否则处理或部署在这些基础设施要素上的,应根据第 27 条,在其权力范围内采取一切合理措施,以促进客户在切换到涵盖相同服务类型的服务后,在使用目的地时实现功能等效数据处理服务。

The source provider of data processing services shall facilitate the switching process by providing capabilities, adequate information, documentation, technical support and, where appropriate, the necessary tools.
数据处理服务的来源提供商应通过提供能力、充足的信息、文档、技术支持以及必要的工具(如适用)来促进转换过程。

2.
   Providers of data processing services, other than those referred to in paragraph 1, shall make open interfaces available to an equal extent to all their customers and the concerned destination providers of data processing services free of charge to facilitate the switching process.
除第 1 款所述之外的数据处理服务提供商应向其所有客户和相关数据处理服务目标提供商提供同等程度的免费开放接口,以便利转换过程。

Those interfaces shall include sufficient information on the service concerned to enable the development of software to communicate with the services, for the purposes of data portability and interoperability.
这些接口应包括有关相关服务的足够信息,以便软件开发能够与服务进行通信,以实现数据可移植性和互操作性。

3.
   For data processing services other than those referred to in paragraph 1 of this Article, providers of data processing services shall ensure compatibility with common specifications based on open interoperability specifications or harmonised standards for interoperability at least 12 months after the references to those common specifications or harmonised standards for interoperability of data processing services were published in the central Union standards repository for the interoperability of data processing services following the publication of the underlying implementing acts in the Official Journal of the European Union in accordance with Article 35(8).
对于本条第一款所述以外的数据处理服务,数据处理服务提供商应在引用通用规范或协调一致标准后至少 12 个月内确保与基于开放互操作性规范或互操作性协调标准的通用规范的兼容性。根据第 35(8) 条,在《欧盟官方公报》上发布基本实施法案后,数据处理服务互操作性标准已在数据处理服务互操作性中央联盟标准存储库中发布。

4.   Providers of data processing services other than those referred to in paragraph 1 of this Article shall update the online register referred to in Article 26, point (b) in accordance with their obligations under paragraph 3 of this Article.
4. 本条第 1 款所述以外的数据处理服务提供商应根据本条第 3 款规定的义务更新第 26 条 (b) 点所述的在线登记册。

5.
   In the case of switching between services of the same service type, for which common specifications or the harmonised standards for interoperability referred to in paragraph 3 of this Article have not been published in the central Union standards repository for the interoperability of data processing services in accordance with Article 35(8), the provider of data processing services shall, at the request of the customer, export all exportable data in a structured, commonly used and machine-readable format.
在同一服务类型的服务之间进行切换时,本条第 3 款中提到的通用规范或互操作性协调标准尚未在数据处理服务互操作性中央联盟标准存储库中发布。根据第 35 条第(8)款,数据处理服务提供商应根据客户的要求,以结构化、通用且机器可读的格式导出所有可导出数据。

6.
   Providers of data processing services shall not be required to develop new technologies or services, or disclose or transfer digital assets that are protected by intellectual property rights or that constitute a trade secret, to a customer or to a different provider of data processing services or compromise the customer’s or provider’s security and integrity of service.
不得要求数据处理服务提供商开发新技术或服务,或向客户或其他数据处理服务提供商披露或转让受知识产权保护或构成商业秘密的数字资产,或泄露或转让受知识产权保护或构成商业秘密的数字资产。客户或提供商的服务的安全性和完整性。

Article 31 第三十一条

Specific regime for certain data processing services
某些数据处理服务的具体制度

1.
   The obligations laid down in Article 23, point (d), Article 29 and Article 30(1) and (3) shall not apply to data processing services of which the majority of main features has been custom-built to accommodate the specific needs of an individual customer or where all components have been developed for the purposes of an individual customer, and where those data processing services are not offered at broad commercial scale via the service catalogue of the provider of data processing services.
第 23 条 (d) 点、第 29 条以及第 30 条第(1)和(3)款规定的义务不适用于大多数主要功能是为满足特定需求而定制的数据处理服务。个人客户,或者所有组件都是为了个人客户的目的而开发的,并且这些数据处理服务不是通过数据处理服务提供商的服务目录以广泛的商业规模提供的。

2.   The obligations laid down in this Chapter shall not apply to data processing services provided as a non-production version for testing and evaluation purposes and for a limited period of time.
2. 本章规定的义务不适用于在有限时间内以非生产版本形式提供的用于测试和评估目的的数据处理服务。

3.   Prior to the conclusion of a contract on the provision of the data processing services referred to in this Article, the provider of data processing services shall inform the prospective customer of the obligations of this Chapter that do not apply.
3. 在签订提供本条所述数据处理服务的合同之前,数据处理服务提供商应告知潜在客户不适用本章的义务。

CHAPTER VII 第七章

UNLAWFUL INTERNATIONAL GOVERNMENTAL ACCESS AND TRANSFER OF NON-PERSONAL DATA
非法国际政府访问和传输非个人数据

Article 32 第三十二条

International governmental access and transfer
国际政府准入和转让

1.
   Providers of data processing services shall take all adequate technical, organisational and legal measures, including contracts, in order to prevent international and third-country governmental access and transfer of non-personal data held in the Union where such transfer or access would create a conflict with Union law or with the national law of the relevant Member State, without prejudice to paragraph 2 or 3.
数据处理服务提供商应采取一切适当的技术、组织和法律措施,包括合同,以防止国际和第三国政府访问和转移在联盟中持有的非个人数据,因为这种转移或访问会产生冲突符合欧盟法律或相关成员国的国家法律,且不影响第 2 款或第 3 款。

2.
   Any decision or judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a provider of data processing services to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union, or any such agreement between the requesting third country and a Member State.
第三国法院或法庭的任何决定或判决以及第三国行政当局要求数据处理服务提供商传输或授予访问联盟中持有的属于本条例范围内的非个人数据的任何决定或判决仅当基于提出请求的第三国与欧盟之间有效的国际协议(例如司法协助条约)或请求第三国与成员国之间的任何此类协议时,该协议才应以任何方式得到承认或执行。

3.
   In the absence of an international agreement as referred to in paragraph 2, where a provider of data processing services is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to non-personal data falling within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where:
在没有第 2 款所述国际协议的情况下,如果数据处理服务提供商是第三国法院或法庭的决定或判决或第三国行政当局转让或允许访问属于本条例范围内的欧盟境内的非个人数据,并且遵守此类决定可能会导致收件人违反欧盟法律或相关成员国的国家法律、转移或访问该第三国当局仅应在以下情况下提供此类数据:

(a) (A)

the third-country system requires the reasons and proportionality of such a decision or judgment to be set out and requires such a decision or judgment to be specific in character, for instance by establishing a sufficient link to certain suspected persons or infringements;
第三国制度要求阐明此类决定或判决的理由和相称性,并要求此类决定或判决具有具体性质,例如与某些嫌疑人或侵权行为建立充分的联系;

(b) (二)

the reasoned objection of the addressee is subject to a review by a competent third-country court or tribunal; and
收件人提出的合理反对意见须接受第三国主管法院或法庭的审查;和

(c) (C)

the competent third-country court or tribunal issuing the decision or judgment or reviewing the decision of an administrative authority is empowered under the law of that third country to take duly into account the relevant legal interests of the provider of the data protected by Union law or by the national law of the relevant Member State.
根据该第三国法律,有权做出决定或判决或审查行政机关决定的第三国法院或法庭有权适当考虑受欧盟法律保护的数据提供者的相关合法利益,或根据相关成员国的国家法律。

The addressee of the decision or judgment may ask the opinion of the relevant national body or authority competent for international cooperation in legal matters, in order to determine whether the conditions laid down in the first subparagraph are met, in particular when it considers that the decision may relate to trade secrets and other commercially sensitive data as well as to content protected by intellectual property rights or the transfer may lead to re-identification.
决定或判决的接收人可以征求主管法律事务国际合作的相关国家机构或当局的意见,以确定是否满足第一分段规定的条件,特别是当它认为决定或判决可能涉及商业秘密和其他商业敏感数据以及受知识产权保护的内容,或者传输可能导致重新识别。

The relevant national body or authority may consult the Commission.
有关国家机构或当局可以咨询委员会。

If the addressee considers that the decision or judgment may impinge on the national security or defence interests of the Union or its Member States, it shall ask the opinion of the relevant national body or authority in order to determine whether the data requested concerns national security or defence interests of the Union or its Member States.
如果收件人认为该决定或判决可能会影响欧盟或其成员国的国家安全或国防利益,则应征求相关国家机构或当局的意见,以确定所请求的数据是否涉及国家安全或联盟或其成员国的国防利益。

If the addressee has not received a reply within one month, or if the opinion of such body or authority concludes that the conditions laid down in the first subparagraph are not met, the addressee may reject the request for transfer or access, to non-personal data, on those grounds.
如果收件人在一个月内没有收到答复,或者该机构或当局的意见认为不满足第一段规定的条件,则收件人可以拒绝向非个人转移或访问的请求。数据,基于这些理由。

The EDIB referred to in Article 42 shall advise and assist the Commission in developing guidelines on the assessment of whether the conditions laid down in the first subparagraph of this paragraph are met.
第 42 条中提到的 EDIB 应向委员会提供建议并协助委员会制定评估是否满足本款第一分段规定的条件的指南。

4.
   If the conditions laid down in paragraph 2 or 3 are met, the provider of data processing services shall provide the minimum amount of data permissible in response to a request, on the basis of the reasonable interpretation of that request by the provider or relevant national body or authority referred to in paragraph 3, second subparagraph.
如果满足第 2 款或第 3 款规定的条件,数据处理服务提供商应根据提供商或相关国家机构对该请求的合理解释,提供响应请求所允许的最低数据量或第 3 款第二项所述的当局。

5.
   The provider of data processing services shall inform the customer about the existence of a request of a third-country authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.
数据处理服务提供商应在满足第三国当局请求之前告知客户存在第三国当局访问其数据的请求,除非该请求服务于执法目的,并且只要有必要保存该请求即可。执法活动的有效性。

CHAPTER VIII 第八章

INTEROPERABILITY 互操作性

Article 33 第三十三条

Essential requirements regarding interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces
关于数据、数据共享机制和服务以及共同欧洲数据空间的互操作性的基本要求

1.
   Participants in data spaces that offer data or data services to other participants shall comply with the following essential requirements to facilitate the interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces which are purpose- or sector-specific or cross-sectoral interoperable frameworks for common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives:
向其他参与者提供数据或数据服务的数据空间参与者应遵守以下基本要求,以促进数据、数据共享机制和服务以及针对特定目的或部门的共同欧洲数据空间的互操作性或跨部门可互操作的共同标准和做法框架,以共享或联合处理数据,除其他外,用于开发新产品和服务、科学研究或民间社会倡议:

(a) (A)

the dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty shall be sufficiently described, where applicable, in a machine-readable format, to allow the recipient to find, access and use the data;
在适用的情况下,应以机器可读的格式充分描述数据集内容、使用限制、许可证、数据收集方法、数据质量和不确定性,以允许接收者查找、访问和使用数据;

(b) (二)

the data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, where available, shall be described in a publicly available and consistent manner;
数据结构、数据格式、词汇、分类方案、分类法和代码表(如有)应以公开且一致的方式进行描述;

(c) (C)

the technical means to access the data, such as application programming interfaces, and their terms of use and quality of service shall be sufficiently described to enable automatic access and transmission of data between parties, including continuously, in bulk download or in real-time in a machine-readable format where that is technically feasible and does not hamper the good functioning of the connected product;
应充分描述访问数据的技术手段,例如应用程序编程接口及其使用条款和服务质量,以实现各方之间数据的自动访问和传输,包括连续、批量下载或实时传输。机器可读的格式,在技术上可行且不会妨碍所连接产品的良好功能;

(d) (四)

where applicable, the means to enable the interoperability of tools for automating the execution of data sharing agreements, such as smart contracts shall be provided.
在适用的情况下,应提供实现自动执行数据共享协议(例如智能合约)的工具互操作性的方法。

The requirements can have a generic nature or concern specific sectors, while taking fully into account the interrelation with requirements arising from other Union or national law.
这些要求可以具有通用性或涉及特定部门,同时充分考虑与其他联盟或国家法律提出的要求的相互关系。

2.
   The Commission is empowered to adopt delegated acts, in accordance with Article 45 of this Regulation to supplement this Regulation by further specifying the essential requirements laid down in paragraph 1 of this Article, in relation to those requirements that, by their nature, cannot produce the intended effect unless they are further specified in binding Union legal acts and in order to properly reflect technological and market developments.
委员会有权根据本条例第 45 条采取授权行为,通过进一步明确本条第 1 款规定的基本要求来补充本条例,这些要求就其性质而言不能产生除非在具有约束力的欧盟法律行为中进一步规定,并为了正确反映技术和市场发展,否则不会达到预期效果。

The Commission shall when adopting delegated acts take into account the advice of the EDIB in accordance with Article 42, point (c)(iii).
委员会在通过授权行为时应根据第 42 条 (c)(iii) 点考虑 EDIB 的建议。

3.   The participants in data spaces that offer data or data services to other participants in data spaces which meet the harmonised standards or parts thereof, the references of which are published in the Official Journal of the European Union, shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such harmonised standards or parts thereof.
3. 数据空间参与者向数据空间中的其他参与者提供符合协调标准或部分协调标准的数据或数据服务,其参考文献发布在欧盟官方公报上,应被视为符合协调标准。符合第 1 款规定的基本要求,只要这些要求被此类统一标准或其部分内容所涵盖。

4.   The Commission shall, pursuant to Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraph 1 of this Article.
4. 委员会应根据第 1025/2012 号法规 (EU) 第 10 条,要求一个或多个欧洲标准化组织起草满足本条第 1 款规定的基本要求的统一标准。

5.   The Commission may, by means of implementing acts, adopt common specifications covering any or all of the essential requirements laid down in paragraph 1 where the following conditions have been fulfilled:
5. 在满足以下条件的情况下,委员会可以通过实施法案,采用涵盖第 1 款规定的任何或所有基本要求的共同规范:

(a) (A)

the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised standard that satisfies the essential requirements laid down in paragraph 1 of this Article and:
根据第 1025/2012 号法规 (EU) 第 10(1) 条,委员会要求一个或多个欧洲标准化组织起草一项协调标准,以满足本条第 1 款规定的基本要求,并且:

(i) (我)

the request has not been accepted;
请求未被接受;

(ii) (二)

the harmonised standards addressing that request are not delivered within the deadline set in accordance with Article 10(1) of Regulation (EU) No 1025/2012; or
针对该请求的协调标准未在根据 (EU) No 1025/2012 号法规第 10(1) 条规定的期限内交付;或者

(iii) (三)

the harmonised standards do not comply with the request; and
协调标准不符合要求;和

(b) (二)

no reference to harmonised standards covering the relevant essential requirements laid down in paragraph 1 of this Article is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 and no such reference is expected to be published within a reasonable period.
根据第 1025/2012 号法规 (EU) ,欧盟官方公报中未公布涉及本条第 1 款规定的相关基本要求的协调标准,并且预计不会在合理期限。

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 46(2).
这些实施法案应根据第 46 条第(2)款规定的审查程序予以通过。

6.   Before preparing a draft implementing act referred to in paragraph 5 of this Article, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers that the conditions in paragraph 5 of this Article have been fulfilled.
6. 在准备本条第 5 款中提到的实施法案草案之前,委员会应通知第 1025/2012 号法规 (EU) 第 22 条中提到的委员会,它认为本条第 5 款中的条件已满足已实现。

7.   When preparing the draft implementing act referred to in paragraph 5, the Commission shall take into account the advice of the EDIB and views of other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
7. 在准备第 5 款提到的实施法案草案时,委员会应考虑 EDIB 的建议和其他相关机构或专家组的意见,并应适当咨询所有相关利益相关者。

8.
   The participants in data spaces that offer data or data services to other participants in data spaces that meet the common specifications established by implementing acts referred to in paragraph 5 or parts thereof shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such common specifications or parts thereof.
向数据空间中的其他参与者提供数据或数据服务的数据空间参与者,如果满足通过实施第 5 款或其部分所述的行为所建立的共同规范,则应被视为符合第 1 款规定的基本要求在此类通用规范或其部分涵盖这些要求的范围内。

9.   Where a harmonised standard is adopted by a European standardisation organisation and proposed to the Commission for the purpose of publishing its reference in the Official Journal of the European Union, the Commission shall assess the harmonised standard in accordance with Regulation (EU) No 1025/2012. Where the reference of a harmonised standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 5 of this Article, or parts thereof which cover the same essential requirements as those covered by that harmonised standard.
9. 如果欧洲标准化组织采用协调标准,并向委员会提出建议,以便在欧盟官方公报上发布其参考资料,委员会应根据 (EU) No 1025 条例评估该协调标准/2012。如果统一标准的引用在欧盟官方公报上公布,则委员会应废除本条第 5 款中提到的实施法案,或其涵盖与该统一标准涵盖的基本要求相同的基本要求的部分。 。

10.   When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraph 1, it shall inform the Commission thereof by submitting a detailed explanation.
10. 当成员国认为通用规范不能完全满足第 1 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。

The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。

11.   The Commission may adopt guidelines taking into account the proposal of the EDIB in accordance with Article 30, point (h), of Regulation (EU) 2022/868 laying down interoperable frameworks for common standards and practices for the functioning of common European data spaces.
11. 委员会可以根据 (EU) 2022/868 号法规第 30 条 (h) 点的规定,考虑 EDIB 的提议,制定指导方针,为共同欧洲数据运作的共同标准和实践制定可互操作的框架空间。

Article 34 第三十四条

Interoperability for the purposes of in-parallel use of data processing services
并行使用数据处理服务的互操作性

1.   The requirements laid down in Article 23, Article 24, Article 25(2), points (a)(ii), (a)(iv), (e) and (f) and Article 30(2) to (5) shall also apply mutatis mutandis to providers of data processing services to facilitate interoperability for the purposes of in-parallel use of data processing services.
1. 第 23 条、第 24 条、第 25 条第(2)款、(a)(ii)、(a)(iv)、(e)和(f)点以及第 30(2) 至 (5) 条规定的要求)亦须比照适用于数据处理服务的提供者,以促进数据处理服务的互操作性,以实现并行使用数据处理服务的目的。

2.   Where a data processing service is being used in parallel with another data processing service, the providers of data processing services may impose data egress charges, but only for the purpose of passing on egress costs incurred, without exceeding such costs.
2. 当一项数据处理服务与另一项数据处理服务并行使用时,数据处理服务提供商可以征收数据流出费用,但仅用于转嫁所产生的流出费用,但不得超过该费用。

Article 35 第三十五条

Interoperability of data processing services
数据处理服务的互操作性

1.   Open interoperability specifications and harmonised standards for the interoperability of data processing services shall:
1. 数据处理服务互操作性的开放互操作性规范和协调标准应:

(a) (A)

achieve, where technically feasible, interoperability between different data processing services that cover the same service type;
在技​​术可行的情况下,实现涵盖相同服务类型的不同数据处理服务之间的互操作性;

(b) (二)

enhance portability of digital assets between different data processing services that cover the same service type;
增强数字资产在涵盖相同服务类型的不同数据处理服务之间的可移植性;

(c) (C)

facilitate, where technically feasible, functional equivalence between different data processing services referred to in Article 30(1) that cover the same service type;
在技​​术可行的情况下,促进第 30(1) 条提及的涵盖相同服务类型的不同数据处理服务之间的功能等效;

(d) (四)

not have an adverse impact on the security and integrity of data processing services and data;
不会对数据处理服务和数据的安全性和完整性产生不利影响;

(e) (五)

be designed in such a way so as to allow for technical advances and the inclusion of new functions and innovation in data processing services.
其设计方式应考虑到技术进步以及数据处理服务中的新功能和创新。

2.   Open interoperability specifications and harmonised standards for the interoperability of data processing services shall adequately address:
2. 数据处理服务互操作性的开放互操作性规范和统一标准应充分解决:

(a) (A)

the cloud interoperability aspects of transport interoperability, syntactic interoperability, semantic data interoperability, behavioural interoperability and policy interoperability;
传输互操作性、句法互操作性、语义数据互操作性、行为互操作性和策略互操作性的云互操作性方面;

(b) (二)

the cloud data portability aspects of data syntactic portability, data semantic portability and data policy portability;
云数据可移植性方面,包括数据语法可移植性、数据语义可移植性和数据策略可移植性;

(c) (C)

the cloud application aspects of application syntactic portability, application instruction portability, application metadata portability, application behaviour portability and application policy portability.
云应用方面包括应用句法可移植性、应用指令可移植性、应用元数据可移植性、应用行为可移植性和应用策略可移植性。

3.   Open interoperability specifications shall comply with Annex II to Regulation (EU) No 1025/2012.
3. 开放互操作性规范应符合 (EU) No 1025/2012 法规附件 II。

4.
   After taking into account relevant international and European standards and self-regulatory initiatives, the Commission may, in accordance with Article 10(1) of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraphs 1 and 2 of this Article.
在考虑相关国际和欧洲标准以及自律举措后,委员会可根据第 1025/2012 号法规 (EU) 第 10(1) 条,要求一个或多个欧洲标准化组织起草满足以下要求的协调标准:本条第 1 款和第 2 款规定的基本要求。

5.   The Commission may, by means of implementing acts, adopt common specifications based on open interoperability specifications covering all of the essential requirements laid down in paragraphs 1 and 2.
5. 委员会可以通过实施法案,采用基于开放互操作性规范的通用规范,涵盖第 1 款和第 2 款规定的所有基本要求。

6.
   When preparing the draft implementing act referred to in paragraph 5 of this Article, the Commission shall take into account the views of the relevant competent authorities referred to in Article 37(5), point (h) and other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
在准备本条第 5 款所指的实施法案草案时,委员会应考虑第 37 条第(5)款(h)点所指的相关主管当局和其他相关机构或专家组的意见,并应适当咨询所有相关利益攸关方。

7.   When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraphs 1 and 2, it shall inform the Commission thereof by submitting a detailed explanation.
7. 当成员国认为通用规范不能完全满足第 1 款和第 2 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。

The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。

8.
   For the purpose of Article 30(3), the Commission shall, by means of implementing acts, publish the references of harmonised standards and common specifications for the interoperability of data processing services in a central Union standards repository for the interoperability of data processing services.
就第 30 条第(3)款而言,委员会应通过实施法案,在数据处理服务互操作性中央联盟标准存储库中公布数据处理服务互操作性协调标准和通用规范的参考。

9.   The implementing acts referred to in this Article shall be adopted in accordance with the examination procedure referred to in Article 46(2).
9. 本条所述的实施法案应根据第 46 条第(2)款所述的审查程序予以通过。

Article 36 第三十六条

Essential requirements regarding smart contracts for executing data sharing agreements
有关执行数据共享协议的智能合约的基本要求

1.
   The vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall ensure that those smart contracts comply with the following essential requirements of:
使用智能合约的应用程序的供应商,或者在没有智能合约的情况下,其贸易、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约以提供数据的人员,应确保:这些智能合约符合以下基本要求:

(a) (A)

robustness and access control, to ensure that the smart contract has been designed to offer access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties;
稳健性和访问控制,以确保智能合约的设计能够提供访问控制机制和非常高的稳健性,以避免功能错误并承受第三方的操纵;

(b) (二)

safe termination and interruption, to ensure that a mechanism exists to terminate the continued execution of transactions and that the smart contract includes internal functions which can reset or instruct the contract to stop or interrupt the operation, in particular to avoid future accidental executions;
安全终止和中断,确保存在终止交易继续执行的机制,并且智能合约包含可以重置或指示合约停止或中断操作的内部功能,特别是避免未来的意外执行;

(c) (C)

data archiving and continuity, to ensure, in circumstances in which a smart contract must be terminated or deactivated, there is a possibility to archive the transactional data, smart contract logic and code in order to keep the record of operations performed on the data in the past (auditability);
数据归档和连续性,以确保在智能合约必须终止或停用的情况下,可以归档交易数据、智能合约逻辑和代码,以便保留对数据执行的操作记录过去(可审计性);

(d) (四)

access control, to ensure that a smart contract is protected through rigorous access control mechanisms at the governance and smart contract layers; and
访问控制,确保智能合约通过治理和智能合约层严格的访问控制机制受到保护;和

(e) (五)

consistency, to ensure consistency with the terms of the data sharing agreement that the smart contract executes.
一致性,确保与智能合约执行的数据共享协议条款的一致性。

2.
   The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements laid down in paragraph 1 and, on the fulfilment of those requirements, issue an EU declaration of conformity.
智能合约的供应商,或者在没有智能合约的情况下,其行业、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约以提供数据的人员,应执行合格评定为了满足第 1 段中规定的基本要求,并在满足这些要求后,发布欧盟符合性声明。

3.
   By drawing up the EU declaration of conformity, the vendor of an application using smart contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available shall be responsible for compliance with the essential requirements laid down in paragraph 1.
通过起草欧盟符合性声明,使用智能合约的应用程序的供应商,或者在没有智能合约的情况下,其贸易、业务或专业涉及在执行协议或部分协议的背景下为他人部署智能合约的人其提供数据应负责遵守第 1 款规定的基本要求。

4.   A smart contract that meets the harmonised standards or the relevant parts thereof, the references of which are published in the Official Journal of the European Union, shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such harmonised standards or parts thereof.
4. 符合统一标准或其相关部分(其引用在欧盟官方公报上发布)的智能合约,应被推定为符合第 1 款规定的基本要求。此类统一标准或其部分内容涵盖了这些要求。

5.   The Commission shall, pursuant to Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards that satisfy the essential requirements laid down in paragraph 1 of this Article.
5. 委员会应根据第 1025/2012 号法规 (EU) 第 10 条,要求一个或多个欧洲标准化组织起草满足本条第 1 款规定的基本要求的统一标准。

6.   The Commission may, by means of implementing acts, adopt common specifications covering any or all of the essential requirements laid down in paragraph 1 where the following conditions have been fulfilled:
6. 在满足以下条件的情况下,委员会可以通过实施法案,采用涵盖第 1 款规定的任何或所有基本要求的通用规范:

(a) (A)

the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised standard that satisfies the essential requirements laid down in paragraph 1 of this Article and:
根据第 1025/2012 号法规 (EU) 第 10(1) 条,委员会要求一个或多个欧洲标准化组织起草一项协调标准,以满足本条第 1 款规定的基本要求,并且:

(i) (我)

the request has not been accepted;
请求未被接受;

(ii) (二)

the harmonised standards addressing that request are not delivered within the deadline set in accordance with Article 10(1) of Regulation (EU) No 1025/2012; or
针对该请求的协调标准未在根据 (EU) No 1025/2012 号法规第 10(1) 条规定的期限内交付;或者

(iii) (三)

the harmonised standards do not comply with the request; and
协调标准不符合要求;和

(b) (二)

no reference to harmonised standards covering the relevant essential requirements laid down in paragraph 1 of this Article is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 and no such reference is expected to be published within a reasonable period.
根据第 1025/2012 号法规 (EU) ,欧盟官方公报中未公布涉及本条第 1 款规定的相关基本要求的协调标准,并且预计不会在合理期限。

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 46(2).
这些实施法案应根据第 46 条第(2)款规定的审查程序予以通过。

7.   Before preparing a draft implementing act referred to in paragraph 6 of this Article, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers that the conditions in paragraph 6 of this Article have been fulfilled.
7. 在准备本条第 6 款中提到的实施法案草案之前,委员会应通知第 1025/2012 号法规 (EU) 第 22 条中提到的委员会,它认为本条第 6 款中的条件已满足已实现。

8.   When preparing the draft implementing act referred to in paragraph 6, the Commission shall take into account the advice of the EDIB and views of other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
8. 在准备第 6 款提到的实施法案草案时,委员会应考虑 EDIB 的建议和其他相关机构或专家组的意见,并应适当咨询所有相关利益攸关方。

9.
   The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available that meet the common specifications established by implementing acts referred to in paragraph 6 or parts thereof shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such common specifications or parts thereof.
智能合约的供应商,或者在没有智能合约的情况下,其行业、业务或专业涉及在执行协议或协议的一部分的情况下为他人部署智能合约的人员,以提供符合通用规范的数据通过实施第 6 款或其部分所述的法案所建立的标准,应被推定符合第 1 款规定的基本要求,只要这些要求已被此类通用规范或其部分所涵盖。

10.   Where a harmonised standard is adopted by a European standardisation organisation and proposed to the Commission for the purpose of publishing its reference in the Official Journal of the European Union, the Commission shall assess the harmonised standard in accordance with Regulation (EU) No 1025/2012. Where the reference of a harmonised standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 6 of this Article, or parts thereof which cover the same essential requirements as those covered by that harmonised standard.
10. 如果欧洲标准化组织采用协调标准,并向委员会提出建议,以便在欧盟官方公报上发布其参考资料,委员会应根据 (EU) No 1025 法规评估该协调标准/2012。如果统一标准的引用在欧盟官方公报上公布,则委员会应废除本条第 6 款中提及的实施法案,或其涵盖与该统一标准涵盖的基本要求相同的基本要求的部分。 。

11.   When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraph 1, it shall inform the Commission thereof by submitting a detailed explanation.
11. 当成员国认为通用规范不能完全满足第 1 款规定的基本要求时,应通过提交详细解释将此情况通知委员会。

The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
委员会应评估该详细解释,并可在适当情况下修改建立相关通用规范的实施法案。

CHAPTER IX 第九章

IMPLEMENTATION AND ENFORCEMENT
实施和执行

Article 37 第三十七条

Competent authorities and data coordinators
主管当局和数据协调员

1.   Each Member State shall designate one or more competent authorities to be responsible for the application and enforcement of this Regulation (competent authorities). Member States may establish one or more new authorities or rely on existing authorities.
1. 各成员国应指定一个或多个主管当局负责本条例的适用和执行(主管当局)。成员国可以设立一个或多个新的当局或依赖现有的当局。

2.
   Where a Member State designates more than one competent authority, it shall designate a data coordinator from among them to facilitate cooperation between the competent authorities and to assist entities within the scope of this Regulation on all matters related to its application and enforcement.
如果成员国指定了多个主管当局,则应从其中指定一名数据协调员,以促进主管当局之间的合作,并协助本条例范围内的实体处理与其适用和执行有关的所有事项。

Competent authorities shall, in the exercise of the tasks and powers assigned to them under paragraph 5, cooperate with each other.
主管当局在履行第五款规定的任务和权力时应相互合作。

3.   The supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall be responsible for monitoring the application of this Regulation insofar as the protection of personal data is concerned.
3. 负责监督条例 (EU) 2016/679 实施情况的监管机构应负责监督本条例在个人数据保护方面的实施情况。

Chapters VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis.
(EU) 2016/679 法规第六章和第七章应比照适用。

The European Data Protection Supervisor shall be responsible for monitoring the application of this Regulation insofar as it concerns the Commission, the European Central Bank or Union bodies. Where relevant, Article 62 of Regulation (EU) 2018/1725 shall apply mutatis mutandis.
欧洲数据保护监管机构应负责监督本法规在涉及委员会、欧洲中央银行或联盟机构方面的应用。在相关情况下,法规 (EU) 2018/1725 第 62 条应比照适用。

The tasks and powers of the supervisory authorities referred to in this paragraph shall be exercised with regard to the processing of personal data.
本款所述监管机构的任务和权力应在个人数据处理方面行使。

4.   Without prejudice to paragraph 1 of this Article:
4. 在不影响本条第 1 款的情况下:

(a) (A)

for specific sectoral data access and use issues related to the application of this Regulation, the competence of sectoral authorities shall be respected;
对于与本条例适用相关的具体部门数据访问和使用问题,应尊重部门主管部门的权限;

(b) (二)

the competent authority responsible for the application and enforcement of Articles 23 to 31 and Articles 34 and 35 shall have experience in the field of data and electronic communications services.
负责适用和执行第二十三条至第三十一条以及第三十四条和第三十五条的主管机关应具有数据和电子通信服务领域的经验。

5.   Member States shall ensure that the tasks and powers of the competent authorities are clearly defined and include:
5. 成员国应确保主管当局的任务和权力得到明确界定,包括:

(a) (A)

promoting data literacy and awareness among users and entities falling within the scope of this Regulation of the rights and obligations under this Regulation;
提高本条例范围内的用户和实体对本条例规定的权利和义务的数据素养和认识;

(b) (二)

handling complaints arising from alleged infringements of this Regulation, including in relation to trade secrets, and investigating, to the extent appropriate, the subject matter of complaints and regularly informing complainants, where relevant in accordance with national law, of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another competent authority is necessary;
处理因涉嫌违反本条例而引起的投诉,包括涉及商业秘密的投诉,并在适当的范围内调查投诉的主题,并根据国家法律定期向投诉人通报投诉的进展和结果在合理期限内进行调查,特别是需要进一步调查或与其他主管当局协调时;

(c) (C)

conducting investigations into matters that concern the application of this Regulation, including on the basis of information received from another competent authority or other public authority;
对涉及本条例适用的事项进行调查,包括根据从其他主管当局或其他公共当局收到的信息进行调查;

(d) (四)

imposing effective, proportionate and dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or initiating legal proceedings for the imposition of fines;
实施有效、相称和劝阻性的经济处罚,其中可能包括定期处罚和具有追溯效力的处罚,或启动罚款法律程序;

(e) (五)

monitoring technological and relevant commercial developments of relevance for the making available and use of data;
监测与数据提供和使用相关的技术和相关商业发展;

(f) (F)

cooperating with competent authorities of other Member States and, where relevant, with the Commission or the EDIB, to ensure the consistent and efficient application of this Regulation, including the exchange of all relevant information by electronic means, without undue delay, including regarding paragraph 10 of this Article;
与其他成员国的主管当局合作,并在相关情况下与委员会或 EDIB 合作,以确保本法规的一致和有效应用,包括通过电子方式交换所有相关信息,不得无故拖延,包括与第 10 段有关的信息本条;

(g) (G)

cooperating with the relevant competent authorities responsible for the implementation of other Union or national legal acts, including with authorities competent in the field of data and electronic communication services, with the supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 or with sectoral authorities to ensure that this Regulation is enforced consistently with other Union and national law;
与负责实施其他欧盟或国家法律行为的相关主管当局合作,包括与数据和电子通信服务领域的主管当局合作,与负责监督法规 (EU) 2016/679 或与部门当局合作,确保本条例的执行与其他联盟和国家法律一致;

(h) (H)

cooperating with the relevant competent authorities to ensure that Articles 23 to 31 and Articles 34 and 35 are enforced consistently with other Union law and self-regulation applicable to providers of data processing services;
与相关主管部门合作,确保第 23 至 31 条以及第 34 和 35 条的执行与适用于数据处理服务提供商的其他欧盟法律和自律监管一致;

(i) (我)

ensuring that switching charges are withdrawn in accordance with Article 29;
确保按照第 29 条撤销转换费用;

(j)

examining the requests for data made pursuant to Chapter V.
审查根据第五章提出的数据请求。

Where designated, the data coordinator shall facilitate the cooperation referred to in points (f), (g) and (h) of the first subparagraph and shall assist the competent authorities upon their request.
如果指定,数据协调员应促进第一分段 (f)、(g) 和 (h) 点中提到的合作,并应主管当局的要求提供协助。

6.   The data coordinator, where such competent authority has been designated, shall:
6. 在指定主管当局的情况下,数据协调员应:

(a) (A)

act as the single point of contact for all issues related to the application of this Regulation;
作为与本条例适用相关的所有问题的单一联络点;

(b) (二)

ensure the online public availability of requests to make data available made by public sector bodies in the case of exceptional need under Chapter V and promote voluntary data sharing agreements between public sector bodies and data holders;
确保公共部门机构在第五章规定的特殊需要的情况下可以在线公开提供数据的请求,并促进公共部门机构和数据持有者之间的自愿数据共享协议;

(c) (C)

inform the Commission, on an annual basis, of the refusals notified under Article 4(2) and (8) and Article 5(11).
每年将根据第 4(2) 和 (8) 条以及第 5(11) 条通知的拒绝通知委员会。

7.   Member States shall notify the Commission of the names of the competent authorities and of their tasks and powers and, where applicable, the name of the data coordinator. The Commission shall maintain a public register of those authorities.
7. 成员国应将主管当局的名称及其任务和权力以及数据协调员的姓名(如适用)通知委员会。委员会应保存这些机构的公共登记册。

8.
   When carrying out their tasks and exercising their powers in accordance with this Regulation, competent authorities shall remain impartial and free from any external influence, whether direct or indirect, and shall neither seek nor take instructions for individual cases from any other public authority or any private party.
主管机关依照本条例执行任务和行使职权时,应保持公正,不受任何直接或间接的外部影响,不得就个别案件寻求或接受任何其他公共机关或任何私人的指示。派对。

9.   Member States shall ensure that the competent authorities are provided with sufficient human and technical resources and relevant expertise to effectively carry out their tasks in accordance with this Regulation.
9. 成员国应确保向主管当局提供足够的人力和技术资源以及相关专业知识,以根据本条例有效履行其任务。

10.   Entities falling within the scope of this Regulation shall be subject to the competence of the Member State where the entity is established.
10. 属于本条例范围的实体应受该实体所在成员国的管辖。

Where the entity is established in more than one Member State, it shall be considered to be under the competence of the Member State in which it has its main establishment, that is, where the entity has its head office or registered office from which the principal financial functions and operational control are exercised.
如果该实体在多个成员国设立,则该实体应被视为受其主要机构所在成员国的管辖,即该实体有其总部或注册办事处,而其主要机构也位于该成员国。行使财务职能和运营控制权。

11.   Any entity falling within the scope of this Regulation that makes connected products available or offers services in the Union, and which is not established in the Union, shall designate a legal representative in one of the Member States.
11. 任何属于本法规范围、在联盟内提供互联产品或提供服务且未在联盟内设立的实体,应在某一成员国指定一名法定代表人。

12.
   For the purpose of ensuring compliance with this Regulation, a legal representative shall be mandated by an entity falling within the scope of this Regulation that makes connected products available or offers services in the Union to be addressed in addition to or instead of it by competent authorities with regard to all issues related to that entity.
为了确保遵守本条例,法定代表人应由本条例范围内的实体指定,该实体在欧盟内提供互联产品或提供服务,以补充或代替主管当局处理关于与该实体相关的所有问题。

That legal representative shall cooperate with and comprehensively demonstrate to the competent authorities, upon request, the actions taken and provisions put in place by the entity falling within the scope of this Regulation that makes connected products available or offers services in the Union to ensure compliance with this Regulation.
该法定代表人应与主管当局合作,并根据要求向主管当局全面展示本条例范围内在欧盟提供互联产品或提供服务的实体所采取的行动和制定的规定,以确保遵守本条例。

13.   An entity falling within the scope of this Regulation that makes connected products available or offers services in the Union, shall be considered to be under the competence of the Member State in which its legal representative is located.
13. 属于本条例范围的实体,在联盟内提供互联产品或提供服务,应被视为受其法定代表人所在成员国的管辖。

The designation of a legal representative by such an entity shall be without prejudice to the liability of, and any legal action that could be initiated against, such an entity.
该实体指定法定代表人不应影响该实体的责任以及可能针对该实体提起的任何法律诉讼。

Until such time as an entity designates a legal representative in accordance with this Article, it shall be under the competence of all Member States, where applicable, for the purposes of ensuring the application and enforcement of this Regulation.
在实体根据本条指定法定代表人之前,该实体应受所有成员国(如适用)的管辖,以确保本条例的适用和执行。

Any competent authority may exercise its competence, including by imposing effective, proportionate and dissuasive penalties, provided that the entity is not subject to enforcement proceedings under this Regulation regarding the same facts by another competent authority.
任何主管当局都可以行使其职权,包括通过实施有效、相称和劝阻性处罚,前提是该实体不受另一主管当局就同一事实根据本条例提起的强制执行程序的约束。

14.   Competent authorities shall have the power to request from users, data holders, or data recipients, or their legal representatives, falling under the competence of their Member State all information necessary to verify compliance with this Regulation.
14. 主管当局有权向属于其成员国权限的用户、数据持有者或数据接收者或其法律代表要求提供验证是否遵守本条例所需的所有信息。

Any request for information shall be proportionate to the performance of the underlying task and shall be reasoned.
任何信息请求均应与基本任务的执行情况相称,并应说明理由。

15.
   Where a competent authority in one Member State requests assistance or enforcement measures from a competent authority in another Member State, it shall submit a reasoned request. A competent authority shall, upon receiving such a request, provide a response, detailing the actions that have been taken or which are intended to be taken, without undue delay.
如果一个成员国的主管当局向另一成员国的主管当局请求协助或采取强制措施,则应提交一份合理的请求。主管当局应在收到此类请求后立即作出答复,详细说明已采取或打算采取的行动。

16.   Competent authorities shall respect the principles of confidentiality and of professional and commercial secrecy and shall protect personal data in accordance with Union or national law.
16. 主管当局应尊重保密以及专业和商业秘密的原则,并应根据联盟或国家法律保护个人数据。

Any information exchanged in the context of a request for assistance and provided pursuant to this Article shall be used only in respect of the matter for which it was requested.
在协助请求中交换的以及根据本条提供的任何信息只能用于所请求的事项。

Article 38 第三十八条

Right to lodge a complaint
提出投诉的权利

1.
   Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the relevant competent authority in the Member State of their habitual residence, place of work or establishment if they consider that their rights under this Regulation have been infringed.
在不损害任何其他行政或司法补救措施的情况下,自然人和法人有权单独或在相关情况下集体向其惯常居住地、工作地点或机构所在成员国的相关主管当局提出投诉如果他们认为自己根据本条例享有的权利受到侵犯。

The data coordinator shall, upon request, provide all the necessary information to natural and legal persons for the lodging of their complaints with the appropriate competent authority.
数据协调员应根据要求向自然人和法人提供向适当主管当局提出投诉所需的所有信息。

2.   The competent authority with which the complaint has been lodged shall inform the complainant, in accordance with national law, of the progress of the proceedings and of the decision taken.
2. 收到投诉的主管当局应根据国家法律向投诉人通报诉讼进展情况和作出的决定。

3.   Competent authorities shall cooperate to handle and resolve complaints effectively and in a timely manner, including by exchanging all relevant information by electronic means, without undue delay.
3. 主管当局应合作及时有效地处理和解决投诉,包括通过电子方式交换所有相关信息,不得无故拖延。

This cooperation shall not affect the cooperation mechanisms provided for by Chapters VI and VII of Regulation (EU) 2016/679 and by Regulation (EU) 2017/2394.
这种合作不应影响法规 (EU) 2016/679 第六章和第七章以及法规 (EU) 2017/2394 规定的合作机制。

Article 39 第三十九条

Right to an effective judicial remedy
获得有效司法补救的权利

1.   Notwithstanding any administrative or other non-judicial remedy, any affected natural and legal person shall have the right to an effective judicial remedy with regard to legally binding decisions taken by competent authorities.
1. 尽管有任何行政或其他非司法补救措施,任何受影响的自然人和法人均有权就主管当局作出的具有法律约束力的决定获得有效的司法补救措施。

2.   Where a competent authority fails to act on a complaint, any affected natural and legal person shall, in accordance with national law, either have the right to an effective judicial remedy or access to review by an impartial body with the appropriate expertise.
2. 如果主管当局未能对投诉采取行动,任何受影响的自然人和法人均应根据国家法律获得有效的司法补救措施或由具有适当专业知识的公正机构进行审查。

3.
   Proceedings pursuant to this Article shall be brought before the courts or tribunals of the Member State of the competent authority against which the judicial remedy is sought individually or, where relevant, collectively by the representatives of one or more natural or legal persons.
根据本条提起的诉讼应向一个或多个自然人或法人的代表单独或在相关情况下集体向主管当局的成员国法院或法庭提出。

Article 40 第四十条

Penalties 处罚

1.   Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
1. 成员国应制定适用于违反本条例行为的处罚规则,并应采取一切必要措施确保其得到实施。规定的处罚应有效、相称且具有劝诫性。

2.   Member States shall by 12 September 2025 notify the Commission of those rules and measures and shall notify it without delay of any subsequent amendment affecting them. The Commission shall regularly update and maintain an easily accessible public register of those measures.
2. 成员国应在 2025 年 9 月 12 日之前将这些规则和措施通知委员会,并应立即通知委员会影响其的任何后续修正案。委员会应定期更新和维护这些措施的易于访问的公共登记册。

3.   Member States shall take into account the recommendations of the EDIB and the following non-exhaustive criteria for the imposition of penalties for infringements of this Regulation:
3. 成员国应考虑 EDIB 的建议和以下非详尽标准来对违反本法规的行为实施处罚:

(a) (A)

the nature, gravity, scale and duration of the infringement;
侵权行为的性质、严重性、规模和持续时间;

(b) (二)

any action taken by the infringing party to mitigate or remedy the damage caused by the infringement;
侵权方为减轻或补救侵权造成的损失而采取的任何行动;

(c) (C)

any previous infringements by the infringing party;
侵权方以前的任何侵权行为;

(d) (四)

the financial benefits gained or losses avoided by the infringing party due to the infringement, insofar as such benefits or losses can be reliably established;
侵权人因侵权而获得的经济利益或避免的损失,只要能够可靠地确定该利益或损失;

(e) (五)

any other aggravating or mitigating factor applicable to the circumstances of the case;
适用于案件情况的任何其他加重或减轻因素;

(f) (F)

infringing party’s annual turnover in the preceding financial year in the Union.
侵权方上一财政年度在联盟的年营业额。

4.
   For infringements of the obligations laid down in Chapter II, III and V of this Regulation, the supervisory authorities responsible for monitoring the application of Regulation (EU) 2016/679 may within their scope of competence impose administrative fines in accordance with Article 83 of Regulation (EU) 2016/679 and up to the amount referred to in Article 83(5) of that Regulation.
对于违反本条例第二章、第三章和第五章规定的义务的行为,负责监督条例 (EU) 2016/679 实施情况的监管机构可以根据条例第 83 条在其职权范围内处以行政罚款。 (EU) 2016/679 以及该法规第 83(5) 条中提到的金额。

5.
   For infringements of the obligations laid down in Chapter V of this Regulation, the European Data Protection Supervisor may impose within its scope of competence administrative fines in accordance with Article 66 of Regulation (EU) 2018/1725 up to the amount referred to in Article 66(3) of that Regulation.
对于违反本法规第五章规定的义务的行为,欧洲数据保护监管机构可以根据法规 (EU) 2018/1725 第 66 条在其职权范围内处以行政罚款,最高可达第 66 条所述金额该条例第(3)条。

Article 41 第四十一条

Model contractual terms and standard contractual clauses
示范合同条款和标准合同条款

The Commission, before 12 September 2025, shall develop and recommend non-binding model contractual terms on data access and use, including terms on reasonable compensation and the protection of trade secrets, and non-binding standard contractual clauses for cloud computing contracts to assist parties in drafting and negotiating contracts with fair, reasonable and non-discriminatory contractual rights and obligations.
委员会应在2025年9月12日之前制定并推荐有关数据访问和使用的非约束性示范合同条款,包括合理补偿和保护商业秘密的条款,以及云计算合同的非约束性标准合同条款,以协助各方在起草和谈判合同时具有公平、合理和非歧视性的合同权利和义务。

Article 42 第四十二条

Role of the EDIB EDIB 的作用

The EDIB established by the Commission as an expert group pursuant to Article 29 of Regulation (EU) 2022/868, in which competent authorities shall be represented, shall support the consistent application of this Regulation by:
委员会根据法规 (EU) 2022/868 第 29 条设立的 EDIB 作为专家组(其中应有主管当局的代表)应通过以下方式支持本法规的一致应用:

(a) (A)

advising and assisting the Commission with regard to developing consistent practice of competent authorities in the enforcement of Chapters II, III, V and VII;
就主管当局在执行第二章、第三章、第五章和第七章方面制定一致的做法向委员会提供建议和协助;

(b) (二)

facilitating cooperation between competent authorities through capacity-building and the exchange of information, in particular by establishing methods for the efficient exchange of information relating to the enforcement of the rights and obligations under Chapters II, III and V in cross-border cases, including coordination with regard to the setting of penalties;
通过能力建设和信息交流促进主管当局之间的合作,特别是制定与在跨境案件中执行第二章、第三章和第五章规定的权利和义务有关的有效信息交流方法,包括协调关于处罚的设定;

(c) (C)

advising and assisting the Commission with regard to:
就以下方面向委员会提供建议和协助:

(i) (我)

whether to request the drafting of harmonised standards referred to in Article 33(4), Article 35(4) and Article 36(5);
是否要求起草第33条第(4)款、第35条第(4)款和第36条第(5)款所述的统一标准;

(ii) (二)

the preparation of the implementing acts referred to in Article 33(5), Article 35(5) and (8) and Article 36(6);
制定第 33 条第(5)款、第 35 条第(5)款和第(8)款以及第 36 条第(6)款所述的实施法案;

(iii) (三)

the preparation of the delegated acts referred to in Article 29(7) and Article 33(2); and
准备第 29 条第(7)款和第 33 条第(2)款所述的授权行为;和

(iv) (四)

the adoption of the guidelines laying down interoperable frameworks for common standards and practices for the functioning of common European data spaces referred to in Article 33(11).
通过指导方针,为第 33(11) 条提到的欧洲共同数据空间的运作制定共同标准和实践的互操作框架。

CHAPTER X 第十章

SUI GENERIS RIGHT UNDER DIRECTIVE 96/9/EC
96/9/EC 指令下的特殊规定

Article 43 第四十三条

Databases containing certain data
包含某些数据的数据库

The sui generis right provided for in Article 7 of Directive 96/9/EC shall not apply when data is obtained from or generated by a connected product or related service falling within the scope of this Regulation, in particular in relation to Articles 4 and 5 thereof.
当数据是从属于本法规范围内的互联产品或相关服务获取或生成时,特别是与第 4 条和第 5 条相关的情况,96/9/EC 指令第 7 条规定的特殊权利不适用其中。

CHAPTER XI 第十一章

FINAL PROVISIONS 最后条款

Article 44 第四十四条

Other Union legal acts governing rights and obligations on data access and use
管辖数据访问和使用的权利和义务的其他欧盟法律法案

1.
   The specific obligations for the making available of data between businesses, between businesses and consumers, and on exceptional basis between businesses and public bodies, in Union legal acts that entered into force on or before 11 January 2024, and delegated or implementing acts pursuant thereto, shall remain unaffected.
在 2024 年 1 月 11 日或之前生效的联盟法律法案以及据此授权或实施的法案中,企业之间、企业与消费者之间以及企业与公共机构之间例外情况下提供数据的具体义务,应保持不受影响。

2.   This Regulation is without prejudice to Union law specifying, in light of the needs of a sector, a common European data space, or an area of public interest, further requirements, in particular in relation to:
2. 本条例不妨碍欧盟法律,根据部门、欧洲共同数据空间或公共利益领域的需要,规定进一步的要求,特别是与以下方面相关的要求:

(a) (A)

technical aspects of data access;
数据访问的技术方面;

(b) (二)

limits on the rights of data holders to access or use certain data provided by users;
限制数据持有者访问或使用用户提供的某些数据的权利;

(c) (C)

aspects going beyond data access and use.
超出数据访问和使用范围的方面。

3.   This Regulation, with the exception of Chapter V, is without prejudice to Union and national law providing for access to and authorising the use of data for scientific research purposes.
3. 除第五章外,本条例不妨碍为科学研究目的获取和授权使用数据的联盟和国家法律。

Article 45 第四十五条

Exercise of the delegation
行使代理权

1.   The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
1. 根据本条规定的条件,委员会被授予采取授权行为的权力。

2.   The power to adopt delegated acts referred to in Article 29(7) and Article 33(2) shall be conferred on the Commission for an indeterminate period of time from 11 January 2024.
2. 应授予委员会采取第 29 条第(7)款和第 33 条第(2)款所述授权行为的权力,期限不定,期限自 2024 年 1 月 11 日起。

3.   The delegation of power referred to in Article 29(7) and Article 33(2) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision.
3. 欧洲议会或理事会可随时撤销第 29 条第(7)款和第 33 条第(2)款所述的授权。撤销决定应终止该决定中规定的授权。

It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
该决定应在欧盟官方公报上公布该决定后的第二天或其中指定的较晚日期生效。它不影响任何已经生效的授权行为的有效性。

4.   Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
4. 在通过授权法案之前,委员会应根据 2016 年 4 月 13 日关于更好立法的机构间协议中规定的原则咨询各成员国指定的专家。

5.   As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
5. 一旦通过一项授权法案,委员会应同时通知欧洲议会和理事会。

6.
   A delegated act adopted pursuant to Article 29(7) or Article 33(2) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object.
根据第 29 条第(7)款或第 33 条第(2)款通过的授权法案,只有在欧洲议会或理事会在将该法案通知给欧洲议会后的三个月内没有表示反对的情况下,才应生效。欧洲议会和理事会,或者如果在该期限届满之前,欧洲议会和理事会均通知委员会他们不会反对。

That period shall be extended by three months at the initiative of the European Parliament or of the Council.
根据欧洲议会或理事会的倡议,该期限应延长三个月。

Article 46 第四十六条

Committee procedure 委员会程序

1.   The Commission shall be assisted by the Committee established by Regulation (EU) 2022/868. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
1. 委员会应得到第 (EU) 2022/868 号条例设立的委员会的协助。该委员会应是第 182/2011 号法规 (EU) 含义内的委员会。

2.   Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
2. 当提及本段时,适用第 182/2011 号法规 (EU) 第 5 条。

Article 47 第四十七条

Amendment to Regulation (EU) 2017/2394
(EU) 2017/2394 法规修正案

In the Annex to Regulation (EU) 2017/2394 the following point is added:
在法规 (EU) 2017/2394 的附件中添加了以下几点:

‘29. '29。

Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj).’
欧洲议会和理事会 2023 年 12 月 13 日颁布的关于公平访问和使用数据的统一规则的条例 (EU) 2023/2854 以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法) )( OJ L,2023/2854,2023 年 12 月 22 日,ELI:http://data.europa.eu/eli/reg/2023/2854/oj )。

Article 48 第四十八条

Amendment to Directive (EU) 2020/1828
指令 (EU) 2020/1828 修正案

In Annex I to Directive (EU) 2020/1828 the following point is added:
在指令 (EU) 2020/1828 的附件 I 中添加了以下几点:

‘68. '68。

Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (OJ L, 2023/2854, 22.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2854/oj). ’
欧洲议会和理事会 2023 年 12 月 13 日颁布的关于公平访问和使用数据的统一规则的条例 (EU) 2023/2854 以及修订条例 (EU) 2017/2394 和指令 (EU) 2020/1828(数据法) )( OJ L,2023/2854,2023 年 12 月 22 日,ELI:http://data.europa.eu/eli/reg/2023/2854/oj )。 '

Article 49 第四十九条

Evaluation and review 评估与审查

1.   By 12 September 2028, the Commission shall carry out an evaluation of this Regulation and submit a report on its main findings to the European Parliament and to the Council, and to the European Economic and Social Committee. That evaluation shall assess, in particular:
1. 2028 年 9 月 12 日之前,委员会应对本法规进行评估,并向欧洲议会、理事会以及欧洲经济和社会委员会提交关于其主要调查结果的报告。该评估应特别评估:

(a) (A)

situations to be considered to be situations of exceptional need for the purpose of Article 15 of this Regulation and the application of Chapter V of this Regulation in practice, in particular the experience in the application of Chapter V of this Regulation by public sector bodies, the Commission, the European Central Bank and Union bodies; the number and outcome of the proceedings brought to the competent authority under Article 18(5) on the application of Chapter V of this Regulation, as reported by the competent authorities; the impact of other obligations laid down in Union or national law for the purposes of complying with requests for access to information; the impact of voluntary data-sharing mechanisms, such as those put in place by data altruism organisations recognised under Regulation (EU) 2022/868, on meeting the objectives of Chapter V of this Regulation, and the role of personal data in the context of Article 15 of this Regulation, including the evolution of privacy-enhancing technologies;
就本条例第 15 条的目的和本条例第五章在实践中的应用而言,特别是公共部门机构应用本条例第五章的经验,被认为是特殊需要的情况,委员会、欧洲中央银行和联盟机构;主管当局报告的、适用本条例第五章、根据第 18 条第(5)款向主管当局提起的诉讼的数量和结果;欧盟或国家法律中为遵守信息访问请求而规定的其他义务的影响;自愿数据共享机制(例如根据法规 (EU) 2022/868 认可的数据利他主义组织建立的机制)对实现本法规第五章目标的影响,以及个人数据在以下方面的作用:本条例第 15 条,包括隐私增强技术的演变;

(b) (二)

the impact of this Regulation on the use of data in the economy, including on data innovation, data monetisation practices and data intermediation services, as well as on data sharing within the common European data spaces;
该法规对经济中数据使用的影响,包括数据创新、数据货币化实践和数据中介服务,以及对欧洲共同数据空间内数据共享的影响;

(c) (C)

the accessibility and use of different categories and types of data;
不同类别和类型的数据的可访问性和使用;

(d) (四)

the exclusion of certain categories of enterprises as beneficiaries under Article 5;
根据第 5 条排除某些类别的企业作为受益人;

(e) (五)

the absence of any impact on intellectual property rights;
对知识产权不存在任何影响;

(f) (F)

the impact on trade secrets, including on the protection against their unlawful acquisition, use and disclosure, as well as the impact of the mechanism allowing the data holder to refuse the user’s request under Article 4(8) and Article 5(11), taking into account, to the extent possible, any revision of Directive (EU) 2016/943;
对商业秘密的影响,包括防止非法获取、使用和披露商业秘密的影响,以及允许数据持有者根据第 4 条第(8)款和第 5 条第(11)款拒绝用户请求的机制的影响,尽可能考虑指令 (EU) 2016/943 的任何修订;

(g) (G)

whether the list of unfair contractual terms referred to in Article 13 is up-to-date in light of new business practices and the rapid pace of market innovation;
鉴于新的商业惯例和市场创新的快速步伐,第13条中提到的不公平合同条款清单是否是最新的;

(h) (H)

changes in the contractual practices of providers of data processing services and whether this results in sufficient compliance with Article 25;
数据处理服务提供商的合同做法发生变化,以及这是否足以遵守第 25 条;

(i) (我)

the diminution of charges imposed by providers of data processing services for the switching process, in line with the gradual withdrawal of switching charges pursuant to Article 29;
根据第 29 条逐步取消转换费用,减少数据处理服务提供商对转换过程征收的费用;

(j)

the interplay of this Regulation with other Union legal acts of relevance to the data economy;
本条例与与数据经济相关的其他欧盟法律行为的相互作用;

(k)

the prevention of unlawful governmental access to non-personal data;
防止政府非法获取非个人数据;

(l)

the efficacy of the enforcement regime required under Article 37;
第 37 条所要求的执行制度的效力;

(m) (米)

the impact of this Regulation on SMEs with regard to their capacity to innovate and to the availability of data processing services for users in the Union and the burden of complying with new obligations.
该法规对中小企业的创新能力、欧盟用户数据处理服务的可用性以及遵守新义务的负担的影响。

2.   By 12 September 2028, the Commission shall carry out an evaluation of this Regulation and submit a report on its main findings to the European Parliament and to the Council, and to the European Economic and Social Committee.
2. 2028 年 9 月 12 日之前,委员会应对本法规进行评估,并向欧洲议会、理事会以及欧洲经济和社会委员会提交关于其主要调查结果的报告。

That evaluation shall assess the impact of Articles 23 to 31 and Articles 34 and 35, in particular regarding pricing and the diversity of data processing services offered within the Union, with a special focus on SME providers.
该评估应评估第 23 条至第 31 条以及第 34 条和第 35 条的影响,特别是有关定价和联盟内提供的数据处理服务多样性的影响,并特别关注中小企业提供商。

3.   Member States shall provide the Commission with the information necessary for the preparation of the reports referred to in paragraphs 1 and 2.
3. 成员国应向委员会提供编写第 1 款和第 2 款所述报告所需的信息。

4.   On the basis of the reports referred to in paragraphs 1 and 2, the Commission may, where appropriate, submit a legislative proposal to the European Parliament and to the Council to amend this Regulation.
4. 根据第 1 款和第 2 款提及的报告,委员会可酌情向欧洲议会和理事会提交立法提案,以修订本条例。

Article 50 第五十条

Entry into force and application
生效和适用

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
本法规自其在欧盟官方公报上发布后的第二十天起生效。

It shall apply from 12 September 2025.
自2025年9月12日起施行。

The obligation resulting from Article 3(1) shall apply to connected products and the services related to them placed on the market after 12 September 2026.
第 3(1) 条规定的义务适用于 2026 年 9 月 12 日之后投放市场的互联产品及与之相关的服务。

Chapter III shall apply in relation to obligations to make data available under Union law or national legislation adopted in accordance with Union law, which enters into force after 12 September 2025.
第三章适用于根据欧盟法律或根据欧盟法律通过的国家立法提供数据的义务,该法律将于 2025 年 9 月 12 日后生效。

Chapter IV shall apply to contracts concluded after 12 September 2025.
第四章适用于 2025 年 9 月 12 日之后签订的合同。

Chapter IV shall apply from 12 September 2027 to contracts concluded on or before 12 September 2025 provided that they are:
第四章自 2027 年 9 月 12 日起适用于 2025 年 9 月 12 日或之前签订的合同,前提是:

(a) (A)

of indefinite duration; or
无限期的;或者

(b) (二)

due to expire at least 10 years from 11 January 2024.
自 2024 年 1 月 11 日起至少到期 10 年。

This Regulation shall be binding in its entirety and directly applicable in all Member States.
本法规应具有完整的约束力并直接适用于所有成员国。

Done at Strasbourg, 13 December 2023.
2023 年 12 月 13 日于斯特拉斯堡制定。

For the European Parliament
对于欧洲议会

The President 总统

R. METSOLA  R·梅索拉

For the Council 对于理事会

The President 总统

P. NAVARRO RÍOS  P·纳瓦罗·里奥斯


(1)   OJ C 402, 19.10.2022, p. 5.
( 1 ) OJ C 402,2022 年 10 月 19 日,第 14 页。 5 .

(2)   OJ C 365, 23.9.2022, p. 18.
( 2 ) OJ C 365,2022 年 9 月 23 日,第 3 页。 18 .

(3)   OJ C 375, 30.9.2022, p. 112.
( 3 ) OJ C 375,2022 年 9 月 30 日,第 3 页。 112 .

(4)  Position of the European Parliament of 9 November 2023 (not yet published in the Official Journal) and decision of the Council of 27 November 2023.
( 4 )欧洲议会 2023 年 11 月 9 日的立场(尚未在官方公报上发布)和理事会 2023 年 11 月 27 日的决定。

(5)  Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
( 5 ) 2003 年 5 月 6 日关于微型、小型和中型企业定义的委员会建议 2003/361/EC( OJ L 124,20.5.2003,第 36 页)。

(6)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
( 6 )欧洲议会和理事会 2016 年 4 月 27 日关于在个人数据处理和此类数据自由流动方面保护自然人的条例 (EU) 2016/679,并废除指令 95/ 46/EC(一般数据保护条例)( OJ L 119,4.5.2016,第 1 页)。

(7)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
( 7 )欧洲议会和理事会 2018 年 10 月 23 日颁布的第 (EU) 2018/1725 号条例,涉及在欧盟机构、机构、办公室和机构处理个人数据方面保护自然人以及关于自由此类数据的移动,并废除第 45/2001 号法规 (EC) 和第 1247/2002/EC 号决定( OJ L 295,21.11.2018,第 39 页)。

(8)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).
( 8 )欧洲议会和理事会 2002 年 7 月 12 日关于电子通信领域个人数据处理和隐私保护的指令 2002/58/EC(隐私和电子通信指令)( OJ L 201, 2002 年 7 月 31 日,第 37 页)。

(9)  Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (OJ L 95, 21.4.1993, p. 29).
( 9 ) 1993 年 4 月 5 日关于消费者合同中不公平条款的理事会指令 93/13/EEC ( OJ L 95, 21.4.1993, p. 29 )。

(10)  Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22).
( 10 )欧洲议会和理事会 2005 年 5 月 11 日关于内部市场中企业对消费者不公平商业行为的指令 2005/29/EC 以及修订理事会指令 84/450/EEC、指令 97/7/EC 、欧洲议会和理事会 98/27/EC 和 2002/65/EC 以及欧洲议会和理事会第 2006/2004 号法规 (EC)(“不公平商业行为指令”)( OJ L 149, 2005 年 6 月 11 日,第 22 页)。

(11)  Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council (OJ L 304, 22.11.2011, p. 64).
( 11 )欧洲议会和理事会 2011 年 10 月 25 日关于消费者权利的指令 2011/83/EU,修订理事会指令 93/13/EEC 和欧洲议会和理事会指令 1999/44/EC 并废除欧洲议会和理事会的理事会指令 85/577/EEC 和指令 97/7/EC( OJ L 304,22.11.2011,第 64 页)。

(12)  Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online (OJ L 172, 17.5.2021, p. 79).
( 12 )欧洲议会和理事会 2021 年 4 月 29 日关于解决在线传播恐怖主义内容的第 (EU) 2021/784 号条例( OJ L 172,2021 年 5 月 17 日,第 79 页)。

(13)  Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (OJ L 277, 27.10.2022, p. 1).
( 13 )欧洲议会和理事会 2022 年 10 月 19 日关于数字服务单一市场的法规 (EU) 2022/2065 和修订指令 2000/31/EC(数字服务法)( OJ L 277,27.10.2022 ,第 1 页)。

(14)  Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (OJ L 191, 28.7.2023, p. 118).
( 14 )欧洲议会和理事会 2023 年 7 月 12 日关于刑事诉讼中电子证据和刑事诉讼后监禁判决执行的欧洲生产令和欧洲保存令的条例 (EU) 2023/1543 ( OJ L 191 ,2023 年 7 月 28 日,第 118 页)。

(15)  Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings (OJ L 191, 28.7.2023, p. 181).
( 15 ) 2023 年 7 月 12 日欧洲议会和理事会指令 (EU) 2023/1544 制定了关于在刑事诉讼中收集电子证据的指定机构和法律代表任命的统一规则 ( OJ L 191,2023 年 7 月 28 日,第 181 页)。

(16)  Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
( 16 )欧洲议会和理事会 2015 年 5 月 20 日颁布的关于资金转移信息的法规 (EU) 2015/847 和废除法规 (EC) No 1781/2006 ( OJ L 141, 5.6.2015, p. 1) )。

(17)  Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
( 17 )欧洲议会和理事会 2015 年 5 月 20 日关于防止利用金融系统进行洗钱或恐怖主义融资的指令 (EU) 2015/849,修订了 (EU) No 648/ 条例2012 年欧洲议会和理事会指令,并废除欧洲议会和理事会指令 2005/60/EC 以及委员会指令 2006/70/EC( OJ L 141,2015 年 6 月 5 日,第 73 页)。

(18)  Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).
( 18 )欧洲议会和理事会 2019 年 4 月 17 日关于产品和服务的无障碍要求的指令 (EU) 2019/882( OJ L 151,2019 年 6 月 7 日,第 70 页)。

(19)  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (OJ L 167, 22.6.2001, p. 10).
( 19 )欧洲议会和理事会 2001 年 5 月 22 日关于协调信息社会版权及相关权某些方面的指令 2001/29/EC( OJ L 167,22.6.2001,第 10 页)。

(20)  Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (OJ L 157, 30.4.2004, p. 45).
( 20 )欧洲议会和理事会 2004 年 4 月 29 日关于知识产权执法的第 2004/48/EC 号指令( OJ L 157,2004 年 4 月 30 日,第 45 页)。

(21)  Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92).
( 21 )欧洲议会和理事会 2019 年 4 月 17 日关于数字单一市场版权及相关权的指令 (EU) 2019/790 以及修订指令 96/9/EC 和 2001/29/EC ( OJ L 130 ,2019 年 5 月 17 日,第 92 页)。

(22)  Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (OJ L 152, 3.6.2022, p. 1).
( 22 )欧洲议会和理事会 2022 年 5 月 30 日关于欧洲数据治理的法规 (EU) 2022/868 和修订法规 (EU) 2018/1724(数据治理法)( OJ L 152, 3.6.2022, p 1 ).

(23)  Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1).
( 23 )欧洲议会和理事会 2016 年 6 月 8 日关于保护未公开的专有技术和商业信息(商业秘密)免遭非法获取、使用和披露的指令 (EU) 2016/943( OJ L 157, 2016 年 6 月 15 日,第 1 页)。

(24)  Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers (OJ L 80, 18.3.1998, p. 27).
( 24 )欧洲议会和理事会 1998 年 2 月 16 日关于在向消费者提供的产品价格中保护消费者的指令 98/6/EC( OJ L 80,18.3.1998,第 27 页)。

(25)  Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) (OJ L 178, 17.7.2000, p. 1).
( 25 )欧洲议会和理事会 2000 年 6 月 8 日关于内部市场中信息社会服务,特别是电子商务的某些法律问题的第 2000/31/EC 号指令(“电子商务指令”)( OJ L 178,2000 年 7 月 17 日,第 1 页)。

(26)  Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (OJ L 265, 12.10.2022, p. 1).
( 26 )欧洲议会和理事会 2022 年 9 月 14 日关于数字领域可竞争和公平市场的法规 (EU) 2022/1925 以及修订指令 (EU) 2019/1937 和 (EU) 2020/1828(数字市场)法)( OJ L 265,2022 年 10 月 12 日,第 1 页)。

(27)  Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164).
( 27 )欧洲议会和理事会 2009 年 3 月 11 日关于欧洲统计的第 (EC) 223/2009 号条例,并废除欧洲议会和理事会关于传输数据的第 1101/2008 号条例 (EC、Euratom)数据须遵守欧洲共同体统计办公室统计机密、关于共同体统计的理事会 (EC) 第 322/97 号条例以及理事会第 89/382/EEC 号决定,欧洲原子能共同体建立欧洲共同体统计计划委员会 ( OJ L 87,2009 年 3 月 31 日,第 164 页)。

(28)  Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).
( 28 )欧洲议会和理事会 2019 年 6 月 20 日关于开放数据和公共部门信息再利用的指令 (EU) 2019/1024( OJ L 172,2019 年 6 月 26 日,第 56 页)。

(29)  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).
( 29 )欧洲议会和理事会 1996 年 3 月 11 日关于数据库法律保护的第 96/9/EC 号指令( OJ L 77, 27.3.1996, p. 20 )。

(30)  Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union (OJ L 303, 28.11.2018, p. 59).
( 30 )欧洲议会和理事会 2018 年 11 月 14 日关于欧盟非个人数据自由流动框架的法规 (EU) 2018/1807( OJ L 303,28.11.2018,第 59 页) )。

(31)  Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (OJ L 136, 22.5.2019, p. 1).
( 31 )欧洲议会和理事会 2019 年 5 月 20 日关于数字内容和数字服务供应合同某些方面的指令 (EU) 2019/770( OJ L 136,2019 年 5 月 22 日,第 1 页)。

(32)  Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).
( 32 )欧洲议会和理事会 2022 年 12 月 14 日关于金融部门数字运营弹性的法规 (EU) 2022/2554 以及修订法规 (EC) No 1060/2009、(EU) No 648/2012,( EU) No 600/2014、(EU) No 909/2014 和 (EU) 2016/1011( OJ L 333,27.12.2022,第 1 页)。

(33)  Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).
( 33 )欧洲议会和理事会 2012 年 10 月 25 日关于欧洲标准化的第 1025/2012 号法规 (EU),修订理事会指令 89/686/EEC 和 93/15/EEC 以及指令 94/9/EC、94欧洲议会/25/EC、95/16/EC、97/23/EC、98/34/EC、2004/22/EC、2007/23/EC、2009/23/EC 和 2009/105/EC并废除理事会第 87/95/EEC 号决定以及欧洲议会和理事会第 1673/2006/EC 号决定( OJ L 316,2012 年 11 月 14 日,第 12 页)。

(34)  Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 (OJ L 218, 13.8.2008, p. 30).
( 34 )欧洲议会和理事会 2008 年 7 月 9 日颁布的第 (EC) 765/2008 号法规规定了认证要求并废除了 (EEC) 339/93 号法规( OJ L 218,2008 年 8 月 13 日,第 34 页)。 30 )。

(35)  Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008 on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC (OJ L 218, 13.8.2008, p. 82).
( 35 )欧洲议会和理事会 2008 年 7 月 9 日关于产品营销共同框架的第 768/2008/EC 号决定,并废除理事会第 93/465/EEC 号决定( OJ L 218, 13.8.2008,第 82 页)。

(36)  Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1).
( 36 )欧洲议会和理事会 2017 年 12 月 12 日关于负责执行消费者保护法的国家当局之间合作的条例 (EU) 2017/2394 和废除条例 (EC) No 2006/2004 ( OJ L 345, 2017 年 12 月 27 日,第 1 页)。

(37)  Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
( 37 )欧洲议会和理事会 2020 年 11 月 25 日关于保护消费者集体利益的代表行动的指令 (EU) 2020/1828 和废除指令 2009/22/EC ( OJ L 409, 4.12.2020 ,第 1 页)。

(38)   OJ L 123, 12.5.2016, p. 1.
( 38 ) OJ L 123,2016 年 5 月 12 日,第 12 页。 1 .

(39)  Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
( 39 )欧洲议会和理事会 2011 年 2 月 16 日第 (EU) No 182/2011 号条例,规定了有关成员国控制委员会行使执行权力的机制的规则和一般原则( OJ L 55, 2011 年 2 月 28 日,第 13 页)。


ELI: http://data.europa.eu/eli/reg/2023/2854/oj
ELI:http://data.europa.eu/eli/reg/2023/2854/oj

ISSN 1977-0677 (electronic edition)
ISSN 1977-0677(电子版)


Top 顶部