🔥 热搜 🔥
1bxss.mesearch/etc/shells@纽约时间@诉说趣闻search/./\bxss.mehttp:bxss.me/\\bxss.me
分类
社会娱乐国际人权科技经济其它
🔥 热搜 🔥
1bxss.mesearch/etc/shells@纽约时间@诉说趣闻search/./\bxss.mehttp:bxss.me/\\bxss.me
分类
社会娱乐国际人权科技经济其它
查看原文
其他

高端视野|吴沈括 Deuse Clément:欧盟数字主权与《数据法案》立法进程

梦溪拾笔 数字治理全球洞察 2022-08-27
收录于合集
#数字治理 27 个
#欧盟 26 个
#数据法案 10 个
#数字主权 3 个
#数据治理 22 个



全球数字治理前沿系列研究之:

欧盟数字主权与《数据法案》立法进程


吴沈括
网络法治国际中心执行主任、博导
中国互联网协会研究中心副主任Deuse Clément 网络法治国际中心研究助理
QUESTION PRESENTEDThe European Commission was supposed to present in the third quarter of 2021 its Data Act, supposed to “foster business to business and business to government data sharing for the public interest”. Due to internal delays, this deadline has been extended to the end of February 2022. It is believed to be the next cornerstone of data regulation at the European level after the General Data Protection Regulation (GDPR).This memorandum will outline the (thought) main characteristics of the upcoming legislation, its background, its status, and the future steps in its implementation. SHORT SUMMARYThe EU Data Act is supposed to be the next legislative instrument implemented by the European Union (EU) in the protection of individuals’ data. After its General Data Protection Regulation (GDPR), the current cornerstone of data transfer between individuals (B2C and B2B), the EU aims at tackling the same relationship between business (B2B), and business and public authorities (B2G) through this new act presented as “the horizontal legislation for the sharing of data for the public interest”. In a recent document leaked by the Brussels-based newspaper Euractiv, the draft proposal, which is supposed to be presented on February 23rd by the European Commission will define, among others, the rules for sharing data, conditions for access by public bodies, international data transfers, cloud switching and interoperability. It is set to apply to the manufacturers of connected products, digital services providers, and the users in the EU. BACKGROUND, PURPOSE AND VALUESThe forthcoming act is one of the EU’s attempts to tackle the constantly evolving digital environment and was supposed to be part of the “2021 new digital generation” of legislation praised by EU leaders through the “European strategy for data”. The aim is to upgrade the bloc’s data strategy through a reinforcement of its strategic autonomy and build its own single market for data alongside the Digital Services Act/Digital Markets Act and the Data Governance Act. These common European data spaces will ensure that more data becomes available for use in the economy and society, while keeping the companies and individuals who generate the data in control. One of the main goals is also to give the right to individuals to access the data they help create, as the leaked proposal reads: “the volume of data generated by humans and machines has been increasing exponentially, but most data are unused, or their value is concentrated in the hands of relatively few large companies”. One can see in this last sentence a pledge of the EU to redistribute the rights linked to data between users and services providers, in line with the ever-going fight of the EU for more market fairness and consumers protection. The leaked proposal that will be analysed here has been read and summarised by a columnist of the newspaper Euractiv and might not reflect accurately the content of the final version of the draft that will be proposed to the Parliament on the 23rd at the earliest. The first point that is addressed by the draft proposal is a repetition of the right to access data by the user of the service proposed by the data holder. In this sense, the user should by default be granted access to each data they contribute to generate and should be able to do whatever they want with it, notably sharing it with third parties free of charge and without the data holder being able to prevent it by whatever mean. However, users and holders can agree on ways to guarantee the confidentiality of such data, for instance in the case of trade secrets. Furthermore, the user will never be allowed to share it with potential competitors of the data holder. This point tries to find a balance point between the economic interest of the holders and the natural right of users to have access to what they participate creating. The use of NDA in such relationships will be reinforced but cannot constrain the user to not being able to share it to non-competitors. This right to access data is further analysed through their public access. The act will allow public authorities to access data held by service providers in certain circumstances, such as public health emergencies, natural disasters, terrorist attacks, or to fulfil legal obligations. Such requests should always be proportionate and not detrimental to the data holder whose role is to pseudonymise data as much as possible. This aspect of data sharing has been particularly showcased by the terrorist attacks waves that have struck Europe starting from 2015 and led to freedom-restrictive legislations, as well as by the ongoing Covid-19 pandemic that required exceptional access to health and geolocation data. On even more advanced obligations, data holder shall take “all reasonable measures to prevent governmental access or transfers of non-personal data that would conflict with European laws”. This aspect of data transfer restrictions comes from the will of EU to develop its digital sovereignty by preventing the transfer of its citizens’ data to third countries with lower protection level, in particular the US and China. The second topic addressed are the unfair contractual obligations where the burden of proof is interestingly reversed to the data holder: where a service user considers that some contractual conditions are unfair, unreasonable, or discriminatory, the data holder shall prove otherwise before national courts. This interesting change comes in line with the mission of the EU to protection consumers in their interactions with service providers, in particular when those service providers have such power as the “big data” giants. The last big topic is the cloud switching where the Commission wants to increase the obligations in such contracts to facilitate the process by imposing a “functional equivalence” with the use of open standards or interoperability interfaces for all services. Those would be commissioned by organisations hired to draft such standards. CURRENT STATUS AND NEXT STEPSThe European law-making system is very particular and will be analysed here. The “ordinary procedure” that will follow this act was also called the “codecision procedure” prior to the adoption of the Lisbon Treaty in 2007. It is the main decision-making procedure used for adopting EU legislation. In simple terms, the right to legislative initiative has only been granted to the Commission, which is one of the executive branches of the EU with the two Councils. On the other hand, the legislators, or those who vote on the proposals of the Commission are the Parliament and the Council of the EU. At the proposal stage, the drafts are discussed internally and sometimes voted by Commission members. Currently, the proposal of the Data Act is still at the state of draft, meaning that it is not official and ready to be presented to the Parliament and the Council of the EU for approval, but should be presented by February 23rd at the earliest. After being presented, the proposal is subject to a first reading by the Parliament. At the end of this reading, it may simply adopt it or make amendments, after which it is sent to the Council, which can approve the Parliament’s decision, in which case the proposal would be adopted, or amend it and send it back to the Parliament for a second reading. Through the second reading, the Parliament may adopt the Council’s position, reject, or amend it. In the former case, the act would be adopted, in the latter two it is sent back to the Council for a second reading. If the Council does not approve the Parliament’s amendments a conciliation committee made of equal number of members of the Parliament and Council representatives will be convened to smoothen the next step of the legislative process, which is the third reading. The goal of the committee is to find a proposal acceptable by both institutions. During the third and final reading, only one option can lead to the adoption of the proposal: two acceptance decision by both institutions. If one of them fails to agree on the proposal, the procedure will end, and the proposal will not be further discussed. At this stage, it is obvious that being still at the stage of draft, the proposal of the Data Act will not be adopted anytime soon. However, strong connections exist between the European institutions, and it is probable that the draft proposal that has been leaked and the actual proposal that will be presented will already give a good overview of what the numeric legislative landscape of the EU will look like in the coming years. CONCLUSIONThe EU Data Act is the next legislative weapon of the EU in its fight for its numeric sovereignty towards foreign governments and big tech companies.Though still at the stage of draft, the proposal of the Data Act that has leaked a few weeks ago portrays an ever more protecting EU through the implementation of a bigger right to access data by the users of digital services and a legal framework for the access to data by public authorities, while ensuring that such data could never end up in jurisdictions that would not protect their citizens’ data as much as their standards. The forthcoming act is therefore a reinforcement of the conditions laid out in the current data protection legislations.



— END —


网络法治国际中心 | 跨境数据治理前沿系列:

高端视野 | 吴沈括 邓立山:APEC框架下的数据跨境规则研究

高端视野 | 吴沈括 邓立山:DEPA框架下的数据跨境规则研究
高端视野 | 吴沈括 邓立山:G20框架下的数据跨境规则研究
高端视野|吴沈括 邓立山:CPTPP框架下的数据跨境规则研究
高端视野|吴沈括 邓立山:RCEP框架下的数据跨境规则研究
高端视野|吴沈括 邓立山:APEC框架下关于数据跨境的CBPR规则研究

图文编辑:北京师范大学  黄诗亮

您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存