Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Data Governance Act
- Recitals
CHAPTER I
General provisionsArticles 1 — 2
CHAPTER II
Re-use of certain categories of protected data held by public sector bodiesArticles 3 — 9
CHAPTER III
Requirements applicable to data intermediation servicesArticles 10 — 15
CHAPTER IV
Data altruismArticles 16 — 25
CHAPTER V
Competent authorities and procedural provisionsArticles 26 — 28
CHAPTER VI
European Data Innovation BoardArticles 29 — 30
CHAPTER VII
International access and transferArticles 31 — 31
CHAPTER VIII
Delegation and committee procedureArticles 32 — 33
CHAPTER IX
Final and transitional provisionsArticles 34 — 38
DGA Article 9. Procedure for requests for re-use
- 1.Unless shorter time limits have been established in accordance with national law, the competent public sector bodies or the competent bodies referred to in Article 7(1) shall adopt a decision on the request for the re-use of the categories of data referred to in Article 3(1) within two months of the date of receipt of the request. In the case of exceptionally extensive and complex requests for re-use, that two-month period may be extended by up to 30 days. In such cases the competent public sector bodies or the competent bodies referred to in Article 7(1) shall notify the applicant as soon as possible that more time is needed for conducting the procedure, together with the reasons for the delay.
- 2.Any natural or legal person directly affected by a decision as referred to in paragraph 1 shall have an effective right of redress in the Member State where the relevant body is located. Such a right of redress shall be laid down in national law and shall include the possibility of review by an impartial body with the appropriate expertise, such as the national competition authority, the relevant access-to-documents authority, the supervisory authority established in accordance with Regulation (EU) 2016/679 or a national judicial authority, whose decisions are binding upon the public sector body or the competent body concerned.
Relevant Recitals for this Article
This Regulation should lay down conditions for re-use of protected data that apply to public sector bodies designated as competent under national law to grant or refuse access for re-use, and which are without prejudice to rights or obligations concerning access to such data. Those conditions should be non-discriminatory, transparent, proportionate and objectively justified, while not restricting competition, with a specific focus on promoting access to such data by SMEs and start-ups. The conditions for re-use should be designed in a manner promoting scientific research so that, for example, privileging scientific research should, as a rule, be considered to be non-discriminatory. Public sector bodies allowing re-use should have in place the technical means necessary to ensure the protection of rights and interests of third parties and should be empowered to request the necessary information from the re-user. Conditions attached to the re-use of data should be limited to what is necessary to preserve the rights and interests of third parties in the data and the integrity of the information technology and communication systems of the public sector bodies. Public sector bodies should apply conditions which best serve the interests of the re-user without leading to a disproportionate burden on the public sector bodies. Conditions attached to the re-use of data should be designed to ensure effective safeguards with regard to the protection of personal data. Before transmission, personal data should be anonymised, in order not to allow the identification of the data subjects, and data containing commercially confidential information should be modified in such a way that no confidential information is disclosed. Where the provision of anonymised or modified data would not respond to the needs of the re-user, subject to fulfilling any requirements to carry out a data protection impact assessment and consult the supervisory authority pursuant to Articles 35 and 36 of Regulation (EU) 2016/679 and where the risks to the rights and interests of data subjects have been found to be minimal, on-premise or remote re-use of the data within a secure processing environment could be allowed.