立场文件——数字综合巴士提案

February2026 ACEAposition paperProposal for a Digital Omnibus RECOMMENDATIONS I.DATA ACQUIS 1.Reject the proposal to amend the definition of data holder in Article 1(2)(b)of the 2.Amend the definition of “machine-readable data” to encompasses data transmittedthrough any on-device or remote-server communication interfaceinArticle 1(2)(e) of 3.Delete the reference to“data users”in the definition of“permission”in article 2(4)(b) 4.Extend the financial penalty regime set out in Article 40 of the Data Act to dataintermediation service providers and data altruism organisations in Article 1(18) of 5.Expand the proposed membership of the European Data Innovation Board toinclude industry and service representatives in Article 1(22) of the Proposal. 6.Consolidate Articles 4(13) and (14)of the Data Act into a single, comprehensiveprovision governing the use of readily available data that is non-personal. 7.Repealex antenotification requirements laid down in the Data Act to easeadministrative burden for data holders and notified bodies (Articles4(2), (7), (8); 8.Repeal requirements of the Data Act for data holders to disclose information settingout the basis for the calculation of the compensation to third parties (Articles9(7) 9.Repeal Article 32 of the Data Act on the transfer of data to third countries; relevantGDPR provisions should exclusively apply to international data transfers. 10.Repeal Article 20a(3) of the Renewable Energy Directive(EU) 2023/2413. II.DATA PROTECTION AND PRIVACY 1.Permit further processing of data for scientific research purposes supportinginnovation, even when conducted by private companies for commercial purposes. 2.Amend rules on the processing of special categories of personal data for AI bynarrowing the prohibition to processing which directly reveals sensitive attributesabout a data subject, revising the restrictions in Article 9(5) to enable meaningful 3.Broaden the exceptions in Article 12(5) GDPR to allow data controllers to chargereasonable fees, or reject a data subject’s request, when it is manifestly unfounded 4.Limit the documentation requirements in Article 33(5)GDRPto breaches that arelikely to result in a high risk to the rights and freedoms of natural persons. 5.Expand the Commission’s empowerment under the proposednewArticle 41a to 6.Amend the proposed new rules for accesstoand storageofthe data held on ausers’ devices by allowing the storage of and access to data on terminal equipmentbased on any lawful processing groundof theGDPR,ensuring consistency in the 7.Incorporate the EU principle of proportionality, as enshrined in Article 5(4) TEU, intoArticle 5 GDPR. III.CYBERSECURITY 1.Standardise the process for reporting relevant incidents under all relevantEUcybersecurity instruments,developingstandard templatesand defining a set of 2.Adopt a risk-based approach to cybersecurity reporting by exempting small-entities,limiting requirements to information systems that support critical and highly critical EXECUTIVE SUMMARY Vehicle manufacturers have become integral to the digital economy, with modern vehiclesacting as platforms for advanced technologies, connectivity, and innovative business models.This positions the automotive sector as a key reference point for the development anddeployment of new digital solutions in Europe. Yet,theyare required to comply with a The European Automobile Manufacturers’ Association(ACEA)therefore welcomes theEuropeanCommission’sproposal for aDigital Omnibus as a crucial step toward a morecoherent and business-friendly regulatoryenvironmentandput forward proposals on key DATAACQUIS ACEA supports simplifying data-sharing rules and limiting public-sector access to privatelyheld data to genuine emergencies. However,some changes tabled by the Commission need The Commission’s proposed changes to several of the Data Act’s definitions raise concerns.Thenewdefinition of “data holder” should be rejected, asitcreateslegal uncertainty andextend obligations to actors without real data control. Definitions of“machine-readable Furthermore, the Data Act’s enforcementmechanismshould be harmonised byextendingfinancial penalties to data intermediaries and data altruism organisations, ensuring Finally,membership of the European Data Innovation Board should be extended to In addition,further improvements to the Data Act are needed. ACEA calls for afundamental streamlining of reporting and transparency obligationsunder the Data Actby repealing ex-ante notifications requirements,as they create The Data Act’srestrictive reliance on contractual consent for non-personal data useshould be revised. Articles 4(13) and 4(14) should be consolidated to clarify legitimate TheData Act’s rules on international data transfers should aligned withGeneral Data Protection Regulation(GDPR)transfer mechanisms, to avoid duplication, legaluncertainty, and excessive compliance costs for globally operating companies. Finally,Article 20a(3) ofRenewable