(5)`data subject` means a legal person or a data subject who has the right under applicable Union or national law to grant access to or disclose specific personal or non-personal data under his or her control; The current initiative covers different types of data brokers that process personal and non-personal data. Therefore, interaction with personal data legislation is particularly important. With the General Data Protection Regulation (GDPR) 4 and the ePrivacy Directive 5, the EU has created a strong and reliable legal framework for the protection of personal data and a standard for the world. 3. A provider of data exchange services which is not established in the Union but which offers the services referred to in Article 9(1) in the Union shall designate a legal representative in one of the Member States where those services are offered. The provider shall be competent for the Member State in which the legal representative is established. (5) The idea that data generated at the expense of public budgets should benefit society has long been part of Union policy. Directive (EU) 2019/1024 and sectoral legislation ensure that the public sector makes the data it produces more readily available for use and re-use. Certain categories of data (confidential business data, data subject to statistical confidentiality, data protected by intellectual property rights of third parties, including trade secrets and personal data not accessible on the basis of specific national or Union rules, such as Regulation (EU) 2016/679 and Directive (EU) 2016/680) are often not made available in public databases. Not even for research or innovative activities. Due to the sensitivity of this data, certain technical and legal procedural requirements must be fulfilled before it is made available in order to ensure that the rights of others in relation to this data are respected.

As a rule, these requirements take a lot of time and knowledge. This has led to insufficient use of this data. While some Member States put in place structures, procedures and sometimes legislation to facilitate this type of re-use, this is not the case across the Union. (4) Action at Union level is necessary to remove obstacles to the proper functioning of the data economy and to establish a Union-wide governance framework for access to and use of data, in particular as regards the re-use of certain types of data held by the public sector and the provision of services by data exchange providers to business users and data subjects; as well as the collection and processing of data provided by natural and legal persons for altruistic purposes. The goal of this approach is to ensure that data exchange services are open and collaborative, while empowering individuals and legal entities by giving them better overview and control over their data. A competent authority designated by the Member States shall be responsible for monitoring compliance with the requirements related to the provision of such services. (15)`representative` means any natural or legal person established in the Union who has been explicitly designated to act on behalf of a data exchange service provider or an entity that collects data for purposes of public interest provided by natural or legal persons on the basis of data altruism not established in the Union and to whom a competent national authority instead of the data exchange services data provider or entity in relation to the obligations of that data exchange service provider or body established by this Regulation. (14) Businesses and data subjects should be able to trust that the re-use of certain categories of protected data held by the public sector will respect their rights and interests. Therefore, additional safeguards should be provided for situations where the re-use of such public sector data is based on data processing outside the public sector.

Such an additional safeguard could be that public sector bodies should take full account of the rights and interests of natural and legal persons (in particular the protection of personal data, commercially sensitive data and intellectual property rights) when transferring such data to third countries. (11) Where a provider provides tools to obtain the consent of data subjects or authorisations provided by legal persons to process data, it shall indicate the jurisdiction(s) in which the use of the data is to take place. 6. Where a data exchange service provider has its main establishment or legal representative in one Member State, but provides services in other Member States, the competent authority of the Member State of the main establishment or of the Member State in which the legal representative is established shall cooperate and lend itself to each other. Such assistance and cooperation may include the exchange of information between the competent authorities concerned and requests to take the measures referred to in this Article. (1) The provider shall not use the data for which it provides services for purposes other than making them available to data users, and the data-sharing services shall be hosted in a separate legal entity; (4)`metadata` means data collected on any activity of a natural or legal person for the purpose of providing a data-sharing service, including date, time and geolocation data, duration of activity and links with other natural or legal persons established by the person using the service; 4. Any natural or legal person concerned by a decision of a public body or a competent body shall have the right to an effective judicial remedy against that decision before the courts of the Member State in which that body has its seat.