BETA

79 Amendments of Heinz K. BECKER related to 2017/0003(COD)

Amendment 143 #
Proposal for a regulation
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21, also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88)legal persons to the extent necessary for protecting the secrecy of communications.
2017/07/14
Committee: LIBE
Amendment 165 #
Proposal for a regulation
Recital 8 a (new)
(8a) This Regulation permits the processing of electronic communications data and of information conveyed to, stored in, retrieved from or otherwise processed in relation to terminal equipment to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of networks or information systems to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted electronic communications data, and the security of the related services offered by, or accessible via, those networks and systems. Such processing is permitted to providers of electronic communications networks and services, to users, as well as to relevant third parties such as public authorities, computer emergency response teams (CERTs), computer security incident response teams (CSIRTs) and providers of security technologies and services.
2017/07/14
Committee: LIBE
Amendment 177 #
Proposal for a regulation
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to- machine communications. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to-machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU.deleted
2017/07/14
Committee: LIBE
Amendment 197 #
Proposal for a regulation
Recital 16
(16) The prohibition of storage of communications during conveyance is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
2017/07/14
Committee: LIBE
Amendment 206 #
Proposal for a regulation
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consent in accordance with Regulation (EU) No 2016/679. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users’ consent tocomply with Regulation (EU) No 2016/679 when processing electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 230 #
Proposal for a regulation
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end- user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposes.
2017/07/14
Committee: LIBE
Amendment 231 #
Proposal for a regulation
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, and hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end- users terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposeshere lawful under one of the conditions set out in Article 6 of Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 235 #
Proposal for a regulation
Recital 21
(21) Exceptions to the obligation to obtain consent to makedemonstrate that use of the processing and storage capabilities of terminal equipment or to accessing of information stored in terminal equipment is lawful under Article 6 of Regulation 2016/679 should be limited to situations that involve no, or only very limited, intrusion of privacy or where a legitimate interest is at stake. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic tofrom a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user’s settings or ensure that they are able to do so in accordance with the relevant provisions and the mere logging of the fact that the end-user’s device is unable to receive all or some of the content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
2017/07/14
Committee: LIBE
Amendment 239 #
Proposal for a regulation
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.deleted
2017/07/14
Committee: LIBE
Amendment 248 #
Proposal for a regulation
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should be presented in an easily visible and intelligible manner.deleted
2017/07/14
Committee: LIBE
Amendment 256 #
Proposal for a regulation
Recital 24
(24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-users from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.deleted
2017/07/14
Committee: LIBE
Amendment 295 #
Proposal for a regulation
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable end-users using electronic communications services. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation. It should not apply to the communication for scientific re-search purposes like market and opinion research.
2017/07/14
Committee: LIBE
Amendment 324 #
Proposal for a regulation
Recital 42
(42) Since the objective of this Regulation, namely to ensure an equivalent level of protection of natural and legal persons and the free flow of electronic communications data throughout the Union, cannot be sufficiently achieved by the Member States and can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.
2017/07/14
Committee: LIBE
Amendment 326 #
Proposal for a regulation
Article 1 – paragraph 2
2. This Regulation ensures, in accordance with Regulation (EU) No 2016/679, free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
2017/07/14
Committee: LIBE
Amendment 329 #
Proposal for a regulation
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2.deleted
2017/07/14
Committee: LIBE
Amendment 335 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.
2017/07/14
Committee: LIBE
Amendment 342 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
(c) electronic communications services which are not publicly available pursuant to Article 2(2)(c) of Regulation (EU) No 2016/679;
2017/07/14
Committee: LIBE
Amendment 358 #
Proposal for a regulation
Article 3 – paragraph 2
2. Where the provider of an electronic communications service is not established in the Union it shall designate in writing a representative in the Union, Article 27 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 385 #
Proposal for a regulation
Article 4 – paragraph 3 – point f
(f) 'direct marketing communications' means any form of advertisingcommunication for the purpose of promoting products and services, whether written or oral, sent to one or moredirectly to an identified or identifiable end- users of electronican interpersonal communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail, SMS, etc. For the purposes of this regulation an interpersonal communications service shall also include a service that is not provided for remuneration;
2017/07/14
Committee: LIBE
Amendment 394 #
Proposal for a regulation
Chapter 2 – title
PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL PERSONS AND OF INFORMATION STORED IN THEIR TERMINAL EQUIPMENT
2017/07/14
Committee: LIBE
Amendment 395 #
Proposal for a regulation
Article 5 – title
Confidentiality of electronic communications datacontent
2017/07/14
Committee: LIBE
Amendment 402 #
Proposal for a regulation
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data during conveyance, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications datacontent, by persons other than the end- users, shall be prohibited, except when permitted by this Regulation.
2017/07/14
Committee: LIBE
Amendment 407 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
For the implementation of the previous paragraph, providers of electronic communications networks and services shall take technical and organisational measures as defined in Article 32 of Regulation (EU) 2016/679.Additionally, to protect the integrity of terminal equipment and the safety, security and privacy of users, providers or electronic communications networks and services shall take appropriate measures based on the risk and on the state of the art reasonably to prevent the distribution through their networks or services of malicious software is referred to in Article 7 Sub-Paragraph (a) of Directive 2013/40/EU.
2017/07/14
Committee: LIBE
Amendment 413 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
1. Providers of eElectronic communications networks and servicesdata may be process electronic communications dataed if:
2017/07/14
Committee: LIBE
Amendment 418 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose; ordeleted
2017/07/14
Committee: LIBE
Amendment 435 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security or availability of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
2017/07/14
Committee: LIBE
Amendment 436 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security or availability of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
2017/07/14
Committee: LIBE
Amendment 443 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
1 a. Providers of electronic communications networks and services, users and any third party who can demonstrate a legitimate interest may process electronic communications data to the extent strictly necessary and proportionate for the purpose of ensuring network and information security, notably in order to: (a) protect the confidentiality, integrity, availability, authenticity of electronic communications or of terminal equipment; (b) protect the privacy and safety of users or of third parties; (c) maintain or restore the confidentiality, integrity, availability, authenticity of electronic communications networks and services; (d) detect technical faults and/or errors in the transmission of electronic communications.
2017/07/14
Committee: LIBE
Amendment 447 #
Proposal for a regulation
Article 6 – paragraph 2
2. Providers of electronic communications services may process electronic communications metadata if: (a) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or (b) it is necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or (c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous. _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1– 18).deleted
2017/07/14
Committee: LIBE
Amendment 453 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
2. Providers of eElectronic communications servicesmetadata may be process electronic communications metadataed only if:
2017/07/14
Committee: LIBE
Amendment 458 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
(b) it is necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services, or planning and optimising the network or related subscriptions; or
2017/07/14
Committee: LIBE
Amendment 471 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including fora legitimate ground in accordance with Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the provisioncessing of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymousrsonal data and on the free movement of such data, and repealing Directive 95/46/EC (‘General Data Protection Regulation’) is applicable.
2017/07/14
Committee: LIBE
Amendment 478 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
2 a. Article 6 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 482 #
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
3. Providers of the eElectronic communications servicescontent may be process electronic communications contented only:
2017/07/14
Committee: LIBE
Amendment 488 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and, or the provision of that service cannot be fulfilled without the processing of such content; or
2017/07/14
Committee: LIBE
Amendment 496 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
3 a. In so far as providers of electronic communications services are processing and receiving communications content to and by the end-user, the provisions of this regulation shall not apply but regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 497 #
Proposal for a regulation
Article 6 – paragraph 3 b (new)
3 b. (a) The service provider may collect and use the personal data of a recipient of a service only to the extent necessary to enable and invoice the use of services (data on usage).Data on usage are in particular characteristics to identify the recipient of the service, details of the beginning and end of the scope of the respective usage, and details of the services used by the recipient of the service. (b) The service provider may collate a recipient's usage data regarding the use of different services to the extent necessary for invoicing the recipient of the service. (c) For the purposes of advertising, market research or in order to design the services in a needs-based manner, the service provider may produce profiles of usage based on pseudonyms to the extent that the recipient of the service does not object to this.The service provider must refer the recipient of the service to his right of refusal.These profiles of usage must not be collated with data on the bearer of the pseudonym without his consent (opt-in).
2017/07/14
Committee: LIBE
Amendment 501 #
Proposal for a regulation
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipientwhen it is no longer necessary for the operation of such services. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 503 #
Proposal for a regulation
Article 7 – paragraph 2
2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communicationoperation of such services.
2017/07/14
Committee: LIBE
Amendment 507 #
Proposal for a regulation
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadata may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.deleted
2017/07/14
Committee: LIBE
Amendment 510 #
Proposal for a regulation
Article 8 – title
Protection of information stored in and related to end-users’transmitted to, stored in and collected from terminal equipment
2017/07/14
Committee: LIBE
Amendment 518 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except onermissible if one of the following grounds applies:
2017/07/14
Committee: LIBE
Amendment 520 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
2017/07/14
Committee: LIBE
Amendment 525 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent or there is another legitimate ground within the meaning of Article 6 of Regulation (EU) 2016/679; or
2017/07/14
Committee: LIBE
Amendment 529 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user, particularly in order to preserve the integrity or security of the information society service or access to it, to improve what is offered or for measures to protect against unauthorised use of the service in accordance with the terms and conditions of use relating to the provision of services to the end-user; or
2017/07/14
Committee: LIBE
Amendment 537 #
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
(c a) it is necessary for protecting the confidentiality, integrity, availability, authenticity of the terminal equipment or of the electronic communications network or service, or for protecting the privacy, security or safety of the user;or
2017/07/14
Committee: LIBE
Amendment 538 #
Proposal for a regulation
Article 8 – paragraph 1 – point c b (new)
(c b) it is necessary for scientific research purposes, provided that the controller plans appropriate technical and organisational measures to safeguard the rights and freedoms of the user and the processed personal data will be anonymised as soon as possible according to the research purpose.
2017/07/14
Committee: LIBE
Amendment 546 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that suchmeasuring the scope of the information society service requested by the end-user, including the taking of measurements is carried out by thn order to calculate provider of the information society service requested by the end-user.yalties for the collective management of rights or other remuneration or payment schemes; or
2017/07/14
Committee: LIBE
Amendment 552 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
(d a) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection. The collection of such information shall be conditional on the application of appropriate technical and organisational measures to limit the collection and processing of information to the purposes required therefor and ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4(5) of Regulation (EU) No 2016/679.
2017/07/14
Committee: LIBE
Amendment 560 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
(d a) it occurs for the purpose of recording, for the undertaking as a whole, anonymous indicators concerning the use of information society services;or
2017/07/14
Committee: LIBE
Amendment 567 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise;or
2017/07/14
Committee: LIBE
Amendment 570 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
(d c) it occurs for purposes of the settlement of payments under contracts concerning the sale of products or services, provided that the contract pertaining thereto has been concluded on- line.
2017/07/14
Committee: LIBE
Amendment 592 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b a (new)
(b a) it is necessary for protecting the confidentiality, integrity, availability, authenticity of the terminal equipment or of the electronic communications network or service, or for protecting the privacy, security or safety of the user.
2017/07/14
Committee: LIBE
Amendment 595 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to limit the collection and processing of information to the purposes required therefor and ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4(5) of Regulation (EU) No 2016/679.
2017/07/14
Committee: LIBE
Amendment 602 #
Proposal for a regulation
Article 8 – paragraph 3
3. The information to be provided pursuant to point (e) of paragraph 1 and point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner.
2017/07/14
Committee: LIBE
Amendment 603 #
Proposal for a regulation
Article 8 – paragraph 3
3. The information to be provided pursuant to point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner. Such information may be provided by means of a transparency certification and labelling scheme for terminal equipment, indicating the equipment's quality, security and assurance properties.
2017/07/14
Committee: LIBE
Amendment 608 #
Proposal for a regulation
Article 8 – paragraph 4
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 275 determining the information to be presented by the standardized icon and the procedures for providing standardized icons, as well as establishing the transparency certification and labelling scheme referred to in paragraph 3.
2017/07/14
Committee: LIBE
Amendment 612 #
Proposal for a regulation
Article 9 – paragraph 1
1. The definitions of and conditions for consent provided for under Articles 4(11) and 7(1), (2) and (3) of Regulation (EU) 2016/679/EU shall apply.
2017/07/14
Committee: LIBE
Amendment 614 #
Proposal for a regulation
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2) and (3)of Regulation (EU) 2016/679/EU shall apply.
2017/07/14
Committee: LIBE
Amendment 619 #
Proposal for a regulation
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.deleted
2017/07/14
Committee: LIBE
Amendment 626 #
Proposal for a regulation
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.deleted
2017/07/14
Committee: LIBE
Amendment 635 #
Proposal for a regulation
Article 10
Information and options for privacy 1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment. 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. 3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.Article 10 deleted settings to be provided
2017/07/14
Committee: LIBE
Amendment 668 #
Proposal for a regulation
Article 10 a (new)
Article 10 a Article 25 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 684 #
Proposal for a regulation
Chapter 3 – title
NATURAL PERSONS' RIGHTS TO CONTROL ELECTRONIC COMMUNICATIONS
2017/07/14
Committee: LIBE
Amendment 703 #
Proposal for a regulation
Article 15 – paragraph 1
1. The providers of publicly available directories shall obtain the consentelectronic information, communication and telecommunication services shall collect the data of end- users who are natural persons in order to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevant for the purpose of the directory as determined by the provider of thepublicly accessible directories. They shall give end-users that are natural persons the right to object to data related to them being included in directoryies. Providers shall give end-users who are natural persons the means to verify, correct, update, supplement and delete such data.
2017/07/14
Committee: LIBE
Amendment 707 #
Proposal for a regulation
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling such, which they shall do there. The providers of electronic information, communication and telecommunication services shall inform end-users when new search functions arelated to their own data made available.
2017/07/14
Committee: LIBE
Amendment 713 #
Proposal for a regulation
Article 15 – paragraph 3
3. The providers of publicly available directorielectronic information, communication and telecommunication services shall provide end-users that are legal persons with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct, update, supplement and delete such data. Natural persons acting for an economic purpose, such as independent professionals, operators of small businesses or freelancers, shall be equated with legal persons.
2017/07/14
Committee: LIBE
Amendment 726 #
Proposal for a regulation
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct, update, supplement and delete any data related to them shall be provided free of charge.
2017/07/14
Committee: LIBE
Amendment 730 #
Proposal for a regulation
Article 15 – paragraph 4 a (new)
4 a. The provisions of paragraphs 1 to 4 shall not apply to data and information published in other publicly accessible sources and data provided by end-users themselves.
2017/07/14
Committee: LIBE
Amendment 732 #
Proposal for a regulation
Article 15 – paragraph 4 b (new)
4 b. Any undertaking which provides publicly accessible information, communication or telecommunication services and which issues or uses telephone numbers, user names or other means of user identification shall be required, upon request and with due regard for provisions relating to data protection, to make the participants' data available to any undertaking which provides or operates directory or information services, in order to provide publicly accessible directory or information services. The data shall be communicated immediately and in a non- discriminatory manner.
2017/07/14
Committee: LIBE
Amendment 733 #
Proposal for a regulation
Article 16
Unsolicited communications 1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent. 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent. 3. Without prejudice to paragraphs 1 and 2, natural or legal persons using electronic communications services for the purposes of placing direct marketing calls shall: (a) present the identity of a line on which they can be contacted; or (b) present a specific code/or prefix identifying the fact that the call is a marketing call. 4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to-voice calls to end-users who are natural persons shall only be allowed in respect of end-users who are natural persons who have not expressed their objection to receiving those communications. 5. Member States shall ensure, in the framework of Union law and applicable national law, that the legitimate interest of end-users that are legal persons with regard to unsolicited communications sent by means set forth under paragraph 1 are sufficiently protected. 6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy manner, to receiving further marketing communications. 7. The Commission shall be empowered to adopt implementing measures in accordance with Article 26(2) specifying the code/or prefix to identify marketing calls, pursuant to point (b) of paragraph 3.Article 16 deleted
2017/07/14
Committee: LIBE
Amendment 765 #
Proposal for a regulation
Article 17
Information about detected security risks In the case of a particular risk that may compromise the security of networks and electronic communications services, the provider of an electronic communications service shall inform end-users concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies, including an indication of the likely costs involved.Article 17 deleted
2017/07/14
Committee: LIBE
Amendment 793 #
Proposal for a regulation
Article 21 – paragraph 2
2. Any natural or legal person other than end-users adversely affected by infringements of this Regulation and having a legitimate interest in the cessation or prohibition of alleged infringements, including a provider of electronic communications services protecting its legitimate business interests, shall have a right to bring legal proceedings in respect of such infringements.deleted
2017/07/14
Committee: LIBE
Amendment 797 #
Proposal for a regulation
Article 22 – paragraph 1
Any end-user of electronic communications services who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the infringer for the damage suffered, unless the infringer proves that it is not in any way responsible for the event giving rise to the damage in accordance with Article 82 of Regulation (EU) 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 799 #
Proposal for a regulation
Article 23
[...]deleted
2017/07/14
Committee: LIBE
Amendment 813 #
Proposal for a regulation
Article 23 a (new)
Article 23 a Article 83 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 814 #
Proposal for a regulation
Article 24
1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 23, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive. 2. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to paragraph 1, no later than 18 months after the date set forth under Article 29(2) and, without delay, any subsequent amendment affecting them.Article 24 deleted Penalties
2017/07/14
Committee: LIBE
Amendment 815 #
Proposal for a regulation
Article 24 a (new)
Article 24 a Article 84 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 827 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 May 20189.
2017/07/14
Committee: LIBE