[ParlTrack]

Birgit SIPPEL, Caterina CHINNICI, Josef WEIDENHOLZER, Marju LAURISTIN, Jörg LEICHTFRIED, Péter NIEDERMÜLLER, Tanja FAJON, Emilian PAVEL

Proposal for a directive
Article 1 – paragraph 1 a (new)

1a. This Directive shall not apply to flights within the territory of the Union or the means of transport other than airplanes.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Josef WEIDENHOLZER, Marju LAURISTIN, Péter NIEDERMÜLLER, Tanja FAJON, Emilian PAVEL

Proposal for a directive
Article 1 – paragraph 1 b (new)

1b. The PNR data that is collected pursuant to this Directive may not be used for border control purposes.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Sylvia-Yvonne KAUFMANN, Péter NIEDERMÜLLER, Miriam DALLI, Tanja FAJON

Proposal for a directive
Article 2 – paragraph 1 – point i – introductory part

(i) ‘serious transnational crime’ means the following offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and: trafficking in human beings, sexual exploitation of children, illicit trafficking in narcotic drugs, illicit trafficking in weapons and illicit trafficking in munition and explosives if :

2015/04/20
Committee: LIBE

Birgit SIPPEL, Anna HEDH, Josef WEIDENHOLZER, Marju LAURISTIN, Péter NIEDERMÜLLER

Proposal for a directive
Article 3 – paragraph 1 a (new)

1a. The Passenger Information Unit is responsible for the exchange of PNR data or the results of the processing of such data with the Passenger Information Units of other Member States in accordance with Article 7, as well as inserting the alerts to the Schengen Information System in accordance with Article 7(1).

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Marju LAURISTIN, Sylvia-Yvonne KAUFMANN, Kati PIRI, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 4 – paragraph 1

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. ~~Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.~~ Member States shall adopt the necessary measures to ensure that their Passenger Information Unit may request air carriers in accordance with Article 6 to: (a) transfer (‘push’) all PNR data of all passengers arriving or departing from that Member state in an anonymised format; (b) transfer (‘push’) specific PNR data of an individual linked to a name, contact detail or payment method linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime; (c) transfer (‘push’) PNR data of all passengers on specific flights where a risk assessment of the Passenger Information Unit has proven a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime are travelling on those flights.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Marju LAURISTIN, Sylvia-Yvonne KAUFMANN, Kati PIRI, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 4 – paragraph 1 b (new)

1b. A request pursuant to subparagraphs 1 (b) and (c) shall be subject to prior authorisation by a judicial authority and subject to a quarterly judicial review. The specification referred to in subparagraph 1 (c) may be temporal, geographical or both.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Marju LAURISTIN, Sylvia-Yvonne KAUFMANN, Kati PIRI, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 4 – paragraph 2 – point b

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or ~~serious~~a type of serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant ~~databases, including international or national databases or national mirrors of Union~~national databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union~~, international~~ and national rules applicable to such ~~files~~data bases. In carrying out such an assessment the Passenger Information Unit may compare PNR data against the Schengen Information System and the Visa Information System. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed ~~by non-automated means~~and subject to human intervention by a member of the Passenger Information Unit in order to verify whether the competent authority referred to in Article 5 needs to take action; and

2015/04/20
Committee: LIBE

Birgit SIPPEL, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Marju LAURISTIN, Sylvia-Yvonne KAUFMANN, Kati PIRI, Péter NIEDERMÜLLER, Tanja FAJON, Emilian PAVEL

Proposal for a directive
Article 4 a (new)

Article 4a Conditions for access to PNR data by competent authorities 1. The competent authorities referred to in Article 5 may submit, on a case-by-case basis, an electronic and duly reasoned request to the Passenger Information Unit for the transmission of specific PNR data or the results of the processing of specific PNR data, when this is strictly necessary for the purpose of prevention, detection, investigation or prosecution of a specific terrorist offence or a certain type of serious transnational crime. The request for such data may be based on any one or a combination of the PNR data elements set out in the Annex. The reasoned request shall set out reasonable grounds to consider that the transmission of PNR data or the results of the processing of PNR data will substantially contribute to the prevention, detection, investigation or prosecution of the criminal offence in question. 2. Prior to the transmission of PNR data or of the results of the processing of PNR data from the Passenger Information Unit to a competent authority in reply to a request made in accordance with paragraph 1, a court or an independent administrative body shall verify, in a timely manner, whether all the conditions set out in paragraph 1 are fulfilled. 3. In an exceptional case of urgency where there is need to prevent an immediate and serious threat to public security associated with a terrorist offence or a type of serious transnational crime, the Passenger Information Unit may transmit the PNR data or the results of the processing of PNR data immediately upon receipt of a request by a competent authority. In such an exceptional case of urgency, a court or an independent administrative body may only verify ex- post whether all the conditions set out in paragraph 1 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request. 4. Where an ex-post verification in accordance with paragraph 3 determines that the transfer of PNR data or the results of the processing of PNR data was not justified, all the authorities that have received such data shall erase the information communicated by the Passenger Information System. 5. Paragraphs 1 to 4 shall also apply when a competent authority referred to in Article 5 submits an electronic and duly reasoned request to the Passenger Information Unit of its Member State in order to request the transmission of PNR data or the results of the processing of PNR data from a Passenger Information Unit of another Member State in accordance with Article 7, or from a third country in accordance with Article 8. 6. The decision for transfers pursuant to paragraphs 3 and 5 shall be made by the head of Passenger Information Unit to which the request was made. The Data Protection Officer shall be informed each time a transfer is made pursuant to this Article and he/she shall inform the supervisory authority of such transfers.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Josef WEIDENHOLZER, Marju LAURISTIN, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Tanja FAJON

Proposal for a directive
Article 6 – paragraph 2 – point a – introductory part

(a) once 24 to 48 hours before the scheduled time for flight departure;

2015/04/20
Committee: LIBE

Birgit SIPPEL, Josef WEIDENHOLZER, Marju LAURISTIN, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Tanja FAJON

Proposal for a directive
Article 6 – paragraph 2 – point b

(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Josef WEIDENHOLZER, Marju LAURISTIN, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Tanja FAJON

Proposal for a directive
Article 7 – paragraph 1

1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted without delay by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be ~~necessary~~relevant for the prevention, detection, investigation or prosecution of terrorist offences or ~~serious~~certain types of serious transnational crime. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities. Where appropriate, an alert shall be entered in accordance with Article 36 of the Schengen Information System.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Tanja FAJON, Emilian PAVEL

Proposal for a directive
Article 8 a (new)

Article 8a Derogations 1. Where an international agreement between the Union and a third country exists, PNR data may not be transferred to the third country in question if, in the case in question, the legitimate interests of the data subject in preventing any such transfer outweigh the public interest in transferring such data. 2. By way of derogation from Article 8, Member States shall provide that a transfer of personal data to a third country, where no international agreement exists, may take place only on condition that: (a) the transfer is necessary in order to protect the vital interests of the data subject or another person; or (b) the transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third country. 3. Any transfers of PNR data and the results of the processing of PNR data to a third country on the basis of this Article may take place only on condition that: (a) the third country submits a duly reasoned request to a competent authority referred to in Article 5 of the Member State concerned; (b) the reasoned request sets out reasonable grounds to consider that the transmission of the PNR data or the results of the processing of the PNR data will fulfil the condition set out in paragraph 2; and (c) a court verified, in a timely manner, that all conditions set out in paragraph 2 and subparagraphs 3(a) and 3(b) are fulfilled. 4. The decision for transfers pursuant to this Article shall be made by the Head of Passenger Information Unit to which the request was made. The Data Protection Officer shall be informed each time a transfer is made pursuant to this Article and he/she shall inform the supervisory authority of such transfers. 5. All transfers pursuant to this Article shall be documented and the documentation shall be made available to the supervisory authority on request, including the date and time of the transfer, information about the recipient authority, the justification for the transfer and the data transferred.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 9 – paragraph 1

1. Member States shall ensure that the PNR data provided by the air carriers, pursuant to Article 4(1), subparagraphs (b) and (c), to the Passenger Information Unit, are retained in a database at the Passenger Information Unit for a period of 302 days after their first transfer to the Passenger Information Unit ~~of the first Member State on whose territory the international flight is landing or departing~~.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1

Upon expiry of the period of 302 days after the first transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of ~~fiv~~one years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecutions shall be depersonalised through masking out in accordance with Article 9a (new).

2015/04/20
Committee: LIBE

Birgit SIPPEL, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 9 – paragraph 4

4. The result of matching referred to in Article 4(2)(a) and (b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, ~~further to individual review by non- automated means~~subject to human intervention by a member of the Passenger Information Unit, proven to be negative, it shall, however, be stored so as to avoid future ‘'false’' positive matches for a maximum period of ~~thre~~one years unless the underlying data have not yet been deleted in accordance with paragraph 3 at the expiry of ~~the fiv~~one years, in which case the log shall be kept until the underlying data are deleted.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Tanja FAJON

Proposal for a directive
Article 9 a (new)

Article 9a Depersonalisation of data 1. Upon expiry of the period of 2 days, specified in Article 9, all data elements which could serve to identify the passenger to whom PNR data relate, shall be depersonalised through masking at the user interface. For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which shall be filtered and depersonalised are: (a) name(s), including the names of other passengers on the PNR and number of travellers on the PNR travelling together; (b) address and contact information, including the IP address; (c) general remarks to the extent that it contains any information which could serve to identify the passenger to whom the PNR relate; and (d) any collected Advance Passenger Information. 2. The obligation to depersonalise data through masking in accordance with paragraph 1 shall be without prejudice to cases where the processing of PNR data in accordance with Article 4(2)(a) and (b) resulted in a positive match, in which case such data shall not be depersonalised through masking until it has been subject to human intervention by a member of the Passenger Information Unit in order to verify whether a competent authority referred to in Article 5 needs to take action. 3. PNR data depersonalised through masking in accordance with paragraph 1 shall only be accessible to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data. This depersonalised PNR data shall only be accessible for the purposes of: (a) reviewing positive matches resulting from the automated processing of PNR data in accordance with Article 4(2)(a) and (b) through searches in depersonalised PNR data in order to verify whether the competent authority referred to in Article 5 needs to take action; (b) responding to a duly reasoned request for the transmission of PNR data submitted by a competent authority in accordance with Article 4a (new); 4. In a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a certain type of serious transnational crime, the limited number of personnel of the Passenger Information Unit referred to in paragraph 3, may conduct searches in PNR data depersonalised through masking in accordance with paragraph 1 on the basis of any one or a combination of the data elements listed in the Annex. 5. Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit, and where it could be reasonably believed that it is strictly necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution. 6. Prior to access to the full PNR data, a court shall verify, in a timely manner, whether all the conditions set out in paragraph 5 are fulfilled. 7. In an exceptional case of urgency where there is a need to prevent an immediate and serious threat to public security associated with a terrorist offence or a type of serious transnational crime, the Head of the Passenger Information Unit may immediately permit access to the full PNR data. In such an exceptional case of urgency, a court may only verify ex-post whether all the conditions set out in paragraph 5 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request. 8. Where an ex-post verification in accordance with paragraph 6 determines that the access to full PNR data was not justified, all the authorities that have received such data shall erase the information. 9. The Data Protection Officer shall be informed each time the Head of the Passenger Information Unit permits access to the full PNR data pursuant to this Article and he/she shall inform the supervisory authority of such access.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 a (new)

Article 11a Processing of special categories of data 1. Member States shall prohibit the processing of PNR data revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of biometric data or of data concerning health or sex life. 2. In the event that PNR data revealing such information are received by the Passenger Information Unit, they shall be deleted without delay. To that end, upon the receipt of PNR data from air carriers, Member States shall apply automated and manual controls to identify and delete sensitive data from PNR data obtained. 3. In order to identify and delete any sensitive data from PNR data retained, members of the Passenger Information Unit shall undertake manual checks before any further manual processing and prior to any transfer of PNR data to competent authorities in accordance with Article 4(2), to the Passenger Information Unit or another Member State in accordance with Article 7, or to a third country in accordance with Article 8.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 c (new)

Article 11c Right of access for the data subject Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit a copy of the PNR data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET

Proposal for a directive
Article 11 d (new)

Article 11d Right to rectification and completion 1. Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit the rectification or the completion of personal data relating to him or her which are inaccurate or incomplete, in particular by way of a completing or corrective statement. 2. Member States shall provide that the Passenger Information Unit informs the data subject in writing, with a reasoned justification, of any refusal of rectification or completion, on the reasons for the refusal and on the possibilities of lodging a complaint with the supervisory authority and seeking a judicial remedy. 3. Member States shall provide that the Passenger Information Unit shall communicate any rectification carried out to each recipient to whom the data have been disclosed, unless to do so proves impossible or involves a disproportionate effort. 4. Member States shall provide that the Passenger Information Unit communicates the rectification of inaccurate personal data to the third party from whom the inaccurate personal data originate.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET

Proposal for a directive
Article 11 e (new)

Article 11e Right to erasure 1. Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit the erasure of personal data relating to him or her where the processing does not comply with the provisions adopted pursuant to Article 4 of this Directive. 2. The Passenger Information Unit shall carry out the erasure without delay. The Passenger Information Unit shall also abstain from further dissemination of such data. 3. Instead of erasure, the Passenger Information Unit shall restrict the processing of the personal data where: (a) their accuracy is contested by the data subject, for a period enabling the Passenger Information Unit to verify the accuracy of the data; (b) the personal data have to be maintained for purposes of proof or for the protection of vital interests of the data subject or another person. 4. Member States shall provide that the Passenger Information Unit informs the data subject in writing, with a reasoned justification, of any refusal of erasure or restriction of the processing, on reasons for the refusal and on the possibilities of lodging a complaint with the supervisory authority and seeking a judicial remedy. 5. Member States shall provide that the Passenger Information Unit notifies recipients to whom those data have been sent of any erasure or restriction made pursuant to paragraph 1, unless to do so proves impossible or involves a disproportionate effort.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Anna HEDH, Marju LAURISTIN, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 f (new)

Article 11f Documentation 1. Member States shall provide that the Passenger Information Unit maintains documentation of all processing systems and procedures under their responsibility. 2. The documentation shall contain at least the following information: (a) the name and contact details of the organisation and personnel in the Passenger Information Unit entrusted with the processing of PNR data, the different levels of access authorisation and the personnel having such authorisations; (b) a description of the category or categories of data subjects and of the data or categories of data relating to them; (c) the recipients of the personal data; (d) all transfers of data to a third country, including the identification of that third country and the legal grounds on which the data are transferred, a substantive explanation shall be given when a transfer is based on Article 8a (new) of this Directive; (e) the time limits for retention and erasure of the different categories of data; (f) the results of the verifications of the measures that the processing of PNR data is performed in compliance with applicable data protection provisions; (g) an indication of the legal basis of the processing operation for which the data are intended. 3. The Passenger Information Unit shall make all documentation available, on request, to the supervisory authority.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Anna HEDH, Marju LAURISTIN, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 g (new)

Article 11g Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed PNR data, and the identity of the recipients of such data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the Data Protection Officer or by the supervisory authority. 3. The Member State shall ensure that the Passenger Information Unit shall make the records available, on request, to the supervisory authority.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Anna HEDH, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 h (new)

Article 11h Security of processing 1. Member States shall provide that the Passenger Information Unit implements appropriate technical and organisational measures and procedures to ensure a high level of security appropriate to the risks represented by the processing and the nature of the PNR data to be protected, having regard to the state of the art and the cost of their implementation. 2. In respect of automated data processing, each Member State shall provide that the Passenger Information Unit, following an evaluation of the risks, implements measures designed to: (a) deny unauthorised persons access to data-processing equipment used for processing PNR data (equipment access control); (b) prevent the unauthorised reading, copying, modification or removal of data media (data media control); (c) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored PNR data (storage control); (d) prevent the use of automated data- processing systems by unauthorised persons using data communication equipment (user control); (e) ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation (data access control); (f) ensure that it is possible to verify and establish to which bodies PNR data have been or may be transmitted or made available using data communication equipment (communication control); (g) ensure that it is subsequently possible to verify and establish which PNR data have been input into automated data- processing systems and when and by whom the data were input (input control); (h) prevent the unauthorised reading, copying, modification or deletion of PNR data during transfers of the data or during transportation of the data media (transport control); (i) ensure that installed systems may, in case of interruption, be restored (recovery); (j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored PNR data cannot be corrupted by means of a malfunctioning of the system (integrity). 3. Member States shall provide that the Passenger Information Unit observes the requisite technical and organisational measures under paragraph 1.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Anna HEDH, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 i (new)

Article 11i Right to judicial remedy 1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if they consider that that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non- compliance with these provisions. 2. Member States shall ensure that final decisions by the court referred to in this Article will be enforced.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Marju LAURISTIN, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 j (new)

Article 11j Liability and the right to compensation Member States shall provide that any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with the provisions adopted pursuant to this Directive shall have the right to claim compensation for the damage suffered.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 k (new)

Article 11k Penalties for non-compliance Member States shall lay down the rules on penalties, applicable to infringements of the provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 l (new)

Article 11l Notification of a personal data breach to the supervisory authority 1. Member States shall provide that in the case of a personal data breach, the Passenger Information Unit, without undue delay and, where feasible, not later than 24 hours, the personal data breach to the supervisory authority. The Passenger Information Unit shall provide, on request, to the supervisory authority a reasoned justification in cases of any delay. 2. The notification referred to in paragraph 1 shall at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the Data Protection Officer referred to in Article 3a (new) or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the possible consequences of the personal data breach; (e) describe the measures proposed or taken by the Passenger Information Unit to address the personal data breach and mitigate its effects. In case all information cannot be provided without undue delay, the Passenger Information Unit can complete the notification in a second phase. 4. Member States shall provide that the Passenger Information Unit documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must be sufficient to enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. 5. The supervisory authority shall keep a public register of the types of breaches notified.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Christine REVAULT D'ALLONNES BONNEFOY, Caterina CHINNICI, Jörg LEICHTFRIED, Josef WEIDENHOLZER, Kati PIRI, Péter NIEDERMÜLLER, Hugues BAYET, Emilian PAVEL, Tanja FAJON, Vilija BLINKEVIČIŪTĖ

Proposal for a directive
Article 11 m (new)

Article 11m Communication of a personal data breach to the data subject 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data and/or the privacy of the data subject, the Passenger Information Unit shall, after the notification referred to in Article 11l (new), communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall be comprehensive and use clear and plain language. It shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 11l (new) and information about the rights of the data subject, including redress. 3. The communication of a personal data breach to the data subject shall not be required if the Passenger Information Unit demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the PNR data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed or restricted, in a specific case, to the extent that such a delay or restriction constitutes a necessary and proportionate measure: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to protect public security; (c) to protect the rights and freedoms of others.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Jörg LEICHTFRIED, Marju LAURISTIN, Josef WEIDENHOLZER, Kati PIRI, Sylvia-Yvonne KAUFMANN, Péter NIEDERMÜLLER, Ana GOMES, Emilian PAVEL, Tanja FAJON

Proposal for a directive
Article 17 a (new)

Article 17a Limitation This Directive shall loose its effect after a period of seven years. The Commission may propose to extend the effect of this Directive for further seven-year-periods. The decision of extension shall be taken by ordinary legislative procedure after the approval by the European Parliament and the Council.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Marju LAURISTIN, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Ana GOMES, Tanja FAJON

Proposal for a directive
Article 18 – paragraph 1

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or ~~serious~~certain types of serious transnational crime according to Article 4(2) ~~and~~, the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination and the number of criminal convictions resulting from the enforcement action.

2015/04/20
Committee: LIBE

Birgit SIPPEL, Caterina CHINNICI, Marju LAURISTIN, Josef WEIDENHOLZER, Péter NIEDERMÜLLER, Ana GOMES, Tanja FAJON

Proposal for a directive
Article 18 – paragraph 2

2. These statistics shall not contain any personal data. They shall be transmitted to the Commission and the European Parliament on a yearly basis.

2015/04/20
Committee: LIBE

31 Amendments of Péter NIEDERMÜLLER related to 2011/0023(COD)

ParlTrack - 2011-2024