59 Amendments of Mady DELVAUX related to 2017/0003(COD)
Amendment 49 #
Proposal for a regulation
Recital 2
Recital 2
(2) The content of eElectronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, mMetadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc. The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.
Amendment 56 #
Proposal for a regulation
Recital 7
Recital 7
Amendment 62 #
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union. This should be the case irrespective of whether the electronic communications are connected to a payment or not.
Amendment 69 #
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include specific location data, such as for example the location of the terminal equipment from or to which a phone call or an internet connection has been made or the Wi-Fi access points that a device is connected to, as well as data necessary to identify the terminal equipment of users. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet- switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
Amendment 81 #
Proposal for a regulation
Recital 16 a (new)
Recital 16 a (new)
(16a) It should be possible to oblige providers of electronic communications services to ensure a certain quality of service by, for example, ensuring that the service does not suffer degradation or that the traffic is not unduly slowed down. In this regard, it may be necessary, in some limited circumstances, to analyse metadata in real time and respond to fluctuations in traffic. Certain electronic communications metadata are necessary to enable providers to correctly bill end- users for the services used and to allow end-users to verify that the cost incurred corresponds to their actual usage. The processing and storage of such data for these purposes should therefore be permitted without requiring consent by the end-user concerned. This processing includes possible processing for customer service purposes. Metadata may also be processed to detect fraudulent use, or abusive use pursuant to Directive (EU) 2013/0309. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679. Moreover, the parties involved in the processing of location data and other metadata should make public their methods of anonymisation and further aggregation, without prejudice to secrecy obligations safeguarded by law. The anonymisation method should, once the defined purposes of the processing have been fulfilled, technically prevent all parties from singling out a user within a set of data or from linking new data collected from the users' device to the existing set of data.
Amendment 82 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end-users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users' consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercialExamples of such usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data, provided that the data are immediately anonymised or anonymisation techniques are used where to bhe used and such movement could not be displayedr is mixed with others. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 90 #
Proposal for a regulation
Recital 19 a (new)
Recital 19 a (new)
(19a) It should be possible to process electronic communications data for the purposes of providing services explicitly requested by a user for personal or personal work-related purposes such as search or keyword indexing functionality, virtual assistants, text-to-speech engines and translation services, including picture-to-voice or other automated content processing used as accessibility tools by persons with disabilities. This should be possible without the consent of all users but may only take place with the consent of the user requesting the service. Such specific consent also precludes the provider from processing those data for different purposes.
Amendment 92 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes informationvery sensitive data that may reveal details of an individual's emotional,the behaviour, psychological features, emotional condition and political, and social complexitiespreferences of an individual, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities of their device, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’'s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘'device fingerprinting’', often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Furthermore, so-called spyware, web bugs, hidden identifiers and unwanted tracking tools can enter end- users' terminal equipment without their knowledge in order to gain access to information or to store hidden information. Techniques that surreptitiously monitor the actions of end- users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’' terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific and transparent purposes. End-users should receive all relevant information about the intended processing in clear and easily understandable language. Such information should be provided separately from the terms and conditions of the service.
Amendment 102 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should prevent the use of so- called "cookie walls" and "cookie banners" that do not help users to maintain control over their personal information and privacy or become informed about their rights. This Regulation should provide for the possibility to express consent by technical specifications, for instance by using the appropriate settings of a browser or other application. Those settings should include choices concerning the storage of information on the user's terminal equipment as well as a signal sent by the browser or other application indicating the user's preferences to other parties. The choices made by end- users when establishing itsthe general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly, web browsers may be used as gatekeepers, applications or mobile operating systems may be used as the executor of the choices of an end- user, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 108 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘'accept all cookies’'. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties fromby default the cross-domain tracking and storing of information on the terminal equipment by other parties; this is often presented as ‘'reject third party trackers and cookies’'. End-users should be offered, by default, a set of privacy setting options, ranging from higher (for example, ‘'never accept tracker and cookies’') to lower (for example, ‘'always accept trackers and cookies’') and intermediate (for example, ‘'reject third party cookies’ or ‘only accept first party cookies’)all trackers and cookies that are not strictly necessary to provide a service explicitly requested by the user' or 'reject all cross-domain tracking'). These options may also be more fine-grained. Privacy settings should also include options to allow the user to decide for example, whether Flash, JavaScript or similar software can be executed, if a website can collect geo- location data from the user, or if it can access specific hardware such as a webcam or microphone. Such privacy settings should be presented in an easily visible, objective and intelligible manner.
Amendment 111 #
Proposal for a regulation
Recital 24
Recital 24
Amendment 115 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalizsed offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679. In addition, such providers should either obtain the end-user's consent or anonymise the data immediately while limiting the purpose to mere statistical counting within a limited time and space and offering effective opt- out possibilities.
Amendment 128 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of meaprocess electronic communications data in such a way as to prevent unauthorised access, disclosure or alteration, ensures they can take to protect the security of their communications for instanceat such unauthorised access, disclosure or alteration is capable of being ascertained, and also ensure that such electronic communications data are protected by using specific types of software orand encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679. The obligations of Article 40 of the [European Electronic Communications Code] should apply to all services within the scope of this Regulation as regards the security of networks and services and related security obligations thereto.
Amendment 135 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down necessary specific rules for the purposes mentioned in paragraphs 1 and 2.
Amendment 140 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to or processed by the terminal equipment of end-users.
Amendment 152 #
Proposal for a regulation
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
(c) the protection of information related to or processed by the terminal equipment of end- users located in the Union.
Amendment 155 #
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Where the provider of an electronic communications service, provider of a publicly available directory, software provider enabling electronic communications or person sending direct marketing commercial communications or collecting (other) information related to or stored in the end-users terminal equipment is not established in the Union it shall designate in writing a representative in the Union.
Amendment 188 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, at rest or in transit, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 193 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
Confidentiality of electronic communications data shall also include terminal equipment and machine-to- machine communications when related to a user.
Amendment 196 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 200 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 207 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration technically necessary for that purpose.
Amendment 220 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 224 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration technically necessary for that purpose; or __________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 228 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent use, or abusive use of, or subscription to, electronic communications services; or
Amendment 232 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user concerned, after receiving all relevant information about the intended processing in clear and easily understandable language, provided separately from the terms and conditions of the provider, has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled bywithout the processing information that is made anonymousof such metadata.
Amendment 247 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
Article 6 – paragraph 3 a (new)
3a. For the provision of a service explicitly requested by an end-user of an electronic communications service for his/her purely individual or individual work-related usage, the provider of the electronic communications service may process electronic communications data solely for the provision of the explicitly requested service and without the consent of all users only where such requested processing produces effects solely in relation to the end-user who requested the service and does not adversely affect the fundamental rights of another user or users. Such a specific consent by the end- user shall preclude the provider from processing these data for any other purpose.
Amendment 249 #
Proposal for a regulation
Article 6 – paragraph 3 b (new)
Article 6 – paragraph 3 b (new)
3b. Neither providers of electronic communications services nor any other party shall further process electronic communications data collected on the basis of this Regulation.
Amendment 257 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a thirdspecific other party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.
Amendment 262 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadatametadata that is strictly necessary may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 270 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about' terminal equipment, or making information available through the terminal equipment, including information about or generated by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 283 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consentspecific consent, which shall not be mandatory to access the service; or
Amendment 294 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is technically necessary for web audience measuring of the information society service requested by the end-user, provided that such measurement is carried out by the provider of the information society service requested by, or on behalf of the provider, or by an independent web analytics agency acting in the public interest or for scientific purpose; and further provided that no personal data is made accessible to any other party and that such web audience measurement does not adversely affect the fundamental rights of the end-user.
Amendment 300 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(da) if it is necessary for a security update, provided that: (i) security updates are discreetly packaged and do not in any way change the privacy settings chosen by the user; (ii) the user is informed in advance each time an update is being installed; and (iii) the user has the possibility to turn off the automatic installation of these updates;
Amendment 314 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
1a. No user shall be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that he or she has not given his or her consent under Article 8(1)(b) to the processing of personal information and/or the use of storage capabilities of his or her terminal equipment that is not necessary for the provision of that service or functionality.
Amendment 316 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a
Article 8 – paragraph 2 – subparagraph 1 – point a
(a) it is done exclusively in order to, for the time necessary for, and for the sole purpose of establishing a connection requested by the end-user; or
Amendment 319 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
(aa) the user has been informed and has given consent; or
Amendment 320 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)
(ab) the data are anonymised and the risks are adequately mitigated.
Amendment 323 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
Amendment 330 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
Article 8 – paragraph 2 a (new)
2a. For the purpose of point (ab) of paragraph 2, the following controls shall be implemented to mitigate the risks: (a) the purpose of the data collection from the terminal equipment shall be restricted to mere statistical counting; (b) the tracking shall be limited in time and space to the extent strictly necessary for this purpose; (c) the data shall be deleted or anonymised immediately after the purpose is fulfilled; and (d) the end-users shall be given effective opt-out possibilities.
Amendment 332 #
Proposal for a regulation
Article 8 – paragraph 2 b (new)
Article 8 – paragraph 2 b (new)
2b. The information referred to in points aa and ab of paragraph 2 shall be conveyed in a clear and prominent notice setting out at least the details of how the information will be collected, the purpose of collection, the person responsible for it and other information required under Article 13 of Regulation (EU) 2016/679, where personal data are collected. The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679.
Amendment 335 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The information to be provided pursuant to points (aa) and (ab) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner.
Amendment 345 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internetechnical specifications of electronic communications services. When such technical specifications are used by the end-user, they shall be binding on, and enforceable against, any other party.
Amendment 352 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c)c of Article 6(2) and points (a)a and (b)b of Article 6(3), point b of Article 8(1) and point aa of Article 8(2) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 360 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.:
Amendment 365 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. By default, offer privacy protective settings to prevent other parties from storing information on the terminal equipment of a user and from processing information already stored on that equipment;
Amendment 366 #
Proposal for a regulation
Article 10 – paragraph 1 b (new)
Article 10 – paragraph 1 b (new)
1b. Upon installation, inform and offer the user the possibility to change or confirm the privacy settings options defined in point a by requiring the user's consent to a setting;
Amendment 367 #
Proposal for a regulation
Article 10 – paragraph 1 c (new)
Article 10 – paragraph 1 c (new)
1c. Make the setting defined in points a and b easily accessible during the use of the software; and
Amendment 368 #
Proposal for a regulation
Article 10 – paragraph 1 d (new)
Article 10 – paragraph 1 d (new)
1d. Offer the user the possibility to express specific consent through the settings after the installation of the software.
Amendment 373 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-userFor the purpose of points a and b of paragraph 1, the settings shall include a signal which is sent to the other parties to inform them about the user's privacy settings options and, to continue with th. These settings shall be binstallation, require the end-user to consent to a settingding on, and enforceable against, any other party.
Amendment 397 #
Proposal for a regulation
Article 14 – paragraph 1 – point a
Article 14 – paragraph 1 – point a
(a) to block incoming calls from specific numbers, or numbers having a specific code or prefix identifying the fact that the call is a marketing call referred to in Article 16(3)(b), or from anonymous sources;
Amendment 403 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The providers of publicly available directories or the electronic communication service providers shall obtain the consent of end- users who are natural persons to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevant for the purpose of the directory as determined by the provider of the directory. Providers shall give end-users who are natural persons the means to verify, correct and delete such data.
Amendment 405 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. NThe use by natural or legal persons may useof electronic communications services, including voice-to-voice calls, automated calling and communications systems, including semi-automated systems that connect the call person to an individual, faxes, e-mail or other use of electronic communications services for the purposes of presendting unsolicited or direct marketing communications to end-users who are natural persons that, shall be allowed only in respect of end- users who have given their prior consent.
Amendment 417 #
Proposal for a regulation
Article 16 – paragraph 3 – point a
Article 16 – paragraph 3 – point a
(a) present the identity of a line on which they can be contacted; orand
Amendment 420 #
Proposal for a regulation
Article 16 – paragraph 3 a (new)
Article 16 – paragraph 3 a (new)
3a. Unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted. Such communications shall provide the necessary information for recipients to exercise their right to refuse further written or oral marketing messages.
Amendment 423 #
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to-voice calls to end-users who are natural persons shall only be allowed in respect of end- users who are natural persons who have not expressed their objection to receiving those communications. Member States shall provide that end-users can object to receiving the unsolicited communications via a national Do Not Call Register, thereby also ensuring that the end-user is only required to opt out once.
Amendment 427 #
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy and free of charge manner, to receiving further marketing communications.
Amendment 442 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, every end-user of electronic communications services shall have the same remedies provided for in Articles 77, 78, and 79 of Regulation (EU) 2016/679right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringements if the end-user considers that his or her rights under this Regulation have been infringed.
Amendment 447 #
Proposal for a regulation
Article 21 – paragraph 2 a (new)
Article 21 – paragraph 2 a (new)
2a. End-users shall have the right to mandate a not-for-profit body, organisation or association to lodge the complaint on their behalf, to exercise the right referred to in paragraphs 1, 1a and 1b of this Article on their behalf, and to exercise the right to receive compensation referred to in Article 22 on their behalf where provided for by Member State law. Such bodies, organisations or associations shall be properly constituted in accordance with the law of the Member State concerned, have statutory objectives which are in the public interest, and be active in the field of the protection of data subjects' rights and freedoms with regard to the protection of their personal data and the protection of privacy.