46 Amendments of Isabella ADINOLFI related to 2017/0003(COD)
Amendment 57 #
Proposal for a regulation
Recital 7
Recital 7
Amendment 63 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective, full and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24]. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service, such as internal messaging, newsfeeds, timelines and similar functions in online services where messages are exchanged with other users within or outside that service (i.e. public and privately available newsfeeds and timelines); therefore, such type of services also having a communication functionality should be covered by this Regulation. __________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)).
Amendment 65 #
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls, and hospitalirports, hotels, hospitals and other similar Internet access points. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be adequately protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In contrast, this Regulation should not apply to closed groups of end- users such as corporate networks, access to which is limited to members of the corporation.
Amendment 68 #
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include location data, such as for example the actual or inferred location of the terminal equipment, the location of the terminal equipment from or to which a phone call or an internet connection has been made, or the Wi-Fi hotspot that a device is connected to, as well as data necessary to identify the terminal equipment of end-users. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
Amendment 71 #
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. When the processing is allowed under any exception to the prohibitions under the this Regulation, any other processing of the electronic communications data on the basis of Article 6 of Regulation (EU) 2016/679 should be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of that Regulation. This would not prevent controllers from asking for additional consent for new processing operations. The prohibition of interception of communications data should apply also during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee and any temporary files in the network after receipt. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, and analysis of end users' electronic communications metadata, including browsing habits without the end- users' consent.
Amendment 79 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and strictly transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. ITherefore, by way of exception, it should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 83 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based ononly where there is an informed and expressed end- users consent. HoweverIndeed, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users' informed and expressed consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata, but rather genuine equipment location data. In any case, location data of the terminal device of a natural person is personal data and thus the processing of those data is subject to the obligations from the Regulation (EU) 2016/679. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, providers must comply with the obligations from Article 25 of Regulation (EU) 2016/679 in case of further processing of location data or other metadata, conduct a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679. Moreover, the parties involved in the processing of location data and other metadata should make public their methods of anonymisation and further aggregation, without prejudice to secrecy safeguarded by law. The anonymisation method must, once the defined purposes of processing have been fulfilled, technically prevent all parties from singling out an end-user within a set of data or from linking new data collected from the end-user's device to the existing set of data.
Amendment 94 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’'s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities or to instigate certain technical operations or tasks, often without the knowledge of the user. Information related to the end-user’'s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘'device fingerprinting’', often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’' terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific, limited, and transparent purposes.
Amendment 101 #
Proposal for a regulation
Recital 21 a (new)
Recital 21 a (new)
(21a) Equipment location data can give a very detailed and intrusive insight into an individual's personal life or an organisation's business and activities. Processing of location data from any source, whether electronic communications metadata or equipment location data should be conducted on the basis of clear rules.
Amendment 105 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. Communications software should be set by default to the most privacy friendly option. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or storedone way of accessing and sending information on the internet. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment.
Amendment 107 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘'accept all cookies’'. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘'reject third party cookies’trackers. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘'never accept cookies’trackers') to lower (for example, ‘'always accept cookies’trackers') and intermediate (for example, ‘'reject third party cookies’trackers ' or ‘'only accept first party cookies’trackers'). Such privacy settings should be presented in an easily visible and intelligible manner. For web browsers and any other software enabling access to the internet or internet- based services to be able to obtain the consent of end-users as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking, they should, among others, require a clear affirmative action from the end-user of terminal equipment to express his or her freely given, specific, informed and explicit agreement to the storage and access of 'cookies' or any other trackers in and from the terminal equipment. To this end, it is necessary to require providers of software enabling access to the internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. That information provided to the users shall not be written in a way that seeks to dissuade end-users from selecting the most privacy-friendly settings and should include relevant information about the risks associated to allowing third party trackers to be stored on the device, including the compilation of long-term records of individuals' browsing histories and the use of such records to send targeted advertising or sharing that information with third parties. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to white-list certain websites or to specify for which websites (third) party trackers are always or never allowed. In case of no active choice, or action from the user, web browsers and any other software enabling access to internet-based services should be set by default to ensure the highest degree of protection for the individual, including the rejection and blocking the storage of third party 'cookies' or other type of trackers.
Amendment 113 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. Such practices should be prevented to ensure compliance with the principle of purpose limitation as defined under Regulation (EU) 2016/679. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Therefore, only in a limited number of circumstances and only if the used data would be anonymised or deleted after the defined purposes of processing have been fulfilled, might data controllers be allowed to process the information emitted by the terminal equipment for the purposes of tracking the physical movements of end-users with his or her consent. The anonymisation method should technically prevent all parties from singling out an end-user within a set of data or from linking new data collected from the end-user's terminal equipment to the existing set of data. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679.
Amendment 117 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Encryption and other security measures are critical to ensure the confidentiality and integrity of electronic communications and the security and integrity of the electronic communications infrastructure as a whole. The measures taken by Member States should not entail any obligations for the provider of the electronic communications network or service that would result in the weakening of the security and encryption of their networks and services. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3).
Amendment 125 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679 and only for a limited time period.
Amendment 131 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data regardless of whether a payment is required by the user.
Amendment 157 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall havebe authorised by the powrovider to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, courts and end-users, on all issues related to processing electronic communications data for the purposes of ensuring compliance with this Regulation and shall be provided with any relevant information to that end by the provider, to the extent that the provider does not answer the questions or provide the information directly.
Amendment 170 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchanged by means of electronic communications services or via electronic communications networks, such as text, voice, videos, images, and sound;
Amendment 171 #
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including, but not limited to, data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication; It includes data broadcast or emitted by the terminal equipment to identify end-users' communications and/or terminal equipment in the network and enable it to connect to such network or to another device.
Amendment 174 #
Proposal for a regulation
Article 4 – paragraph 3 – point f
Article 4 – paragraph 3 – point f
(f) ‘direct marketing communications’ means any form of advertising, whether written or oral, or similar promotion, sent, directed or presented to one or more identified or identifiable end- users over an of electronic communications servicesnetwork, including the use of automated calling and communication systems with or without human interaction, targeted advertising on social media platforms, electronic mail, facsimile, SMS, etc.;
Amendment 179 #
Proposal for a regulation
Article 4 – paragraph 3 – point h a (new)
Article 4 – paragraph 3 – point h a (new)
(ha) ‘equipment location data’ means data that can enable the geospatial location, movement or direction of terminal equipment and is not processed in order to provide a communications service;
Amendment 186 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications data regardless of whether this data is in transit or stored, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 191 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
Neither providers of electronic communication services nor any third parties shall process electronic communications data that are not collected on the basis of consent or any other legal ground under this Regulation, or any other legal basis not specifically provided for in this Regulation.
Amendment 202 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose only; or
Amendment 204 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is strictly necessary to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose only and only to the extent that the purpose concerned could not be fulfilled by processing information that is made anonymous.
Amendment 211 #
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1 a (new)
Article 6 – paragraph 1 – subparagraph 1 a (new)
Under no circumstances, including when complying with points (a) and (b), shall providers of electronic communications services try to, be requested to or be forced to comply with a request to gain access to end-user's communications content in situations where the content itself is protected by technical means.
Amendment 217 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 221 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or __________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 226 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusiveunlawful use of, or subscription to, electronic communications services; or
Amendment 230 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) after receiving all relevant information about the intended processing in a clear and easily understandable language, provided separately from the terms and conditions of the provider the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to suchall end-users, or which are provided in order to deliver a specific functionality to the end- users concerned, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.
Amendment 246 #
Proposal for a regulation
Article 6 – paragraph 3 – subparagraph 1 a (new)
Article 6 – paragraph 3 – subparagraph 1 a (new)
Amendment 253 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications contentdata or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end- users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679when it is no longer strictly necessary for the exchange of the communications.
Amendment 263 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadatadata which is strictly necessary may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 272 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including information about its software and hardware and any other electronic communications data identifying end-users, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 279 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) it is strictly necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications network; or
Amendment 287 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) all the end-user hasve given his or their consent; or
Amendment 289 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is strictly necessary for providing an information society service requested by the end-user; or
Amendment 309 #
Proposal for a regulation
Article 8 – paragraph 1 – subparagraph 1 a (new)
Article 8 – paragraph 1 – subparagraph 1 a (new)
The end-user shall not be denied access to an information society service or electronic communications service - whether these services are remunerated or not - on grounds that the end-user does not provide consent under point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the provision of that service.
Amendment 312 #
Proposal for a regulation
Article 8 – paragraph 1 – subparagraph 1 b (new)
Article 8 – paragraph 1 – subparagraph 1 b (new)
The end-user shall not be denied any functionality of the terminal equipment on grounds that the end-user does not provide consent as set out in point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the functionality requested by the end-user.
Amendment 325 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) a clear and promll relevant information about the intent notice is displayed informing of, at least, the modalded processing is provided in clear and easily understandable language, provided separately from the terms and conditieons of the collection, its purpose, the person responsible for provider; the collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security and the other information required underppropriate to the risks, as set out in Article 132 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collectionand supplemented with a mandatory data protection impact assessment.
Amendment 348 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 an. It shall be as easy to withdraw as to give consent and, furthermore, the end-user should be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 362 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placedThe settings of all the components onf the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored onterminal equipment placed on the market, including both software and hardware, shall be configured by default to prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of thate equipment's processing capabilities.
Amendment 381 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction is limited to a range of targets based on reasonable suspicion, respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory funnational security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of serious criminal offences or unauthorised use of electironic connected to the exercise of official authority for such interestsmmunication systems, and the request is done following a prior judicial authorization.
Amendment 385 #
Proposal for a regulation
Article 11 – paragraph 1 a (new)
Article 11 – paragraph 1 a (new)
1a. Notwithstanding the restrictions of paragraph 1, Member States shall not impose any obligations on the provider of an electronic communications network or service that would result in the weakening of the security and encryption of their networks and services.
Amendment 391 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response. They shall keep detailed and secure records, in relation to all these requests.
Amendment 409 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. NThe use by natural or legal persons may useof electronic communications servicenetworks for the purposes of sending, directing or presenting direct marketing communications to end-users who are natural persons thatmay be allowed only in respect of end-users who have given their prior consent.
Amendment 413 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services for a period of no more than 12 moths only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.