75 Amendments of Kostas CHRYSOGONOS related to 2017/0003(COD)
Amendment 46 #
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communications, including information regarding when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication parties. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and personal messaging provided through social media.
Amendment 47 #
Proposal for a regulation
Recital 2
Recital 2
(2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc. The protection of confidentiality of communications is an essential condition for the respect of other connected fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, freedom of assembly, freedom of expression and information.
Amendment 52 #
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore doescan not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with and on a legal ground specifically provided under this Regulation.
Amendment 59 #
Proposal for a regulation
Recital 7
Recital 7
(7) The Member States should be allowed, within the limits of this Regulation, to maintain or introduce national provisions to further specify and clarify the application of the rules of this Regulation in order to ensure an effective application and interpretation of those rules. Therefore, the margin of discretion, which Member States have in this regard, should maintain a balance between the protection of private life and personal data and the free movement of electronic communications data.
Amendment 60 #
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation shouldets forth rules that apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to or stored in end-users’ terminal equipment.
Amendment 64 #
Proposal for a regulation
Recital 11 a (new)
Recital 11 a (new)
(11a) The definition of "end-user" should for instance include employees, tenants, hotel guests, family members, visitors, and any other individuals who are as a matter of fact using the services, for private or business purposes, without necessarily having subscribed to it.
Amendment 67 #
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include location data, such as for example the actual or inferred location of the terminal equipment, the location of the terminal equipment from or to which a phone call or an internet connection has been made, or the Wi-Fi hotspot that a device is connected to, as well as data necessary to identify the terminal equipment of end-users. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
Amendment 70 #
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
(14a) Equipment location data should include data transmitted or stored in terminal equipment generated by accelerometers, barometers, compasses, satellite positioning systems or similar sensors or devices.
Amendment 72 #
Proposal for a regulation
Recital 15
Recital 15
(15) EAny processing of electronic communications data should be treated as confidential. This means thator any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibitedby persons other than the end- users, should be prohibited. When the processing is allowed under any exception to the prohibitions under this Regulation, any other processing of the electronic communications data on the basis of Article 6 of the Regulation (EU) 2016/679 should be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of that Regulation. This would not prevent controllers from asking for additional consent for new processing operations. The prohibition of interception of communications data should apply also during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee and any temporary files in the network after receipt. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, and analysis of end users’ electronic communications metadata, including browsing habits without the end- users' consent.
Amendment 77 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc. Where a type of processing of electronic communications data for these purposes is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 87 #
Proposal for a regulation
Recital 18
Recital 18
(18) End-users may consent to the processing of their metadata to receive specific services such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against cowith remunter-performance other than money, for instance by end- users being exposed to advertisementsation paid by a third party rather than by the recipient of the service. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject's consent under Regulation (EU) 2016/679. BIndividuals depend on and financially contribute, through taxes, to public services, services that are financed directly, indirectly, totally or partially by public funds such as medical services that are essential to fully participate in a democratic society. These services ensure and strengthen the enjoyment of human rights. Without access to these services individuals cannot fully participate in their societies. Therefore, preventing access to such services unless consent is provided to processing activities that are not strictly required for the performance of these services, should be prohibited. In addition to this, basic broadband internet access and voice communications services, are to be considered and other electronic communications service that have or have the potential to be used widely, are in today´s societies essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse or withdraw consent without detriment. Also, the growing use and dependence of so-called 'smart' services, such as smart cars, smart phones and smart TVs, are increasingly essential devices for individuals to participate in our 'connected' society. Individuals often have no genuine and free choice when accessing those essential services or using those smart devices because they are unable to refuse or withdraw consent without detriment to themselves. Situations where the individual is confronted with "take it or leave it" options, for example when they face "tracking walls", leave them without a real choice. Access to these essential services or the functionality of terminal equipment should not depend on the requirement of consent to the processing of data that is not strictly necessary for the services or for the functionality requested. Intrusive processing activities, such as analysing electronic communications content, electronic communications metadata, or tracking user activity over time or across several information society services or terminal equipment, for purposes such as providing targeted advertisements cannot be considered as strictly necessary for the service or functionality requested.
Amendment 88 #
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. In exceptional circumstances, communications service providers should be able to provide the means for additional processing of electronic communications data with the consent of one of the parties to a communication, on condition that this processing is for the provision of services requested by that party and that this is strictly necessary for delivering a specific functionality, in particular such services such as voice-to- text or other automatic content processing used as accessibility tools needed by persons with disabilities. Third parties providing the means for recording, storing or otherwise processing such data used by end-users in the course of a purely individual household or individual activity, as long as this activity is part of the strictly functional aspect of hardware and software which the end-user can reasonably expect (such as voice-to- text technology, or spell checkers), should process such data in accordance with Regulation (EU) 2016/679. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end- users or by a third party entrusted by them to record or store such data. Any processing of such data must comply with Regulation (EU) 2016/679.
Amendment 91 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities or to instigate certain technical operations or tasks, often without the knowledge of the user. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. A high and equal level of protection of the private sphere of users’ needs to be ensured in relation to the privacy and confidentiality of users’ terminal equipment content, functioning and use. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific, limited, and transparent purposes.
Amendment 98 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end-user should not constitute access to such a device or use of the device processing capabilities by the person or legal person in charge of the website ("first party analytics").
Amendment 100 #
Proposal for a regulation
Recital 21 a (new)
Recital 21 a (new)
(21a) Equipment location data can give a very detailed and intrusive insight into an individual´s personal life or an organisation´s business and activities. Processing of location data from any source, whether electronic communications metadata or equipment location data should be conducted on the basis of clear rules.
Amendment 106 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookietrackers’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookiestrackers'’) to lower (for example, ‘always accept cookies’trackers'') and intermediate (for example, ‘reject third party cookietrackers’ or ‘only accept first party cookietrackers’). Such privacy settings should be presented in an easily visible and intelligible manner. For web browsers and any other software enabling access to the internet or internet- based services to be able to obtain the consent of end-users as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking, they should, among others, require a clear affirmative action from the end-user of terminal equipment to express his or her freely given, specific, informed and explicit agreement to the storage and access of 'cookies' or any other trackers in and from the terminal equipment. To this end, it is necessary to require providers of software enabling access to the internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. That information provided to the users shall not be written in a way that seeks to dissuade end-users from selecting the most privacy-friendly settings and should include relevant information about the risks associated to allowing third party trackers to be stored on the device, including the compilation of long-term records of individuals' browsing histories and the use of such records to send targeted advertising or sharing that information with third parties. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to white-list certain websites or to specify for which websites (third) party trackers are always or never allowed. In case of no active choice, or action from the user, web browsers and any other software enabling access to internet-based services should be set by default to ensure the highest degree of protection for the individual, including the rejection and blocking the storage of third party 'cookies' or other type of trackers.
Amendment 114 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may beis often used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. Such practices should be prevented to ensure compliance with the principle of purpose limitation as defined under Regulation (EU) 2016/679.While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-uTherefore, only in a limited number of circumstances and only if the used data would be anonymised or deleted after the defined purposers prior to entering the defined area that the technology is in operation within a given perimeter,of processing have been fulfilled, might data controllers be allowed to process the information emitted by the terminal equipment for the purposes of the tracking, the person responsible for it and the existence of any measurehysical movements of end-users with his or her consent. The anonymistaion method should technically prevent all parties from singling out an end-user within a set of data or from linking new data collected from the end-user of the´s terminal equipment can take to minimize or stop the collectionto the existing set of data. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679.
Amendment 116 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security (i.e.: state security), defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Encryption and other security measures are critical to ensure the confidentiality and integrity of electronic communications and the security and integrity of the electronic communications infrastructure as a whole. The measures taken by Member States should not entail any obligations for the provider of the electronic communications network or service that would result in weakening of the security and encryption of their networks and services. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3).
Amendment 119 #
Proposal for a regulation
Recital 26 a (new)
Recital 26 a (new)
(26a) The introduction of itemised bills has improved the possibilities for the subscriber to check the accuracy of the fees charged by the service provider but, at the same time, it may jeopardise the privacy of the end-users of electronic communications services. The availability of electronic communications service options with alternative payment facilities which allow anonymous or strictly private access to publicly available electronic communications services, for example unregistered SIM cards and facilitates for payment by credit card, can mitigate these risks. When the end-user is a natural person who is different from the subscriber receiving the itemised bill, for example in an employment context, the operator of number-based interpersonal communication services should offer their subscribers a different type of itemised bill in which a certain number of digits of the called number will not be shown.
Amendment 120 #
Proposal for a regulation
Recital 31
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories should inform the end- users of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user's contact details can be searched should not necessarily be the same. Since reverse searches of natural persons based on phone numbers or service identifiers such as email addresses or user names may be regarded as more intrusive than other searches, a separate consent should always be required before enabling such searches of the end-user.
Amendment 121 #
Proposal for a regulation
Recital 32
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising or similar promotion by which a natural or legal person sends direct or presents direct marketing communications directly to one or more identified or identifiable end-users usingover an electronic communications servicesnetwork. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties or members of political parties that contact natural persons via electronic communications services in order to promote their parties, candidacy in elections or other political campaigns. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation.
Amendment 123 #
Proposal for a regulation
Recital 32 a (new)
Recital 32 a (new)
(32a) Communication to elected representatives or public authorities on matters of public policy, legislation or other activities of democratic institutions should not be regarded as direct marketing for the purpose of this Regulation.
Amendment 124 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users, directed or presented to end-users, who are natural persons, including natural persons working for legal persons, in order to effectively protect individuals against the intrusion into their private life as well as. Member States should also ensure that the legitimate interest of legal persons with regard to unsolicited communications are protected. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizenindividuals throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679 and only for a limited time period.
Amendment 127 #
Proposal for a regulation
Recital 36
Recital 36
(36) Voice-to-voice direct marketing calls that do not involve the use of automated calling and communication systems, given that they are more costly for the sender and impose no financial costs on end-users. Member States should therefore be able to establish and or maintain national systems only allowing such calls to end-users who have not objected. End- users should be able to object to future calls from a specific company or organization. Member States should also ensure that the end-users can object to all future voice-to-voice direct marketing calls by registering their objection in the national "Do Not Call" register. A user- friendly option to object to all future calls should be provided free of charge.
Amendment 132 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 136 #
Proposal for a regulation
Article 1 – paragraph 3 a (new)
Article 1 – paragraph 3 a (new)
3a. Where the specific rules in paragraph 3 involve processing of personal data that are subject to Regulation (EU) 2016/679, both Regulations apply. In cases of conflict between the two Regulations, the European Data Protection Board shall determine the instrument that should apply.
Amendment 137 #
Proposal for a regulation
Article 1 – paragraph 3 b (new)
Article 1 – paragraph 3 b (new)
3b. When making a determination in line with paragraph 4, the European Data Protection Board shall consider that the interests for natural persons are paramount.
Amendment 149 #
Proposal for a regulation
Article 2 – paragraph 2 – point d a (new)
Article 2 – paragraph 2 – point d a (new)
(da) hardware and software placed on the market permitting electronic communications between users or end- users, including the presentation of information on the Internet
Amendment 154 #
Proposal for a regulation
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
(c) the protection of information related to the terminal equipment of end- users located in the Union.
Amendment 156 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall havebe authorised by the powrovider to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, courts and end-users, on all issues related to processing electronic communications data for the purposes of ensuring compliance with this Regulation and shall be provided with any relevant information to that end by the provider, to the extent that the provider does not answer the questions or provide the information directly.
Amendment 160 #
Proposal for a regulation
Article 3 a (new)
Article 3 a (new)
Article 3a Applicable law in the online environment 1. To the extent that Regulation (EU) 2016/679 or this Regulation allow Member States to regulate the processing of personal data or electronic communications data, in their domestic laws, the relevant national law provisions shall apply to: (a) the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in the Member State in question; or (b) the processing of personal data or electronic communications data by a controller, processor or a provider of an electronic communications service or network not established in the Union , offering goods or services in that Member State or monitoring the behaviour of data subjects in that Member State; 2. The relevant national law provisions as set out in point 1 of this Article do not apply to the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in another Member State, who shall instead only be subject to the relevant national law provisions of that other Member State.
Amendment 162 #
Proposal for a regulation
Article 4 – paragraph 1 – point b a (new)
Article 4 – paragraph 1 – point b a (new)
(ba) ‘user or end-user’ means a natural person using a publicly available electronic communications service, without necessarily having subscribed to this service;
Amendment 163 #
Proposal for a regulation
Article 4 – paragraph 1 – point b b (new)
Article 4 – paragraph 1 – point b b (new)
(bb) ‘number-based interpersonal communications service’ means an interpersonal communications service which uses assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans partly or fully as its addressing system;
Amendment 164 #
Proposal for a regulation
Article 4 – paragraph 1 – point b c (new)
Article 4 – paragraph 1 – point b c (new)
(bc) ‘call’ means a connection established by means of a publicly available electronic interpersonal communications service allowing voice communication between two or more endpoints;
Amendment 165 #
Proposal for a regulation
Article 4 – paragraph 1 – point b d (new)
Article 4 – paragraph 1 – point b d (new)
(bd) ‘electronic communication service’ means service normally provided for remuneration via electronic communications networks, which encompasses 'internet access service' as defined in Article 2(2) of Regulation (EU) 2015/2120; and/or 'interpersonal communications service'; and/or services consisting wholly or mainly in the conveyance of signals such as transmission services used for the provision of machine-to-machine services and for broadcasting;
Amendment 166 #
Proposal for a regulation
Article 4 – paragraph 1 – point b e (new)
Article 4 – paragraph 1 – point b e (new)
(be) ‘interpersonal communications service’ means a service normally provided for remuneration that enables direct interpersonal and interactive exchange of information via electronic communications networks. This includes services that enable interpersonal and interactive communication as a minor ancillary feature that is intrinsically linked to another service;
Amendment 167 #
Proposal for a regulation
Article 4 – paragraph 1 – point b f (new)
Article 4 – paragraph 1 – point b f (new)
(bf) ‘number- independent interpersonal communications service’ means an interpersonal communications service which does not connect with the public switched telephone network, either by means of assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 168 #
Proposal for a regulation
Article 4 – paragraph 3 – point a a (new)
Article 4 – paragraph 3 – point a a (new)
(aa) ‘normally for remuneration’ means involving an economic transaction, whether financial or not;
Amendment 169 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchanged by means of electronic communications services or via electronic communications networks , such as text, voice, videos, images, and sound;
Amendment 172 #
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including but not limited to, data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication; it includes data broadcast or emitted by the terminal equipment to identify end-users' communications and/or terminal equipment in the network and enable it to connect to such network or to another device.
Amendment 175 #
Proposal for a regulation
Article 4 – paragraph 3 – point f
Article 4 – paragraph 3 – point f
(f) ‘direct marketing communications’ means any form of advertising, whether written or oral, or similar promotion sent, directed or presented to one or more identified or identifiable end- users ofver an electronic communications servicesnetwork, including the use of automated calling and communication systems with or without human interaction, targeted advertising on social media platforms, electronic mail, facsimile, SMS, etc.;
Amendment 177 #
Proposal for a regulation
Article 4 – paragraph 3 – point g
Article 4 – paragraph 3 – point g
(g) ‘direct marketing voice-to-voice calls’ means live calls, which do not entail the use of automated calling systems and communication systems; and which connect the caller and the recipient of the call with or without the use of semi- automated communication systems, such as for example automatic dialers;
Amendment 178 #
Proposal for a regulation
Article 4 – paragraph 3 – point h a (new)
Article 4 – paragraph 3 – point h a (new)
(ha) ‘new equipment location data’ means data that can enable the geospatial location, movement or direction of terminal equipment and is not processed in order to provide a communications service;
Amendment 194 #
Proposal for a regulation
Article 6 – title
Article 6 – title
Amendment 205 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is strictly necessary to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose. only and only to the extent that the purpose concerned could not be fulfilled by processing information that is made anonymous,
Amendment 212 #
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1 a (new)
Article 6 – paragraph 1 – subparagraph 1 a (new)
Where processing of electronic communications data in accordance with point (b) is likely to result in a high risk to the rights and freedoms of natural persons, Articles 35 and 36 of Regulation (EU) 2016/679 shall apply.
Amendment 215 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. Under no circumstances, including when complying with points (a) and (b) of paragraph 1, shall providers of electronic communications services try to, be requested or be forced to comply with a request to gain access to end-user´s communications content in situations where the content itself is protected by technical means.
Amendment 225 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive unlawful use of, or subscription to, electronic communications services; or
Amendment 235 #
Proposal for a regulation
Article 6 – paragraph 2 – subparagraph 1 a (new)
Article 6 – paragraph 2 – subparagraph 1 a (new)
Where a type of processing of electronic communications metadata (and taking into account the nature, scope, context and purpose of processing) is likely to result in a high risk to the rights and freedoms of natural persons, Articles 35 and 36 of Regulation 2016/679 shall apply.
Amendment 236 #
Proposal for a regulation
Article 6 – paragraph 2 – subparagraph 1 b (new)
Article 6 – paragraph 2 – subparagraph 1 b (new)
Consent may be provided to the provider of the communication service or to the provider of the specific service, but if it is provided to the latter, the latter must be able to prove to the provider of the communication service that such consent has been given.
Amendment 265 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadatadata which is strictly necessary may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 273 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including information about its software and hardware and any other electronic communications data identifying end-users, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 295 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is strictly necessary for web audience measuring, provided that such measurement is carried out bythe measurement of use of the information society service requested, provided that such measurement does not entail tracking of the end-user across different information society services, the data is anonymised, and that this measurement is carried out directly under the responsibility of the provider of the information society service requested by the end-user.
Amendment 310 #
Proposal for a regulation
Article 8 – paragraph 1 – subparagraph 1 a (new)
Article 8 – paragraph 1 – subparagraph 1 a (new)
The end-user shall not be denied access to an information society or electronic communications service - whether these services are remunerated or not - on grounds that the end-user does not provide consent under point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the provision of that service.
Amendment 311 #
Proposal for a regulation
Article 8 – paragraph 1 – subparagraph 1 b (new)
Article 8 – paragraph 1 – subparagraph 1 b (new)
The end-user shall not be denied any functionality of the terminal equipment on grounds that the end-user does not provide consent as set out in point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the functionality requested by the end-user.
Amendment 315 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – introductory part
Article 8 – paragraph 2 – subparagraph 1 – introductory part
The collection of information emitted by terminal equipment to enable it to connect to another device and, or to network equipment shall be prohibited, except if:
Amendment 324 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, itsll relevant information about the intended processing is provided in clear and easily understandable language, provided separately from the terms and conditions of the provider, and if the end- user concerned has given his or her consent to the processing of the data for one or more specified purposes, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection. including for the provision of specific services, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous; the collection of such information shall be conditional on the application of appropriate technical and organizational measures to ensure that a level of security appropriate to the risks, as set out in Article 32 of the Regulation (EU) 2016/679 and supplemented with a mandatory data protection impact assessment., has been applied.
Amendment 344 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes ofEnd-users who have consented to the processing of electronic communications data as set out in point c of Article 6(2), points a and b of Article 6(3), point (b)b of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet and point b of Article 8(2) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 351 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processingIn order to lower the burden ofn electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continund-users, requests for consent as well as consent withdrawals shall where possible conform to technical standards applicable to such request or withdrawals and be machine-readable, in order to allow for end-users to benefit from privacy enhancing technologies.
Amendment 361 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placedThe settings of all the components onf the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already storedterminal equipment placed on the market, including both software and hardware, shall be configured by default to prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties onf thate equipment's processing capabilities.
Amendment 380 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction is limited to a range of targets based on a reasonable suspicion, respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory funnational security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of serious criminal offences or unauthorized use of electironic connected to the exercise of official authority for such interestsmmunication systems, and the request is done following a prior judicial authorization.
Amendment 386 #
Proposal for a regulation
Article 11 – paragraph 1 b (new)
Article 11 – paragraph 1 b (new)
1b. Direct means of access into the technical facilities of the providers of communication services or communication networks ("back doors"), for the use of the agencies involved in the matters listed in paragraph 1, shall be prohibited.
Amendment 389 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their responsekeep detailed and secure records, in relation to all requests received, of : – the in-house staff members who handled requests, – the identity of the official or body asking for the information, – the purpose for which the information was sought, – the date and time of the request, – the formal basis and authority for the request, including the identity and status or function of the official who authorized the making of the request and whether this was a judicial or prosecution or state security official, – the number of subscribers to whose data the request related, – the precise data provided to the requesting official or body, – the period covered by the data, and any other information as may be set out in further guidance to be issues by the European Data Protection Board. The providers shall provide the competent authority with regular overall information, at least on an annual basis, on all the requests in a specified period, with such statistical breakdowns as the authority may request. The competent authority shall release a meaningful summary of the regular overall information which, one the one hand, shall allow data subjects and the general public meaningful insight into the scope and nature of the use of the powers of access by the relevant authorities, while at the same time protecting confidential information to the extent that that is strictly necessary to safeguard the matters listed in paragraph 1.
Amendment 396 #
Proposal for a regulation
Article 14 – paragraph 1 – point a
Article 14 – paragraph 1 – point a
(a) to block incoming calls from specific numbers or from anonymous sourhaving a specific code/prefix identifying the fact that the call is a marketing call, as foreseen in Article 16(3) (b) or from sources blocking calling line ID or equivalent services;
Amendment 399 #
Proposal for a regulation
Article 14 – paragraph 1 – point b
Article 14 – paragraph 1 – point b
(b) to stopensure that automatic call forwarding by a third party to the end- user's terminal equipment can only be initiated with the end-user´s consent.
Amendment 404 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling such search functions related to their own datadifferent categories of their own data. A separate consent shall be required for enabling reverse searches of natural persons based on phone numbers or service identifiers such as email addresses or user names.
Amendment 408 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. NThe use by natural or legal persons may useof electronic communications servicenetworks for the purposes of sending, directing or presenting direct marketing communications to end-users who are natural persons that, may be allowed only in respect of end-users who have given their consent.
Amendment 425 #
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy manner and free of charge, to receiving further marketing communications. Any use of market sender identities, false contact information or false return addresses or numbers for direct marketing purposes shall be prohibited.
Amendment 431 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
In the case of a particular risk that may compromise the security of the terminal equipment, networks and electronic communications services, the provider of an electronic communications service, the software provider and the terminal equipment vendor shall inform all end- users concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies, including an indication of the likely costs involved.
Amendment 438 #
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. The independent supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Regulation. Chapter VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to end-usersEach Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of this Regulation.
Amendment 441 #
Proposal for a regulation
Article 18 – paragraph 2 a (new)
Article 18 – paragraph 2 a (new)
2a. Where more than one supervisory authority is established in a Member State, each authority is represented on the European Data Protection Board to the extent of its respective competence, and the Member State shall set out the mechanism to ensure compliance by the other authorities with the rules relating to the consistency mechanism.
Amendment 445 #
Proposal for a regulation
Article 21 – paragraph 1 b (new)
Article 21 – paragraph 1 b (new)
1b. Member States may provide that a body, organisation or association independently of the end-user´s mandate, has the right to lodge, in that Member State, a complaint with the supervisory authority which is competent pursuant to paragraph 1 of this Article and to exercise the rights referred to in paragraph 2 of this Article if it considers that the rights of the end-user under this Regulation have been infringed.
Amendment 469 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
Amendment 784 #
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. The independent supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Regulation. Chapter VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to end-usersEach Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of this Regulation.
Amendment 787 #
Proposal for a regulation
Article 18 – paragraph 2 a (new)
Article 18 – paragraph 2 a (new)
2 a. Where more than one supervisory authority is established in a Member State, each authority is represented to the European Data Protection Board to the extent of its respective competence, and the Member State shall set out the mechanism to ensure compliance by the other authorities with the rules relating to the consistency mechanism.