13 Amendments of Stefano MAULLU related to 2017/0003(COD)
Amendment 96 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. This may also cover situations where end-users use a service across devices for the purpose of service personalization and content recommendation. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- userincluding advertisements, should not constitute access to such a device or use of the device processing capabilities. Information society service providers should remain free to take appropriate measures in line with their respective business models, including restricting access to content when an end user uses an adblocker.
Amendment 110 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy setting options should differentiate between cookies from third parties that have a contractual relationship with website providers and other third party cookies. Such privacy settings should be presented in an easily visible and intelligible manner.
Amendment 269 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, unless the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and except on the following grounds:
Amendment 284 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consentspecific consent, which shall not be mandatory to access the service; or
Amendment 297 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-userin order to measure the audience of an information society service desired by the end-users, including measurement of indicators for the use of information society services in order to calculate a payment due.
Amendment 304 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(da) if it is necessary for the performance of a contract to which the end-user is party or to act at the request of the end-user prior to entering into a contract; or
Amendment 306 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(db) if it is necessary for legitimate interests pursued by the information society service provider;
Amendment 307 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
Article 8 – paragraph 1 – point d c (new)
(dc) it is necessary for the provision of personalised/targeted advertising, where the processing is strictly limited to anonymised or pseudonymised data and the entity concerned undertakes to comply with specific privacy safeguards
Amendment 337 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply. Access to an information society service may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose, such as the provision of advertising and audience segmentation.
Amendment 341 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet. This specific form of consent is without prejudice to information society service providers' capacity to ask for end-user consent. End-users consent given to a specific information society service provider should be binding on and prevail over privacy setting of software permitting electronic communications.
Amendment 371 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Such software shall ensure that a consent given by an end user under point b of Article 8 (1) prevails over the privacy settings chosen at the installation of the software.
Amendment 407 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent or when the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Amendment 416 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details may be used for direct marketing of its own similarsimilar or analogue products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.