BETA

34 Amendments of Jan MULDER related to 2012/0010(COD)

Amendment 188 #
Proposal for a directive
Recital 20
(20) Personal data should not be processed for purposes incompatible with the purpose for which it was collected. Personal data should be adequate, and relevant and not excessive for the purposes for which the personal data are processed. Every reasonable step should be taken to ensure that personal data which are inaccurate should be rectified or erased.
2013/03/06
Committee: LIBE
Amendment 204 #
Proposal for a directive
Recital 27
(27) Every natural person should have the right not to be subject to a measure which is based solepartially or fully on automated processing if it produces an adverse legal effect for that person or significantly affects that person, unless authorised by law and subject to suitable measures to safeguard the data subject's legitimate interests.
2013/03/06
Committee: LIBE
Amendment 213 #
Proposal for a directive
Recital 30
(30) The principle of fair processing requires that the data subjects should be informed in a transparent manner in particular of the existence of the processing operation and its purposes, its legal ground, how long the data will be stored, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.
2013/03/06
Committee: LIBE
Amendment 216 #
Proposal for a directive
Recital 32
(32) Any person should have the right of access to data which has been collected concerning them, and to exercise this right easily, in order to be aware of and verify the lawfulness of the processing. Every data subject should therefore have the right, when possible in advance, to know about and obtain communication in particular of the purposes for which the data are processed, for what period, which recipients receive the data, including in third countries Data subjects should be allowed to receive a copy of their personal data which are being processed.
2013/03/06
Committee: LIBE
Amendment 225 #
Proposal for a directive
Recital 41
(41) In order to ensure effective protection of the rights and freedoms of data subjects by way of preventive actions, the controller or processor should consult with the supervisory authority in certain cases prior to the processing. Where processing operations are likely to present a high degree of specific risks to the rights and freedoms of data subjects, the supervisory authority should be in a position to prevent, prior to the start of operations, a processing which is not in compliance with this Directive, and to make proposals to remedy such situation.
2013/03/06
Committee: LIBE
Amendment 226 #
Proposal for a directive
Recital 42
(42) A personal data breach may, if not addressed in an adequate and timely manner, result in harm, including reputational damage to the individual concerned. Therefore, as soon as the controller becomes aware that such a breach has occurred, it should notify the breach to the competent national authority. The individuals whose personal data or privacy could be adversely affected by the breach should be notified without undue delay in order to allow them to take the necessary precautions. A breach should be considered as adversely affecting the personal data or privacy of an individual where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation or economic or social loss in connection with the processing of personal data.
2013/03/06
Committee: LIBE
Amendment 248 #
Proposal for a directive
Recital 65 a (new)
(65a) Transmission of personal data to other authorities or private parties in the Union is prohibited unless there is the prevention of an immediate and serious danger to public security, or the prevention of serious harm to the rights of individuals. The controller should inform the recipient of the purpose of the processing. The recipient should also be informed of processing restrictions and ensure that they are met.
2013/03/06
Committee: LIBE
Amendment 271 #
Proposal for a directive
Article 2 – paragraph 3 – point b
(b) by the Union institutions, bodies, offices and agencies.deleted
2013/03/06
Committee: LIBE
Amendment 293 #
Proposal for a directive
Article 4 – paragraph 1 – point a
(a) processed fairly and lawfully and in a transparent manner;
2013/03/06
Committee: LIBE
Amendment 297 #
Proposal for a directive
Article 4 – paragraph 1 – point c
(c) adequate, relevant, and not excessive in relationas much as possible limited to the purposes for which they are processed;
2013/03/06
Committee: LIBE
Amendment 310 #
Proposal for a directive
Article 4 – subparagraph 1 a (new)
Data initially processed for purposes other than those referred to in Article 1(1) may only be used for the purposes of prevention, investigation, detection or prosecution of criminal offences granted they are processed on a valid legal basis that ensures sufficient guarantees for the data subject.
2013/03/06
Committee: LIBE
Amendment 316 #
Proposal for a directive
Article 5
Distinction between different categories of 1. Member States shall provide that, as far as possible, the controller makes a clear distinction between personal data of different categories of data subjects, such as: (a) persons with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offence; (b) persons convicted of a criminal offence; (c) victims of a criminal offence, or persons with regard to whom certain facts give reasons for believing that he or she could be the victim of a criminal offence; (d) third parties to the criminal offence, such as persons who might be called on to testify in investigations in connection with criminal offences or subsequent criminal proceedings, or a person who can provide information on criminal offences, or a contact or associate to one of the persons mentioned in (a) and (b); and (e) persons who do not fall within any of the categories referred to above.Article 5 deleted data subjects
2013/03/06
Committee: LIBE
Amendment 329 #
Proposal for a directive
Article 5 – paragraph 1 a (new)
1a. Member States shall restrict the access to the personal data to a restricted group of duly authorised personnel.
2013/03/06
Committee: LIBE
Amendment 333 #
Proposal for a directive
Article 5 – paragraph 1 b (new)
1b. Personal data may only be processed by personnel duly authorised by the responsible authority with the aim of the sound execution of their tasks and only as far as this authorisation extents.
2013/03/06
Committee: LIBE
Amendment 334 #
Proposal for a directive
Article 5 – paragraph 1 c (new)
1c. The authorisation shall contain a sound description of the tasks and processes of the processing operation for which the personnel concerned is authorised.
2013/03/06
Committee: LIBE
Amendment 338 #
Proposal for a directive
Article 6 – paragraph 1
1. Member States shall ensure that, as far as possible, the different categories of personal data undergoing processing are distinguished in accordance with their degree of accuracy and reliabilityould provide for specific safeguards for the processing of personal data relating of persons who have not been convicted of a criminal offence, or in relation to persons of whom there is no serious ground for believing that they have committed a criminal offence.
2013/03/06
Committee: LIBE
Amendment 362 #
Proposal for a directive
Article 9 – paragraph 1
1. Member States shall provide that measures which produce an adverse legal effect for the data subject or significantly affect them and which are based solepartially or fully on automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall be prohibited unless authorised by a law which also lays down measures to safeguard the data subject's legitimate interests.
2013/03/06
Committee: LIBE
Amendment 377 #
Proposal for a directive
Article 10 – paragraph 3
3. Member States shall provide that the controller takes all reasonable steps to establish procedures for providing the information referred to in Article 11 and for the exercise of the rights of data subjects referred to in Articles 12 to 17.
2013/03/06
Committee: LIBE
Amendment 380 #
Proposal for a directive
Article 10 – paragraph 5
5. Member States shall provide that the information and any action taken by the controller following a request referred to in paragraphs 3 and 4 are free of charge and in written form. Where requests are vexatious, in particular because of their repetitive character, or the size or volume of the request, the controller may charge a fee for providing the information or taking the action requested, or the controller may not take the action requested. In that case, the controller shall bear the burden of proving the vexatious character of the request.
2013/03/06
Committee: LIBE
Amendment 401 #
Proposal for a directive
Article 11 – paragraph 5
5. Member States mayshall provide that the controller shall assess, in each specific case, by means of a concrete and individual examination, whether a partial or complete restriction for one of the reasons referred to in paragraph 4 applies. Member States may also determine categories of data processing which may wholly or partly fall under the exemptions of paragraph 4(a), (b), (c) and(d).
2013/03/06
Committee: LIBE
Amendment 418 #
Proposal for a directive
Article 13 – paragraph 1 – introductory part
1. Member States may adopt legislative measures restricting, wholly or partly, the data subject's right of access to the extent that such partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the legitimate interests and fundamental rights of the person concerned:
2013/03/06
Committee: LIBE
Amendment 431 #
Proposal for a directive
Article 13 – paragraph 2
2. Member States may determine by law categories of data processing which may wholly or partly fall under the exemptions of paragraph 1. These exemptions, however, shall not be applied in a general way but only in specific circumstances and accompanied by a reasoned justification. The controller shall be responsible for these individual, reasoned assessments.
2013/03/08
Committee: LIBE
Amendment 434 #
Proposal for a directive
Article 13 – paragraph 3
3. In cases referred to in paragraphs 1 and 2, Member States shall provide that the controller informs the data subject with undue delay in writing on any refusal or restriction of access, on the reasons for the refusal and on the possibilities of lodging a complaint to the supervisory authority and seeking a judicial remedy. The information on factual or legal reasons on which the decision is based may be omitted where the provision of such information would undermine a purpose under paragraph 1.
2013/03/08
Committee: LIBE
Amendment 453 #
Proposal for a directive
Article 16 – paragraph 1
1. Member States shall provide for the right of the data subject to obtain from the controller the erasure and abstention of further processing of personal data relating to them where the processing does not comply with the provisions adopted pursuant to Articles 4 (a) to (e), 7 and 8 of this Directive. The controller should take all reasonable steps, including technical measures, to inform third parties.
2013/03/08
Committee: LIBE
Amendment 457 #
Proposal for a directive
Article 16 – paragraph 3 – introductory part
3. Instead of erasure, the controller shall mark theand restrict as far as possible the use of personal data where:
2013/03/08
Committee: LIBE
Amendment 489 #
Proposal for a directive
Article 19 – paragraph 2
2. The controller shall implement mechanisms for ensuring that, by default, only those personal data which are necessary for the purposes of the processing are processed as well as stored no longer then deemed necessary by the responsible investigation authority.
2013/03/08
Committee: LIBE
Amendment 510 #
Proposal for a directive
Article 22 a (new)
Article 22a Where the processor is or becomes the determining part in relation to the purposes, means, or methods of data processing or does not act exclusively on the instructions of the controller, it shall be considered as a joint controller pursuant to Article 20.
2013/03/08
Committee: LIBE
Amendment 524 #
Proposal for a directive
Article 24 – paragraph 1
1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed personal data.
2013/03/08
Committee: LIBE
Amendment 547 #
Proposal for a directive
Article 27 – paragraph 1
1. Member States shall provide that the controller and the processor implements appropriate technical and organisational measures and procedures to ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected, having regard to the state of the art and the cost of their implementation.
2013/03/08
Committee: LIBE
Amendment 553 #
Proposal for a directive
Article 28 – paragraph 4
4. Member States shall provide that the controller documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. The supervisory authority shall keep a public record of the breaches notified.
2013/03/08
Committee: LIBE
Amendment 557 #
Proposal for a directive
Article 28 – paragraph 5
5. The Commission, after consultation of the European Data Protection Board, shall be empowered to adopt delegated acts in accordance with Article 56 for the purpose of specifying further the criteria and requirements for establishing the data breach referred to in paragraphs 1 and 2 and for the particular circumstances in which a controller and a processor is required to notify the personal data breach.
2013/03/08
Committee: LIBE
Amendment 558 #
Proposal for a directive
Article 28 – paragraph 6
6. The Commission, after consultation of the European Data Protection Authority, may lay down the standard format of such notification to the supervisory authority, the procedures applicable to the notification requirement and the form and the modalities for the documentation referred to in paragraph 4, including the time limits for erasure of the information contained therein. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 57(2).
2013/03/08
Committee: LIBE
Amendment 641 #
Proposal for a directive
Article 45 – paragraph 6
6. Where requests are very vexatious, in particular due to their repetitive character, the supervisory authority may charge a fee or not take the action required by the data subject. The supervisory authority shall bear the burden of proving of the very vexatious character of the request.
2013/03/08
Committee: LIBE
Amendment 652 #
Proposal for a directive
Article 47 – paragraph 1
Member States shall provide that each supervisory authority draws up an annual report on its activities. The report shall be made public and available to the Commission and the European Data Protection Board.
2013/03/08
Committee: LIBE