BETA

40 Amendments of Jens ROHDE related to 2017/0003(COD)

Proposal for a regulation
Recital 6

(6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an inconsistent or insufficient ~~effective~~ protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concerns new techniques that allow for tracking of online behaviour of end-users, which are not covered by Directive 2002/58/EC. Directive 2002/58/EC should therefore be repealed and replaced by this Regulation. __________________ 22 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p.37).

2017/07/10
Committee: JURI

Proposal for a regulation
Recital 17

(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users' consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 3 – paragraph 1 – point c

(c) the protection of information related to the terminal equipment of end- users ~~located~~ in the Union.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. The provisions of Regulation (EU) 2016/679 shall apply unless this Regulation stipulates special provisions.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 6 – paragraph 1 – point a

(a) it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose and the data is stored in a binary format; or

2017/07/10
Committee: JURI

Proposal for a regulation
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her prior consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their prior consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

2017/07/10
Committee: JURI

Proposal for a regulation
Article 6 – paragraph 3 – point b

(b) if all end-users concerned have given their prior consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 7 – paragraph 2

2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata ~~or make that data anonymous~~ when it is no longer needed for the purpose of the transmission of a communication.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 8 – paragraph 1 – point a

(a) it is necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications network whereby the data shall be stored in a binary format; or

2017/07/10
Committee: JURI

Proposal for a regulation
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her prior consent; or

2017/07/10
Committee: JURI

Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)

(da) the data is deleted without any undue delay once the purpose of the collection ceases to exists.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b

(b) a clear, reader-friendly and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 9 – paragraph 3

3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals ~~of 6 months~~, as long as the processing continues.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 10 – paragraph 1

1. Software ~~placed on the market~~ permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 10 – paragraph 2

2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Each software update shall require a new consent of the end user.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 11 – paragraph 1

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the ~~essence of the~~ fundamental rights and freedoms in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard ~~one or more of~~ the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 ~~or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests~~.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 11 – paragraph 2

2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, ~~on demand,~~ with information about those procedures, the number of requests received, the legal justification invoked and their response.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 15 – paragraph 1

1. The providers of publicly available directories shall obtain ~~the~~prior consent of end- users who are natural persons to include their personal data in the directory ~~and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data~~to organize personal data per categories, to the extent that such data are relevant for the purpose of the ~~directory as determined by the provider of the~~ directory. Providers shall give end-users who are natural persons the means to verify, correct and delete such data or to withdraw their consent at any time.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 16 – paragraph 2

2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may only use these electronic contact details for direct marketing of its own similar products or services and only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 16 – paragraph 4

4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to- voice calls to end-users who are natural persons shall only be allowed in respect of end-users who are natural persons who have not expressed their objection to receiving those communications.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 16 – paragraph 7

7. The Commission shall be empowered to adopt ~~implementing measure~~delegated acts in accordance with Article 2~~6(2)~~5 specifying the code/or prefix to identify marketing calls, pursuant to point (b) of paragraph 3.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 21 – paragraph 2

2. Any natural or legal person other than end-users adversely affected by infringements of this Regulation and having a legitimate interest in the cessation or prohibition of alleged infringements, including a provider of electronic communications services protecting its legitimate business interests, shall have a right to bring legal proceedings in respect of such infringements.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 22

Article 22 Right to compensation and liability Any end-user of electronic communications services who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the infringer for the damage suffered, unless the infringer proves that it is not in any way responsible for the event giving rise to the damage in accordance with Article 82 of Regulation (EU) 2016/679.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23

Article 23 General conditions for imposing administrative fines 1. Chapter VII of Regulation (EU) 2016/679 shall apply to infringements of this Regulation. 2. Infringements of the following provisions of this Regulation shall, in accordance with paragraph 1, be subject to administrative fines up to EUR 10 000 000, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8; (b) the obligations of the provider of software enabling electronic communications, pursuant to Article 10; (c) publicly available directories pursuant to Article 15; (d) natural person who uses electronic communications services pursuant to Article 16. 3. confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7 shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. 4. rules on penalties fdeleted For the purpose of this Article, the obligations of the providers of the obligations of any legal or iInfringements of Articles 12, 13, 14, and 17. 5. a supervisory authority as referred to in Article 18, shall be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. 6. powers of supervisory authorities pursuant to Article 18, eachthe principle of Member State ~~may~~s shall lay down rules on whether and to what extent administrative fines may be imposed on public authorities and bodies established in that Member State. 7. authority of its powers under this Article shall be subject to appropriate procedural safeguards in accordance with Union and Member State law, including effective judicial remedy and due process. 8. Member State does not provide for administrative fines, this Article may be applied in such a manner that the fine is initiated by the competent supervisory authority and imposed by competent national courts, while ensuring that those legal remedies are effective and have an equivalent effect to the administrative fines imposed by supervisory authorities. In any event, the fines imposed shall be effective, proportionate and dissuasive. Those Member States shall notify to the Commission the provisions of their laws which they adopt pursuant to this paragraph by [xxx] and, without delay, any subsequent amendment law or amendment affectingthe Non-compliance with an order by Without prejudice to the corrective The exercise by the supervisory Where the legal system of them.

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 1

~~1. For the purpose of this Article, Chapter VII of Regulation (EU) 2016/679 shall apply to infringements of this Regulation.~~deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 2

2. Infringements of the following provisions of this Regulation shall, in accordance with paragraph 1, be subject to administrative fines up to EUR 10 000 000, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8; (b) the obligations of the provider of software enabling electronic communications, pursuant to Article 10; (c) publicly available directories pursuant to Article 15; (d) natural person who uses electronic communications services pursuant to Article 16.deleted the obligations of the providers of the obligations of any legal or

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 3

3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7 shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 4

~~4. Member States shall lay down the rules on penalties for infringements of Articles 12, 13, 14, and 17.~~deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 5

5. Non-compliance with an order by a supervisory authority as referred to in Article 18, shall be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 6

6. Without prejudice to the corrective powers of supervisory authorities pursuant to Article 18, each Member State may lay down rules on whether and to what extent administrative fines may be imposed on public authorities and bodies established in that Member State.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 7

7. The exercise by the supervisory authority of its powers under this Article shall be subject to appropriate procedural safeguards in accordance with Union and Member State law, including effective judicial remedy and due process.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 – paragraph 8

8. Where the legal system of the Member State does not provide for administrative fines, this Article may be applied in such a manner that the fine is initiated by the competent supervisory authority and imposed by competent national courts, while ensuring that those legal remedies are effective and have an equivalent effect to the administrative fines imposed by supervisory authorities. In any event, the fines imposed shall be effective, proportionate and dissuasive. Those Member States shall notify to the Commission the provisions of their laws which they adopt pursuant to this paragraph by [xxx] and, without delay, any subsequent amendment law or amendment affecting them.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 23 a (new)

Article 23 a Article 83 of Regulation (EU) No 2016/679 shall apply;

2017/07/10
Committee: JURI

Proposal for a regulation
Article 24

Article 24 Penalties 1. rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 23, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive. 2. the Commission the provisions of its law which it adopts pursuant to paragraph 1, no later than 18 months after the date set forth under Article 29(2) and, without delay, any subsequent amendment affecting them.deleted Member States shall lay down the Each Member State shall notify to

2017/07/10
Committee: JURI

Proposal for a regulation
Article 24 – paragraph 1

1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 23, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 24 – paragraph 2

2. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to paragraph 1, no later than 18 months after the date set forth under Article 29(2) and, without delay, any subsequent amendment affecting them.deleted

2017/07/10
Committee: JURI

Proposal for a regulation
Article 24 a (new)

Article 24a Article 84 of Regulation (EU) No 2016/679 shall apply;

2017/07/10
Committee: JURI

Proposal for a regulation
Article 25 – paragraph 2

2. The power to adopt delegated acts referred to in Article 8(4) shall be conferred on the Commission for ~~an indeterminate period of time~~5 years from [the datae of entering into force of this Regulation].

2017/07/10
Committee: JURI