BETA

Activities of Jan Philipp ALBRECHT related to 2017/0002(COD)

Shadow reports (1)

REPORT on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC PDF (1 MB) DOC (184 KB)
2016/11/22
Committee: LIBE
Dossiers: 2017/0002(COD)
Documents: PDF(1 MB) DOC(184 KB)

Amendments (53)

Amendment 59 #
Proposal for a regulation
Recital 7 a (new)
(7a) The data protection legal framework for processing in the course of activities of Union institutions and bodies in the areas of freedom, security and justice and of the common foreign and security policy remains fragmented and creates legal uncertainty. This Regulation should therefore provide for harmonised rules for the protection and the free movement of personal data processed by the Union institutions and bodies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of Part Three of the TFEU and Chapter 2 of Title V of the TEU.
2017/07/12
Committee: LIBE
Amendment 61 #
Proposal for a regulation
Recital 8
(8) In Declaration No 21 on the protection of personal data in the fields of judicial cooperation in criminal matters and police cooperation, annexed to the final act of the intergovernmental conference which adopted the Treaty of Lisbon, the conference acknowledged that specific rules on the protection of personal data and the free movement of personal data in the fields of judicial cooperation in criminal matters and police cooperation based on Article 16 TFEU could prove necessary because of the specific nature of those fields. This Regulation should therefore apply to Union agencies carrying out activities in the fields of judicial cooperation in crimiFurthermore, the field of common foreign and security policy also has a specific nature and specific rules on the protection of personal data and the free movement of personal data could prove necessary as well. It is therefore appropriate to regulate the processing of operational personal mdatters and police cooperation only to the extent that Union law applicable to such agencies does not contain specific rules on the processing of personal data. a, such as personal data processed for criminal investigation purposes, by Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by missions referred to in Article 42(1), 43 and 44 of the TEU by specific rules, derogating from a number of general rules of this Regulation. Those specific rules are aligned with the provisions of the Directive (EU) 2016/680 and should be interpreted homogenously. Processing of administrative personal data by those bodies, offices or agencies, such as staff data, should be covered by this Regulation.
2017/07/12
Committee: LIBE
Amendment 69 #
Proposal for a regulation
Recital 10
(10) Where the founding act of a Union agency carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty lays down a standalone data protection regime for the processing of operational personal data, such regimes should be unaffected byoverridden by the provisions in this Regulation. This Regulation should therefore repeal specific articles in specific acts that could potentially conflict with the provisions in this Regulation. However, the Commission should, in accordance with Article 62 of Directive (EU) 2016/680, by 6 May 2019 review Union acts which regulate processing by the competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and, where appropriate, make the necessary proposals to amend those acts to ensure a consistent approach to the protection of personal data in the area of judicial cooperation in criminal matters and police cooperation.
2017/07/12
Committee: LIBE
Amendment 78 #
Proposal for a regulation
Recital 18
(18) The Union law including the internal rules referred to in this Regulation should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the Court of Justice of the European Union and the European Court of Human Rights.
2017/07/12
Committee: LIBE
Amendment 84 #
Proposal for a regulation
Recital 26
(26) The processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be subject to appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation. Those safeguards should ensure that technical and organisational measures are in place in order to ensure, in particular, the principle of data minimisation. The further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is to be carried out when the controller has assessed the feasibility to fulfil those purposes by processing data which do not permit or no longer permit the identification of data subjects, provided that appropriate safeguards exist (such as, for instance, pseudonymisation of the data). Union institutions and bodies should provide for appropriate safeguards for the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in Union law, which may include internal rules.
2017/07/12
Committee: LIBE
Amendment 88 #
Proposal for a regulation
Recital 37 – paragraph 1
Legal acts adopted on the basis of the Treaties or internal rules of Union institutions and bodies may impose restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data portability, confidentiality of electronic communications as well as the communication of a personal data breach to a data subject and certain related obligations of the controllers, as far as necessary and proportionate in a democratic society to safeguard public security, the prevention, investigation and prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, including the protection of human life especially in response to natural or manmade disasters, internal security of Union institutions and bodies, other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, the keeping of public registers kept for reasons of general public interest or the protection of the data subject or the rights and freedoms of others, including social protection, public health and humanitarian purposes.
2017/07/12
Committee: LIBE
Amendment 90 #
Proposal for a regulation
Recital 37 – paragraph 2
Where a restriction is not provided for in legal acts adopted on the basis of the Treaties or their internal rules, Union institutions and bodies may in a specific case impose an ad hoc restriction concerning specific principles and the rights of data subject if such a restriction respects the essence of the fundamental rights and freedoms and, in relation to a specific processing operation, is necessary and proportionate in a democratic society to safeguard one or more of the objectives mentioned in paragraph 1. The restriction should be notified to the data protection officer. All restrictions should be in accordance with the requirements set out in the Charter and in the European Convention for the Protection of Human Rights and Fundamental Freedoms.deleted
2017/07/12
Committee: LIBE
Amendment 92 #
Proposal for a regulation
Recital 49
(49) The European Data Protection Supervisor should be informed about administrative measures and internal rules of Union institutions and bodies which provide for the processing of personal data, lay down conditions for restrictions of data subject rights or provide appropriate safeguards for data subject rights, in order to ensure compliance of the intended processing with this Regulation and in particular to mitigate the risk involved for the data subject.
2017/07/12
Committee: LIBE
Amendment 96 #
Proposal for a regulation
Recital 65
(65) In certain instances, Union law provides for a model of coordinated supervision, shared between the European Data Protection Supervisor and the national supervisory authorities. Moreover, the European Data Protection Supervisor is the supervisory authority of Europol and a specific model of cooperation with the national supervisory authorities is established through a cooperation board with an advisory function. In order to improve the effective supervision and enforcement of substantive data protection rules, a single, coherent model of coordinated supervisthis Regulation should be introduced in the Union. The Commission should therefor a single, wcohere appropriate, submit legislative proposals with a view to amending Union legal acts providing for a model of coordinated supervision, in order to align them with the coordinated supervision model of this Regulatnt model of coordinated supervision. The European Data Protection Board should serve as a single forum for ensuring the effective coordinated supervision across the board.
2017/07/12
Committee: LIBE
Amendment 105 #
Proposal for a regulation
Article 2 – paragraph 2 a (new)
2a. This Regulation shall also apply to Union agencies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty, including where the founding acts of these Union agencies lay down a standalone data protection regime for the processing of operational personal data. The provisions in this Regulation shall take precedence over the conflicting provisions in the founding acts of these Union agencies.
2017/07/12
Committee: LIBE
Amendment 108 #
Proposal for a regulation
Article 3 – paragraph 2 – point d a (new)
(da) 'operational personal data' means personal data processed by the Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by the missions referred to in Article 42(1), 43 and 44 of the TEU, for the purposes of meeting the objectives laid down in acts establishing those agencies or missions.
2017/07/12
Committee: LIBE
Amendment 121 #
Proposal for a regulation
Article 9 – paragraph 1 – introductory part
1. Without prejudice to Articles 4, 5, 6, 10, 14, 15(3) and 106(4), personal data shall only be transmitted to recipients established in the Union and subject to Regulation (EU) 2016/679 or to the national law adopted pursuant to Directive (EU) 2016/680, if the recipient establishescontroller demonstrates, on the basis of a reasoned request by the recipient:
2017/07/12
Committee: LIBE
Amendment 124 #
(b) that it is necessary to have the data transmitted, it is proportionate toproportionate and necessary for the purposes of the transmission and if there is no reason to assume that the data subject's rights and freedoms and legitimate interests might be prejudicedserving a public interest such as transparency or good administration.
2017/07/12
Committee: LIBE
Amendment 128 #
Proposal for a regulation
Article 11 – paragraph 1
Processing of personal data relating to criminal convictions and offences or related security measures pursuant to Article 5(1) may be carried out only if authorised by Union law, which may include internal rules, providing the appropriate specific safeguards for the rights and freedoms of data subjects.
2017/07/12
Committee: LIBE
Amendment 138 #
Proposal for a regulation
Article 25 – paragraph 1 – introductory part
1. Legal acts adopted on the basis of the Treaties or, in matters relating to the operation of the Union institutions and bodies, internal rules laid down by the latter, which should be clear and precise and their application should be foreseeable to persons subject to it, may restrict the application of Articles 14 to 22, 34 and 38, as well as Article 4 in so far as its provisions correspond to the rights and obligations provided for in Articles 14 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
2017/07/12
Committee: LIBE
Amendment 144 #
Proposal for a regulation
Article 25 – paragraph 2
2. Where a restriction is not provided for by a legal act adopted on the basis of the Treaties or by an internal rule in accordance with paragraph 1, the Union institutions and bodies may restrict the application of Articles 14 to 22, 34 and 38, as well as Article 4 in so far as its provisions correspond to the rights and obligations provided for in Articles 14 to 22, if such a restriction respects the essence of the fundamental rights and freedoms, in relation to a specific processing operation, and is a necessary and proportionate measure in a democratic society to safeguard one or more of the objectives referred to in paragraph 1. The restriction shall be notified to the competent data protection officer.deleted
2017/07/12
Committee: LIBE
Amendment 146 #
Proposal for a regulation
Article 25 – paragraph 3
3. Where personal data are processed for scientific or historical research purposes or statistical purposes, Union law, which may include internal rules, may provide for derogations from the rights referred to in Articles 17, 18, 20 and 23 subject to the conditions and safeguards referred to in Article 13 in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
2017/07/12
Committee: LIBE
Amendment 149 #
Proposal for a regulation
Article 25 – paragraph 4
4. Where personal data are processed for archiving purposes in the public interest, Union law, which may include internal rules, may provide for derogations from the rights referred to in Articles 17, 18, 20, 21, 22 and 23 subject to the conditions and safeguards referred to in Article 13 in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
2017/07/12
Committee: LIBE
Amendment 150 #
Proposal for a regulation
Article 25 – paragraph 5
5. Internal rules referred to in paragraphs 1, 3 and 4 shall be sufficiently clear and precise and subject to appropriate publication.deleted
2017/07/12
Committee: LIBE
Amendment 166 #
Proposal for a regulation
Article 41 – paragraph 1
The Union institutions and bodies shall inform the European Data Protection Supervisor when drawing up administrative measures and internal rules relating to the processing of personal data involving a Union institution or body alone or jointly with others.
2017/07/12
Committee: LIBE
Amendment 174 #
Proposal for a regulation
Article 44 – paragraph 4
4. The data protection officer may be a staff member of the Union institution or body, or, taking into account the organisational structure and size of the Union institution or body, fulfil the tasks on the basis of a service contract.
2017/07/12
Committee: LIBE
Amendment 187 #
Proposal for a regulation
Chapter 5 a (new)
PROCESSING OF OPERATIONAL PERSONAL DATA
2017/07/12
Committee: LIBE
Amendment 188 #
Proposal for a regulation
Article 52 a (new)
Article 52 a Scope By way of derogation from Articles 4, 6, 7, 8, 10, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 35, 41, 43, 49, 50 and 51, the provisions of this Chapter shall apply to processing of operational data by Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by missions referred to in Article 42(1), 43 and 44 of the TEU.
2017/07/12
Committee: LIBE
Amendment 189 #
Proposal for a regulation
Article 52 b (new)
Article 52 b Principles relating to processing of personal data Personal data shall be: (a) processed lawfully and fairly ('lawfulness and fairness'); (b) collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes provided that the Union agencies and missions provide appropriate safeguards for the rights and freedoms of data subjects ('purpose limitation'); (c) adequate, relevant, and not excessive in relation to the purposes for which they are processed ('data minimisation'); (d) accurate and kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy'); (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes provided that the agencies or missions provide appropriate safeguards for the rights and freedoms of data subjects, in particular by the implementation of the appropriate technical and organisational measures required by this Regulation ('storage limitation'); (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
2017/07/12
Committee: LIBE
Amendment 190 #
Proposal for a regulation
Article 52 c (new)
Article 52 c Lawfulness of processing 1. Processing shall be lawful only if and to the extent that processing is necessary for the performance of a task carried out by Union agencies and missions and that it is based on Union law. 2. Union law specifying and complementing this Regulation as regards the processing within the scope of this Chapter shall specify the objectives of processing, the personal data to be processed and the purposes of the processing.
2017/07/12
Committee: LIBE
Amendment 191 #
Proposal for a regulation
Article 52 d (new)
Article 52 d Distinction between different categories of data subjects Union agencies or missions shall make a clear distinction between personal data of different categories of data subjects, such as: (a) persons with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offence; (b) persons convicted of a criminal offence; (c) victims of a criminal offence or persons with regard to whom certain facts give rise to reasons for believing that they could be the victim of a criminal offence; and (d) other parties to a criminal offence, such as persons who might be called on to testify in investigations in connection with criminal offences or subsequent criminal proceedings, persons who can provide information on criminal offences, or contacts or associates of one of the persons referred to in points (a) and (b).
2017/07/12
Committee: LIBE
Amendment 192 #
Proposal for a regulation
Article 52 e (new)
Article 52 e Distinction between personal data and verification of quality of personal data 1. Union agencies and missions shall distinguish personal data based on facts from personal data based on personal assessments. 2. Union agencies and missions shall process personal data in such a way that it can be established which authority provided the data or where the data has been retrieved from. 3. Union agencies and missions shall ensure that personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available. To that end, Union agencies and missions shall verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of personal data, Union agencies and missions shall add necessary information enabling the recipient to assess the degree of accuracy, completeness and reliability of personal data, and the extent to which they are up to date shall be added. 4. If it emerges that incorrect personal data have been transmitted or personal data have been unlawfully transmitted, the recipient shall be notified without delay. In such a case, the personal data shall be rectified or erased or processing shall be restricted.
2017/07/12
Committee: LIBE
Amendment 193 #
Proposal for a regulation
Article 52 f (new)
Article 52 f Specific processing conditions 1. When Union agencies and missions provide for specific conditions for processing, they shall inform the recipient of such personal data of those conditions and the requirement to comply with them. 2. Union agencies and missions shall comply with specific processing conditions for processing provided by a national authority in accordance with Article 9 (3) and (4) of Directive (EU) 2016/680.
2017/07/12
Committee: LIBE
Amendment 194 #
Proposal for a regulation
Article 52 g (new)
Article 52 g Transmission of personal data to other Union institutions and bodies 1. Union agencies and missions shall only transmit personal data to other Union institutions and bodies if the data are necessary for the legitimate performance of tasks covered by the competence of other Union institutions and bodies. 2. Where personal data are transmitted following a request from the other Union institution or body, both the controller and the recipient shall bear the responsibility for the legitimacy of this transfer. 3. Union agencies and missions shall be required to verify the competence of the other Union institution or body and to make a provisional evaluation of the necessity for the transmission. If doubts arise as to this necessity, Union agencies and missions shall seek further information from the recipient. 4. Other Union institutions and bodies shall ensure that the necessity for the transmission can be subsequently verified. 5. Other Union institutions and bodies shall process the personal data only for the purposes for which they were transmitted.
2017/07/12
Committee: LIBE
Amendment 195 #
Proposal for a regulation
Article 52 h (new)
Article 52 h Processing of special categories of personal data 1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning a natural person's sex life or sexual orientation shall be allowed only where strictly necessary for the performance of tasks of Union agencies and missions, subject to appropriate safeguards for the rights and freedoms of the data subject and only if they supplement other operational personal data already processed by Union agencies and missions. 2. The data protection officer shall be informed immediately of recourse to this Article.
2017/07/12
Committee: LIBE
Amendment 196 #
Proposal for a regulation
Article 52 i (new)
Article 52 i Automated individual decision-making, including profiling The data subject shall have the right not to be subject to a decision of Union agencies and missions based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.
2017/07/12
Committee: LIBE
Amendment 197 #
Proposal for a regulation
Article 52 j (new)
Article 52 j Information to be made available or given to the data subject 1. Union agencies and missions shall make available to the data subject at least the following information: (a) the identity and the contact details of the Union agency or mission; (b) the contact details of the data protection officer; (c) the purposes of the processing for which the personal data are intended; (d) the right to lodge a complaint with the European Data Protection Supervisor and its contact details; (e) the existence of the right to request from Union agencies and missions access to and rectification or erasure of personal data and restriction of processing of the personal data concerning the data subject. 2. In addition to the information referred to in paragraph 1, Union agencies and missions shall give to the data subject, in specific cases, the following further information to enable the exercise of his or her rights: (a) the legal basis for the processing; (b) the period for which the personal data will be stored, or, where that is not possible, the criteria used to determine that period; (c) the categories of recipients of the personal data, including in third countries or international organisations; (d) where necessary, further information, in particular where the personal data are collected without the knowledge of the data subject. 3. Union agencies and missions may delay, restrict or omit the provision of the information to the data subject pursuant to paragraph 2 to the extent that, and for as long as, such a measure is provided for by a legal act adopted on the basis of the Treaties and constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and the legitimate interests of the natural person concerned, in order to: (a) avoid obstructing official or legal inquiries, investigations or procedures; (b) avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; (c) protect public security of the Member States; (d) protect national security of the Member States; (e) protect the rights and freedoms of others.
2017/07/12
Committee: LIBE
Amendment 198 #
Proposal for a regulation
Article 52 k (new)
Article 52 k Right of access by the data subject The data subject shall have the right to obtain from Union agencies and missions confirmation as to whether or not personal data concerning that subject are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of and legal basis for the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from Union agencies and missions rectification or erasure of personal data or restriction of processing of personal data concerning the data subject; (f) the right to lodge a complaint with the European Data Protection Supervisor and his or her contact details; (g) communication of the personal data undergoing processing and of any available information as to their origin.
2017/07/12
Committee: LIBE
Amendment 199 #
Proposal for a regulation
Article 52 l (new)
Article 52 l Limitations to the right of access 1. Union agencies and missions may restrict, wholly or partly, the data subject's right of access to the extent that, and for as long as, such a partial or complete restriction is provided for by a legal act adopted on the basis of the Treaties and constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the natural person concerned, in order to: (a) avoid obstructing official or legal inquiries, investigations or procedures; (b) avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; (c) protect public security of the Member States; (d) protect national security of the Member States; (e) protect the rights and freedoms of others. 2. In the cases referred to in paragraph 1, Union agencies and missions shall inform the data subject, without undue delay, in writing of any refusal or restriction of access and of the reasons for the refusal or the restriction. Such information may be omitted where the provision thereof would undermine a purpose under paragraph 1. Union agencies and missions shall inform the data subject of the possibility of lodging a complaint with the European Data Protection Supervisor or seeking a judicial remedy in the Court of Justice of the European Union. 3. Union agencies and missions shall document the factual or legal reasons on which the decision is based. That information shall be made available to the European Data Protection Supervisor on request.
2017/07/12
Committee: LIBE
Amendment 200 #
Proposal for a regulation
Article 52 m (new)
Article 52 m Right to rectification or erasure of personal data and restriction of processing 1. The data subject shall have the right to obtain from Union agencies and missions without undue delay the rectification of inaccurate personal data relating to that subject. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. 2. Union agencies and missions shall erase personal data without undue delay and the data subject shall have the right to obtain from Union agencies and missions the erasure of personal data concerning that subject without undue delay where processing infringes Articles 52b, 52c or 52h, or where personal data must be erased in order to comply with a legal obligation to which Union agencies and missions are subject. 3. Instead of erasure, Union agencies and missions shall restrict processing where: (a) the accuracy of the personal data is contested by the data subject and their accuracy or inaccuracy cannot be ascertained; or (b) the personal data must be maintained for the purposes of evidence. Where processing is restricted pursuant to point (a) of the first subparagraph, Union agencies and missions shall inform the data subject before lifting the restriction of processing. Restricted data shall be processed only for the purpose that prevented their erasure. 4. Union agencies and missions shall inform the data subject in writing of any refusal of rectification or erasure of personal data or restrict processing and of the reasons for the refusal. Union agencies and missions may restrict, wholly or partly, the obligation to provide such information to the extent that such a restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the natural person concerned in order to: (a) avoid obstructing official or legal inquiries, investigations or procedures; (b) avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; (c) protect public security of the Member States; (d) protect national security of the Member States; (e) protect the rights and freedoms of others. 5. Union agencies and missions shall inform the data subject of the possibility of lodging a complaint with the European Data Protection Supervisor or seeking a judicial remedy from the Court of Justice of the European Union. 6. Union agencies and missions shall communicate the rectification of inaccurate personal data to the competent authority from which the inaccurate personal data originate. 7. Union agencies and missions shall, where personal data has been rectified or erased or processing has been restricted pursuant to paragraphs 1, 2 and 3, notify the recipients and inform them that they have to rectify or erase the personal data or restrict processing of the personal data under their responsibility.
2017/07/12
Committee: LIBE
Amendment 201 #
Proposal for a regulation
Article 52 n (new)
Article 52 n Exercise of rights by the data subject and verification by the European Data Protection Supervisor 1. In the cases referred to in Articles 52i(3) , 52k and 52m(4), the rights of the data subject may also be exercised through the European Data Protection Supervisor. 2. Union agencies and missions shall inform the data subject of the possibility of exercising his or her rights through the European Data Protection Supervisor pursuant to paragraph 1. 3. Where the right referred to in paragraph 1 is exercised, the European Data Protection Supervisor shall at least inform the data subject that all necessary verifications or a review by it have taken place. The European Data Protection Supervisor shall also inform the data subject of his or her right to seek a judicial remedy in the Court of Justice of the European Union.
2017/07/12
Committee: LIBE
Amendment 202 #
Proposal for a regulation
Article 52 o (new)
Article 52 o Logging 1. Union agencies and missions shall keep logs for any of the following processing operations in automated processing systems: collection, alteration, consultation, disclosure including transfers, combination and erasure. The logs of consultation and disclosure shall make it possible to establish the justification for, and the date and time of, such operations, the identification of the person who consulted or disclosed personal data, and, as far as possible, the identity of the recipients of such personal data. 2. The logs shall be used solely for verification of the lawfulness of processing, self-monitoring, ensuring the integrity and security of the personal data, and for criminal proceedings. Such logs shall be deleted after three years, unless they are required for on-going control. 3. Union agencies or missions shall make the logs available to their data protection officer and to the European Data Protection Supervisor on request.
2017/07/12
Committee: LIBE
Amendment 203 #
Proposal for a regulation
Article 52 p (new)
Article 52 p Transfers subject to appropriate safeguards 1. In the absence of an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 or Article 36 of Directive (EU) 2016/680, Union agencies and missions may transfer personal data to a third country or an international organisation where: (a) appropriate safeguards with regard to the protection of personal data are provided for in a legally binding instrument; or (b) Union agencies and missions have assessed all the circumstances surrounding the transfer of personal data and conclude that appropriate safeguards exist with regard to the protection of personal data. 2. Union agencies and missions shall seek authorisation from the European Data Protection Supervisor when transferring personal data under point (b) of paragraph 1. 3. When a transfer is based on point (b) of paragraph 1, such a transfer shall be documented and the documentation shall be made available to the European Data Protection Supervisor on request, including the date and time of the transfer, information about the receiving competent authority, the justification for the transfer and the personal data transferred.
2017/07/12
Committee: LIBE
Amendment 204 #
Proposal for a regulation
Article 52 q (new)
Article 52 q Derogations for specific situations 1. In the absence of an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 or Article 36 of Directive (EU) 2016/680, or of appropriate safeguards pursuant to Article 52p, Union agencies and missions may, on a case-by-case basis, transfer personal data to a third country or an international organisation only on the condition that the transfer is proportionate and necessary: (a) in order to protect the vital interests of the data subject or another person; (b) to safeguard legitimate interests of the data subject; (c) for the prevention of an immediate and serious threat to public security of a Member State or a third country; or (d) in individual cases for the performance of the tasks of Union agencies and missions, unless they determine that fundamental rights and freedoms of the data subject concerned override the public interest in the transfer. 2. Union agencies shall seek authorisation from the European Data Protection Supervisor when transferring personal data under point (b) of paragraph 1. 3. Where a transfer is based on paragraph 1, such a transfer shall be documented and the documentation shall be made available to the European Data Protection Supervisor on request, including the date and time of the transfer, and information about the receiving competent authority, about the justification for the transfer and about the personal data transferred.
2017/07/12
Committee: LIBE
Amendment 220 #
Proposal for a regulation
Article 59 – paragraph 3 – point b a (new)
(ba) to authorise or not the processing operations as referred to in Article 40(4);
2017/07/12
Committee: LIBE
Amendment 223 #
Proposal for a regulation
Article 61 – paragraph 1
The European Data Protection Supervisor shall cooperate with supervisory authorities established under Article 41 of Regulation (EU) 2016/679 and Article 51 of Directive (EU) 2016/680 (hereinafter "national supervisory authorities") and with the joint supervisory authority established under Article 25 of Council Decision 2009/917/JHA21 to the extent necessary for the performance of their respective duties, in particular by providing each other with relevant information, requesting national supervisory authoritieseach other to exercise their powers or responding to a request from such authorities. _________________ 21 Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes, OJ L 323, 10.12.2009, p. 20–30each other's requests.
2017/07/12
Committee: LIBE
Amendment 228 #
Proposal for a regulation
Article 62 – paragraph 1
1. Where a Union act refers to this Article,envisages that the European Data Protection Supervisor shall cooperupervises the processing of personal datea actively with thet the Union level and national supervisory authorities, supervise the processing order to ensure effective supervision of large IT systems or Union agenciesf personal data at national level in a large IT system or a Union body, office or agency, the European Data Protection Supervisor and the national supervisory authorities, each acting within the scope of their respective competencies, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision.
2017/07/12
Committee: LIBE
Amendment 231 #
Proposal for a regulation
Article 62 – paragraph 2
2. The European Data Protection 2. SupervisorThey shall, each acting within the scope of its respective competences and in the framework of itstheir responsibilities, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Regulation and other applicable Union acts, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for solutions to any problems and promote awareness of data protection rights, as necessary, jointly with the national supervisory authorities.
2017/07/12
Committee: LIBE
Amendment 233 #
Proposal for a regulation
Article 62 – paragraph 3
3. For the purposes laid down in paragraph 2, the European Data Protection Supervisor shall meet withand the national supervisory authorities shall meet at least twice a year within the framework of the European Data Protection Board. The costs and servicing of those meetings shall be borne by the European Data Protection Board. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointlyFor these purposes, the European Data Protection Board may develop further working methods as necessary.
2017/07/12
Committee: LIBE
Amendment 240 #
Proposal for a regulation
Article 66 – paragraph 2
2. Infringements of the obligations of the Union institution or body pursuant to Articles 8, 12 27, 28, 29, 30, 31, 32, 33, 37, 38, 39, 40, 44, 45 and 46 shall, in accordance with paragraph 1, be subject to administrative fines up to 25 000 EUR per infringement and up to a total of 250 000 EUR% of the annual budget of the Union institution or body per year.
2017/07/12
Committee: LIBE
Amendment 241 #
3. Infringements of the following provisions by the Union institution or body shall, in accordance with paragraph 1, be subject to administrative fines up to 50 000 EUR per infringement and up to a total of 500 000 EUR4% of the annual budget of the Union institution or body per year:
2017/07/12
Committee: LIBE
Amendment 244 #
Proposal for a regulation
Article 71 a (new)
Article 71 a Amendments to SIS II Regulation (EC) No 1987/2006 and SIS II Council Decision 2007/533/JHA Article 46 of Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) and Article 62 of Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) are replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 246 #
Proposal for a regulation
Article 71 b (new)
Article 71 b Amendments to VIS Regulation (EC) No 767/2008 Article 43 of Regulation (C) No 767/2008 of the European Parliament and the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 248 #
Proposal for a regulation
Article 71 c (new)
Article 71 c Amendments to Customs Information System Council Regulation (EC) No 515/97 and Council decision 2009/917/JHA 1. Paragraph (4) of Article 37 of Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]". 2. Article 25 of Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes is hereby deleted. Paragraphs (2) and (3) of Article 26 of that Council Decision are replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 251 #
Proposal for a regulation
Article 71 d (new)
Article 71 d Amendments to Europol Regulation (EU) 2016/794 Articles 28, 30, 33, 34, 35, 36, 37, 40, 41, 45, and 46 of Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA are hereby deleted. Article 44 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 253 #
Proposal for a regulation
Article 71 e (new)
Article 71 e Amendments to Council Regulation (EU) 2017/XX on EPPO Articles 36e, 36f, 37, 37b, 37c, 37cc, 37ccc, 37d, 37e, 37f, 37g, 37h, 37i, 37j, 37k, 37n, 37o, 41, 41a, 41b, 43a, 43b, 43c, 43d, 43e and 46 of Council Regulation (EU) 2017/... of implementing enhanced cooperation on the establishment of the European Public Prosecutor's Office ("the EPPO") are hereby deleted. Article 45 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 256 #
Proposal for a regulation
Article 71 f (new)
Article 71 f Amendments to Eurojust Regulation (EU) 2017/XX Articles 27, 29, 30, 31, 33, 36 and 37 of Regulation (EU) 2017/... of the European Parliament and of the Council on the European Union Agency for Criminal Justice Cooperation (Eurojust) are hereby deleted. Article 35 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE
Amendment 257 #
Proposal for a regulation
Article 71 g (new)
Article 71 g Amendments to Eurodac Regulation (EU) 2017/XX Articles 29, 30, 31, and 39 of Regulation (EU) 2017/... of the European Parliament and of the Council on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of [Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], for identifying an illegally staying third- country national or stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes (recast) are hereby deleted. Article 34 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
2017/07/12
Committee: LIBE