BETA

Activities of Axel VOSS related to 2012/0010(COD)

Legal basis opinions (0)

Amendments (133)

Proposal for a directive
Recital 7

(7) Ensuring a consistent and high level of protection of the personal data of individuals and facilitating the exchange of personal data between competent authorities of Members States is crucial in order to ensure effective judicial co- operation in criminal matters and police cooperation. To that aim, ~~the level of protection of the rights and freedoms of individual~~minimum standards must be ensured in all Member States with regard to ~~the~~any processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties must be equivalent in all Member States. Effective protection of personal data throughout the Union requires strengthening the rights of data subjects and the obligations of those who process personal data, but also equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data in the Member States.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 12

(12) In order to ensure ~~the same~~a minimum level of protection for individuals through legally enforceable rights throughout the Union and to prevent divergences hampering the exchange of personal data between competent authorities, the Directive should provide ~~harmonised rules for~~a minimum level of harmonisation concerning the protection and the free movement of personal data in the areas of judicial co- operation in criminal matters and police co-operation.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 15

(15) The protection of individuals should be technological neutral and not depend on the techniques used; otherwise this would create a serious risk of circumvention. The protection of individuals should apply to processing of personal data by automated means, as well as to manual processing if the data are contained or are intended to be contained in a filing system. Files or sets of files as well as their cover pages, which are not structured according to specific criteria, should not fall within the scope of this Directive. This Directive should not apply to the processing of personal data in the course of an activity which falls outside the scope of Union law, in particular concerning national security~~, or to data processed by the Union institutions, bodies, offices and agencies, such as Europol or Eurojust~~.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 16

(16) The principles of protection should apply to any information concerning an identified or identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person working together with the controller to identify the individual. The principles of data protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 23

(23) It is inherent to the processing of personal data in the areas of judicial co- operation in criminal matters and police co-operation that personal data relating to different categories of data subjects are processed. Therefore a clear distinction should as far as possible be made between personal data of different categories of data subjects such as suspects, persons convicted of a criminal offence, victims and third parties, such as witnesses, persons possessing relevant information or contacts and associates of suspects and convicted criminals.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 24

(24) As far as possible personal data should be distinguished according to the degree of their accuracy and reliability. Facts should be distinguished from personal assessments, in order to ensure both the protection of individuals and the quality and reliability of the information processed by the competent authorities.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 25 a (new)

(25a) Consent should explicitly take the form of a freely given specific and informed clear statement by the data subject which ensures that he or she is aware that he or she is giving agreement to the processing of personal data. Silence or inactivity should therefore not constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 26

(26) Personal data which are, by their nature, particularly sensitive in relation to fundamental rights or privacy~~, including genetic data,~~ deserve specific protection. Such data should not be processed, unless processing is specifically authorised by a law which provides for suitable measures to safeguard the data subject's legitimate interests; or processing is necessary to protect the vital interests of the data subject or of another person; or the processing relates to data which are manifestly made public by the data subject.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 30

(30) The principle of fair processing requires that the data subjects should be informed in particular of the existence of the processing operation and its purposes, how long the data will be stored, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 39

(39) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors requires a clear attribution of the responsibilities under this Directive, including where a controller determines the purposes, conditions and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 43

(43) In setting detailed rules concerning the format and procedures applicable to the notification of personal data breaches, due consideration should be given to the circumstances of the breach, including whether or not personal data had been protected by appropriate technical protection measures, effectively limiting the likelihood of misuse. Moreover, such rules and procedures should take into account the legitimate interests of competent authorities in cases where early disclosure could unnecessarily hamper the investigation of the circumstances of a breach.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 45

(45) Member States should ensure that a transfer to a third country only takes place if it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the controller in the third country or international organisation is an authority competent within the meaning of this Directive. A transfer may take place in cases where the Commission has decided that the third country or international organisation in question ensures an adequate level or protection, or when appropriate safeguards have been adduced.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 55

(55) While this Directive applies also to the activities of national courts, the competence of the supervisory authorities should not cover the processing of personal data when they are acting in their judicial capacity, in order to safeguard the independence of judges in the performance of their judicial tasks. ~~However, this exemption should be limited to genuine judicial activities in court cases and not apply to other activities where judges might be involved in accordance with national law.~~

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 56

(56) In order to ensure consistent monitoring and enforcement of this Directive throughout the Union, the supervisory authorities should have the same duties and effective powers in each Member State, including powers of investigation, legally binding intervention, decisions and sanctions, particularly in cases of complaints from individuals, and to engage in legal proceedings.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 57

(57) Each supervisory authority should hear complaints lodged by any data subject and should investigate the matter. ~~The investigation following a complaint should be carried out, subject to judicial review, to the extent that is appropriate in the specific case.~~ The supervisory authority should inform the data subject of the progress and the outcome of the complaint within a reasonable period. If the case requires further investigation or coordination with another supervisory authority, intermediate information should be given to the data subject.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 61

(61) Any body, organisation or association which aims to protects the rights and interests of data subjects in relation to the protection of their data and is constituted according to the law of a Member State should have the right to lodge a complaint or exercise the right to a judicial remedy on behalf of data subjects if duly mandated by them, or to lodge, independently of a data subject's complaint, its own complaint where it considers that a personal data breach has occurred.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 66

(66) In order to fulfil the objectives of this Directive, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free exchange of personal data by competent authorities within the Union, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission. In particular, delegated acts should be adopted in respect of notifications of a personal data breach to the supervisory authority. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing-up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and Council.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 67

(67) In order to ensure uniform conditions for the implementation of this Directive as regards documentation by controllers and processors, security of processing, notably in relation to encryption standards, notification of a personal data breach to the supervisory authority, and the adequate level of protection afforded by a third country or a territory or a processing sector within that third country or an international organisation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 68

(68) The examination procedure should be used for the adoption of measures as regards documentation by controllers and processors, security of processing~~, notification of a personal data breach to the supervisory authority,~~ and the adequate level of protection afforded by a third country or a territory or a processing sector within that third country or an international organisation, given that those acts are of general scope.

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 70

(70) Since the objectives of this Directive, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free exchange of personal data by competent authorities within the Union, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objectivedeleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 72

(72) Specific provisions with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties in acts of the Union which were adopted prior to the date of the adoption of this Directive, regulating the processing of personal data between Member States or the access of designated authorities of Member States to information systems established pursuant to the Treaties, should remain unaffected. The Commission should evaluate the situation with regard to the relation between this Directive and the acts adopted prior to the date of adoption of this Directive regulating the processing of personal data between Member States or the access of designated authorities of Member States to information systems established pursuant to the Treaties, in order to assess the need for alignment of these specific provisions with this Directive.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Recital 73

(73) In order to ensure a comprehensive and coherent protection of personal data in the Union, international agreements concluded by Member States prior to the entry force of this Directive should be amended in line with this Directive.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 1 – paragraph 1

1. This Directive lays down the rules relating to the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of protection against and prevention of risks to public security, preparedness for subsequent prosecution, the prevention, investigation, detection or prosecution of criminal offences orand the execution of criminal penalties.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 1 – paragraph 2 – introductory part

2. ~~In accordance with this Directive, Member States shall:~~The minimum requirements of this Directive shall be no impediment to Member States retaining or introducing provisions on the protection of personal data that ensure a higher level of protection.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 1 – paragraph 2 – point a

~~(a) protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data; an~~deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 1 – paragraph 2 – point b

(b) ensure that the exchange of personal data by competent authorities within the Union is neither restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 2 – paragraph 2

2. This Directive applies to the processing of personal data wholly or partly by automated means, and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. The Directive shall not apply if the personal data are stored, or are intended to be stored, in paper files or sets of files.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 2 – paragraph 3 – point b

~~(b) by the Union institutions, bodies, offices and agencies.~~deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 1

(1) 'data subject' means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person working together with the controller, in particular by reference to an identification number, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 1 a (new)

(1a) ‘criminal offence’ also means an offence which is punishable under the national law of Member States by virtue of being an infringement of the rules of law, where the decision may give rise to proceedings before a criminal court.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 4

(4) ~~'restriction of process~~‘blocking'’ means the marking of stored personal data with the aim of limiting their processing in the future;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 15 a (new)

(15a) ‘to make anonymous’ means to modify personal data in such a way that information can no longer or only with disproportionate investment of time, cost and labour be attributed to an identified or identifiable individual;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 15 b (new)

(15b) ‘European Union information systems’ means only those information systems that have been established under Chapter 4 or 5 of Title V of Part Three of the Treaty on the Functioning of the European Union or under the Treaty establishing the European Community;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 15 c (new)

(15c) ‘the data subject’s consent’ means any freely given specific, informed, and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear gesture in the affirmative, signifies his or her agreement to personal data relating to him or her being processed;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 3 – paragraph 1 – point 15 d (new)

(15d) ‘competent authorities’ means any authority responsible for the prevention of risks, for investigation, detection, or prosecution of criminal offences, or for the execution of criminal penalties, including institutions, bodies, offices, and agencies of the European Union.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 4 – paragraph 1 – point a

(a) processed lawfully, fairly, and ~~lawfully~~in a transparent and verifiable manner;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 4 – paragraph 1 – point c

(c) adequate, relevant, and ~~not ex~~limited to the minimum necess~~ive~~ary in relation to the purposes for which they are processed; they shall be processed only where anonymous processing is not sufficient for the given purpose;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 4 – paragraph 1 – point e

(e) kept in a form which permits identification of data subjects but for no longer than it is necessary for the purposes for which the personal data are processed;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 4 – paragraph 1 – point f

(f) processed uand~~er the responsibility and liability of the controller, who shall ensure compliance with~~ used in the performance of their duties only by the appro~~visions adopted pursuant to this Directive~~priate staff of competent authorities.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 5 – paragraph 1

1. Member States shall provide that, as far as possible, the controller makes a clear distinction between personal data of different categories of data subjects, such as: (a) persons with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offence; (b) persons convicted of a criminal offence; (c) victims of a criminal offence, or persons with regard to whom certain facts give reasons for believing that he or she could be the victim of a criminal offence; (d) third parties to the criminal offence, such as persons who might be called on to testify in investigations in connection with criminal offences or subsequent criminal proceedings, or a person who can provide information on criminal offences, or a contact or associate to one of the persons mentioned in (a) and (b); and (e) persons who do not fall within any of the categories referred to above.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 6 – title

~~Different degrees of accuracy and reliability of personal data~~Factual accuracy

2013/03/06
Committee: LIBE

Proposal for a directive
Article 6 – paragraph 1

1. ~~Member Stat~~The competent authorities shall ensure that, as far as possible, ~~the different categories of personal data undergoing processing are distinguished in accordance with their degree of accuracy and reliability~~personal data are factually accurate, complete, and, if necessary, up to date.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 6 – paragraph 2

2. ~~Member States shall ensure that, as far as possible, personal data based on facts are distinguished from personal data based on personal assessments.~~ The competent authorities shall ensure that personal data which are inaccurate, incomplete, or no longer up to date are not transmitted or made available. To that end, the competent authorities shall, as far as practicable, verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of data, available information shall be added which enables the receiving Member State to assess the degree of accuracy, completeness, up-to- dateness, and reliability. If personal data were transmitted without request the receiving authority shall verify without delay whether those data are necessary for the purpose for which they were transmitted. If it emerges that incorrect data have been transmitted or data have been transmitted unlawfully, the recipient must be notified without delay. The recipient shall be obliged to rectify the data without delay in accordance with paragraph 1 and Article 15 or to erase them in accordance with Article 16.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 7

Member States shall provide that the processing of personal data is lawful only if and to the extent that processing is necessary: (a) for the performance of a task carried out by a competent authority, based on law for the purposes set out in Article 1(1); or (b) for compliance with a legal obligation to which the controller is subject; or (c) in order to protect the vital interests of the data subject or of another person; or (d) for the prevention of an immediate and serious threat to public security.Article 7 deleted Lawfulness of processing

2013/03/06
Committee: LIBE

Proposal for a directive
Article 7 a (new)

Article 7a Lawfulness of processing: purpose limitation 1. The processing of personal data is lawful only if carried out in accordance with the following principles. 2. Personal data may be collected by the competent authorities as part of their work for specified, explicit, and legitimate purposes. Legitimate purposes are served by data collection in particular if it is (a) for the performance of a task carried out by a competent authority, based on law for the purposes set out in Article 1(1); or (b) for compliance with a legal obligation to which the controller is subject; or (c) carried out with the data subject’s consent to the processing of personal data relating to him or her for one or more clearly defined purposes; or (d) intended to safeguard the data subject’s legitimate interests; or (e) intended to safeguard the legitimate interests of another person, unless it is clearly in the legitimate interest of the data subject that the data processing does not take place; or (f) for the prevention of a threat to public security. 3. The processing of personal data must fulfil the purpose for which they were collected. Further processing for another purpose shall be permitted in so far as it (a) serves lawful purposes (paragraph 2); (b) is necessary for that other purpose; and (c) is not incompatible with the purpose for which the data were collected. 4. Personal data may be further processed for historical, statistical, or scientific purposes, by way of derogation from paragraph 3, if Member States provide for appropriate safeguards, for instance by making data anonymous.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 7 b (new)

Article 7b Special provisions for personal data from other Member States 1. In addition to the general principles of data processing, the arrangements below, as set out in paragraphs 2 to 4 of this Article, shall be applicable to personal data transmitted or made available by the competent authorities of another Member State. 2. Personal data may be forwarded to private parties only if (a) the competent authority of the Member State from which the data were obtained has consented to transmission in compliance with its national law; (b) no legitimate specific interests of the data subject prevent transmission; and (c) transfer is essential in particular cases for the competent authority transmitting the data to a private party for: (i) the performance of a task lawfully assigned to it; (ii) the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties; (iii) the prevention of an immediate and serious threat to public security; or (iv) the prevention of serious harm to the rights of individuals. The competent authority transmitting the data to a private party shall inform the latter of the purposes for which the data may exclusively be used. 3. Personal data may be further processed under the provisions of Article 7(3) only for the following purposes other than those for which they were transmitted or made available: (a) the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties other than those for which they were transmitted or made available; (b) other judicial and administrative proceedings directly related to the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties; (c) the prevention of an immediate and serious threat to public security; or (d) any other purpose only with the prior consent of the transmitting Member State or with the consent of the data subject, given in accordance with national law. This exemption shall be without prejudice to Article 7(4). 4. Where, under the law of the transmitting Member State, specific processing restrictions apply in specific circumstances to data exchanges between competent authorities within that Member State, the transmitting authority shall inform the recipient of such restrictions. The recipient shall ensure that these processing restrictions are observed.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 7 c (new)

Article 7c Establishment of time limits for erasure and review Appropriate time limits shall be established for the erasure of personal data or for a periodic review of the need for the storage of the data. Procedural measures shall ensure that these time limits are observed.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 8 – paragraph 1

1. ~~Member States shall prohibit t~~The processing of personal data revealing raceial or ethnic origin, political opinions, religionus or philosophical beliefs, or trade-union membership~~, of genetic data~~ or of data concerning health or sex life. shall be permitted only if

2013/03/06
Committee: LIBE

Proposal for a directive
Article 8 – paragraph 2 – point a

(a) the processing is absolutely necessary and authorised by a law providing appropriate safeguards; or

2013/03/06
Committee: LIBE

Proposal for a directive
Article 8 – paragraph 2 – point b

(b) the processing ~~is necessary to protect the vital interests of the data subject or of another person; or~~relates to data which are manifestly made public by the data subject.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 9 – paragraph 1

1. Me~~mber States shall provide that me~~asures which produce an adverse legal effect for the data subject or significantly affect them and which are based solely on automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall be p~~rohibi~~ermitted uonl~~ess~~y if authorised by a law which also lays down measures to safeguard the data subject’s legitimate interests.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 9 – paragraph 2

2. Automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall not be based solely on special categories of personal data referred to in Article 8.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 10 – paragraph 1

1. Member States shall provide that the controller takes allppropriate and reasonable steps to have transparent and easily accessible policies with regard to the processing of personal data and for the exercise of the data subjects’ rights.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 10 – paragraph 2

2. Member States shall provide that any information and any communication relating to the processing of personal data are to be provided by the controller to the data subject in ans intelligible a form as possible, using clear and plain language.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 10 – paragraph 4

~~4. Member States shall provide that the controller informs the data subject about the follow-up given to their request without undue delay.~~deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 11

1. Where personal data relating to a data subject are collected, Member States shall ensure that the controller takes all appropriate measures to provide the data subject with at least the following information: (a) the identity and the contact details of the controller and of the data protection officer; (b) the purposes of the processing for which the personal data are intended; (c) the period for which the personal data will be stored; (d) the existence of the right to request from the controller access to and rectification, erasure or restriction of processing of the personal data concerning the data subject; (e) the right to lodge a complaint to the supervisory authority referred to in Article 39 and its contact details; (f) the recipients or categories of recipients of the personal data, including in third countries or international organisations; (g) any further information in so far as such further information is necessary to guarantee fair processing in respect of the data subject, having regard to the specific circumstances in which the personal data are processed. 2. Where the personal data are collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, whether the provision of personal data is obligatory or voluntary, as well as the possible consequences of failure to provide such data. 3. The controller shall provide the information referred to in paragraph 1: (a) at the time when the personal data are obtained from the data subject, or (b) where the personal data are not collected from the data subject, at the time of the recording or within a reasonable period after the collection having regard to the specific circumstances in which the data are processed. 4. Member States may adopt legislative measures delaying, restricting or omitting the provision of the information to the data subject to the extent that, and as long as, such partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the legitimate interests of the person concerned: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to avoid prejudicing the prevention, detection, investigation and prosecution of criminal offences or for the execution of criminal penalties; (c) to protect public security; (d) to protect national security; (e) to protect the rights and freedoms of others. 5. Member States may determine categories of data processing which may wholly or partly fall under the exemptions of paragraph 4.deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 11 a (new)

Article 11a Information to the data subject 1. Member States shall ensure that the data subject is informed regarding the collection or processing of personal data by the controller, in accordance with national law. 2. Where personal data have been transmitted or made available between Member States, each Member State may, in accordance with its national law as referred to in paragraph 1, request the other Member State not to inform the data subject. In that event the latter Member State shall refrain from informing the data subject without the prior consent of the other Member State.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 13 – paragraph 1 – introductory part

1. Member States may adopt legislative measures restricting, wholly or partly, depending on the individual case, the data subject’s right of access to the extent that such partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the legitimate interests of the person concerned:

2013/03/06
Committee: LIBE

Proposal for a directive
Article 13 – paragraph 1 – point b

(b) to avoid prejudicing the prevention, of risks, the detection, investigation and prosecution of criminal offences or the execution of criminal penalties;

2013/03/06
Committee: LIBE

Proposal for a directive
Article 13 – paragraph 1 – point e

(e) to protect the data subject or the rights and freedoms of others.

2013/03/06
Committee: LIBE

Proposal for a directive
Article 13 – paragraph 2

~~2. Member States may determine by law categories of data processing which may wholly or partly fall under the exemptions of paragraph 1.~~deleted

2013/03/06
Committee: LIBE

Proposal for a directive
Article 14 – paragraph 1

1. Member States shall provide for the right of the data subject to request, ~~in particular in cases referred to~~within the bounds of what is set out in Articles 12 and 13, that the supervisory authority checks the lawfulness of the processing.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 14 – paragraph 2

2. Member States shall provide that the controller informs the data subject, at the request of the latter, of the right to request the intervention of the supervisory authority pursuant to paragraph 1.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 15 – paragraph 1

1. Member States shall provide for the right of the data subject to obtain ~~from the controller~~ the rectification of personal data relating to them which are inaccurate. The data subject shall have the right to obtain completion of incomplete personal data, in particular by way of a corrective statement.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 15 – paragraph 2

2. Member States shall ~~provide that the controller informs~~lay down whether the data subject may assert this right directly against the controller or through the intermediary of the competent national supervisory authority. 3. If the data subject asserts their rights directly against the controller and the latter refuses the rectification or completion, the controller must inform the data subject in writing on ~~any~~the refusal of rectification, on the reasons for the refusal and on the possibilities of lodging a complaint to the supervisory authority and seeking a judicial remedy.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 1

1. Member States shall provide for the right of the data subject to obtain from the controller the erasure of personal data relating to them where the processing does not comply with the provisions adopted pursuant to Articles 4 ~~(a) to (e)~~, 6, 7 and 8 of this Directive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 2

2. ~~The controller shall carry out the erasure without dela~~Member States shall lay down whether the data subject may assert this right directly against the controller or through the intermediary of the competent national supervisory authority. If the data subject asserts their rights directly against the controller and the latter refuses the rectification or completion, the controller must inform the data subject in writing on the refusal of rectification, on the reasons for the refusal and on the possibilities of lodging a complaint to the supervisory authority and seeking a judicial remedy.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 – introductory part

3. I~~nstead of erasure, the controller shall mark th~~f the provisions of this Directive state that personal data should be per~~sonal data~~ased, blocking shall be sufficient where:

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 – point c

(c) erasure would affect the data subject’s legitimate interests or the data subject opposes their erasure and requests the restriction of their use instead.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 – point c a (new)

(ca) obligations to document or keep data laid down by law are a barrier to erasure; in this case the data shall be handled in accordance with the obligations to document or keep data laid down by law;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 – point c b (new)

(cb) they are stored only for the purpose of data conservation or monitoring of data protection;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 – point c c (new)

(cc) erasure is possible only by means of a disproportionate technical effort, for example as a result of a special storage method.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 3 a (new)

3a. Blocked data may be used only for the purpose for which erasure was not carried out. They may also be used if they are essential to discharge the burden of proof.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 16 – paragraph 4

4. Member States shall provide that the controller informs the data subject in writing of any refusal of erasure or marking of the processing, the reasons for the refusal and the possibilities of lodging a complaint to the supervisory authority and seeking a judicial remedy.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 17 – paragraph 1

Member States may provide that the ~~rights of~~ information, access, rectification, erasure and ~~restriction of processing referred to in Articles 11 to 16 are carried out in accordance with national rules on judicial proceedings~~blocking provided for in Articles 11 to 16 are in harmony with national procedural law where the personal data are contained in a judicial decision or record ~~processed in the course of criminal investigations and proceedings~~which is bound to the taking of a court decision.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 18 – paragraph 3

3. The controller shall implement mechanisms to ensure the verification of the effectiveness of the measures referred to in paragraph 1 of this Article. If proportionate, this verification shall be carried out by independent internal or external auditors.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 20

Member States shall provide that where a controller determines the purposes, conditions and means of the processing of personal data jointly with others, the joint controllers must determine the respective responsibilities for compliance with the provisions adopted pursuant to this Directive, in particular as regards the procedures and mechanisms for exercising the rights of the data subject, by means of an arrangement between them.Article 20 deleted Joint controllers

2013/03/08
Committee: LIBE

Proposal for a directive
Article 21 – paragraph 1

1. Member States shall provide that where a processing operation is carried out on behalf of a controller, the controller must choose a processor providing sufficient guarantees (a) to implement ~~appropria~~the technical and organisational measures ~~and procedures in such a way~~set out in Article 27(1); (b) that the processing will also in other respects meet the requirements of the provisions adopted pursuant to this Directive and ensure the protection of the rights of the data subject. ; and (c) that the data subject will follow the instructions of the controller.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 21 – paragraph 2

2. ~~Member States shall provide that t~~The carrying out of processing by a processor must be governed by a legal act binding the processor to the controller and stipulating in particular that the processor shall act only on instructions from the controller, in particular, where the transfer of the personal data used is prohibitedor a written agreement stipulating that the processor shall act only on instructions from the controller.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 21 – paragraph 3

3. If a processor processes personal data ~~other than as~~without or in contravention of an instruct~~ed by~~ion from the controller~~, the processor shall be considered to be a controller in respect of~~ and in the absence of an appropriate legal obligation, the processor shall be liable for thate processing a~~nd shall be subject to the rules on joint controllers laid down in Article 20~~s if he or she were a controller.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 22 – paragraph 1

Member States shall provide that the processor and any person acting under the authority of the controller or of the processor, who has access to personal data, may only process them on instructions from the controller or where ~~required by Union or Member State law~~there is a legal obligation to do so.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 23

1. Member States shall provide that each controller and processor maintains documentation of all processing systems and procedures under their responsibility. 2. The documentation shall contain at least the following information: (a) the name and contact details of the controller, or any joint controller or processor; (b) the purposes of the processing; (c) the recipients or categories of recipients of the personal data; (d) transfers of data to a third country or an international organisation, including the identification of that third country or international organisation. 3. The controller and the processor shall make the documentation available, on request, to the supervisory authority.Article 23 deleted Documentation

2013/03/08
Committee: LIBE

Proposal for a directive
Article 23 a (new)

Article 23a Documentation 1. All transmissions of personal data are to be logged or documented for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security. 2. The logs and documents so produced must be made available to the supervisory authority upon request. The supervisory authority shall use this information only for the purpose of checking the lawfulness of the data processing and ensuring proper data integrity and security.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 24

Article 24 Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed personal data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 25 – paragraph 1

1. ~~Member States shall provide that t~~The controller and the processor shall ~~co- operate~~work, on request, with the supervisory authority in the performance of its duties, ion ~~particular by providing all information necessary for the supervisory authority to perform its duties~~the basis of Section 2 of Chapter VI of this Directive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 25 – paragraph 2

2. In response to the supervisory authority's exercise of its powers under points (a)and (b) of Article 46, the controller and the processor shall reply to the supervisory authority within a reasonable period. The reply shall include a description of the measures taken and the results achieved, in response to the remarks of the supervisory authority.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 27 – paragraph 1

1. Member States shall provide that the controller ~~and the processor implements appropriate technical and organisational~~implements technical and organisational measures to prevent: (a) the unintentional or unlawful destruction, (b) accidental loss, (c) unauthorised alteration, (d) unauthorised disclosure or access, in particular where the processing involves transmission over a network or making available by granting direct automated access, and (e) all other unlawful forms of processing of personal data. These measures musto ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected, having regard to the state of the art and the cost of their implementation.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 27 – paragraph 2 – introductory part

2. In respect of automated data processing, each Member State shall ~~provide that the controller or processor, following an evaluation of the risks, implements measures designed~~take suitable measures to:

2013/03/08
Committee: LIBE

Proposal for a directive
Article 27 – paragraph 2 – point j

(j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored personal data cannot be ~~corrupt~~falsified by means of a malfunctioning of the system (integrity).

2013/03/08
Committee: LIBE

Proposal for a directive
Article 27 – paragraph 3

3. The ~~Commission~~Member States may adopt, where necessary, ~~implementing act~~provisions for specifying the requirements laid down in paragraphs 1 and 2 to various situations, notably encryption standards. ~~Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 57(2).~~

2013/03/08
Committee: LIBE

Proposal for a directive
Article 28 – paragraph 5

~~5. The Commission shall be empowered to adopt~~ delegated acts in accordance with Article 56 for the purpose of specifying further the criteria and requirements for establishing the data breach referred to in paragraphs 1 and 2 and for the particular circumstances in which a controller and a processor is required to notify the personal data breach.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 28 a (new)

Article 28a Prior consultation Member States shall ensure that the competent national supervisory authorities are consulted prior to the processing of personal data which will form part of a new filing system to be created where: (a) special categories of data under Article 8 are to be processed, or (b) the type of processing, in particular using new technologies, mechanisms or procedures, holds otherwise specific risks for the fundamental rights and freedoms, and in particular the privacy, of the data subject.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 29

Communication of a personal data breach 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data or privacy of the data subject, the controller shall, after the notification referred to in Article 28, communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b) and (c) of Article 28(3). 3. The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the personal data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed, restricted or omitted on the grounds referred to in Article 11(4).Article 29 deleted to the data subject

2013/03/08
Committee: LIBE

Proposal for a directive
Article 30 – paragraph 1 a (new)

1a. The data protection officer shall not be penalised for performing his tasks. The data protection officer may not be dismissed while he is employed in that capacity or in the course of the next year thereafter unless facts emerge which provide sufficiently important grounds for the controller to dismiss him.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 33 – paragraph 1 – point a

(a) the transfer is necessary for the prevention, of risk, the investigation, detection or prosecution of criminal offences or the execution of criminal penalties; and

2013/03/08
Committee: LIBE

Proposal for a directive
Article 33 – paragraph 1 – point b

(b) the conditions laid down in this Chapter are complied with ~~by the controller and processor~~.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 1

1. Member States shall provide that a transfer of personal data to a third country or an international organisation may take place where the Commission has decided in accordance with Article 41 of Regulation (EU) …./2012 or in accordance with paragraph 3 of this Article that the third country or a territory or a processing sector within that third country, or the international organisation in question ensures an adequate level of protection. Such transfer shall not require any further authorisation. International treaties and agreements between the EU or one of its Member States and a third country or international organisation shall be deemed to be evidence for an appropriate level of protection within the meaning of this article.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 2 – introductory part

2. Where no decision adopted in accordance with Article 41 of Regulation (EU) …./2012 exists, the Commission shall assess the adequacy of the level of protection, giving consideration to all the circumstances generally surrounding data transfers or categories of data transfer which can be assessed without reference to specific transfer operations. The assessment shall give particular consideration to the following elements:

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 3

3. The Commission ~~may decide, within the scope of this Directive, that a~~shall be empowered to adopt delegated acts in accordance with Article 56 to supplement the list in Annex [x] of third countr~~y or a~~ies, territoryies or a processing sectors within ~~that~~ third countr~~y or an~~ies or international organisations which ensures an adequate level of protection within the meaning of paragraph 2. ~~Those implementing acts shall be adopted in accordance wi~~When determining the level of protection, the Commission must consider whether the relevant legislation, both general and sectoral, in force in the th~~e examination procedure referred to~~ird country or international organisation, guarantees effective and enforceable rights including effective administrative and judicial redress for data subjects, in Apartic~~le 57(2)~~ular for those data subjects whose personal data are being transferred.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 4

4. ~~The implementing act shall specify its geographical and sectoral application, and, where applicable, identify the supervisory authority mentioned in point (b) of~~According to Article 340(2) TFEU and settled case-law of the Court of Justice, the Union shall, in accordance with the general principles common to the laws of the Member States, make good any damage caused by its institutions in the performance of their duties, including any damage due to wrongful use of personal data following an incorrect determination under paragraphs 2 and 3.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 5

5. The Commission may decide within the scope of this Directive that a third country or a territory or a processing sector within that third country or an international organisation does not ensure an adequate level of protection within the meaning of paragraph 2, in particular in cases where the relevant legislation, both general and sectoral, in force in the third country or international organisation, does not guarantee effective and enforceable rights including effective administrative and judicial redress for data subjects, in particular for those data subjects whose personal data are being transferred. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 57(2), or, in cases of extreme urgency for individuals with respect to their right to personal data protection, in accordance with the procedure referred to in Article 57(3).deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 6

6. Member States shall ensure that where the Commission decides pursuant to paragraph 5, that any transfer of personal data to the third country or a territory or a processing sector within that third country, or the international organisation in question shall be prohibited, this decision shall be without prejudice to transfers under Article 35(1) or in accordance with Article 36. At the appropriate time, the Commission shall enter into consultations with the third country or international organisation with a view to remedying the situation resulting from the Decision made pursuant to paragraph 5 of this Article.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 34 – paragraph 8

~~8. The Commission shall monitor the application of the implementing acts referred to in paragraphs 3 and 5.~~deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 35

Transfers by way of appropriate 1. Where the Commission has taken no decision pursuant to Article 34, Member States shall provide that a transfer of personal data to a recipient in a third country or an international organisation may take place where: a) appropriate safeguards with respect to the protection of personal data have been adduced in a legally binding instrument; or (b) the controller or processor has assessed all the circumstances surrounding the transfer of personal data and concludes that appropriate safeguards exist with respect to the protection of personal data. 2. The decision for transfers under paragraph 1 (b) must be made by duly authorised staff. These transfers must be documented and the documentation must be made available to the supervisory authority on request.Article 35 deleted safeguards

2013/03/08
Committee: LIBE

Proposal for a directive
Article 35 a (new)

Article 35a Transfers by way of appropriate safeguards 1. Where the Commission has taken no decision pursuant to Article 34, a transfer of personal data to a recipient in a third country or an international organisation may take place where: (a) appropriate safeguards with respect to the protection of personal data have been adduced in a legally binding instrument; (b) the controller or processor has assessed all the circumstances generally surrounding the transfer of personal data (Article 34(2)) and concludes that appropriate safeguards exist with respect to the protection of personal data, or (c) a specific transfer of personal data may take place (Article 36) despite the Commission having concluded that an adequate level of data protection does not exist.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 35 b (new)

Article 35b Transfer of personal data originating in other Member States 1. Member States shall provide that, further to the above conditions, any transfer by competent authorities of personal data transmitted or provided by the responsible authorities of another Member State, including further onward transfer to a third country or international organisation, may take place only if: (a) the recipient in the third country or the receiving international body is responsible for the prevention of risk or the investigation, detection or prosecution of criminal offences or the execution of criminal penalties; (b) the Member State from which the data were transferred has given its consent to transfer in compliance with its national law, and (c) in cases covered by paragraph 3 of Article 34(a) and Article 35(b) and (c), the Member State from which the data were transferred also considers that, in compliance with its national law, appropriate safeguards exist in respect of the protection of the data transferred. 2. Onward transfer without prior consent in accordance with paragraph 1(b) shall be permitted only if transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third State or to essential interests of a Member State and the prior consent cannot be obtained in good time. The authority responsible for giving consent shall be informed without delay. 3. By way of derogation from point (c) of paragraph 1, onward transfer of personal data may take place if the national law of the Member State transferring the data so provides on the grounds of: (a) the compelling and legitimate interests of the data subject; or (b) compelling and legitimate interests, in particular important public interests. 4. Personal data may be forwarded to private parties only under the conditions set out in paragraph 1 of Article 7(a).

2013/03/08
Committee: LIBE

Proposal for a directive
Article 36

~~By way of derogation from~~ Articles 34 and 35, Member States shall provide that a transfer of personal data to a third country or an international organisation may take place only on condition that: a) the transfer is necessary in order to protect the vital interests of the data subject or another person; b) the transfer is necessary to safeguard legitimate interests of the data subject where the law of the Member State transferring the personal data so provides; or c) the transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third country; or d) the transfer is necessary in individual cases for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; or e) the transfer is necessary in individual cases for the establishment, exercise or defence of legal claims relating to the prevention, investigation, detection or prosecution of a specific criminal offence or the execution of a specific criminal penalty.6 deleted Derogations

2013/03/08
Committee: LIBE

Proposal for a directive
Article 36 a (new)

Article 36a Derogations in the case of specific data transfers after weighing the competing interests involved 1. Where the Commission concludes pursuant to Article 34(5) that an adequate level of protection does not exist, personal data may not be transferred to the third country or a territory or a processing sector within that third country, or the international organisation in question, if, in the case in question, the legitimate interests of the data subject in preventing any such transfer outweigh the public interest in transferring such data . 2.The adequacy of the level of protection in place in the case in question shall be one of the factors taken into account when the merits of the competing interests involved are compared. The assessment of the adequacy of the level of protection in the case in question shall give particular consideration to the circumstances surrounding the proposed data transfer, including in particular: (a) the nature of the data that are to be transferred, (b) the purpose(s) served by transferring it, and (c) the duration of the proposed processing operation in the third country. 3. By way of derogation from Articles 1 and 35, Member States may provide that a transfer of personal data to a third country or an international organisation may take place only on condition that: (a) the transfer is necessary to safeguard the vital and legitimate interests of the data subject or of another person, particularly in terms of their physical safety and well-being; (b) the transfer is necessary to safeguard legitimate interests of the data subject where the law of the Member State transferring the personal data so provides; or (c) the transfer is necessary in individual cases for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; or (d) the transfer is necessary in individual cases for the establishment, exercise or defence of legal claims relating to the prevention, investigation, detection or prosecution of a specific criminal offence or the execution of a specific criminal penalty. 4. In individual cases an adequate standard of protection may exist if the third country or a territory, a processing sector or an interstate or supranational body within that third country, or the international organisation, guarantees that the transferred data will receive an adequate level of protection.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 37 – paragraph 1

Member States shall provide that the controller informs the recipient of the personal data of any processing restrictions and takes all reasonable steps to ensure that these restrictions are met. The first sentence shall also apply to any processing restrictions with which the controller must comply pursuant to paragraph 3 of Article 7(a).

2013/03/08
Committee: LIBE

Proposal for a directive
Article 38 – paragraph 2

2. For the purposes of paragraph 1, the Commission shall, within the scope of this directive, take appropriate steps to advance the relationship with third countries or with international organisations, and in particular their supervisory authorities, where the Commission has decided that they ensure an adequate level of protection within the meaning of Article 34(3). In so doing the Commission shall have due regard to the competences of the Member States and the legal or practical measures taken in connection with the exercise of those competences.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 41 – paragraph 5

5. Where the term of office expires or the member resigns, the member shall, on request, continue to exercise their duties until a new member is appointed.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 44 – paragraph 1

1. Member States shall provide that each supervisory authority exercises, on the territory of its own Member State, a least the powers conferred on it in accordance with this Directive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 45 – paragraph 1 – point a

(a) monitors and ensures the application of at least the provisions adopted pursuant to this Directive and its implementing measures;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 45 – paragraph 1 – point b

(b) hears complaints lodged by any data subject, ~~or by an association representing and duly mandated by that data subject in accordance with Article 50,~~ investigates, to the extent appropriate, the matter and informs the data subject or the association of the progress and the outcome of the complaint within a reasonable period, in particular where further investigation or coordination with another supervisory authority is necessary;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 45 – paragraph 1 – point e

(e) conducts investigations either on its own initiative or on the basis of a complaint, or on request of another supervisory authority, and informs the data subject concerned, if the data subject has addressed a complaint, of the outcome of the investigations within a reasonable period; the supervisory authority may also conduct such investigations on its own initiative, within the limits of national legislation;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 45 – paragraph 1 – point g

(g) ismay be consulted by Member State institutions and bodies on legislative and administrative measures relating to the protection of individuals' rights and freedoms with regard to the processing of personal data;

2013/03/08
Committee: LIBE

Proposal for a directive
Article 45 – paragraph 2

2. Each supervisory authority shall promote within the limits of the tasks and powers conferred on it and the constraints of national law, the awareness of the public on risks, rules, safeguards and rights in relation to the processing of personal data. Activities addressed specifically to children shall receive specific attention. Activities addressed specifically to children shall receive specific attention.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 46 – paragraph 1 – point c

(c) the power to engage in legal proceedings where the provisions adopted pursuant to this Directive have been infringed or to bring this infringement to the attention of the judicial authorities. Decisions by the supervisory authority which give rise to complaints may be appealed against through the courts.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 47 – paragraph 1

Member States shall provide that each supervisory authority draws up an annual report on its activities~~. The report shall be made available to the Commission and the European Data Protection Bo~~ at regular intervals of not more than three yeards.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 50 – paragraph 2

2. Member States shall provide for the right of any body, organisation or association which aims to protect data subjects’ rights and interests concerning the protection of their personal data and is being properly constituted according to the law of a Member State to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects, if it considers that a data subject’s rights under this Directive have been infringed as a result of the processing of personal data. The organisation or association must be duly mandated by the data subject(s). initiate class actions, as there is no rational requirement for such a right under data protection law. Police measures always relate to infringements of an individual’s rights.deleted Or. de JustificationAmendment to this Article provides for the complete deletion of the right to

2013/03/08
Committee: LIBE

Proposal for a directive
Article 50 – paragraph 3

3. Member States shall provide for the right of any body, organisation or association referred to in paragraph 2, independently of a data subject's complaint, to lodge a complaint with a supervisory authority in any Member State, if it considers that a personal data breach has occurrdeleted.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 52 – paragraph 1

Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if ~~they consider that~~ that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non-compliance with these provisions.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 53 – paragraph 1

1. Member States shall provide for the right of any body, organisation or association referred to in Article 50(2) to exercise the rights referred to in Articles 51 and 52 on behalf of one or more data subjects. JustificationAmendment required in consequence of the deletion of the right of associations to lodge complaints (Article 50).deleted Or. de

2013/03/08
Committee: LIBE

Proposal for a directive
Article 53 – paragraph 2

2. Each supervisory authority shall have the right to engage in legal proceedings and bring an action to court, in order to enforce the provisions adopted pursuant to this Directive or to ensure consistency of the protection of personal data within the Union.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 54 – paragraph 1 a (new)

1a. Where a competent authority of a Member State has transmitted personal data, the recipient cannot, in the context of its liability vis-à-vis the injured party in accordance with national law, cite in its defence that the data transmitted were inaccurate. If the recipient pays compensation for damage caused by the use of incorrectly transmitted data, the transmitting competent authority shall refund to the recipient the amount paid in damages, taking into account any fault that may lie with the recipient.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 55 – paragraph 1

Member States shall lay down the rules on penalties, applicable to infringements of the provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 56 – paragraph 2

2. The delegation of power referred to in Article ~~28(5~~34(3) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Directive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 56 – paragraph 3

3. The delegation of power referred to in Article ~~28(5~~34(3) may be revoked at any time by the European Parliament or by the Council. A decision of revocation shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 56 – paragraph 5

5. A delegated act adopted pursuant to Article ~~28(5~~34(3) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of 2 months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by 2 months at the initiative of the European Parliament or the Council.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 57 – paragraph 2

~~2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.~~deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Article 60

1. International agreements concluded by Member States prior to the entry force of this Directive shall be ~~amended, where necessary, within five years after~~brought into line with this Directive, since, within ten years after the entry into force of this Directive, they are in any case subject to special controls. 2a. Notwithstanding paragraph 1, the provisions of Article 36a shall apply by analogy, in the event of a negative adequacy decision, to international agreements concluded before the entry into force of this Directive.

2013/03/08
Committee: LIBE

Proposal for a directive
Article 61 – paragraph 2

2. The Commission shall review within three years after the entry into force of this Directive other acts adopted by the European Union which regulate the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, in particular those acts adopted by the Union referred to in Article 59, in order to assess the need to align them with this Directive and make, where appropriate, the necessary proposals to amend these acts to ensure a consistent approach on the protection of personal data within the scope of this Directive.deleted

2013/03/08
Committee: LIBE

Proposal for a directive
Annex 1 (new)

Annex 1 List of third countries, territories or processing sectors within third countries or international organisations which ensure an adequate level of protection within the meaning of Article 34(2)

2013/03/08
Committee: LIBE