BETA

Activities of Axel VOSS related to 2017/0002(COD)

Legal basis opinions (0)

Amendments (98)

Amendment 6 #
Proposal for a regulation
Recital 8
(8) In Declaration No 21 on the protection of personal data in the fields of judicial cooperation in criminal matters and police cooperation, annexed to the final act of the intergovernmental conference which adopted the Treaty of Lisbon, the conference acknowledged that specific rules on the protection of personal data and the free movement of personal data in the fields of judicial cooperation in criminal matters and police cooperation based on Article 16 TFEU could prove necessary because of the specific nature of those fields. This Regulation should therefore not apply to Union agencies carrying out activities in the fields of judicial cooperation in criminal matters and police cooperation only to the extent that Union law applicable to such agencies does not contain specific rules on the processing of personal datathe processing of operational personal data, such as personal data processed for criminal investigation purposes by Union bodies, offices or agencies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of Part Three TFEU where the acts establishing those bodies, offices or agencies provide for comprehensive data protection rules applicable to the processing of such data, such as the acts establishing Eurojust, Europol and the European Public Prosecutor's Office. Processing of administrative personal data by those bodies, offices or agencies, such as staff data, should be covered by this Regulation.
2017/07/18
Committee: JURI
Amendment 9 #
Proposal for a regulation
Recital 9
(9) Directive (EU) 2016/680 provides harmonised rules for the protection and the free movement of personal data processed for the purposes of the prevention, investigation, detection or prosecution of criminal offences or execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. In order to foster the same level of protection for natural persons through legally enforceable rights throughout the Union and to prevent divergences hampering the exchange of personal data between Union bodies, offices and agencies carrying out activities in the fields of judicial which fall within the scooperation in criminal mat of Chapters 4 and police cooperation5 of Title V of Part Three TFEU and competent authorities in Member States, the rules for the protection and the free movement of operational personal data processed by such Union agencies should draw on the principlbodies, offices uanderpinning this Regulation an agencies should be consistent with Directive (EU) 2016/680.
2017/07/18
Committee: JURI
Amendment 10 #
Proposal for a regulation
Recital 10
(10) Where the founding act of a Union agency carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty lays down a standalone data protection regime for the processing of operational personal data such regimes should be unaffected by this Regulation. However, the Commission should, in accordance with Article 62 of Directive (EU) 2016/680, by 6 May 2019 review Union acts which regulate processing by the competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and, where appropriate, make the necessary proposals to amend those acts to ensure a consistent approach to the protection of personal data in the area of judicial cooperation in criminal matters and police cooperation.deleted
2017/07/18
Committee: JURI
Amendment 14 #
Proposal for a regulation
Recital 10 a (new)
(10a) This Regulation should apply to the processing of personal data by Union institutions, bodies, offices or agencies carrying out activities which fall within the scope of Chapter 2 of Title V TEU. However, this Regulation should not apply to the processing of personal data in the context of the tasks referred to in Articles 42(1), 43 and 44 TEU, which implement the common security and defence policy. Where appropriate, relevant proposals could be put forward to further regulate the processing of personal data in the field of the common security and defence policy.
2017/07/18
Committee: JURI
Amendment 19 #
Proposal for a regulation
Recital 21
(21) Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to creating personality profiles and the collection of personal data with regard to children when using services offered directly to a child on websites of Union institutions and bodies, such as interpersonal communication services or online selling of tickets and when the processing of personal data is based on consent.deleted
2017/07/18
Committee: JURI
Amendment 40 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and rules relating to the free movement of personal data between themselves or to recipients established in the Union and subject to Regulation (EU) 2016/67918 or the provisions of national law adopted pursuant to Directive (EU) 2016/68019. _________________ 18Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), OJ L 119, 4.5.2016, p. 1– 88. 19Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, p. 89– 131.
2017/07/18
Committee: JURI
Amendment 44 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to the processing of personal data by all Union institutions and bodies insofar as such processing is carried out in the exercise of activities which fall, wholly or partially within the scope of, except Eurojust, Europol and the European Public Prosecutor's Office. Specific data protection rules apply to those Union lawbodies.
2017/07/18
Committee: JURI
Amendment 45 #
Proposal for a regulation
Article 2 – paragraph 1 a (new)
1a. Eurojust, Europol and the European Public Prosecutor's Office shall only be covered by this Regulation for the processing of administrative personal data. Separate provisions apply to the processing of operational personal data by Eurojust, Europol and the European Public Prosecutor's Office. Those Union bodies are not subject to this Regulation for the processing of operational personal data.
2017/07/18
Committee: JURI
Amendment 48 #
Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)
(aa) 'operational personal data' means all personal data processed by the Union bodies, offices or agencies carrying out activities which fall within the scope of Chapter 4 or Chapter 5 of Title V of Part Three TFEU to meet the objectives laid down in the acts establishing those bodies, offices or agencies;
2017/07/18
Committee: JURI
Amendment 49 #
Proposal for a regulation
Article 3 – paragraph 2 – point a b (new)
(ab) 'administrative personal data' means all personal data processed by the Union bodies, offices or agencies which fall within the scope of this Regulation;
2017/07/18
Committee: JURI
Amendment 52 #
Proposal for a regulation
Article 8
Article 8 Conditions applicable to children's consent in relation to information society services 1. applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 13 years old. Where the child is below the age of 13 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 2. reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology. 3. general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.deleted Where point (d) of Article 5(1) The controller shall make Paragraph 1 shall not affect the
2017/07/18
Committee: JURI
Amendment 57 #
Proposal for a regulation
Article 9 – title
Transmissions of personal data to recipients, other than Union institutions and bodies, established in the Union and subject to Regulation (EU) 2016/679 or Directive (EU) 2016/680
2017/07/18
Committee: JURI
Amendment 58 #
Proposal for a regulation
Article 9 – paragraph 1 – point b
(b) that it is strictly necessary to have the data transmitted, it is proportionate to the purposes of the transmission having regard to the recipient's objectives, and ifthat there is not any reason to assume that the data subject's rights and freedoms and legitimate interests might be prejudiced by the requested data transfer or the reasonably to be expected further use of that personal data by the recipient.
2017/07/18
Committee: JURI
Amendment 62 #
Proposal for a regulation
Article 16 – paragraph 5 – point b
(b) the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or in so far as the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously impair the achievement of the objectives of that processing. In such cases the controller shall take appropriate measures to protect the data subject's rights and freedoms and legitimate interest, including making the information publicly available;
2017/07/18
Committee: JURI
Amendment 64 #
Proposal for a regulation
Recital 8
(8) In Declaration No 21 on the protection of personal data in the fields of judicial cooperation in criminal matters and police cooperation, annexed to the final act of the intergovernmental conference which adopted the Treaty of Lisbon, the conference acknowledged that specific rules on the protection of personal data and the free movement of personal data in the fields of judicial cooperation in criminal matters and police cooperation based on Article 16 TFEU could prove necessary because of the specific nature of those fields. This Regulation should therefore not apply to Union agencies carrying out activities in the fields of judicial cooperation in criminal matters and police cooperation only to the extent that Union law applicable to such agencies does not contain specific rules on the processing of personal datathe processing of operational personal data, such as personal data processed for criminal investigation purposes by Union bodies, offices or agencies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of Part Three of the TFEU where the acts establishing these bodies, offices or agencies provide for comprehensive data protection rules applicable to the processing of such data, such as the acts establishing Eurojust, Europol and the European Public Prosecutor's Office. Processing of administrative personal data by those bodies, offices or agencies, such as staff data, should be covered by this Regulation.
2017/07/12
Committee: LIBE
Amendment 66 #
Proposal for a regulation
Recital 9
(9) Directive (EU) 2016/680 provides harmonised rules for the protection and the free movement of personal data processed for the purposes of the prevention, investigation, detection or prosecution of criminal offences or execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. In order to foster the same level of protection for natural persons through legally enforceable rights throughout the Union and to prevent divergences hampering the exchange of personal data between Union bodies, offices and agencies carrying out activities in the fields of judicial cooperation in criminal matwhich fall within the scope of Chapters 4 and police cooperation5 of Title V of Part Three of the TFEU and competent authorities in Member States, the rules for the protection and the free movement of operational personal data processed by such Union agencies should draw on the principlbodies, offices uanderpinning this Regulation an agencies should be consistent with Directive (EU) 2016/680.
2017/07/12
Committee: LIBE
Amendment 68 #
Proposal for a regulation
Recital 10
(10) Where the founding act of a Union agency carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty lays down a standalone data protection regime for the processing of operational personal data such regimes should be unaffected by this Regulation. However, the Commission should, in accordance with Article 62 of Directive (EU) 2016/680, by 6 May 2019 review Union acts which regulate processing by the competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and, where appropriate, make the necessary proposals to amend those acts to ensure a consistent approach to the protection of personal data in the area of judicial cooperation in criminal matters and police cooperation.deleted
2017/07/12
Committee: LIBE
Amendment 71 #
Proposal for a regulation
Recital 10 a (new)
(10a) This Regulation should apply to the processing of personal data by Union institutions, bodies, offices or agencies carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU. This Regulation does not apply to the processing of personal data by missions referred to in Articles 42(1), and 43 and 44 of the TEU, which implement the common security and defence policy. Where appropriate, relevant proposals could be put forward to further regulate the processing of personal data in the field of the common security and defence policy.
2017/07/12
Committee: LIBE
Amendment 81 #
Proposal for a regulation
Recital 21
(21) Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to creating personality profiles and the collection of personal data with regard to children when using services offered directly to a child on websites of Union institutions and bodies, such as interpersonal communication services or online selling of tickets and when the processing of personal data is based on consent.deleted
2017/07/12
Committee: LIBE
Amendment 83 #
Proposal for a regulation
Recital 24
(24) The processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject. Such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons. In that context, ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council15 , namely all elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality. Such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurances and banking companies. _________________ 15 Regulation (EC) No 1338/2008 of the European Parliament and of the Council of 16 December 2008 on Community statistics on public health and health and safety at work (OJ L 354, 31.12.2008, p. 70).
2017/07/12
Committee: LIBE
Amendment 88 #
Proposal for a regulation
Article 42
Article 42 Legislative consultation 1. Following the adoption of proposals for a legislative act and of recommendations or proposals to the Council pursuant to Article 218 TFEU and when preparing delegated acts or implementing acts, which have an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data, the Commission shall consult the European Data Protection Supervisor. 2. paragraph 1 is of particular importance for the protection of individuals’ rights and freedoms with regard to the processing of personal data, the Commission may also consult the European Data Protection Board. In such cases the European Data Protection Supervisor and the European Data Protection Board shall coordinate their work with a view to issue a joint opinion. 3. The advice referred to in paragraphs 1 and 2 shall be provided in writing within a period of up to eight weeks of receipt of the request for consultation referred to in paragraphs 1 and 2. In urgent cases, or otherwise appropriate, the Commission may shorten the deadline. 4. This Article shall not apply where the Commission is required, pursuant to Regulation (EU) 2016/679, to consult the European Data Protection Board.deleted Where an act referred to in
2017/07/18
Committee: JURI
Amendment 97 #
Proposal for a regulation
Article 49 – paragraph 5
5. Authorisations by the European Data Protection Supervisor on the basis of Article 9(7) of Regulation (EC) No 45/2001 shall remain valid until amended, replaced or repealed, if necessary, by the European Data Protection Supervisor.
2017/07/18
Committee: JURI
Amendment 98 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and rules relating to the free movement of personal data between themselves or to recipients established in the Union and subject to Regulation (EU) 2016/67918 or the provisions of national law adopted pursuant to Directive (EU) 2016/68019 . _________________ 18 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), OJ L 119, 4.5.2016, p. 1– 88. 19 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, p. 89– 131.
2017/07/12
Committee: LIBE
Amendment 100 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to the processing of personal data by all Union institutions and bodies insofar as such processing is carried out in the exercise of activities which fall, wholly or partially within the scope of, except Eurojust, Europol and the European Public Prosecutor's Office. Specific data protection rules apply to these Union lawbodies.
2017/07/12
Committee: LIBE
Amendment 101 #
Proposal for a regulation
Article 59 – paragraph 1 – point d
(d) to obtain, from the controller and the processor, access to all personal administrative data and to all information necessary for the performance of its tasks, with the exception of operational personal data;
2017/07/18
Committee: JURI
Amendment 102 #
Proposal for a regulation
Article 2 – paragraph 1 a (new)
1a. Eurojust, Europol and the European Public Prosecutor's Office shall only be covered by this Regulation for the processing of administrative personal data. Separate provisions apply to the processing of operational personal data by Eurojust, EPPO and the European Public Prosecutor's Office. The before mentioned Union bodies are not subject to this Regulation for the processing of operational personal data.
2017/07/12
Committee: LIBE
Amendment 104 #
Proposal for a regulation
Article 2 – paragraph 2
2. This Regulation shall apply to the processing of personal data, wholly or partially by automated means, and to the processing otherwise than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.deleted
2017/07/12
Committee: LIBE
Amendment 106 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
(a) the definitions in Regulation (EU) 2016/679, with the exception of the definition of 'controller' in point (7), , 'main establishment' in point (16), 'enterprise' in point (18), 'group of undertaking' in point (19) and 'binding cooperate rules' in point (5) of Article 4 of that Regulation;
2017/07/12
Committee: LIBE
Amendment 109 #
Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)
(aa) 'operational personal data' means all personal data processed by the Union bodies, offices or agencies carrying out activities which fall within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the TFEU to meet the objectives laid down in the acts establishing these bodies, offices or agencies;
2017/07/12
Committee: LIBE
Amendment 110 #
Proposal for a regulation
Article 3 – paragraph 2 – point a b (new)
(ab) 'administrative personal data' means all personal data processed by the Union bodies, offices or agencies which fall in the scope of this Regulation;
2017/07/12
Committee: LIBE
Amendment 111 #
Proposal for a regulation
Article 4 – paragraph 1 – introductory part
1. Personal data mustshall be:
2017/07/12
Committee: LIBE
Amendment 112 #
Proposal for a regulation
Article 5 – paragraph 1 – point a
(a) processing is necessary for the performance of a task carried out in the public interest on the basis or in the exercise of official authority vested in the Union institution or bodythe data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2017/07/12
Committee: LIBE
Amendment 113 #
Proposal for a regulation
Article 5 – paragraph 1 – point b
(b) processing is necessary for compliance with a legal obligation to which the controller is subjethe performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2017/07/12
Committee: LIBE
Amendment 114 #
Proposal for a regulation
Article 5 – paragraph 1 – point c
(c) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contracompliance with a legal obligation to which the controller is subject;
2017/07/12
Committee: LIBE
Amendment 115 #
Proposal for a regulation
Article 5 – paragraph 1 – point d
(d) the data subject has given consent to the processing of his or her personal data for one or more specific purposesprocessing is necessary in order to protect the vital interests of the data subject or of another natural person;
2017/07/12
Committee: LIBE
Amendment 116 #
Proposal for a regulation
Article 5 – paragraph 1 – point e
(e) processing is necessary in order to protect the vitalfor the performance of a task carried out in the public interests ofn the data subjectbasis or in the exercise orf of another natural personficial authority vested in the Union institution or body.
2017/07/12
Committee: LIBE
Amendment 117 #
Proposal for a regulation
Article 8
Conditions applicable to children's consent in relation to information society 1. Where point (d) of Article 5(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 13 years old. Where the child is below the age of 13 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology. 3. Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.Article 8 deleted services
2017/07/12
Committee: LIBE
Amendment 120 #
Proposal for a regulation
Article 9 – title
Transmissions of personal data to recipients, other than Union institutions and bodies, established in the Union and subject to Regulation (EU) 2016/679 or Directive (EU) 2016/680
2017/07/12
Committee: LIBE
Amendment 122 #
Proposal for a regulation
Article 9 – paragraph 1 – introductory part
1. Without prejudice to Articles 4, 5, 6 and 10, personal data shall only be transmitted to other recipients established in the Union and subject to Regulation (EU) 2016/679 or to the national law adopted pursuant to Directive (EU) 2016/680, if the recipient establishes:
2017/07/12
Committee: LIBE
Amendment 123 #
Proposal for a regulation
Article 9 – paragraph 1 – point b
(b) that it is strictly necessary to have the data transmitted, it is proportionate to the purposes of the transmission having regard to the recipient's objectives, and ifthat there is not any reason to assume that the data subject's rights and freedoms and legitimate interests might be prejudiced by the requested data transfer or the reasonably to be expected further use of that personal data by the recipient.
2017/07/12
Committee: LIBE
Amendment 125 #
Proposal for a regulation
Article 10 – paragraph 2 – point a
(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject, or
2017/07/12
Committee: LIBE
Amendment 126 #
Proposal for a regulation
Article 10 – paragraph 2 – point d
(d) processing is carried out in the course of its legitimate activities with appropriate safeguards by a non-profit- seeking body which constitutes an entity integrated in a Union institution or body and with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members or to former members of this body or to persons who have regular contact with it in connection with its purposes and that the data are not disclosed outside that body without the consent of the data subjects;deleted
2017/07/12
Committee: LIBE
Amendment 127 #
Proposal for a regulation
Article 11 – paragraph 1
Processing of personal data relating to criminal convictions and offences or related security measures pursuant to Article 5(1) mayshall be carried out only ifwhen authorised by Union law, which may include internal rules, providing the appropriate specific safeguards for the rights and freedoms of data subjects.
2017/07/12
Committee: LIBE
Amendment 130 #
Proposal for a regulation
Article 14 – paragraph 1
1. The controller shall take appropriate measures to provide any information referred to in Articles 15 and 16 and any communication under Articles 17 to 24 and 38 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
2017/07/12
Committee: LIBE
Amendment 131 #
Proposal for a regulation
Article 14 – paragraph 5 – subparagraph 1
Information provided under Articles 15 and 16 and any communication and any actions taken under Articles 17 to 24 and 38 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may refuse to act on the request.
2017/07/12
Committee: LIBE
Amendment 132 #
Proposal for a regulation
Article 14 – paragraph 8
8. If tThe Commission shall be empowered to adopts delegated acts pursuant to Article 12(8) of Regulation (EU) 2016/679 determining the information to be presented by the icons and the procedures for providing standardised icons, Union institutions and bodies shall, where appropriate, provide the information pursuant to Articles 15 and 16 in combination with such standardised icons.
2017/07/12
Committee: LIBE
Amendment 133 #
Proposal for a regulation
Article 16 – paragraph 5 – point b
(b) the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or in so far as the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously impair the achievement of the objectives of that processing. In such cases the controller shall take appropriate measures to protect the data subject's rights and freedoms and legitimate interest, including making the information publicly available;
2017/07/12
Committee: LIBE
Amendment 134 #
Proposal for a regulation
Article 16 – paragraph 5 – point c
(c) obtaining or disclosure is expressly laid down by Union law to which the controller is subject and which provides appropriate measures to protect the data subject's legitimate interest; or
2017/07/12
Committee: LIBE
Amendment 135 #
Proposal for a regulation
Article 16 – paragraph 5 – point d
(d) where the personal data must remain confidential subject to an obligation of professional secrecy regulated by Union law, including a statutory obligation of secrecy.
2017/07/12
Committee: LIBE
Amendment 136 #
Proposal for a regulation
Article 20 – paragraph 1 – point b
(b) the processing is unlawful and the data subject opposes their erasure of the personal data and requests the restriction of their use instead;
2017/07/12
Committee: LIBE
Amendment 139 #
Proposal for a regulation
Article 25 – paragraph 1 – point a
(a) the national security, public security or defence of the Member States;
2017/07/12
Committee: LIBE
Amendment 140 #
Proposal for a regulation
Article 25 – paragraph 1 – point d
(d) the internal security of Union institutions and bodies, including of their servers, IT and electronic communication networks;
2017/07/12
Committee: LIBE
Amendment 141 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
1a. In particular, any legal act or internal rule referred to in paragraph 1 shall contain specific provisions, where relevant, as to : (a) the purposes of the processing or categories of processing; (b) the categories of personal data; (c) the scope of the restrictions introduced; (d) the safeguards to prevent abuse or unlawful access or transfer; (e) the specifications of the controller or categories of controllers; (f) the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing; (g) the risks to the rights and freedoms of data subjects; and (h) the rights of the data subject to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction.
2017/07/12
Committee: LIBE
Amendment 143 #
Proposal for a regulation
Article 25 – paragraph 2
2. Where a restriction is not provided for by a legal act adopted on the basis of the Treaties or by an internal rule in accordance with paragraph 1, the Union institutions and bodies may restrict the application of Articles 14 to 22, 34 and 38, as well as Article 4 in so far as its provisions correspond to the rights and obligations provided for in Articles 14 to 22, if such a restriction respects the essence of the fundamental rights and freedoms, in relation to a specific processing operation, and is a necessary and proportionate measure in a democratic society to safeguard one or more of the objectives referred to in paragraph 1. The restriction shall be notified to the competent data protection officer.deleted
2017/07/12
Committee: LIBE
Amendment 153 #
Proposal for a regulation
Article 28 – paragraph 1
1. Where a Union institution or body together with one or more controllers, which may be Union institutions or bodies or not, jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with their data protection oblig obligations under this Regulations, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 15 and 16, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects.
2017/07/12
Committee: LIBE
Amendment 154 #
Proposal for a regulation
Article 31 – paragraph 1 – point d
(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in Member States, third countries or international organisations;
2017/07/12
Committee: LIBE
Amendment 155 #
Proposal for a regulation
Article 31 – paragraph 5
5. Union institutions and bodies may decide to keep their records of processing activities in a central register. In this case, they may also decide to make the register publicly accessible.deleted
2017/07/12
Committee: LIBE
Amendment 158 #
Proposal for a regulation
Article 34 – title
Confidentiality of electronic communications data
2017/07/12
Committee: LIBE
Amendment 160 #
Proposal for a regulation
Article 34 – paragraph 1
Union institutions and bodies shall ensure the confidentiality of electronic communications data, in particular by securing their electronic communication networks.
2017/07/12
Committee: LIBE
Amendment 162 #
Proposal for a regulation
Article 36 – paragraph 2
2. Union institutions and bodies shall take all the necessary measures to prevent personal data contained in those directories, regardless of whether they are accessible to the public or not, from being used for direct marketing purposes.deleted
2017/07/12
Committee: LIBE
Amendment 163 #
Proposal for a regulation
Article 39
[...]deleted
2017/07/12
Committee: LIBE
Amendment 164 #
Proposal for a regulation
Article 40 – paragraph 1
1. The controller shall consult the European Data Protection Supervisor prior to processing where a data protection impact assessment under Article 39 indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate the risk, result in a high risk toin the rights and freedoms of natural persons and the controller is of the opinion that the risk cannot be mitigated by reasonable means in terms of available technologies and costs of implementation. The controller shall seek the advice of the data protection officer about the need for prior consultationabsence of measures taken by the controller to mitigate the risk.
2017/07/12
Committee: LIBE
Amendment 165 #
4. The Commission may, by means of implementing act, determine a list of cases in which the controllers shall consult with, and obtain prior authorisation from, the European Data Protection Supervisor in relation to processing for the performance of a task carried out by the controller in the public interest, including the processing of such data in relation to social protection and public health.
2017/07/12
Committee: LIBE
Amendment 169 #
Proposal for a regulation
Article 42
1. Following the adoption of proposals for a legislative act and of recommendations or proposals to the Council pursuant to Article 218 TFEU and when preparingArticle 42 delegated acts or implementing acts, which have an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data, the Commission shall consult the European Data Protection Supervisor. 2. Where an act referred to in paragraph 1 is of particular importance for the protection of individuals’ rights and freedoms with regard to the processing of personal data, the Commission may also consult the European Data Protection Board. In such cases the European Data Protection Supervisor and the European Data Protection Board shall coordinate their work with a view to issue a joint opinion. 3. The advice referred to in paragraphs 1 and 2 shall be provided in writing within a period of up to eight weeks of receipt of the request for consultation referred to in paragraphs 1 and 2. In urgent cases, or otherwise appropriate, the Commission may shorten the deadline. 4. This Article shall not apply where the Commission is required, pursuant to Regulation (EU) 2016/679, to consult the European Data Protection Board.Legislative consultation
2017/07/12
Committee: LIBE
Amendment 172 #
Proposal for a regulation
Article 43 – paragraph 1
Where the European Data Protection Supervisor exercises the powers provided for in points (a), (b) and (c) of Article 59(2), the controller or processor concerned shall inform the European Data Protection Supervisor of its views within a reasonable period to be specified by the European Data Protection Supervisor, taking into account the circumstances of each case. The reply shall also include a description of the measures taken, if any, in response to the remarks of the European Data Protection Supervisor.
2017/07/12
Committee: LIBE
Amendment 173 #
Proposal for a regulation
Article 44 – paragraph 2
2. Union institutions and bodies may designate a single data protection officer for several of them, taking into account their organisational structure and size of the Union institutions and bodies.
2017/07/12
Committee: LIBE
Amendment 176 #
Proposal for a regulation
Article 45 – paragraph 5
5. The data protection officer and his or her staff shall be bound by secrecy or confidentiality concerning the performance of his or her tasks, in accordance with Union law.
2017/07/12
Committee: LIBE
Amendment 177 #
Proposal for a regulation
Article 45 – paragraph 8
8. The data protection officer shall be designated for a term of three to five years and shall be eligible for reappointment. The data protection officer may be dismissed from the post by the Union institution or body which designated him or her only with the consent of the European Data Protection Supervisor, if he or she no longer fulfils the conditions required for the performance of his or her duties.
2017/07/12
Committee: LIBE
Amendment 178 #
(b) ensure in an independent manner the internal application of this Regulation and to monitor compliance with this Regulation, with other applicable Union law containing data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, the raising of awareness-raising and training of staff involved in processing operations, and the related audits;
2017/07/12
Committee: LIBE
Amendment 179 #
Proposal for a regulation
Article 46 – paragraph 1 – point f
(f) provide advice where requested as regards the need for prior consultation of the European Data Protection Supervisor pursuant to Article 40 and to consult the European Data Protection Supervisor in case of doubt as to the need for a prior consultation;deleted
2017/07/12
Committee: LIBE
Amendment 180 #
Proposal for a regulation
Article 46 – paragraph 1 – point g
(g) respond to requests from the European Data Protection Supervisor and, within the sphere of his or her competence, to cooperate and consult with the European Data Protection Supervisor at the latter's request or on his or her own initiative.
2017/07/12
Committee: LIBE
Amendment 182 #
Proposal for a regulation
Article 46 – paragraph 2
2. The data protection officer may make recommendations for the practical improvement of data protection to the controller and the processor and advise them on matters concerning the application of data protection provisions. Furthermore he or she may, on his or her own initiative or at the request of the controller or the processor, the Staff Committee concerned or any individual, investigate matters and occurrences directly relating to his or her tasks and which come to his or her notice, and report back to the person who commissioned the investigation or to the controller or the processor.
2017/07/12
Committee: LIBE
Amendment 184 #
Proposal for a regulation
Article 48 – paragraph 1
1. A transfer of personal data to a third country or international organisation may take place where the Commission has decided pursuant to Article 45(3) of Regulation (EU) 2016/679 that an adequate level of protection is ensured in the third country, a territory or one or more specified sectors within that third country, or within the international organisation and the personal data are transferred solely to allow tasks covered by the competence of the controller to be carried out. Such a transfer shall not require any specific authorisation.
2017/07/12
Committee: LIBE
Amendment 185 #
Proposal for a regulation
Article 48 – paragraph 2
2. The Union institutions and bodies shall inform the Commission and the European Data Protection Supervisor of cases where they consider the third country or international organisation in question does not ensure an adequate level of protection within the meaning of paragraph 1.
2017/07/12
Committee: LIBE
Amendment 186 #
Proposal for a regulation
Article 49 – paragraph 5
5. Authorisations by the European Data Protection Supervisor on the basis of Article 9(7) of Regulation (EC) No 45/2001 shall remain valid until amended, replaced or repealed, if necessary, by the European Data Protection Supervisor.
2017/07/12
Committee: LIBE
Amendment 206 #
Proposal for a regulation
Article 53 – paragraph 3
3. The European Data Protection Supervisor shall be responsible for monitoring and ensuring the application of the provisions of this Regulation and any other Union act relating to the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data by a Union institution or body, and for adprovisding suggestions to Union institutions and bodies and data subjects on allon matters concerning the processing of personal data. To those ends the European Data Protection Supervisor shall fulfil the tasks provided for in Article 58 and exercise the powers granted in Article 59.
2017/07/12
Committee: LIBE
Amendment 207 #
Proposal for a regulation
Article 54 – paragraph 2
2. The list drawn up by the Commission from which the European Data Protection Supervisor shall be chosen shall be made up of persons whose independence is beyond doubt and who are acknowledged as having the experience and skills required to perform the duties of European Data Protection Supervisor, for example because they belong or have belonged to the supervisory authorities established under Article 41 of Regulation (EU) 2016/679.
2017/07/12
Committee: LIBE
Amendment 208 #
Proposal for a regulation
Article 58 – paragraph 1 – point a
(a) monitor and enforcsure the application of this Regulation and other Union acts relating to the protection of natural persons with regard to the processing of personal data by a Union institution or body, withby a Union institution or body, with the exception of the processing of personal data by the Court of Justice of the European Union acting in its judicial capacity and the exception of the processing of operational personal data by the Court of Justice of the European Union acting in its judicial capacityEuropol, Eurojust and the European Public Prosecutor's Office;
2017/07/12
Committee: LIBE
Amendment 209 #
Proposal for a regulation
Article 58 – paragraph 1 – point b
(b) promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing. Activities addressed specifically to children shall receive specific attention of personal data;
2017/07/12
Committee: LIBE
Amendment 210 #
Proposal for a regulation
Article 58 – paragraph 1 – point e
(e) handle complaints lodged by a data subject, or by a body, organisation or association in accordance with Article 67, and investigate, to the extent appropriate, the subject matter of the complaint and inform the complainant of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another supervisory authority is necessary;
2017/07/12
Committee: LIBE
Amendment 211 #
Proposal for a regulation
Article 58 – paragraph 1 – point g
(g) advise all Union institutions and bodies, on legislative and administrative measures relating to the protection of natural persons' rights and freedoms with regard toits own initiative or on request, on measures concerning the processing of personal data;
2017/07/12
Committee: LIBE
Amendment 212 #
Proposal for a regulation
Article 58 – paragraph 1 – point h
(h) monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies;
2017/07/12
Committee: LIBE
Amendment 213 #
Proposal for a regulation
Article 58 – paragraph 1 – point p
(p) fulfil any other tasks related to the protection of personal data; andeleted
2017/07/12
Committee: LIBE
Amendment 214 #
Proposal for a regulation
Article 59 – paragraph 1 – point a
(a) to orderrequest from the controller and the processor to provide any information it requires for the performance of its tasks;
2017/07/12
Committee: LIBE
Amendment 215 #
Proposal for a regulation
Article 59 – paragraph 1 – point d
(d) to obtain, from the controller and the processor, access to all personal administrative data and to all information necessary for the performance of its tasks, operational personal data shall be excluded from this provision;
2017/07/12
Committee: LIBE
Amendment 216 #
Proposal for a regulation
Article 59 – paragraph 1 – point e
(e) to obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Union or Member State procedural law;
2017/07/12
Committee: LIBE
Amendment 217 #
Proposal for a regulation
Article 59 – paragraph 2 – point h
(h) to order the rectification or erasure of personal data or restriction of processing pursuant to Articles 18, 19 and 20 and the notification of such actions to recipients to whom the personal data have been disclosed pursuant to Article 19(2) and Article 21;deleted
2017/07/12
Committee: LIBE
Amendment 218 #
Proposal for a regulation
Article 59 – paragraph 2 – point i
(i) to impose an administrative fine pursuant to Article 66, subject to non- compliance by the Union institution or body with one of the measures referred to in this paragraph and depending on the circumstances of each individual case;deleted
2017/07/12
Committee: LIBE
Amendment 219 #
Proposal for a regulation
Article 59 – paragraph 2 – point j
(j) to order the suspension of data flows to a recipient in a Member State, a third country or to an international organisation.deleted
2017/07/12
Committee: LIBE
Amendment 221 #
Proposal for a regulation
Article 59 – paragraph 3 – point c
(c) to issue, on its own initiative or on request, opinions to the Union institutions and bodies and to the public on any issue related to the protection of personal data;
2017/07/12
Committee: LIBE
Amendment 229 #
Proposal for a regulation
Article 62 – paragraph 1
1. Where a Union act refers to this Article, the European Data Protection Supervisor shall cooperate actively with the national supervisory authorities, in order to ensure effective supervision of large IT systems or Union bodies and agencies.
2017/07/12
Committee: LIBE
Amendment 234 #
Proposal for a regulation
Article 63 – paragraph 1
1. Without prejudice to any judicial, administrative or non-judicial remedy, every data subject shall have the right to lodge a complaint with the European Data Protection Supervisor if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2017/07/12
Committee: LIBE
Amendment 235 #
Proposal for a regulation
Article 64 – paragraph 1
The Court of Justice of the European Union shall have jurisdiction to hear all disputes relative to the provisions of this Regulation, including claims for damages.deleted
2017/07/12
Committee: LIBE
Amendment 236 #
Proposal for a regulation
Article 64 – paragraph 1 a (new)
Actions against decisions of the European Data Protection Supervisor, including decisions referred to in Article 63(3), shall be brought before the Court of Justice of the European Union.
2017/07/12
Committee: LIBE
Amendment 237 #
Proposal for a regulation
Article 64 – paragraph 1 b (new)
The Court of Justice of the European Union shall have jurisdiction to hear all disputes relative to the provisions of this Regulation, including claims for damages.
2017/07/12
Committee: LIBE
Amendment 239 #
Proposal for a regulation
Article 66
[...]deleted
2017/07/12
Committee: LIBE
Amendment 242 #
Proposal for a regulation
Article 67
The data subject shall have the right to mandate a not-for-profit body, organisation or association which has been properly constituted in accordance with Union law or the law of a Member State, has statutory objectives which are in the public interest, and is active in the field of the protection of data subjects' rights and freedoms with regard to the protection of their personal data to lodge the complaint with the European Data Protection Supervisor on his or her behalf, to exercise the rights referred to in Articles 63 on his or her behalf, and to exercise the right to receive compensation referred to in Article 65 on his or her behalf.Article 67 deleted Representation of data subjects
2017/07/12
Committee: LIBE
Amendment 243 #
Proposal for a regulation
Article 68
Complaints by Union staff Any person employed by a Union institution or body may lodge a complaint with the European Data Protection Supervisor regarding an alleged infringement of the provisions of this Regulation, without acting through official channels. No one shall suffer prejudice on account of a complaint lodged with the European Data Protection Supervisor alleging such an infringement.Article 68 deleted
2017/07/12
Committee: LIBE