BETA

142 Amendments of Monika HOHLMEIER related to 2012/0011(COD)

Amendment 366 #
Proposal for a regulation
Recital 15
(15) This Regulation should not apply to processing of personal data by a natural person, which are exclusively personal or domestic, such as correspondence and the holding of addresses, and without any gainful interest and thus or a private sale and without any connection with a professional or commercial activity. The exemption should also not apply to controllers or processors which provide the means for processing, irrespective of the number of personals the data for such personal or domestic activitiesare made available to.
2013/03/04
Committee: LIBE
Amendment 396 #
Proposal for a regulation
Recital 23 a (new)
(23a) This regulation recognises that pseudonymisation is in the benefit of all data subjects as, by definition, personal data is altered so that it of itself cannot be attributed to a data subject without the use additional data. By this, controllers should be encouraged to the practice of pseudonymising data.
2013/03/04
Committee: LIBE
Amendment 414 #
Proposal for a regulation
Recital 25
(25) Consent should be given explicitunambiguously by any appropriate method within the context of the product or the service being offered enabling a freely given specific and informed indication of the data subject’s wishes, either by a statement or by a clear affirmative action by the data subject, ensuring that individuals are aware that they give their consent to the processing of personal data, including by ticking a box when visiting an Internet website or by any other statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of their personal data. Silence or inactivity should therefore not constitute consent. This nevertheless leaves the provisions of 2002/58/EC untouched which state that under certain circumstances consent can be expressed via appropriate settings in the user’s device. Consent should cover all processing activities carried out for the same purpose or purposes. If the data subject’s consent is to be given following an electronic request, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
2013/03/04
Committee: LIBE
Amendment 420 #
Proposal for a regulation
Recital 26
(26) Personal data relating to health should include in particular all personal data pertaining to the health status of a data subject including genetic information; information about the registration of the individual for the provision of health services; information about payments or eligibility for healthcare with respect to the individual; a number, symbol or particular assigned to an individual to uniquely identify the individual for health purposes; any information about the individual collected in the course of the provision of health services to the individual; informationpersonal data derived from the testing or examination of a body part or, bodily substance, including or biological samples; identification of a person as provider of healthcare to the individual; or any information on e.g. a disease, disability, disease risk, medical history, clinical treatment, or the actual physiological or biomedical state of the data subject independent of its source, such as e.g. from a physician or other health professional, a hospital, a medical device, or an in vitro diagnostic test.
2013/03/04
Committee: LIBE
Amendment 423 #
Proposal for a regulation
Recital 27
(27) TWhere a controller or a processor has multiple establishments in the Union, including but not limited to cases where the controller or the processor is a group of undertakings, the main establishment of a controller in the Union for the purposes of this Regulation should be determined according to objective criteria and should imply the effective and real exercise of management activities determining the main decisions as to the purposes, conditions and means of processing through stable arrangements. This criterion should not depend whether the processing of personal data is actually carried out at that location; the presence and use of technical means and technologies for processing personal data or processing activities do not, in themselves, constitute such main establishment and are therefore not determining criteria for a main establishment. The main establishment of the processor should be the place of its central administrationA group of undertakings may nominate a single main establishment in the Union.
2013/03/04
Committee: LIBE
Amendment 427 #
Proposal for a regulation
Recital 29
(29) Children deserve specific protection of their personal data, as they may be less aware of risks, consequences, safeguards and their rights in relation to the processing of personal data. To determine when an individual isSuch protection is particularly important in the context of social networks. For the purpose of this regulation a child should be defined as an individual under the age of 18. Where data processing is based on the data subject’s consent in relation to the offering of information society services directly to a child, this Re regulation should take differentiate between children abover the definition laid down by the UN Convention on the Rights ofage of 13 and children under the age of 13 who require a higher level of protection to the extent that consent is given or authorised by the Cchild’s parent or custodian.
2013/03/04
Committee: LIBE
Amendment 455 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller or the third party to which the data have been transferred may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 458 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller or the third party to which the data have been transferred may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 496 #
Proposal for a regulation
Recital 53
(53) Any person should have the right to have personal data concerning them rectified and a ‘the right to be forgotten’have such personal data erased where the retention of such data is not in compliance with this Regulation. In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation. This right is particularly relevant, when the data subject has given their consent as a child, when not being fully aware of the risks involved by the processing, and later wants to remove such personal data especially on the Internet. However, the further retention of the data should be allowed where it is necessary for historical, statistical and scientific research purposes, for rheasons of public interlth purposest in the area of public healthaccordance with Article 81, for exercising the right of freedom of expression, when required by law or where there is a reason to restrict the processing of the data instead of erasing them. Also, the right to erasure should not apply when the retention of personal data is necessary for the performance of a contract with the data subject, or when there is a regulatory requirement to retain this data, or for the prevention of financial crime.
2013/03/04
Committee: LIBE
Amendment 497 #
Proposal for a regulation
Recital 53
(53) Any person should have the right to have personal data concerning them rectified and a ‘the right to be forgotten’have such personal data erased where the retention of such data is not in compliance with this Regulation. In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation. This right is particularly relevant, when the data subject has given their consent as a child, when not being fully aware of the risks involved by the processing, and later wants to remove such personal data especially on the Internet. However, the further retention of the data should be allowed where it is necessary for historical, statistical and scientific research purposes, for rheasons of public interlth purposest in the area of public healthaccordance with Article 81, for exercising the right of freedom of expression, when required by law or where there is a reason to restrict the processing of the data instead of erasing them. Also, the right to erasure should not apply when the retention of personal data is necessary for the performance of a contract with the data subject, or when there is a regulatory requirement to retain this data, or for the prevention of financial crime.
2013/03/04
Committee: LIBE
Amendment 515 #
Proposal for a regulation
Recital 58
(58) Every natural and legal person should have the right not to be subject to a measure which is based on profiling by means of automated processing. However, such measure and which produces legal effects concerning that natural or legal person or significantly affects that natural or legal person. Actual effects should be comparable in their intensity to legal effects to fall under this provision. This is not the case for measures relating to commercial communication, like for example in the field of customer relationship management or customer acquisition. However, a measure based on profiling by automated data processing and which produces legal effects concerning a natural or legal person or significantly affects a natural person should be allowed when expressly authorised by law, carried out in the course of entering or performance of a contract, or when the data subject has given his consent. In any case, such processing should be subject to suitable safeguards, including specific information of the data subject and the right to obtain human intervention and that such measure should not concern a child.
2013/03/04
Committee: LIBE
Amendment 524 #
Proposal for a regulation
Recital 62
(62) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processor, also in relation to the monitoring by and measures of supervisory authorities, requires a clear attribution of the responsibilities under this Regulation, including where a controller determines the purposes, conditions and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.
2013/03/04
Committee: LIBE
Amendment 532 #
Proposal for a regulation
Recital 65
(65) In order to demonstrate compliance with this Regulation, the controller or processor should document each processing operation under its responsibility. Each controller and processor should be obliged to co-operate with the supervisory authority and make this documentation, on request, available to it, so that it might serve for monitoring those processing operations.
2013/03/04
Committee: LIBE
Amendment 608 #
Proposal for a regulation
Recital 110
(110) At Union level, aThe European Data Protection Board should be set up. It should replace the Working Party on the Protection of Individuals with Regard to the Processing of Personal Data established by Directive 95/46/EC. It should consist of a head of a strengthen the dialogue with concerned stakeholders such as data subjects’ associations, consupmervisory authority of each Member State organisations and of the European Data Protection Supervisor. The Commission should participate in its activities. The European Data Protection Board should contribute to the consistent application of this Regulation throughout the Union, including by advising the Commission and promoting co-operation of the supervisory authorities throughout the Union. The European Data Protection Board should act independently when exercising its tasksr relevant stakeholders. This group of experts and stakeholders should be determined by the Board itself and should focus on issues that are of concern to all involved parties and should make the board aware of these issues. Further to this, the Chair of the Board may invite representatives of the European Parliament or other relevant bodies to attend the meetings of the Board.
2013/03/04
Committee: LIBE
Amendment 610 #
Proposal for a regulation
Recital 112
(112) Any body, organisation or association which aims to protects the rights and interests of data subjects in relation to the protection of their data and is constituted according to the law of a Member State should have the right to lodge a complaint with a supervisory authority or exercise the right to a judicial remedy on behalf of data subjects, or to lodge, independently of a data subject’s complaint, an own complaint where it considers that a personal data breach has occurred.deleted
2013/03/04
Committee: LIBE
Amendment 615 #
Proposal for a regulation
Recital 114
(114) In order to strengthen the judicial protection of the data subject in situations where the competent supervisory authority is established in another Member State than the one where the data subject is residing, the data subject may request any body, organisation or association aiming to protect the rights and interests of data subjects in relation to the protection of their data to bring on the data subject’s behalf proceedings against that supervisory authority to the competent court in the other Member State.deleted
2013/03/04
Committee: LIBE
Amendment 662 #
Proposal for a regulation
Article 2 – paragraph 2 – point a a (new)
(aa) by courts, public prosecutions departments and institutions enforcing judicial decisions by executing sentences and carrying out punishments.
2013/03/04
Committee: LIBE
Amendment 682 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
(e) by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penaltiesDoes not affect the English version.
2013/03/04
Committee: LIBE
Amendment 690 #
Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)
(ea) by churches and religious associations or communities;
2013/03/04
Committee: LIBE
Amendment 696 #
Proposal for a regulation
Article 2 – paragraph 2 – point e c (new)
(ec) which have been rendered anonymous;
2013/03/04
Committee: LIBE
Amendment 702 #
Proposal for a regulation
Article 3 – paragraph 1
1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the UnionUnion or in a place where the national law of a Member State applies by virtue of international law.
2013/03/04
Committee: LIBE
Amendment 717 #
Proposal for a regulation
Article 4 – paragraph 1 – point 1
(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person working together with the controller, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person; and who is not acting in his/her professional capacity;
2013/03/04
Committee: LIBE
Amendment 723 #
Proposal for a regulation
Article 4 – paragraph 1 – point 2
(2) ‘personal data’ means any information relating to a data subjectparticular or identifiable natural person (data subject); a person shall be regarded as identifiable if he can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that person;
2013/03/04
Committee: LIBE
Amendment 730 #
Proposal for a regulation
Article 4 – paragraph 1 – point 2 a (new)
(2a) ‘pseudonymous data’ means any personal data that has been collected, altered or otherwise processed so that it of itself cannot be attributed to a data subject without the use of additional data which is subject to separate and distinct technical and organisational controls to ensure such non attribution, or that such attribution would require a disproportionate amount of time, expense and effort;
2013/03/04
Committee: LIBE
Amendment 734 #
Proposal for a regulation
Article 4 – paragraph 1 – point 2 b (new)
(2b) ‘anonymous data’ means any personal data that has been collected, altered or otherwise processed in such a way that it can no longer be attributed to a data subject; anonymous data shall not be considered personal data;
2013/03/04
Committee: LIBE
Amendment 748 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5
(5) ‘controller’ means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes, conditions and means of the processing of personal data; where the purposes, conditions and means of processing are determined by Union law or Member State law, the controller or the specific criteria for his nomination may be designated by Union law or by Member State law;
2013/03/04
Committee: LIBE
Amendment 765 #
Proposal for a regulation
Article 4 – paragraph 1 – point 8
(8) ‘the data subject’s consent’ means any freely given specific, informed and explicitunambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed; Silence or inactivity does not in itself indicate acceptance;
2013/03/04
Committee: LIBE
Amendment 786 #
Proposal for a regulation
Article 4 – paragraph 1 – point 13
(13) ‘main establishment’ means as regards the controller, the place of its establishment in the Union where the main decisions as to the purposes, conditions and meansthe location as determined by the data controller or data processor on the basis of the following transparent and objective criteria: the location of the pgrocessing of personal data are taken; if no decisions as to the purposes, conditions and means of the processing of personal data are taken in the Union, the main establishment is the place where the main processing activities in the context of the activities ofup’s European headquarters, or, the location of the company within the group with delegated data protection responsibilities, or, the location of the company which is best placed (in terms of management function, administrative capability etc) to address and establishment of a controller in the Union take place. As regards the processor, ‘main establishment’ means the place of its central administration in the Unionnforce the rules as set out in this Regulation, or, the place where the main decisions as to the purposes of processing are taken for the regional group;
2013/03/04
Committee: LIBE
Amendment 807 #
Proposal for a regulation
Article 4 – paragraph 1 – point 19 a (new)
(19a) ‘blocking’ means marking stored personal data in order to restrict their further processing;
2013/03/04
Committee: LIBE
Amendment 810 #
Proposal for a regulation
Article 4 – paragraph 1 – point 19 b (new)
(19b) ‘erasure’ means rendering stored personal data unrecognisable;
2013/03/04
Committee: LIBE
Amendment 863 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
(c) processing is necessary for compliance with a legal obligation under Union law or the law of a Member State to which the controller is subject;
2013/03/04
Committee: LIBE
Amendment 878 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, or on behalf of a controller or a processor, or by a third party or parties in whose interest the data is processed, including for the security of processing, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply tosuch as in the case of processing data pertaining to a child. The interest or fundamental rights and freedoms of the data subject shall not override processing carried out by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 890 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
(fa) the data are collected from public registers lists or documents accessible by everyone;
2013/03/04
Committee: LIBE
Amendment 892 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
(fa) the processing of data to the extent strictly necessary for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, and the security of the related services offered by, or accessible via, these networks and systems;
2013/03/04
Committee: LIBE
Amendment 898 #
Proposal for a regulation
Article 6 – paragraph 1 – point f c (new)
(fc) processing is limited to pseudonymised data, where the data subject is adequately protected and the recipient of the service is given a right to object pursuant to Article 19(3);
2013/03/04
Committee: LIBE
Amendment 900 #
Proposal for a regulation
Article 6 – paragraph 1 – point f d (new)
(fd) processing is necessary for the purpose of anonymisation or pseudonymisation of personal data;
2013/03/04
Committee: LIBE
Amendment 921 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
2a. Processing of pseudonymised data to safeguard the legitimate interests pursued by a controller shall be lawful, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 922 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
2a. Processing of pseudonymised data to safeguard the legitimate interests pursued by a controller shall be lawful, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 931 #
Proposal for a regulation
Article 6 – paragraph 3 – subparagraph 1 a (new)
These provisions may regulate details of the lawfulness of processing, particularly as regards data controllers, the purpose of processing and purpose limitation, the nature of the data and the data subjects, processing measures and procedures, recipients, and the duration of storage.
2013/03/04
Committee: LIBE
Amendment 935 #
Proposal for a regulation
Article 6 – paragraph 3 – subparagraph 2
The laws of the Union and of the Member State must meet an objective of public interest or must be necessary to protect the rights and freedoms of others, respect the essence of fundamental rights and freedoms, in particular the right to the protection of personal data and be proportionate to the legitimate aim pursued.
2013/03/04
Committee: LIBE
Amendment 945 #
Proposal for a regulation
Article 6 – paragraph 4
4. Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.
2013/03/04
Committee: LIBE
Amendment 964 #
Proposal for a regulation
Article 6 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the conditions referred to in point (f) of paragraph 1 for various sectors and data processing situations, including as regards the processing of personal data related to a child.
2013/03/04
Committee: LIBE
Amendment 966 #
Proposal for a regulation
Article 6 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the conditions referred to in point (f) of paragraph 1 for various sectors and data processing situations, including as regards the processing of personal data related to a child.
2013/03/04
Committee: LIBE
Amendment 1002 #
Proposal for a regulation
Article 7 a (new)
Article 7a The Member States’ rules governing the validity of declarations of intent and contracts shall be unaffected.
2013/03/04
Committee: LIBE
Amendment 1013 #
Proposal for a regulation
Article 8 – paragraph 1
1. For the purposes of this Regulation, in relation to the offering of information society services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child's parent or custodian, without prejudice of Article 6(1). The controller shall make reasonable efforts to obtain verifiable consentprovide notice and obtain meaningful, verifiable consent (e.g. by obtaining the consent from the email address of the parent or the custodian), taking into consideration available technology.
2013/03/04
Committee: LIBE
Amendment 1015 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
1a. The information provided in order to express the consent should be given in a clear and age-appropriate language, in a way that would be easy to understand for the child above the age of 13 years.
2013/03/04
Committee: LIBE
Amendment 1018 #
Proposal for a regulation
Article 8 – paragraph 1 b (new)
1b. The methods to obtain meaningful consent shall not lead to additional processing of personal data of the child concerned.
2013/03/04
Committee: LIBE
Amendment 1026 #
Proposal for a regulation
Article 8 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the methods to obtain verifiable consent referred to in paragraph 1. In doing so, the Commission shall consider specific measures for micro, small and medium-sized enterprises.
2013/03/04
Committee: LIBE
Amendment 1062 #
Proposal for a regulation
Article 9 – paragraph 2 – point f
(f) processing is necessary for the establishment, exercise or defence of legal claims or the legally justified fulfilment of claims of third parties affected; or
2013/03/04
Committee: LIBE
Amendment 1084 #
Proposal for a regulation
Article 9 – paragraph 2 – point j a (new)
(ja) processing of data concerning health is necessary for private social protection, especially by providing income security or tools to manage risks that are in the interests of the data subject and his or her dependants and assets, or by enhancing inter-generational equity by means of distribution.
2013/03/04
Committee: LIBE
Amendment 1103 #
Proposal for a regulation
Article 10 – paragraph 1
If the data processed by a controller do not permit the controller or a processor to identify a natural person, in particular when rendered anonymous or pseudononymous the controller shall not be obliged to process or acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation.
2013/03/04
Committee: LIBE
Amendment 1149 #
Proposal for a regulation
Article 12 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the manifestly excessive requests and the fees referred to in paragraph 4.
2013/03/04
Committee: LIBE
Amendment 1155 #
Proposal for a regulation
Article 12 – paragraph 6
6. The Commission may lay down standard forms and specifying standard procedures for the communication referred to in paragraph 2, including the electronic format. In doing so, the Commission shall take the appropriate measures for micro, small and medium- sized enterprises. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).deleted
2013/03/04
Committee: LIBE
Amendment 1164 #
Proposal for a regulation
Article 13 – title
Rights in relation to recipientsNotification requirement in the event of rectification and erasure
2013/03/04
Committee: LIBE
Amendment 1176 #
Proposal for a regulation
Article 14 – paragraph 1 – introductory part
1. Where personal data relating to a data subject are collected, the controller shall provide the data subject with at least the following information:. The following paragraphs do not apply to small enterprises in the course of their own activity and for data which is strictly and exclusively for their internal use.
2013/03/04
Committee: LIBE
Amendment 1180 #
Proposal for a regulation
Article 14 – paragraph 1 – point a
(a) the identity and the contact details of the controller and, if any, of the controller's representative and of the data protection officer;
2013/03/04
Committee: LIBE
Amendment 1189 #
Proposal for a regulation
Article 14 – paragraph 1 – point b
(b) the purposes of the processing for which the personal data are intended, including the contract terms and general conditions where the processing is based on point (b) of Article 6(1) and the legitimate interests pursued by the controller where the processing is based on point (f) of Article 6(1);
2013/03/06
Committee: LIBE
Amendment 1198 #
Proposal for a regulation
Article 14 – paragraph 1 – point c
(c) the period for which the personal data will be stored, provided that this is known;
2013/03/06
Committee: LIBE
Amendment 1201 #
Proposal for a regulation
Article 14 – paragraph 1 – point d
(d) the existence of the right to request from the controller access to and rectification or erasure of the personal data concerning the data subject orand to object to the processing of such personal data;
2013/03/06
Committee: LIBE
Amendment 1222 #
Proposal for a regulation
Article 14 – paragraph 2
2. Where the personal data are collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, whether the provision of personal data is obligatory or voluntary, as well as the possible consequences of failure to provide such data.
2013/03/06
Committee: LIBE
Amendment 1238 #
Proposal for a regulation
Article 14 – paragraph 4 – point b
(b) where the personal data are not collected from the data subject, at the time of the recording or within a reasonable period after the collection, having regard to the specific circumstances in which the data are collected or otherwise processed, or, if a disclosure to another recipient is envisaged, and at the latest when the data are first disclosed; or, if the data shall be used for communication with the person concerned, at the latest at the time of the first communication to that person.
2013/03/06
Committee: LIBE
Amendment 1248 #
Proposal for a regulation
Article 14 – paragraph 5 – point b
(b) the data are not collected from the data subject or the data processes do not allow the verification of identity and the provision of such information proves impossible or would involve a disproportionate effort such as by generating excessive administrative burden, especially when the processing is carried out by a SME; or
2013/03/06
Committee: LIBE
Amendment 1249 #
Proposal for a regulation
Article 14 – paragraph 5 – point b
(b) the data are not collected from the data subject and the provision of such information proves impossible – for example because the data have been rendered pseudonymous – or would involve a disproportionate effort;
2013/03/06
Committee: LIBE
Amendment 1250 #
Proposal for a regulation
Article 14 – paragraph 5 – point c
(c) the data are not collected from the data subject and recording or disclosure is expressly laid down by law; or
2013/03/06
Committee: LIBE
Amendment 1253 #
Proposal for a regulation
Article 14 – paragraph 5 – point d
(d) the data are not collected from the data subject and the provision of such information will impair the rights and freedoms of others, as defined in Union law or Member State law in accordance with Article 21.; or
2013/03/06
Committee: LIBE
Amendment 1268 #
Proposal for a regulation
Article 14 – paragraph 5 – point d c (new)
(dc) the data are processed in the exercise of his profession by, or are entrusted or become known to, a person who is subject to an obligation of professional secrecy regulated by the State or to a statutory obligation of secrecy.
2013/03/06
Committee: LIBE
Amendment 1279 #
Proposal for a regulation
Article 14 – paragraph 7
7. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria for categories of recipients referred to in point (f) of paragraph 1, the requirements for the notice of potential access referred to in point (g) of paragraph 1, the criteria for the further information necessary referred to in point (h) of paragraph 1 for specific sectors and situations, and the conditions and appropriate safeguards for the exceptions laid down in point (b) of paragraph 5. In doing so, the Commission shall take the appropriate measures for micro, small and medium-sized- enterprises.
2013/03/06
Committee: LIBE
Amendment 1296 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
1. TOnly the data subject shall have the right to obtain from the controller at any time, on request, confirmation as to whether or not personal data relating to the data subject are being processed unless this request is manifestly excessive according to 12 (4). Where such personal data are being processed, the controller shall - so far as the data subject has not received - provide the following information:
2013/03/06
Committee: LIBE
Amendment 1311 #
Proposal for a regulation
Article 15 – paragraph 1 – point d
(d) if known the period for which the personal data will be stored;
2013/03/06
Committee: LIBE
Amendment 1312 #
Proposal for a regulation
Article 15 – paragraph 1 – point f
(f) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authorityies;
2013/03/06
Committee: LIBE
Amendment 1324 #
Proposal for a regulation
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.deleted
2013/03/06
Committee: LIBE
Amendment 1350 #
Proposal for a regulation
Article 15 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the communication to the data subject of the content of the personal data referred to in point (g) of paragraph 1.
2013/03/06
Committee: LIBE
Amendment 1357 #
Proposal for a regulation
Article 15 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the communication to the data subject of the contentdata subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data which were provided by the data subject itself and that undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject. This right shall not restrict rights of others as trade secrets or intellectual property rights. This does not apply on the processing of anonymised and pseudonymised data, insofar as the data subject is not sufficiently identifiable ofn the personal data referbasis of such data or identification would required to in point (g) of paragraph 1he controller to undo the process of pseudonymisation.
2013/03/06
Committee: LIBE
Amendment 1358 #
Proposal for a regulation
Article 15 – paragraph 3 a (new)
3a. There shall be no right to information where: (a) data are involved which a person bound by professional secrecy is required to protect; (b) data must be kept secret in accordance with legislation or by virtue of their nature, particularly because of the overriding interest of a third party; (c) the public entity responsible has ascertained in relation to the entity responsible that disclosure of the data would endanger public safety or order; (d) data comprise trade secrets.
2013/03/06
Committee: LIBE
Amendment 1359 #
Proposal for a regulation
Article 15 – paragraph 4
4. The Commission may specify standard forms and procedures for requesting and granting access to the information referred to in paragraph 1, including for verification of the identity of the data subject and communicating the personal data to the data subject, taking into account the specific features and necessities of various sectors and data processing situations. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 1370 #
Proposal for a regulation
Article 16 – paragraph 1
The data subject shall have the right to obtain from the controller the rectification of personal data relating to them which are inaccuratePersonal data shall be rectified if they are inaccurate. Data which are contested by the data subject and whose accuracy or inaccuracy cannot be determined shall be blocked. The data subject shall have the right to obtain completion of incomplete personal data, including by way of supplementing a corrective statement.
2013/03/06
Committee: LIBE
Amendment 1371 #
Proposal for a regulation
Article 16 – paragraph 1
The data subject shall have the right to obtain from the controller the rectification of personal data relating to them which are inaccurate. The data subject shall have the right to obtain completion of incomplete personal data, including by way of supplementing a corrective statement. The right of rectification referred to in the first sentence shall be replaced by a right of reply if the personal data are processed commercially, are derived from generally accessible sources and have been stored for documentation purposes. These data may only be forwarded in conjunction with the reply. This shall not apply where data as referred to in Article 9 are processed.
2013/03/06
Committee: LIBE
Amendment 1376 #
Proposal for a regulation
Article 16 – paragraph 1 a (new)
Paragraph 1 shall not apply to pseudonymous data.
2013/03/06
Committee: LIBE
Amendment 1420 #
Proposal for a regulation
Article 17 – paragraph 2
2. Where the controller referred to in paragraph 1 has made the personal data public, it shall take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorised a third party publication of personal data, the controller shall be considered responsible for that publication. Anonymised data, pseudonymised data and encrypted data are exempted, where compliance with this provision would require the controller to undo the process of anonymisation, pseudonymisation or encryption.
2013/03/06
Committee: LIBE
Amendment 1454 #
Proposal for a regulation
Article 17 – paragraph 4 – introductory part
4. Instead of erasure, the controller shall restrict processing of personal datadata shall be blocked where:
2013/03/06
Committee: LIBE
Amendment 1457 #
Proposal for a regulation
Article 17 – paragraph 4 – point a
(a) their accuracy is contested by the data subject, for a period enabling the controller to verify the accuracy of the data;Translator’s note: identical text in both columns.
2013/03/06
Committee: LIBE
Amendment 1461 #
Proposal for a regulation
Article 17 – paragraph 4 – point b
(b) the controller no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proofir accuracy cannot be ascertained;
2013/03/06
Committee: LIBE
Amendment 1462 #
Proposal for a regulation
Article 17 – paragraph 4 – point c
(c) the processing is unlawful and the data subject opposes their erasure and requests the resdata are no longer required for the purpose of storage but they cannot be deleted on account of statutory, statutes- based or contriaction of their use insteadual periods for which they are required to be kept;
2013/03/06
Committee: LIBE
Amendment 1464 #
Proposal for a regulation
Article 17 – paragraph 4 – point d
(d) the data subject requests to transmit the personal data into another automated processing system in accordance with Article 18(2).re are grounds for assuming that erasure would damage interests of the data subject which deserve to be protected;
2013/03/06
Committee: LIBE
Amendment 1465 #
Proposal for a regulation
Article 17 – paragraph 4 – point d a (new)
(da) or, on account of the particular type of storage, erasure would be impossible or would involve disproportionate efforts.
2013/03/06
Committee: LIBE
Amendment 1467 #
Proposal for a regulation
Article 17 – paragraph 5
5. Personal data referred to inblocked pursuant to paragraph 4 may, with the exception of storage, only be processed for purposes of proof, or: (a) with the data subject's consent, or for the protection of the rights of another natural or legal person or for an objective of public interest; (b) if they are to be used for scientific purposes; (c) to overcome a lack of evidence; or (d) where this is essential for other reasons in the overriding interest of the controller or of a third party; (e) and it would be permissible to process the data for this purpose if they were not blocked.
2013/03/06
Committee: LIBE
Amendment 1471 #
Proposal for a regulation
Article 17 – paragraph 7
7. The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.deleted
2013/03/06
Committee: LIBE
Amendment 1479 #
Proposal for a regulation
Article 17 – paragraph 9
9. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying: (a) the criteria and requirements for the application of paragraph 1 for specific sectors and in specific data processing situations; (b) the conditions for deleting links, copies or replications of personal data from publicly available communication services as referred to in paragraph 2; (c) the criteria and conditions for restricting the processing of personal data referred to in paragraph 4.
2013/03/06
Committee: LIBE
Amendment 1489 #
Proposal for a regulation
Article 17 a (new)
Article 17a Laying down time limits for erasure The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.
2013/03/06
Committee: LIBE
Amendment 1492 #
Proposal for a regulation
Article 18
Article 18 Right to data portability 1. The data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject. 2. Where the data subject has provided the personal data and the processing is based on consent or on a contract, the data subject shall have the right to transmit those personal data and any other information provided by the data subject and retained by an automated processing system, into another one, in an electronic format which is commonly used, without hindrance from the controller from whom the personal data are withdrawn. 3. The Commission may specify the electronic format referred to in paragraph 1 and the technical standards, modalities and procedures for the transmission of personal data pursuant to paragraph 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 1516 #
Proposal for a regulation
Article 18 – paragraph 3
3. The Commission may specify the electronic format referred to in paragraph 1 and the technical standards, modalities and procedures for the transmission of personal data pursuant to paragraph 2. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 1525 #
Proposal for a regulation
Article 19 – paragraph 1
1. The data subject shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data which is based on points (d), (e) and (f) of Article 6(1), unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subjectunless the controller demonstrates legitimate interests which override the interests of the data subject. There shall be no right to object where the processing is required by law.
2013/03/06
Committee: LIBE
Amendment 1532 #
Proposal for a regulation
Article 19 – paragraph 2
2. Where personal data are processed for direct marketing purposesin accordance with Article 6(1)(f), the data subject shall have the right to object free of charge to the processing of their personal data for such marketingthat purpose. This right shall be explicitly offered to the data subject in an intelligible manner and shall be clearly distinguishable from other information.
2013/03/06
Committee: LIBE
Amendment 1537 #
Proposal for a regulation
Article 19 – paragraph 2
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object free of charge to the processing of their personal data for such marketing. This right shall be explicitly offered to the data subject in an intelligible manner and shall be clearly distinguishable from other information. This right shall include a right to object to the collection and use of personal data obtained through online tracking of the data subject's preferences and behaviour across websites. Where a data subject expresses this right to object through technical means, such as a browser setting, controllers and processors shall respect such objection, consistent with technical industry standards, and must obtain the consent of the data subject to process personal data derived from online tracking for marketing purposes. Consent to online tracking shall enable persistent online tracking across all websites unless such consent is subsequently revoked by the data subject.
2013/03/06
Committee: LIBE
Amendment 1543 #
Proposal for a regulation
Article 19 – paragraph 3 a (new)
3a. Where pseudonymised data is processed pursuant to Article 6(1) the data subject shall have the right to object free of charge. This right shall be offered to the data subject in an intelligible manner and shall be clearly distinguishable from other information.
2013/03/06
Committee: LIBE
Amendment 1546 #
Proposal for a regulation
Article 20 – paragraph 1
1. Every natural person shall have the right not to be subject to a measure which produces legal effects concerning this natural person or significantly affects this natural person, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.
2013/03/06
Committee: LIBE
Amendment 1585 #
Proposal for a regulation
Article 20 – paragraph 2 – point c a (new)
(ca) is limited to pseudonymised data. Such pseudonymised data must not be collated with data on the bearer of the pseudonym. Article19(3a) shall apply correspondingly.
2013/03/06
Committee: LIBE
Amendment 1598 #
Proposal for a regulation
Article 20 – paragraph 3
3. Automated processing of personal data intended to evaluate certain personal aspects relating to a natural person shall not be based solely on the special categories of personal data referred to in Article 9. unless the data subject has given consent.
2013/03/06
Committee: LIBE
Amendment 1616 #
Proposal for a regulation
Article 20 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for suitable measures to safeguard the data subject's legitimate interests referred to in paragraph 2.
2013/03/06
Committee: LIBE
Amendment 1619 #
Proposal for a regulation
Article 21 – title
RExtensions and restrictions
2013/03/06
Committee: LIBE
Amendment 1624 #
Proposal for a regulation
Article 21 – paragraph 1 – introductory part
1. Union or Member State law may extend or restrict by way of a legislative measure the scope of the obligations and rights provided for in points (a) to (e) of Article 5 and Articles 11 to 20 and Article 32, when such an extension or restriction constitutes a necessary and proportionate measure in a democratic society to safeguard:
2013/03/06
Committee: LIBE
Amendment 1626 #
Proposal for a regulation
Article 21 – paragraph 1 – point a a(new)
(aa) national security;
2013/03/06
Committee: LIBE
Amendment 1627 #
Proposal for a regulation
Article 21 – paragraph 1 – point a b (new)
(ab) defence;
2013/03/06
Committee: LIBE
Amendment 1630 #
Proposal for a regulation
Article 21 – paragraph 1 – point b a (new)
(ba) in cases where pseudonymised data is used;
2013/03/06
Committee: LIBE
Amendment 1646 #
Proposal for a regulation
Article 21 – paragraph 2
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least as to the objectivpurposes to be pursued by the processing and the determination of the controller.
2013/03/06
Committee: LIBE
Amendment 1750 #
Proposal for a regulation
Article 24 – paragraph 1
Where a controller determines the purposes, conditions and means of the processing of personal data jointly with others, the joint controllers shall determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the procedures and mechanisms for exercising the rights of the data subject, by means of an arrangement between them.
2013/03/06
Committee: LIBE
Amendment 1778 #
Proposal for a regulation
Article 26 – paragraph 2 – introductory part
2. The carrying out of processing by a processor shall be governed by a contract or other legal act binding the processor to the controller and stipulating in particular that the processor shall. The controller and the processor shall be free to determine respective roles and responsibilities with respect to the requirements of this Regulation and shall provide for the following:
2013/03/06
Committee: LIBE
Amendment 1804 #
Proposal for a regulation
Article 26 – paragraph 2 – point h
(h) make available to the controller and the supervisory authority on request all information necessary to control compliance with the obligations laid down in this Article.
2013/03/06
Committee: LIBE
Amendment 2353 #
Proposal for a regulation
Article 39 – paragraph 1
1. TIn order to improve data protection and the security of processing, the Member States and, the Commission shall encourageand the supervisory authorities shall cooperate with controllers, data processors and other stakeholders, in particular at European level, with a view to the establishment of data protection certification mechanisms and ofprocedures to devise, implement and further develop data protection strategies and to assess and confirm them by awarding data protection seals and marks for procedures and products, allowing data subjects to quickly assess the level of data protection provided by manufacturers, controllers and processors. The data protection certification mechanisms shallprocedures should be voluntary and transparent and should be carried out regularly by expert entities, free of conflicts of interest, and contribute to the proper application of this Regulation and other provisions concerning data protection, taking account of the specific features of the various sectors and different processing operations.
2013/03/06
Committee: LIBE
Amendment 2365 #
Proposal for a regulation
Article 39 – paragraph 2
2. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the data protection certification mechanisms referred to in paragraph 1, including conditions for granting and withdrawal, and requirements for recognition within the Union and in third countries.
2013/03/06
Committee: LIBE
Amendment 2373 #
Proposal for a regulation
Article 39 – paragraph 3
3. The Commission may lay down technical standards for certification mechanisms and data protection seals and marks and mechanisms to promote and recognize certification mechanisms and data protection seals and marks. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 2412 #
Proposal for a regulation
Article 41 – paragraph 8
8. Decisions adopted by the Commission on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC shall remainbe reviewed after the entry into force, until amended, repla of this regulation. The Commission shall report to the Council and Parliament two years after the entry into forced or repealed by the Commissionf this regulation on the results of its review and the measures taken. The European Data Protection Committee shall be given the opportunity in advance to adopt a position on the report.
2013/03/06
Committee: LIBE
Amendment 2427 #
Proposal for a regulation
Article 42 – paragraph 2 – point b
(b) standard data protection clauses adopted by the Commission between the controller or the data processor and the recipient of the data, who may also be a subprocessor, outside the EEA, which may also comprise standard conditions for the forwarding of data outside the EEA. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2); or
2013/03/06
Committee: LIBE
Amendment 2430 #
Proposal for a regulation
Article 42 – paragraph 2 – point c
(c) standard data protection clauses adopted by a supervisory authority in accordance with the consistency mechanism referred to in Article 57 when declared generally valid by the Commission pursuant to point (b) of, between the controller or the data processor and the recipient of the data, who may also be a subprocessor, outside the EEA, which may also comprise standard conditions for the forwarding of data outside the EEA, when these standard data protection clauses have been declared generally valid by the Commission in accordance with the examination procedure referred to in Article 62(187(2); or
2013/03/06
Committee: LIBE
Amendment 2436 #
Proposal for a regulation
Article 42 – paragraph 2 – point d a (new)
(da) participation in an international data protection system recognised by the Commission;
2013/03/06
Committee: LIBE
Amendment 2573 #
Proposal for a regulation
Article 49 a (new)
Article 49a Professional supervision of persons subject to an obligation of professional secrecy Insofar as, when this regulation enters into force, entities exist which are responsible for the professional supervision of persons subject to an obligation of professional secrecy, these may establish the supervisory authority.
2013/03/06
Committee: LIBE
Amendment 2587 #
Proposal for a regulation
Article 51 – paragraph 2 – subparagraph 1 a (new)
This article shall apply only if and insofar as the processing of personal data takes place in a consistent manner in the Member States.
2013/03/06
Committee: LIBE
Amendment 2594 #
Proposal for a regulation
Article 51 – paragraph 3
3. The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity. activities assigned to courts for independent performance. The same shall apply insofar as judicially independent processing has been ordered, approved or authorised.
2013/03/06
Committee: LIBE
Amendment 2596 #
Proposal for a regulation
Article 51 – paragraph 3
3. The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity and not competent to supervise processing operations of controllers bound by obligations of professional secrecy.
2013/03/06
Committee: LIBE
Amendment 2683 #
Proposal for a regulation
Article 58 – paragraph 8 a (new)
8a. Where the Commission intends to initiate treaty infringement proceedings in respect of the action taken against the Member State of the competent supervisory authority, it shall first give the European Data Protection Board the opportunity to issue its opinion and shall inform it about the progress of the procedure. The Member State shall give the competent supervisory authority the opportunity to state its opinion at any stage of the infringement proceedings.
2013/03/06
Committee: LIBE
Amendment 2706 #
Proposal for a regulation
Article 60 – paragraph 1 – introductory part
1. Within one month after the communication referred to in Article 59(4), and where the Commission has serious doubts as to whether the draft measure would ensure the correct application of this Regulation or would otherwise result in its inconsistent application, the Commission may adopt a reasoned decision requiring the supervisory authority to suspend the adoption of the draft measure, taking into account the opinion issued by the European Data Protection Board pursuant to Article 58(7) or Article 61(2), where it appears necessary in order to:
2013/03/06
Committee: LIBE
Amendment 2707 #
Proposal for a regulation
Article 60 – paragraph 1 – point a
(a) reconcile the widely diverging positions of the supervisory authority and the European Data Protection Board, if this still appears to be possible; or
2013/03/06
Committee: LIBE
Amendment 2708 #
Proposal for a regulation
Article 60 – paragraph 2
2. The Commission shall specify the duration of the suspension which shall not exceed 12 month8 weeks.
2013/03/06
Committee: LIBE
Amendment 2709 #
Proposal for a regulation
Article 60 a (new)
Article 60a Notification of Parliament and Council The Commission shall notify the Council and the European Parliament at regular intervals, at least every six months, on the basis of a report from the Chair of the European Data Protection Board, of the matters dealt with under the consistency procedure, setting out the conclusions drawn by the Commission and the European Data Protection Board with a view to ensuring the consistent implementation and application of this regulation.
2013/03/06
Committee: LIBE
Amendment 2764 #
Proposal for a regulation
Article 70 a (new)
Article 70a Experts or Group of Experts 1. The European Data Protection Board shall set up a body of stakeholders, this body shall consist of experts from concerned stakeholder groups. The Chair may propose such stakeholders. In proposing this, the Chair shall take data subjects' associations, consumer groups and experts from the private sector and academia into account. 2. The Board shall decide upon the setup and the frequency of the expert group. These decisions shall be based on provisions made in the internal rules of the Board. These rules shall be made public. 3. The Chair of the Board shall also be the Chair the group of experts. 4. Members of the Board may not be members of the expert group. The members of the expert group shall change once during the legislature and at least every 3 years. A representative of the European Parliament and Commission staff shall be invited to the meetings of the expert group and to contribute to its work. 5. The experts shall be consulted by the Board on its activities.
2013/03/06
Committee: LIBE
Amendment 2767 #
Proposal for a regulation
Article 71 – paragraph 3 – point b
(b) the communication between the members of the European Data Protection Board, its cexperts or a group of experts that is consulted by the Board, the Chair and the Commission and for communication with other institutions and the public;
2013/03/06
Committee: LIBE
Amendment 2768 #
Proposal for a regulation
Article 71 – paragraph 3 – point e
(e) the preparation and follow-up of the meetings of the European Data Protection Board and for experts or a group of experts that are involved;
2013/03/06
Committee: LIBE
Amendment 2769 #
Proposal for a regulation
Article 71 – paragraph 3 – point f
(f) the preparation, drafting and publication of opinions and other texts adopted by the European Data Protection Board, as well as of documents of the experts or group of experts that are involved.
2013/03/06
Committee: LIBE
Amendment 2779 #
Proposal for a regulation
Article 73 – paragraph 2
2. Any body, organisation or association which aims to protect data subjects‘ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject's rights under this Regulation have been infringed as a result of the processing of personal data.deleted
2013/03/06
Committee: LIBE
Amendment 2789 #
Proposal for a regulation
Article 73 – paragraph 3
3. Independently of a data subject's complaint, any body, organisation or association referred to in paragraph 2 shall have the right to lodge a complaint with a supervisory authority in any Member State, if it considers that a personal data breach has occurred.deleted
2013/03/06
Committee: LIBE
Amendment 2813 #
Proposal for a regulation
Article 76 – paragraph 1
1. Any body, organisation or association referred to in Article 73(2) shall have the right to exercise the rights referred to in Articles 74 and 75 on behalf of one or more data subjects.deleted
2013/03/06
Committee: LIBE
Amendment 2825 #
Proposal for a regulation
Article 77 – paragraph 1
1. Any person who has suffered damage as a result of an unlawful processing operation or of an action incompatible with this Regulation shall have the right to receive compensation from the controller or the processor for the damage suffered.
2013/03/06
Committee: LIBE
Amendment 2830 #
Proposal for a regulation
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage, notwithstanding the contractual agreement they might have concluded according to Article 24.
2013/03/06
Committee: LIBE
Amendment 2837 #
Proposal for a regulation
Article 77 – paragraph 3
3. The controller or the processor may be exempted from this liability, in whole or in part, if the controller or the processor proves that they are not responsible for the event giving rise to the damage.
2013/03/06
Committee: LIBE
Amendment 2999 #
Proposal for a regulation
Article 81 a (new)
Article 81a Data processing for the purpose of enforcing the law The processing of personal data by courts and bailiffs shall be subject to the procedural law laid down by the European Union and the Member States. This shall ensure an adequate balance between the requirement to allow a judicial hearing, the protection of personal data and the obligation to maintain effective legal protection.
2013/03/08
Committee: LIBE
Amendment 3000 #
Proposal for a regulation
Article 81 b (new)
Article 81b Data protection in the field of executing sentences and carrying out punishments Member States may, in accordance with the provisions of this regulation, adopt special legal provisions laying down the conditions for the processing of personal data by courts, public prosecutions departments and prisons in the public interest in connection with executing sentences and carrying out punishments.
2013/03/08
Committee: LIBE
Amendment 3058 #
Proposal for a regulation
Article 83 – paragraph 1 – point b a (new)
(ba) the personal data is processed for the purpose of generating aggregate data reports, wholly composed of either anonymous data, pseudonymous data or both.
2013/03/08
Committee: LIBE
Amendment 3098 #
Proposal for a regulation
Article 84 – paragraph 1
1. Within the limits of this Regulation, Member States mayshall adopt specific rules to set out the investigative powers by the supervisory authorities laid down in Article 53(2) in relation to controllers or processors that are subjects under national law or rules established by national competent bodies to an obligation of professional secrecy or other equivalent obligations of secrecy, where this is necessary and proportionate to reconcile the right of the protection of personal data with the obligation of secrecy. These rules shall only apply with regard to personal data which the controller or processor has received from or has obtained in an activity covered by this obligation of secrecy.
2013/03/08
Committee: LIBE
Amendment 3123 #
Proposal for a regulation
Article 88 – paragraph 1 a (new)
1a. The repeal of Directive 95/46/EC shall be without prejudice to data processing being performed in accordance with the requirements of Directive 95/46/EC at the time of entry into force of this regulation.
2013/03/08
Committee: LIBE
Amendment 3124 #
Proposal for a regulation
Article 89 – paragraph 1
1. This Regulation shall not impose additional obligations on natural or legal personsbe without prejudice to legal provisions of the Member States which they have adopted to transpose Directive 2002/85/EC in relation to the processing of personal data in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC.
2013/03/08
Committee: LIBE
Amendment 3128 #
Proposal for a regulation
Article 89 – paragraph 2
2. The Commission shall adopt by the date referred to in Article 91(2) of Directive 2002/58/EC shall be deleted. and without delay a proposal for revision of the legal framework for the processing of personal data and the protection of privacy in electronic communications, in order to align the law with this regulation and ensure consistent and uniform legal provisions on the fundamental right to protection of personal data in the European Union.
2013/03/08
Committee: LIBE
Amendment 3131 #
Proposal for a regulation
Article 91 – paragraph 2 – subparagraph 1
It shall apply from [two years from the date referred to in paragraph 1]. Without prejudice to the requirements arising from Chapters I to IV, data processing which has been performed until this time in accordance with the requirements of Directive 95/46/EC may continue for a maximum of [five years after the date referred to in paragraph 1].
2013/03/08
Committee: LIBE