Progress: Awaiting Parliament's position in 1st reading
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | SIPPEL Birgit ( S&D) | |
Former Responsible Committee | LIBE | ||
Former Responsible Committee | LIBE | SIPPEL Birgit ( S&D) | |
Committee Opinion | ENVI | ||
Committee Opinion | ITRE | ||
Committee Opinion | IMCO | ||
Committee Opinion | JURI | ||
Former Committee Opinion | ENVI | ||
Former Committee Opinion | ENVI | ||
Former Committee Opinion | ITRE | ||
Former Committee Opinion | ITRE | ||
Former Committee Opinion | IMCO | ||
Former Committee Opinion | IMCO | ||
Former Committee Opinion | JURI | ||
Former Committee Opinion | JURI |
Lead committee dossier:
Legal Basis:
TFEU 016-p2, TFEU 114
Legal Basis:
TFEU 016-p2, TFEU 114Subjects
Events
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Marju LAURISTIN (EE, S&D) on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).
The present ePrivacy proposal seeks to achieve the modernisation of the Union data protection legal framework commenced by the General Data Protection Regulation ( Regulation (EU) 2016/679 (GDPR)) and repeals the current ePrivacy Directive 2002/58/EC in order to align its rules to those of the GDPR and to establish a legal framework, which takes account of the important technological and economic developments in the electronic communication sector.
The committee recommended that the European Parliament’s position adopted at first reading under the ordinary legislative procedure should amend the Commission proposal as follows:
Scope : Members stated that the proposal shall apply to:
the processing of information related to or processed by the terminal equipment of end-users; the placing on the market of software permitting electronic communications; the provision of publicly available directories of users of electronic communications; the sending of direct marketing electronic communications to end-users.
Members also introduced the definition of "end user" , which is a legal entity or natural person using or requesting a publicly available electronic communications service; and that of "user" which covers any natural person using a publicly available electronic communications service for private or business purposes without necessarily having subscribed to that service.
Confidentiality of communications : Members proposed that the confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment.
Providers of electronic communications networks and services may process electronic communications data only if it is technically necessary to achieve the transmission of the communication, for the duration necessary for that purpose.
Any interference with the content of electronic communications shall be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse.
Protection of information stored in or related to users’ terminal equipment : the Commission proposal aims to protect the information stored in the user’s terminal equipment from accessing it or installing or placing software or information without the consent of the user.
The amendments tabled are intended to provide a higher level of protection by ensuring legal consistency with the General Data Protection Regulation (GDPR). In this regard, the conditions allowing access to user’s terminal equipment or to information emitted by it are better framed and the conditions for user’s consent is brought in line with the GDPR.
In the context of employment relationships, access to the user's terminal equipment shall only be possible if it is strictly technically necessary for the execution of an employee's task, where: (i) the employer provides and/or is the user of the terminal equipment; (ii) the employee is the user of the terminal equipment; and (iii) it is not further used for monitoring the employee.
It is also specified that no user may be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that the end-user does not provide consent for processing any data that is not strictly necessary for the functionality requested by the end-user.
Options for privacy settings : this Regulation shall prevent the use of so-called "cookie walls" and "cookie banners" that do not help users to maintain control over their personal information and privacy or become informed about their rights.
Electronic communications software (such as browsers, operating systems and applications) shall be configured in a way that privacy is protected, and the tracking and storage of information on the terminal equipment by third parties are prohibited by default . Software providers of this type shall provide sufficiently detailed options to allow the user to consent to each distinct category of purposes.
At the same time, the user shall have the option to change or confirm the privacy setting options any time after installation.
The settings shall include a signal which is sent to the other parties to inform them about the user's privacy settings. These settings shall be binding on, and enforceable against, any other party.
Unsolicited communications for direct marketing : the use by natural or legal persons of electronic communications services, including automated calling, communications systems, semi-automated systems that connect the call person to an individual, faxes, e-mail or other use of electronic communications services for the purposes of presenting or sending direct marketing communications to users, shall be allowed only in respect of users who have given their prior consent .
The Regulation shall prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending unsolicited communications for direct marketing purposes is prohibited.
Restrictions on the confidentiality of communications : the scope of the rights provided for in the Regulation may be restricted by law provided that the restriction fully respects the essence of fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard (i) national security, (ii) defence; iii) public security.
OPINION of the European Data Protection Supervisor on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation).
The EDPS shares the view that there is a continued need to have specific rules to protect the confidentiality and security of electronic communications in the EU. He therefore welcomes the Commission proposal for a modernised, updated and strengthened ePrivacy Regulation. He also welcomes the declared ambition to provide a high level of protection with respect to both content and metadata.
However, the EDPS remains concerned about a number of provisions , particularly the following:
the definitions under the proposal must not depend on the separate legislative procedure concerning the Directive establishing the European Electronic Communications Code; the provisions on end-user consent need to be strengthened. Consent must be requested from the individuals who are using the services, whether or not they have subscribed for them and from all parties to a communication; the relationship between the General Data Protection Regulation (GDPR) and the ePrivacy Regulation should not leave loopholes for the protection of personal data; access to websites must not be made conditional upon the individual being forced to ‘consent’ to being tracked across websites (cookie walls); the proposal fails to ensure that browsers will by default be set to prevent tracking individuals' digital footsteps; the exceptions regarding tracking of location of terminal equipment are too broad and lack adequate safeguards.
The EDPS notes the importance of a swift processing of this dossier by the legislators, to ensure that the ePrivacy Regulation, as intended, may apply as of 25 May 2018, the date when the GDPR itself will also become applicable.
PURPOSE: to enhance protection of confidentiality of electronic communications.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the ePrivacy Directive ( Directive 2002/58/EC ) ensures the protection of fundamental rights and freedoms, in particular the respect for private life, confidentiality of communications and the protection of personal data in the electronic communications sector. It also guarantees the free movement of electronic communications data, equipment and services in the Union.
The Commission carried out an ex post evaluation of the ePrivacy Directive. It follows from the evaluation that the objectives and principles of the current framework remain sound. However, important technological and economic developments took place in the market since the last revision of the ePrivacy Directive in 2009. The Directive has not kept pace with technological developments , resulting in a void of protection of communications conveyed through new services.
A Eurobarometer survey on ePrivacy was conducted throughout the EU. The key findings are the following:
78% say it is very important that personal information on their computer, smartphone or tablet can only be accessed with their permission; 72% state that it is very important that the confidentiality of their e-mails and online instant messaging is guaranteed; 89% agree with the suggested option that the default settings of their browser should stop the sharing of their information.
This proposal seeks to update the legal framework . It aims at reinforcing trust and security in the Digital Single Market – a key objective of the Digital Single Market strategy . The draft Regulation also aligns the rules for electronic communications services with the new world-class standards of the EU's General Data Protection Regulation (Regulation (EU) 2016/679).
IMPACT ASSESSMENT: the preferred option offers a measured reinforcement of privacy/confidentiality by extending the scope of the legal instrument to include new functionally equivalent electronic communications services and which protects against unsolicited communications and simplifies and clarifies the regulatory environment.
CONTENT: this proposed new Regulation seeks to enhance protection of confidentiality of electronic communications by extending the scope of the legal instrument to include new functionally equivalent electronic communications services . Like the European Electronic Communications Code, this proposal also brings the Over-the-Top (OTT) providers in its scope to reflect the market reality.
Confidentiality of electronic communications : the proposal:
contains the key provisions ensuring the limited permitted purposes and conditions of processing such communications data: privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location). Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes; addresses the protection of terminal equipment , by (i) guaranteeing the integrity of the information stored in it and (ii) protecting information emitted from terminal equipment, as it may enable the identification of its end-user; details the consent of end-users , where technically possible and feasible, consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet. End-users who have consented to the processing of electronic communications data shall be given the possibility to withdraw their consent at any time and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continue; imposes an obligation on providers of software permitting electronic communications to help end-users in making effective choices about privacy settings.
Rights of end-users to control the sending and reception of electronic communications : with a view to protecting their privacy, the new Regulation proposed:
the right of end-users to prevent the presentation of the calling line identification to guarantee anonymity; the obligation for providers of publicly available number-based interpersonal communication to provide for the possibility to limit the reception of unwanted calls; the regulation of the conditions under which end-users may be included in publicly available directories and the conditions under which unsolicited communications for direct marketing may be conducted.
Supervision and enforcement of this Regulation : this shall be entrusted to the supervisory authorities in charge of the GDPR. The powers of the European Data Protection Board are extended and the cooperation and consistency mechanism foreseen under the GDPR will apply in case of cross-border matters related to this Regulation.
Documents
- Debate in Council: 3581
- Committee report tabled for plenary, 1st reading: A8-0324/2017
- Contribution: COM(2017)0010
- Economic and Social Committee: opinion, report: CES0655/2017
- Contribution: COM(2017)0010
- Debate in Council: 3545
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Document attached to the procedure: N8-0049/2017
- Document attached to the procedure: OJ C 234 20.07.2017, p. 0003
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0003
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0004
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0005
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0006
- Legislative proposal published: COM(2017)0010
- Legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SWD(2017)0003
- Document attached to the procedure: EUR-Lex SWD(2017)0004
- Document attached to the procedure: EUR-Lex SWD(2017)0005
- Document attached to the procedure: EUR-Lex SWD(2017)0006
- Document attached to the procedure: N8-0049/2017 OJ C 234 20.07.2017, p. 0003
- Economic and Social Committee: opinion, report: CES0655/2017
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
- Contribution: COM(2017)0010
Activities
Votes
A8-0324/2017 - Marju Lauristin - Décision d'engager des négociations interinstitutionnelles 26/10/2017 12:21:07.000 #
Amendments | Dossier |
1931 |
2017/0003(COD)
2017/06/28
ITRE
324 amendments...
Amendment 100 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security
Amendment 101 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation
Amendment 102 #
Proposal for a regulation Recital 28 Amendment 103 #
Proposal for a regulation Recital 30 (30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person acting out of his/her business capacity requires that end-users that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities and natural persons acting in their business capacity requires that end-
Amendment 104 #
Proposal for a regulation Recital 30 (30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile
Amendment 105 #
Proposal for a regulation Recital 30 Amendment 106 #
Proposal for a regulation Recital 31 (31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition,
Amendment 107 #
Proposal for a regulation Recital 31 Amendment 108 #
Proposal for a regulation Recital 33 Amendment 109 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications,
Amendment 110 #
Proposal for a regulation Recital 37 (37) Service providers who offer electronic communication
Amendment 111 #
Proposal for a regulation Recital 37 (37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. Alternative solutions based on blockchain technology could be explored as they offer the protection needed for communications data allowing for maximum transparency and giving control back to the citizens. In such a way, in case of misuse of sensitive data or metadata will be traceable based on an e- id and timestamp system. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 112 #
Proposal for a regulation Recital 37 Amendment 113 #
Proposal for a regulation Recital 39 (39) Each supervisory authority should be competent on the territory of its own Member State to exercise the powers and to perform the tasks set forth in this Regulation. In order to ensure consistent monitoring and enforcement of this Regulation throughout the Union, the supervisory authorities should have the same tasks and effective powers in each Member State, without prejudice to the powers of prosecutorial authorities under Member State law, to bring infringements of this Regulation to the attention of the judicial authorities and engage in legal proceedings. Member States and their supervisory authorities are encouraged to take account of the specific needs of start- ups, micro, small and medium-sized enterprises as defined in Article 2 of Directive 2013/34/EU in the application of this Regulation.
Amendment 114 #
Proposal for a regulation Recital 39 Amendment 115 #
Proposal for a regulation Recital 39 a (new) (39a) In case that the competent supervisory authorities receive confidential information from a whistleblower regarding the misuse of data, in spite of the provisions of this Regulation, depriving citizens from their right to privacy, the whistleblower should be protected.
Amendment 116 #
Proposal for a regulation Recital 40 (40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, including sensitive data or metadata to be misused, leaked, or not to be kept anonymously resulting in any form of discrimination against the end user, in addition to, or instead of any other appropriate measures pursuant to this Regulation. This Regulation should indicate infringements and the upper limit
Amendment 117 #
Proposal for a regulation Recital 40 Amendment 118 #
Proposal for a regulation Article 1 – paragraph 2 2. This Regulation ensures the accurate and sustainable functioning of the digital single market and the free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 119 #
Proposal for a regulation Article 1 – paragraph 3 3. The provisions of this Regulation does not lower the level of protection enjoyed by natural persons under the Regulation (EU) 2016/679 but particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2.
Amendment 120 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to : (a) the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services
Amendment 121 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to the processing of electronic communications data carried out
Amendment 122 #
Proposal for a regulation Article 2 – paragraph 2 – point c Amendment 123 #
Proposal for a regulation Article 2 – paragraph 3 3. The processing of electronic communications data by the Union institutions, bodies, offices and agencies insofar as they are not publicly available, originating or having as destination public networks is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001].
Amendment 124 #
Proposal for a regulation Article 3 – paragraph 1 – introductory part 1. This Regulation applies to
Amendment 125 #
Proposal for a regulation Article 3 – paragraph 1 – point a Amendment 126 #
Proposal for a regulation Article 3 – paragraph 1 – point b Amendment 127 #
Proposal for a regulation Article 3 – paragraph 1 – point c Amendment 128 #
Proposal for a regulation Article 3 – paragraph 2 2. Where the provider of an electronic communications service is not established in the Union it shall designate, and prior to the start of its activity within the Union, in writing a representative in the Union.
Amendment 129 #
Proposal for a regulation Article 3 – paragraph 4 4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-users, on all issues related to
Amendment 130 #
Proposal for a regulation Article 3 – paragraph 5 5. The designation of a representative pursuant to paragraph 2 shall be without prejudice to legal actions, which could be initiated against a natural or legal person who
Amendment 131 #
Proposal for a regulation Article 4 – paragraph 1 – point b (b) the definitions of ‘electronic communications network’, ‘electronic communications service’, ‘interpersonal communications service’, ‘number-based interpersonal communications service’, ‘number-independent interpersonal communications service’,
Amendment 132 #
Proposal for a regulation Article 4 – paragraph 1 – point b a (new) (b a) 'end-user' means natural person using a publicly available electronic communications service for private or business purposes without necessarily having subscribed to this service;
Amendment 133 #
Amendment 134 #
Proposal for a regulation Article 4 – paragraph 2 2. For the purposes of point (b) of paragraph 1
Amendment 135 #
Proposal for a regulation Article 4 – paragraph 3 – point b (b)
Amendment 136 #
Proposal for a regulation Article 4 – paragraph 3 – point b (b) ‘electronic communications content’ means the content exchanged between parties and the external elements of a communication, including during machine-to-machine communication, by means of electronic communications services, such as text, voice, videos, images, and sound;
Amendment 137 #
Proposal for a regulation Article 4 – paragraph 3 – point b (b) ‘electronic communications content’ means the content exchanged by means of publically accessible electronic communications services, such as text, voice, videos, images, and sound;
Amendment 138 #
Proposal for a regulation Article 4 – paragraph 3 – point c (c)
Amendment 139 #
Proposal for a regulation Article 4 – paragraph 3 – point c (c) ‘electronic communications metadata’ means data processed in an electronic communications network or by any other equipment for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;
Amendment 140 #
Proposal for a regulation Article 4 – paragraph 3 – point c (c) ‘electronic communications metadata’ means all data processed in an
Amendment 141 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f) ‘direct marketing communications’ means any form of
Amendment 142 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f)
Amendment 143 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f)
Amendment 144 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f)
Amendment 145 #
Proposal for a regulation Article 4 – paragraph 3 – point g (g) ‘direct marketing voice-to-voice calls’ means live calls, which do not entail the use of automated calling systems and communication systems; this shall not include calls and text messages linked to Amber Alert;
Amendment 146 #
Proposal for a regulation Article 4 – paragraph 3 – point h a (new) (h a) 'equipment location data' means data that can enable the geospatial location, movement or direction of terminal equipment and it is not processed in order to provide a communications service.
Amendment 147 #
Proposal for a regulation Chapter 2 – title PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION
Amendment 148 #
Proposal for a regulation Article 5 – title Confidentiality of electronic communications
Amendment 149 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential
Amendment 150 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications
Amendment 151 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance, or any processing of electronic communications data regardless of whether this data is in transit or stored, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 152 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception
Amendment 153 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 154 #
Proposal for a regulation Article 6 – paragraph 1 Amendment 155 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Providers of electronic communications networks and services may process electronic communications data if
Amendment 156 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 157 #
Proposal for a regulation Article 6 – paragraph 1 – point a Amendment 158 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is technically and strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose;
Amendment 159 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 160 #
Proposal for a regulation Article 6 – paragraph 1 – point b Amendment 161 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) it is necessary to maintain
Amendment 162 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) it is technically and strictly necessary to maintain or restore the
Amendment 163 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) it is strictly necessary to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
Amendment 164 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the users concerned have given their consent to the processing of his or her electronic communications data, provided that it is technically and strictly necessary for the provision of an information society service explicitly requested by a user for his or her purely individual usage, solely for the provision of the explicitly requested service and only for the duration necessary for that purpose and without the consent of all users, only where such processing produces effects solely in relation to the user who requested the service and does not adversely affect the fundamental rights of other users.
Amendment 165 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1a. Providers of electronic communication networks and services and third parties may process electronic communication data to the extent strictly necessary and proportionate for the purpose of ensuring security of network and information if it is necessary to protect, maintain or restore the confidentiality, integrity, availability, authenticity of electronic communications, protect the privacy and safety of end-users or of third parties or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
Amendment 166 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1 a. Before processing electronic communications data, the provider shall carry out a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, and if necessary a prior consultation with the supervisory authority pursuant to Article 36 of Regulation (EU) 2016/679.
Amendment 167 #
Proposal for a regulation Article 6 – paragraph 2 Amendment 168 #
Proposal for a regulation Article 6 – paragraph 2 – introductory part 2. Providers of electronic
Amendment 169 #
Proposal for a regulation Article 6 – paragraph 2 – introductory part 2. Providers of electronic communications networks and services may process electronic communications metadata if:
Amendment 170 #
Proposal for a regulation Article 6 – paragraph 2 – introductory part 2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 171 #
Proposal for a regulation Article 6 – paragraph 2 – point a (a) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or for the purpose of network planning of the Electronic Communication Systems; or for the purpose of technological innovations, strictly related to the improvement of the network. This should be possible under the following safeguards: approval of the supervisory authority; pseudonymisation of the data, only if anonymisation is not possible for the purpose of the service; the minimum data required should be processed. _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 172 #
Proposal for a regulation Article 6 – paragraph 2 – point a (a) it is technically and strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 173 #
Proposal for a regulation Article 6 – paragraph 2 – point a (a) it is strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or
Amendment 174 #
Proposal for a regulation Article 6 – paragraph 2 – point b (b) it is necessary for billing,
Amendment 175 #
Proposal for a regulation Article 6 – paragraph 2 – point b (b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent
Amendment 176 #
Proposal for a regulation Article 6 – paragraph 2 – point b (b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 177 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c)
Amendment 178 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users
Amendment 179 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) the all end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such all end-
Amendment 180 #
Proposal for a regulation Article 6 – paragraph 2 – point c a (new) (c a) the processing of these data for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or
Amendment 181 #
Proposal for a regulation Article 6 – paragraph 2 – point c b (new) (cb) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679, for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Amendment 182 #
Proposal for a regulation Article 6 – paragraph 2 a (new) 2 a. Even in the denial or absence of consent of an end-user, for the processing of metadata in order to locate an individual, in cases of calls to emergency services, exclusively for Amber Alert and the European emergency phone number (112).
Amendment 183 #
Proposal for a regulation Article 6 – paragraph 2 a (new) 2a. For the purpose of point (cb) of paragraph 2, data protection impact assessment shall be carried out as prescribed in Article 35 of Regulation (EU) 2016/679.
Amendment 184 #
Proposal for a regulation Article 6 – paragraph 3 – introductory part 3.
Amendment 185 #
Proposal for a regulation Article 6 – paragraph 3 – introductory part 3. Providers of
Amendment 186 #
Proposal for a regulation Article 6 – paragraph 3 – point a Amendment 187 #
Proposal for a regulation Article 6 – paragraph 3 – point a (a) for the sole purpose of the provision of a specific service to a
Amendment 188 #
Proposal for a regulation Article 6 – paragraph 3 – point a (a) for the sole purpose of the provision of a specific service to an end- user, if the end-user
Amendment 189 #
Proposal for a regulation Article 6 – paragraph 3 – point b (b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. The concern of all end-users is not required in the situation when electronic communication emitted by an individual end-user is grossly offensive or of an indecent, obscene or menacing character and pose danger to other end- users involved. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
Amendment 190 #
Proposal for a regulation Article 6 – paragraph 3 – point b (b)
Amendment 191 #
Proposal for a regulation Article 6 – paragraph 3 a (new) 3a. Any processing based on end-user consent must not adversely affect the rights and freedoms of individuals whose personal data are related to the communication, in particular, their rights to privacy and the protection of their personal data.
Amendment 192 #
Proposal for a regulation Article 7 Amendment 193 #
Proposal for a regulation Article 7 – paragraph 1 1. Without prejudice to
Amendment 194 #
Proposal for a regulation Article 7 – paragraph 1 1. Without prejudice to
Amendment 195 #
Proposal for a regulation Article 7 – paragraph 2 2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata
Amendment 196 #
Proposal for a regulation Article 7 – paragraph 2 2. Without prejudice to
Amendment 197 #
Proposal for a regulation Article 7 – paragraph 2 2. Without prejudice to point (b) and (c) of Article 6(1) and point
Amendment 198 #
Proposal for a regulation Article 7 – paragraph 3 3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2),
Amendment 199 #
Proposal for a regulation Article 8 – title Protection of information
Amendment 200 #
Proposal for a regulation Article 8 – title Protection of information stored in
Amendment 201 #
Proposal for a regulation Article 8 – title Protection of information stored in and related to all end-users’ terminal equipment
Amendment 202 #
Proposal for a regulation Article 8 – paragraph 1 – introductory part 1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users
Amendment 203 #
Proposal for a regulation Article 8 – paragraph 1 – introductory part 1. The use of input, output, processing and storage capabilities of terminal equipment and the collection or processing of information from
Amendment 204 #
Proposal for a regulation Article 8 – paragraph 1 – introductory part 1. The use of processing and storage capabilities of terminal equipment and the collection of information from all end- users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 205 #
Proposal for a regulation Article 8 – paragraph 1 – point a (a) it is strictly and technically necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications
Amendment 206 #
Proposal for a regulation Article 8 – paragraph 1 – point a (a) it is strictly necessary for the sole purpose of carrying out the transmission of an
Amendment 207 #
Proposal for a regulation Article 8 – paragraph 1 – point b (b) the
Amendment 208 #
Proposal for a regulation Article 8 – paragraph 1 – point b (b) the all end-user has given his or her consent; or
Amendment 209 #
Proposal for a regulation Article 8 – paragraph 1 – point b a (new) (b a) the information is or is rendered pseudonymous or anonymous; or
Amendment 210 #
Proposal for a regulation Article 8 – paragraph 1 – point c (c) it is necessary for providing an information society service requested by the end-user, particularly in order to preserve the integrity or security of the information society service or access to it, to improve what is offered or for measures to protect against unauthorised use of the service in accordance with the terms and conditions of use relating to the provision of services to the end-user; or
Amendment 211 #
Proposal for a regulation Article 8 – paragraph 1 – point c (c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use of the information society service according to the terms of use for making available the service to the end user; or
Amendment 212 #
Proposal for a regulation Article 8 – paragraph 1 – point c (c) it is strictly and technically necessary for providing an information society service specifically requested by the
Amendment 213 #
Proposal for a regulation Article 8 – paragraph 1 – point c (c) it is necessary for providing an information society service requested by
Amendment 214 #
Proposal for a regulation Article 8 – paragraph 1 – point d Amendment 215 #
Proposal for a regulation Article 8 – paragraph 1 – point d (d) if it is necessary for
Amendment 216 #
Proposal for a regulation Article 8 – paragraph 1 – point d (d) if it is necessary
Amendment 217 #
Proposal for a regulation Article 8 – paragraph 1 – point d (d) if it is necessary
Amendment 218 #
Proposal for a regulation Article 8 – paragraph 1 – point d (d) if it is necessary for
Amendment 219 #
Proposal for a regulation Article 8 – paragraph 1 – point d (d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by
Amendment 220 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (d a) a clear and prominent notice is displayed to the public informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation 2016/679/EU where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimize the collection. The collection of such information shall be conditional on the application of appropriate technical and organization measures to ensure that the collection and processing of information is limited to what is necessary in relation to the purposes of processing and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation 2016/679/EU, have been applied, which may inter alia include pseudonymisation or anonymisation of the information collected as set out in Art. 4 (5) of Regulation (EU) 2016/679
Amendment 221 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (da) it is strictly technically necessary for a security update, provided that: (i) such updates are discreetly packaged and do not in any way change the functionality of the hardware or software or the privacy settings chosen by the user; (ii) the user is informed in advance each time such an update is being installed; and (iii) the user has the possibility to postpone or turn off the automatic installation of such updates;
Amendment 222 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (d a) it is necessary to protect privacy, security or safety of the end-user, or to protect confidentiality, integrity, availability, authenticity of the terminal equipment; or
Amendment 223 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (d a) (e) where the processing is strictly limited to anonymised or pseudonymised data and the entity concerned undertakes to comply with specific privacy safeguards; or
Amendment 224 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) da) it occurs for the purpose of recording, for the undertaking as a whole, anonymous indicators concerning the use of information society services; or
Amendment 225 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (d a) for emergency services acting on calls to the European emergency phone number (112) or Amber Alert.
Amendment 226 #
Proposal for a regulation Article 8 – paragraph 1 – point d a (new) (d a) under the conditions as set out in point (b) of paragraph 2 and paragraph 3
Amendment 227 #
Proposal for a regulation Article 8 – paragraph 1 – point d b (new) (d b) the processing of these data and information for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or
Amendment 228 #
Proposal for a regulation Article 8 – paragraph 1 – point d b (new) db) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise; or
Amendment 229 #
Proposal for a regulation Article 8 – paragraph 1 – point d b (new) (db) if it used for the personalisation of the electronic communications services provided to end-users
Amendment 230 #
Proposal for a regulation Article 8 – paragraph 1 – point d c (new) (d c) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Amendment 231 #
Proposal for a regulation Article 8 – paragraph 1 – point d c (new) dc) it occurs for purposes of the settlement of payments under contracts concerning the sale of products or services, provided that the contract pertaining thereto has been concluded on- line.
Amendment 232 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. It is necessary to safeguard the security and privacy of the end-user, as well as to guarantee the incorruptibility, accessibility, confidentiality, and authenticity of terminal equipment or the electronic communication network or services.
Amendment 233 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. For the purpose of points (ba), (db) and (dc) of paragraph 1, data protection impact assessment shall be carried out as prescribed in Article 35 of Regulation (EU) 2016/679.
Amendment 234 #
Proposal for a regulation Article 8 – paragraph 1 b (new) 1 b. For the purpose of points (db) and (dc) of paragraph 1, in order to demonstrate the compliance with the Regulation, the adherence to the data protection certification mechanisms and of data protection seals and marks, as defined in Article 42 of Regulation (EU) 2016/679, especially on the Union level, shall be encouraged by the Member States, the supervisory authorities, the Board and the Commission.
Amendment 235 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – introductory part The collection of information emitted by terminal equipment to enable it to connect to another device
Amendment 236 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point a a (new) (aa) the end-user has been informed of the purpose for which his or her data are to be used and has given his or her informed consent.
Amendment 237 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point a (a) it is done exclusively in order to, for the time necessary for, and for the purpose of establishing a connection, if this connection is requested by the user or the establishing of the connection is an integral part of the terminal equipment's functionality; or
Amendment 238 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point a a (new) (aa) the end-user has given his or her consent;or
Amendment 239 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b Amendment 240 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b Amendment 241 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b (b) the information collected is or is rendered pseudonymous or anonymous and the data protection impact assessment and, if necessary, a prior consultation with the supervisory authority were carried out, as prescribed respectively in Article 35 and 36 of Regulation (EU) 2016/679, and a clear and prominent notice is
Amendment 242 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b (b) a clear and prominent notice is displayed in
Amendment 243 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b (b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure
Amendment 244 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 1 – point b a (new) (b a) the data are immediately anonymised in a way that they cannot be linked to the terminal equipment anymore or used to single out users based on their terminal equipment, and is only further processed for statistical purposes that generate aggregate information;
Amendment 245 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 2 The collection of such information shall be conditional on the application of appropriate technical and organisational measures to limit the collection and processing of information to the purposes required therefor and ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4(5) of Regulation (EU) No 2016/679.
Amendment 246 #
Proposal for a regulation Article 8 – paragraph 2 – subparagraph 2 The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679
Amendment 247 #
Proposal for a regulation Article 8 – paragraph 3 Amendment 248 #
Proposal for a regulation Article 8 – paragraph 3 3. The information to be provided pursuant to point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner; in order to provide this information, a labelling scheme can be used for software and terminal equipment, specifying the security and quality characteristics.
Amendment 249 #
Proposal for a regulation Article 8 – paragraph 3 3. The information to be provided pursuant to point (e) of paragraph 1 and point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner.
Amendment 250 #
Proposal for a regulation Article 8 – paragraph 3 – subparagraph 1 (new) Relevant technical guidelines shall be developed by the competent European authorities.
Amendment 251 #
Proposal for a regulation Article 8 – paragraph 4 Amendment 252 #
Proposal for a regulation Article 8 – paragraph 4 Amendment 253 #
Proposal for a regulation Article 9 – paragraph 1 1. The definition of and conditions for consent provided for under Articles 4(11) and
Amendment 254 #
Proposal for a regulation Article 9 – paragraph 2 Amendment 255 #
Proposal for a regulation Article 9 – paragraph 2 2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical s
Amendment 256 #
Proposal for a regulation Article 9 – paragraph 2 2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using
Amendment 257 #
Proposal for a regulation Article 9 – paragraph 3 Amendment 258 #
Proposal for a regulation Article 9 – paragraph 3 Amendment 259 #
Proposal for a regulation Article 9 – paragraph 3 3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679
Amendment 260 #
Proposal for a regulation Article 9 – paragraph 3 3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679
Amendment 261 #
Proposal for a regulation Article 9 – paragraph 3 3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679
Amendment 262 #
Proposal for a regulation Article 9 – paragraph 3 3.
Amendment 263 #
Proposal for a regulation Article 9 – paragraph 3 3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of
Amendment 264 #
Proposal for a regulation Article 9 – paragraph 3 a (new) 3 a. A user shall not be denied access to any electronic communications service, information society service or functionality of a terminal equipment, regardless of whether this is remunerated or not, on the mere grounds that he or she has not given his or her consent to (a) the processing of electronic communications data, metadata or content pursuant to Article 6;or (b) the use of input, output, processing and storage capabilities of terminal equipment and the collection of information from the users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, pursuant to Article 8(1);or (c) the collection of information emitted by terminal equipment pursuant to Article 8(2) that is technically not necessary for the provision of that service or functionality.
Amendment 265 #
Proposal for a regulation Article 9 – paragraph 3 a (new) 3a. The definition of and condition applicable to child's consent in relation to information society services provided for under Articles 8 of Regulation 2016/679/EU shall apply.
Amendment 266 #
Proposal for a regulation Article 9 – paragraph 3 a (new) 3a. The possibility of proper informed consent should be applied in all cases.
Amendment 267 #
Proposal for a regulation Article 9 – paragraph 3 b (new) 3 b. The possibility to easily revoke consent should be offered in an explicit manner.
Amendment 268 #
Proposal for a regulation Article 10 Amendment 269 #
Proposal for a regulation Article 10 Amendment 270 #
Proposal for a regulation Article 10 – title Amendment 271 #
Proposal for a regulation Article 10 – paragraph 1 1.
Amendment 272 #
Proposal for a regulation Article 10 – paragraph 1 1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer
Amendment 273 #
Proposal for a regulation Article 10 – paragraph 1 1. Software and terminal equipment placed on the market permitting electronic communications, including the retrieval and presentation of
Amendment 274 #
Proposal for a regulation Article 10 – paragraph 1 a (new) 1 a. Additional information practices should be put in place explaining clearly and briefly the necessity and purpose of the active tracking cookies.
Amendment 275 #
Proposal for a regulation Article 10 – paragraph 1 a (new) 1 a. Browsers and similar software should, by default, present privacy friendly settings that limit online tracking.
Amendment 276 #
Proposal for a regulation Article 10 – paragraph 1 b (new) 1 b. The end user should be able to adopt the Do NoT Track setting in order to refuse its signal to be tracked.Do Not Track option should be applicable to all tracking technologies, including cookies and device fingerprints with exception for life emergency purposes.
Amendment 277 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Such software shall ensure that a consent given by an end user under Article 8 (1) point (b) prevails over the privacy settings chosen at the installation of the software. When informing the end user, a clear simple wording should be used. The language used should be the same as the language that the interface uses allowing for the end user to understand at his language of choice.
Amendment 278 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options
Amendment 279 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. The offer regarding options to prevent third parties from storing information shall be presented in a manner so as to ensure to the end-user a fully informed decision based on the advantages and disadvantages of different settings.
Amendment 280 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Such software shall ensure that a consent given by an end-user in relation to an individual service provider under point (b) of Article 8(1) prevails over the general privacy settings chosen at the installation of software.
Amendment 281 #
Proposal for a regulation Article 10 – paragraph 2 2.
Amendment 282 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Such software shall ensure that a consent given by an end user under point (b) of Article 8 (1) prevails over the privacy settings chosen at the installation of the software.
Amendment 283 #
Proposal for a regulation Article 10 – paragraph 2 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to c
Amendment 284 #
Proposal for a regulation Article 10 – paragraph 2 a (new) 2 a. For the purposes of (a) giving consent pursuant to Article 9(2) of this Regulation, and (b) objecting to the processing of personal data pursuant to Article 21(5) of Regulation (EU) 2017/679, the settings shall lead to a signal based on technical specifications which is sent to the other parties to inform them about the user's intentions with regard to consent or objection. This signal shall be legally valid and be binding on, and enforceable against, any other party. The European Data Protection Board shall issue guidelines to determine which technical specifications and signalling methods fulfil the conditions for consent and objection pursuant to points (a) and (b).
Amendment 285 #
Proposal for a regulation Article 10 – paragraph 2 a (new) 2 a. The software permitting end-user to access individual websites shall enable end-user to customise his or her privacy settings according to the website visited.
Amendment 286 #
Proposal for a regulation Article 10 – paragraph 3 Amendment 287 #
Proposal for a regulation Article 10 – paragraph 3 3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1, 2 and
Amendment 288 #
Proposal for a regulation Article 10 – paragraph 3 3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25
Amendment 289 #
Proposal for a regulation Article 10 – paragraph 3 a (new) 3a. Tracking walls and similar take-it- or-live-it choices regarding privacy should be prohibited in public funded websites and sites with monopoly-like position. The visitors cannot be banned of using the website if they haven't given their prior consent to disclose data.
Amendment 290 #
Proposal for a regulation Article 10 a (new) Article 10 a Information society services should respond to an emitted '' Do Not Track '' (DNT) signal, by indicating to the end- user that tracking cookies have been switched off.
Amendment 291 #
Proposal for a regulation Article 10 a (new) Article 10a Article 25 of Regulation (EU) No 2016/679 shall apply.
Amendment 292 #
Proposal for a regulation Article 11 Amendment 293 #
Proposal for a regulation Article 11 – paragraph 1 Amendment 294 #
Proposal for a regulation Article 11 – paragraph 1 1. Union or Member State law may
Amendment 295 #
Proposal for a regulation Article 11 – paragraph 1 1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (
Amendment 296 #
Proposal for a regulation Article 11 – paragraph 2 Amendment 297 #
Proposal for a regulation Article 11 a (new) Amendment 298 #
Proposal for a regulation Article 11 b (new) Article 11 b Restrictions of the confidentiality of communications Union or Member State law to which the provider is subject may restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. (2) In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679 and will only be applied following a court order. (3) No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.
Amendment 299 #
Proposal for a regulation Article 11 c (new) Article 11 c Transparency reporting Providers of electronic communications services and networks shall provide every year to the competent supervisory authority and to the public, a transparency report, providing the number of requests received pursuant to Articles 11a and 11b, from which authorities, the number of granted requests, and the numbers of end-users affected by the requests. Such transparency reporting shall also include information about privacy and data protection practices and policies, inform users about avenues for remedies in case of abuses and feature clear and easily understandable information about end- users rights protected under this Regulation.
Amendment 300 #
Proposal for a regulation Article 13 – paragraph 1 1. Regardless of whether the calling end-user has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification
Amendment 301 #
Proposal for a regulation Article 13 – paragraph 1 1. Regardless of whether the calling user or end-user has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification and the denial or absence of consent of a
Amendment 302 #
Proposal for a regulation Article 13 – paragraph 1 a (new) 1 a. This Regulation shall be without prejudice to the requirements for the deployment of the eCall in-vehicle system based on the 112 service (Regulation 2015/758) and shall allow eCall to handle emergency situations and carry out the tasks as effectively as possible;
Amendment 303 #
Proposal for a regulation Article 13 – paragraph 2 2.
Amendment 304 #
Proposal for a regulation Article 14 – paragraph 1 – point a (a) to block incoming calls from specific numbers or numbers having a specific code or prefix identifying the fact that the call is a marketing call referred to in Article 16(3)(b), or from anonymous sources;
Amendment 305 #
Proposal for a regulation Article 15 – paragraph 1 1. The providers
Amendment 306 #
Proposal for a regulation Article 15 – paragraph 1 1.
Amendment 307 #
Proposal for a regulation Article 15 – paragraph 1 1. The
Amendment 308 #
Proposal for a regulation Article 15 – paragraph 1 1. The providers of publicly available directories or the electronic communication service providers shall obtain the consent of end-
Amendment 309 #
Proposal for a regulation Article 15 – paragraph 2 2. The providers of a publicly available directory shall inform end-users concerned who are natural persons
Amendment 310 #
Proposal for a regulation Article 15 – paragraph 2 2. The providers of a publicly available directory shall inform end-users who are natural persons acting out of their business capacity whose personal
Amendment 311 #
Proposal for a regulation Article 15 – paragraph 2 2. The providers of a publicly available directory shall inform end-users who are natural persons acting out of their business capacity whose personal data are in the directory of the available search functions of the directory and obtain end- users’ consent before enabling such search functions related to their own data.
Amendment 312 #
Proposal for a regulation Article 15 – paragraph 3 3. The providers of publicly available directories shall provide end-users that are legal persons of natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct and delete such data.
Amendment 313 #
Proposal for a regulation Article 15 – paragraph 3 3. The providers of publicly available directories shall provide end-users that are legal persons or natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct and delete such data.
Amendment 314 #
Proposal for a regulation Article 15 – paragraph 3 3. The providers of electronic communication services or providers of publicly available directories shall provide end-users that are legal persons with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct and delete such data.
Amendment 315 #
Proposal for a regulation Article 15 – paragraph 3 3. The
Amendment 316 #
Proposal for a regulation Article 15 – paragraph 4 4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct and delete any data related to them shall be provided free of charge and in an easily accessible manner by the party that collected the consent or directly from the provider of publicly available directory.
Amendment 317 #
Proposal for a regulation Article 15 – paragraph 4 a (new) 4a. The article shall not apply to data provided to directories by the end-users themselves.
Amendment 318 #
Proposal for a regulation Article 16 – paragraph 1 1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent
Amendment 319 #
Proposal for a regulation Article 16 – paragraph 1 1.
Amendment 320 #
Proposal for a regulation Article 16 – paragraph 1 1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications only to end-users who are natural persons that have given their consent.
Amendment 321 #
Proposal for a regulation Article 16 – paragraph 1 1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons
Amendment 322 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The customer shall be informed about the right to object and shall be given an easy way to exercise it at the time of collection and each time a message is sent.
Amendment 323 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services for a period of no more than 12 months only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
Amendment 324 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to
Amendment 325 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own
Amendment 326 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation
Amendment 327 #
Proposal for a regulation Article 16 – paragraph 2 2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679,
Amendment 328 #
Proposal for a regulation Article 16 – paragraph 3 – introductory part 3. Without prejudice to paragraphs 1 and 2, natural or legal persons using electronic communications services for the purposes of placing direct marketing calls shall
Amendment 329 #
Proposal for a regulation Article 16 – paragraph 3 – point a Amendment 330 #
(a) present the identity of a line on which they can be contacted;
Amendment 331 #
Proposal for a regulation Article 16 – paragraph 3 – point b Amendment 332 #
Proposal for a regulation Article 16 – paragraph 3 a (new) 3 a. Unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted.Such communications shall provide the necessary information for recipients to exercise their right to refuse further written or oral marketing messages.
Amendment 333 #
Proposal for a regulation Article 16 – paragraph 4 4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to-voice calls to end-users who are natural persons shall only be allowed in respect of end- users who are natural persons who have not expressed their objection or have consented to receiving those communications. Member States shall provide that users can object to receiving the unsolicited communications via a national Do Not Call Register, thereby also ensuring that the user is only required to opt out once
Amendment 334 #
Proposal for a regulation Article 16 – paragraph 6 6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their
Amendment 335 #
Proposal for a regulation Article 16 – paragraph 6 6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent
Amendment 336 #
Proposal for a regulation Article 17 – title Integrity of the communications and information about
Amendment 337 #
Proposal for a regulation Article 17 – title Amendment 338 #
Proposal for a regulation Article 17 – paragraph 1 Amendment 339 #
Proposal for a regulation Article 17 – paragraph 1 Amendment 340 #
Proposal for a regulation Article 17 – paragraph 1 Amendment 341 #
Proposal for a regulation Article 17 – paragraph 1 a (new) The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and integrity of the communication in transmission or stored are also guaranteed by technical measures according to the state of the art, including end-to-end encryption of the electronic communications data. When encryption of electronic communications data is used, decryption by anybody else than the user shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the confidentiality and integrity of their networks and services, including the encryption methods used.
Amendment 342 #
Proposal for a regulation Article 17 – paragraph 1 b (new) In the case of a particular risk that may compromise the security of networks, electronic communications services, or terminal equipment, the relevant provider or manufacturer shall inform end-users of such a risk and, take all possible measures to remove it and where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies. It shall also inform the relevant manufacturer and service provider.
Amendment 343 #
Proposal for a regulation Article 18 – paragraph 1 1. The independent supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Regulation. Chapter VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to users and end- users.
Amendment 344 #
Proposal for a regulation Article 18 – paragraph 1 Amendment 345 #
Proposal for a regulation Article 19 – paragraph 1 – point a a (new) (a a) (a) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for: (i) security updates referred to in Article 8(1)(e); (ii) the interference in the context of employment relationships referred to in Article 8(1)(f); (iv) the collection of information emitted by the terminal equipment referred to in Article 8(2)(c); (v) technical specifications and signalling methods that fulfil the conditions for consent and objection pursuant to Article 8(2a). (vi) software settings referred to in Article 10(1) and (2);and (vii) technical measures according to ensure confidentiality and integrity of the communication pursuant to Article 17(1).
Amendment 346 #
Proposal for a regulation Article 19 – paragraph 1 – point b a (new) (ba) draw up guidelines for supervisory authorities concerning the application of Article 9(1) and the particularities of expression of consent by legal entities;
Amendment 347 #
Proposal for a regulation Article 19 – paragraph 1 – point b b (new) (bb) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for types of services that may be requested for purely individual or work-related usage as referred to in Article 6(3a);
Amendment 348 #
Proposal for a regulation Article 21 Amendment 349 #
Proposal for a regulation Article 21 – paragraph 1 1. Without prejudice to this text or any other administrative or judicial remedy, every user and end-user of electronic communications services shall have at least the same remedies provided for in Articles 77, 78, 79, and
Amendment 350 #
Proposal for a regulation Article 21 – paragraph 2 a (new) 2a. An end-user or a group of end- users shall have the right to mandate a non-for-profit body, organisation or association which has been properly constituted in accordance with the law of a Member State, has statutory objectives which are in the public interest, and is active in the field of protection of their personal data and the protection of privacy to lodge the complaint on his or her behalf, to exercise the rights referred to in paragraphs 1 and 2 of this Article on his or her behalf, and to exercise the right to receive compensation referred to in Article 22 on his or her behalf where provided for by Member State law.
Amendment 351 #
Proposal for a regulation Article 21 – paragraph 2 b (new) 2b. A body, organisation or association independently of the end- user's mandate, shall have the right to lodge, in the Member State where it is registered, a complaint with the supervisory authority which is competent pursuant to paragraph 1 of this Article and to exercise the rights referred to in paragraph 2 of this Article if it considers that the rights of the end-user under this Regulation have been infringed.
Amendment 352 #
Proposal for a regulation Article 22 – paragraph 1 Any end-user of electronic communications services who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the infringer for the damage suffered, unless the infringer legally proves that it is not in any way responsible for the event giving rise to the damage in accordance with Article 82 of Regulation (EU) 2016/679.
Amendment 353 #
Proposal for a regulation Article 23 – paragraph 2 – point a Amendment 354 #
Proposal for a regulation Article 23 – paragraph 3 3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, 7 and
Amendment 355 #
Proposal for a regulation Article 27 – paragraph 1 1. Directive 2002/58/EC is repealed with effect from
Amendment 356 #
Proposal for a regulation Article 27 – paragraph 1 1. Directive 2002/58/EC is repealed with effect from 25
Amendment 357 #
Proposal for a regulation Article 28 – paragraph 1 By
Amendment 358 #
Proposal for a regulation Article 28 – paragraph 1 By 1 J
Amendment 359 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 It shall apply from
Amendment 360 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 It shall apply from 25
Amendment 37 #
Proposal for a regulation Citation 1 a (new) having regard to the Protocol (No 1) of the Treaty on the Functioning of the European Union (TFEU) on the role of national parliaments in the European Union,
Amendment 38 #
Proposal for a regulation Citation 1 b (new) having regard to the Protocol (No 2) of the Treaty on the Functioning of the European Union (TFEU) on the application of the principles of subsidiarity and proportionality,
Amendment 39 #
Proposal for a regulation Recital 1 Amendment 40 #
Proposal for a regulation Recital 1 (1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental and inalienable right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication. The principle of
Amendment 41 #
Proposal for a regulation Recital 2 (2)
Amendment 42 #
Proposal for a regulation Recital 2 Amendment 43 #
Proposal for a regulation Recital 3 (3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value and repercussions for privacy. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21, also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 44 #
Proposal for a regulation Recital 4 (4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may include personal data as defined in Regulation (EU) 2016/679 while in the case of natural persons electronic communications data is always personal data.
Amendment 45 #
Proposal for a regulation Recital 5 (5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data
Amendment 46 #
Proposal for a regulation Recital 7 Amendment 47 #
Proposal for a regulation Recital 7 Amendment 48 #
Proposal for a regulation Recital 7 (7) The
Amendment 49 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to, using the input/output, the communication and processing capabilities or stored in end- users’ terminal equipment.
Amendment 50 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories,
Amendment 51 #
Proposal for a regulation Recital 9 a (new) (9a) For the purpose of this Regulation, where the provider of an electronic communications service is not established in the Union, it shall designate a representative in the Union. The representative should be designated in writing. The representative may be the same as the one designated under Article 27 of Regulation (EU) 2016/679.
Amendment 52 #
Proposal for a regulation Recital 11 (11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using
Amendment 53 #
Proposal for a regulation Recital 11 (11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and
Amendment 54 #
Proposal for a regulation Recital 11 (11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]. That definition encompasses not only internet access services and services consisting wholly
Amendment 55 #
Proposal for a regulation Recital 12 Amendment 56 #
Proposal for a regulation Recital 12 (12) Connected devices and machines increasingly communicate with each other by using electronic communications networks
Amendment 57 #
Proposal for a regulation Recital 12 (12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to
Amendment 58 #
Proposal for a regulation Recital 12 (12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation
Amendment 59 #
Proposal for a regulation Recital 12 a (new) (12a) Intelligent Transport Systems need additional protection in the ePrivacy Regulation regarding communications data as connected cars generate, transmit and store users' personal data. Personal privacy of consumers in connected vehicles needs to be guaranteed, as third parties access and use driver and driving data.
Amendment 60 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. It should apply to social media groups even if restricted by the user, as long as the social media service as a whole is publicly available. In contrast, this Regulation should not apply to closed groups of end-users such as corporate networks, access to which is limited to members of the corporation.
Amendment 61 #
Proposal for a regulation Recital 13 Amendment 62 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls, a
Amendment 63 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary
Amendment 64 #
Proposal for a regulation Recital 14 (14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such
Amendment 65 #
Proposal for a regulation Recital 14 (14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged
Amendment 66 #
Proposal for a regulation Recital 14 a (new) (14 a) Equipment location data should include data transmitted or stored in terminal equipment generated by accelerometers, barometers, compasses, satellite positioning systems or similar sensors or devices.
Amendment 67 #
Proposal for a regulation Recital 15 (15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications.
Amendment 68 #
Proposal for a regulation Recital 15 (15) Electronic communications data should be treated as confidential. This means that any interference with the
Amendment 69 #
Proposal for a regulation Recital 15 a (new) (15 a) Anonymity of data should be considered as an extra layer of protection and confidentiality. Relative provisions should be put in place to anonymise data by default, when possible.Such procedures should be accompanied by a series of tests serving as a proof of anonymity.
Amendment 70 #
Proposal for a regulation Recital 15 b (new) (15 b) The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate and justifiable purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.
Amendment 71 #
Proposal for a regulation Recital 15 c (new) (15c) Providers of electronic communications networks and services now provide their end-users with enhanced features by using communications data before the provider transmits the data through a public network or after the provider has received the data from such a network. These enhanced features include speech-to-text conversion for users with disabilities, digital personal assistants using voice commands, automatic language translation, and message prioritization and sorting. For the purposes of these service providers, electronic communications are not in transmission once the service provider of the intended recipient has received the communications for delivery to the recipient's terminal equipment or until the service provider of the sender has sent the communication to another service provider for eventual delivery to the intended recipient.
Amendment 72 #
Proposal for a regulation Recital 16 (16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security, confidentiality, integrity, availability, authenticity and continuity of the electronic communications services and networks, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 73 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole.
Amendment 74 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities
Amendment 75 #
Proposal for a regulation Recital 18 (18) End-users may consent to the processing of their
Amendment 76 #
Proposal for a regulation Recital 19 Amendment 77 #
Proposal for a regulation Recital 19 (19)
Amendment 78 #
Proposal for a regulation Recital 19 (19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service, for example text to voice service, organisation of the mailbox or SPAM filter service. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end-
Amendment 79 #
Proposal for a regulation Recital 20 (20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking,
Amendment 80 #
Proposal for a regulation Recital 21 Amendment 81 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Consent should also not be necessary if the information processed or stored is necessary to protect privacy, security or safety of the end-user, or to protect confidentiality, integrity, availability and authenticity of the terminal equipment. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of
Amendment 82 #
Proposal for a regulation Recital 21 a (new) (21a) Equipment location data can give a very detailed and intrusive insight on an individual's personal life or an organisation's business and activities. Processing of location data from any source, whether electronic communications metadata or equipment location data should be conducted on the basis of clear rules.
Amendment 83 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using
Amendment 84 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other
Amendment 85 #
Proposal for a regulation Recital 22 Amendment 86 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 87 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to
Amendment 88 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should be presented in a an easily visible and intelligible manner. Additionally, when personal data, including transaction data, is collected, it should be anonymised by default. When the end user decides not to allow the collection of their data or metadata they should be allowed to use the relative service to the extent possible, while respecting their choice.
Amendment 89 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under
Amendment 90 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies
Amendment 91 #
Proposal for a regulation Recital 24 Amendment 92 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679,
Amendment 93 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users
Amendment 94 #
Proposal for a regulation Recital 24 Amendment 95 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to
Amendment 96 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station
Amendment 97 #
Proposal for a regulation Recital 25 Amendment 98 #
Proposal for a regulation Recital 25 Amendment 99 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals
source: 602.723
2017/07/03
IMCO
137 amendments...
Amendment 100 #
Proposal for a regulation Recital 17 a (new) (17a) This Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata based on users' informed consent. However, users attach great importance to the confidentiality of their communications, including their online activities, and they want to control the use of their electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain users' consent to process electronic communications data. For the purposes of this Regulation, the consent of a user should have the same meaning and be subject to the same conditions as the consent of the data subject under Regulation (EU) 2016/679.
Amendment 101 #
Proposal for a regulation Recital 18 (18) End-users may consent to the processing of their
Amendment 102 #
Proposal for a regulation Recital 18 (18) End-users may consent to the processing of their
Amendment 103 #
Proposal for a regulation Recital 18 (18) End-users may consent to the processing of their metadata to receive specific services such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against counter-performance other than money, for instance by end-users being exposed to advertisements. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject's consent under Regulation (EU) 2016/679. The end- user must be informed about the possible further use of their personal data by third parties. Basic broadband internet access and voice communications services are to be considered as essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse or withdraw consent without detriment.
Amendment 104 #
Proposal for a regulation Recital 19 (19)
Amendment 105 #
Proposal for a regulation Recital 19 (19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any
Amendment 106 #
Proposal for a regulation Recital 19 (19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. For services that are provided to users engaged in purely personal or household activities, the consent of the end-user requesting the service should be sufficient. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always
Amendment 107 #
Proposal for a regulation Recital 19 a (new) (19a) It should be possible to process electronic communications data for the purposes of providing services specifically requested by a user for personal or personal work-related purposes such as search or keyword indexing functionality, text-to-speech engines and translation services, including picture-to-voice or other automated content processing used as accessibility tools by persons with disabilities. This should be possible without the consent of all users who are part of the communication, but may take place with the consent of the user requesting the service. Such specific consent also precludes the provider from processing those data for different purposes.
Amendment 108 #
Proposal for a regulation Recital 20 (20) Terminal equipment of
Amendment 109 #
Proposal for a regulation Recital 20 (20) Terminal equipment of
Amendment 110 #
Proposal for a regulation Recital 20 (20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs
Amendment 111 #
Proposal for a regulation Recital 20 (20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools
Amendment 112 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to
Amendment 113 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the input, output, processing and storage capabilities of terminal equipment or to access
Amendment 114 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in or emitted by terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical
Amendment 115 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the
Amendment 116 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in
Amendment 117 #
Proposal for a regulation Recital 21 (21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of
Amendment 118 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are
Amendment 119 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's
Amendment 120 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques,
Amendment 121 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment
Amendment 122 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as
Amendment 123 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties, provided that there is no separate specific consent given by the end-user. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 124 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example
Amendment 125 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default
Amendment 126 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679.
Amendment 127 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679.
Amendment 128 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679.
Amendment 129 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 130 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 131 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 132 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 133 #
Proposal for a regulation Recital 23 a (new) (23a) Children merit specific protection with regard to their online privacy. They usually start using the internet at an early age and become very active users. Yet, they may be less aware of the risks and consequences associated to their online activities, as well as less aware of their rights. Specific safeguards are necessary in relation to the use of children's data, notably for the purposes of marketing and the creation of personality or user profiles.
Amendment 134 #
Proposal for a regulation Recital 23 a (new) (23a) In order to improve trust between end-users and parties concerned with the processing of information stored in terminal equipment, and to limit the amount of tracking that negatively impacts privacy, the ability for end-users to develop their own profile, with for instance self-authored tools, should be promoted as an alternative to tracking.
Amendment 135 #
Proposal for a regulation Recital 24 Amendment 136 #
Proposal for a regulation Recital 24 Amendment 137 #
Proposal for a regulation Recital 24 Amendment 138 #
Proposal for a regulation Recital 24 (24) For
Amendment 139 #
Proposal for a regulation Recital 24 (24) For web browsers or other applications to be able to obtain end-users
Amendment 140 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of
Amendment 141 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-users from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals' browsing histories and the use of such records to send or present targeted advertising. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.
Amendment 142 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers.
Amendment 143 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged
Amendment 144 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the
Amendment 145 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such
Amendment 146 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a
Amendment 147 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International
Amendment 148 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction is targeted at persons suspected of having committed a criminal offence and constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence,
Amendment 149 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard
Amendment 150 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties
Amendment 151 #
Proposal for a regulation Recital 26 a (new) (26a) In order to safeguard the security and integrity of networks and services, the use of end-to-end encryption should be promoted and, where necessary, be mandatory in accordance with the principles of security and privacy by design. Member States should not impose any obligation on encryption providers, on providers of electronic communications services or on any other organisations (at any level of the supply chain) that would result in the weakening of the security of their networks and services, such as the creation or facilitation of "backdoors".
Amendment 152 #
Proposal for a regulation Recital 27 (27) As regards calling line identification, it is necessary to protect the right of the calling party to withhold the presentation of the identification of the line from which the call is being made and the right of the called party to reject calls from unidentified lines.
Amendment 153 #
Proposal for a regulation Recital 28 (28) There is justification for overriding the elimination of calling line identification presentation in specific cases.
Amendment 154 #
Proposal for a regulation Recital 29 (29) Technology exists that enables providers of certain publicly available electronic communications services to limit the reception of unwanted calls by
Amendment 155 #
Proposal for a regulation Recital 29 (29) Technology exists that enables providers of electronic communications services to limit the reception of unwanted calls by end-users in different ways, including blocking silent calls and other fraudulent and nuisance calls or marketing calls with a specific code or prefix. Providers of publicly available number- based interpersonal communications services should deploy this technology and protect end-users against nuisance calls and do so free of charge. Providers should ensure that end-
Amendment 156 #
Proposal for a regulation Recital 30 (30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person acting out of their business capacity requires that end-users that are natural persons are
Amendment 157 #
Proposal for a regulation Recital 30 (30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person requires
Amendment 158 #
Proposal for a regulation Recital 30 (30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person requires that end-users that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities requires that end- users that are legal entities have the right to object to the data related to them being included in a directory. The consent should be collected by the electronic communications service provider at the moment of signing the contract for such service.
Amendment 159 #
Proposal for a regulation Recital 31 (31) If end-users that are natural persons
Amendment 160 #
Proposal for a regulation Recital 31 (31) If end-users that are natural persons
Amendment 161 #
Proposal for a regulation Recital 31 (31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in
Amendment 162 #
Proposal for a regulation Recital 32 (32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends or presents direct marketing communications directly to one or more identified or identifiable
Amendment 163 #
Proposal for a regulation Recital 32 (32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable
Amendment 164 #
Proposal for a regulation Recital 32 (32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends, presents or makes direct marketing communications directly to one or more identified or identifiable end-users using electronic communications services. In addition to the offering of products and services for commercial purposes, this
Amendment 165 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect
Amendment 166 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications, including for direct marketing purposes
Amendment 167 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that
Amendment 168 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the
Amendment 169 #
Proposal for a regulation Recital 34 (34) When
Amendment 170 #
Proposal for a regulation Recital 35 (35) In order to allow easy withdrawal of consent,
Amendment 171 #
Proposal for a regulation Recital 35 (35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-users to withdraw their consent. Legal or natural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called
Amendment 172 #
Proposal for a regulation Recital 36 (36) Voice-to-voice direct marketing calls that do not involve the use of automated calling and communication systems, given that they are more costly for the
Amendment 173 #
Proposal for a regulation Recital 37 (37)
Amendment 174 #
Proposal for a regulation Recital 37 (37) Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised processing, including access, disclosure or alteration. They should ensure that such unauthorised access, disclosure or alteration is possible of being ascertained, and also ensure that electronic communications data are protected by using state of the art software and encryption technologies. Service providers should also inform end-
Amendment 175 #
Proposal for a regulation Recital 39 (39) Each supervisory authority should be competent on the territory of its own Member State to exercise the powers and to perform the tasks set forth in this Regulation. In order to ensure consistent monitoring and enforcement of this Regulation throughout the Union, the supervisory authorities should have the same tasks and effective powers in each Member State, without prejudice to the powers of prosecutorial authorities under Member State law, to bring infringements of this Regulation to the attention of the judicial authorities and engage in legal proceedings. Member States and their supervisory authorities are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation. Supervisory authorities should cooperate with the relevant authorities in other enforcement areas as appropriate.
Amendment 176 #
Proposal for a regulation Recital 40 (40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, in addition to, or instead of any other appropriate measures pursuant to this Regulation. This Regulation should indicate infringements and the upper limit and criteria for setting the related administrative fines, which should be determined by the competent supervisory authority in each individual case, taking into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and the measures taken to ensure compliance with the obligations under this Regulation and to prevent or mitigate the consequences of the infringement. The fines imposed should not lead to irreversible consequences to the undertaking in case insignificant infringement. For the purpose of setting a fine under this Regulation, an undertaking should be understood to be an undertaking in accordance with Articles 101 and 102 of the Treaty.
Amendment 177 #
Proposal for a regulation Recital 40 (40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, in addition to, or instead of any other appropriate measures pursuant to this Regulation. This Regulation should indicate infringements and the upper limit and criteria for setting the related administrative fines, which should be determined by the competent supervisory authority in each individual case, taking into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and the measures taken to ensure compliance with the obligations under this Regulation and to prevent or mitigate the consequences of the infringement. For the purpose of setting a fine under this Regulation, an undertaking should be understood to be an undertaking in accordance with Articles 101 and 102 of the Treaty. Double penalties resulting from the infringement of both this Regulation and Regulation (EU) 2016/679 should be avoided.
Amendment 178 #
Proposal for a regulation Recital 41 (41) In order to
Amendment 179 #
Proposal for a regulation Recital 43 (43) Directive 2002/58/EC and Commission Regulation (EU) 611/2013 should be repealed.
Amendment 180 #
Proposal for a regulation Recital 43 a (new) (43a) The successful functioning of innovative future network infrastructure such as Fifth Generation (5G) networks is dependent on an increasing number of devices, often with limited computational capacity, being able to process data at unprecedented speeds. The end-user's privacy in such a scenario remains a priority and should therefore be designed to complement the requirements of such infrastructure and allow free movement of the electronic communication data for 5G to operate as intended and satisfy the needs of end-users, operators, industry verticals, businesses and law and policymakers.
Amendment 44 #
Proposal for a regulation Recital 1 (1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the
Amendment 45 #
Proposal for a regulation Recital 1 (1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one
Amendment 46 #
Proposal for a regulation Recital 2 (2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication
Amendment 47 #
Proposal for a regulation Recital 2 (2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication
Amendment 48 #
Proposal for a regulation Recital 2 (2)
Amendment 49 #
Proposal for a regulation Recital 2 (2)
Amendment 50 #
Proposal for a regulation Recital 3 Amendment 51 #
Proposal for a regulation Recital 3 Amendment 52 #
Proposal for a regulation Recital 3 (3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons in addition to rules provided in Directive 2016/943/EU. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21 , also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 53 #
Proposal for a regulation Recital 3 (3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that certain provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21 , also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 54 #
Proposal for a regulation Recital 4 (4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data
Amendment 55 #
Proposal for a regulation Recital 4 (4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may include and, as regards natural persons, are always personal data as defined in Regulation (EU) 2016/679.
Amendment 56 #
Proposal for a regulation Recital 5 (5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679.
Amendment 57 #
Proposal for a regulation Recital 5 (5) The provisions of this Regulation
Amendment 58 #
Proposal for a regulation Recital 5 (5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with this Regulation. Where both this Regulation and the Regulation (EU) 2016/679 may apply to the same processing, this Regulation only should apply.
Amendment 59 #
Proposal for a regulation Recital 6 (6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an in
Amendment 60 #
Proposal for a regulation Recital 6 (6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an inconsistent or insufficient effective protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concerns new techniques that allow for tracking of
Amendment 61 #
Proposal for a regulation Recital 7 Amendment 62 #
Proposal for a regulation Recital 7 (7) The
Amendment 63 #
Proposal for a regulation Recital 7 (7)
Amendment 64 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available
Amendment 65 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural
Amendment 66 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to hardware and software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to, processed by or stored in end- users’ terminal equipment.
Amendment 67 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to or stored in end-users’ terminal equipment or use the processing capabilities of such terminal equipment.
Amendment 68 #
Proposal for a regulation Recital 8 (8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to
Amendment 69 #
Proposal for a regulation Recital 9 (9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the
Amendment 70 #
Proposal for a regulation Recital 9 (9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union. This should be the case irrespective of whether the electronic communications are connected to a payment or not.
Amendment 71 #
Proposal for a regulation Recital 11 (11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services.
Amendment 72 #
Proposal for a regulation Recital 11 (11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services.
Amendment 73 #
Proposal for a regulation Recital 12 Amendment 74 #
Proposal for a regulation Recital 12 Amendment 75 #
Proposal for a regulation Recital 12 (12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to-machine communications. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to- machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU. Regulation shall not apply to machine-to-machine communications which are not provided as a service targeting the general public. Moreover, the provision of machine-to- machine platforms shall not be considered to be an electronic communications service solely by the inclusion of service other than the mere conveyance of communication data (such as collecting and making machine-to-machine data available to end-users via (i) the platform, (ii) offering functions to analyse the machine-to-machine data via the platform or (iii) transfer signals to operate and control the machines via the platform).
Amendment 76 #
Proposal for a regulation Recital 12 (12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to-machine communications. In the context of automated supply-chains and elsewhere in the manufacturing or industrial context, the communication by the machines involved may not be inter- personal and may not involve natural persons. However, its confidentiality still needs protection in order to protect internal business information. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to-
Amendment 77 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as
Amendment 78 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as
Amendment 79 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. Th
Amendment 80 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of
Amendment 81 #
Proposal for a regulation Recital 13 (13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In contrast, this Regulation should not apply to closed groups of end-users such as corporate networks, access to which is limited to members of the corporation. The mere act of requiring a password should not be considered as providing access to a closed group of end-users if the access is provided to an undefined group of end- users.
Amendment 82 #
Proposal for a regulation Recital 14 (14) Electronic communications data
Amendment 83 #
Proposal for a regulation Recital 14 (14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged
Amendment 84 #
Proposal for a regulation Recital 14 (14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata from the perspective of Internet access providers and therefore be subject to the provisions of this Regulation. Data generated, processed or transmitted by interpersonal communications services for the purpose of sending, transmitting or receiving such communications should be considered as electronic communications metadata from the perspective of the providers of these services but should still be considered as electronic communications content from the perspective of Internet access providers. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
Amendment 85 #
Proposal for a regulation Recital 14 a (new) Amendment 86 #
Proposal for a regulation Recital 15 (15) Electronic communications data should be treated as confidential. This means that any processing of electronic communications data or any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited.
Amendment 87 #
Proposal for a regulation Recital 15 (15) Electronic communications
Amendment 88 #
Proposal for a regulation Recital 15 (15) Electronic communications data should be treated as confidential. This means that any interference with
Amendment 89 #
Proposal for a regulation Recital 16 (16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission
Amendment 90 #
Proposal for a regulation Recital 16 (16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network.
Amendment 91 #
Proposal for a regulation Recital 16 (16) The prohibition of storage of communications during transmission is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. The processing of pseudonymised data, should be incentivized as the act of psedonymisation dramatically reduces any privacy and security risk associated with processing of data related to transmission. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the
Amendment 92 #
Proposal for a regulation Recital 16 (16) The prohibition of storage of communications during conveyance is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying
Amendment 93 #
Proposal for a regulation Recital 16 a (new) (16a) Regulation 2016/679 explicitly recognises the need to provide additional protection to children, given that they may be less aware of the risks and consequences associated with the processing of their personal data. This Regulation should also grant special attention to the protection of children's privacy. They are among the most active internet users and their exposure to profiling and behaviourally targeted advertising techniques should be prohibited.
Amendment 94 #
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole.
Amendment 95 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole.
Amendment 96 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole.
Amendment 97 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications metadata can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata,
Amendment 98 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata
Amendment 99 #
Proposal for a regulation Recital 17 (17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata
source: 604.858
2017/07/10
JURI
428 amendments...
Amendment 100 #
Proposal for a regulation Recital 21 a (new) (21a) Equipment location data can give a very detailed and intrusive insight into an individual´s personal life or an organisation´s business and activities. Processing of location data from any source, whether electronic communications metadata or equipment location data should be conducted on the basis of clear rules.
Amendment 101 #
Proposal for a regulation Recital 21 a (new) (21a) Equipment location data can give a very detailed and intrusive insight into an individual's personal life or an organisation's business and activities. Processing of location data from any source, whether electronic communications metadata or equipment location data should be conducted on the basis of clear rules.
Amendment 102 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly
Amendment 103 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem.
Amendment 104 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties, absent any separate, specific consent obtained from the end-user. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that p
Amendment 105 #
Proposal for a regulation Recital 22 (22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the
Amendment 106 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this
Amendment 107 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 108 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to
Amendment 109 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should differentiate between the cookies of third parties having a contractual relationship with the website providers and other third-party cookies. Such privacy settings should be presented in
Amendment 110 #
Proposal for a regulation Recital 23 (23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies
Amendment 111 #
Proposal for a regulation Recital 24 Amendment 112 #
Proposal for a regulation Recital 24 (24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and
Amendment 113 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a
Amendment 114 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information
Amendment 115 #
Proposal for a regulation Recital 25 (25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be
Amendment 116 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security (i.e.: state security), defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Encryption and other security measures are critical to ensure the confidentiality and integrity of electronic communications and the security and integrity of the electronic communications infrastructure as a whole. The measures taken by Member States should not entail any obligations for the provider of the electronic communications network or service that would result in weakening of the security and encryption of their networks and services. Providers of electronic communications services should provide
Amendment 117 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State,
Amendment 118 #
Proposal for a regulation Recital 26 (26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article
Amendment 119 #
Proposal for a regulation Recital 26 a (new) (26a) The introduction of itemised bills has improved the possibilities for the subscriber to check the accuracy of the fees charged by the service provider but, at the same time, it may jeopardise the privacy of the end-users of electronic communications services. The availability of electronic communications service options with alternative payment facilities which allow anonymous or strictly private access to publicly available electronic communications services, for example unregistered SIM cards and facilitates for payment by credit card, can mitigate these risks. When the end-user is a natural person who is different from the subscriber receiving the itemised bill, for example in an employment context, the operator of number-based interpersonal communication services should offer their subscribers a different type of itemised bill in which a certain number of digits of the called number will not be shown.
Amendment 120 #
Proposal for a regulation Recital 31 (31) If end-users that are natural persons
Amendment 121 #
Proposal for a regulation Recital 32 (32) In this Regulation, direct marketing refers to any form of advertising or similar promotion by which a natural or legal person sends direct or presents direct marketing communications directly to one or more identified or identifiable end-users
Amendment 122 #
Proposal for a regulation Recital 32 (32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable end-users using electronic communications services. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation. It should not apply to the communication for scientific research purposes like market and opinion research.
Amendment 123 #
Proposal for a regulation Recital 32 a (new) (32a) Communication to elected representatives or public authorities on matters of public policy, legislation or other activities of democratic institutions should not be regarded as direct marketing for the purpose of this Regulation.
Amendment 124 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent
Amendment 125 #
Proposal for a regulation Recital 33 (33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing
Amendment 126 #
Proposal for a regulation Recital 35 (35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-users to withdraw their consent. Legal or natural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called
Amendment 127 #
Proposal for a regulation Recital 36 (36) Voice-to-voice direct marketing calls that do not involve the use of automated calling and communication systems, given that they are more costly for the sender and impose no financial costs on end-users. Member States should therefore be able to establish and or maintain national systems only allowing such calls to end-users who have not objected. End- users should be able to object to future calls from a specific company or organization. Member States should also ensure that the end-users can object to all future voice-to-voice direct marketing calls by registering their objection in the national "Do Not Call" register. A user- friendly option to object to all future calls should be provided free of charge.
Amendment 128 #
Proposal for a regulation Recital 37 (37) Service providers who offer electronic communications services should
Amendment 129 #
Proposal for a regulation Recital 37 (37) Service providers who offer publicly available electronic communications services should inform end- users of measures they can take to protect the security of their communications from particular and significant security threats, for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security
Amendment 130 #
Proposal for a regulation Recital 40 (40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, in addition to, or instead of any other appropriate measures pursuant to this Regulation. This Regulation should indicate infringements and the upper limit and criteria for setting the related administrative fines, which should be determined by the competent supervisory authority in each individual case, taking into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and the measures taken to ensure compliance with the obligations under this Regulation and to prevent or mitigate the consequences of the infringement. For the purpose of setting a fine under this Regulation, an undertaking should be understood to be an undertaking in accordance with Articles 101 and 102 of the Treaty. It should not be permitted to impose double penalties resulting from the violation of both Regulation (EU) 2016/279 and this Regulation.
Amendment 131 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data regardless of whether a payment is required by the user.
Amendment 132 #
Proposal for a regulation Article 1 – paragraph 2 2. This Regulation ensures free movement of electronic communications data and electronic communications services within the Union
Amendment 133 #
Proposal for a regulation Article 1 – paragraph 3 Amendment 134 #
Proposal for a regulation Article 1 – paragraph 3 3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2. Except where otherwise provided for in this Regulation, the provisions of Regulation (EU) 2016/679 shall apply when personal data is processed.
Amendment 135 #
Proposal for a regulation Article 1 – paragraph 3 3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down necessary specific rules for the purposes mentioned in paragraphs 1 and 2.
Amendment 136 #
Proposal for a regulation Article 1 – paragraph 3 a (new) 3a. Where the specific rules in paragraph 3 involve processing of personal data that are subject to Regulation (EU) 2016/679, both Regulations apply. In cases of conflict between the two Regulations, the European Data Protection Board shall determine the instrument that should apply.
Amendment 137 #
Proposal for a regulation Article 1 – paragraph 3 b (new) 3b. When making a determination in line with paragraph 4, the European Data Protection Board shall consider that the interests for natural persons are paramount.
Amendment 138 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users regardless of whether a payment is required by the user.
Amendment 139 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services
Amendment 140 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to or processed by the terminal equipment of end-users.
Amendment 141 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to
Amendment 142 #
Proposal for a regulation Article 2 – paragraph 1 – point a (new) (a) the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services, irrespective of whether a payment from the end-user is required.
Amendment 143 #
Proposal for a regulation Article 2 – paragraph 1 – point b (new) (b) the processing of information related to or processed by the terminal equipment of end-users.
Amendment 144 #
Proposal for a regulation Article 2 – paragraph 1 – point c (new) (c) the placing on the market of hardware and software permitting electronic communications by end-users, including the retrieval and presentation of information on the Internet;
Amendment 145 #
Proposal for a regulation Article 2 – paragraph 1 – point d (new) (d) the provision of publicly available directories of users of electronic communication;
Amendment 146 #
Proposal for a regulation Article 2 – paragraph 1 – point e (new) (e) the sending of commercial electronic communications concerning direct marketing to end-users.
Amendment 147 #
Proposal for a regulation Article 2 – paragraph 2 – point c Amendment 148 #
Proposal for a regulation Article 2 – paragraph 2 – point d (d) activities of competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, without prejudice to article 11;
Amendment 149 #
Proposal for a regulation Article 2 – paragraph 2 – point d a (new) (da) hardware and software placed on the market permitting electronic communications between users or end- users, including the presentation of information on the Internet
Amendment 150 #
Proposal for a regulation Article 2 – paragraph 3 3. The processing of electronic communications data by the Union institutions, bodies, offices and agencies insofar as they are not publicly available and not originating or having as destination publicly available communications services, is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001].
Amendment 151 #
Proposal for a regulation Article 3 – paragraph 1 – introductory part 1. This Regulation applies to
Amendment 152 #
Proposal for a regulation Article 3 – paragraph 1 – point c (c) the protection of information related to or processed by the terminal equipment of end-
Amendment 153 #
Proposal for a regulation Article 3 – paragraph 1 – point c (c) the protection of information related to the terminal equipment of end- users
Amendment 154 #
Proposal for a regulation Article 3 – paragraph 1 – point c (c) the protection of information related to the terminal equipment of end- users
Amendment 155 #
Proposal for a regulation Article 3 – paragraph 2 2. Where the provider of an electronic
Amendment 156 #
Proposal for a regulation Article 3 – paragraph 4 4. The representative shall
Amendment 157 #
Proposal for a regulation Article 3 – paragraph 4 4. The representative shall
Amendment 158 #
Proposal for a regulation Article 3 – paragraph 4 4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-users, on all issues related to
Amendment 159 #
Proposal for a regulation Article 3 – paragraph 5 5. The designation of a representative pursuant to paragraph 2 shall be without prejudice to legal actions, which could be initiated against a natural or legal person who
Amendment 160 #
Proposal for a regulation Article 3 a (new) Article 3a Applicable law in the online environment 1. To the extent that Regulation (EU) 2016/679 or this Regulation allow Member States to regulate the processing of personal data or electronic communications data, in their domestic laws, the relevant national law provisions shall apply to: (a) the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in the Member State in question; or (b) the processing of personal data or electronic communications data by a controller, processor or a provider of an electronic communications service or network not established in the Union , offering goods or services in that Member State or monitoring the behaviour of data subjects in that Member State; 2. The relevant national law provisions as set out in point 1 of this Article do not apply to the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in another Member State, who shall instead only be subject to the relevant national law provisions of that other Member State.
Amendment 161 #
Proposal for a directive Article 4 – paragraph 1 – point b (b)
Amendment 162 #
Proposal for a regulation Article 4 – paragraph 1 – point b a (new) (ba) ‘user or end-user’ means a natural person using a publicly available electronic communications service, without necessarily having subscribed to this service;
Amendment 163 #
Proposal for a regulation Article 4 – paragraph 1 – point b b (new) (bb) ‘number-based interpersonal communications service’ means an interpersonal communications service which uses assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans partly or fully as its addressing system;
Amendment 164 #
Proposal for a regulation Article 4 – paragraph 1 – point b c (new) (bc) ‘call’ means a connection established by means of a publicly available electronic interpersonal communications service allowing voice communication between two or more endpoints;
Amendment 165 #
Proposal for a regulation Article 4 – paragraph 1 – point b d (new) (bd) ‘electronic communication service’ means service normally provided for remuneration via electronic communications networks, which encompasses 'internet access service' as defined in Article 2(2) of Regulation (EU) 2015/2120; and/or 'interpersonal communications service'; and/or services consisting wholly or mainly in the conveyance of signals such as transmission services used for the provision of machine-to-machine services and for broadcasting;
Amendment 166 #
Proposal for a regulation Article 4 – paragraph 1 – point b e (new) (be) ‘interpersonal communications service’ means a service normally provided for remuneration that enables direct interpersonal and interactive exchange of information via electronic communications networks. This includes services that enable interpersonal and interactive communication as a minor ancillary feature that is intrinsically linked to another service;
Amendment 167 #
Proposal for a regulation Article 4 – paragraph 1 – point b f (new) (bf) ‘number- independent interpersonal communications service’ means an interpersonal communications service which does not connect with the public switched telephone network, either by means of assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 168 #
Proposal for a regulation Article 4 – paragraph 3 – point a a (new) (aa) ‘normally for remuneration’ means involving an economic transaction, whether financial or not;
Amendment 169 #
Proposal for a regulation Article 4 – paragraph 3 – point b (b) ‘electronic communications content’ means the content exchanged by means of electronic communications services or via electronic communications networks , such as text, voice, videos, images, and sound;
Amendment 170 #
Proposal for a regulation Article 4 – paragraph 3 – point b (b) ‘electronic communications content’ means the content exchanged by means of electronic communications services or via electronic communications networks, such as text, voice, videos, images, and sound;
Amendment 171 #
Proposal for a regulation Article 4 – paragraph 3 – point c (c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including, but not limited to, data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication; It includes data broadcast or emitted by the terminal equipment to identify end-users' communications and/or terminal equipment in the network and enable it to connect to such network or to another device.
Amendment 172 #
Proposal for a regulation Article 4 – paragraph 3 – point c (c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including but not limited to, data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications
Amendment 173 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f) ‘direct marketing communications’ means any form of
Amendment 174 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f) ‘direct marketing communications’
Amendment 175 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f) ‘direct marketing communications’ means any form of advertising
Amendment 176 #
Proposal for a regulation Article 4 – paragraph 3 – point f (f) ‘direct marketing communications’ means any form of
Amendment 177 #
Proposal for a regulation Article 4 – paragraph 3 – point g (g) ‘direct marketing voice-to-voice calls’ means live calls, which do not entail the use of automated calling systems and communication systems; and which connect the caller and the recipient of the call with or without the use of semi- automated communication systems, such as for example automatic dialers;
Amendment 178 #
Proposal for a regulation Article 4 – paragraph 3 – point h a (new) (ha) ‘new equipment location data’ means data that can enable the geospatial location, movement or direction of terminal equipment and is not processed in order to provide a communications service;
Amendment 179 #
Proposal for a regulation Article 4 – paragraph 3 – point h a (new) (ha) ‘equipment location data’ means data that can enable the geospatial location, movement or direction of terminal equipment and is not processed in order to provide a communications service;
Amendment 180 #
Proposal for a regulation Chapter 2 – title PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION
Amendment 181 #
Proposal for a regulation Article 5 – title Confidentiality of electronic communications
Amendment 182 #
Proposal for a regulation Article 5 – title Confidentiality of electronic communications
Amendment 183 #
Proposal for a regulation Article 5 – paragraph 1 Amendment 184 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data
Amendment 185 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. The provisions of Regulation (EU) 2016/679 shall apply unless this Regulation stipulates special provisions.
Amendment 186 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications data regardless of whether this data is in transit or stored, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 187 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data during conveyance, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications
Amendment 188 #
Proposal for a regulation Article 5 – paragraph 1 Electronic communications data shall be confidential. Any interference with electronic communications data, at rest or in transit, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 189 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Electronic communications data shall be confidential. Any processing of electronic communications data, including interference with electronic communications data such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, regardless of whether this data is in transit or stored, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 190 #
Proposal for a regulation Article 5 – paragraph 1 a (new) For the implementation of paragraph 1, providers of electronic communications networks and services shall take technical and organisational measures as defined in Article 32 of Regulation (EU) 2016/679. Additionally, to protect the integrity of terminal equipment and the safety, security and privacy of users, providers or electronic communications networks and services shall take appropriate measures based on the risk and on the state of the art to reasonably prevent the distribution through their networks or services of malicious software as referred to in Article 7 subparagraph a of Directive 2013/40/EU.
Amendment 191 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Neither providers of electronic communication services nor any third parties shall process electronic communications data that are not collected on the basis of consent or any other legal ground under this Regulation, or any other legal basis not specifically provided for in this Regulation.
Amendment 192 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 193 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Confidentiality of electronic communications data shall also include terminal equipment and machine-to- machine communications when related to a user.
Amendment 194 #
Proposal for a regulation Article 6 – title Amendment 195 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Providers of electronic communications networks and services may process electronic communications data during transmission if:
Amendment 196 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 197 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 198 #
Proposal for a regulation Article 6 – paragraph 1 – point a Amendment 199 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose and the data is stored in a binary format; or
Amendment 200 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 201 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose
Amendment 202 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose only; or
Amendment 203 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 204 #
|