30 Amendments of Viviane REDING related to 2017/0003(COD)
Amendment 136 #
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union (“the Charter”) protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including information regarding when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communicationg parties. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and inter-personal messaging provided through social media. It should also apply when the confidentiality of electronic communications and the privacy of the physical environment converge, i.e. where terminal devices for electronic communication can also listen into their physical environment or use other input channels such as Bluetooth signalling or movement sensors.
Amendment 150 #
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providersOn the contrary, it aims to provide additional, and complementary, safeguards taking into account the need for additional protection as regards the confidentiality of communications. Processing of electronic communications servicesdata should only be permitted in accordance with, and on a legal ground specifically provided under, this Regulation.
Amendment 161 #
Proposal for a regulation
Recital 7
Recital 7
(7) The Member States should be allowed, within the limits of this Regulation, to maintain or introduce national provisions to further specify andEuropean Data Protection Board should, where necessary, issue guidance and opinions within the limits of this Regulation, to further clarify the application of the rules of this Regulation in order to ensure an effective application and interpretation of those rules. Therefore, the margin of discretion, which Member States hase guidance and opinions should take into account the dual objective inof this rRegard,ulation, therefore they should maintain a balance between the protection of private life and personal data and the free movement of electronic communications data.
Amendment 174 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-usUsers and subscribers increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to, also known as “over-the-top services” (OTTs). This Regulation aims at ensureing an effective and equal protection of end-ususers and subscribers when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]so as to ensure the confidentiality of their communication, irrespective of the technological medium chosen.. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)), such as internal messaging, newsfeeds, timelines and similar functions in online services where messages are exchanged with other users within or outside that service; therefore, such type of services also having a communication functionality should be covered by this Regulation.
Amendment 214 #
Proposal for a regulation
Recital 17 a (new)
Recital 17 a (new)
(17a) This Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. However, users attach great importance to the confidentiality of their communications, including their online activities, and they want to control the use of their electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain users’ consent to process electronic communications data. For the purposes of this Regulation, the consent of a user should have the same meaning and be subject to the same conditions as the consent of the data subject under Regulation (EU) 2016/679.
Amendment 242 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. This Regulation should prevent the use of so- called “cookie walls” and “cookie banners” that do not help users to maintain control over their personal information and privacy or become informed about their rights. The use of technical means to provide consent, for example, through transparent and user- friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other applicationor withdraw consent and to object by technical specifications using automated means, such as the appropriate settings of a hardware or software permitting the retrieval and presentation of information on the internet. Those settings should include choices concerning the use of processing and storage capabilities of the user’s terminal equipment as well as a signal sent by the hardware or software indicating the user’s preferences to other parties. The choices made by end- users when establishing its general privacy settings of a browser or other applicationhardware of software should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-More particularly web browsers, applications or mobile operating systems may be userd and the website. From this perspective, they are in a privileged position to play an active role to help the end-s a user’s personal privacy assistant communicating the user’s choices, thus helping users to control the flow of information to and fromprevent information related to or processed by their terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored (for example smart phone, tablet or computer) from being accessed, processed or stored. They should therefore not abuse their position as gate- keepers and still allow for possibilities for the user to individually give consent with regard to a certain specific service or service provider.
Amendment 264 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should ask for the end-user´s consent or should carry out data protection impact assessment and in this case the data collected is or is rendered pseudonymous or anonymous. Where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk, prior consultation with the supervisory authority, as prescribed in Article 36 of Regulation (EU) 2016/679, shall be carried out. Providers should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679.
Amendment 273 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3).
Amendment 312 #
Proposal for a regulation
Recital 36
Recital 36
Amendment 399 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Electronic communications data shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.
Amendment 409 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
2.Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 421 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 426 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the security ofavailability, integrity and confidentiality of the respective electronic communications networks and or services, or to detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
Amendment 455 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is technically strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 461 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 515 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of input, output, processing and storage capabilities of terminal equipment and the collectionprocessing of information from end-users’ terminal equipment, including about' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 521 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) it is strictly technically necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications networkservice; or
Amendment 523 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service or use a terminal equipment, for the duration strictly technically necessary for that purpose; or
Amendment 535 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is strictly technically necessary for providing an information society service specifically requested by the end-ususer, for the duration necessary for that provision of the service, provided that the provision of that specific service cannot be fulfilled without the processing of such information by the provider; or
Amendment 586 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
(a a) the end-user has given his or her consent;or
Amendment 589 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) the information collected is or is rendered pseudonymous or anonymous and the data protection impact assessment and, if necessary, a prior consultation with the supervisory authority were carried out, as prescribed respectively in Article 35 and 36 of Regulation (EU) 2016/679, and a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.
Amendment 610 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EUin Regulation (EU) 2016/679/EU, including, inter alia, in its Articles 4(11), 7 and 8, shall apply.
Amendment 633 #
Proposal for a regulation
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
3 a. Without prejudice to Article 7(4) of Regulation (EU) 2016/679, a user shall not be denied access to any electronic communications service, information society service or functionality of a terminal equipment, regardless of whether this is remunerated or not, on the mere grounds that he or she has not given his or her consent to (a) the processing of electronic communications data, metadata or content pursuant to Article 6;or (b) the use of input, output, processing and storage capabilities of terminal equipment and the processing of information related to or processed by the users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, pursuant to Article 8(1) that is technically not strictly necessary for the provision of that service or functionality.
Amendment 634 #
Proposal for a regulation
Article 9 – paragraph 3 b (new)
Article 9 – paragraph 3 b (new)
3 b. Any processing based on consent must not adversely affect the rights and freedoms of individuals whose personal data are related to or transmitted by the communication, in particular their rights to privacy and the protection of personal data.
Amendment 655 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, requiBy default, such hardware or software shall have activated privacy settings that prevent other parties from exercising the activities referred to in paragraph 1. If the hardware or software allows for deviating settings, the user shall be informed about the privacy settings options during first use or installation and shall be offered the end-user to consent to a settingpossibility to change or confirm them.
Amendment 660 #
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2 a. The software permitting the end- user to access individual websites shall enable the end-user to customise his or her privacy settings according to the website visited.
Amendment 722 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct and delete any data related to them shall be provided free of charge and in an easily accessible manner by the party that collected the consent or directly from the provider of publicly available directory.
Amendment 738 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The customer shall be informed about the right to object and shall be given an easy way to exercise it at the time of collection and each time a message is sent.
Amendment 753 #
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
Amendment 782 #
Proposal for a regulation
Article 17 – paragraph 1 e (new)
Article 17 – paragraph 1 e (new)
This Article shall be without prejudice to the obligations provided for in Articles 32 to 34 of Regulation (EU) 2016/679 and the obligations provided for in Directive (EU) 2016/1148.