43 Amendments of Peter KOUROUMBASHEV related to 2017/0003(COD)
Amendment 90 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and two intermediate (for example, ‘reject third partyracking cookies’ or ‘only accept first party cookicookies on whitelisted and/or frequently visited information society services’). Such privacy settings should be presented in a an easily visible and intelligible manner.
Amendment 99 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should not only display prominent notices in public spaces, located on the edge of the area of coverage, but also send information to the terminal equipment, informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679.
Amendment 118 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures the accurate and sustainable functioning of the digital single market and the free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 121 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use ofwhen making available and utilizing electronic communications services, network services, and to information related to the terminal equipment of end-users.
Amendment 137 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchanged by means of publically accessible electronic communications services, such as text, voice, videos, images, and sound;
Amendment 140 #
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘electronic communications metadata’ means all data processed in an electronicopen communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;
Amendment 145 #
Proposal for a regulation
Article 4 – paragraph 3 – point g
Article 4 – paragraph 3 – point g
(g) ‘direct marketing voice-to-voice calls’ means live calls, which do not entail the use of automated calling systems and communication systems; this shall not include calls and text messages linked to Amber Alert;
Amendment 149 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, regardless of whether the communication involves natural or legal persons. Any interference with electronic communications inactive data that is stored physically in any digital form, or data in motion, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the send-userer or intended recipients, shall be prohibited, except when permitted by this Regulation.
Amendment 161 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or, restore the securand protect the security, constancy, confidentiality, availability and authenticity of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose; providers of electronic communications networks and services are encouraged to ensure through proportionate means the impediment of distribution of malicious software in line with Article 7(a) of Directive 2013/40/EU.
Amendment 168 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services and network providers may process electronic communications metadata if:
Amendment 171 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or for the purpose of network planning of the Electronic Communication Systems; or for the purpose of technological innovations, strictly related to the improvement of the network. This should be possible under the following safeguards: approval of the supervisory authority; pseudonymisation of the data, only if anonymisation is not possible for the purpose of the service; the minimum data required should be processed. _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 174 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or scams schemes affecting third parties connected to the network; or
Amendment 182 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. Even in the denial or absence of consent of an end-user, for the processing of metadata in order to locate an individual, in cases of calls to emergency services, exclusively for Amber Alert and the European emergency phone number (112).
Amendment 199 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of information stored in and related to end-users’transmitted to, stored in, restored from or processed in any other way relative to terminal equipment
Amendment 225 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) for emergency services acting on calls to the European emergency phone number (112) or Amber Alert.
Amendment 232 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
1a. It is necessary to safeguard the security and privacy of the end-user, as well as to guarantee the incorruptibility, accessibility, confidentiality, and authenticity of terminal equipment or the electronic communication network or services.
Amendment 242 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) a clear and prominent notice is displayed informing of, at least, the public space as a warning, additionally information is sent to terminal equipment providing the end- user with an option of informed consent, as well as with additional information regarding the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.
Amendment 248 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The information to be provided pursuant to point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner; in order to provide this information, a labelling scheme can be used for software and terminal equipment, specifying the security and quality characteristics.
Amendment 250 #
Proposal for a regulation
Article 8 – paragraph 3 – subparagraph 1 (new)
Article 8 – paragraph 3 – subparagraph 1 (new)
Relevant technical guidelines shall be developed by the competent European authorities.
Amendment 261 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 266 #
Proposal for a regulation
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
3a. The possibility of proper informed consent should be applied in all cases.
Amendment 267 #
Proposal for a regulation
Article 9 – paragraph 3 b (new)
Article 9 – paragraph 3 b (new)
3 b. The possibility to easily revoke consent should be offered in an explicit manner.
Amendment 273 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software and terminal equipment placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipmenta set of four different privacy settings by design, including an option to accept cookies from whitelisted and/or frequently visited information society services.
Amendment 274 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1 a. Additional information practices should be put in place explaining clearly and briefly the necessity and purpose of the active tracking cookies.
Amendment 283 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a settinghoose a setting. Settings must be easily accessible and modifiable during the use of the terminal equipment or software.
Amendment 288 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 AugustMay 20189.
Amendment 290 #
Proposal for a regulation
Article 10 a (new)
Article 10 a (new)
Article 10 a Information society services should respond to an emitted '' Do Not Track '' (DNT) signal, by indicating to the end- user that tracking cookies have been switched off.
Amendment 300 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Regardless of whether the calling end-user has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification and the denial or absence of consent of an end-user for the processing of metadata, on a per-line basis for organisations dealing with emergency communications, including public safety answering points, for the purpose of responding to such communications.
Amendment 311 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons acting out of their business capacity whose personal data are in the directory of the available search functions of the directory and obtain end- users’ consent before enabling such search functions related to their own data.
Amendment 313 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The providers of publicly available directories shall provide end-users that are legal persons or natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct and delete such data.
Amendment 356 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC is repealed with effect from 25 MayNovember 2018.
Amendment 358 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
By 1 Januaryune 2018 at the latest, the Commission shall establish a detailed programme for monitoring the effectiveness of this Regulation.
Amendment 360 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 MayNovember 2018.
Amendment 389 #
Proposal for a regulation
Article 4 – paragraph 3 – point g
Article 4 – paragraph 3 – point g
(g) ‘'direct marketing voice-to-voice calls’' means live calls, which do not entail the use of automated calling systems and communication systems; this shall not include calls and text messages linked to Amber Alert;
Amendment 430 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or, restore the securand protect the security, constancy, confidentiality, availability and authenticity of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose; providers of electronic communications networks and services are encouraged to ensure through proportionate means the impediment of distribution of malicious software in line with Article 7(a) of Directive 2013/40/EU.
Amendment 457 #
Proposal for a regulation
Article 6 – paragraph 2 – point a a (new)
Article 6 – paragraph 2 – point a a (new)
(a a) even in the denial or absence of consent of an end-user for the processing of metadata in order to locate an individual in cases of calls to emergency services exclusively for Amber Alert and the European emergency phone number (112).
Amendment 527 #
Proposal for a regulation
Article 8 – paragraph 1 – point b a (new)
Article 8 – paragraph 1 – point b a (new)
(b a) for emergency services acting on calls to the European emergency phone number (112) or Amber Alert
Amendment 578 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
1 a. It is necessary to safeguard the security and privacy of the end-user, as well as to guarantee the incorruptibility, accessibility, confidentiality, and authenticity of terminal equipment or the electronic communication network or services.
Amendment 604 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The information to be provided pursuant to point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner;in order to provide this information a labelling scheme can be used for software and terminal equipment specifying the security and quality characteristics.
Amendment 666 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 AugustMay 20189.
Amendment 691 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Regardless of whether the calling end-user has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification and the denial or absence of consent of an end-user for the processing of metadata, on a per-line basis for organisations dealing with emergency communications, including public safety answering points, for the purpose of responding to such communications.
Amendment 820 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC is repealed with effect from 25 MayNovember 2018.
Amendment 826 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 MayNovember 2018.