BETA

Activities of Angel DZHAMBAZKI related to 2017/0003(COD)

Legal basis opinions (0)

Amendments (32)

Amendment 74 #
Proposal for a regulation
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited except for permissible uses as set forth in this Regulation. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee. Interception of electronic communications data may occur, for example, when someone other than the communicating parties or their electronic communications service providers, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata during transmission for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concernedby accessing electronic communications data during their transmission on public communications networks. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profile monitor browsing habits. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, including browsing habits without the end-users' consent.
2017/07/10
Committee: JURI
Amendment 75 #
Proposal for a regulation
Recital 15 a (new)
(15a) The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate and justifiable purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.
2017/07/10
Committee: JURI
Amendment 76 #
Proposal for a regulation
Recital 15 b (new)
(15b) Providers of electronic communications networks and services now provide their end-users with enhanced features by using communications data before the provider transmits the data through a public network or after the provider has received the data from such a network. These enhanced features include speech-to-text conversion for users with disabilities, digital personal assistants using voice commands, automatic language translation, and message prioritisation and sorting. For the purposes of these service providers, electronic communications are not in transmission once the service provider of the intended recipient has received the communications for delivery to the recipient's terminal equipment or until the service provider of the sender has sent the communication to another service provider for eventual delivery to the intended recipient.
2017/07/10
Committee: JURI
Amendment 78 #
Proposal for a regulation
Recital 16
(16) The prohibition of storage of communications during transmission is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission inby the electronic communications network. It should or service. This Regulation also does not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc. Filtering of unlawful content, including child and juvenile pornography, is permissible.
2017/07/10
Committee: JURI
Amendment 86 #
Proposal for a regulation
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consentpursuant to Regulation (EU) 2016/679. However, end- users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users' consentmeet the requirements of Regulation (EU) 2016/79 to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 95 #
Proposal for a regulation
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhancedrobust privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent or on some other legitimate basis in Union or Member State law and for specific and transparent purposes.
2017/07/10
Committee: JURI
Amendment 97 #
Proposal for a regulation
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities ofstore information in terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizingcomply with all obligations pursuant to Regulation (EU) 2016/679. This concerns, for instance, the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested byervice that is beneficial to the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information societySimilarly, providers of terminal equipment and the software needed to operate such equipment regularly need access to configuration and other device information and the processing and storage capabilities to maintain the equipment, prevent security vulnerabilities and correct problems related to the equipment's operation. Information society providers and electronic communications service providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end- user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
2017/07/10
Committee: JURI
Amendment 104 #
Proposal for a regulation
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties, absent any separate, specific consent obtained from the end-user. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Wrovide route guidance, may have also the same capabilities. Terminal equipment operating systems and standalone communications software do not provide these capabilities. While website providers are ultimately responsible for honouring the technical means of consent provided through a browser's general privacy settings, web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored. Examples of appropriate browser settings include settings that allow users to block all cookies or only third-party cookies, and those that allow users to send a "Do Not Track" request with their browsing traffic.
2017/07/10
Committee: JURI
Amendment 118 #
Proposal for a regulation
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3)27 of Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 129 #
Proposal for a regulation
Recital 37
(37) Service providers who offer publicly available electronic communications services should inform end- users of measures they can take to protect the security of their communications from particular and significant security threats, for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security riskthreats does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security riskthreats to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 184 #
Proposal for a regulation
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by during conveyance, such as by unauthorized listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. The processing of electronic communications data following conveyance to the intended recipients or their service provider shall be subject to Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 195 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data during transmission if:
2017/07/10
Committee: JURI
Amendment 208 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security of electronic communications networks and services and their users, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
2017/07/10
Committee: JURI
Amendment 210 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
(ba) it is necessary for the purpose of the legitimate interests of the provider except where such interests are overridden by the interests or fundamental rights and freedoms of the service provider's end-users.
2017/07/10
Committee: JURI
Amendment 216 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata during transmission if:
2017/07/10
Committee: JURI
Amendment 233 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
(c) the end-user concernedservice provider's end-user has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous and the processing is compatible with such purposes.
2017/07/10
Committee: JURI
Amendment 238 #
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
3. Providers of the electronic communications services may process electronic communications content during transmission only:
2017/07/10
Committee: JURI
Amendment 241 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given thas given his or heir consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or
2017/07/10
Committee: JURI
Amendment 242 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given theirthe service provider's end-user has consented to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authoritypursuant to Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 256 #
Proposal for a regulation
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients unless the service provider has a lawful basis for further processing in accordance with Article 6 of Regulation (EU) 2016/679. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 259 #
Proposal for a regulation
Article 7 – paragraph 2
2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication. unless the service provider has a lawful basis for further processing in accordance with Article 6 of Regulation (EU) 2016/679.
2017/07/10
Committee: JURI
Amendment 274 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and thestorage or collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
2017/07/10
Committee: JURI
Amendment 277 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
(a) it is necessary for the sole purpose ofof providing an electronic communications service, including carrying out the transmission of an electronic communication over an electronic communications network; or
2017/07/10
Committee: JURI
Amendment 282 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent to the use of their terminal equipment for one or more specific purposes in accordance with Regulation (EU) 2016/679; or
2017/07/10
Committee: JURI
Amendment 298 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.; or
2017/07/10
Committee: JURI
Amendment 301 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
(da) it is necessary for the purpose of the legitimate interests of the provider of the terminal equipment and its operating software, an electronic communications service or an information society service, except where such interests are overridden by the interests or fundamental rights and freedoms of the end-user.
2017/07/10
Committee: JURI
Amendment 346 #
Proposal for a regulation
Article 9 – paragraph 2
2. Without prejudice to paragraph 1Regulation (EU) 2016/679, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.
2017/07/10
Committee: JURI
Amendment 349 #
Proposal for a regulation
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
2017/07/10
Committee: JURI
Amendment 363 #
Proposal for a regulation
Article 10 – paragraph 1
1. Software placed on the market permitting electronic communications, including thefor the purpose of retrieval and presentation of information on the internet, such as web browsers, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.
2017/07/10
Committee: JURI
Amendment 376 #
Proposal for a regulation
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018six months after this Regulation enters into force.
2017/07/10
Committee: JURI
Amendment 390 #
Proposal for a regulation
Article 11 – paragraph 2
2. Providers of publicly available electronic communications services shall establish internal procedures for responding to requests received for access to end- users' electronic communications data - based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response - the legal justification invoked and their response. Providers will respond to requests for access in accordance with the legal requirements where the service provider has its main establishment under Regulation (EU) 2016/679. For requests from a Member State where the service provider is not established, cross-border mechanisms for requests under mutual legal assistance conventions or Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters will be followed. Without prejudice to any requirements under Member State law to provide information to competent law enforcement authorities, they shall provide the competent supervisory authority, on demand, with information about those procedures.
2017/07/10
Committee: JURI
Amendment 432 #
Proposal for a regulation
Article 17 – paragraph 1
In the case of a particular riskand significant threat that may compromise the security of networks and electronic communications services, the provider of an publicly available electronic communications service shall inform its end-users concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies, including an indication of the likely costs involvedthreat and inform end-users of any possible protective measures or remedies, which can be taken by end-users.
2017/07/10
Committee: JURI