36 Amendments of Richard SULÍK related to 2017/0003(COD)
Amendment 46 #
Proposal for a regulation
Recital 2
Recital 2
(2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.
Amendment 50 #
Proposal for a regulation
Recital 3
Recital 3
Amendment 57 #
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data and do not go beyond or contradict the high level of protection set down in Regulation (EU) 2016/679. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with this Regulation.
Amendment 74 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 79 #
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In contrast, tis Regulation should apply to electronic communications data using publically available electronic communications services and public communications networks. In this context, publicly available means only services intended for consumers. It should not include services intended for business users, nor should the means of the delivery of the service in question, whether obtained over the public internet or not have any bearing on the interpretation of whether the service is publicly available or not. This Regulation should not apply to closed groups of end- users such as corporate networks, access to which is limited to members of the corporation.
Amendment 82 #
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
Amendment 91 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications during transmission is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. The processing of pseudonymised data, should be incentivized as the act of psedonymisation dramatically reduces any privacy and security risk associated with processing of data related to transmission. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessaryappropriate quality of service requirements, such as latency, jitter etc.
Amendment 97 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications metadata can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consentin accordance with Article 6(1) and 6(4) of Regulation (EU) No 2016/679. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to comply with Regulation (EU) No 2016/679 when processing electronic communications metadata, which should include data on the location of the device. As an exception from obtaining end- users' consent, tohe processing of electronic communications metadata, which should include data on the location of the device for purposes other than those for which the personal data were initially collected should be allowed in cases where further processing is compatible in accordance with Article 6(4) of Regulation (EU) 2016/679. generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Therefore, whenever the purpose(s) of further processing cannot be achieved by processing data that is made anonymous, pseudonymisation of data should be allowed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 117 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. This may also cover situations where end-users use a service across devices for the purpose of service personalisation and content recommendation. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
Amendment 118 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or storedtechnical settings.
Amendment 126 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’)Therefore providers of software enabling publically available electronic communications services and permitting the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers end-users a set of privacy setting options in order that end-users may actively select a preferred option after being given the necessary information to make the choice. Such privacy settings should be presented in a an easily visible and intelligible manner.
Amendment 137 #
Proposal for a regulation
Recital 24
Recital 24
Amendment 156 #
Proposal for a regulation
Recital 30
Recital 30
(30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person acting out of their business capacity requires that end-users that are natural persons are asked for consprovided, upon request, with transparent beinfore their personalmation about the data arebeing included in athe directory and the means to verify, correct, update, supplement and delete data relating to them free of charge. The legitimate interest of legal entities requires that end-users that are legal entities have the right to object to the data related to them being included in a directory.
Amendment 159 #
Proposal for a regulation
Recital 31
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in suchdo not object to the inclusion of their data by providers of number-based interpersonal communication services and electronic communication providers in public directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories should inform the end-users of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user's contact details can be searched should not necessarily be the same.
Amendment 181 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data.
Amendment 186 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures, in accordance with Regulation (EU) No 2016/679, free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 190 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
Amendment 194 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.
Amendment 203 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
Article 2 – paragraph 2 – point c
(c) electronic communications services which are not publicly availableintended for closed groups or are not publicly available pursuant to Article 2 (2) (c) of Regulation (EU) No 2016/679;
Amendment 225 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchangtransmitted by means of publically available electronic communications services, such as text, voice, videos, images, and sound;
Amendment 247 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data during transmission, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 281 #
Proposal for a regulation
Article 6 – paragraph 2 – point b a (new)
Article 6 – paragraph 2 – point b a (new)
(b a) processing is allowed pursuant to Articles 6(1) of Regulation (EU) 2016/679.
Amendment 299 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given theirthe service provider's end-user has consented to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authoritypursuant to Regulation (EU) 2016/679.
Amendment 331 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user; particularly to preserve or restore the security of electronic communication services, or to detect technical faults for the duration necessary for that purpose; or
Amendment 340 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by, or on behalf of, the provider of the information society service requested by the end-user, including measurement of indicators for the use of information society services in order to calculate a payment due.
Amendment 348 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) it occurs for the purpose of recording, for the undertaking as a whole, anonymous indicators concerning the use of information society services; or
Amendment 353 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise.
Amendment 358 #
Proposal for a regulation
Article 8 – paragraph 1 – point d d (new)
Article 8 – paragraph 1 – point d d (new)
(d d) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code].
Amendment 374 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4 (5) of Regulation (EU) No 2016/679..
Amendment 386 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2), and 7(3) of Regulation (EU) 2016/679/EU shall apply.
Amendment 417 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placed on the market permitting electronic interpersonal communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.
Amendment 424 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. . After installation and insofar the privacy settings prevent storing and reading of information on the terminal equipment, the software shall ensure that an information society service requested by the end-user may prompt that end-user for his or her expression of consent in the sense of Art. 8(1) point (b) and that a consent given in this context by an end user is accordingly applied by the software, e. g., via offering an interface or plugin. Such software shall ensure that a consent given by an end user under Article 8 (1) point (b) prevails over the privacy settings chosen at the installation of the software.
Amendment 452 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons and acting out of their business capacity whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling such. Providers of number-based interpersonal communications services and electronic communications service providers shall inform end-users when new search functions arelated to their own data made available.
Amendment 456 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The providers of publicly available directories shall provide end-users that are legal personselectronic information, communication and telecommunication services shall provide end-users that are legal persons or natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct, update, supplement and delete such data.
Amendment 457 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct, update, supplement and delete any data related to them shall be provided free of charge.
Amendment 465 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1