55 Amendments of Pál CSÁKY related to 2017/0003(COD)
Amendment 161 #
Proposal for a regulation
Recital 7
Recital 7
(7) The Member States should be allowed, within the limits of this Regulation, to maintain or introduce national provisions to further specify andEuropean Data Protection Board should, where necessary, issue guidance and opinions within the limits of this Regulation, to further clarify the application of the rules of this Regulation in order to ensure an effective application and interpretation of those rules. Therefore, the margin of discretion, which Member States hase guidance and opinions should take into account the dual objective inof this rRegard,ulation, therefore they should maintain a balance between the protection of private life and personal data and the free movement of electronic communications data.
Amendment 170 #
Proposal for a regulation
Recital 9 a (new)
Recital 9 a (new)
(9a) For the purpose of this Regulation, where the provider of an electronic communications service is not established in the Union, it shall designate a representative in the Union. The representative should be designated in writing. The representative may be the same as the one designated under Article 27 of Regulation (EU) 2016/679.
Amendment 173 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)).
Amendment 179 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 182 #
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as ‘hotspots’ situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. It should apply to restricted-access services offered by social network services, such as user- created groups or private messaging, as long as the social network service as a whole is publicly available. In contrast, this Regulation should not apply to closed groups of end-users such as corporate networks, access to which is limited to members of the corporation.
Amendment 196 #
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until. For non-real- time electronic communication such as email or messaging, the transmission starts with the submission of the content for delivery and finishes with the receipt of the content of the electronic communication by the service provider of the intended addresseerecipient. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, including browsing habits without the end-users’ consent.
Amendment 200 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security, confidentiality, integrity, availability, authenticity and continuity of the electronic communications services and networks, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 212 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users’ consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, As an exemption from obtaining end-user´s consent, the processing of metadata for purposes other thand taking into account the nature, scope, context and purposes ofhose for which they were initially collected should be allowed in cases where the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a conscompatible and is subject to specific safeguards, especially pseudonymisation as set forth in point (4) of Article 6 of Regulation (EU) 2016/679, as well as if it is necessary in accordance with Article 6 (1) (f) of Regultation of the supervisory authority should take place prior to the processing, in accordance with(EU) 2016/679 for the purpose of legitimate interest, provided that the data protection impact assessment was carried out, as prescribed in Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 222 #
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service, for example text to voice service, organisation of the mailbox, calendar assistants or SPAM filter service. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end- users or by a third party entrusted by them to record or store such data. Any processing of such data must comply with Regulation (EU) 2016/679.
Amendment 227 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent or for clearly defined exceptions and for specific and transparent purposes.
Amendment 232 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Consent should also not be necessary if the information processed or stored is necessary to protect privacy, security or safety of the end-user, or to protect confidentiality, integrity, availability and authenticity of the terminal equipment. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user’s settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities. As an exemption from obtaining end-user´s consent, the processing of information and data that are or are rendered pseudonymous or anonymous should be allowed or for purposes other than those for which they were initially collected in cases where the processing is compatible and is subject to specific safeguards, especially pseudonymisation as set forth in point (4) of Article 6 of Regulation (EU) 2016/679, as well as if it is necessary in accordance with Article 6 (1) (f) of Regulation (EU) 2016/679 for the purpose of legitimate interest, provided that the data protection impact assessment was carried out, as prescribed in Article 35 of Regulation (EU) 2016/679. Adherence to the data protection certification mechanisms, seals or marks, as defined respectively in Article 40 and Article 42 of Regulation (EU) 2016/679, shall be encouraged and promoted, especially to demonstrate compliance with the Regulation in case of exceptions concerning compatible processing and legitimate interests as described above.
Amendment 241 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate technical settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 264 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should ask for the end-user´s consent or should carry out data protection impact assessment and in this case the data collected is or is rendered pseudonymous or anonymous. Where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk, prior consultation with the supervisory authority, as prescribed in Article 36 of Regulation (EU) 2016/679, shall be carried out. Providers should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679.
Amendment 273 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3).
Amendment 284 #
Proposal for a regulation
Recital 30
Recital 30
(30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person requires that end-users that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities requires that end- users that are legal entities have the right to object to the data related to them being included in a directory. The consent should be collected by the electronic communications service provider at the moment of signing the contract for such service.
Amendment 290 #
Proposal for a regulation
Recital 31
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directorieupon giving their consent the end-users should be inform the end-usersed of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user’s contact details can be searched should not necessarily be the same. The providers of publicly available directories shall provide information about the search options, as well as if new options and functions of the directories are available in the publicly available directories.
Amendment 303 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 315 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect all comply withe security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679bligations as prescribed in Article 32 of Regulation (EU) 2016/679 and Article 40 of [European Electronic Communications Code].
Amendment 367 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
Amendment 405 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 414 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data if: it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose.
Amendment 419 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
Amendment 425 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
Amendment 444 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Providers of electronic communication networks and services and third parties may process electronic communication data to the extent strictly necessary for the purpose of ensuring security of network and information if it is necessary to protect, maintain or restore the confidentiality, integrity, availability, authenticity of electronic communications, protect the privacy and safety of end-users or of third parties or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
Amendment 448 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications networks and services may process electronic communications metadata if:
Amendment 468 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.;or
Amendment 472 #
Proposal for a regulation
Article 6 – paragraph 2 – point c a (new)
Article 6 – paragraph 2 – point c a (new)
(c a) the processing of these data for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or
Amendment 476 #
Proposal for a regulation
Article 6 – paragraph 2 – point c b (new)
Article 6 – paragraph 2 – point c b (new)
(c b) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679, for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Amendment 477 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. For the purpose of point (cb) of paragraph 2, data protection impact assessment shall be carried out as prescribed in Article 35 of Regulation (EU) 2016/679.
Amendment 481 #
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
Article 6 – paragraph 3 – introductory part
3. PWithout prejudice to points (1) and (1a) of Article 6, providers of the electronic communications services may process electronic communications content only:
Amendment 489 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned haves given theihis or her consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or
Amendment 502 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1a) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.
Amendment 505 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Without prejudice to point (b) of Article 6(1a) and points (a), (c), (ca) and (cb) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication.
Amendment 530 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use of the information society service according to the terms of use for making available the service to the end-user; or
Amendment 544 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.ement for an information society service requested by the end-user, including where such measurement takes place for the purposes of calculating royalties for collective rights management or other remuneration or payment systems, or
Amendment 561 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) under the conditions as set out in point (b) of paragraph 2 and paragraph 3.
Amendment 601 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The information to be provided pursuant to point (e) of paragraph 1 and point (b) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner.
Amendment 616 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.
Amendment 624 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, in particular for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet or by continuing the use of an information society service, having been provided with clear and comprehensive information that this action by the end-user signifies consent.
Amendment 653 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. After installation and insofar the privacy settings prevent storing and reading of information on the terminal equipment, the software shall ensure that an information society service requested by the end-user may prompt that end-user for his or her expression of consent in the sense of Art. 8(1) point (b) and that a consent given in this context by an end-user is accordingly applied by the software, e. g. via offering an interface or plugin.
Amendment 661 #
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2 a. The software shall not block data processing which is legally allowed according to Art. 8 (1) a), c) or d) or (2) a), irrespective of the browser settings.
Amendment 672 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (ed) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.
Amendment 701 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The providers of publicly available directories shall obtain the consent of end-users who are natural persons to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevant for the purpose of the directory as determined by the provider of the directory. Provideoperators of electronic information, communication and telecommunication services collect the data of end-users who are natural persons to include their personal data in publicly available directories. They grant end-users who are natural persons the right to object against the inclusion of their related data in directories. The operators shall give end-users who are natural persons the meansoption to verify, correct and delete such data.
Amendment 710 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of aIn publicly available directoryies the providers of these directories shall inform end-users who are natural persons whose personal data are in the directory of the available search functions of the directory and obtain. The operators shall inform end- users’ consent before enabling such if new search functions arelated to their own data enabled.
Amendment 715 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The providers of publicly available directorioperators of electronic information, communication and telecommunication services shall provide end-users that are legal persons with the possibility to object to data related to them being included in the directory. Provideies. The operators shall give such end-users that are legal persons the meansoption to verify, correct and delete such data. Natural persons who act with commercial intent, such as freelancers, small traders or self- employed persons, are equated to legal persons.
Amendment 731 #
Proposal for a regulation
Article 15 – paragraph 4 a (new)
Article 15 – paragraph 4 a (new)
4 a. This article shall not apply to data information published in other publicly accessible sources, nor to data which are provided by end-users themselves.
Amendment 742 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
Amendment 743 #
Proposal for a regulation
Article 16 – paragraph 3 – introductory part
Article 16 – paragraph 3 – introductory part
3. Without prejudice to paragraphs 1 and 2, natural or legal persons using electronic communications services for the purposes of placing direct marketing calls shall: present the identity of a line on which they can be contacted; or present a specific code/or prefix identifying the fact that the call is a marketing call.
Amendment 746 #
Proposal for a regulation
Article 16 – paragraph 3 – point a
Article 16 – paragraph 3 – point a
Amendment 749 #
Proposal for a regulation
Article 16 – paragraph 3 – point b
Article 16 – paragraph 3 – point b
Amendment 769 #
Proposal for a regulation
Article 17 – title
Article 17 – title
Amendment 773 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 818 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC is repealed with effect from 25 May 2018[1 year after entering into force of this Regulation].
Amendment 822 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
By 1 January 2018[the date of entry into force of this Regulation] at the latest, the Commission shall establish a detailed programme for monitoring the effectiveness of this Regulation.
Amendment 824 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 May 2018[1 year after entering into force of this Regulation].