91 Amendments of Max ANDERSSON related to 2017/0003(COD)
Amendment 45 #
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, in-platform messages between users of a social network, e-mail, internet phone calls and personal messaging provided through social media.
Amendment 53 #
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance withshould only be permitted in accordance with and on legal ground specifically provided under this Regulation.
Amendment 73 #
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. The prohibition of interception of communications data should also apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee, and when stored. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, injecting ads or other content and analysis of customers´ traffic data, including browsing habits without the end- users' consent.
Amendment 84 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users' consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. This should be done in accordance with Article 25 of Regulation (EU) 2016/679. To display the traffic movements in certain directions during a certain period of time, an identifier ismay be necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type ofWhen processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 93 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific and transparent purposes. Users should receive all relevant information about the intended processing in clear and easily understandable language. Such information should be provided separately from the terms and conditions of the service.
Amendment 134 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2. Except where otherwise provided for in this Regulation, the provisions of Regulation (EU) 2016/679 shall apply when personal data is processed.
Amendment 141 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.:
Amendment 142 #
Proposal for a regulation
Article 2 – paragraph 1 – point a (new)
Article 2 – paragraph 1 – point a (new)
(a) the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services, irrespective of whether a payment from the end-user is required.
Amendment 143 #
Proposal for a regulation
Article 2 – paragraph 1 – point b (new)
Article 2 – paragraph 1 – point b (new)
(b) the processing of information related to or processed by the terminal equipment of end-users.
Amendment 144 #
Proposal for a regulation
Article 2 – paragraph 1 – point c (new)
Article 2 – paragraph 1 – point c (new)
(c) the placing on the market of hardware and software permitting electronic communications by end-users, including the retrieval and presentation of information on the Internet;
Amendment 145 #
Proposal for a regulation
Article 2 – paragraph 1 – point d (new)
Article 2 – paragraph 1 – point d (new)
(d) the provision of publicly available directories of users of electronic communication;
Amendment 146 #
Proposal for a regulation
Article 2 – paragraph 1 – point e (new)
Article 2 – paragraph 1 – point e (new)
(e) the sending of commercial electronic communications concerning direct marketing to end-users.
Amendment 147 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
Article 2 – paragraph 2 – point c
Amendment 148 #
Proposal for a regulation
Article 2 – paragraph 2 – point d
Article 2 – paragraph 2 – point d
(d) activities of competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, without prejudice to article 11;
Amendment 150 #
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. The processing of electronic communications data by the Union institutions, bodies, offices and agencies insofar as they are not publicly available and not originating or having as destination publicly available communications services, is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001].
Amendment 151 #
Proposal for a regulation
Article 3 – paragraph 1 – introductory part
Article 3 – paragraph 1 – introductory part
1. This Regulation applies to: (a) communications services to the activities referred to in Article 2 where the user or end-user is in the Union, irrespective of whether a payment of the end-user is required; (b) (c) related to the terminal equipment of end- users located in the Un or where the communications services, hardware, software, directories, or direct marketing commercial electronic communications are provided from the territory of the Union. the provision of electronic the use of such services; the protection of information.
Amendment 158 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-users, on all issues related to processing electronic communications datathe activities referred to in Article 2 for the purposes of ensuring compliance with this Regulation.
Amendment 159 #
Proposal for a regulation
Article 3 – paragraph 5
Article 3 – paragraph 5
5. The designation of a representative pursuant to paragraph 2 shall be without prejudice to legal actions, which could be initiated against a natural or legal person who processes electronic communications data in connection with the provision of electronic communications services from outside the Union to end-users inundertakes the activities referred to in Article 2 from outside the Union.
Amendment 180 #
Proposal for a regulation
Chapter 2 – title
Chapter 2 – title
PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION STORED INPROCESSED BY AND RELATED TO THEIR TERMINAL EQUIPMENT
Amendment 182 #
Proposal for a regulation
Article 5 – title
Article 5 – title
Confidentiality of electronic communications data
Amendment 183 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Amendment 189 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
Electronic communications data shall be confidential. Any processing of electronic communications data, including interference with electronic communications data such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, regardless of whether this data is in transit or stored, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 192 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 197 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 203 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 206 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is strictly necessary to maintain or restore the security ofavailability, integrity and confidentiality of the respective electronic communications networks and or services, or to detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
Amendment 209 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(ba) the user concerned has given his or her consent to the processing of his or her electronic communications data, provided that it is technically strictly necessary for the provision of a service explicitly requested by a user for his or her purely individual usage, solely for the provision of the explicitly requested service and only for the duration necessary for that purpose and without the consent of all users, only where such processing produces effects solely in relation to the user who requested the service and does not adversely affect the fundamental rights of other users.
Amendment 213 #
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1 a (new)
Article 6 – paragraph 1 – subparagraph 1 a (new)
Before processing electronic communications data, the provider shall carry out a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, and if necessary a prior consultation with the supervisory authority pursuant to Article 36 of Regulation (EU) 2016/679
Amendment 218 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 222 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or __________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 227 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 231 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-userafter receiving all relevant information about the intended processing in clear and easily understandable language, provided separately from the terms and conditions of the provider, the user or users concerned hasve given his or hertheir specific consent to the processing of his or hetheir communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled bywithout the processing information that is made anonymousof such metadata.
Amendment 237 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2a. For the purposes of point (c) of paragraph 2, where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, Articles 35 and 36 of Regulation (EU) 2016/679 shall apply.
Amendment 239 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content andthe user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the end-user, for the duration necessary for that purpose, provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or
Amendment 244 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
Amendment 255 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to points (b) and (c) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third partparty, which could be the provider of the electronic communication service, specifically entrusted by them end-user to record, store or otherwise process such data,. The end-user may further process the content in accordance with Regulation (EU) 2016/679, if applicable.
Amendment 264 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadatametadata which is strictly necessary may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 267 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of information stored in and, related to and processed by end-users’ terminal equipment
Amendment 271 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including aboutor making information available through the terminal equipment, including information about or generated by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 280 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) it is strictly necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications network; or
Amendment 281 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consentspecific consent, for a specific purpose, and the consent has not been a condition to access or use a service, for the duration necessary for that purpose; or
Amendment 288 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is strictly necessary for providing an information society service requested by the end-user, for the duration necessary for that provision of the service, provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider; or
Amendment 293 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
Amendment 299 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
Amendment 308 #
Proposal for a regulation
Article 8 – paragraph 1 – subparagraph 1 a (new)
Article 8 – paragraph 1 – subparagraph 1 a (new)
Points a, c and d shall be limited to situations that involve no, or only very limited, intrusion of privacy or related to fundamental rights.
Amendment 313 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
1a. No user shall be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that he or she has not given his or her consent under Article 8(1)(b) to the processing of personal information and/or the use of storage capabilities of his or her terminal equipment that is not necessary for the provision of that service or functionality.
Amendment 317 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a
Article 8 – paragraph 2 – subparagraph 1 – point a
(a) it is done exclusively in order to, for the time necessary for, and for the purpose of establishing a connection requested by the user; or
Amendment 318 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
(aa) the end-user has given his or her consent; or
Amendment 321 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)
(ab) the data are anonymised and the risks are adequately mitigated.
Amendment 322 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
Amendment 328 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
Article 8 – paragraph 2 – subparagraph 2
Amendment 329 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2 a (new)
Article 8 – paragraph 2 – subparagraph 2 a (new)
The information referred to in points aa and ab of paragraph 2 shall be conveyed in a clear and prominent notice setting out at least the details of how the information will be collected, the purpose of collection, the person responsible for it and other information required under Article 13 of Regulation (EU) 2016/679, where personal data are collected. The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679.
Amendment 331 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
Article 8 – paragraph 2 a (new)
2a. For the purpose of point (ab) of paragraph 2, the following controls shall be implemented to mitigate the risks: (a) the purpose of the data collection from the terminal equipment shall be restricted to mere statistical counting; (b) the tracking shall be limited in time and space to the extent strictly necessary for this purpose; (c) the data shall be deleted or anonymised immediately after the purpose is fulfilled; and (d) the users shall be given effective opt out possibilities.
Amendment 334 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The information to be provided pursuant to point (points (aa) and (ab) of paragraph 2 may be provided in combination with standardized icons in order to give a meaningful overview of the collection in an easily visible, intelligible and clearly legible manner.
Amendment 343 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internetpecifications for electronic communications services or information society services which allow for specific consent for specific purposes. When such technical specifications are used by the user's terminal equipment or the software running on it, they shall be binding on, and enforceable against, any other party.
Amendment 350 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have given their consented to the processing of electronic communications data as set out in point (c)c of Article 6(2) and points (a)a and (b)b of Article 6(3), point b of Article 8(1) and point aa of Article 8(2) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 354 #
Proposal for a regulation
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
3a. A user shall not be denied access to any electronic communications service, information society service or functionality of a terminal equipment, regardless of whether this is remunerated or not, on the mere grounds that he or she has not given his or her consent to (a) the processing of electronic communications data, metadata or content pursuant to Article 6; (b) the use of input, output, processing and storage capabilities of terminal equipment and the processing of information from the users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, pursuant to Article 8(1); (c) the processing of information emitted by terminal equipment pursuant to Article 8(2); or (d) processing that is technically not necessary for the provision of that service or functionality.
Amendment 355 #
Proposal for a regulation
Article 9 – paragraph 3 b (new)
Article 9 – paragraph 3 b (new)
3b. Neither providers of electronic communications services nor any third parties shall process personal data collected on the basis of consent or any other legal ground under the e-Privacy Regulation, on any other legal basis not specifically provided for in the e-Privacy Regulation
Amendment 356 #
Proposal for a regulation
Article 9 – paragraph 3 c (new)
Article 9 – paragraph 3 c (new)
3c. When the processing is allowed under any exception to the prohibitions under the e-Privacy Regulation, any other processing on the basis of Article 6 of Regulation (EU) 2016/679 shall be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of the Regulation (EU) 2016/679. This would not prevent controllers from asking for additional consent for new processing operations
Amendment 358 #
Proposal for a regulation
Article 10 – title
Article 10 – title
Amendment 359 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. SHardware and software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storthat enable the access to and use of electronic communications services or the access to and use of information society services must be able to prevent other parties from the use of input, output, processing and storage capabilities of terminal equipment and the processing of information on thefrom users' terminal equipment, of an end-user or processing information already stored on that equipmentr making information available through the terminal equipment, including information about and processed by its software and hardware.
Amendment 370 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, requiBy default, such hardware or software shall have activated privacy settings that prevent other parties from exercising the activities referred to in paragraph 1. If the hardware or software allows for deviating settings, the end-user shall be informed about the privacy settings options during first use or installation and shall be offered the end-user to consent to a settingpossibility to change or confirm them.
Amendment 374 #
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2a. For the purposes of: (a) giving consent pursuant to Article 9(2) of this Regulation, and (b) objecting to the processing of personal data pursuant to Article 21(5) of Regulation (EU) 2017/679, the settings shall lead to a signal based on technical specifications which is sent to the other parties to inform them about the user's intentions with regard to consent or objection. This signal shall be legally valid and be binding on, and enforceable against, any other party. The European Data Protection Board shall issue guidelines to determine which technical specifications and signalling methods fulfil the conditions for consent and objection pursuant to points a and b.
Amendment 377 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1, 2 and 2a shall be complied with at the time of the first update of the software, but no later than 25 August 2018.
Amendment 379 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
Amendment 384 #
Proposal for a regulation
Article 11 – paragraph 1 a (new)
Article 11 – paragraph 1 a (new)
1a. Union or Member State law to which the provider is subject may restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Amendment 387 #
Proposal for a regulation
Article 11 – paragraph 1 b (new)
Article 11 – paragraph 1 b (new)
1b. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.
Amendment 388 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
Amendment 393 #
Proposal for a regulation
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Union or Member State law to which the provider is subject may restrict, by way of a legislative measure, the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Amendment 394 #
Proposal for a regulation
Article 11 – paragraph 2 b (new)
Article 11 – paragraph 2 b (new)
2b. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.
Amendment 395 #
Proposal for a regulation
Article 11 – paragraph 2 c (new)
Article 11 – paragraph 2 c (new)
2c. No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.
Amendment 398 #
Proposal for a regulation
Article 14 – paragraph 1 – point a
Article 14 – paragraph 1 – point a
(a) to block incoming calls from specific numbers, or numbers having a specific code or prefix identifying the fact that the call is a marketing call referred to in Article 16(3)(b), or from anonymous sources;
Amendment 410 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons thatand have given their explicit consent.
Amendment 411 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic -mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The customer shall be informed about the right to object and shall be given an easy way to exercise it at the time of collection and each time a message is sent.
Amendment 418 #
Proposal for a regulation
Article 16 – paragraph 3 – point a
Article 16 – paragraph 3 – point a
(a) present the identity of a line on which they can be contacted; orand
Amendment 419 #
Proposal for a regulation
Article 16 – paragraph 3 a (new)
Article 16 – paragraph 3 a (new)
3a. Unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted. Such communications shall provide the necessary information for recipients to exercise their right to refuse further written or oral marketing messages.
Amendment 424 #
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to-voice calls to end-users who are natural persons shall only be allowed in respect of end- users who are natural persons who have not expressed their objection to receiving those communications. Member States shall provide that end-users can object to receiving the unsolicited communications via a national Do Not Call Register, thereby also ensuring that the user is only required to opt out once.
Amendment 426 #
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy manner or object, in a manner that is as easy as giving the consent and free of charge, to receiving further marketing communications.
Amendment 429 #
Proposal for a regulation
Article 17 – title
Article 17 – title
Integrity of the communications and information about detected security risks
Amendment 430 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 433 #
Proposal for a regulation
Article 17 – paragraph 1 a (new)
Article 17 – paragraph 1 a (new)
The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and integrity of the communication in transmission or stored are also guaranteed by technical measures according to the state of the art, including end-to-end encryption of the electronic communications data. When encryption of electronic communications data is used, decryption by anybody else than the user shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the confidentiality and integrity of their networks and services, including the encryption methods used.
Amendment 434 #
Proposal for a regulation
Article 17 – paragraph 1 b (new)
Article 17 – paragraph 1 b (new)
Providers of electronic communications services and manufacturers of terminal equipment shall not use any means, no matter if technical, operational, or by terms of use or by contracts, that could prevent users and end-users from applying the best available techniques against intrusions and interceptions and to secure their networks, terminal equipment and electronic communications. Breaking, decrypting, restricting or circumventing such measure taken by users or end-users shall be prohibited.
Amendment 435 #
Proposal for a regulation
Article 17 – paragraph 1 c (new)
Article 17 – paragraph 1 c (new)
In the case of a particular risk that may compromise the security of networks, electronic communications services, or terminal equipment, the relevant provider or manufacturer shall inform end-users of such a risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end- users of any possible remedies. It shall also inform the relevant manufacturer and service provider.
Amendment 436 #
Proposal for a regulation
Article 17 – paragraph 1 d (new)
Article 17 – paragraph 1 d (new)
As regards the security of networks and services and related security obligations, the obligations of Article 40 of the [European Electronic Communications Code] shall apply mutatis mutandis to all services in the scope of this Regulation
Amendment 437 #
Proposal for a regulation
Article 17 – paragraph 1 e (new)
Article 17 – paragraph 1 e (new)
This Article shall be without prejudice to the security obligations provided for in Articles 32 to 34 of Regulation (EU) 2016/679.
Amendment 443 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, every end-user of electronic communications services and, where applicable, every body, organisation or association, shall have the same remedies provided for in Articles 77, 78, 79 and 7980 of Regulation (EU) 2016/679.
Amendment 452 #
Proposal for a regulation
Article 23 – paragraph 2 – point a
Article 23 – paragraph 2 – point a
Amendment 453 #
Proposal for a regulation
Article 23 – paragraph 2 – point b
Article 23 – paragraph 2 – point b
Amendment 454 #
Proposal for a regulation
Article 23 – paragraph 2 – point d a (new)
Article 23 – paragraph 2 – point d a (new)
(da) the obligations of the providers of publicly available number-based interpersonal communication services pursuant to Article 12, 13 and 14;
Amendment 455 #
Proposal for a regulation
Article 23 – paragraph 2 – point d b (new)
Article 23 – paragraph 2 – point d b (new)
(db) the obligations of the provider of an electronic communications service pursuant to Article 17.
Amendment 457 #
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3