BETA

16 Amendments of Daniel BUDA related to 2017/0002(COD)

Amendment 2 #
Proposal for a regulation
Recital 1
(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning them. This right is also guaranteed under Article 8 of the European Convention on Human Rights.
2017/07/18
Committee: JURI
Amendment 3 #
Proposal for a regulation
Recital 2
(2) Regulation (EC) No 45/2001 of the European Parliament and of the Council11 provides natural persons with legally enforceable rights, specifies the data processing obligations of controllers within the Community institutions and bodies, and creates an independent supervisory authority, the European Data Protection Supervisor, responsible for monitoring the processing of personal data by the Union institutions and bodies. However, it does not apply to the processing of personal data in the course of an activity of Union institutions and bodies which fall outside the scope of Union law. _________________ 11At the same time, Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regardseeks to achieve two objectives: to protect the fundamental right to data protection and to guarantee the free flow of personal data throughout the Union. However, it does not apply to the processing of personal data byin the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p.1)course of an activity of Union institutions and bodies which fall outside the scope of Union law.
2017/07/18
Committee: JURI
Amendment 4 #
Proposal for a regulation
Recital 5
(5) It is in the interest of a coherent approach to personal data protection throughout the Union, and of the free movement of personal data within the Union, to align as far as possible the data protection rules for Union institutions and bod, bodies, offices and agencies with the data protection rules adopted for the public sector in the Member States. Whenever the provisions of this Regulation are based on the same concept as the provisions of Regulation (EU) 2016/679, those two provisions should under CJEU case law1a, be interpreted homogeneously, in particular because the scheme of this Regulation should be understood as equivalent to the scheme of Regulation (EU) 2016/679. _________________ 1aSee CJEU judgment of 9 March 2010, Commission v Germany, Case C-518/07, ECLI:EU:C:2010:125, paragraphs 26 and 28.
2017/07/18
Committee: JURI
Amendment 13 #
Proposal for a regulation
Recital 10
(10) Where the founding act of a Union agency carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty lays down a standalone data protection regime for the processing of operational personal data such regimes should be unaffected by this Regulation. However, the Commission should, in accordance with Article 62 of Directive (EU) 2016/680, by 6 May 2019 review Union acts which regulate processing by the competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and, where appropriate, make the necessary proposals to amend those acts to ensure a coherent, transparent and consistent approach to the protection of personal data and the transmission thereof in the area of judicial cooperation in criminal matters and police cooperation.
2017/07/18
Committee: JURI
Amendment 15 #
Proposal for a regulation
Recital 14
(14) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided. At the same time, the data subject may withdraw consent at any time without affecting the legality of using data based on consent prior to withdrawal thereof.
2017/07/18
Committee: JURI
Amendment 16 #
Proposal for a regulation
Recital 18
(18) The Union law including the internal rules referred to in this Regulation should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the Court of Justice of the European Union and the European Court of Human Rights. The same applies to rules applicable inter-institutional level and those laid down under the national law of the Member States.
2017/07/18
Committee: JURI
Amendment 26 #
Proposal for a regulation
Recital 35
(35) Where personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, a data subject should, nevertheless, be entitled to object to the processing of any personal data relating to his or her particular situation. It should be for the controller to demonstrate that its compelling legitimate interest overrides the interests or the fundamental rights and freedomsright to personal data protection of the data subject.
2017/07/18
Committee: JURI
Amendment 32 #
Proposal for a regulation
Recital 42
(42) In order to demonstrate compliance with this Regulation, controllers should maintain records of processing activities under their responsibility and processors should maintain records of categories of processing activities under their responsibility. Union institutions and bodies should be obliged to cooperate with the European Data Protection Supervisor and make their records, on request, available to it, so that they might serve for monitoring those processing operations. Union institutions and bodies should be able to establish a central register of records of their processing activities. For reasons of transparency, they should also be able to make such a register public so that the individual concerned can consult it without prejudice to the rights of other concerned parties.
2017/07/18
Committee: JURI
Amendment 35 #
Proposal for a regulation
Recital 46
(46) The controller should communicate to the data subject a personal data breach, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication is confidential and should describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects. Such communications to data subjects should be made as soon as reasonably feasible and in close cooperation with the European Data Protection Supervisor, respecting guidance provided by it or by other relevant authorities such as law-enforcement authorities.
2017/07/18
Committee: JURI
Amendment 37 #
Proposal for a regulation
Recital 52
(52) When personal data are transferred from the Union institutions and bodies to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by this Regulation should not be underminbe guaranteed, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. In any event, transfers to third countries and international organisations may only be carried out in full compliance with this Regulation and with the fundamental rights and freedoms enshrined in the EU Charter of Fundamental Rights. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data to third countries or international organisations are complied with by the controller or processor.
2017/07/18
Committee: JURI
Amendment 41 #
Proposal for a regulation
Article 1 – paragraph 2
(2) This Regulation protects fundamental rights and freedoms of natural persons enshrined in the EU Charter of Fundamental Rights and in particular their right to the protection of personal data.
2017/07/18
Committee: JURI
Amendment 55 #
Proposal for a regulation
Article 8 – paragraph 1
(1) Where point (d) of Article 5(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 136 years old. Where the child is below the age of 136 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
2017/07/18
Committee: JURI
Amendment 63 #
Proposal for a regulation
Article 23 – paragraph 1
(1) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (a) of Article 5(1), including profiling based on that provision. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subjectright of the individual concerned to the protection of personal data, or for the establishment, exercise or defence of legal claims.
2017/07/18
Committee: JURI
Amendment 67 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
(1a) In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, as to: (a) the purposes of the processing or categories of processing; (b) the categories of personal data; (c) the scope of the restrictions introduced; (d) the safeguards to prevent abuse or unlawful access or transfer; (e) the specification of the controller or categories of controllers; (f) the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing; (g) the risks to the rights and freedoms of data subjects. and (h) the right of data subjects to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction.
2017/07/18
Committee: JURI
Amendment 77 #
Proposal for a regulation
Article 31 – paragraph 5
(5) Union institutions and bodies may decide toshall keep their records of processing activities in a central register. In this case, they may also decide tFor reasons of transparency, they should also make thesuch a register publicly accessible so that the individual concerned can consult it without prejudice to the rights of other concerned parties.
2017/07/18
Committee: JURI
Amendment 93 #
Proposal for a regulation
Article 46 – paragraph 1 – point b a (new)
(ba) ensure that the fundamental rights and freedoms of data subjects are not adversely affected by processing operations.
2017/07/18
Committee: JURI