13 Amendments of Eva KAILI related to 2017/0003(COD)
Amendment 57 #
Proposal for a regulation
Recital 12
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to-machine communications. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to- machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU. Additionally, in the event that data or metadata is being used by artificial intelligence, or is part of any algorithmic decisions or machine learning, there should be the appropriate guarantees that there will be a human interference at the final stage, taking into account societal sensitivities, standards and discrimination that might occur based on one's personal data.
Amendment 69 #
Proposal for a regulation
Recital 15 a (new)
Recital 15 a (new)
(15 a) Anonymity of data should be considered as an extra layer of protection and confidentiality. Relative provisions should be put in place to anonymise data by default, when possible.Such procedures should be accompanied by a series of tests serving as a proof of anonymity.
Amendment 70 #
Proposal for a regulation
Recital 15 b (new)
Recital 15 b (new)
(15 b) The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate and justifiable purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.
Amendment 71 #
Proposal for a regulation
Recital 15 c (new)
Recital 15 c (new)
(15c) Providers of electronic communications networks and services now provide their end-users with enhanced features by using communications data before the provider transmits the data through a public network or after the provider has received the data from such a network. These enhanced features include speech-to-text conversion for users with disabilities, digital personal assistants using voice commands, automatic language translation, and message prioritization and sorting. For the purposes of these service providers, electronic communications are not in transmission once the service provider of the intended recipient has received the communications for delivery to the recipient's terminal equipment or until the service provider of the sender has sent the communication to another service provider for eventual delivery to the intended recipient.
Amendment 84 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Additionally, information related to the third parties having access to the data or metadata of the end user, should be communicated when providing consent. Any change related to that information should be communicated and be available at all times to the end user. The use of personal data and metadata by third parties should be subject to monitoring, which would include transparent procedures to notify the end user of the third parties that may use their personal data and severe financial penalties in case of personal data misuse. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 88 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should be presented in a an easily visible and intelligible manner. Additionally, when personal data, including transaction data, is collected, it should be anonymised by default. When the end user decides not to allow the collection of their data or metadata they should be allowed to use the relative service to the extent possible, while respecting their choice.
Amendment 111 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. Alternative solutions based on blockchain technology could be explored as they offer the protection needed for communications data allowing for maximum transparency and giving control back to the citizens. In such a way, in case of misuse of sensitive data or metadata will be traceable based on an e- id and timestamp system. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 115 #
Proposal for a regulation
Recital 39 a (new)
Recital 39 a (new)
(39a) In case that the competent supervisory authorities receive confidential information from a whistleblower regarding the misuse of data, in spite of the provisions of this Regulation, depriving citizens from their right to privacy, the whistleblower should be protected.
Amendment 116 #
Proposal for a regulation
Recital 40
Recital 40
(40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, including sensitive data or metadata to be misused, leaked, or not to be kept anonymously resulting in any form of discrimination against the end user, in addition to, or instead of any other appropriate measures pursuant to this Regulation. This Regulation should indicate infringements and the upper limit and criteria for setting the related administrative fines, which should be determined by the competent supervisory authority in each individual case, taking into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and the measures taken to ensure compliance with the obligations under this Regulation and to prevent or mitigate the consequences of the infringement. The relative penalties should aim to deter any use of data or metadata that would go against the letter of this Regulation. In such cases, both the first party and the third parties shall be held liable and accountable. For the purpose of setting a fine under this Regulation, an undertaking should be understood to be an undertaking in accordance with Articles 101 and 102 of the Treaty.
Amendment 211 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use of the information society service according to the terms of use for making available the service to the end user; or
Amendment 215 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.ement for an information society service requested by the end-user, including where such measurement takes place for the purposes of calculating royalties for collective rights management or other remuneration or payment systems, ensuring however that the principle of confidentiality is respected,
Amendment 220 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) a clear and prominent notice is displayed to the public informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation 2016/679/EU where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimize the collection. The collection of such information shall be conditional on the application of appropriate technical and organization measures to ensure that the collection and processing of information is limited to what is necessary in relation to the purposes of processing and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation 2016/679/EU, have been applied, which may inter alia include pseudonymisation or anonymisation of the information collected as set out in Art. 4 (5) of Regulation (EU) 2016/679
Amendment 277 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. Such software shall ensure that a consent given by an end user under Article 8 (1) point (b) prevails over the privacy settings chosen at the installation of the software. When informing the end user, a clear simple wording should be used. The language used should be the same as the language that the interface uses allowing for the end user to understand at his language of choice.