BETA

45 Amendments of Arndt KOHN related to 2017/0003(COD)

Amendment 45 #
Proposal for a regulation
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one's communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and personal messaging provided through social media, in-platform messages between users of a social network and any private messaging systems online.
2017/07/03
Committee: IMCO
Amendment 64 #
Proposal for a regulation
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers of software and hardware permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collectprocess information related to or stored in end-users' terminal equipment.
2017/07/03
Committee: IMCO
Amendment 77 #
Proposal for a regulation
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspoWi-Fi access points' situated at different places within a city, for example department stores, shopping malls and hospitalcentres and hospitals, as well as airports, public transport, hotels and restaurants. Those Wi-Fi access points might require a login or a password and might be provided also by public administrations. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In addition, this Regulation should apply to closed social media profiles and groups that the user has restricted or defined as private. In contrast, this Regulation should not apply to closed groups of end-users such as corporate intranet networks, access to which is limited to members of the corporan organisation.
2017/07/03
Committee: IMCO
Amendment 109 #
Proposal for a regulation
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes sensitive information that may reveal details of an individual's emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device's GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-users' device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called 'device fingerprinting', often without the knowledge of the end-user, and may seriously intrude upon their privacy of these end-users. T. Therefore, any such interference with the users' terminal equipment should be allowed only with their consent and for specific and transparent purposes. The use of exceptionally privacy invasive technologies and techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment without the users' knowledge, or subvert the operation of the end-users' terminal equipment, pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific and transparent purposesusers' privacy and should be forbidden.
2017/07/03
Committee: IMCO
Amendment 115 #
Proposal for a regulation
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookiesinformation (such as cookies and identifiers) for the duration of a single established session on a website to keep track of the end-user's input when filling in online forms over several pages. CookiesTracking techniques, if implemented with appropriate privacy safeguards, can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers thatcould engage in configuration checking in order to provide the service in compliance with the end-user's settings and the mere logging ofrevealing the fact that the end-user's device is unable to receive content requested by the end- user, should not constitute access to such a device or use of the device processing capabilitieillegitimate access.
2017/07/03
Committee: IMCO
Amendment 125 #
Proposal for a regulation
Recital 23
(23) The principles of data protection by design and by default weare codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internetHardware manufacturers and providers of software permitting electronic communications should have an obligation to configure thedevices and software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘rejecttheir default settings provide the highest level of privacy protection possible, protecting users' against cross-domain tracking and unauthorised interferences with theird party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such communications and terminal equipment. Users should be informed about the default privacy settings and any available options to change those settings during installation or first use of the device or software and when they make significant changes to it. Privacy settings should be presented in an objective, easily visible and intelligible manner. They should be easily accessible and modifiable during the use of the device or software. Information provided should not incentivise users to select lower privacy settings and should binclude presented in a an easily visible and intelligible mannerlevant information about the risks associated with each setting.
2017/07/03
Committee: IMCO
Amendment 133 #
Proposal for a regulation
Recital 23 a (new)
(23a) Children merit specific protection with regard to their online privacy. They usually start using the internet at an early age and become very active users. Yet, they may be less aware of the risks and consequences associated to their online activities, as well as less aware of their rights. Specific safeguards are necessary in relation to the use of children's data, notably for the purposes of marketing and the creation of personality or user profiles.
2017/07/03
Committee: IMCO
Amendment 143 #
Proposal for a regulation
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities domay not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices locaUsers' privacy should be adequately protected oin the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, these situations. Information emitted by terminal equipment of users when connecting to a network or other device should only be processed should only be allowed for specific and transparent purpose os if the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant tousers have consented or if the processing is necessary for statistical counting, as long as such counting is carried out for public utility purposes, there are no other means to achieve the envisaged purpose and that the measures established in Article 35 and Article 136 of Regulation (EU) 2016/679 have been fulfilled.
2017/07/03
Committee: IMCO
Amendment 162 #
Proposal for a regulation
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends or presents direct marketing communications directly to one or more identified or identifiable end-users using electronic communications services, regardless of the form that such marketing takes. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation.
2017/07/03
Committee: IMCO
Amendment 215 #
Proposal for a regulation
Article 3 – paragraph 2
2. Where the provider of an electronic communications service, provider of a publicly available directory, software provider enabling electronic communications or person sending direct marketing commercial communications or collecting (other) information related to or stored in the end-users terminal equipment is not established in the Union it shall designate in writing a representative in the Union.
2017/07/12
Committee: IMCO
Amendment 252 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Confidentiality of electronic communications shall also include terminal equipment and machine-to- machine communications when related to a user.
2017/07/12
Committee: IMCO
Amendment 257 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data only if:
2017/07/12
Committee: IMCO
Amendment 259 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
2017/07/12
Committee: IMCO
Amendment 264 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the availability, integrity, confidentiality and security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
2017/07/12
Committee: IMCO
Amendment 277 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
(a) it is strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration technically necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
2017/07/12
Committee: IMCO
Amendment 279 #
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent use, or abusive use of, or subscription to, electronic communications services; or
2017/07/12
Committee: IMCO
Amendment 283 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
(c) the end-userafter receiving all relevant information about the intended processing in clear and easily understandable language, provided separately from the terms and conditions of the provider, the user or users concerned hasve given his or hertheir specific consent to the processing of his or hetheir communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled bywithout the processing information that is made anonymous. of such metadata. If the processing is likely to result in a high risk to the rights and freedoms of natural persons, Articles 35 and 36 of Regulation 2016/679 shall apply
2017/07/12
Committee: IMCO
Amendment 293 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-requested by the user, if the users concerned have given their specific consent to the processing of his or their electronic communications content and the provision of that specific service cannot be fulfilled without the processing of such content; or
2017/07/12
Committee: IMCO
Amendment 300 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given their explicit consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
2017/07/12
Committee: IMCO
Amendment 302 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
3 a. Neither providers of electronic communications services, nor any other party, shall further process electronic communications data collected on the basis of this Regulation.
2017/07/12
Committee: IMCO
Amendment 303 #
Proposal for a regulation
Article 6 – paragraph 3 b (new)
3 b. Communications data generated in the provision of an electronic communications service specifically intended for children's use or targeted at them shall not be processed for any profiling, marketing or advertising purposes.
2017/07/12
Committee: IMCO
Amendment 318 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
(a) it is strictly technically necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications network; or
2017/07/12
Committee: IMCO
Amendment 322 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent and such consent is not imposed as a pre-condition for accessing or using a service; or
2017/07/12
Committee: IMCO
Amendment 326 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
(c) it is strictly technically necessary for providing an information society service requested by the end-user; or
2017/07/12
Committee: IMCO
Amendment 339 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
(d) if it is technically necessary for web audience measuring of the information society service requested by the user, provided that such measurement is carried out by the provider of the information society service requested by the end-, or on behalf of the provider, or by an independent web analytics agency acting in the public interest or for scientific purpose; and further provided that no personal data is made accessible to any other party and that such web audience measurement does not adversely affect the fundamental rights of the user.;
2017/07/12
Committee: IMCO
Amendment 359 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
1 a. No user shall be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that he or she has not given his or her consent under Article 8(1)(b) to the processing of personal information and/or the use of storage capabilities of his or her terminal equipment that is not necessary for the provision of that service or functionality.
2017/07/12
Committee: IMCO
Amendment 362 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a
(a) it is done exclusively in order to, for the time necessary for, and for the sole purpose of establishing a connection requested by the user; or
2017/07/12
Committee: IMCO
Amendment 363 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
(a a) the user has been informed and has given consent; or
2017/07/12
Committee: IMCO
Amendment 365 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)
(a b) the data are anonymised and the risks are adequately mitigated; or
2017/07/12
Committee: IMCO
Amendment 366 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a c (new)
(a c) it is necessary for the purpose carrying out statistical counting for reasons of public interest of public utility and this purpose cannot not be fulfilled by processing information that is made anonymous.
2017/07/12
Committee: IMCO
Amendment 367 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.deleted
2017/07/12
Committee: IMCO
Amendment 372 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied.deleted
2017/07/12
Committee: IMCO
Amendment 375 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
2 a. For the purposes of point (c) of the previous paragraph, the following safeguards shall be implemented to mitigate risks: (a) Tracking shall be limited to pseudonymous data (b) Tracking shall be limited in space and time to the strict minimum necessary to fulfil the established purpose (c) The data collected shall be deleted or anonymised immediately after the established purpose is fulfilled (d) Users shall have the possibility to easily opt-out (e) The processing information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied.
2017/07/12
Committee: IMCO
Amendment 376 #
Proposal for a regulation
Article 8 – paragraph 2 b (new)
2 b. A data protection impact assessment and a consultation of the supervisory authority should always take place prior to the processing of communications data under points (b) and (c) of paragraph 2. Articles 35 and 36 of Regulation (EU) 2016/679 shall apply with regard to the impact assessment and the consultation to the supervisory authority.
2017/07/12
Committee: IMCO
Amendment 394 #
Proposal for a regulation
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1) and point (b) of Article 8(2), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internetor a device enabling electronic communications. The choices made by users should be binding on and enforceable against any third parties. If users are required to give consent that contradicts the settings of their software, such consent shall always have to be given explicitly.
2017/07/12
Committee: IMCO
Amendment 398 #
Proposal for a regulation
Article 9 – paragraph 3
3. End-uUsers who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and1), point (c) of Article 6(2), points (a) andof Article 6(3), point (b) of Article 8(1) and point (b) of Article 6(38(2) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
2017/07/12
Committee: IMCO
Amendment 403 #
Proposal for a regulation
Article 9 – paragraph 3 a (new)
3 a. Users shall not be denied access to an information society service or functionality, irrespective of whether the service is provided for remuneration or not, on grounds that they have not given their consent under point (c) of Article 6(1), point (c) of Article 6(2), point (a) of Article 6(3), point (b) of Article 8(1) or point (b) of Article 8(2) to the processing of information or the use of the processing or storage capabilities of their terminal equipment that is not necessary for the provision of that service or functionality. In particular, processing of data for the purposes of providing behaviourally targeted advertising shall not be considered as necessary for the performance of a service.
2017/07/12
Committee: IMCO
Amendment 410 #
Proposal for a regulation
Article 10 – title
Information and options for privacy settings to be providedPrivacy by default
2017/07/12
Committee: IMCO
Amendment 414 #
Proposal for a regulation
Article 10 – paragraph 1
1. SThe default settings of hardware and software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipmentbe configured to provide the highest level of privacy protection and protect users' against unauthorised interferences. In particular, default settings shall prevent the tracking of users' online behaviour by other parties. For this purpose, privacy settings shall include a signal which is sent to other parties to inform them about the users' settings. Such settings shall be binding on and enforceable against any other party.
2017/07/12
Committee: IMCO
Amendment 420 #
Proposal for a regulation
Article 10 – paragraph 2
2. Upon installation, the softwarefirst use or whenever any significant modifications are introduced, the user shall be inform the end-usered about the default privacy settings options and, to continue with the installation, require the end-user to consent to a settingand other available options, if any. Information shall be presented in an easily visible and intelligible manner. It shall not incentivise users to select lower privacy settings and shall include relevant information about the risks associated with each setting. Settings must be easily accessible and modifiable at any time during the use of the device or software.
2017/07/12
Committee: IMCO
Amendment 427 #
Proposal for a regulation
Article 10 – paragraph 2 a (new)
2 a. Hardware and software which enables electronic communications and is specifically intended for children's use or targeted at children shall not allow tracking of its user's behaviour and activities for profiling, marketing or advertising purposes.
2017/07/12
Committee: IMCO
Amendment 466 #
Proposal for a regulation
Article 16 – paragraph 1
1. NThe use by natural or legal persons may useof electronic communications services, including voice-to-voice calls, automated calling and communications systems, including semi-automated systems that connect the call person to an individual, faxes, e-mail or other use of electronic communications services for the purposes of presendting unsolicited or direct marketing communications to end-users who are natural persons that, shall be allowed only in respect of users who have given their prior explicit consent.
2017/07/12
Committee: IMCO
Amendment 479 #
Proposal for a regulation
Article 16 – paragraph 3 a (new)
3 a. Unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted. Such communications shall provide the necessary information for recipients to exercise their right to refuse further written or oral marketing messages.
2017/07/12
Committee: IMCO
Amendment 483 #
Proposal for a regulation
Article 16 – paragraph 4
4. Notwithstanding paragraph 1, Member States may provide by law that the placing of direct marketing voice-to-voice calls to end-users who are natural personusers shall only be allowed in respect of end- users who are natural persons who have not expressed their objection to receiving those communications. Member States shall provide that users can objection to receiving thosee unsolicited communications via a national Do Not Call Register, thereby also ensuring that the user is only required to opt out once.
2017/07/12
Committee: IMCO
Amendment 486 #
Proposal for a regulation
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy manner that is as easy as giving the consent and free of charge, to receiving further marketing communications.
2017/07/12
Committee: IMCO