41 Amendments of Carlos COELHO related to 2012/0010(COD)
Amendment 210 #
Proposal for a directive
Recital 28
Recital 28
(28) In order to exercise their rights, any information to the data subject should be easily accessible and easy to understand, including the use of clear and plain language. In particular, when the data subject is a child, that information should be provided in a child-friendly way.
Amendment 260 #
Proposal for a directive
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of their personal data and privacy; and
Amendment 263 #
Proposal for a directive
Article 1 – paragraph 2 – point b
Article 1 – paragraph 2 – point b
(b) ensure that the exchange of personal data by competent authorities within the Union is neither restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data, in line with the free movement of data provided for in Article 16 TFEU. The free movement of data shall not apply in relation to Member States which do not commit themselves to this legislative act.
Amendment 283 #
Proposal for a directive
Article 3 – paragraph 1 – point 14
Article 3 – paragraph 1 – point 14
(14) 'competent authorities’ means any public authority competent, in accordance with the corresponding legislation in each Member State, for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
Amendment 295 #
Proposal for a directive
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposesused for a different purpose, even where it is compatible, unless provided for by law;
Amendment 301 #
Proposal for a directive
Article 4 – paragraph 1 – point d
Article 4 – paragraph 1 – point d
(d) accurate, subject to regular quality verification and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Amendment 309 #
Proposal for a directive
Article 4 – paragraph 1 – point f a (new)
Article 4 – paragraph 1 – point f a (new)
(fa) accessed by or made available only to those duly authorised staff in competent authorities who need them for the performance of their tasks, whereby a rigorous user profile management policy must be implemented.
Amendment 313 #
Proposal for a directive
Article 4 a (new)
Article 4 a (new)
Amendment 321 #
Proposal for a directive
Article 5 – paragraph 1 – point c
Article 5 – paragraph 1 – point c
(c) victims of a criminal offence, or persons with regard to whom certain factsthere are factual indications that give reasons for believing that he or she could be the victim of a criminal offence;
Amendment 332 #
Proposal for a directive
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1a. The categories of data subjects referred to in points (c), (d) and (e) of paragraph 1, i.e. data relating to people who are not suspects and in particular to children, shall be subject to specific conditions and safeguards that guarantee that these data are used proportionately and provide for significantly more limited storage periods and periodic reviews of the need to conserve those data.
Amendment 356 #
Proposal for a directive
Article 8 – paragraph 1
Article 8 – paragraph 1
1. Member States shall prohibit the processing of personal data revealing private life, race or ethnic origin, political opinions, religion or beliefs, trade-union membership, of genetic data or of data concerning health or sex life.
Amendment 359 #
Proposal for a directive
Article 8 – paragraph 2 – point c
Article 8 – paragraph 2 – point c
(c) the processing relates to data which are manifestly made public by the data subject, provided that they are relevant and strictly necessary for the purpose pursued.
Amendment 376 #
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States shall provide that any information and any communication relating to the processing of personal data are to be provided by the controller to the data subject in an intelligible form, using clear and plain language. If the data subject is a child that information should be provided in a child-friendly way.
Amendment 395 #
Proposal for a directive
Article 11 – paragraph 4 – introductory part
Article 11 – paragraph 4 – introductory part
4. Member States may adopt legislative measures delaying, or restricting or omitting the provision of the information to the data subject to the extent that, and as long as, such partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the legitimate interestrights and guarantees of the person concerned:
Amendment 407 #
Proposal for a directive
Article 12 – paragraph 1 – point g
Article 12 – paragraph 1 – point g
(g) communication of the personal data undergoing processing and of any available information as to their source.
Amendment 416 #
Proposal for a directive
Article 13 – paragraph 1 – introductory part
Article 13 – paragraph 1 – introductory part
1. Member States may adopt legislative measures restricting, wholly or partly, the data subject's right of access to the extent that such partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the legitimate interestrights and guarantees of the person concerned:
Amendment 436 #
Proposal for a directive
Article 13 – paragraph 4
Article 13 – paragraph 4
4. Member States shall ensure that the controller documents, on a case-by-case basis, the grounds for omitrestricting the communication of the factual or legal reasons on which the decision is based. That information shall be made available to the national supervisory authorities in the event of a complaint.
Amendment 449 #
Proposal for a directive
Article 15 – paragraph 2 a (new)
Article 15 – paragraph 2 a (new)
2a. Member States shall provide that the controller notifies recipients to whom these data have been sent of any rectification made pursuant to paragraph 1.
Amendment 474 #
Proposal for a directive
Article 16 – paragraph 4 a (new)
Article 16 – paragraph 4 a (new)
4a. Member States shall provide that the controller notifies recipients to whom these data have been sent of any erasure made pursuant to paragraph 1.
Amendment 493 #
Proposal for a directive
Article 20 – paragraph 1
Article 20 – paragraph 1
Member States shall provide that where a controller determines the purposes, conditions and means of the processing of personal data jointly with others, the joint controllers must determine the respective responsibilities for compliance with the provisions adopted pursuant to this Directive, in particular as regards the procedures and mechanisms for exercising the rights of the data subject, by means of a binding written arrangement between them.
Amendment 495 #
Proposal for a directive
Article 20 – paragraph 1 a (new)
Article 20 – paragraph 1 a (new)
Any controller involved in the processing of data must be a competent authority within the meaning of Article 3.
Amendment 498 #
Proposal for a directive
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Member States shall provide that where a processing operation is carried out on behalf of a controller, the controller must choose a processor providing sufficient guarantees to implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of the provisions adopted pursuant to this Directive and ensure the protection of the rights of the data subject. Responsibility for ensuring that these conditions are met shall rest with the controller.
Amendment 504 #
Proposal for a directive
Article 21 – paragraph 3
Article 21 – paragraph 3
Amendment 508 #
Proposal for a directive
Article 22 – paragraph 1
Article 22 – paragraph 1
Member States shall provide that the processor and any person acting under the authority of the controller or of the processor, who has access to personal data, may only process them on instructions from the controller or where required by Union or Member State law and shall be bound by a duty of professional secrecy.
Amendment 514 #
Proposal for a directive
Article 23 – paragraph 2 – point a a (new)
Article 23 – paragraph 2 – point a a (new)
(aa) a binding written agreement, where there are joint controllers; a list of processors and activities carried out by processors;
Amendment 515 #
Proposal for a directive
Article 23 – paragraph 2 – point b a (new)
Article 23 – paragraph 2 – point b a (new)
(ba) a description of the category or categories of data subjects and of the data or categories of data processed;
Amendment 516 #
Proposal for a directive
Article 23 – paragraph 2 – point b b (new)
Article 23 – paragraph 2 – point b b (new)
(bb) a description of the internal rules on the exercise of data subjects' rights in accordance with Article 10.
Amendment 523 #
Proposal for a directive
Article 24 – paragraph 1
Article 24 – paragraph 1
1. Member States shall ensure that records are kept of at least the followingll processing operations: collection, alteration, consultation, disclosure, combinat, including all transmissions or erasuref data. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed personal data, and the identity of the recipient of such data.
Amendment 527 #
Proposal for a directive
Article 24 – paragraph 2
Article 24 – paragraph 2
2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the data protection officer or by the data protection authority.
Amendment 528 #
Proposal for a directive
Article 24 – paragraph 2 a (new)
Article 24 – paragraph 2 a (new)
2a. A regular analysis of records shall be carried out for the purpose of detecting any misuse, in accordance with good security practices.
Amendment 531 #
Proposal for a directive
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1a. The duty of cooperation shall also be ensured where the supervisory authority needs to examine information systems and the processing of personal data, whereby they shall be guaranteed access to the premises of the data controller or processor.
Amendment 537 #
Proposal for a directive
Article 26 – paragraph 1 – introductory part
Article 26 – paragraph 1 – introductory part
1. Member States shall ensure that the controller or the processor consults the supervisory authority prior to the processing of personal data which will form part of a new filing system to be created where:
Amendment 567 #
Proposal for a directive
Article 30 – paragraph 1
Article 30 – paragraph 1
1. Member States shall provide that the controller or the processordesignates a data protection officer. That obligation shall be extended to processors where their intervention is such as to justify the designatesion of a data protection officer.
Amendment 571 #
Proposal for a directive
Article 30 – paragraph 2 a (new)
Article 30 – paragraph 2 a (new)
2a. The data protection officer shall be appointed for a period of at least four years. The data protection officer may be reappointed for a further four years. During the term of office, the data protection officer may only be dismissed from that function, if they no longer fulfil the conditions required for the performance of their duties. Controllers and processors shall be responsible for notifying the supervisory authority of the identity and contact details of the data protection officer, following their appointment, and of any changes that might occur.
Amendment 606 #
Proposal for a directive
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
Amendment 618 #
Proposal for a directive
Article 36 – paragraph 1 a (new)
Article 36 – paragraph 1 a (new)
All transfers of data decided on the basis of derogations shall be duly justified and shall be limited to what is strictly necessary, and frequent massive transfers of data shall not be allowed.
Amendment 626 #
Proposal for a directive
Article 37 – paragraph 1
Article 37 – paragraph 1
Member States shall provide that the controller informs the recipient of the personal data of any processing restrictions and takes all reasonable steps to ensure that these restrictions are met. The controller shall also notify the recipient of the personal data of any update, rectification or erasure of data, and the recipient shall in turn make the corresponding notification in the event that the data has subsequently been transferred.
Amendment 629 #
Proposal for a directive
Article 40 – paragraph 7
Article 40 – paragraph 7
7. Member States shall ensure that the supervisory authority is subject to financial control which shall not affect its independence. Member States shall ensure that the supervisory authority has separate annual budgets, which shall be managed by that authority with complete autonomy. The budgets shall be made public.
Amendment 631 #
Proposal for a directive
Article 41 – paragraph 1
Article 41 – paragraph 1
1. Member States shall provide that the members of the supervisory authority must be appointed either by the parliament or in partnership with the government of the Member State concerned.
Amendment 669 #
Proposal for a directive
Article 61 – title
Article 61 – title
Evaluation and review
Amendment 670 #
Proposal for a directive
Article 61 – paragraph 1
Article 61 – paragraph 1
1. The Commission shall evaluate the application of this Directive. Regular objective and impartial evaluations shall be made by the Commission and Member States in order to verify whether this Directive is being correctly implemented and applied. The Commission shall be responsible for coordinating these evaluations, in close cooperation with the Member States, and shall include announced and unannounced visits. The European Parliament and the Council shall be kept informed throughout the process and shall have access to the relevant documents.