33 Amendments of Jacek PROTASIEWICZ related to 2012/0011(COD)
Amendment 360 #
Proposal for a regulation
Recital 12
Recital 12
(12) The protection afforded by this Regulation concerns natural persons, whatever their nationality or place of residence, in relation to the processing of personal data, except for those pursuing economic activity, which identifies them on the market. With regard to the processing of data which concern legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person, the protection of this Regulation should not be claimed by any person. This should also apply where the name of the legal person contains the names of one or more natural persons.
Amendment 410 #
Proposal for a regulation
Recital 25
Recital 25
(25) Consent should be given freely and without pressure from the controller and explicitly by any appropriate method enabling a freely given specific andn informed indication of the data subject’s wishes, either by a statement or by a clear affirmative action by the data subject, ensuring that individuals are aware that they give their consent to the processing of personal data, including by ticking a box when visiting an Internet website or by any other statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of their personal data. Silence or inactivity should therefore not constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. If the data subject’s consent is to be given following an electronic request, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Amendment 447 #
Proposal for a regulation
Recital 34
Recital 34
(34) Consent should not provide a valid legal ground for the processing of personal data, where there isbe expressed freely and without pressure from the controller. Consent cannot be deemed as freely given when due to a clear imlack of balance between the data subject and the controller, a refusal to give consent could result in adverse financial or legal consequences for the data subject. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees’ personal data in the employment context. Where the controller is a public authority, there would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.
Amendment 454 #
Proposal for a regulation
Recital 38
Recital 38
(38) The legitimate interests of a controller may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. A legitimate interest pursued by a controller may include in particular direct marketing of controller's goods and services and enforcement of the controller’s claims. When data subject withdraws his or her consent, the controller should be also allowed to refuse further provision of services if the processing is necessary because of the nature of the service or the functioning of the filling system. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
Amendment 479 #
Proposal for a regulation
Recital 48
Recital 48
(48) The principles of fair and transparent processing require that the data subject should be informed in particular of the existence of the processing operation and its purposes, how long the data will be stored, and if not possible the criteria used to determine the data storage period, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.
Amendment 485 #
Proposal for a regulation
Recital 51
Recital 51
(51) Any person should have the right of access to data which has been collected concerning them, and to exercise this right easily, in order to be aware and verify the lawfulness of the processing. Every data subject should therefore have the right to know and obtain communication in particular for what purposes the data are processed, for what period, and if not possible the criteria used to determine the data storage period, which recipients receive the data, what is the logic of the data that are undergoing the processing and what might be, at least when based on profiling, the consequences of such processing. This right should not adversely affect the rights and freedoms of others, including trade secrets or intellectual property and in particular the copyright protecting the software. However, the result of these considerations should not be that all information is refused to the data subject.
Amendment 692 #
Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)
Article 2 – paragraph 2 – point e a (new)
(ea) natural person pursuing economic activity, which identifies this person on the market;
Amendment 693 #
Proposal for a regulation
Article 2 – paragraph 2 – point e b (new)
Article 2 – paragraph 2 – point e b (new)
(eb) of a natural person which data are made public in the course of exercising professional duties such as name, contact details and function;
Amendment 697 #
Proposal for a regulation
Article 2 – paragraph 3 a (new)
Article 2 – paragraph 3 a (new)
3a. If the separate provisions of the European Union or the Member States law provide for more advanced protection of personal data than provided by this Regulation, these provisions shall be implemented complementarily. This applies in particular to the secrecy protected by law, e.g. bank secrecy.
Amendment 698 #
Proposal for a regulation
Article 2 – paragraph 3 b (new)
Article 2 – paragraph 3 b (new)
3b. The information disclosed in accordance with the law in national registers of economic entities is not protected under this Regulation to the extent that it identifies entities on the market.
Amendment 771 #
Proposal for a regulation
Article 4 – paragraph 1 – point 9
Article 4 – paragraph 1 – point 9
(9) ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Amendment 788 #
Proposal for a regulation
Article 4 – paragraph 1 – point 13
Article 4 – paragraph 1 – point 13
(13) ‘main establishment’ means as regards the controller, the place of its establishment in the Union where the main decisions as to the purposes, conditions and means of the processing of personal data are taken; i. In case of a group of undertakings, it is the place of establishment of the company with the dominant position over rest of the group as regards data protection policy. If no decisions as to the purposes, conditions and means of the processing of personal data are taken in the Union, the main establishment is the place where the main processing activities in the context of the activities of an establishment of a controller in the Union take place. As regards the processor, ‘main establishment’ means the place of its central administration in the Unionthe same rules apply. The competent authority shall be informed by the controller and processor of the designation of a ‘main establishment’;
Amendment 861 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
Article 6 – paragraph 1 – point c
(c) processing is necessary for exercise of the right or compliance with a legal obligation to which the controller is subject;
Amendment 877 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular wherewithout prejudice to the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, processing is necessary for the purposes of the legitimate interests pursued by a controller, in particular: - direct marketing for its own and similar products and services, - the enforcement of the claims of the controller or of a third party on behalf of which the controller is acting in relation to the data subject, or for preventing or limiting damage by the data subject is a child.to the controller This shall not apply to processing carried out by public authorities in the performance of their tasks.
Amendment 893 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
Article 6 – paragraph 1 – point f a (new)
(fa) processing is necessary in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organization of work, health and safety at work, and for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship, as well as for the purpose of entering, updating, improving, and modifying employees' data processing systems, including technical security systems designed to protect employees' data against unauthorized access by third parties, including transformation, viruses and malware;
Amendment 982 #
Proposal for a regulation
Article 7 – paragraph 3 a (new)
Article 7 – paragraph 3 a (new)
3a. In the event that the data subject withdraws consent, the controller may refuse to provide further services if the processing of the data is vital for the provision of the service or ensuring the appropriate level of services.
Amendment 993 #
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Consent shall not provide a legal basis for the processing, where there is if, due to a significant imbalance between the position of the data subject and the controllercontroller and the data subject, it has not been given freely, in accordance with Article 4(8).
Amendment 1011 #
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
1. For the purposes of this Regulation, in relation to the offering of information society services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child's parent or custodian. The controller shall make reasonable efforts to obtain verifiable consent, taking into consideration available technology.
Amendment 1052 #
Proposal for a regulation
Article 9 – paragraph 2 – point b
Article 9 – paragraph 2 – point b
(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller in the field of employment law in so far as it is authorised by Union law or Member State law providing for adequate safeguards ensuring the fundamental rights of the data subject such as right to non-discrimination; or
Amendment 1066 #
Proposal for a regulation
Article 9 – paragraph 2 – point g
Article 9 – paragraph 2 – point g
(g) processing is necessary for the performance of a task carried out in the public interest, on the basis of Union law, or Member State law which shall provide for suitable measures to safeguard the data subject's legitimate interests and fundamental rights; or
Amendment 1141 #
Proposal for a regulation
Article 12 – paragraph 4
Article 12 – paragraph 4
4. The information and the actions taken on requests referred to in paragraph 1 shall be free of charge. Where requests are manifestly excessive, in particular because of their repetitivf the request of the same character repeats more ctharactern once per 6 months, the controller may charge an administrative fee for providing the information or taking the action requested, or the controller may not take the action requested. In that case, the controller shall bear the burden of proving the manifestly excessive characterrepetitiveness of the request.
Amendment 1166 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
The controller shall communicate any rectification or erasure carried out in accordance with Articles 16 and 17 to each recipient with whom he stays in contractual relationship and to whom the data have been disclosed, unless this proves impossible or involves a disproportionate effort.
Amendment 1196 #
Proposal for a regulation
Article 14 – paragraph 1 – point c
Article 14 – paragraph 1 – point c
(c) the period for which the personal data will be stored and if not possible the criteria used to determine this period;
Amendment 1332 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject. This is without prejudice to the right of the controller to determine other form of handling requests for information specified in point 1 if it is justified by the necessity of verifying the identity of subject requesting such information.
Amendment 1342 #
Proposal for a regulation
Article 15 – paragraph 2 a (new)
Article 15 – paragraph 2 a (new)
2a. The data subject shall have the right, where personal data are processed by electronic means, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which allows for further use.
Amendment 1412 #
Proposal for a regulation
Article 17 – paragraph 2
Article 17 – paragraph 2
Amendment 1491 #
Proposal for a regulation
Article 18
Article 18
Amendment 1548 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. Every natural person, both off-line and online, shall have the right not to be subject to a measure which produces legal effects concerning this natural person or significantly affects this natural person, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.
Amendment 1564 #
Proposal for a regulation
Article 20 – paragraph 2 – point a
Article 20 – paragraph 2 – point a
(a) is carried out in the course of the entering into, or performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfiexamined or where suitable measures to safeguard the data subject's legitimate interests have been adduced, such asincluding the right to obtain the information on the profiling criteria and the right to obtain human intervention; or
Amendment 1573 #
Proposal for a regulation
Article 20 – paragraph 2 – point b
Article 20 – paragraph 2 – point b
(b) is expressly authorized by a Union or Member State law which also lays down suitable measures to safeguard the data subject's legitimate interests and fundamental rights, including the right to non- discrimination; or
Amendment 1609 #
Proposal for a regulation
Article 20 – paragraph 4
Article 20 – paragraph 4
4. In the cases referred to in paragraph 2, the information to be provided by the controller under Articles14 and 145 shall include information as to the existence of processing for a measure of the kind referred to in paragraph 1, including the criteria for the processing in question and the envisaged effects of such processing on the data subject.
Amendment 1759 #
Proposal for a regulation
Article 25 – paragraph 2 – point b
Article 25 – paragraph 2 – point b
(b) an enterprise employing fewer than 250 persons, unless its core activities, regardless the number of the employees, consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects; or
Amendment 2230 #
Proposal for a regulation
Article 35 – paragraph 7
Article 35 – paragraph 7
7. The controller or the processor shall designate a data protection officer for a period of at least two years. The data protection officer may be reappointed for further terms. During their term of office, the data protection officer may only be dismissed, if the data protection officer no longer fulfils the conditions required for the performance of their duties.