Activities of Alexander Nuno PICKART ALVARO related to 2007/0248(COD)
Plenary speeches (1)
Electronic communications networks, personal data and the protection of privacy - Electronic communications networks and services - Body of European Regulators for Electronic Communications (BEREC) and the Office - Frequency bands for mobile communications (debate)
Amendments (15)
Amendment 29 #
Proposal for a directive – amending act
Recital 26 a (new)
Recital 26 a (new)
(26a) This Directive provides for the harmonisation of the provisions of the Member States required to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy and the right of confidentiality and security of information technology systems, with respect to the processing of personal data in the electronic communication sector and to ensure the free movement of such data and of electronic communication equipment and services in the Community.
Amendment 31 #
Proposal for a directive – amending act
Recital 28 a (new)
Recital 28 a (new)
(28a) For the purposes of this Directive, “traffic data” should not only mean any data which is processed for the purpose of the conveyance of a communications network or for the billing thereof but also personal data within the meaning of Article 2 of Directive 95/46/EC when the data concerned whether alone or in conjunction with other legally available data are relating to an individual directly identifiable by the entity processing the data.
Amendment 33 #
Proposal for a directive – amending act
Recital 29
Recital 29
(29) A serious breach of security resulting in the loss or compromising personal data of an individual subscriber may, if not addressed in an adequate and timely manner, result in substantial economic loss and social harm, including identity fraud. Therefore, subscribers concerned by such security incidents should be notified without delay and informed in order to be able to take the necessary precautionsthe national regulatory authority should be notified without delay. The notification should include information about measures taken by the provider to address the breach, as well as recommendations for the users affected. The competent authority shall consider and determine the seriousness of the breach. If the breach is deemed to be serious the competent authority shall require the provider of publicly available electronic communications service and the provider of information society services to appropriately notify without undue delay the persons concerned by the breach.
Amendment 45 #
Proposal for a directive – amending act
Recital 35 a (new)
Recital 35 a (new)
(35a) Where location data other than traffic data can be processed, such data may only be processed when they are made anonymous or with the prior consent of the users or subscribers. They shall be given clear and comprehensive information on the possibility to withdraw their consent for the processing of traffic data at any time.
Amendment 46 #
Proposal for a directive – amending act
Article 2 - point -1 (new)
Article 2 - point -1 (new)
Directive 2002/58/EC
Article 1 - paragraph 1
Article 1 - paragraph 1
Amendment 49 #
Proposal for a directive – amending act
Article 2 - point -1 b (new)
Article 2 - point -1 b (new)
Directive 2002/58/EC
Article 2 - point (b)
Article 2 - point (b)
(-1b) Article 2(b) shall be replaced by the following: (b) "traffic data" means any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof. Traffic data within the meaning of this Article are also personal data within the meaning of Article 2 of Directive 95/46/EC when the data concerned whether alone or in conjunction with other legally available data are relating to an individual directly identifiable by the entity processing the data.
Amendment 53 #
Proposal for a directive – amending act
Article 2 - point 3 - point a a (new)
Article 2 - point 3 - point a a (new)
Directive 2002/58/EC
Article 4 - paragraph 1 a (new)
Article 4 - paragraph 1 a (new)
(1a) Without prejudice to the provisions of Directive 95/46/EC and 2006/24/EC these measures shall include: - Appropriate technical and organisational measures to ensure that personal data can be accessed only by authorized personnel and to protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure - Appropriate technical and organizational measures to protect the network and services against accidental, unlawful or unauthorized usage, interference or hindering of its functioning or availability. - A security policy with respect to the processing of personal data - A process for identifying and assessing reasonably foreseeable vulnerabilities in the systems maintained by the provider of the electronic communication service, which shall include regular monitoring for security breaches - A process for taking preventive, corrective and mitigating action against any vulnerabilities discovered in the process described under hyphen three and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach
Amendment 55 #
Proposal for a directive – amending act
Article 2 - point 3 - point b
Article 2 - point 3 - point b
Directive 2002/58/EC
Article 4 - paragraph 3
Article 4 - paragraph 3
3. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available communications services in the Community which is likely to cause harm to users, the provider of publicly available electronic communications services shall, withou, as well as any company operating on the Internet uandue delay, notify the subscriber concerned and the national regulatory authority providing services to consumers, who is the data controller and the provider of information society services shall, without undue delay, notify the national regulatory authority or the competent authority according to the individual law of the Member State of such a breach. The notification to the subscribercompetent authority shall at least describe the nature of the breach and recommend measures to mitigate its possible negative effects. The notification to the national regulatorycompetent authority shall, in addition, describe the consequences of and the measures taken by the provider to address the breach.
Amendment 58 #
Proposal for a directive – amending act
Article 2 - point 3 - point b
Article 2 - point 3 - point b
Directive 2002/58/EC
Article 4 - paragraph 3 a (new)
Article 4 - paragraph 3 a (new)
3a. The competent authority shall consider and determine the seriousness of the breach. If the breach is deemed to be serious the competent authority shall require the provider of publicly available electronic communications service and the provider of information society services to appropriately notify without undue delay the persons concerned by the breach. The notification must contain the elements described in paragraph 3. The notification of a serious breach may be postponed in cases where the notification can undermine the progress of a criminal investigation related to the serious breach.
Amendment 59 #
Proposal for a directive – amending act
Article 2 - point 3 - point b
Article 2 - point 3 - point b
Directive 2002/58/EC
Article 4 - paragraph 3 c (new)
Article 4 - paragraph 3 c (new)
3c. The breach shall not be determined to be serious and the provider of publicly available electronic communication services and the provider of information society services shall be exempt from the requirement to notify or provide notification to the persons concerned, if it can demonstrate that there is no reasonable risk to the personal data affected by the breach due to the use of appropriate technological protection measures, including but not limited to appropriate encryption technologies. The technological protection measures in the event of accidental or unlawful loss, alteration, unauthorized disclosure of or access to personal data which are transmitted or stored would either render the data unintelligible to any third party, or in the event of accidental or unlawful loss of the technological protection measures would render the personal data available to the provider of publicly available electronic communication services and the provider of information society services.
Amendment 68 #
Proposal for a directive – amending act
Article 2 - point 4
Article 2 - point 4
Directive 2002/58/EC
Article 5 - paragraph 3
Article 5 - paragraph 3
3. Member States shall ensure that the storing of information, or gaining access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerne, either directly or indirectly by means of any kind of storage medium, is prohibited unless the subscriber or user concerned has given his/her prior consent, whereas respective browser settings constitute prior consent, and is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing and is offered the right to refuse such processing by theand is offered the right to refuse such processing by data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
Amendment 70 #
Proposal for a directive – amending act
Article 2 - point 4 b (new)
Article 2 - point 4 b (new)
Directive 2002/58/EC
Article 9 - paragraph 1
Article 9 - paragraph 1
Amendment 75 #
Proposal for a directive – amending act
Article 2 - point -5 b (new)
Article 2 - point -5 b (new)
Directive 2002/58/EC
Article 13 - paragraph 1
Article 13 - paragraph 1
(-5b) Article 13(1) shall be replaced by the following: 1. The use of automated calling and communication systems without human intervention (automatic calling machines), facsimile machines (fax) or electronic mail (including short message services (SMS) and multi media services (MMS)) for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.
Amendment 79 #
Proposal for a directive – amending act
Article 2 - point -7 b (new)
Article 2 - point -7 b (new)
Directive 2002/58/EC
Article 15 - paragraph 1
Article 15 - paragraph 1
(-7b) In Article 15, paragraph 1 shall be replaced by the following: 1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5 (1) and (2), Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorized use of the electronic communication system including the right to property, as referred to in Article 13(1) of Directive 95/46/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union.
Amendment 87 #
Proposal for a directive – amending act
Article 2 - point 7 c (new)
Article 2 - point 7 c (new)
Directive 2002/58/EC
Article 18 a (new)
Article 18 a (new)
(7c) The following Article 18a is inserted: Article 18a The Commission shall submit to the European Parliament and the Council, not later than two years after the entry into force of this Directive, a report on the application of this Directive and its impact on economic operators and consumers, in particular as regards the provisions on unsolicited communications, breach notifications, and the use of personal data by third parties - public or private - for purposes not covered by this Directive, taking into account the international environment. For this purpose, the Commission may request information from the Member States, which shall be supplied without undue delay. Where appropriate, the Commission shall submit proposals to amend this Directive, taking account of that report, any changes in the sector, and the Treaty of Lisbon, in particular the new competences in matters of data protection as laid down in Article 16, and any other proposal it may deem necessary in order to improve the effectiveness of this Directive.