BETA

Activities of Eva LICHTENBERGER related to 2012/0011(COD)

Legal basis opinions (0)

Amendments (25)

Amendment 79 #
Proposal for a regulation
Recital 33
(33) In order to ensure free consent, it should be clarified that consent does not provide a valid legal ground where the individual has no genuine and free choice and is subsequently not able to refuse or withdraw consent without detriment. Consent should also not provide a legal basis for data processing when the data subject has no access to different equivalent services. Default settings such as pre-ticked boxes, silence, or the simple use of a service do not imply consent. Consent can only be obtained for processing that is lawful and thus not excessive in relation to the purpose. Disproportional data processing cannot be legitimised though obtaining consent.
2012/11/29
Committee: JURI
Amendment 80 #
Proposal for a regulation
Recital 34
(34) Consent should not provide a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees' personal data in the employment context, or where a controller has a substantial market power with respect to certain products or services and where these products or services are offered on condition of consent to the processing of personal data, or where a unilateral and non- essential change in terms of service gives a data subject no option other than accept the change or abandon an online resource in which they have invested significant time. Where the controller is a public authority, there would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.
2012/11/29
Committee: JURI
Amendment 81 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.deleted
2012/11/29
Committee: JURI
Amendment 87 #
Proposal for a regulation
Recital 55
(55) To further strengthen the control over their own data and their right of access, data subjects should have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain a copy of the data concerning them also in commonly used electronic format, to obtain, free of charge, a copy of the data concerning them in an electronic, interoperable and structured format which is commonly used. The data subject should also be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. This should apply where the data subject providedProviders of information society services should not make the transfer of those data to the automated processing system, based on their consent or in the performance of a contramandatory for the provision of their services. Social networks should be encouraged as much as possible to store data in a way which permits efficient data portability for data subjects.
2012/11/29
Committee: JURI
Amendment 90 #
Proposal for a regulation
Recital 58
(58) Every natural person should have the right not to be subject to a measure which is based on profiling by means of automated processing. However, any such measure should be allowed when expressly authorised by law, carried out in the course of entering or performance of a contract, or when the data subject has given his consent. In any case, such processing should be subject to suitable safeguards, including specific information of the data subject and the right to obtain human intervention and that such measure should not concern a child. Specifically, such processing should never, whether intentionally or not, lead to the discrimination of data subjects on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, or sexual orientation. Given the risk of discrimination, such processing should not be used in order to predict very rare characteristics.
2012/11/29
Committee: JURI
Amendment 97 #
Proposal for a regulation
Recital 121 a (new)
(121a) This Regulation allows the principle of public access to official documents to be taken into account when applying the provisions set out in this Regulation. Personal data in documents held by a public authority or a public body may be disclosed by this authority or body in accordance with Member State legislation to which the public authority or public body is subject. Such legislation shall reconcile the right to the protection of personal data with the principle of public access to official documents.
2012/11/29
Committee: JURI
Amendment 107 #
Proposal for a regulation
Article 4 – point 1
(1) 'data subject' means an identified natural person or a natural person who can be identified or singled out, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number or other unique identifier, location data, online identifier or to one or more factors specific to the gender, physical, physiological, genetic, mental, economic, cultural or social identity or sexual orientation of that person;
2012/11/29
Committee: JURI
Amendment 112 #
Proposal for a regulation
Article 4 – point 3 a (new)
(3a) 'profiling' means any form of automated processing intended to evaluate, or generate data about, aspects relating to natural persons or to analyse or predict a natural person's performance at work, economic situation, location, health, preferences, reliability, behaviour or personality;
2012/11/29
Committee: JURI
Amendment 135 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.deleted
2012/11/29
Committee: JURI
Amendment 191 #
Proposal for a regulation
Article 15 – paragraph 1 – point h a (new)
(ha) in the case of measures based on profiles, meaningful information about the logic used in the profiling;
2012/11/29
Committee: JURI
Amendment 203 #
Proposal for a regulation
Article 17 – paragraph 2
2. Where the controller referred to in paragraph 1 has made the personal data public, it shall take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorised a third party publication of personal data, the controller shall be considered responsible for that publication.deleted
2012/11/29
Committee: JURI
Amendment 211 #
Proposal for a regulation
Article 18 – paragraph 1
1. The data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic, interoperable and structured format which is commonly used and allows for further use by the data subject.
2012/11/29
Committee: JURI
Amendment 221 #
Proposal for a regulation
Article 20 – paragraph 1
1. Every natural person shall have the right, both off-line and online, not to be subject to a measure which produces legal effects concerning this natural person or significantly affects this natural person, and which is based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.
2012/11/29
Committee: JURI
Amendment 223 #
Proposal for a regulation
Article 20 – paragraph 2 – introductory part
2. Subject to the other provisions of this Regulation, including paragraphs (3) and (4), a person may be subjected to a measure of the kind referred to in paragraph 1 only if the processing:
2012/11/29
Committee: JURI
Amendment 224 #
Proposal for a regulation
Article 20 – paragraph 2 – point a
(a) is carried out in the course ofnecessary for the entering into, or performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfied or where suitable measures to safeguard the data subject's legitimate interests have been adduced, such as the right to obtain humanincluding the right to be provided with meaningful information about the logic used in the profiling, and the right to obtain human intervention, including an explanation of the decision reached after such intervention; or
2012/11/29
Committee: JURI
Amendment 225 #
Proposal for a regulation
Article 20 – paragraph 2 – point b
(b) is expressly authorized by a Union or Member State law which also lays down suitable measures to safeguard the data subject's legitimate interests, and which protects the data subjects against possible discrimination resulting from measures described in paragraph 1; or
2012/11/29
Committee: JURI
Amendment 228 #
Proposal for a regulation
Article 20 – paragraph 2 – point c
(c) is based on the data subject's consent, subject to the conditions laid down in Article 7 and to suitable safeguards, including effective protection against possible discrimination resulting from measures described in paragraph 1.
2012/11/29
Committee: JURI
Amendment 231 #
Proposal for a regulation
Article 20 – paragraph 3
3. Automated processing of personal data intended to evaluate certain personal aspects relating to a natural person shall not be based solely oninclude or generate any data that fall under the special categories of personal data referred to in Article 9, except when falling under the exceptions listed in Article 9(2).
2012/11/29
Committee: JURI
Amendment 232 #
Proposal for a regulation
Article 20 – paragraph 3 a (new)
3a. Profiling that (whether intentionally or otherwise) has the effect of discriminating against individuals on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, or sexual orientation, or that (whether intentionally or otherwise) results in measures which have such effect, shall be prohibited.
2012/11/29
Committee: JURI
Amendment 233 #
Proposal for a regulation
Article 20 – paragraph 3 b (new)
3b. Automated processing of personal data intended to evaluate certain personal aspects relating to a natural person shall not be used to identify or individualise children.
2012/11/29
Committee: JURI
Amendment 235 #
Proposal for a regulation
Article 20 – paragraph 4
4. In the cases referred to in paragraph 2, the information to be provided by the controller under Articles 14 and 15 shall include information as to the existence of processing for a measure of the kind referred to in paragraph 1 and the envisaged effects of such processing on the data subject, as well as the access to the logic underpinning the data undergoing processing.
2012/11/29
Committee: JURI
Amendment 238 #
Proposal for a regulation
Article 20 – paragraph 5
5. TWithin six months of the coming into force of this Regulation, the Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for suitable measures to safeguard the data subject's' legitimate interests referred to in paragraph 2. The Commission shall consult representatives of data subjects and the Data Protection Board on its proposals before issuing them.
2012/11/29
Committee: JURI
Amendment 285 #
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 724 hours after having become aware of it, notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 724 hours.
2012/11/29
Committee: JURI
Amendment 345 #
Proposal for a regulation
Article 44 a (new)
Article 44a Disclosures not authorised by Union law 1. No judgment of a court or tribunal and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall be recognised or be enforceable in any manner, without prejudice to a mutual assistance treaty or an international agreement in force between the requesting third country and the Union or a Member State. 2. Where a judgment of a court or tribunal or a decision of an administrative authority of a third country requests a controller or processor to disclose personal data, the controller or processor and, if any, the controller's representative, shall notify the supervisory authority of the request without undue delay and must obtain prior authorisation for the transfer by the supervisory authority in accordance with point (d) of Article 34(1). 3. The supervisory authority shall assess the compliance of the requested disclosure with the Regulation and in particular whether the disclosure is necessary and legally required in accordance with points (d) and (e) of paragraph 1 and paragraph 5 of Article 44. 4. The supervisory authority shall inform the competent national authority of the request. The controller or processor shall also inform the data subject of the request and of the authorisation by the supervisory authority. 5. The Commission may lay down the standard format of the notifications to the supervisory authority referred to in paragraph 2 and the information of the data subject referred to in paragraph 4 as well as the procedures applicable to the notification and information. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).
2012/11/29
Committee: JURI
Amendment 439 #
Proposal for a regulation
Article 80 a (new)
Article 80a Processing of personal data and the principle of public access to official documents Personal data in documents held by a public authority or a public body may be disclosed by this authority or body in accordance with Member State legislation regarding public access to official documents, which reconciles the right to the protection of personal data with the principle of public access to official documents.
2012/11/29
Committee: JURI