BETA

46 Amendments of Sophia IN 'T VELD related to 2012/0011(COD)

Amendment 362 #
Proposal for a regulation
Recital 14
(14) This Regulation does not address issues of protection of fundamental rights and freedoms or the free flow of data related to activities which fall outside the scope of Union law, nor does it cover the processing of personal data by the Union institutions, bodies, offices and agencies, which are subject to Regulation (EC) No 45/2001, or the processing of personal data by the Member States when carrying out activities in relation to the common foreign and security policy of the Union.
2013/03/04
Committee: LIBE
Amendment 365 #
Proposal for a regulation
Recital 14 a (new)
(14a) Without prejudice to the limitations of the material scope of this Regulation, this Regulation should apply to the processing of personal data by third country authorities for the purpose of intelligence gathering and surveillance within the territory of the EEA by means of extraterritorial jurisdiction.
2013/03/04
Committee: LIBE
Amendment 452 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller may provide a legal basis for processing, in a restrictive way, when no other legal grounds for processing apply and provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 482 #
Proposal for a regulation
Recital 48 a (new)
(48a) The controller or processor should publish information on how often personal data has been requested by police and justice authorities, from which countries these requests originated, and how often those requests were fully or partially refused.
2013/03/04
Committee: LIBE
Amendment 591 #
Proposal for a regulation
Recital 89
(89) In any case, where the Commission has taken no decision on the adequate level of data protection in a third country, the controller or processor should make use of solutions that provide data subjects with a guarantee that they will continue to benefit from the fundamental rights and safeguards as regards processing of their data in the Union once this data has been transferred, to the extent that the processing is not massive, not repetitive and not structural.
2013/03/04
Committee: LIBE
Amendment 593 #
Proposal for a regulation
Recital 90
(90) Some third countries enact laws, regulations and other legislative instruments which purport to directly regulate data processing activities of natural and legal persons under the jurisdiction of the Member States. The extraterritorial application of these laws, regulations and other legislative instruments may be in breach of international law and may impede the attainment of the protection of individuals guaranteed in the Union by this Regulation. . Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may inter alia be theIn cases where the disclosure is necessary fcontrollers or processors an important ground of public interest recognised in Union law or in a Member State law to which the controller is subject. The conditions under which an important ground of public interest exists should be further specified by the Commission in a delegated actre confronted with conflicting compliance requirements between the jurisdiction of the EU on the one hand, and that of a third country on the other, the Commission should ensure that EU law takes precedence at all times. The Commission should provide guidance and assistance to the controller and processor, and it should seek to resolve the jurisdictional conflict with the third country in question.
2013/03/04
Committee: LIBE
Amendment 600 #
Proposal for a regulation
Recital 98
(98) The competent authority, providing such one-stop shop, should be the supervisory authority of the Member State in which the controller or processor has its main establishment. In case of uncertainty regarding the main establishment, the determination of the main establishment of a controller or a processor should be dealt with within the consistency mechanism at the request of a supervisory authority.
2013/03/04
Committee: LIBE
Amendment 609 #
Proposal for a regulation
Recital 110 a (new)
(110a) The European Data Protection Board should work in a transparent way and, where possible and appropriate, consult stakeholders when developing specifications, opinions, guidelines or any other output on the basis of this Regulation.
2013/03/04
Committee: LIBE
Amendment 647 #
Proposal for a regulation
Recital 128
(128) This Regulation respects and does not prejudice the status under national law of churches and religious associations or communities in the Member States, as recognised in Article 17 of the Treaty on the Functioning of the European Union. As a consequence, where a church in a Member State applies, at the time of entry into force of this Regulation, comprehensive rules relating to the protection of individuals with regard to the processing of personal data, these existing rules should continue to apply if they are brought in line with this Regulation. Such churches and religious associations should be required to provide for the establishment of a completely independent supervisory authority.deleted
2013/03/04
Committee: LIBE
Amendment 666 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
(b) by the Union institutions, bodies, offices and agencies;deleted
2013/03/04
Committee: LIBE
Amendment 714 #
Proposal for a regulation
Article 4 – paragraph 1 – point 1
(1) ‘data subject’ means an identified natural person or a natural person who can be identified or singled out, directly or indirectly, alone or in combination with associated data, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to a unique identifier, an identification numbercode, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or, social identityor gender identity or sexual orientation of that person;
2013/03/04
Committee: LIBE
Amendment 784 #
Proposal for a regulation
Article 4 – paragraph 1 – point 13
(13) ‘main establishment’ means as regards the controller, the place of its establishment in the Union where the main decisions as to the purposes, conditions and means of the processing of personal data are taken; the location of the controller’s headquarters is given priority in cases where it is not clear where the main decisions as to the purposes, conditions and means of the processing are taken; if no decisions as to the purposes, conditions and means of the processing of personal data are taken in the Union, the main establishment is the place where the main processing activities in the context of the activities of an establishment of a controller in the Union take place. As regards the processor, ‘main establishment’ means the place of its central administration in the Union;
2013/03/04
Committee: LIBE
Amendment 806 #
Proposal for a regulation
Article 4 – paragraph 1 – point 19 a (new)
(19a) ‘cloud service’ means the provision to the public of data processing or storage services using shared remote resources by means of an electronic communications network;
2013/03/04
Committee: LIBE
Amendment 879 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasksLegitimate interest as a legal ground for processing can only be applied in a restrictive way, to the extent that it is strictly necessary for the purpose of the legitimate interest, and when no other legal ground is available for the specific purpose. The data controller shall in that case inform the data subject explicitly and separately. The controller shall also publish the reasons for believing that its interests override the interests or fundamental rights and freedoms of the data subject.
2013/03/04
Committee: LIBE
Amendment 902 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
1a. The European Data Protection Board shall be entrusted with the task of further specifying when processing is justified for the purpose of the legitimate interests pursued by a controller as referred to in paragraph 1, and when the legitimate interest of the controller is overridden by the interests or fundamental rights and freedoms of the data subject.
2013/03/04
Committee: LIBE
Amendment 1075 #
Proposal for a regulation
Article 9 – paragraph 2 – point j
(j) processing of data relating to criminal convictions or related security measures is carried out either under the control of officialand permission of the supervisory authority or when the processing is necessary for compliance with a legal or regulatory obligation to which a controller is subject, or for the performance of a task carried out for important public interest reasons, and in so far as authorised by Union law or Member State law providing for adequate safeguards for the fundamental rights and interests of the data subject. A complete register of criminal convictions shall be kept only under the control of official authority.
2013/03/04
Committee: LIBE
Amendment 1451 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 1 a (new)
When the controller no longer exists, has disappeared or cannot be identified or contacted, the data subject has the right to obtain the erasure of personal data relating to him or her from third parties that process that personal data, where the same grounds apply as in Article 17(1).
2013/03/06
Committee: LIBE
Amendment 1550 #
Proposal for a regulation
Article 20 – paragraph 1
1. Every natural person shall have the right not to be subject to a measure which produces a legal effects concerning this natural person or significantly affects this natural person, and which is based solely or predominantly on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour. Such automated processing may include the application of web analysing tools, tracking for assessing user behaviour, the creation of motion profiles by mobile applications, or the creation of personal profiles by social networks.
2013/03/06
Committee: LIBE
Amendment 1561 #
Proposal for a regulation
Article 20 – paragraph 2 – point a
(a) is carried out in the course of the entering into, ornecessary for the performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfied or where to which the data subject is a party, or for the implementation of pre- contractual measures taken at the request of the data subject, provided that suitable measures to safeguard the data subject's legitimate interests have been adduced, such as the right to obtain human intervention; or
2013/03/06
Committee: LIBE
Amendment 1577 #
Proposal for a regulation
Article 20 – paragraph 2 – point c
(c) is based on the data subject's consent, subject to the conditions laid down in Article 7 and to suitable safeguards, including effective protection against possible discrimination resulting from measures described in paragraph 1.
2013/03/06
Committee: LIBE
Amendment 1595 #
Proposal for a regulation
Article 20 – paragraph 3
3. Automated processing of personal data intended to evaluate certain personal aspects relating to a natural person shall not be based solely oninclude or generate any data that fall under the special categories of personal data referred to in Article 9, without prejudice to the exceptions listed in Article 9(2).
2013/03/06
Committee: LIBE
Amendment 1600 #
Proposal for a regulation
Article 20 – paragraph 3 a (new)
3a. Profiling on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, sexual orientation or gender identity that has a negative effect on individuals shall be prohibited.
2013/03/06
Committee: LIBE
Amendment 1617 #
Proposal for a regulation
Article 20 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purposeEuropean Data Protection Board shall be entrusted with the task of further specifying the criteria and conditions for suitable measures to safeguard the data subject's fundamental rights regarding the provisions of this Article, and the legitimate interests referred to in paragraph 2.
2013/03/06
Committee: LIBE
Amendment 2153 #
Proposal for a regulation
Article 35 – paragraph 1 – introductory part
1. The controller and the processor shall designate or contract externally a data protection officer in any case where:
2013/03/06
Committee: LIBE
Amendment 2160 #
Proposal for a regulation
Article 35 – paragraph 1 – point b
(b) the processing is carried out by an enterprise employing 250 persons or more; ordeleted
2013/03/06
Committee: LIBE
Amendment 2257 #
Proposal for a regulation
Article 36 – paragraph 1 a (new)
1a. The data protection officer shall report directly to the company board, which is ultimately responsible and accountable for the compliance with the provisions of this Regulation.
2013/03/06
Committee: LIBE
Amendment 2329 #
Proposal for a regulation
Article 37 a (new)
Article 37a COMPANY BOARD RESPONSABILITY The controller and the processor shall designate a company board member who shall bear the final responsibility for the compliance with the provisions of this Regulation.
2013/03/06
Committee: LIBE
Amendment 2448 #
Proposal for a regulation
Article 42 – paragraph 3 a (new)
3a. The appropriate safeguards referred to in paragraph 2 shall include the requirement that litigation on safeguards against third country government surveillance or information requests by third country authorities takes place under the jurisdiction of the Member State of the main establishment of the controller or processor concerned.
2013/03/06
Committee: LIBE
Amendment 2460 #
Proposal for a regulation
Article 42 – paragraph 5
5. Where the appropriate safeguards with respect to the protection of personal data are not provided for in a legally binding instrument, the controller or processor shall obtain prior authorisation for the transfer, or a set of transfers, or for provisions to be inserted into administrative arrangements providing the basis for such transfer. Such authorisation by the supervisory authority shall be in accordance with point (a) of Article 34(1). If the transfer is related to processing activities which concern data subjects in another Member State or other Member States, or substantially affect the free movement of personal data within the Union, the supervisory authority shall apply the consistency mechanism referred to in Article 57. Authorisations by a supervisory authority on the basis of Article 26(2) of Directive 95/46/EC shall remain valid, until amended, replaced or repealed by that supervisory authority.
2013/03/06
Committee: LIBE
Amendment 2493 #
Proposal for a regulation
Article 44 – paragraph 1 – introductory part
1. In the absence of an adequacy decision pursuant to Article 41 or of appropriate safeguards pursuant to Article 42, a transfer or a set of transfers of personal data to a third country or an international organisation may take place, to the extent that the processing is not massive, not repetitive and not structural, only on condition that:
2013/03/06
Committee: LIBE
Amendment 2497 #
Proposal for a regulation
Article 44 – paragraph 1 – point a
(a) the data subject has consented to the proposed transfer, after having been informed of the risks of such transfers due to the absence of an adequacy decision and appropriate safeguards; orand
2013/03/06
Committee: LIBE
Amendment 2498 #
Proposal for a regulation
Article 44 – paragraph 1 – point d
(d) the transfer is necessary for important grounds of public interest; ordeleted
2013/03/06
Committee: LIBE
Amendment 2516 #
Proposal for a regulation
Article 44 – paragraph 5
5. The public interest referred to in point (d) of paragraph 1 must be recognised in Union law or in the law of the Member State to which the controller is subject.deleted
2013/03/06
Committee: LIBE
Amendment 2527 #
Proposal for a regulation
Article 44 – paragraph 7
7. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying ‘important grounds of public interest’ within the meaning of point (d) of paragraph 1 as well as the criteria and requirements for appropriate safeguards referred to in point (h) of paragraph 1.
2013/03/06
Committee: LIBE
Amendment 2531 #
Proposal for a regulation
Article 44 a (new)
Article 44a Transfers to cloud services under third country jurisdiction The transfer of personal data to cloud services under the jurisdiction of a third country shall be prohibited, unless: (a) one of the legal grounds for transfer of personal data to third countries listed in this Chapter is applied; and (b) the data subject has given consent; and (c) the consent has been given by the data subject after having been informed in clear, unambiguous and warning language through a separate and prominently visible reference to: (i) the possibility of the personal data being subject to intelligence gathering or surveillance by third-country authorities; and (ii) the risk that the protection of personal data and fundamental rights provided by Union and Member State law cannot be guaranteed, despite the legal basis of the transfer.
2013/03/06
Committee: LIBE
Amendment 2533 #
Proposal for a regulation
Article 45 – paragraph 1 – point a
(a) develop effective international co- operation mechanisms to facilitatensure the enforcement of legislation for the protection of personal data;
2013/03/06
Committee: LIBE
Amendment 2534 #
Proposal for a regulation
Article 45 – paragraph 1 – point d a (new)
(da) clarify and resolve jurisdictional conflicts with third countries.
2013/03/06
Committee: LIBE
Amendment 2629 #
Proposal for a regulation
Article 53 – paragraph 2 – subparagraph 1 – point a
(a) access to all personal data and to all documents and information necessary for the performance of its duties;
2013/03/06
Committee: LIBE
Amendment 2746 #
Proposal for a regulation
Article 66 – paragraph 1 – point g a (new)
(ga) provide assistance or litigate on behalf of the supervisory authority, at the request of that supervisory authority, when the resources of the supervisory authority are insufficient to effectively take up a case before any court;
2013/03/06
Committee: LIBE
Amendment 2750 #
Proposal for a regulation
Article 66 – paragraph 1 – point g b (new)
(gb) The European Data Protection Board shall work in a transparent way and, where appropriate, consult stakeholders when developing specifications, opinions, guidelines or other output on the basis of this Regulation.
2013/03/06
Committee: LIBE
Amendment 2771 #
Proposal for a regulation
Article 71 a (new)
Article 71a Legal Service 1. The European Data Protection Board shall have a legal service. The European Data Protection Supervisor shall provide that legal service. 2. The legal service shall provide legal assistance to supervisory authorities and the European Data Protection Board under the direction of the chair. 3. The legal service shall be responsible in particular for: (a) providing assistance to supervisory authorities in litigation at the request of a supervisory authority; (b) litigating on behalf of the supervisory authority when the resources of the supervisory authority are insufficient to effectively take up a case before any court at the request of the supervisory authority, or at the request of the European Data Protection Board or the Commission with the consent of the supervisory authority; (c) exchanging legal knowledge and experience among the supervisory authorities; (d) clarifying jurisdictional conflicts with third countries.
2013/03/06
Committee: LIBE
Amendment 2844 #
Proposal for a regulation
Article 79 – title
Administrative sSanctions
2013/03/06
Committee: LIBE
Amendment 2948 #
Proposal for a regulation
Article 79 – paragraph 7 a (new)
7a. The Commission shall bring forward a legislative proposal for the purpose of specifying the criteria and requirements for the joint and several liability of the board of the controller and the processor, and in particular the board member referred to in Article 37a, in cases of non- compliance with the provisions of this Regulation within one year after the entry into force of this Regulation.
2013/03/06
Committee: LIBE
Amendment 2949 #
Proposal for a regulation
Article 79 – paragraph 7 b (new)
7b. The Commission shall bring forward a legislative proposal for the purpose of specifying the criteria and requirements for administrative and criminal sanctions against the board, in particular the board member referred to in Article 37a, in cases of non-compliance with the provisions of this Regulation causing, or having caused, damage to data subjects, within one year after the entry into force of this Regulation.
2013/03/06
Committee: LIBE
Amendment 2950 #
Proposal for a regulation
Article 79 – paragraph 7 c (new)
7c. The Commission shall bring forward a legislative proposal for the purpose of specifying the conditions and criteria to guarantee the legal protection of whistleblowers within one year after the entry into force of this Regulation.
2013/03/06
Committee: LIBE
Amendment 3100 #
Proposal for a regulation
Article 85
Existing data protection rules of churches and religious associations 1. Where in a Member State, churches and religious associations or communities apply, at the time of entry into force of this Regulation, comprehensive rules relating to the protection of individuals with regard to the processing of personal data, such rules may continue to apply, provided that they are brought in line with the provisions of this Regulation. 2. Churches and religious associations which apply comprehensive rules in accordance with paragraph 1 shall provide for the establishment of an independent supervisory authority in accordance with Chapter VI of this Regulation.Article 85 deleted
2013/03/08
Committee: LIBE