26 Amendments of Pilar del CASTILLO VERA related to 2012/0011(COD)
Amendment 254 #
Proposal for a regulation
Recital 62
Recital 62
(62) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processor, also in relation to the monitoring by and measures of supervisory authorities, requires a clear attribution of the responsibilities under this Regulation, including where a controller determines the purposes, conditions and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.
Amendment 257 #
Proposal for a regulation
Recital 65
Recital 65
(65) In order to demonstrate compliance with this Regulation, the controller or processor should document each processing operation. Each controller and processor should be obliged to co-operate with the supervisory authority and make this documentation, on request, available to it, so that it might serve for monitoring those processing operations.
Amendment 334 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5
Article 4 – paragraph 1 – point 5
(5) ‘'controller’' means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes, conditions and means of the processing of personal data; where the purposes, conditions and means of processing are determined by Union law or Member State law, the controller or the specific criteria for his nomination may be designated by Union law or by Member State law;
Amendment 374 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
Article 6 – paragraph 1 – point f a (new)
(fa) processing is limited to pseudonymised data and the recipient of the service is given a right to object pursuant to Art. 19 (3) (new).
Amendment 431 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
If the data processed by a controller do not permit the controller to identify a natural person, in particular when rendered anonymous or pseudonymous, the controller shall not be obliged to acquire additional information in order to identify or to individualise the data subject for the sole purpose of complying with any provision of this Regulation.
Amendment 510 #
Proposal for a regulation
Article 18 – paragraph 2 a (new)
Article 18 – paragraph 2 a (new)
2a. Paragraphs 1 and 2 do not apply to the processing of anonymised and pseudonymised data, insofar as the data subject is not sufficiently identifiable on the basis of such data, or identification would require the controller to undo the process of pseudonymisation.
Amendment 512 #
Proposal for a regulation
Article 18 – paragraph 3
Article 18 – paragraph 3
3. The Commission may specify the electronic format, referred to in paragraph 1 and the technical standards, modlated functionalities and procedures for the transmission of personal data pursuant to paragraph 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2), shall be determined by the controller by reference to the most appropriate industry standards available or as defined by industry stakeholders or standardisation bodies. The Commission shall promote and assist industry, stakeholders and standardisation bodies in the mapping and adoption of technical standards, modalities and procedures for the transmission of personal data pursuant to paragraph 2.
Amendment 520 #
Proposal for a regulation
Article 19 – paragraph 3 a (new)
Article 19 – paragraph 3 a (new)
3a. Where pseudonymised data is processed pursuant to point (g) of Art. 6 (1) the data subject shall have the right to object free of charge. This right shall be offered to the data subject in an intelligible manner and shall be clearly distinguishable from other information.
Amendment 547 #
Proposal for a regulation
Article 20 – paragraph 2 – point c a (new)
Article 20 – paragraph 2 – point c a (new)
(ca) is limited to pseudonymised data. Such pseudonymised data must not be collated with data on the bearer of the pseudonym. Art. 19 (3) [new] shall apply correspondingly.
Amendment 624 #
Proposal for a regulation
Article 26 – paragraph 2 – point d
Article 26 – paragraph 2 – point d
Amendment 636 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
Amendment 639 #
Proposal for a regulation
Article 26 – paragraph 5
Article 26 – paragraph 5
Amendment 641 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility.
Amendment 647 #
Proposal for a regulation
Article 28 – paragraph 2 – point c
Article 28 – paragraph 2 – point c
Amendment 649 #
Proposal for a regulation
Article 28 – paragraph 2 – point d
Article 28 – paragraph 2 – point d
Amendment 650 #
Proposal for a regulation
Article 28 – paragraph 2 – point e
Article 28 – paragraph 2 – point e
Amendment 651 #
Proposal for a regulation
Article 28 – paragraph 2 – point f
Article 28 – paragraph 2 – point f
Amendment 652 #
Proposal for a regulation
Article 28 – paragraph 2 – point g
Article 28 – paragraph 2 – point g
Amendment 653 #
Proposal for a regulation
Article 28 – paragraph 2 – point h
Article 28 – paragraph 2 – point h
Amendment 660 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
Amendment 663 #
Proposal for a regulation
Article 28 – paragraph 6
Article 28 – paragraph 6
6. The Commission, after consulting the European Data Protection Board, may lay down standard forms for the documentation referred to in paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).
Amendment 695 #
Proposal for a regulation
Article 33 – paragraph 1
Article 33 – paragraph 1
1. Where processing operations present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes, the controller or the processor acting on the controller's behalf shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
Amendment 707 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
Amendment 862 #
Proposal for a regulation
Article 77 – paragraph 1
Article 77 – paragraph 1
1. Any person who has suffered damage as a result of an unlawful processing operation or of an action incompatible with this Regulation shall have the right to receive compensation from the controller or the processor for the damage suffered.
Amendment 865 #
Proposal for a regulation
Article 77 – paragraph 2
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage.
Amendment 866 #
Proposal for a regulation
Article 77 – paragraph 3
Article 77 – paragraph 3
3. The controller or the processor may be exempted from this liability, in whole or in part, if the controller or the processor proves that they areit is not responsible for the event giving rise to the damage.