BETA

110 Amendments of Daniel DALTON related to 2017/0003(COD)

Amendment 46 #
Proposal for a regulation
Recital 2
(2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.
2017/07/03
Committee: IMCO
Amendment 50 #
Proposal for a regulation
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21 , also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).deleted
2017/07/03
Committee: IMCO
Amendment 57 #
Proposal for a regulation
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data and do not go beyond or contradict the high level of protection set down in Regulation (EU) 2016/679. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with this Regulation.
2017/07/03
Committee: IMCO
Amendment 74 #
Proposal for a regulation
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to- machine communications. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to-machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU.deleted
2017/07/03
Committee: IMCO
Amendment 79 #
Proposal for a regulation
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspots' situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In contrast, tis Regulation should apply to electronic communications data using publically available electronic communications services and public communications networks. In this context, publicly available means only services intended for consumers. It should not include services intended for business users, nor should the means of the delivery of the service in question, whether obtained over the public internet or not have any bearing on the interpretation of whether the service is publicly available or not. This Regulation should not apply to closed groups of end- users such as corporate networks, access to which is limited to members of the corporation.
2017/07/03
Committee: IMCO
Amendment 82 #
Proposal for a regulation
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
2017/07/03
Committee: IMCO
Amendment 91 #
Proposal for a regulation
Recital 16
(16) The prohibition of storage of communications during transmission is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. The processing of pseudonymised data, should be incentivized as the act of psedonymisation dramatically reduces any privacy and security risk associated with processing of data related to transmission. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessaryappropriate quality of service requirements, such as latency, jitter etc.
2017/07/03
Committee: IMCO
Amendment 97 #
Proposal for a regulation
Recital 17
(17) The processing of electronic communications metadata can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consentin accordance with Article 6(1) and 6(4) of Regulation (EU) No 2016/679. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to comply with Regulation (EU) No 2016/679 when processing electronic communications metadata, which should include data on the location of the device. As an exception from obtaining end- users' consent, tohe processing of electronic communications metadata, which should include data on the location of the device for purposes other than those for which the personal data were initially collected should be allowed in cases where further processing is compatible in accordance with Article 6(4) of Regulation (EU) 2016/679. generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Therefore, whenever the purpose(s) of further processing cannot be achieved by processing data that is made anonymous, pseudonymisation of data should be allowed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
2017/07/03
Committee: IMCO
Amendment 117 #
Proposal for a regulation
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. This may also cover situations where end-users use a service across devices for the purpose of service personalisation and content recommendation. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
2017/07/03
Committee: IMCO
Amendment 118 #
Proposal for a regulation
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or storedtechnical settings.
2017/07/03
Committee: IMCO
Amendment 126 #
Proposal for a regulation
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’)Therefore providers of software enabling publically available electronic communications services and permitting the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers end-users a set of privacy setting options in order that end-users may actively select a preferred option after being given the necessary information to make the choice. Such privacy settings should be presented in a an easily visible and intelligible manner.
2017/07/03
Committee: IMCO
Amendment 137 #
Proposal for a regulation
Recital 24
(24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-users from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals' browsing histories and the use of such records to send targeted advertising. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.deleted
2017/07/03
Committee: IMCO
Amendment 139 #
Proposal for a regulation
Recital 2
(2) The content of electronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.
2017/07/14
Committee: LIBE
Amendment 141 #
Proposal for a regulation
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21, also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).deleted
2017/07/14
Committee: LIBE
Amendment 151 #
Proposal for a regulation
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data and do not go beyond or contradict the high level of protection set down in Regulation (EU) 2016/679. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with this Regulation.
2017/07/14
Committee: LIBE
Amendment 154 #
Proposal for a regulation
Recital 6
(6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in insufficient clarity and inconsistent or insufficient effectivenforcement of the protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concernsor new techniques that allow for tracking of online behaviour of end-users, both of which are not covered by Directive 2002/58/EC. Directive 2002/58/EC should therefore be repealed and replaced by this RegulationRegulation (EU) 2016/679. _________________ 22 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p.37).
2017/07/14
Committee: LIBE
Amendment 156 #
Proposal for a regulation
Recital 30
(30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person acting out of their business capacity requires that end-users that are natural persons are asked for consprovided, upon request, with transparent beinfore their personalmation about the data arebeing included in athe directory and the means to verify, correct, update, supplement and delete data relating to them free of charge. The legitimate interest of legal entities requires that end-users that are legal entities have the right to object to the data related to them being included in a directory.
2017/07/03
Committee: IMCO
Amendment 159 #
Proposal for a regulation
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in suchdo not object to the inclusion of their data by providers of number-based interpersonal communication services and electronic communication providers in public directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories should inform the end-users of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user's contact details can be searched should not necessarily be the same.
2017/07/03
Committee: IMCO
Amendment 167 #
Proposal for a regulation
Recital 9
(9) This Regulation should apply to electronic communications data processed in connection with the provisionoffering and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union. The mere accessibility of the electronic communication service in the Union is not sufficient to ascertain such intention.
2017/07/14
Committee: LIBE
Amendment 176 #
Proposal for a regulation
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to- machine communications. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to-machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU.deleted
2017/07/14
Committee: LIBE
Amendment 181 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data.
2017/07/12
Committee: IMCO
Amendment 184 #
Proposal for a regulation
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as ‘hotspots’ situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. In contrast, tis Regulation should apply to electronic communications data using publicly available electronic communications services and public communications networks. In this context, publicly available means only services intended for consumers. It should not include services intended for business users, nor should the means of the delivery of the service in question, whether obtained over the public internet or not have any bearing on the interpretation of whether the service is publicly available or not. This Regulation should not apply to closed groups of end- users such as corporate networks, access to which is limited to members of the corporation.
2017/07/14
Committee: LIBE
Amendment 186 #
Proposal for a regulation
Article 1 – paragraph 2
2. This Regulation ensures, in accordance with Regulation (EU) No 2016/679, free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
2017/07/12
Committee: IMCO
Amendment 189 #
Proposal for a regulation
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet-switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content.
2017/07/14
Committee: LIBE
Amendment 190 #
Proposal for a regulation
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2.deleted
2017/07/12
Committee: IMCO
Amendment 194 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.
2017/07/12
Committee: IMCO
Amendment 195 #
Proposal for a regulation
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, including browsing habits without the end-users’ consent.
2017/07/14
Committee: LIBE
Amendment 199 #
Proposal for a regulation
Recital 16
(16) The prohibition of storage of communications during transmission is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. The processing of pseudonymised data, should be incentivised as the act of psedonymisation dramatically reduces any privacy and security risk associated with processing of data related to transmission. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessaryappropriate quality of service requirements, such as latency, jitter etc.
2017/07/14
Committee: LIBE
Amendment 203 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
(c) electronic communications services which are not publicly availableintended for closed groups or are not publicly available pursuant to Article 2 (2) (c) of Regulation (EU) No 2016/679;
2017/07/12
Committee: IMCO
Amendment 205 #
Proposal for a regulation
Recital 17
(17) The processing of electronic communications metadata can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consentin accordance with Article 6(1) and 6(4) of Regulation (EU) No 2016/679. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to comply with Regulation (EU) No 2016/679 when processing electronic communications metadata, which should include data on the location of the device. As an exception from obtaining end- users’ consent, tohe processing of electronic communications metadata, which should include data on the location of the device for purposes other than those for which the personal data were initially collected should be allowed in cases where further processing is compatible in accordance with Article 6 (4) and Article 6 (1) of Regulation (EU) 2016/679 generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Therefore, whenever the purpose(s) of further processing cannot be achieved by processing data that is made anonymous, pseudonymisation of data should be allowed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 217 #
Proposal for a regulation
Recital 18
(18) End-users may consent to the processing of their metadata to receive specific services such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against counter-performance other than money, for instance by end-users being exposed to advertisements. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject’s consent or another basis for processing under Regulation (EU) 2016/679. Basic broadband internet access and voice communications services are to be considered as essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse or withdraw consent without detriment.
2017/07/14
Committee: LIBE
Amendment 221 #
Proposal for a regulation
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse provided in Regulation (EU) 2016/679. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concernedlectronic communication service provider’s end- user. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service, for example text to voice service, organization of the mailbox or spam filter services. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end- users or by a third party entrusted by them to record or store such data. Any processing of such data must comply with Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 225 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchangtransmitted by means of publically available electronic communications services, such as text, voice, videos, images, and sound;
2017/07/12
Committee: IMCO
Amendment 229 #
Proposal for a regulation
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similaand other unwanted tracking tools can enter end- user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposes.
2017/07/14
Committee: LIBE
Amendment 236 #
Proposal for a regulation
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. This may also cover situations where end-users use a service across devices for the purpose of service personalisation and content recommendation. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user’s settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
2017/07/14
Committee: LIBE
Amendment 240 #
Proposal for a regulation
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or storedtechnical settings.
2017/07/14
Committee: LIBE
Amendment 247 #
Proposal for a regulation
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data during transmission, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
2017/07/12
Committee: IMCO
Amendment 254 #
Proposal for a regulation
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’)Therefore providers of software enabling publically available electronic communications services and permitting the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers end-users a set of privacy setting options in order that end-users may actively select a preferred option after being given the necessary information to make the choice. Such privacy settings should be presented in an easily visible and intelligible manner.
2017/07/14
Committee: LIBE
Amendment 257 #
Proposal for a regulation
Recital 24
(24) For web browsers to be able to obtain end-users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-users from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising. Web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.deleted
2017/07/14
Committee: LIBE
Amendment 275 #
Proposal for a regulation
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3)27 of regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 281 #
Proposal for a regulation
Article 6 – paragraph 2 – point b a (new)
(b a) processing is allowed pursuant to Articles 6(1) of Regulation (EU) 2016/679.
2017/07/12
Committee: IMCO
Amendment 283 #
Proposal for a regulation
Recital 30
(30) Publicly available directories of end-users of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-users information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person acting out of their business capacity requires that end-users that are natural persons are asked for consprovided, upon request, with transparent beinfore their personalmation about the data arebeing included in athe directory and the means to verify, correct, update, supplement and delete data relating to them free of charge. The legitimate interest of legal entities requires that end-users that are legal entities have the right to object to the data related to them being included in a directory.
2017/07/14
Committee: LIBE
Amendment 288 #
Proposal for a regulation
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in suchdo not object to the inclusion of their data from providers of number-based interpersonal communication services and electronic communication providers in public directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories should inform the end-users of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user’s contact details can be searched should not necessarily be the same.
2017/07/14
Committee: LIBE
Amendment 299 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given theirthe service provider's end-user has consented to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authoritypursuant to Regulation (EU) 2016/679.
2017/07/12
Committee: IMCO
Amendment 305 #
Proposal for a regulation
Recital 34
(34) When end-users have provided their consent to receiving unsolicited communications for direct marketing purposes, they should still be able to withdraw their consent at any time in an easy manner. To facilitate effective enforcement of Union rules on unsolicited messages for direct marketing, it is necessary to prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending unsolicited commercial communications for direct marketing purposes. Unsolicited marketing communications should therefore be clearly recognizable as such and should indicate the identity of the legal or the natural person transmitting the communication or on behalf of whom the communication is transmitted and provide the necessary information for recipients to exercise their right to oppose to receiving further written and/or oral marketing messages.
2017/07/14
Committee: LIBE
Amendment 307 #
Proposal for a regulation
Recital 35
(35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-users to withdraw their consent. Legal or natural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called or present a specific code identifying the fact that the call is a marketing call.
2017/07/14
Committee: LIBE
Amendment 314 #
Proposal for a regulation
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light ofall comply with the security obligations prescribed in Article 32 of Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 322 #
Proposal for a regulation
Recital 41
(41) In order to fulfil the objectives of this Regulation, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance with Article 290 of the Treaty should be delegated to the Commission to supplement this Regulation. In particular, delegated acts should be adopted in respect of the information to be presented, including by means of standardised icons in order to give an easily visible and intelligible overview of the collection of information emitted by terminal equipment, its purpose, the person responsible for it and of any measure the end-user of the terminal equipment can take to minimise the collection. Delegated acts are also necessary to specify a code to identify direct marketing calls including those made through automated calling and communication systems. It is of particular importance that the Commission carries out appropriate consultations and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 201625 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. Furthermore, in order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. _________________ 25 Interinstitutional Agreement between the European Parliament, the Council of the European Union and the European Commission on Better Law-Making of 13 April 2016 (OJ L 123, 12.5.2016, p. 1–14).
2017/07/14
Committee: LIBE
Amendment 325 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data.
2017/07/14
Committee: LIBE
Amendment 327 #
Proposal for a regulation
Article 1 – paragraph 2
2. This Regulation ensures, in accordance with Regulation (EU) No 2016/679, free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
2017/07/14
Committee: LIBE
Amendment 330 #
Proposal for a regulation
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2.deleted
2017/07/14
Committee: LIBE
Amendment 331 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user; particularly to preserve or restore the security of electronic communication services, or to detect technical faults for the duration necessary for that purpose; or
2017/07/12
Committee: IMCO
Amendment 334 #
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.
2017/07/14
Committee: LIBE
Amendment 340 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by, or on behalf of, the provider of the information society service requested by the end-user, including measurement of indicators for the use of information society services in order to calculate a payment due.
2017/07/12
Committee: IMCO
Amendment 341 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
(c) electronic communications services which are not publicly availableintended for closed groups or are not publicly available pursuant to Article 2 (2) (c) of Regulation (EU) No 2016/679;
2017/07/14
Committee: LIBE
Amendment 347 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
(a) the provisionoffering of electronic communications services to end-users in the Union, irrespective of whether a payment of the end-user is required;
2017/07/14
Committee: LIBE
Amendment 348 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
(d a) it occurs for the purpose of recording, for the undertaking as a whole, anonymous indicators concerning the use of information society services; or
2017/07/12
Committee: IMCO
Amendment 353 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise.
2017/07/12
Committee: IMCO
Amendment 353 #
Proposal for a regulation
Article 3 – paragraph 1 – point c
(c) the protection of information related to the terminal equipment of end- users locatedplaced on the market in the Union.
2017/07/14
Committee: LIBE
Amendment 357 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
(d c) it is necessary to protect against unauthorised use of a service; or
2017/07/12
Committee: IMCO
Amendment 357 #
Proposal for a regulation
Article 3 – paragraph 2
2. Where the provider of an electronic communications service is not established in the Union it shall designate in writing athe party identified pursuant to Article 27 of Regulation (EU) No 2016/679 shall act as its representative in the Union.
2017/07/14
Committee: LIBE
Amendment 358 #
Proposal for a regulation
Article 8 – paragraph 1 – point d d (new)
(d d) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code].
2017/07/12
Committee: IMCO
Amendment 359 #
Proposal for a regulation
Article 3 – paragraph 3
3. The representative shall be established in one of the Member States where the end-users of such electronic communications services are locadeleted.
2017/07/14
Committee: LIBE
Amendment 366 #
Proposal for a regulation
Article 4 – paragraph 2
2. For the purposes of point (b) of paragraph 1, the definition of ‘interpersonal communications service’ shall include services which enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service.deleted
2017/07/14
Committee: LIBE
Amendment 374 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4 (5) of Regulation (EU) No 2016/679..
2017/07/12
Committee: IMCO
Amendment 379 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
(b) 'electronic communications content' means the content exchangtransmitted by means of publically available electronic communications services, such as text, voice, videos, images, and sound;
2017/07/14
Committee: LIBE
Amendment 386 #
Proposal for a regulation
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2), and 7(3) of Regulation (EU) 2016/679/EU shall apply.
2017/07/12
Committee: IMCO
Amendment 390 #
Proposal for a regulation
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.deleted
2017/07/12
Committee: IMCO
Amendment 404 #
Proposal for a regulation
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data during transmission, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
2017/07/14
Committee: LIBE
Amendment 408 #
Proposal for a regulation
Article 10
1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment. 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. 3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.Article 10 deleted Information and options for privacy settings to be provided
2017/07/12
Committee: IMCO
Amendment 432 #
Proposal for a regulation
Article 10 a (new)
Article 10 a Article 25 of Regulation (EU) No 2016/679 shall apply.
2017/07/12
Committee: IMCO
Amendment 434 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security or availability of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
2017/07/14
Committee: LIBE
Amendment 446 #
Proposal for a regulation
Article 15 – paragraph 1
1. The providers of publicly available directories shall obtain the consentelectronic information, communication and telecommunication services shall collect the data of end- users who are natural persons in order to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevapublicly accessible directories. Upon the request of an end-user who is natural person the directory providers shall provide the end-user with transparent infor the purpose of the directory as determined by the provider of the directory. Providers shall give end-users who are natural personsmation about the data being included in the directory and the means to verify, correct, update, supplement and delete such data.
2017/07/12
Committee: IMCO
Amendment 452 #
Proposal for a regulation
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons and acting out of their business capacity whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling such. Providers of number-based interpersonal communications services and electronic communications service providers shall inform end-users when new search functions arelated to their own data made available.
2017/07/12
Committee: IMCO
Amendment 456 #
Proposal for a regulation
Article 15 – paragraph 3
3. The providers of publicly available directories shall provide end-users that are legal personselectronic information, communication and telecommunication services shall provide end-users that are legal persons or natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct, update, supplement and delete such data.
2017/07/12
Committee: IMCO
Amendment 457 #
Proposal for a regulation
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct, update, supplement and delete any data related to them shall be provided free of charge.
2017/07/12
Committee: IMCO
Amendment 461 #
Proposal for a regulation
Article 15 – paragraph 4 a (new)
4 a. The provisions of paragraphs 1 to 4 shall not apply to data and information published in other publicly accessible sources and data provided by end-users themselves.
2017/07/12
Committee: IMCO
Amendment 475 #
Proposal for a regulation
Article 6 – paragraph 2 – point c a (new)
(c a) processing is allowed pursuant to Articles 6(1) or 6(4) of Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 487 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user orservice provider's end-users concerned haves given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or
2017/07/14
Committee: LIBE
Amendment 491 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given theirthe service provider's end-user has consented to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authoritypursuant to Regulation (EU) 2016/679.
2017/07/14
Committee: LIBE
Amendment 498 #
Proposal for a regulation
Article 7
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end- users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679. 2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication. 3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadata may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.Article 7 deleted Storage and erasure of electronic communications data
2017/07/14
Committee: LIBE
Amendment 536 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user; particularly to preserve or restore the security of the information society service and of the users, or to detect technical faults; or
2017/07/14
Committee: LIBE
Amendment 543 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by, or on behalf of, the provider of the information society service requested by the end-user., including measurement of indicators for the use of information society services in order to calculate a payment due; or
2017/07/14
Committee: LIBE
Amendment 559 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
(d a) it occurs for the purpose of recording, for the undertaking as a whole, anonymous indicators concerning the use of information society services;or
2017/07/14
Committee: LIBE
Amendment 566 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise.;or
2017/07/14
Committee: LIBE
Amendment 571 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
(d c) it is necessary to protect against unauthorised use of a service;or
2017/07/14
Committee: LIBE
Amendment 573 #
Proposal for a regulation
Article 8 – paragraph 1 – point d d (new)
(d d) it is necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code].;or
2017/07/14
Committee: LIBE
Amendment 574 #
Proposal for a regulation
Article 8 – paragraph 1 – point d e (new)
(d e) it is necessary for compliance with a legal obligation.
2017/07/14
Committee: LIBE
Amendment 576 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
1 a. Wherever a clearly formulated declaration of consent is presented before use of a service or access to online content, and if absence of consent for processing prevents a provider from collecting remuneration through their usual means, the provider shall not be obliged to provide the full access to the service or content.
2017/07/14
Committee: LIBE
Amendment 587 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)
(a a) the end-user has given their consent;or
2017/07/14
Committee: LIBE
Amendment 596 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4 (5) of Regulation (EU) No 2016/679.
2017/07/14
Committee: LIBE
Amendment 607 #
Proposal for a regulation
Article 8 – paragraph 4
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 27 determining the information to be presented by the standardized icon and the procedures for providing standardized icons.
2017/07/14
Committee: LIBE
Amendment 613 #
Proposal for a regulation
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2), and (3) of Regulation (EU) 2016/679/EU shall apply.
2017/07/14
Committee: LIBE
Amendment 617 #
Proposal for a regulation
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.deleted
2017/07/14
Committee: LIBE
Amendment 629 #
Proposal for a regulation
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
2017/07/14
Committee: LIBE
Amendment 637 #
Proposal for a regulation
Article 10
1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment. 2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting. 3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.Article 10 deleted Information and options for privacy settings to be provided
2017/07/14
Committee: LIBE
Amendment 667 #
Proposal for a regulation
Article 10 a (new)
Article 10 a Article 25 of Regulation (EU) No 2016/679 shall apply.
2017/07/14
Committee: LIBE
Amendment 673 #
Proposal for a regulation
Article 11 – paragraph 1
1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.
2017/07/14
Committee: LIBE
Amendment 704 #
Proposal for a regulation
Article 15 – paragraph 1
1. The providers of publicly available directories shall obtain the consentelectronic information, communication and telecommunication services shall collect the data of end- users who are natural persons in order to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevapublicly accessible directories. Upon the request of an end-user who is natural person the directory providers shall provide the end-user with transparent infor the purpose of the directory as determined by the provider of the directory. Providers shall give end-users who are natural personsmation about the data being included in the directory and the means to verify, correct, update, supplement and delete such data.
2017/07/14
Committee: LIBE
Amendment 706 #
Proposal for a regulation
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons and acting out of their business capacity whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling such. Providers of number-based interpersonal communications services and electronic communications service providers shall inform end-users when new search functions arelated to their own data made available.
2017/07/14
Committee: LIBE
Amendment 718 #
Proposal for a regulation
Article 15 – paragraph 3
3. The providers of publicly available directories shall provide end-users that are legal personselectronic information, communication and telecommunication services shall provide end-users that are legal persons or natural persons acting in their business capacity with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct, update, supplement and delete such data.
2017/07/14
Committee: LIBE
Amendment 725 #
Proposal for a regulation
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct, update, supplement and delete any data related to them shall be provided free of charge.
2017/07/14
Committee: LIBE
Amendment 729 #
Proposal for a regulation
Article 15 – paragraph 4 a (new)
4 a. The provisions of paragraphs 1 to 4 shall not apply to data and information published in other publicly accessible sources and data provided by end-users themselves.
2017/07/14
Committee: LIBE
Amendment 740 #
Proposal for a regulation
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail or phone number from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
2017/07/14
Committee: LIBE
Amendment 744 #
Proposal for a regulation
Article 16 – paragraph 3 – introductory part
3. Without prejudice to paragraphs 1 and 2, natural or legal persons using electronic communications services for the purposes of placing direct marketing calls shall: present the identity of a line on which the can be contacted.
2017/07/14
Committee: LIBE
Amendment 745 #
Proposal for a regulation
Article 16 – paragraph 3 – point a
(a) present the identity of a line on which they can be contacted; ordeleted
2017/07/14
Committee: LIBE
Amendment 750 #
Proposal for a regulation
Article 16 – paragraph 3 – point b
(b) present a specific code/or prefix identifying the fact that the call is a marketing call.deleted
2017/07/14
Committee: LIBE
Amendment 763 #
Proposal for a regulation
Article 16 – paragraph 7
7. The Commission shall be empowered to adopt implementing measures in accordance with Article 26(2) specifying the code/or prefix to identify marketing calls, pursuant to point (b) of paragraph 3.deleted
2017/07/14
Committee: LIBE
Amendment 768 #
Proposal for a regulation
Article 17 – title
Information about detected security risks and personal data breaches
2017/07/14
Committee: LIBE
Amendment 774 #
Proposal for a regulation
Article 17 – paragraph 1
In the case of a particular risk that may compromise the security of networks and electronic communications services, the provider of an electronic communications service shall inform end-users concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies, including an indication of the likely costs involved or of a personal data breach, Article 40 of [Electronic Communications Code] and Article 34 of Regulation (EU) 2016/679 shall apply.
2017/07/14
Committee: LIBE