BETA

Activities of Silvia-Adriana ȚICĂU related to 2012/0011(COD)

Plenary speeches (2)

Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
2016/11/22
Dossiers: 2012/0011(COD)
Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
2016/11/22
Dossiers: 2012/0011(COD)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
2016/11/22
Committee: ITRE
Dossiers: 2012/0011(COD)
Documents: PDF(913 KB) DOC(1 MB)

Amendments (62)

Amendment 166 #
Proposal for a regulation
Citation 1 a (new)
Having regard to the Charter of Fundamental rights of the European Union, and in particular Article 7 and 8 thereof,
2012/12/20
Committee: ITRE
Amendment 167 #
Proposal for a regulation
Citation 1 b (new)
Having regard to the European Convention of Human Rights and in particular Article 8 thereof,
2012/12/20
Committee: ITRE
Amendment 174 #
Proposal for a regulation
Recital 7
(7) The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the way data protection is implemented across the Union, legal uncertainty and a widespread public perception that there are significant risks for the protection of individuals associated notably with online activity. Differences in the level of protection of the rights and freedoms of individuals, notably to the right to the protection of personal data, with regard to the processing of personal data afforded in the Member States may prevent the free flow of personal data throughout the Union and may create legal uncertainty regarding the respect of the fundamental rights to privacy and data protection. These differences may therefore constitute an obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. This difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC.
2012/12/20
Committee: ITRE
Amendment 194 #
Proposal for a regulation
Recital 24
(24) When using online services, individuals may be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet Protocol addresses or cookie identifiers. This may leave traces which, combined with unique identifiers and other information received by the servers, may be used to create profiles of the individuals and identify them. It follows that identification numbers, location data, online identifiers or other specific factors as such needmay not necessarily be considered as personal data in all circumstancesonly if the information processed can not be used to single out the individual.
2012/12/20
Committee: ITRE
Amendment 197 #
Proposal for a regulation
Recital 25
(25) Consent should be given explicitly by any appropriate method enabling a freely given specific and informed indication of the data subject's wishes, either by a statement or by a clear affirmative action by the data subject, ensuring that individuals are aware that they give their consent to the processing of personal data, including by ticking a box when visiting an Internet website or by any other statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of their personal data. Silence or inactivityInformed consent should be facilitated insofar as possible by user-friendly information about the types of processing to be carried out. Silence, mere use of a service, or inactivity such as not unticking pre-ticked boxes, should therefore not constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. If the data subject's consent is to be given following an electronic request, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
2012/12/20
Committee: ITRE
Amendment 209 #
Proposal for a regulation
Recital 32
(32) Where processing is based on the data subject's consent, the controller should have the burden of proving that the data subject has given the consent to the processing operation. In particular in the context of a written declaration on another matter, safeguards should ensure that the data subject is aware that and to what extent consent is given. To comply with the principle of data minimisation, this burden of proof should not be understood neither as requiring positive identification of data subjects unless necessary nor as causing more data to be processed than otherwise have been the case.
2012/12/20
Committee: ITRE
Amendment 212 #
Proposal for a regulation
Recital 33
(33) In order to ensure free consent, it should be clarified that consent does not provide a valid legal ground where the individual has no genuine and free choice and is subsequently not able to refuse or withdraw consent without detriment. Consent should also not provide a legal basis for data processing when the data subject has no access to different equivalent services. Default settings such as pre-ticked boxes, silence, or the simple use of a service do not imply consent. Consent can only be obtained for processing that is lawful and thus not excessive in relation to the purpose. Disproportional data processing cannot be legitimised though obtaining consent.
2012/12/20
Committee: ITRE
Amendment 216 #
Proposal for a regulation
Recital 34
(34) Consent should not provide a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees’ personal data in the employment context, or where a controller has a substantial market power with respect to certain products or services and where these products or services are offered on condition of consent to the processing of personal data, or where a unilateral and nonessential change in terms of service gives a data subject no option other than accept the change or abandon an online resource in which they have invested significant time. Where the controller is a public authority, there would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.
2012/12/20
Committee: ITRE
Amendment 219 #
Proposal for a regulation
Recital 36 a (new)
(36a) These tasks carried out in the public interest or in the exercise of official authority include the processing of personal data necessary for the management and functioning of those authorities.
2012/12/20
Committee: ITRE
Amendment 221 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2012/12/20
Committee: ITRE
Amendment 224 #
Proposal for a regulation
Recital 40
(40) The processing of personal data for other purposes should be only allowed where the processing is compatible with those purposes for which the data have been initially collected, in particular where the processing is necessary for historical, statistical or scientific research purposes. Where the other purpose is not compatible with the initial one for which the data are collected, the controller should obtain the consent of the data subject for this other purpose or should base the processing on another legitimate ground for lawful processing, in particular where provided by Union law or the law of the Member State to which the controller is subject. In any case, the application of the principles set out by this Regulation and in particular the information of the data subject on those other purposes should be ensured.
2012/12/20
Committee: ITRE
Amendment 228 #
Proposal for a regulation
Recital 41
(41) Personal data which are, by their nature, particularly sensitive and vulnerable in relation to fundamental rights or privacy, deserve specific protection. Such data should not be processed, unless the data subject gives his explicit and informed consent. However, derogations from this prohibition should be explicitly provided for in respect of specific needs, in particular where the processing is carried out in the course of legitimate activities by certain associations or foundations the purpose of which is to permit the exercise of fundamental freedoms.
2012/12/20
Committee: ITRE
Amendment 231 #
Proposal for a regulation
Recital 45
(45) If the data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. In case of a request for access, the controller should be entitled to ask the data subject for further information to enable the data controller to locate the personal data which that person seeks. The data controller shall not invoke a possible lack of information to refuse a request of access, when this information can be provided by the data subject to enable such access.
2012/12/20
Committee: ITRE
Amendment 242 #
Proposal for a regulation
Recital 55
(55) To further strengthen the control over their own data and their right of access, data subjects should have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain a copy of the data concerning them also in commonly used electronic format, to obtain, free of charge, a copy of the data concerning them also in an electronic, interoperable and structured format which is commonly used. The data subject should also be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. This should apply where the data subject providedProviders of information society services should not make the transfer of those data to the automated processing system, based on their consent or in the performance of a contramandatory for the provision of their services. Social networks should be encouraged as much as possible to store data in a way which permits efficient data portability for data subjects.
2012/12/20
Committee: ITRE
Amendment 255 #
Proposal for a regulation
Recital 63
(63) Where a controller not established in the Union is processing personal data of data subjects residing in the Union whose processing activities are related to the offering of goods or services to such data subjects, or to the monitoring their behaviour, the controller should designate a representative, unless the controller is established in a third country ensuring an adequate level of protection, or the controller is a small or medium sized enterprisen enterprise processing data on a small number of data subjects or a public authority or body or where the controller is only occasionally offering goods or services to such data subjects. The representative should act on behalf of the controller and may be addressed by any supervisory authority.
2012/12/20
Committee: ITRE
Amendment 261 #
Proposal for a regulation
Recital 67
(67) A personal data breach may, if not addressed in an adequate and timely manner, result in substantial economic loss and social harm, including identity fraud, to the individual concerned. Therefore, as soon as the controller becomes aware that such a breach has occurred, the controller should notify the breach to the supervisory authority without undue delay and, where feasible, within 724 hours. Where this cannot achieved within 724 hours, an explanation of the reasons for the delay should accompany the notification. The individuals whose personal data could be adversely affected by the breach should be notified without undue delay in order to allow them to take the necessary precautions. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation. The notification should describe the nature of the personal data breach as well as recommendations as well as recommendations for the individual concerned to mitigate potential adverse effects. Notifications to data subjects should be made as soon as reasonably feasible, and in close cooperation with the supervisory authority and respecting guidance provided by it or other relevant authorities (e.g. law enforcement authorities). For example, the chance for data subjects to mitigate an immediate risk of harm would call for a prompt notification of data subjects whereas the need to implement appropriate measures against continuing or similar data breaches may justify a longer delay.
2012/12/20
Committee: ITRE
Amendment 269 #
Proposal for a regulation
Recital 79
(79) ThisFor a transitional period of [5 years] after the entry into force of this Regulation, the Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. During the transitional period all international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects shall be revised in order to align them to this Regulation. .
2012/12/20
Committee: ITRE
Amendment 313 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
(b) by the Union institutions, bodies, offices and agencies;deleted
2012/12/20
Committee: ITRE
Amendment 314 #
Proposal for a regulation
Article 2 – paragraph 2 – point d
(d) by a natural person without any gainful interest in the course of its own exclusively personal or household activity;and thus without any connection with a professional or commercial activity, in the course of its own exclusively personal or household activity, bearing in mind that publishing data to an indefinite number of individuals, for example through the internet, could not be described as a purely personal or household activity.
2012/12/20
Committee: ITRE
Amendment 364 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) the data subject has given explicit and informed consent to the processing of their personal data for one or more specific purposes;
2012/12/21
Committee: ITRE
Amendment 382 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
1a. Processing of personal data for direct marketing for commercial purposes shall be lawful only if the data subject has given prior consent to the processing of their personal data for such marketing.
2012/12/21
Committee: ITRE
Amendment 387 #
Proposal for a regulation
Article 6 – paragraph 4
4. Where the purpose of further processing is not compatible with the one for which the personal data have been coldelected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.
2012/12/21
Committee: ITRE
Amendment 388 #
Proposal for a regulation
Article 6 – paragraph 4
4. Where the purpose of further processing is not compatible with the one for which the personal data have been coldelected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.
2012/12/21
Committee: ITRE
Amendment 389 #
Proposal for a regulation
Article 6 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the conditions referred to in point (f) of paragraph 1 for various sectors and data processing situations, including as regards the processing of personal data related to a child.
2012/12/21
Committee: ITRE
Amendment 391 #
Proposal for a regulation
Article 6 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the EDPB should set up a list of criteria to be met for the legitimate interest to be a valid legal ground for processing acconrditions referred to inng to point (f) of paragraph 1 for various sectors and data processing situations, including as regard, including examples of cases twhe processing of personal data related to a chilre this ground can be used.
2012/12/21
Committee: ITRE
Amendment 394 #
Proposal for a regulation
Article 7 – paragraph 1 a (new)
1a. The freely given specific, informed and explicit consent of the data subject for the processing of his/her personal data cannot be differentiated or categorised according to the type of the personal data in question.
2012/12/21
Committee: ITRE
Amendment 406 #
Proposal for a regulation
Article 8 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the methods to obtain verifiable consent referred to in paragraph 1. In doing so, the Commission shall consider specific measures for micro, small and medium-sized enterprises.
2012/12/21
Committee: ITRE
Amendment 411 #
Proposal for a regulation
Article 9 – paragraph 1
1. The processing of personal data, revealing race or ethnic origin, political opinions, religion or beliefs, trade-union membership, and the processing of genetic data or data concerning health or sex life or criminal convictions, including offences and matters which have not lead to conviction, or related security measures shall be prohibited.
2012/12/21
Committee: ITRE
Amendment 420 #
Proposal for a regulation
Article 9 – paragraph 2 – point j
(j) processing of data relating to criminal convictions or related security measures is carried out either under the control of official authority or when the processing is necessary for compliance with a legal or regulatory obligation to which a controller is subject, or for the performance of a task carried out for important public interest reasons, and in so far as authorised by Union law or Member State law providing for adequate safeguards. A complete register of criminal convictions shall be kept only under the control of official authority.
2012/12/21
Committee: ITRE
Amendment 426 #
Proposal for a regulation
Article 9 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying theEuropean Data Protection Board shall be entrusted with the task of issuing the recommendations regarding criteria, conditions and appropriate safeguards for the processing of thetection of special categories of personal data referred to in paragraph 1 and the exemptions laid down inin accordance with paragraph 2.
2012/12/21
Committee: ITRE
Amendment 451 #
Proposal for a regulation
Article 14 – paragraph 1 – point d a (new)
(da) the existence of certain processing operation which have a particular impact on individuals as well as the consequences of such processing on individuals;
2012/12/21
Committee: ITRE
Amendment 452 #
Proposal for a regulation
Article 14 – paragraph 1 – point e
(e) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority and the procedures to lodge such complaints;
2012/12/21
Committee: ITRE
Amendment 458 #
Proposal for a regulation
Article 14 – paragraph 3
3. Where the personal data are not collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, from which source the personal data originate. This would include data sourced from a third party illegally and passed on to the controller.
2012/12/21
Committee: ITRE
Amendment 461 #
Proposal for a regulation
Article 14 – paragraph 5 – point b
(b) the data are not coldelected from the data subject and the provision of such information proves impossible or would involve a disproportionate effort; or
2012/12/21
Committee: ITRE
Amendment 470 #
Proposal for a regulation
Article 15 – paragraph 1 – point f
(f) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority and the procedures to lodge such complaints;
2012/12/21
Committee: ITRE
Amendment 475 #
Proposal for a regulation
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject. The controller shall verify the identity for data subject requesting access to data within the limits of Art. 5-10 of the present Regulation.
2012/12/21
Committee: ITRE
Amendment 505 #
Proposal for a regulation
Article 18 – paragraph 1
1. TWithout prejudice to the obligation in Article 5(e) to delete data when they are no longer necessary, the data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain, by request, from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject.
2012/12/21
Committee: ITRE
Amendment 508 #
Proposal for a regulation
Article 18 – paragraph 2
2. Where the data subject has provided the personal data and the processing is based on consent or on a contract, the data subject shall have the right to transmit those personal data and any other information provided by the data subject or related to the data subject and retained by an automated processing system, into another one, in an electronic format which is commonly used, without hindrance from the controller from whom the personal data are withdrawn.
2012/12/21
Committee: ITRE
Amendment 516 #
Proposal for a regulation
Article 19 – paragraph 1
1. The data subject shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data which is based on points (d), (e) and (f) of Article 6(1), unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subject.
2012/12/21
Committee: ITRE
Amendment 539 #
Proposal for a regulation
Article 20 – paragraph 2 – point a
(a) is carried out in the course of the entering into, or performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject , has been satisfied or where suitable measures to safeguard the data subject's legitimate interests have been adduced, such as arrangements allowing him to put his point of view or the right to obtain human intervention; or
2012/12/21
Committee: ITRE
Amendment 563 #
Proposal for a regulation
Article 21 – paragraph 1 – point c
(c) other public interests of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation matters and the protection of market stability and integrity;
2012/12/21
Committee: ITRE
Amendment 568 #
Proposal for a regulation
Article 21 – paragraph 2 a (new)
2a. The restrictions applied to the processing performed by private controllers for law enforcement purposes should not force them to retain data in addition to those strictly necessary for the original purpose pursued nor to change their IT architecture.
2012/12/21
Committee: ITRE
Amendment 577 #
Proposal for a regulation
Article 22 – paragraph 2 – point a a (new)
(aa) implementing a control management system, including the assignment of responsibilities, training of staff and adequate instructions;
2012/12/21
Committee: ITRE
Amendment 588 #
Proposal for a regulation
Article 22 – paragraph 3 a (new)
3a. Any regular report of the activities of the controller shall contain a description of the policies and measures referred to in Article 22(1).
2012/12/21
Committee: ITRE
Amendment 622 #
Proposal for a regulation
Article 26 – paragraph 2 – point b a (new)
(ba) take account of the principle of data protection by design;
2012/12/21
Committee: ITRE
Amendment 668 #
Proposal for a regulation
Article 30 – paragraph 2
2. The controller and the processor shall, following an evaluation of the risks, take the measures referred to in paragraph 1 to protect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorised disclosure, dissemination or access, or alteration of personal data. In particular, the controller shall adopt an information security management including, where appropriate, the implementation of an information security policy specific to the data processing performed.
2012/12/21
Committee: ITRE
Amendment 673 #
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 724 hours after having become aware of it, notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 724 hours.
2012/12/21
Committee: ITRE
Amendment 682 #
Proposal for a regulation
Article 32 – paragraph 1
1. When the personal data breach is likely to adversely affect the protection of the personal data or privacy of the data subject, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation.
2012/12/21
Committee: ITRE
Amendment 685 #
Proposal for a regulation
Article 32 – paragraph 2
2. The communication to the data subject referred to in paragraph 1 shall be comprehensive, clear and understandable by any individual and shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (cd) of Article 31(3).
2012/12/21
Committee: ITRE
Amendment 743 #
Proposal for a regulation
Article 35 – paragraph 7
7. The controller or the processor shall designate a data protection officer for a period of at least two yearsgiven term period of his choosing. The data protection officer may be reappointed for further terms. During their term of office, the data protection officer may only be dismissed, if the data protection officer no longer fulfils the conditions required for the performance of their duties as the company management sees fit.
2013/01/09
Committee: ITRE
Amendment 747 #
Proposal for a regulation
Article 36 – paragraph 1
1. The controller or the processor shall ensure that the data protection officer is given access to all information relevant, and to premises necessary to perform his duties and is properly and in a timely manner involved in all issues which relate to the protection of personal data.
2013/01/09
Committee: ITRE
Amendment 754 #
Proposal for a regulation
Article 37 – paragraph 1 – point a
(a) to raise awareness, to inform and advise the controller or the processor of their obligations pursuant to this Regulation and to document this activity and the responses received;
2013/01/09
Committee: ITRE
Amendment 764 #
Proposal for a regulation
Article 40 – paragraph 1
Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation may only take place if,shall be prohibited unless subject to the other provisions of this Regulation, the conditions laid down in this Chapter are complied with by the controller and processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation.
2013/01/09
Committee: ITRE
Amendment 765 #
Proposal for a regulation
Article 40 – paragraph 1 a (new)
Not later than [5 years] after the entry into force of this Regulation, any international agreement shall be revised in order to align with the Regulation.
2013/01/09
Committee: ITRE
Amendment 806 #
Proposal for a regulation
Article 47 – paragraph 6
6. Each Member State shall ensure that the supervisory authority has its own staff, selected on the basis of the experience and skills required to perform their duties notably in the area of protection of personal data, which shall be appointed by and be subject to the direction of the head of the supervisory authority.
2013/01/09
Committee: ITRE
Amendment 855 #
Proposal for a regulation
Article 75 – paragraph 2
2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has its habitual residence, unless the controller is a public authority acting in the exercise of its public powers. The derogation does not apply to a public authority of a third country.
2013/01/09
Committee: ITRE
Amendment 877 #
Proposal for a regulation
Article 80 – paragraph 1
1. Member States shall provide for exemptions or derogations from the provisions on the general principles in Chapter II, the rights of the data subject in Chapter III, on controller and processor in Chapter IV, on the transfer of personal data to third countries and international organisations in Chapter V, the independent supervisory authorities in Chapter VI and on co-operation and consistency in Chapter VII for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expressionwhenever this is necessary in order to reconcile the right to the protection of personal data with the rules governing freedom of expression.
2013/01/09
Committee: ITRE
Amendment 883 #
Proposal for a regulation
Article 81 – paragraph 1 – introductory part
1. Within the limits ofout prejudice to this Regulation and in accordance with point (h) of Article 9(2), processing of personal data concerning health must be on the basis of Union law or Member State law which shall provide for suitable and specific measures to safeguard the data subject's legitimate interests, and be necessary for:
2013/01/09
Committee: ITRE
Amendment 887 #
Proposal for a regulation
Article 82 – paragraph 1
1. Within the limits ofout prejudice to this Regulation, Member States may adopt by law specific rules regulating the processing of employees‘ personal data in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organisation of work, health and safety at work, and for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship.
2013/01/09
Committee: ITRE
Amendment 892 #
Proposal for a regulation
Article 83 – paragraph 1 – introductory part
1. Within the limits ofout prejudice to this Regulation, personal data may be processed for historical, statistical or scientific research purposes only if:
2013/01/09
Committee: ITRE
Amendment 910 #
Proposal for a regulation
Article 84 – paragraph 1
1. Within the limits ofout prejudice to this Regulation, Member States may adopt specific rules to set out the investigative powers by the supervisory authorities laid down in Article 53(2) in relation to controllers or processors that are subjects under national law or rules established by national competent bodies to an obligation of professional secrecy or other equivalent obligations of secrecy, where this is necessary and proportionate to reconcile the right of the protection of personal data with the obligation of secrecy. These rules shall only apply with regard to personal data which the controller or processor has received from or has obtained in an activity covered by this obligation of secrecy.
2013/01/09
Committee: ITRE
Amendment 1114 #
Proposal for a regulation
Article 11 – paragraph 2
2. The controller shall provide any information and any communication relating to the processing of personal data to the data subject in an intelligible form, using clear and plain language, adapted to the data subject, in particular for any information addressed specifically to a child, which according to this Regulation he is obliged to provide access to, to the data subject in an intelligible form, which can be understood by an average informed, attentive and understanding average consumer.
2013/03/04
Committee: LIBE