4 Amendments of Kathalijne Maria BUITENWEG related to 2007/0248(COD)
Amendment 32 #
Proposal for a directive – amending act
Recital 28 a (new)
Recital 28 a (new)
(28a) For the purposes of this Directive, “traffic data” should not only mean any data which is processed for the purpose of the conveyance of a communications network or for the billing thereof but also personal data when the data concerned, whether alone or in conjunction with other data, relate to an individual, directly or indirectly identifiable by the data controller.
Amendment 34 #
Proposal for a directive – amending act
Recital 29
Recital 29
(29) A breach of security resulting in the loss or compromising personal data of an individual subscriber may, if not addressed in an adequate and timely manner, result in substantial economic loss and social harm, including identity fraud. Therefore, the subscribers concerned by such security incidents should band the noatified without delay and informed in order to be able to take the necessary precautionsonal regulatory authority should be notified without delay. The notification should include information about measures taken by the provider to address the breach, as well as recommendations for the users affected. The National Regulatory Authority should consider and determine the seriousness of the breach and should require the provider where appropriate to notify without undue delay the subscribers directly affected by the breach.
Amendment 47 #
Proposal for a directive – amending act
Article 2 - point -1 b (new)
Article 2 - point -1 b (new)
Directive 2002/58/EC
Article 2 - point (b)
Article 2 - point (b)
(-1b) Article 2(b) shall be replaced by the following: (b) "traffic data" means any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof. Traffic data within the meaning of this Article are also personal data within the meaning of Directive 95/46/EC when the data concerned, whether alone or in conjunction with other data relate to an individual directly or indirectly identifiable by the data controller.
Amendment 54 #
Proposal for a directive – amending act
Article 2 - point 3 - point b
Article 2 - point 3 - point b
Directive 2002/58/EC
Article 4 - paragraph 3
Article 4 - paragraph 3
3. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available communications services in the Community, the provider of publicly available electronic communications services, and any company providing services to consumers over the Internet which is the data controller and the provider of information society services shall, without undue delay, notify the subscriber concerned user and the national regulatory authority of such a breach. The notification to the subscribernational regulatory authority shall at least describe the nature of the breach and recommend measures to mitigate its possible negative effects. The notification to the national regulatory authority shall, in addition, describe the consequences of and the measures taken by the provider to address the breach.