71 Amendments of Rachida DATI related to 2017/0003(COD)
Amendment 147 #
Proposal for a regulation
Recital 4
Recital 4
(4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. ESince electronic communications data may include personal data as defined in Regulation (EU) 2016/679, the provisions related to the protection of natural persons apply to that extent in regard to the processing of personal data.
Amendment 172 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)).
Amendment 173 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)).
Amendment 177 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 179 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 194 #
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any interference with the transmission of electronic communications datacontent, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited except for permissible uses described under this Regulation. The prohibition of interception of communications datacontent should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addressee. Interception of electronic communications datacontent may occur, for example, when someone other than the communicating parties or their electronic communications service providers, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata, for purposes other than the exchange of communications. Interception may also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concernedby accessing electronic communications data during their transmission. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, including browsing habits without the end-users’ consent.
Amendment 197 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications during conveyance is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 202 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security, availability and continuity of the electronic communications services and networks, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessaryappropriate quality of service requirements, such as latency, jitter etc.
Amendment 208 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications metadata can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications networks and services to further process electronic communications metadata, based on end- users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication, billing, interconnection payments or security. Therefore, this Regulation should, in principle, require providers of electronic communications networks and services to obtain end-users’ consent to further process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. As an exception from obtaining end-users’ consent, the processing of electronic communications metadata for purposes other than those for which the personal data were initially collected should be allowed in cases where the processing is compatible in accordance with point (4) of Article 6 of Regulation (EU) 2016/679. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 213 #
Proposal for a regulation
Recital 17 a (new)
Recital 17 a (new)
(17a) Regulation (EU) 2016/679 lays down rules relating to the further processing of personal data where such processing is not based on the data subject’s consent. In accordance with point (4) of Article 6 of Regulation (EU) 2016/679, the processing of electronic communications metadata for purposes other than for which the data were initially collected should be allowed where the processing is compatible with the purposes for which the data were initially collected. In such a case, no legal basis separate from that which allowed the collection of the electronic communications metadata should be required. In accordance with Regulation (EU) 2016/679, further processing of electronic communications metadata for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be considered to be compatible lawful processing operations.
Amendment 223 #
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stor, stored or processed by the end-user, end- users or by a third party entrusted by them to record or store, store or process such data. Any processing of such data must comply with Regulation (EU) 2016/679.
Amendment 227 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent or for clearly defined exceptions and for specific and transparent purposes.
Amendment 232 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Consent should also not be necessary if the information processed or stored is necessary to protect privacy, security or safety of the end-user, or to protect confidentiality, integrity, availability and authenticity of the terminal equipment. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society providers that engage in configuration checking to provide the service in compliance with the end-user’s settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities. As an exemption from obtaining end-user´s consent, the processing of information and data that are or are rendered pseudonymous or anonymous should be allowed or for purposes other than those for which they were initially collected in cases where the processing is compatible and is subject to specific safeguards, especially pseudonymisation as set forth in point (4) of Article 6 of Regulation (EU) 2016/679, as well as if it is necessary in accordance with Article 6 (1) (f) of Regulation (EU) 2016/679 for the purpose of legitimate interest, provided that the data protection impact assessment was carried out, as prescribed in Article 35 of Regulation (EU) 2016/679. Adherence to the data protection certification mechanisms, seals or marks, as defined respectively in Article 40 and Article 42 of Regulation (EU) 2016/679, shall be encouraged and promoted, especially to demonstrate compliance with the Regulation in case of exceptions concerning compatible processing and legitimate interests as described above.
Amendment 234 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacympact on the privacy of the end-user concerned, in accordance with Regulation (EU) 2016/679. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enablproviding, including enabling or subsidizing the use of a specific service explicitly requested by the end-user. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website for other legitimate purposes, for example, securing a service, measuring web traffic to a website or measuring the effectiveness of advertisements. Information society providers that engage in configuration checking to provide the service in compliance with the end-user’s settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilities.
Amendment 241 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate technical settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 244 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. OMobile operating systems or other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored.
Amendment 249 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’)End-users should be offered to choose appropriate technical settings expressing their privacy preferences. Such privacy settings should be presented in an easily visible and intelligible manner.
Amendment 261 #
Proposal for a regulation
Recital 24
Recital 24
(24) For web browsers, applications or other software to be able to obtain end- users’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-user of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-users are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installationTo this end, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-users from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising. Web browserspurposes for which data may be processed, including using information about a user’s browsing habits to build up an anonymous profile which may determine what type of advertising they are shown. Web browsers, application or other software, are encouraged to provide easy ways for end- users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies areis always or never allowed.
Amendment 274 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, for instance, when someone is suspected of a criminal offence or when there are strong reasons to believe a minor has been missing, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3).
Amendment 290 #
Proposal for a regulation
Recital 31
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directorieupon giving their consent the end-users should be inform the end-usersed of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user’s contact details can be searched should not necessarily be the same. The providers of publicly available directories shall provide information about the search options, as well as if new options and functions of the directories are available in the publicly available directories.
Amendment 294 #
Proposal for a regulation
Recital 32
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable end-users using electronic communications services. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation.
Amendment 299 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679. Direct marketing shall not include any form of advertising which is displayed within content presented to an end-user as part of an information society service.
Amendment 303 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 308 #
Proposal for a regulation
Recital 35
Recital 35
(35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-users to withdraw their consent. Legal or natural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called or present a specific code identifying the fact that the call is a marketing call.
Amendment 315 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect all comply withe security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679bligations as prescribed in Article 32 of Regulation (EU) 2016/679 and Article 40 of [European Electronic Communications Code].
Amendment 318 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- users of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 331 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679 by laying down specific rules for the purposes mentioned in paragraphs 1 and 2.
Amendment 358 #
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Where the provider of an electronic communications service is not established in the Union it shall designate in writing a representative in the Union, Article 27 of Regulation (EU) No 2016/679 shall apply.
Amendment 367 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
Amendment 395 #
Proposal for a regulation
Article 5 – title
Article 5 – title
Confidentiality of electronic communications datacontent
Amendment 398 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by unauthorized listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the send-userer or intended recipients, shall be prohibited, except when permitted by this Regulation. The processing of electronic communications data following conveyance to the intended recipients or their service provider shall be subject to Regulation (EU) 2016/679.
Amendment 402 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data during conveyance, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications datacontent, by persons other than the end- users, shall be prohibited, except when permitted by this Regulation.
Amendment 405 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.
Amendment 407 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
For the implementation of the previous paragraph, providers of electronic communications networks and services shall take technical and organisational measures as defined in Article 32 of Regulation (EU) 2016/679.Additionally, to protect the integrity of terminal equipment and the safety, security and privacy of users, providers or electronic communications networks and services shall take appropriate measures based on the risk and on the state of the art reasonably to prevent the distribution through their networks or services of malicious software is referred to in Article 7 Sub-Paragraph (a) of Directive 2013/40/EU.
Amendment 431 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security or availability of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications or the security of or availability for third parties connected to the network, for the duration necessary for that purpose.
Amendment 439 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) it is necessary for compliance with a legal obligation to which the provider of electronic communication networks or services is subject, including but not limited to where it is necessary in order to comply with a legal obligation arising out of Article 11 of this Regulation;
Amendment 442 #
Proposal for a regulation
Article 6 – paragraph 1 – point b b (new)
Article 6 – paragraph 1 – point b b (new)
(b b) it is necessary for the provision of emergency services;or
Amendment 462 #
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 469 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.or
Amendment 473 #
Proposal for a regulation
Article 6 – paragraph 2 – point c a (new)
Article 6 – paragraph 2 – point c a (new)
(c a) the processing of electronic communications metadata for one or more specified purposes is compatible with the purposes for which the data were initially collected, as set forth under point (4) of Article 6 of Regulation (EU) 2016/679.
Amendment 476 #
Proposal for a regulation
Article 6 – paragraph 2 – point c b (new)
Article 6 – paragraph 2 – point c b (new)
(c b) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679, for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Amendment 477 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. For the purpose of point (cb) of paragraph 2, data protection impact assessment shall be carried out as prescribed in Article 35 of Regulation (EU) 2016/679.
Amendment 489 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned haves given theihis or her consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or
Amendment 501 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipientwhen it is no longer necessary for the operation of such services. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.
Amendment 504 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication.
Amendment 528 #
Proposal for a regulation
Article 8 – paragraph 1 – point b a (new)
Article 8 – paragraph 1 – point b a (new)
(b a) the information is or is rendered pseudonymous or anonymous;or
Amendment 541 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.to obtain information about technical quality or effectiveness of an information society service that has been delivered, to understand and optimize web usage or about terminal equipment functionality, and it has no or little impact on the privacy of the end-user concerned; or
Amendment 547 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is car authorized out by the provider of the information society service requested by the end-user, including measurement for the purposes of calculating remuneration or a payment due.
Amendment 557 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) it is necessary to protect privacy, security or safety of the end-user, or to protect confidentiality, integrity, availability, authenticity of the terminal equipment;or
Amendment 558 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) it is necessary for scientific and statistical research purposes authorized by the provider of the information society service requested by the end-user;or
Amendment 564 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) it is necessary for quality of service purposes, including network management and to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/21/2011 for the duration necessary for that purpose;or
Amendment 565 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) the processing of these data and information for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or
Amendment 568 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
Article 8 – paragraph 1 – point d c (new)
(d c) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Amendment 569 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
Article 8 – paragraph 1 – point d c (new)
(d c) it is necessary for the purpose of the legitimate interests of the provider of the terminal equipment and its operating software, an electronic communications service or an information society service, except where such interests are overridden by the interests of fundamental rights and freedoms of the end-user.;or
Amendment 572 #
Proposal for a regulation
Article 8 – paragraph 1 – point d d (new)
Article 8 – paragraph 1 – point d d (new)
(d d) it is necessary to maintain or restore the security of electronic communications networks and services and their users, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.
Amendment 593 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 2
Article 8 – paragraph 2 – subparagraph 2
The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been appliedthat the collection and processing of information is limited to the purposes of processing as required therefor and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679. Those measures may include pseudonymisation of the information collected as set out in Article 4 (5) of Regulation (EU) 2016/679.
Amendment 618 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
Amendment 631 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 636 #
Proposal for a regulation
Article 10
Article 10
Amendment 668 #
Proposal for a regulation
Article 10 a (new)
Article 10 a (new)
Article 10 a Article 25 of Regulation (EU) No 2016/679 shall apply.
Amendment 677 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Providers of electronic communications services shall establish appropriate internal procedures for responding to requests for access to end- users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1 and therefore to facilitate the handling of these requests. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response.
Amendment 702 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The providers of publicly available directories shall obtaelectronic communications services shall be responsible for collecting the consentdata of end- users who are natural persons in order to include their personal data in the directory and, consequently, shall obtain consent from thesepublicly available directories. The providers grant end- users for inclusion of data per category of personal data, to the extent that such data are relevant for the purpose of the directory as determined by the provider of the directory. Pwho are natural persons the right to object against the inclusion of their related data in directories. The providers shall give end-users who are natural persons the means to verify, correct and delete such data.
Amendment 709 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-users who are natural persons whose personal data are in the directory of the available search functions of the directory and obtain end-users’ consent before enabling suchshall inform end-users if new search functions arelated to their own data made available.
Amendment 717 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The providers of publicly available directorielectronic communications services shall provide end-users that are legal persons with the possibility to object to data related to them being included in the directory. Providers shall give such end-users that are legal persons the means to verify, correct and delete such data. Natural persons who act with commercial intent, such as freelancers, small traders or self- employed persons, are equated to legal persons.
Amendment 722 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. The possibility for end-users not to be included in a publicly available directory, or to verify, correct and delete any data related to them shall be provided free of charge and in an easily accessible manner by the party that collected the consent or directly from the provider of publicly available directory.
Amendment 742 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
Amendment 749 #
Proposal for a regulation
Article 16 – paragraph 3 – point b
Article 16 – paragraph 3 – point b
Amendment 762 #
Proposal for a regulation
Article 16 – paragraph 7
Article 16 – paragraph 7
Amendment 766 #
Proposal for a regulation
Article 17
Article 17
Amendment 773 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 823 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 May 2018[one year from the date of entry into force of this regulation].