99 Amendments of Anna Maria CORAZZA BILDT related to 2017/0003(COD)
Amendment 51 #
Proposal for a regulation
Recital 3
Recital 3
Amendment 65 #
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to or stored in end-usconsumers’' terminal equipment.
Amendment 93 #
Proposal for a regulation
Recital 16 a (new)
Recital 16 a (new)
(16a) Regulation 2016/679 explicitly recognises the need to provide additional protection to children, given that they may be less aware of the risks and consequences associated with the processing of their personal data. This Regulation should also grant special attention to the protection of children's privacy. They are among the most active internet users and their exposure to profiling and behaviourally targeted advertising techniques should be prohibited.
Amendment 112 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities ofstore information in terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizingcomply with all obligations pursuant to Regulation (EU) 2016/679. For instance, the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitlyervice requested by the end-usconsumer. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-usconsumer’'s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information societySimilarly, providers of terminal equipment and the software needed to operate such equipment regularly need access to configuration and other device information and the processing and storage capabilities to maintain the equipment, prevent security vulnerabilities or their exploitation and correct problems related to the equipment's operation. Information society providers and electronic communications service providers that engage in configuration checking to provide the service in compliance with the end-usconsumer's settings and the mere logging of the fact that the end-usconsumer’'s device is unable to receive content requested by the end- usconsumer should not constitute access to such a device or use of the device processing capabilities.
Amendment 128 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enablTherefore providers of software enabling publicly available electronic communications services and permitting the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Consumers should be offered a set of privacy setting options. Such privacy settings should be presented in a an easily visible and intelligible manner.
Amendment 138 #
Proposal for a regulation
Recital 24
Recital 24
(24) For web browserssoftware enabling publicly available communication services and permitting the retrieval and presentation of information on the internet to be able to obtain end-usconsumers’' consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-userconsumer using of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-usconsumers are required to actively select ‘'accept third party cookies’' to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet in the context of publicly available electronic communications services that, at the moment of installation, end-usconsumers are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-usconsumers from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals' browsing histories and the use of such records to send targeted advertising. Such obligations do not arise where the software already seeks to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment. Web browsers are encouraged to provide easy ways for end- usconsumers to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.
Amendment 142 #
Proposal for a regulation
Recital 3
Recital 3
Amendment 144 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-usconsumers, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged Information emitted by terminal equipment should be considered a separate category from metadata and information from the consumer's terminal equipment itself. Nevertheless, collection of such information should be subject to specific transparency measures and safeguards. Entities deploying such practicesolutions should display or make available prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679 and the processing of such personal data will also be subject to the Regulation.
Amendment 152 #
Proposal for a regulation
Recital 27
Recital 27
(27) As regards calling line identification, it is necessary to protect the right of the calling party to withhold the presentation of the identification of the line from which the call is being made and the right of the called party to reject calls from unidentified lines. Certain end-users, in particular help lines, and similar organisations, have an interest in guaranteeing the anonymity of their callers. As regards connected line identification, it is necessary to protect the right and the legitimate interest of the called party to withhold the presentation of the identification of the line to which the calling party is actually connected. These requirements make sense in the context of two-way voice communication services conducted on a one-to-one basis. They do not make sense, and are not technically feasible, in the context of other publicly available interpersonal communication services such as SMS text applications, or multi-party and multimedia communication platforms, enabling concurrent communications in the form of voice, video, messaging and document sharing for multiple participants. Given there are multiple parties involved it is not possible for each of them to exercise the right to prevent caller identification without impinging on the rights of the other parties for such identification not to be suppressed.
Amendment 153 #
Proposal for a regulation
Recital 28
Recital 28
(28) There is justification for overriding the elimination of calling line identification presentation in specific cases. End-usConsumers' rights to privacy with regard to calling line identification should be restricted where this is necessary to trace nuisance calls and with regard to calling line identification and location data where this is necessary to allow emergency services, such as eCall, to carry out their tasks as effectively as possible.
Amendment 154 #
Proposal for a regulation
Recital 29
Recital 29
(29) Technology exists that enables providers of certain publicly available electronic communications services to limit the reception of unwanted calls by end-usconsumers in different ways, including blocking silent calls and other fraudulent and nuisance calls. PWhere technically feasible and economically viable, providers of publicly available number-based interpersonalvoice communications services should deploy this technology and protect end-usconsumers against nuisance calls and free of charge. Providers should ensure that end-usconsumers are aware of the existence of such functionalities, for instance, by publicising the fact on their webpage.
Amendment 163 #
Proposal for a regulation
Recital 32
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable end-usconsumers using electronic communications services. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation.
Amendment 164 #
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to or stored in end-usconsumers’ terminal equipment.
Amendment 165 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-usconsumers against unsolicited communications for direct marketing purposes, which intrude into the private life of end-usconsumers. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-usconsumers is obtained before commercial electronic communications for direct marketing purposes are sent to end-usconsumers in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 169 #
Proposal for a regulation
Recital 34
Recital 34
(34) When end-usconsumers have provided their consent to receiving unsolicited communications for direct marketing purposes, they should still be able to withdraw their consent at any time in an easy manner. To facilitate effective enforcement of Union rules on unsolicited messages for direct marketing, it is necessary to prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending unsolicited commercial communications for direct marketing purposes. Unsolicited marketing communications should therefore be clearly recognizable as such and should indicate the identity of the legal or the natural person transmitting the communication or on behalf of whom the communication is transmitted and provide the necessary information for recipients to exercise their right to oppose to receiving further written and/or oral marketing messages.
Amendment 170 #
Proposal for a regulation
Recital 35
Recital 35
(35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-usconsumers to withdraw their consent. Legal or nNatural persons conducting direct marketing communications through voice- to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called or present a specific code identifying the fact that the call is a marketing call.
Amendment 178 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 182 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down rules regarding the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, and in particular, the rights to respect for private life and communications and the protection of natural persons with regard to the processing of personal data.
Amendment 185 #
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as ‘hotspots’ situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services which are targeting the general public and public communications networks. In contrast, tThis Regulation should not apply to closed groups of end-users such as corporate networks, access to which is limited to members of the corporation. However, even if undefined end-users use the network in question in the context of the activities of the defined group of end- users, it should not preclude them from being considered outside the material scope of the Regulation.
Amendment 188 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 206 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end- users consent in accordance with Regulation (EU) No 2016/679. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users’ consent tocomply with Regulation (EU) No 2016/679 when processing electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier is necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 208 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
(a) the provisionoffering of electronic communications services to end-usconsumers in the Union, irrespective of whether a payment of the end-usconsumer is required;
Amendment 217 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-usconsumers, on all issues related to processing electronic communications data for the purposes of ensuring compliance with this Regulation.
Amendment 226 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘'electronic communications content’' means the content exchangtransmitted by means of publicly available electronic communications services, such as text, voice, videos, images, and sound;
Amendment 230 #
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end- user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposes.
Amendment 233 #
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent sto make use of the processing and storage capabilities ofre information in terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizingcomply with all obligations pursuant to regulation (EU) 2016/679. For instance, the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-usconsumer. This may include the storing of cookies for the duration of a single established session on a website to keep track of the end-usconsumer’s input when filling in online forms over several pages or enabling other adaptation to individual preferences. Cookies can also be a legitimate and useful tool to improve the performance of a website, for example, in measuring web traffic to a website. Information society providers or identify if consumers get error messages from certain pages on a website. Similarly, providers of terminal equipment and the software needed to operate such equipment regularly need access to configuration and other device information and the processing and storage capabilities to maintain the equipment, prevent security vulnerabilities or their exploitation and correct problems related to the equipment’s operation. Information society providers and electronic communications service providers that engage in configuration checking to provide the service in compliance with the end-usconsumer’s settings and the mere logging of the fact that the end-usconsumer’s device is unable to receive content requested by the end- usconsumer should not constitute access to such a device or use of the device processing capabilities.
Amendment 244 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by during conveyance, such as by unauthorised listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the send-userer or intended recipients, shall be prohibited, except when permitted by this RegulationUnion or national legislation. The processing of electronic communications data following conveyance to the intended recipients or their service provider shall be subject to Regulation (EU) 2016/679.
Amendment 250 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.
Amendment 253 #
Proposal for a regulation
Article 6 – title
Article 6 – title
Amendment 255 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of public electronic communications networks and publicly available electronic communications services may process electronic communications data if:
Amendment 255 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of software enablTherefore providers of software enabling publicly available electronic communications services and permitting the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as ‘reject third party cookies’. End-usConsumers should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cookies’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should be presented in an easily visible and intelligible manner.
Amendment 258 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or it is necessary for providing an electronic communications service requested by the consumer.
Amendment 262 #
Proposal for a regulation
Article 6 – paragraph 1 – point a a (new)
Article 6 – paragraph 1 – point a a (new)
(a a) the data is anonymous or made anonymous before any other processing; or
Amendment 263 #
Proposal for a regulation
Recital 24
Recital 24
(24) For web browserssoftware enabling publicly available communication services and permitting the retrieval and presentation of information on the internet to be able to obtain end-usconsumers’ consent as defined under Regulation (EU) 2016/679, for example, to the storage of third party tracking cookies, they should, among others, require a clear affirmative action from the end-userconsumer using of terminal equipment to signify his or her freely given, specific informed, and unambiguous agreement to the storage and access of such cookies in and from the terminal equipment. Such action may be considered to be affirmative, for example, if end-usconsumers are required to actively select ‘accept third party cookies’ to confirm their agreement and are given the necessary information to make the choice. To this end, it is necessary to require providers of software enabling access to internet in the context of publicly available electronic communications services that, at the moment of installation, end-usconsumers are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice. Information provided should not dissuade end-usconsumers from selecting higher privacy settings and should include relevant information about the risks associated to allowing third party cookies to be stored in the computer, including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising. Such obligations do not arise where the software already seeks to prevent third parties from storing information on the terminal equipment of end-user or processing information already stored on that equipment. Web browsers are encouraged to provide easy ways for end- usconsumers to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.
Amendment 265 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security of electronic communications networks and services and users of these networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.o stop fraudulent or abusive use of the service;
Amendment 268 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged Information emitted by terminal equipment should be considered a separate category from metadata and information from the consumer’s terminal equipment itself. Nevertheless, collection of such information should be subject to specific transparency measures and safeguards. Entities deploying such practicesolutions should display or make available prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679 and the processing of such personal data will also be subject to the Regulation.
Amendment 269 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) it is necessary for the purpose of the legitimate interests of the provider except where such interests are overridden by the interests or fundamental rights and freedoms of the consumers concerned;
Amendment 271 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Electronic communications data that is generated in the context of an electronic communications service designed particularly for children or directly targeted at children shall not be used for profiling or behaviourally targeted advertising purposes.
Amendment 275 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is necessary to meefor quality of service purposes, including network management mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 280 #
Proposal for a regulation
Recital 29
Recital 29
(29) Technology exists that enables providers of certain publicly available electronic communications services to limit the reception of unwanted calls by end-usconsumers in different ways, including blocking silent calls and other fraudulent and nuisance calls. PWhere technically feasible and economically viable, providers of publicly available number-based interpersonalvoice communications services should deploy this technology and protect end-usconsumers against nuisance calls and free of charge. Providers should ensure that end-usconsumers are aware of the existence of such functionalities, for instance, by publicising the fact on their webpage.
Amendment 288 #
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
Article 6 – paragraph 3 – introductory part
3. Providers of the electronic communications services may process electronic communications content only:in accordance with Article 6 of Regulation (EU) 2016/679 and to the extent the processing of all end-users electronic communications content for one or more specified purposes cannot be fulfilled by processing information that is made anonymous
Amendment 291 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
Amendment 297 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
Amendment 300 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 304 #
Proposal for a regulation
Recital 33 a (new)
Recital 33 a (new)
(33a) Regulation 2016/679 explicitly recognises the need to provide additional protection to children. This Regulation shall provide additional protection and safeguards when end-users are children, given that they may be less aware of the risks and consequences associated with the processing of their personal data. This Regulation should also grant special attention to the protection of children’s privacy. When children are required to express their consent, the information provided to express the consent should be given in a clear and age-appropriate language. Profiling and behaviourally targeted advertising techniques for children should be prohibited.
Amendment 310 #
Proposal for a regulation
Recital 35
Recital 35
(35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-usconsumers to withdraw their consent. Legal or nNatural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called or present a specific code identifying the fact that the call is a marketing call.
Amendment 312 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of informationpersonal data stored in and related to end-users’ terminal equipment
Amendment 314 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-usWithout prejudice to paragraph 2 of this Article, the storage or collection of personal data from consumers’' terminal equipment, including about its software and hardware, other than by the end-usconsumer concerned shall be prohibited, except on the following grounds:
Amendment 319 #
Proposal for a regulation
Article 8 – paragraph 1 – point a a (new)
Article 8 – paragraph 1 – point a a (new)
(a a) it is necessary for quality of service purposes, including network management and to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212011 for the duration necessary for that purpose; or
Amendment 320 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consentuse of their terminal equipment for one or more specific purposes is in accordance with Article 6 of Regulation (EU) 2016/679; or
Amendment 324 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user; or
Amendment 326 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures, in accordance with Regulation (EU) No 2016/679, free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 328 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
2. This Regulation ensures free movement of electronic communications data and electronic communications services within the Union, which shall be neither restricted nor prohibited for reasons related to the respect for the private life and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.
Amendment 329 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use of the information society service according to the terms of use for making available the service to the end-user; or
Amendment 343 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user. or another party acting on their behalf
Amendment 345 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) a clear and prominent notice is displayed to the public informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation 2016/679/EU where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimize the collection. The collection of such information shall be conditional on the application of appropriate technical and organization measures to ensure that the collection and processing of information is limited to what is necessary in relation to the purposes of processing and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation 2016/679/EU, have been applied, which may inter alia include pseudonymisation of the information collected as set out in Art. 4 (5) of Regulation (EU) 2016/679
Amendment 348 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
(a) the provisionoffering of electronic communications services to end-users in the Union, irrespective of whether a payment of the end-user is required;
Amendment 352 #
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) it is necessary to maintain or restore the security of electronic communications networks and services and their users, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose; or
Amendment 356 #
Proposal for a regulation
Article 8 – paragraph 1 – point d c (new)
Article 8 – paragraph 1 – point d c (new)
(d c) it is necessary for the purpose of the legitimate interests of the provider of the terminal equipment and its operating software, an electronic communications service or an information society service, except where such interests are overridden by the interests or fundamental rights and freedoms of the end-user.
Amendment 358 #
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Where the provider of an electronic communications service is not established in the Union it shall designate in writing a representative in the Union, Article 27 of Regulation (EU) No 2016/679 shall apply.
Amendment 370 #
Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1 – point b
Article 8 – paragraph 2 – subparagraph 1 – point b
(b) a clear and prominent noticeinformation is displayed or available taking account of the normal means a consumer interacts with such a terminal equipment, informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-usconsumer of the terminal equipment can take to stop or minimise the collection. The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, has been applied.
Amendment 380 #
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘electronic communications content’ means the content exchangtransmitted by means of publicly available electronic communications services, such as text, voice, videos, images, and sound;
Amendment 383 #
Proposal for a regulation
Article 8 – paragraph 4 a (new)
Article 8 – paragraph 4 a (new)
4 a. Terminal equipment that is intended particularly for children's use shall implement specific measures to prevent access to the equipment's storage and processing capabilities for the purpose of profiling of its users or tracking their behaviour with commercial intent.
Amendment 397 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any interference with electronic communications data, such as by during conveyance, such as by unauthorised listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance or processing of electronic communications data, by persons other than the send-userer or intended recipients, shall be prohibited, except when permitted by this RegulationUnion or national legislation. The processing of electronic communications data following conveyance to the intended recipients or their service provider shall be subject to Regulation (EU) 2016/679.
Amendment 408 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.
Amendment 409 #
Proposal for a regulation
Article 10
Article 10
Amendment 412 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of public electronic communications networks and publicly available electronic communications services may process electronic communications data if:
Amendment 420 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or it is necessary for providing an electronic communications service requested by the consumer.
Amendment 424 #
Proposal for a regulation
Article 6 – paragraph 1 – point a a (new)
Article 6 – paragraph 1 – point a a (new)
(a a) the data is anonymous or made anonymous before any other processing;or
Amendment 433 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is necessary to maintain or restore the security of electronic communications networks and services, and users of these networks and services, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.o stop fraudulent or abusive use of the service;
Amendment 437 #
Proposal for a regulation
Article 11 – paragraph 1 a (new)
Article 11 – paragraph 1 a (new)
1 a. Without prejudice to paragraph 1, there shall be enshrined in Union law a right to encryption to protect communications data. Member States law may not require the removal or corruption of technical protection measures, such as end-to-end encryption, which make electronic communications data unintelligible to parties other than the end-users; nor should it otherwise determine the nature of such measures, where these are applied directly by the provider of the electronic communications network, service or terminal equipment.
Amendment 441 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) it is necessary for the purpose of the legitimate interests of the provider except where such interests are overridden by the interests or fundamental rights and freedoms of the consumers concerned;
Amendment 442 #
Proposal for a regulation
Article 12 – paragraph 1 – introductory part
Article 12 – paragraph 1 – introductory part
1. Where presentation of the calling and connected line identification is offered in accordance with Article [107] of the [Directive establishing the European Electronic Communication Code], the providers of publicly available number- based interpersonal communications services shall provide the following, subject to technical feasibility and economic viability:
Amendment 449 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The pProviders of publicly available directorienumber-based interpersonal communication services and electronic communication providers shall obtain the consent of end- users who are natural persons to include their personal data in thea directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevant for the purpose of the directory as determined by the provider of the directory. PDirectory providers shall give end- users who are natural persons the means to verify, correct and delete such data.
Amendment 454 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is necessary to meefor quality service purposes, including network management mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 471 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
Amendment 479 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. Art.6 of Regulation (EU) 2016/679 shall apply;
Amendment 480 #
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
Article 6 – paragraph 3 – introductory part
3. Providers of the electronic communications services may process electronic communications content only:in accordance with Art. 6 of Regulation (EU) 2016/679 and to the extent the processing of all end-user electronic communications content for one or more specified purposes cannot be fulfilled by processing information that is made anonymous;
Amendment 484 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
Amendment 490 #
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given theirservice providers' end-users have consented to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authoritypursuant to Regulation (EU) 2016/679.
Amendment 494 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
Article 6 – paragraph 3 a (new)
3 a. Electronic communications data that is generated in the context of an electronic communications service envisioned particularly for children or directly targeted at children shall not be used for profiling or behaviourally targeted advertising purposes.
Amendment 514 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of informationpersonal data stored in and related to end-users’ terminal equipment
Amendment 519 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-usWithout prejudice to paragraph 2 of this Article, the storage or collection of personal data from consumers’' terminal equipment, including about its software and hardware, other than by the end-usconsumer concerned shall be prohibited, except on the following grounds:
Amendment 526 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consentuse of their terminal equipment for one or more specific purposes is in accordance with Art. 6 of Regulation (EU) 2016/679; or
Amendment 527 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC is repealed with effect from 25 May 2018[XXX].
Amendment 528 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 May 201818 months following entry into force.
Amendment 531 #
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorised access to or use of the information society service according to the terms of use for making available the service to the end-user; or
Amendment 549 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user or another party acting on their behalf;.
Amendment 556 #
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) Terminal equipment that is intended particularly for children’s use shall implement specific measures to prevent access to the equipment’s storage and processing capabilities for the purpose of profiling of its users or tracking their behaviour with commercial intent.
Amendment 577 #
Proposal for a regulation
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
1 a. it is necessary for quality of service purposes, including network management and to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212011 for the duration necessary for that purpose;or
Amendment 580 #
Proposal for a regulation
Article 8 – paragraph 1 b (new)
Article 8 – paragraph 1 b (new)
1 b. a clear and prominent notice is displayed to the public informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation 2016/679/EU where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimize the collection.The collection of such information shall be conditional on the application of appropriate technical and organization measures to ensure that the collection and processing of information is limited to what is necessary in relation to the purposes of processing and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation 2016/679/EU, have been applied, which may inter alia include pseudonymisation of the information collected as set out in Art. 4 (5) of Regulation (EU) 2016/679.
Amendment 582 #
Proposal for a regulation
Article 8 – paragraph 1 c (new)
Article 8 – paragraph 1 c (new)
1 c. it is necessary to maintain or restore the security of electronic communications networks and services and their users, or detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose;or
Amendment 635 #
Proposal for a regulation
Article 10
Article 10
Amendment 643 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of anappropriate technical settings referred to in Art.9 (2) for end- user or processing information already stored on that equipms to express consent.
Amendment 652 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require. The technical settings shall consist of multiple options for end- user to choose from, including an option to prevent other parties from storing information on the terminal equipment of an end-user and from processing information already stored on that equipment. These settings shall be easily accessible during the use of software and presented in a manner that gives the end- user to consent to a settingpossibility to an informed decision. The software enabling end-user to access individual websites, shall offer end-users to customise their privacy settings according to the website visited.
Amendment 685 #
Proposal for a regulation
Article 12 – paragraph 1 – introductory part
Article 12 – paragraph 1 – introductory part
1. Where presentation of the calling and connected line identification is offered in accordance with Article [107] of the [Directive establishing the European Electronic Communication Code], the providers of publicly available number- based interpersonal communications services shall provide the following, subject to technical feasibility and economic viability:
Amendment 741 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The right to object shall be given at the time of collection and each time a message is sent.
Amendment 821 #
1. Directive 2002/58/EC is repealed with effect from 25 May 2018.[XXX]
Amendment 825 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1
Article 29 – paragraph 2 – subparagraph 1
It shall apply from 25 May 201818 months following the entry into forces.