12 Amendments of Vilija BLINKEVIČIŪTĖ related to 2011/0023(COD)
Amendment 719 #
Proposal for a directive
Article 11 a (new)
Article 11 a (new)
Article 11a Processing of special categories of data 1. Member States shall prohibit the processing of PNR data revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of biometric data or of data concerning health or sex life. 2. In the event that PNR data revealing such information are received by the Passenger Information Unit, they shall be deleted without delay. To that end, upon the receipt of PNR data from air carriers, Member States shall apply automated and manual controls to identify and delete sensitive data from PNR data obtained. 3. In order to identify and delete any sensitive data from PNR data retained, members of the Passenger Information Unit shall undertake manual checks before any further manual processing and prior to any transfer of PNR data to competent authorities in accordance with Article 4(2), to the Passenger Information Unit or another Member State in accordance with Article 7, or to a third country in accordance with Article 8.
Amendment 724 #
Proposal for a directive
Article 11 c (new)
Article 11 c (new)
Article 11c Right of access for the data subject Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit a copy of the PNR data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.
Amendment 728 #
Proposal for a directive
Article 11 f (new)
Article 11 f (new)
Amendment 729 #
Proposal for a directive
Article 11 g (new)
Article 11 g (new)
Article 11g Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed PNR data, and the identity of the recipients of such data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the Data Protection Officer or by the supervisory authority. 3. The Member State shall ensure that the Passenger Information Unit shall make the records available, on request, to the supervisory authority.
Amendment 730 #
Proposal for a directive
Article 11 h (new)
Article 11 h (new)
Amendment 731 #
Proposal for a directive
Article 11 i (new)
Article 11 i (new)
Article 11i Right to judicial remedy 1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if they consider that that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non- compliance with these provisions. 2. Member States shall ensure that final decisions by the court referred to in this Article will be enforced.
Amendment 732 #
Proposal for a directive
Article 11 j (new)
Article 11 j (new)
Article 11j Liability and the right to compensation Member States shall provide that any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with the provisions adopted pursuant to this Directive shall have the right to claim compensation for the damage suffered.
Amendment 733 #
Proposal for a directive
Article 11 k (new)
Article 11 k (new)
Article 11k Penalties for non-compliance Member States shall lay down the rules on penalties, applicable to infringements of the provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.
Amendment 734 #
Proposal for a directive
Article 11 l (new)
Article 11 l (new)
Article 11l Notification of a personal data breach to the supervisory authority 1. Member States shall provide that in the case of a personal data breach, the Passenger Information Unit, without undue delay and, where feasible, not later than 24 hours, the personal data breach to the supervisory authority. The Passenger Information Unit shall provide, on request, to the supervisory authority a reasoned justification in cases of any delay. 2. The notification referred to in paragraph 1 shall at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the Data Protection Officer referred to in Article 3a (new) or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the possible consequences of the personal data breach; (e) describe the measures proposed or taken by the Passenger Information Unit to address the personal data breach and mitigate its effects. In case all information cannot be provided without undue delay, the Passenger Information Unit can complete the notification in a second phase. 4. Member States shall provide that the Passenger Information Unit documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must be sufficient to enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. 5. The supervisory authority shall keep a public register of the types of breaches notified.
Amendment 735 #
Proposal for a directive
Article 11 m (new)
Article 11 m (new)
Article 11m Communication of a personal data breach to the data subject 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data and/or the privacy of the data subject, the Passenger Information Unit shall, after the notification referred to in Article 11l (new), communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall be comprehensive and use clear and plain language. It shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 11l (new) and information about the rights of the data subject, including redress. 3. The communication of a personal data breach to the data subject shall not be required if the Passenger Information Unit demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the PNR data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed or restricted, in a specific case, to the extent that such a delay or restriction constitutes a necessary and proportionate measure: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to protect public security; (c) to protect the rights and freedoms of others.
Amendment 736 #
Proposal for a directive
Article 12
Article 12
1. Each Member State shall provide that the national supervisory authority established in implementation of Article 25 of Framework Decision 2008/977/JHA shall also be responsible for advising on and monitoring the application within its territory of the provisions adopted by the Member States pursuant to the present Directive. The further provisions of Article 25 Framework Decision 2008/977/JHA shall be applicableone or more public authorities are responsible for monitoring the application of the provisions adopted pursuant to this Directive and for contributing to its consistent application throughout the Union, in order to protect the fundamental rights and freedoms of natural persons in relation to the processing of their personal data. 2. Member States shall ensure that the supervisory authority acts with complete independence in exercising the duties and powers entrusted to it. 3. Each Member State shall provide that the members of the supervisory authority, in the performance of their duties, neither seek nor take instructions from anybody, and maintain complete independence and impartiality. 4. Each Member State shall ensure that the supervisory authority is provided with the adequate human, technical and financial resources, premises and infrastructure necessary for the effective performance of its duties and powers. 5. Each Member State shall ensure that the supervisory authority must have its own staff which shall be appointed by and subject to the direction of the head of the supervisory authority.
Amendment 748 #
Proposal for a directive
Article 12 a (new)
Article 12 a (new)
Article 12a Duties of the national supervisory authority 1. Member States shall provide that the supervisory authority: (a) monitors and ensures the application of the provisions adopted pursuant to this Directive and its implementing measures; (b) hears complaints lodged by any data subject, investigates, to the extent appropriate, the matter and informs the data subject of the progress and the outcome of the complaint within a reasonable period, in particular where further investigation or coordination with another supervisory authority is necessary; (c) checks the lawfulness of the data processing; (d) conducts investigations, inspections and audits, either on its own initiative or on the basis of a complaint, and informs the data subject concerned, if the data subject has addressed a complaint, of the outcome of the investigations within a reasonable period; (e) monitors relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies; 2. The supervisory authority shall, upon request, advise any data subject in exercising the rights laid down in provisions adopted pursuant to this Directive, and, if appropriate, co-operate with supervisory authorities in other Member States to this end. 3. For complaints referred to in point (b) of paragraph 1, the supervisory authority shall provide a complaint submission form, which can be completed electronically, without excluding other means of communication. 4. Member States shall provide that the performance of the duties of the supervisory authority shall be free of charge for the data subject. 5. Where requests are manifestly excessive, in particular due to their repetitive character, the supervisory authority may charge a reasonable fee. Such a fee shall not exceed the costs of taking the action requested. The supervisory authority shall bear the burden of proving the manifestly excessive character of the request.