Activities of Jan Philipp ALBRECHT related to 2012/0010(COD)
Shadow reports (2)
RECOMMENDATION FOR SECOND READING on the Council position at first reading with a view to the adoption of a directive of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA PDF (446 KB) DOC (92 KB)
REPORT on the proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data PDF (890 KB) DOC (1 MB)
Amendments (70)
Amendment 175 #
Proposal for a directive
Recital 7
Recital 7
(7) Ensuring a consistent and high level of protection of the personal data of individuals and facilitating the exchange of personal data between competent authorities of Members States is crucial in order to ensure effective judicial co- operation in criminal matters and police cooperation. To that aim, the level of protection of the rights and freedoms of individualminimum standards must be ensured in all Member States with regard to theany processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties must be equivalent in all Member States. Effective protection of personal data throughout the Union requires strengthening the rights of data subjects and the obligations of those who process personal data, but also equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data in the Member States.
Amendment 178 #
Proposal for a directive
Recital 12
Recital 12
(12) In order to ensure the samea minimum level of protection for individuals through legally enforceable rights throughout the Union and to prevent divergences hampering the exchange of personal data between competent authorities, the Directive should provide harmonised rules fora minimum level of harmonisation concerning the protection and the free movement of personal data in the areas of judicial co- operation in criminal matters and police co-operation.
Amendment 181 #
Proposal for a directive
Recital 15
Recital 15
(15) The protection of individuals should be technological neutral and not depend on the techniques used; otherwise this would create a serious risk of circumvention. The protection of individuals should apply to processing of personal data by automated means, as well as to manual processing if the data are contained or are intended to be contained in a filing system. Files or sets of files as well as their cover pages, which are not structured according to specific criteria, should not fall within the scope of this Directive. This Directive should not apply to the processing of personal data in the course of an activity which falls outside the scope of Union law, in particular concerning national security, or to data processed by the Union institutions, bodies, offices and agencies, such as Europol or Eurojust.
Amendment 185 #
Proposal for a directive
Recital 16
Recital 16
(16) The principles of protection should apply to any information concerning an identified or identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify or single out the individual. The principles of data protis Directionve should not apply to data rendered anonymous anonymous data, meaning any data that can not be related, directly or indirectly, alone or in combination with associated data, to a natural person or where establishing such a way that the data subject is no longer identifiablerelation would require a disproportionate amount of time, expense, and effort, taking into account the state of the art in technology at the time of the processing and the possibilities for development during the period for which the data will be processed.
Amendment 186 #
Proposal for a directive
Recital 18
Recital 18
(18) Any processing of personal data must be fair and lawful in relation to the individuals concerned. In particular, the specific purposes for which the data are processed should be explicit and comprehensible to the data subject.
Amendment 189 #
Proposal for a directive
Recital 20
Recital 20
(20) Personal data should not be processed for purposes incompatible with the purpose for which it was collected. Personal data should be adequate, relevant and not exlimited to the minimum necessiveary for the purposes for which the personal data are processed. Every reasonable step should be taken to ensure that personal data which are inaccurate should be rectified or erased.
Amendment 193 #
Proposal for a directive
Recital 23
Recital 23
(23) It is inherent to the processing of personal data in the areas of judicial co- operation in criminal matters and police co-operation that personal data relating to different categories of data subjects are processed. Therefore a clear distinction should as far as possible be made between personal data of different categories of data subjects such as suspects, persons convicted of a criminal offence, victims and third parties, such as witnesses, persons possessing relevant information or contacts and associates of suspects and convicted criminals. Specific rules on the consequences of this categorisation should be provided by the Member States, taking into account the different purposes for which data are collected and providing specific safeguards for persons who are not suspect or have not been convicted of a criminal offence.
Amendment 196 #
Proposal for a directive
Recital 24
Recital 24
(24) As far as possible pPersonal data should be distinguished according to the degree of their accuracy and reliability. Facts should be distinguished from personal assessments, in order to ensure both the protection of individuals and the quality and reliability of the information processed by the competent authorities. The recipient should be informed if data have been unlawfully transmitted or are incorrect. The recipient shall correct the data without delay.
Amendment 206 #
Proposal for a directive
Recital 27
Recital 27
(27) Every natural person should have the right not to be subject to a measure which is based solely on automated processing if it produces an adverse legal effect for that person, unless authorised by law and subject to suitable measures to safeguard the data subject's legitimate interests.
Amendment 208 #
Proposal for a directive
Recital 28
Recital 28
(28) In order to exercise their rights, any information to the data subject should be easily accessible and easy to understand, including the use of clear and plain language, especially when the data subject is a child.
Amendment 215 #
Proposal for a directive
Recital 30
Recital 30
(30) The principle of fair and transparent processing requires that the data subjects should be informed in particular of the existence of the processing operation, its legal basis and its purposes, how long the data will be stored, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Furthermore the data subject shall be informed if profiling takes place and its intended consequences. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.
Amendment 218 #
Proposal for a directive
Recital 33
Recital 33
(33) Member States should be allowed to adopt legislative measures delaying, or restricting or omitting the information of data subjects or the access to their personal data to the extent that and as long as such partial or complete restriction constitutes a strictly necessary and proportionate measure in a democratic society with due regard for fundamental rights and the legitimate interests of the person concerned, to avoid obstructing official or legal inquiries, investigations or procedures, to avoid prejudicing the prevention, detection, investigation and prosecution of criminal offences or for the execution of criminal penalties, to protect public security or national security, or, to protect the data subject or the rights and freedoms of others.
Amendment 223 #
Proposal for a directive
Recital 40 a (new)
Recital 40 a (new)
(40a) Processing of personal data in this sensitive field should only be done after a data protection impact assessment. Member states should therefore carry out before devising new systems for the processing of personal data, an assessment of the impact of the envisaged processing operations on the protection of personal data.
Amendment 258 #
Proposal for a directive
Article 1 – paragraph 2 – introductory part
Article 1 – paragraph 2 – introductory part
2. IThe minimum requirements of this Directive shall be no impediment to Member States retaining or introducing provisions on the protection of personal data that ensure a higher level of protection. At least in accordance with this Directive, Member States shall:
Amendment 266 #
Proposal for a directive
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
2a. The processing or exchange of personal data by competent authorities within the Union needs a legal basis in Union or member state law. This directive does not provide such a legal basis in itself.
Amendment 268 #
Proposal for a directive
Article 2 – paragraph 3 – point a
Article 2 – paragraph 3 – point a
(a) in the course of an activity which falls outside the scope of Union law, in particular concerning national security;
Amendment 276 #
Proposal for a directive
Article 3 – paragraph 1 – point 1
Article 3 – paragraph 1 – point 1
(1) ‘'data subject’' means an identified natural person or a natural person who can be identified or singled out, directly or indirectly, alone or in combination with associated data, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to anunique identification number, location data, online or offline identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or, social identityor gender identity or sexual orientation of that person;
Amendment 282 #
Proposal for a directive
Article 3 – paragraph 1 – point 9
Article 3 – paragraph 1 – point 9
(9) ‘'personal data breach’' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Amendment 294 #
Proposal for a directive
Article 4 – paragraph 1 – point a
Article 4 – paragraph 1 – point a
(a) processed fairly and lawfully and in a transparent manner in relation to the data subject;
Amendment 298 #
Proposal for a directive
Article 4 – paragraph 1 – point c
Article 4 – paragraph 1 – point c
(c) adequate, relevant, and not exlimited to the minimum necessiveary in relation to the purposes for which they are processed; they shall only be processed if, and as long as, the purposes could not be fulfilled by processing information that does not involve personal data; personal data held by private parties or other public authorities shall only be accessed to investigate or prosecute criminal offences in accordance with necessity and proportionality requirements to be defined by each Member State in its national law, subject to the relevant provisions of European Union law or public international law, and in particular the ECHR as interpreted by the European Court of Human Rights;
Amendment 302 #
Proposal for a directive
Article 4 – paragraph 1 – point d
Article 4 – paragraph 1 – point d
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Amendment 307 #
Proposal for a directive
Article 4 – paragraph 1 – point f – introductory part
Article 4 – paragraph 1 – point f – introductory part
(f) processed under the responsibility and liability of the controller, who shall ensure and be able to demonstrate, for each processing operation, compliance with the provisions adopted pursuant to this Directive.
Amendment 308 #
Proposal for a directive
Article 4 – paragraph 1 – point f a (new)
Article 4 – paragraph 1 – point f a (new)
(fa) processed in a way that effectively allows the data subject to exercise his or her rights as described in Articles 10 to 17.
Amendment 331 #
Proposal for a directive
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1a. Member States shall provide specific rules on the consequences of this categorisation, taking into account the different purposes for which data are collected and providing specific safeguards for persons who are not suspect or have not been convicted of a criminal offence. These specific rules shall include conditions for collecting data, time limits for retention, possible limitations to data subject's rights of access and information and the modalities of access to data by competent authorities
Amendment 340 #
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. Member States shall ensure that, as far as possible, personal data based on facts are distinguished from personal data based on personal assessment personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available, and that personal data based on facts are distinguished from personal data based on personal assessments. To this end, the competent authorities shall verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of data, available information shall be added which enables the receiving Member State to assess the degree of accuracy, completeness, up-to-dateness and reliability. Personal data shall not be transmitted without request from a competent authority, in particular data originally held by private parties.
Amendment 342 #
Proposal for a directive
Article 6 a (new)
Article 6 a (new)
Article 6a If it emerges that incorrect data have been transmitted or data have been unlawfully transmitted, the recipient shall be notified without delay. The recipient shall be obliged to rectify the data without delay in accordance with paragraph 1 and Article 15 or to erase them in accordance with Article 16.
Amendment 363 #
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall provide that measures which produce an adverse legal effect for the data subject or significantly affect them and which are based solely on automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall be prohibited unless authorised by a law which also lays down measures to safeguard the data subject's legitimate interests.
Amendment 369 #
Proposal for a directive
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall not be based solely onsingle out a data subject without an initial suspicion that the data subject might have committed or will be committing a criminal offence shall only be lawful if and to the extent that it is strictly necessary for the investigation of a serious criminal offence or the prevention of a clear and imminent danger, established on factual indications, to public security, the existence of the state, or the life of persons. It shall not include or generate special categories of personal data referred to in Article 8.
Amendment 371 #
Proposal for a directive
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2a. Profiling that (whether intentionally or otherwise) has the effect of discriminating against individuals on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, gender or sexual orientation, or that (whether intentionally or otherwise) results in measures which have such effect, shall be prohibited in all cases.
Amendment 375 #
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States shall provide that any information and any communication relating to the processing of personal data are to be provided by the controller to the data subject in an intelligible form, using clear and plain language, adapted to the data subject, in particular where that information is addressed specifically to a child.
Amendment 381 #
Proposal for a directive
Article 10 – paragraph 5
Article 10 – paragraph 5
5. Member States shall provide that the information and any action taken by the controller following a request referred to in paragraphs 3 and 4 are free of charge. Where requests are vexatiousmanifestly excessive, in particular because of their repetitive character, or the size or volume of the request, the controller may charge a reasonable fee for providing the information or taking the action requested, or the controller may not take the action requested. In that case, the controller shall bear the burden of proving the vexatiouscessive character of the request.
Amendment 385 #
Proposal for a directive
Article 11 – paragraph 1 – point b
Article 11 – paragraph 1 – point b
(b) the legal basis and the purposes of the processing for which the personal data are intended;
Amendment 388 #
Proposal for a directive
Article 11 – paragraph 1 – point f a (new)
Article 11 – paragraph 1 – point f a (new)
(fa) where the controller processes personal data as described in Article 9(1), information about the existence of processing for a measure of the kind referred to in Article 9(1) and the intended effects of such processing on the data subject;
Amendment 390 #
Proposal for a directive
Article 11 – paragraph 1 – point f b (new)
Article 11 – paragraph 1 – point f b (new)
(fb) information regarding specific security measures taken to protect personal data;
Amendment 392 #
Proposal for a directive
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Where the personal data are not collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, from which source the data originate.
Amendment 396 #
Proposal for a directive
Article 11 – paragraph 4 – introductory part
Article 11 – paragraph 4 – introductory part
4. Member States may adopt legislative measures delaying, or restricting or omitting the provision of the information to the data subject to the extent that, and as long as, such partial or complete restriction constitutes ais strictly necessary and proportionate measure in a democratic society with due regard for the fundamental rights and the legitimate interests of the person concerned:
Amendment 402 #
Proposal for a directive
Article 11 – paragraph 5
Article 11 – paragraph 5
5. Member States mayshall provide that the controller shall assess, in each specific case, by means of a concrete and individual examination, whether a partial or complete restriction for one of the reasons referred to in paragraph 4 applies. Member State law may also determine categories of data processing which may wholly or partly fall under the exemptions of paragraph 4(a), (b), (c) and (d).
Amendment 406 #
Proposal for a directive
Article 12 – paragraph 1 – point c
Article 12 – paragraph 1 – point c
(c) the recipients or categories of recipients to whom the personal data have been disclosed, in particular the recipients in third countries;
Amendment 408 #
Proposal for a directive
Article 12 – paragraph 1 – point g
Article 12 – paragraph 1 – point g
(g) communication of the personal data undergoing processing and of any available information as to their source, and if applicable, intelligible information about the logic involved in any automated processing.
Amendment 413 #
Proposal for a directive
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Member States shall provide for the right of the data subject to obtain from the controller a copy of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in an electronic and interoperable format allowing unhindered further use by the data subject, unless otherwise requested by the data subject.
Amendment 420 #
Proposal for a directive
Article 13 – paragraph 1 – introductory part
Article 13 – paragraph 1 – introductory part
1. Member States may adopt legislative measures restricting, wholly or partly, the data subject's right of access to the extent and for the period that such partial or complete restriction constitutes a necessary and strictly proportionate measure in a democratic society with due regard for the legitimate interests of the person concernedand fundamental rights of the person concerned, based on a concrete and individual examination of each specific case:
Amendment 422 #
Proposal for a directive
Article 13 – paragraph 1 – point c
Article 13 – paragraph 1 – point c
Amendment 424 #
Proposal for a directive
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
Amendment 430 #
Proposal for a directive
Article 13 – paragraph 2
Article 13 – paragraph 2
Amendment 446 #
Proposal for a directive
Article 15 – paragraph 2
Article 15 – paragraph 2
Amendment 459 #
Proposal for a directive
Article 16 – paragraph 3 – introductory part
Article 16 – paragraph 3 – introductory part
3. Instead of erasure, the controller shall mark the personal datarestrict processing of personal data in such a way that it is not subject to the normal data access and processing operations of the controller and can not be changed anymore, where:
Amendment 460 #
Proposal for a directive
Article 16 – paragraph 3 – point a a (new)
Article 16 – paragraph 3 – point a a (new)
(aa) personal data referred to in this paragraph may, with the exception of storage, only be processed when necessary for purposes of proof, or for the protection of vital interests of the data subject or another person;
Amendment 462 #
Proposal for a directive
Article 16 – paragraph 3 – point b a (new)
Article 16 – paragraph 3 – point b a (new)
(ba) where processing of personal data is restricted pursuant to this paragraph, the controller shall inform the data subject before lifting the restriction;
Amendment 478 #
Proposal for a directive
Article 16 a (new)
Article 16 a (new)
Article 16a Rights in relation to recipients The controller shall communicate any rectification or erasure carried out in accordance with Articles 15 and 16 to each recipient to whom the data have been transferred, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject about those third parties.
Amendment 485 #
Proposal for a directive
Article 19 – paragraph 1
Article 19 – paragraph 1
1. Member States shall provide that, having regard to the state of the art and the cost of implementation, the controller shall, both at the time of the determination of the purposes and means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of provisions adopted pursuant to this Directive and ensure the protection of the rights of the data subject. Where the controller has carried out a data protection impact assessment pursuant to Article 25a, the results shall be taken into account when developing those measures and procedures.
Amendment 488 #
Proposal for a directive
Article 19 – paragraph 2
Article 19 – paragraph 2
2. The controller shall implement mechanisms for ensuring that, by default, only those personal data which are necessary for the purposes of the processing are processed. and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals.
Amendment 512 #
Proposal for a directive
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Member States shall provide that each controller and processor maintains detailed documentation of all processing systems and procedures under their responsibility.
Amendment 534 #
Proposal for a directive
Article 25 a (new)
Article 25 a (new)
Article 25a Data protection impact assessment 1. Member States shall provide that, before devising new systems for the processing of personal data, the controller or the processor acting on the controller's behalf, or the entity deciding about the new system, shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. 2. The assessment shall contain at least a systematic description of (a) the envisaged processing operations and their necessity and proportionality in relation to the purpose, (b) an assessment of the risks to the rights and freedoms of data subjects, (c) the measures envisaged to address the risks and minimise the volume of personal data which is processed, (d) safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons concerned. 3. The controller shall seek the views of data subjects or their representatives on the intended processing. 4. The assessment shall be made easily accessible to the public. 5. The Commission shall be empowered to adopt, after requesting an opinion of the European Data Protection Board, delegated acts in accordance with Article 56 for the purpose of further specifying the requirements for the assessment, referred to in paragraph 2, including conditions and procedures for scalability, verification and audit ability.
Amendment 538 #
Proposal for a directive
Article 26 – paragraph 1 – introductory part
Article 26 – paragraph 1 – introductory part
1. Member States shall ensure that the controller or the processor consults the supervisory authority prior to the processing of personal data which will form part of a new type of filing system to be created where:.
Amendment 539 #
Proposal for a directive
Article 26 – paragraph 1 – point a
Article 26 – paragraph 1 – point a
Amendment 540 #
Proposal for a directive
Article 26 – paragraph 1 – point b
Article 26 – paragraph 1 – point b
Amendment 544 #
Proposal for a directive
Article 26 – paragraph 2
Article 26 – paragraph 2
2. Member States mayshall provide that the supervisory authority establishes a list of the processing operations which are subject to prior consultation pursuant to paragraph 1.
Amendment 565 #
Proposal for a directive
Article 29 – paragraph 4
Article 29 – paragraph 4
4. The communication to the data subject may be delayed, or restricted or omitted on the grounds referred to in Article 11(4).
Amendment 581 #
Proposal for a directive
Article 33 – paragraph 1 a (new)
Article 33 – paragraph 1 a (new)
Member States shall provide that further onward transfers referred to in paragraph 1 of this Article may only take place if, in addition to the conditions laid out in that paragraph: (a) the onward transfer is necessary for the same specific purpose as the original transfer; and (b) the competent authority that carried out the original transfer authorises the onward transfer.
Amendment 590 #
Proposal for a directive
Article 33 a (new)
Article 33 a (new)
Article 33a Transfers to recipients not subject to the provisions implementing this directive Member States shall provide that transfers of personal data by competent authorities to recipients that are not subject to the provisions implementing this Directive may only take place if such transfers are: (a) provided for in national law; such laws must be in compliance with the Charter of Fundamental Rights of the European Union and the Convention for the Protection of Human Rights and Fundamental Freedoms, and be in line with the case law of the Court of Justice of the European Union and the European Court of Human Rights; or (b) necessary for the protection of the vital interests of the data subject or another person; or (c) carried out upon request of the data subject.
Amendment 607 #
Proposal for a directive
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
(b) the controller or processor has assessed all the circumstances surrounding the transfer of personal data andEuropean Data Protection Board has assessed that the recipient controller or processor meets all legal requirements and best practices generally surrounding the transfer of personal data stipulated in this Directive, in particular regarding personal data originally collected by private parties, and has concludesd that appropriate safeguards exist with respect to the protection of personal data. , or
Amendment 608 #
Proposal for a directive
Article 35 – paragraph 1 – point b a (new)
Article 35 – paragraph 1 – point b a (new)
(ba) Member State law allows for specific transfers of personal data which are strictly necessary and proportionate, subject to the relevant provisions of Union law or public international law, and in particular the ECHR as interpreted by the European Court of Human Rights.
Amendment 615 #
Proposal for a directive
Article 36 – title
Article 36 – title
Derogation Derogations in the case of specific transfers
Amendment 617 #
Proposal for a directive
Article 36 – paragraph 1 – introductory part
Article 36 – paragraph 1 – introductory part
Amendment 620 #
Proposal for a directive
Article 36 – paragraph 1 a (new)
Article 36 – paragraph 1 a (new)
Member States shall ensure that personal data is only transferred under the provisions of this Article if (a) the controller has obtained prior authorisation from the supervisory authority; and (b) the transfer is only comprising data strictly necessary to achieve the purpose for which it is transferred; and (c) all transfers are fully documented, including date and time of the transfer, the recipient authority, the justification for the transfer and the data transferred. This documentation shall be made available to the supervisory authority on request.
Amendment 622 #
Proposal for a directive
Article 36 – paragraph 1 – point a
Article 36 – paragraph 1 – point a
(a) the transfer is necessary in order to protectto safeguard the vital interests of the data subject or another person, particularly in terms of their physical safety and well-being; or
Amendment 623 #
Proposal for a directive
Article 36 – paragraph 1 – point c
Article 36 – paragraph 1 – point c
(c) the transfer of the data is limited to a specific case and essential for the prevention of an immediate and serious threat to public security of a Member State or a third country; or
Amendment 643 #
Proposal for a directive
Article 45 – paragraph 6
Article 45 – paragraph 6
6. Where requests are vexatiousmanifestly excessive, in particular due to their repetitive character, the supervisory authority may charge a fee or not take the action required by the data subjectreasonable fee. The supervisory authority shall bear the burden of proving of the vexatiouscessive character of the request.
Amendment 646 #
Proposal for a directive
Article 46 – paragraph 1 – point a
Article 46 – paragraph 1 – point a
(a) investigative powers, such as powers of access to data forming the subject matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties;all personal data and to all the information necessary for the performance of its supervisory duties and access to any of a data controller's premises, including to any data processing equipment and means.
Amendment 653 #
Proposal for a directive
Article 47 – paragraph 1
Article 47 – paragraph 1
Member States shall provide that each supervisory authority draws up an annual report on its activities. The report shall at least every two years. The report shall be presented to the national parliament, and be made available to the Commission and, the European Data Protection Board, and the public. It shall include information on the extent to which competent authorities in their jurisdiction have accessed data held by private parties to investigate or prosecute criminal offences.