Activities of Jan Philipp ALBRECHT related to 2012/0011(COD)
Plenary speeches (6)
Protection of individuals with regard to the processing of personal data (A8-0139/2016 - Jan Philipp Albrecht) (vote)
Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
Protection of individuals with regard to the processing of personal data (A7-0402/2013 - Jan Philipp Albrecht) (vote)
Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
Protection of individuals with regard to the processing of personal data - Processing of personal data for the purposes of crime prevention (debate)
Reports (2)
RECOMMENDATION FOR SECOND READING on the Council position at first reading with a view to the adoption of a regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) PDF (444 KB) DOC (92 KB)
REPORT on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) PDF (3 MB) DOC (3 MB)
Amendments (21)
Amendment 387 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of protection should apply to any information concerning an identified or identifiable person. To determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify or single out the individual. The principles of data protection should not apply to data rendered anonymous is Regulation should not apply to anonymous data, meaning any data that can not be related, directly or indirectly, alone or in combination with associated data, to a natural person or where establishing such a way that the data subject is relation would require a disproportionate amount of time, expense, and effort, taking into account the state of the art in techno longer identifiablegy at the time of the processing and the possibilities for development during the period for which the data will be processed.
Amendment 401 #
Proposal for a regulation
Recital 24
Recital 24
(24) When using online or offline services, individuals may be associated with online or more identifiers provided by their devices, applications, tools and, protocols or other consumer goods, such as Internet Protocol addresses or, cookie identifiers. This may leave traces which, combined with unique identifiers and other information received by the servers, may be used to create profi, RFID-tags and other unique identifiers. Since such identifiers leave traces and can be used to singles of the individuals and identify them. It follows that identification numbers, locationut natural persons, this Regulation should be applicable to processing involving such data, ounliness those identifiers or other specific factors as such need not necessarilydemonstrably do no relate to natural persons, such as for example the IP addresses used by companies, which cannot be considered as ‘personal data in all circumstances’ as defined in this Regulation.
Amendment 903 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. If none of the legal grounds for the processing of personal data referred to in paragraph 1 apply, processing of personal data shall be lawful if and to the extent that it is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data controller shall in that case inform the data subject about the data processing explicitly and separately in accordance with Article 14(1). The controller shall also publish the reasons for believing that its interests override the interests or fundamental rights and freedoms of the data subject. This paragraph shall not apply to processing carried out by public authorities in the performance of their tasks.
Amendment 908 #
Proposal for a regulation
Article 6 – paragraph 1 b (new)
Article 6 – paragraph 1 b (new)
1b. The legitimate interests of the controller as referred to in paragraph 1a override the interests or fundamental rights and freedoms of the data subject, as a rule and for example, if: (a) processing of personal data takes place as part of the exercise of the right to freedom of expression, the media and the arts, within the limits of Union or national law; (b) processing of personal data is necessary for the enforcement of the legal claims of the data controller or of third parties on behalf of whom the data controller is acting in relation to a specific identified data subject, or for preventing or limiting damage by the data subject to the controller; (c) the data subject has provided personal data to the data controller on the legal ground referred to in point (b) of paragraph 1, and the personal data are used for direct marketing for its own and similar products and services and are not transferred, and the data controller is clearly identified to the data subject; (d) processing of personal data takes place in the context of professional business-to-business relationships and the data were collected from the data subject for that purpose; (e) processing of personal data is necessary for registered non-profit associations, foundations and charities, recognised as acting in the public interest under Union or national law, for the sole purpose of collecting donations.
Amendment 913 #
Proposal for a regulation
Article 6 – paragraph 1 c (new)
Article 6 – paragraph 1 c (new)
1c. The interests or fundamental rights and freedoms of the data subject as referred to in paragraph 1a override the legitimate interest of the controller, as a rule and for example, if: (a) the processing causes a serious risk of damage to the data subject; (b) special categories of data as referred to Article 9(1), location data, or biometric data are processed; (c) the data subject can reasonably expect, on the basis of the context of the processing, that his or her personal data will only be processed for a specific purpose or treated confidentially, unless the data subject concerned has been informed specifically and separately about the use of his or her personal data for purposes other than the performance of the service; (d) personal data are processed in the context of profiling; (e) personal data is made accessible for a large number of persons or large amounts of personal data about the data subject are processed or combined with other data; (f) the processing of personal data may adversely affect the data subject, in particular because it can lead to defamation or discrimination; or (g) the data subject is a child.
Amendment 974 #
Proposal for a regulation
Article 7 – paragraph 2 a (new)
Article 7 – paragraph 2 a (new)
2a. If data is collected for processing after consent has been given solely by automated means in accordance with paragraph 2a and the pseudonyms are later unlawfully associated with other personal identifiers that do permit the direct identification of a data subject pursuant to Article 4(1), then this constitutes a personal data breach likely to adversely affect the protection of the privacy of the data subject. The breach notifications must be communicated in accordance with the procedures in Articles 31 and 32.
Amendment 992 #
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
4. CAs a rule, consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller.
Amendment 1105 #
Proposal for a regulation
Article 10 a (new)
Article 10 a (new)
Article 10a Education Union citizens and residents shall be educated by appropriate means about data protection, as an integral part of general media competence education. Competent Member States and Union institutions and bodies shall be tasked with supporting this.
Amendment 1268 #
Proposal for a regulation
Article 14 – paragraph 5 – point d c (new)
Article 14 – paragraph 5 – point d c (new)
(dc) the data are processed in the exercise of his profession by, or are entrusted or become known to, a person who is subject to an obligation of professional secrecy regulated by the State or to a statutory obligation of secrecy.
Amendment 1329 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in an electronic formand interoperable format allowing unhindered further use by the data subject, unless otherwise requested by the data subject.
Amendment 1343 #
Proposal for a regulation
Article 15 – paragraph 2 a (new)
Article 15 – paragraph 2 a (new)
2a. The right of access referred to in paragraphs 1 and 2 shall not apply where data pursuant to Article 14(5)(d) are affected.
Amendment 1692 #
Proposal for a regulation
Article 22 – paragraph 3
Article 22 – paragraph 3
3. The controller shall implement mechanisms to ensure the verification ofbe able to demonstrate the effectiveness of the measures referred to in paragraphs 1 and 2. If proportionate, this verification shall be carried outshall be verified by independent internal or external auditors. A certification pursuant to Article 39 shall be considered an adequate verification.
Amendment 1713 #
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Having regard to the state of the art and, the cost of implementation, the controllerntroller and the processor, if any, shall, both at the time of the determination of the purposes and means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject, in particular with regard to the principles laid out in Article 5. Where the controller has carried out a data protection impact assessment pursuant to Article 33, the results shall be taken into account when developing those measures and procedures.
Amendment 1725 #
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. The controller shall implement mechanisms forWhere the data subject is given a choice regarding the processing of personal data, the controller and the processor, if any, shall ensuringe that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals and that data subjects are able to control the distribution of their personal data.
Amendment 1802 #
Proposal for a regulation
Article 26 – paragraph 2 – point h
Article 26 – paragraph 2 – point h
(h) make available to the controller and the supervisory authority all information necessary to control compliance with the obligations laid down in this Article and allow on-site inspections.
Amendment 2098 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
1. The controller or the processor as the case may be shall obtain an authorisation from the supervisory authority prior to the processing of personal data according to Chapter V or if ordered by any other provision in this Regulation, in order to ensure the compliance of the intended processing with this Regulation and in particular to mitigate the risks involved for the data subjects where a controller or processor adopts contractual clauses as provided for in point (d) of Article 42(2) or does not provide for the appropriate safeguards in a legally binding instrument as referred to in Article 42(5) for the transfer of personal data to a third country or an international organisation.
Amendment 2558 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
1. Member States shall provide that the members of the supervisory authority must be appointed either by the parliament or the government after consultation of the parliament, or by the highest judicial authority of the Member State concerned.
Amendment 2611 #
Proposal for a regulation
Article 52 – paragraph 2
Article 52 – paragraph 2
2. Each supervisory authority shall promote the awareness of the public on risks, rules, safeguards and rights in relation to the processing of personal data and about appropriate means of protecting oneself. Activities addressed specifically to children shall receive specific attention.
Amendment 2630 #
Proposal for a regulation
Article 53 – paragraph 2 – subparagraph 1 – point b
Article 53 – paragraph 2 – subparagraph 1 – point b
(b) access to any of its premises, including to any data processing equipment and means, where there are reasonable grounds for presuming that an activity in violation of this Regulation is being carried out there.
Amendment 2827 #
Proposal for a regulation
Article 77 – paragraph 2
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage, unless they have an appropriate written agreement.
Amendment 2969 #
Proposal for a regulation
Article 80 a (new)
Article 80 a (new)
Article 80a Access to documents 1. Member States may provide in their national legislation for rules necessary to reconcile the right of access to documents with the principles in Chapter 2. 2. Each Member State shall notify to the Commission provisions of its law which it adopts pursuant to paragraph 1 by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.