Activities of Jan Philipp ALBRECHT related to 2016/0288(COD)
Shadow opinions (1)
OPINION on the proposal for a directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast)
Amendments (12)
Amendment 36 #
Proposal for a directive
Recital 91 a (new)
Recital 91 a (new)
(91 a) In order to ensure a safeguard to the security and integrity of networks and services, the use of end-to-end encryption should be promoted and, where technically feasible, be mandatory in accordance with the principles of data protection by design and privacy by design. In particular, Member States should not impose any obligation to encryption providers, providers of electronic communications services and all other organisations (at all levels of the supply chain) that would result in the weakening of the security of their networks and services, such as allowing or facilitating "backdoors".
Amendment 43 #
Proposal for a directive
Article 39 – paragraph 2 – subparagraph 1
Article 39 – paragraph 2 – subparagraph 1
Member States shall encourage the use of the standards and/or specifications referred to in paragraph 1, for the provision of services, technical interfaces and/or network functions, to the extent strictly necessary to ensure interoperability and interconnectivity of services andin order to improve freedom of choice for users and facilitate switching.
Amendment 44 #
Proposal for a directive
Article 40 – paragraph 1
Article 40 – paragraph 1
1. Member States shall ensure that undertakings providing public communications networks or publicly available electronic communications services take appropriate technical and organisational measures to appropriately manage the risks posed to security of networks and services. Having regard to the state of the art, these measures shall ensure a level of security appropriate to the risk presented. In particular, measures shall be taken to ensure that electronic communications content is, wherever technically feasible, encrypted from end- to-end by default, in order to prevent and minimise the impact of security incidents on users and on other networks and services.
Amendment 45 #
Proposal for a directive
Article 40 – paragraph 1 a (new)
Article 40 – paragraph 1 a (new)
1 a. Member States shall not impose any obligation on providers of public communications networks or publicly available electronic communications services that would result in a weakening of the security of their networks or services. Where Member States impose additional security requirements on providers of public communications networks or publicly available electronic communications services in more than one Member State, they shall notify those measures to the Commission and ENISA. ENISA shall assist Member States in coordinating the measures taken to avoid duplication or diverging requirements that may create security risks and barriers to the internal market.
Amendment 46 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 1
Article 40 – paragraph 3 – subparagraph 1
Member States shall ensure that undertakings providing public communications networks or publicly available electronic communications services notify without undue delay the competent authority of a breach of secusecurity incident or loss of integrity that has had a significant impact on the operation of networks or services.
Amendment 47 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point a
Article 40 – paragraph 3 – subparagraph 2 – point a
(a) the number of users affected by the breachincident;
Amendment 48 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point b
Article 40 – paragraph 3 – subparagraph 2 – point b
(b) the duration of the breachincident;
Amendment 49 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point c
Article 40 – paragraph 3 – subparagraph 2 – point c
(c) the geographical spread of the area affected by the breachincident;
Amendment 50 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point d
Article 40 – paragraph 3 – subparagraph 2 – point d
(d) the extent to which the functioning of the network or service is disrupaffected;
Amendment 51 #
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 3
Article 40 – paragraph 3 – subparagraph 3
Where appropriate, the competent authority concerned shall inform the competent authorities in other Member States and the European Network and Information Security Agency (ENISA). The competent authority concerned may inform the public or require the undertakingproviders to do so, where it determines that disclosure of the breachincident is in the public interest.
Amendment 52 #
Proposal for a directive
Article 40 – paragraph 5 a (new)
Article 40 – paragraph 5 a (new)
5 a. By ...[date] in order to contribute to the consistent application of measures for the security of networks and services, ENISA shall, after consulting stakeholders and in close cooperation with the Commission and BEREC, issue guidelines on minimum criteria and common approaches for the security of networks and services and for the use and application of end-to-end encryption.
Amendment 54 #
Proposal for a directive
Article 41 – paragraph 1
Article 41 – paragraph 1
1. Member States shall ensure that in order to implement Article 40, the competent authorities have the power to issue binding instructions, including those regarding the measures required to remedy a breachprevent or remedy an incident and time-limits for implementation, to undertakings providing public communications networks or publicly available electronic communications services.