1796 Amendments of Jan Philipp ALBRECHT
Amendment 3 #
2018/2645(RSP)
Citation 10 a (new)
- having regard to the letter of the Chair of the Article 29 Working Party on Section 702 of the US Foreign Intelligence Surveillance Act (FISA) of 11 April 2018,
Amendment 14 #
2018/2645(RSP)
Recital L
L. whereas the Article 29 Working Party has identified a number of important unresolved issues of significant concern, regarding both the commercial issues and those relating to the access by the U.S. public authorities to data transferred to the U.S. under the Privacy Shield (either for law enforcement or national security purposes) that need to be addressed by both the Commission and the U.S. authorities; whereas it has requested to set up immediately an action plan to demonstrate that all these concerns will be addressed, and at the latest at the second joint review before 25 May 2018;
Amendment 15 #
2018/2645(RSP)
Recital N
N. whereas, an action for annulment by La Quadrature du Net and Others v Commission (Case T-738/16) and a referral by the Irish High Court on the Schrems II case have been brought in front of the European Court of Justice; that the referral takes note that mass surveillance is still going on and analyses whether there is effective remedy in US law for EU citizens whose personal data is transferred to the United States;
Amendment 16 #
2018/2645(RSP)
Recital O
O. whereas on 11 January 2018 the US Congress has reauthorised and amended Section 702 of FISA for six years without addressing the concerns of the joint review report of the Commission and the opinion of the Article 29 Working Party;
Amendment 20 #
2018/2645(RSP)
Paragraph -1 (new)
-1. Highlights the persisting weaknesses of the Privacy Shield as regards the respect of fundamental rights of data subjects; and underlines the increasing risk that the Court of Justice of the EU may invalidate Commission Implementing Decision (EU) 2016/1250 on the Privacy Shield;
Amendment 22 #
2018/2645(RSP)
Paragraph 1
1. Takes note of the improvements compared to the Safe Harbour agreement, including the insertion of key definitions, stricter obligations related to data retention and onward transfers to third countries, the creation of an Ombudsperson to ensure individual redress and independent oversight, checks and balances ensuring the rights of data subjects (PCLOB), external and internal compliance reviews, more regular and rigorous documentation and monitoring, the availability of several ways to pursue legal remedy, prominent role for national DPAs in the investigation of claims; acknowledges that the European Commission is of the view that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield;
Amendment 27 #
2018/2645(RSP)
Paragraph 3
3. Acknowledges the recentRegrets that it has taken so long to designation ofe two additional Members coupled with theand to nomination ofe the Chairman of the PCLOB and calls on the Senate to ratify the names so as to start works without delay;
Amendment 46 #
2018/2645(RSP)
Paragraph 10 a (new)
10 a. Is seriously concerned about the change in the terms of service of Facebook for non-EU users outside the United States and Canada who so far have enjoyed rights under EU data protection law, and who now have to accept Facebook U.S. instead of Facebook Ireland as the data controller; considers that this constitutes a transfer of personal data of approximately 1.5 billion users to a third country; seriously doubts that such an unprecedented large- scale limitation of the fundamental rights of users of a de-facto monopoly platform is what was intended with the Privacy Shield; calls on EU data protection authorities to investigate this matter;
Amendment 48 #
2018/2645(RSP)
Paragraph 10 b (new)
10 b. Welcomes and supports the calls for the US legislator to move towards an omnibus privacy and data protection act;
Amendment 49 #
2018/2645(RSP)
Paragraph 11
11. Recalls its concerns about the lack of guarantees in the Privacy Shield for automated-decision making/profiling, which produce legal effect or significantly affect the individual; acknowledges the intention of the Commission to order a study to collect factual evidence and further assess the relevance of automated decision-making for data transfers under the Privacy Shield; takes note in this regard of the indication from the joint review that the findings gathered seem to indicate that none of the data transferred under the Privacy Shield are processed through automated decision making systems but deplores that, according to the WP29, the feedback from the companies remained very general, leaving unclear whether these assertions correspond to the reality of all companies adhering to the Privacy Shield;
Amendment 53 #
2018/2645(RSP)
Paragraph 13
13. Reiterates its concern that the Privacy Shield principles do not follow the EU model of consent-based processing, but even allow for opt-out / right to object only in very specific circumstances; therefore recommends, in the light of the joint review, that the DoC provides more precise guidance as regards essential principles of the Privacy Shield such as the Choice Principle, the Notice Principle, onward transfers, controller-processor’s relation and access, which are much more aligned with the rights of the data subject under Regulation (EU) 2016/679;
Amendment 56 #
2018/2645(RSP)
Paragraph 13 a (new)
13 a. Reiterates its concerns about the rejection by Congress in March 2017 of the rule submitted by the Federal Communications Commission relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services", which in practice eliminates broadband privacy rules that would have required Internet Service Providers to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies; considers that this is yet another threat to privacy safeguards in the United States;
Amendment 62 #
2018/2645(RSP)
Paragraph 15
15. Regrets that the U.S. did not seize the opportunity of the recent reauthorization of FISA Section 702 to include the safeguards provided in PPD-28; calls for evidence ensuring that data collection under FISA Section 702 is not indiscriminate and access is not conducted on a generalised basis (bulk collection) in contrast with the EU Charter on Fundamental Rights; regrets that the reauthorisation of Section 702 contains several amendments that however are merely procedural and do not address these most problematic issues as also raised by the Article 29 Working Party;
Amendment 72 #
2018/2645(RSP)
Paragraph 19
19. Considers that a more balanced solution would have been to strengthen the existing international system of Mutual Legal Assistance Treaties (MLATs) in view of encouraging international and judicial cooperation; reiterates that, as for instance set out in Article 48 of Regulation (EU) 679/2016 (the General Data Protection Regulation), mutual legal assistance and other international agreements are the preferred mechanism to enable access to personal data overseas;
Amendment 84 #
2018/2645(RSP)
Paragraph 24
24. Is concerned as to whetherthat the current Privacy Shield arrangement does not provides the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.
Amendment 9 #
2017/2191(INI)
Draft opinion
Paragraph 3
Paragraph 3
3. AcknowledgWelcomes the Commission’s efforts to combat unfair competition in high-profile cases against well-known companies; considers that SMEs could stand to benefit from rigorous application of competition rules, particularly in the digital sphere, but stresses that the enforcement of fair competition in the case of SMEs is also of the utmost importance;
Amendment 14 #
2017/2191(INI)
Draft opinion
Paragraph 4
Paragraph 4
4. Encourages the Commission to strengthen the supervision of national implementation of competition policy; is concerned that uneven enforcement of EU competition law by national authorities can result in varying outcomes, thus distorting competition in the internal market; stresses the need for national competition authorities to be independent and have adequate human and financial resources to perform their tasks effectively; welcomes in this regard the Commission’s proposal on the ECN+;
Amendment 34 #
2017/2191(INI)
Draft opinion
Paragraph 7
Paragraph 7
7. Recalls that if anti-competitive practices are to be fought effectively, all aspects of unfair competition must be taken into consideration, including social dumping and fraudulent posting of workers.;further calls on competition authorities to take into account the role of access to data and information when assessing market power, whether merging data and customer information during a merger distorts competition and weakens data protection, and whether an enterprise's access to exclusive analytical methods and patents excludes competitors;
Amendment 45 #
2017/2191(INI)
Draft opinion
Paragraph 7 a (new)
Paragraph 7 a (new)
7 a. Underlines the essential role of administrative fines in deterring future breaches of competition law;urges all Member States to grant their competition authorities the power to impose such fines;considers it essential that a parent company can be held liable for infringement of EU competition law by its subsidiaries;
Amendment 53 #
2017/2191(INI)
Draft opinion
Paragraph 7 b (new)
Paragraph 7 b (new)
7 b. Calls for the strengthening of the freedom of choice for consumers in the Digital Single Market;considers that the enshrined right to data portability in the GDPR is a good approach to strengthening the rights of consumers and competition;in this context underlines the need to examine how interoperability between digital networks by open standards and interfaces can be ensured;
Amendment 2 #
2017/2068(INI)
Motion for a resolution
Citation 3
Citation 3
— having regard to Articles 1, 7, 8, 11, 21, 2416, 17, 21, 24, 47, 49 and 52 of the Charter of Fundamental Rights of the European Union (CFR),
Amendment 16 #
2017/2068(INI)
Motion for a resolution
Citation 13 a (new)
Citation 13 a (new)
Amendment 19 #
2017/2068(INI)
Motion for a resolution
Citation 20 a (new)
Citation 20 a (new)
- having regard to the Europol and ENISA Joint Statement of 20 May 2016 on lawful criminal investigation that respects 21st Century data protection;
Amendment 41 #
2017/2068(INI)
Motion for a resolution
Recital B
Recital B
B. whereas the lines between cybercrime, cyber espionage, cyber warfare, cyber sabotage and cyber terrorism are becoming increasingly blurred; whereas cybercrimes can target individuals, public or private entities and cover a wide range of offences, including privacy breaches, copyright infringement, child pornography, online incitement to hate, the dissemination of fake news with malicious intentsexual abuse, public incitement to violence or hatred, financial crime and fraud, as well as illegal system interference;
Amendment 46 #
2017/2068(INI)
Motion for a resolution
Recital C
Recital C
C. whereas the 2016 IOCTA reveals that cybercrime is increasing in intensity, complexity and magnitude, that reported cybercrime exceeds traditional crime in some EU countries, that it extends to other areas of crime, such as human trafficking, that there has been a growing misuse of encryption and anonymisation tools and that ransomware attacks outnumber traditional malware threats such as Trojans;
Amendment 58 #
2017/2068(INI)
Motion for a resolution
Recital E
Recital E
E. whereas a considerable number of cybercrimes remain unprosecuted and unpunished, due in part to; whereas there is still significant underreporting, long detection periods allowing cybercriminals to develop multiple entries/exits or backdoors, difficult access to e-evidence, problems in obtaining it and with its admissibility in court, as well as complex procedures and jurisdictional challenges related to the cross-border nature of cybercrimes;
Amendment 64 #
2017/2068(INI)
Motion for a resolution
Recital F
Recital F
F. whereas the TELE2 judgment of the CJEU imposes stringent limits on police and judicial access to the data of cybercrime suspects and outlaws blanket and non-targeted data retention;
Amendment 83 #
2017/2068(INI)
Motion for a resolution
Recital H
Recital H
H. whereas awareness about the risks posed by cybercrime has increased, but precautionary measures, both on the part of individual users and of business, remain absenby far not adequate yet;
Amendment 87 #
2017/2068(INI)
Motion for a resolution
Recital I
Recital I
I. whereas the constantly growing interconnectedness of people, places and things makes Internet of Things (IoT) devices an ideal target for cybercriminals; whereas hacked IoT devices that not only have sensors, but have or can control physical actuators, may represent a concrete threat to the lives of human beings;
Amendment 89 #
2017/2068(INI)
Motion for a resolution
Recital I a (new)
Recital I a (new)
Ia. whereas the protection of fundamental rights is a key objective of the Union, and necessary to achieve the trust that enables the European digital single market to flourish, because it creates the confidence that data and services are safe not only from cybercrime, but also from disproportionate public authority interferences with such rights.
Amendment 96 #
2017/2068(INI)
Motion for a resolution
Paragraph –1 (new)
Paragraph –1 (new)
-1. Underlines that the fight against cybercrime should be first and foremost about safeguarding and hardening critical infrastructures and other networked devices, and not only about elaborating repressive actions;
Amendment 124 #
2017/2068(INI)
Motion for a resolution
Paragraph 4
Paragraph 4
4. Stresses that the constantly changing nature of the cyber-threat landscape presents all stakeholders with serious legal and technological challenges; points, in particular, to the increasing misuse of privacy-enhancing technologies such as onion-routing and the Darknet, as well as to the growing threats posed by hackers sponsored by non- friendly foreign states or extremist political or religious organisations;
Amendment 129 #
2017/2068(INI)
Motion for a resolution
Paragraph 4 a (new)
Paragraph 4 a (new)
4a. Underlines that the Darknet and onion-routing also provide a free space for journalists, political campaigners and human rights defenders in certain countries to avoid detection by repressive state authorities;
Amendment 144 #
2017/2068(INI)
Motion for a resolution
Paragraph 6
Paragraph 6
6. Acknowledges that technological advances in encryption allow legitimate usercitizens to better protect their data and communications, but points out that malicious users deploy the same techniques to conceal their criminal activities and identities;
Amendment 164 #
2017/2068(INI)
Motion for a resolution
Paragraph 8
Paragraph 8
8. Calls on the Commission, in the context of the review of the European cybersecurity strategy, to continue identifying network and information security vulnerabilities of European critical infrastructure and incentivise the development of resilient systems, and assess the situation regarding the fight against cybercrime in the European Union and the Member States, in order to achieve a better understanding of the trends and developments in relation to offences in cyberspace;
Amendment 188 #
2017/2068(INI)
Motion for a resolution
Paragraph 12
Paragraph 12
12. Is concerned by the Europol finding that the majority of successful attacks are attributable to a lack of user-awareness, as well as insufficient securitydigital hygiene, a lack of security by design and a lack of user-awareness; underlines that users are the first victims of badly secured hardware and software;
Amendment 215 #
2017/2068(INI)
Motion for a resolution
Paragraph 14
Paragraph 14
14. Stresses that businesses should conduct regular vulnerability assessments, fix existing vulnerabilities inidentify vulnerabilities through regular assessments, protect their products or services by fixing vulnerabilities and consistently reporting cyber-attacks;
Amendment 220 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 a (new)
Paragraph 15 a (new)
15 a. Points out that recent incidents clearly demonstrate the acute vulnerability of the EU, and in particular the EU institutions, national governments and parliaments, major European companies, European IT infrastructures and networks, to sophisticated attacks using complex software and malware; underlines that boosting EU IT capacity and security also reduces the vulnerability of the EU towards serious cyberattacks originating from large criminal organisations or terrorist groups;
Amendment 223 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 b (new)
Paragraph 15 b (new)
15b. Calls on the Commission and the Member States to take the initiative and build up, as a strategic priority measure, a strong and autonomous IT key-resource capability; stresses that in order to regain trust, such a European IT capability should be based, as much as possible, on open standards and open-source software and if possible hardware, making the whole supply chain from processor design to application layer transparent and reviewable; points out that in order to regain competitiveness in the strategic sector of IT services, a ‘digital new deal’ is needed, with joint and large-scale efforts by EU institutions, Member States, research institutions, industry and civil society; calls on the Commission and the Member States to use public procurement as leverage to support such resource capability in the EU by making EU security and privacy standards a key requirement in the public procurement of IT goods and services; urges the Commission, therefore, to review the current public procurement practices with regard to data processing in order to consider restricting tender procedures to certified companies, and possibly to EU companies, where security or other vital interests are involved;
Amendment 224 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 c (new)
Paragraph 15 c (new)
15c. Strongly condemns the fact that intelligence services seek to lower IT security standards and to install backdoors in a wide range of IT systems; asks the Commission to present draft legislation to ban the use of backdoors by law enforcement agencies; recommends, consequently, the use of open-source software in all environments where IT security is a concern;
Amendment 225 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 d (new)
Paragraph 15 d (new)
15d. Calls on all the Member States, the Commission, the Council and the European Council to give their fullest support, including through funding in the field of research and development, to the development of European innovative and technological capability in IT tools, companies and providers (hardware, software, services and network), including for purposes of cybersecurity and encryption and cryptographic capabilities; calls on all responsible EU institutions and Member States to invest in EU local and independent technologies, and to develop massively and increase detection capabilities;
Amendment 226 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 e (new)
Paragraph 15 e (new)
15 e. Takes the view that the large-scale IT systems used in the area of freedom, security and justice, such as the Schengen Information System II, the Visa Information System, Eurodac and possible future systems, should be developed and operated in such a way as to ensure that data are not compromised as a result of requests by authorities from third countries; asks eu-LISA to report back to Parliament on the reliability of the systems in place by the end of 2018;
Amendment 227 #
2017/2068(INI)
Motion for a resolution
Paragraph 15 f (new)
Paragraph 15 f (new)
15f. Calls for the EU to take the lead in reshaping the architecture and governance of the internet in order to address the risks related to data flows and storage, striving for more data minimisation and transparency and less centralised mass storage of raw data, as well as for rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy;
Amendment 231 #
2017/2068(INI)
Motion for a resolution
Paragraph 16
Paragraph 16
16. Considers enhanced cooperation with service providers to be a key factor in accelerating and streamlining mutual legal assistance and mutual recognition proceduresprocedures; calls on providers of electronic communications services not established in the Union to designate in writing representatives in the Union;
Amendment 235 #
2017/2068(INI)
Motion for a resolution
Paragraph 16 a (new)
Paragraph 16 a (new)
16a. Reiterates that with respect to the Internet of Things, producers are the key starting point for tightening up liability regimes which will lead to a better quality of products and a more secure environment in terms of external access and the documented possibility for updates;
Amendment 243 #
2017/2068(INI)
Motion for a resolution
Paragraph 17
Paragraph 17
17. Believes that innovation should not be hampered by unnecessary red tape for software developers and hardware producers; eEncourages the private sector to implement voluntary measures aligned with internationally recognised standards aimed at bolstering trust in the security of software and devices, such as the IoT trust label;
Amendment 251 #
2017/2068(INI)
Motion for a resolution
Paragraph 18
Paragraph 18
Amendment 262 #
2017/2068(INI)
Motion for a resolution
Paragraph 19
Paragraph 19
19. Calls on the Commission to Recognises that the current EU and Member State legal frameworks can create challenges for service providers seeking to comply with law enforcement authority demands, and indeed potentially block such compliance, in particular in scenarios where multiple Member States are involved; calls on the Commission to investigate the legal scope for improving the accountability of service providers to cooperate with law enforcement authorities and for imposing an obligation to respond to foreign EU law-enforcement requests subject to adequate safeguards;
Amendment 283 #
2017/2068(INI)
Motion for a resolution
Paragraph 20
Paragraph 20
20. Calls on the Commission and the Member States to impose the samemandatory end- to-end encryption obligations on online service providers as those, which apply to providers ofwell as traditional telecommunications services;
Amendment 285 #
2017/2068(INI)
Motion for a resolution
Paragraph 21
Paragraph 21
21. Underlines that illegal online content should be removed immediatelyn an expeditious manner; reiterates that any measure to remove illegal online content based on terms and conditions should only be permitted if national procedural rules provide a possibility for users to assert their rights before a court after learning of such measures; welcomes, in this context, the progress achieved concerning the blocking and removal of illegal content online, but stresses the need for a stronger commitment on the part of platform service providers to respond quickly and effectively; welcomes the Commission’s stated intention to provide guidance on notice-and-takedown procedures and urges the Commission to come forward with a legislative proposal on this matter;
Amendment 305 #
2017/2068(INI)
Motion for a resolution
Paragraph 22
Paragraph 22
22. Is concerned that a considerable number of cybercrimes remain unpunished; emphasises the need to allow lawful access to relevant information, even if it has been encrypted, if such access is imperativ enforcement authorities to have lawful access to relevant information in the limited circumstances where such access is necessary and proportionate for reasons of security and justice;
Amendment 314 #
2017/2068(INI)
Motion for a resolution
Paragraph 23
Paragraph 23
23. Urges the Member States to exchange best practices regarding the circumvention of encryption and to cooperate, in consultation with the judiciary, in aligning the conditions for the lawful use of investigative tools online;
Amendment 325 #
2017/2068(INI)
Motion for a resolution
Paragraph 25
Paragraph 25
Amendment 330 #
2017/2068(INI)
Motion for a resolution
Paragraph 26
Paragraph 26
26. Stresses the need to minimise the risks posed to the privacy of internet users by leaks of exploits or tools used by law- enforcement authorities as part of their legitimate investigations; underlines in this regard that exploits and vulnerabilities should be notified to the manufacturer as soon as possible and without exception;
Amendment 336 #
2017/2068(INI)
Motion for a resolution
Paragraph 28
Paragraph 28
28. Underlines that the patchwork of separate, territorially defined national jurisdictions causes difficulties in determining the applicable law in transnational interactions and gives rise to legal uncertainty, thereby preventing cooperation across borders, which is necessary to deal efficiently with misuses onlincybercrime;
Amendment 357 #
2017/2068(INI)
Motion for a resolution
Paragraph 30
Paragraph 30
30. Underlines the importance of close cooperation between law enforcement authorities and the private sector on the issue of access to e-evidence; urges the Member States concerned to eliminate criminal law provisions prohibiting domestic service providers from responding to foreignother EU Member States' law enforcement requests;
Amendment 365 #
2017/2068(INI)
Motion for a resolution
Paragraph 31
Paragraph 31
31. Calls on the Commission to put forward a European legal framework for e- evidence, including harmonised rules to determine the status of a provider as domestic or foreign, and to impose an obligation on service providers to respond to requests from othird countrer EU Member States’ law enforcement authorities, with a view to ensuring legal certainty for stakeholders and removing obstacles to cooperation;
Amendment 367 #
2017/2068(INI)
Motion for a resolution
Paragraph 31 a (new)
Paragraph 31 a (new)
31a. Stresses the need for any e- evidence framework to include sufficient safeguards for the rights and freedoms of all concerned; highlights that this should include a requirement that requests for e- evidence are directed in the first instance to the controllers or owners of the data, in order to ensure that their rights – and the rights of those to whom the data relates (for example their entitlement to assert legal privilege, and seek legal redress in the case of disproportionate or otherwise unlawful access) – are respected; also highlights the need to ensure any legal framework protects providers and all other parties from requests that could create conflicts of law or otherwise impinge on the sovereignty of other States;
Amendment 401 #
2017/2068(INI)
Motion for a resolution
Paragraph 37 a (new)
Paragraph 37 a (new)
37a. Stresses its serious concerns in relation to the work within the Council of Europe's Cybercrime Convention Committee on the interpretation of Article 32 of the Convention on Cybercrime of 23 November 2001 (Budapest Convention) on transborder access to stored computer data (“cloud evidence”) and opposes any conclusion of an additional protocol or guidance intended to broaden the scope of this provision beyond the current regime established by this Convention, which is already a major exception to the principle of territoriality because it could result in unfettered remote access by law enforcement authorities to servers and computers located in other jurisdictions without recourse to mutual legal assistance (MLA) agreements and other instruments of judicial cooperation put in place to guarantee the fundamental rights of the individual, including data protection and due process, and in particular Council of Europe Convention 108;
Amendment 406 #
2017/2068(INI)
Motion for a resolution
Paragraph 37 b (new)
Paragraph 37 b (new)
37b. Urges Member States, in the context of the negotiations of the Council of Europe’s Convention on Cybercrime, to favour the use of mutual legal assistance instruments for the exchange of information with third countries, with due regard to the principle of territoriality and Union legislation on data protection, notably Article 48 of Regulation (EU) 679/2016 (General Data Protection Regulation);
Amendment 415 #
2017/2068(INI)
Motion for a resolution
Paragraph 39
Paragraph 39
39. Takes note of the fact that the highest number of law enforcement requests is sent to the United States and Canada; is concerned that the voluntary disclosure rate of big US service providers in response to requests from European criminal justice authorities falls short of 60 %recognises that, as for instance enshrined in Article 48 of Regulation (EU) 679/2016 (the General Data Protection Regulation), mutual legal assistance and other international agreements are the preferred mechanism to enable access to personal data overseas;
Amendment 423 #
2017/2068(INI)
Motion for a resolution
Paragraph 40
Paragraph 40
40. Calls on the Commission to put forward concrete measures to address impediments to theprotect the fundamental rights of the suspected or accused person when exchange of information between European law enforcement authorities and third countries, notably takes place, notably safeguards as regards the non-execution of a request by an EU Member State in the quick obtaining, upon a court decision, of relevant evidence, subscriber- related information as well as detailed meta- and content data (if not encrypted) from law-enforcement authorities and/or service providers with a view to improving mutual legal assistance;
Amendment 7 #
2017/2067(INI)
Draft opinion
Recital E a (new)
Recital E a (new)
Ea. Whereas algorithmic accountability and transparency means implementing technical and operational measures that ensure transparency and non-discrimination of automated decision-making and calculating of probabilities of individual behaviour; whereas transparency should give individuals meaningful information about the logic involved, the significance and the envisaged consequences; whereas this should include information about the data used for training the analytics and allow individuals to understand and monitor the decisions affecting them;
Amendment 9 #
2017/2067(INI)
Draft opinion
Paragraph 1
Paragraph 1
1. Stresses that the data protection and the e-Privacy directives, and as from May 2018 the General Data Protection Regulation (GDPR) and the e- Privacy lRegisulation, are fully applicable in all aspects of the processing of personal data for C-ITS, in particular as regards the principles of purpose limitation, data minimisation and the rights of data subjects;
Amendment 11 #
2017/2067(INI)
Draft opinion
Paragraph 1 a (new)
Paragraph 1 a (new)
1a. Stresses that, in the use of “smart cars”, the data must by default only be processed in the car or cars, and only insofar as this is technically strictly necessary for the functioning of the cooperative ITS, and must be deleted immediately thereafter; underlines that any further processing or transmission to other data controllers must be only possible based on the informed, freely given, clear and active consent of users and passengers to have their data collected and processed; underlines furthermore the need to prevent “driving walls”, which would mean that users cannot drive their own smart car if they refuse to give consent; calls for an “offline mode” option to be made available in smart cars, which allows the users to turn off transfers of personal data to other devices without hampering the ability to drive the car;
Amendment 14 #
2017/2067(INI)
Draft opinion
Paragraph 2
Paragraph 2
2. Draws attention to the fact that if the service provided is based on location data, it must provide relevantmeaningful information to the user, who must be able to withdraw his/her consent;
Amendment 15 #
2017/2067(INI)
Draft opinion
Paragraph 2 a (new)
Paragraph 2 a (new)
2a. Emphasises the need for much greater transparency and for algorithmic accountability with regard to data processing and analytics by businesses; recalls that the GDPR already foresees a right to be informed about the logic involved in data processing;
Amendment 17 #
2017/2067(INI)
Draft opinion
Paragraph 3
Paragraph 3
3. Stresses that safedata security issues should be taken into account not only during the C- ITS device operation itself, but also in the databases in which the data are processed and / or stored; stresses further that appropriate technical, administrative and organisational requirements, including mandatory end- to-end encryption, must be defined for all stages of the processing, ensuring an adequate level of security;
Amendment 18 #
2017/2067(INI)
Draft opinion
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Reiterates that with respect to C- ITS, producers are the key starting point for tightening up liability regimes which will lead to a better quality of products and a more secure environment in terms of external access and the documented possibility for updates;
Amendment 19 #
2017/2067(INI)
Draft opinion
Paragraph 4
Paragraph 4
4. Draws attention to the fact that data protection and confidentiality must be taken into account throughout the whole processing; stresses that the implementation of ‘privacy and data protection by design and default’ should be the starting point for the design of ITS applications and systems; recalls that anonymisation techniques may increase the trust of users in the services they are using.
Amendment 24 #
2017/2065(INI)
Draft opinion
Paragraph 1
Paragraph 1
1. Stresses that any European digital trade strategy or provisions for cross- border data flows andCalls on the Commission to ensure that cross-border data transfers are in compliance with the existing and future EU legal framework, in particular through adequacy decisions, and to incorporate in our trade agreements on afirst and foree flow legal provision should fully respect the EU data protection acquis and comply with EU fundamental rights standards; most a horizontal provision, which fully maintains the right of a Party to protect personal data and privacy, with the only condition that it must not be used with the intention to restrict data flows for reasons other than the protection of personal data, accompanied with a second provision, which prevents unjustified requirements for data localisation;
Amendment 29 #
2017/2065(INI)
Draft opinion
Paragraph 5
Paragraph 5
5. Emphasises that digital trade is best facilitated through an open exchange of data, with no geographical restrictions; considers that the removal of data localisation requirements should be a top priority, while emphasising that the relevant data protection legstresses the need to ensure that cross- border transfers of personal data are in compliance with the existing and future EU legal framework, in particular through adequacy decisions; calls above all for the inclusion in EU trade agreements of a horizontal provision which fully maintains the right of a Party to protect personal data and privacy, with the only condition that it must not be used with the intention to restrict data flows for reasons other than the protection of personal data; considers that the removal of unjustified data localislation should be adhered torequirements should also be a top priority, and therefore calls for the inclusion in EU trade agreements of a second provision preventing unjustified requirements for data localisation;
Amendment 113 #
2017/2065(INI)
Motion for a resolution
Paragraph 7
Paragraph 7
7. Ccalls on the Commission to prohibitensure that cross-border data transfers are in compliance with the existing and future EU legal framework, in particular through adequacy decisions, and to incorporate in our trade agreements first and foremost a horizontal provision, which fully maintains the right of a Party to protect personal data and privacy, with the only condition that it must not be used with the intention to restrict data flows for reasons other than the protection of personal data, accompanied with a second provision, which prevents unjustified data localisation requirements in FTAs;
Amendment 32 #
2017/2052(INI)
Draft opinion
Paragraph 6 – point a a (new)
Paragraph 6 – point a a (new)
a a. Calls for increased funding to be allocated to the creation of additional Joint Investigation Teams in order to increase cooperation and information exchange in cross-border investigations;
Amendment 32 #
2017/2044(BUD)
Draft opinion
Paragraph 5
Paragraph 5
5. Notes the proposed increases in the DB 2018 for expenditure and establishment plans for all agencies in the area of Justice and Home Affairs classified as holding “new tasks”; regrets however that the increases proposed are lower than those requested by most agencies; stresses the importance of staff increases for eu-LISA and Europol; welcomes the budget increase for the European Data Protection Supervisor in view of the implementation of the General Data Protection Regulation1 .; calls for a budget increase for Eurojust due to the increased requirements for judicial cooperation in the Union, in particular in light of the establishment of an EPPO; underlines that the additional financial resources for Europol and Eurojust should be invested preferably into the funding of Joint Investigation Teams; _________________ 1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
Amendment 173 #
2017/2044(BUD)
Motion for a resolution
Paragraph 65 a (new)
Paragraph 65 a (new)
65 a. Recalls the 2013 Fox-Häfner report, which estimated the costs of the geographic dispersion of the Parliament to be between EUR 156 million and EUR 204 million and equivalent to 10 % of the Parliament's budget; notes the finding that 78 % of all missions by Parliament statutory staff arise as a direct result of the Parliament's geographic dispersion; emphasises that the report also estimates the environmental impact of the geographic dispersion to be between 11,000 to 19,000 tonnes of CO2 emissions; reiterates the negative public perception caused by this dispersion and calls therefore for a roadmap to a single seat and a reduction in the relevant budget lines;
Amendment 52 #
2017/0225(COD)
Proposal for a regulation
Title
Title
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the “EU CybersNetwork and Information Security Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cyberIT security certification (“CybersIT Security Act”) (Text with EEA relevance) (This amendment applies throughout the text. Adopting it will necessitate corresponding changes throughout.)
Amendment 67 #
2017/0225(COD)
Proposal for a regulation
Recital 28
Recital 28
(28) The Agency should contribute towards raising the awareness of the public about risks related to cyberIT security and provide guidance on good practices for individual users aimed at citizens and organisations. The Agency should also contribute to promote best practices and solutions at the level of individuals and organisations by collecting and analysing publicly available information regarding significant incidents, and by compiling reportand publishing reports and guides with a view to providing guidance to businesses and citizens and improving the overall level of preparedness and resilience. The Agency should furthermore organise, in cooperation with the Member States and the Union institutions, bodies, offices and agencies regular outreach and public education campaigns directed to end-users, aiming at promoting safer individual online behaviour and raising awareness of potential threats in cyberspace, including cybercrimes such as phishing attacks, botnets, financial and banking fraud, as well as promoting basic authentication, encryption, anonymisation and data protection advice. The Agency should play a central role in accelerating end-user awareness on security of devices and popularising at EU level security-by- design, privacy-by-design and the incidents and their solutions.
Amendment 71 #
2017/0225(COD)
Proposal for a regulation
Recital 30
Recital 30
(30) To ensure that it fully achieves its objectives, the Agency should liaise with relevant institutions, agencies and bodies, including CERT-EU, European Cybercrime Centre (EC3) at Europol, European Defence Agency (EDA), European Agency for the operational management of large-scale IT systems (eu- LISA), European Aviation Safety Agency (EASA) and any other EU Agency that is involved in cyberIT security. It should also liaise with authorities dealing with data protection in order to exchange know-how and best practices and provide advice on cyberIT security aspects that might have an impact on their work. Representatives of national and Union law enforcement and data protection authorities should be eligible to be represented in the Agency’s Permanent Stakeholders Group. In liaising with law enforcement bodies regarding network and information security aspects that might have an impact on their work, the Agency should respect existing channels of information and established networks. Partnerships should be established with academic institutions that have research initiatives in the relevant areas, while the input from consumer organisations and other organisations should have appropriate channels and be always analysed.
Amendment 74 #
2017/0225(COD)
Proposal for a regulation
Recital 35
Recital 35
(35) The Agency should encourage Member States and service providers to raise their general security standards so that all internet users can take the necessary steps to ensure their own personal cybersecurityIT security and refrain from allowing the sales or use of devices that do not meet minimum security conditions. In particular, service providers and product manufacturers should withdraw or recycle products and services that do not meet cyberIT security standards. In cooperation with competent authorities, ENISA may disseminate information regarding the level of cyberIT security of the products and services offered in the internal market, and issue warnings targeting providers and manufacturers and requiring them to improve the security, including cyberIT security, of their products and services.
Amendment 75 #
2017/0225(COD)
Proposal for a regulation
Recital 41
Recital 41
(41) In order for the Agency to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Management Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Management Board in order to ensure continuity in its work. Due to the high market value of the skills required in the Agency work, it is necessary to ensure that the salaries and the social conditions offered to all Agency staff are competitive and ensure that the best professionals can choose to work there.
Amendment 77 #
2017/0225(COD)
Proposal for a regulation
Recital 42
Recital 42
(42) The smooth functioning of the Agency requires that its Executive Director be appointed on grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cyberIT security, and that the duties of the Executive Director be carried out with complete independence. The Executive Director should prepare a proposal for the Agency’s work programme, after prior consultation with the Commission, and take all necessary steps to ensure the proper execution of the work programme of the Agency. The Executive Director should prepare an annual report to be submitted to the Management Board, draw up a draft statement of estimates of revenue and expenditure for the Agency, and implement the budget. Furthermore, the Executive Director should have the option of setting up ad hoc Working Groups to address specific matters, in particular of a scientific, technical, legal or socioeconomic nature. The Executive Director should ensure that the ad hoc Working Groups’ members are selected according to the highest standards of expertise, taking due account of a representative and gender balance, as appropriate according to the specific issues in question, between the public administrations of the Member States, the Union institutions and the private sector, including industry, users, and academic experts in network and information security.
Amendment 79 #
2017/0225(COD)
Proposal for a regulation
Recital 44
Recital 44
(44) The Agency should have a Permanent Stakeholders’ Group as an advisory body, to ensure regular dialogue with the private sector, consumers’ organisations, academia and other relevant stakeholders. The Permanent Stakeholders’ Group, set up by the Management Board on a proposal by the Executive Director, should focus on issues relevant to stakeholders and bring them to the attention of the Agency, providing input on which ICT products and services to cover in future European IT security certification schemes . The composition of the Permanent Stakeholders Group and the tasks assigned to this Group, to be consulted in particular regarding the draft Work Programme, should ensure suefficient and equitable representation of stakeholders in the work of the Agency.
Amendment 82 #
2017/0225(COD)
Proposal for a regulation
Recital 47
Recital 47
(47) Conformity assessment is the process demonstrating whether specified requirements relating to a product, process, service, system, person or body have been fulfilled. For the purposes of this Regulation, certification should be considered as a type of conformity assessment regarding the cyberIT security features of a product, process, service, system, or a combination of those (“ICT products and services”) by an independent third party, other than the product manufacturer or service provider. While certification for lower assurance levels than high may require merely conformity assessment, for assurance level high, a profound security assessment and neutral certification is needed. Certificates on this assurance level therefore should be issued only by Cybersecurity Supervisory Authorities. The issuing of those certificates should be subject to mutual peer reviews by other Cybersecurity Supervisory Authorities. Certification cannot guarantee per se that certified ICT products and services are cyber secure. It is rather a procedure and technical methodology to attest that ICT products and services have been tested and that they comply with certain cyberIT security requirements laid down elsewhere, for example as specified in technical standards.
Amendment 90 #
2017/0225(COD)
Proposal for a regulation
Recital 52
Recital 52
(52) In view of the above, it is necessary to establish a European cyberIT security certification framework laying down the main horizontal requirements for European cyberIT security certification schemes to be developed and allowing certificates for ICT products and services to be recognised and used in all Member States. The European framework should have a twofold purpose: on the one hand, it should help increase trust in ICT products and services that have been certified according to such schemes. On the other hand, it should avoid the multiplication of conflicting or overlapping national cyberIT security certifications and thus reduce costs for undertakings operating in the digital single market. The schemes should be guided by security-by-design and the principles referred in Regulation 2016/679. They should also be non- discriminatory and based on international and / or Union standards, unless those standards are ineffective or inappropriate to fulfil the EU’s legitimate objectives in that regard.
Amendment 113 #
2017/0225(COD)
Proposal for a regulation
Recital 57
Recital 57
(57) Recourse to European cybersecurity certification should remain voluntary, unless otherwise provided in Union or national legislation. However, wbaseline IT security requirements need to be mandatory and implemented on all consumer devices and services in order to tackle the challenges of an increasingly connected world. Such minimal requirements could include authentication, security of connections and patches for the discovered vulnerabilities. With a view to achieving the objectives of this Regulation and avoiding the fragmentation of the internal market, national cybersecurity certification schemes or procedures for the ICT products and services covered by a European cybersecurity certification scheme should cease to produce effects from the date established by the Commission by means of the implementing act. Moreover, Member States should not introduce new national certification schemes providing cybersecurity certification schemes for ICT products and services already covered by an existing European cybersecurity certification scheme.
Amendment 122 #
2017/0225(COD)
Proposal for a regulation
Article 48 a (new)
Article 48 a (new)
Amendment 123 #
2017/0225(COD)
Proposal for a regulation
Recital 58 a (new)
Recital 58 a (new)
(58a) Clear and mandatory baseline IT security requirements should be devised by the Agency, and should be proposed to the Commission as implementing acts if appropriate, for all IT devices sold in or exported from the Union. Those requirements should be developed within two years after the date of entry into force of this Regulation and revised every two years thereafter, in order to ensure constant and dynamic improvements. Those baseline IT security requirements should require, inter alia, that the device does not contain any known security vulnerability that it is capable of accepting trusted security updates, that the vendor notifies competent authorities of known vulnerabilities and repairs or replaces the affected device, or that the vendor informs when security support for such device will end.
Amendment 128 #
2017/0225(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point a
Article 1 – paragraph 1 – point a
(a) lays down the objectives, tasks and organisational aspects of ENISA, the “EU Cybersecurity Agency”, hereinafter ‘Network and Information Security Agency (the “Agency’”); and
Amendment 140 #
2017/0225(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point 11 a (new)
Article 2 – paragraph 1 – point 11 a (new)
Amendment 145 #
2017/0225(COD)
Proposal for a regulation
Title II
Title II
ENISA – the “EU CybersNetwork and Information Security Agency”
Amendment 147 #
2017/0225(COD)
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. The Agency shall undertake the tasks assigned to it by this Regulation for the purpose of contributing toachieving a high level of cybersecurity within the Union.
Amendment 150 #
2017/0225(COD)
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
3. The objectives and the tasks of the Agency shall be without prejudice to the exclusive competences of the Member States regarding cybersecurity, and in any case, without prejudice to activities concerning public security, defence, national security and the activities of the state in areas of criminal lawIT security.
Amendment 152 #
2017/0225(COD)
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The Agency shall promote cooperation and coordination at Union level among Member States, Union institutions, agencies and bodies, and relevant stakeholders, including the private sector, consumer organisations and other civil society organisations, on matters related to cyberIT security.
Amendment 161 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 a (new)
Article 5 – paragraph 1 – point 2 a (new)
Amendment 163 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 b (new)
Article 5 – paragraph 1 – point 2 b (new)
2b. proposing policies with the objective of ensuring that ICT manufacturers act with due diligence regarding the timely fixing of IT security vulnerabilities in their products and services in order to avoid unduly exposing their users to cybercrime;
Amendment 164 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 c (new)
Article 5 – paragraph 1 – point 2 c (new)
2c. proposing policies establishing a strong responsibility and liability framework for all stakeholders taking part in ICT eco- systems;
Amendment 165 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 d (new)
Article 5 – paragraph 1 – point 2 d (new)
2d. proposing policies strengthening regulation regarding the responsibilities of operators of critical network infrastructures in the case of an attack against their information systems affecting their users due to a lack of due diligence by some of the users of by the operator itself, where the operator has failed to take reasonable action to prevent the incident or to mitigate its effects on all users;
Amendment 166 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 e (new)
Article 5 – paragraph 1 – point 2 e (new)
2e. proposing policies to limit the purchase and use of “Zero days” by public authorities with the purpose of attacking information systems; promoting software audits and financing expert staff;
Amendment 167 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 f (new)
Article 5 – paragraph 1 – point 2 f (new)
2f. proposing policies for public authorities, private companies, researchers, universities and other stakeholders to publish all critical security vulnerabilities that are not yet publicly known within the framework of a responsible disclosure;
Amendment 168 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 g (new)
Article 5 – paragraph 1 – point 2 g (new)
2g. proposing policies for the extension of the use of “verifiable open- source code” for IT solutions in the public sector as well as for the related use of automated tools to ease review of source code and to easily verify absence of backdoors and other possible security vulnerabilities;
Amendment 175 #
2017/0225(COD)
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2a. The Agency shall facilitate the establishment and launch of a long-term European IT security project to support the growth of an independent EU IT security industry, and to mainstream IT security into all EU IT developments.
Amendment 178 #
2017/0225(COD)
Proposal for a regulation
Article 7 – paragraph 8 – point c a (new)
Article 7 – paragraph 8 – point c a (new)
(ca) put in place certification schemes deterring the implementation by ICT manufacturers and service providers of secret backdoors intentionally weakening the IT security of commercial products and services and having a detrimental impact on the global security of the internet.
Amendment 189 #
2017/0225(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
Article 8 – paragraph 1 – point c a (new)
(ca) put in place certification schemes deterring the implementation by ICT manufacturers and service providers of secret backdoors intentionally weakening the IT security of commercial products and services and having a detrimental impact on the global security of the internet;
Amendment 194 #
2017/0225(COD)
Proposal for a regulation
Article 9 – paragraph 1 – point e
Article 9 – paragraph 1 – point e
(e) raise awareness of the public about cybersecurity risks, and provide guidance on good practices for individual users aimed at citizens and organisations;
Amendment 196 #
2017/0225(COD)
Proposal for a regulation
Article 9 – paragraph 1 – point g a (new)
Article 9 – paragraph 1 – point g a (new)
(ga) promote the widespread adoption by all actors on the EU Digital Single Market of preventive strong IT security measures and reliable data protection and privacy enhancing technologies as the first line of defence against attacks against information systems.
Amendment 199 #
2017/0225(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point a
Article 10 – paragraph 1 – point a
(a) advise the Union and the Member States on research needs and priorities in the areas of cybersecurity and data protection and privacy, with a view to enabling effective responses to current and emerging risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;
Amendment 202 #
2017/0225(COD)
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. The Management Board shall be composed of one representative of each Member State, three representatives of the Permanent Stakeholder Group, one of which must represent the consumer interest, and two representatives appointed by the Commission. All representatives shall have voting rights.
Amendment 204 #
2017/0225(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point b
Article 1 – paragraph 1 – point b
(b) lays down a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity of ICT products, processes and services in the Union. Such framework shall apply without prejudice to specific provisions regarding voluntary or mandatory certification in other Union acts.
Amendment 207 #
2017/0225(COD)
Proposal for a regulation
Article 18 – paragraph 3
Article 18 – paragraph 3
3. The Executive Board shall be composed of five members appointed, in a gender balanced manner, from among the members of the Management Board amongst whom the Chairperson of the Management Board, who may also chair the Executive Board, and one of the representatives of the Commission. The Executive Director shall take part in the meetings of the Executive Board, but shall not have the right to vote.
Amendment 212 #
2017/0225(COD)
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Procedures for the Permanent Stakeholders’ Group, in particular regarding the number, composition, and the appointment of its members by the Management Board, the proposal by the Executive Director and the operation of the Group, shall be specified in the Agency’s internal rules of operation and shall be made public. The procedures shall follow best practice in ensuring a fair representation and equal rights for all stakeholders and shall enforce a gender balanced approach.
Amendment 213 #
2017/0225(COD)
Proposal for a regulation
Article 20 – paragraph 2 a (new)
Article 20 – paragraph 2 a (new)
2a. The composition of the Permanent Stakeholders’ Group shall include a minimum of five consumer organisations and civil society organisations.
Amendment 219 #
2017/0225(COD)
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. The Agency shall ensure that the public and any interested parties are given appropriate, objective, reliable and easily accessible information, in particular with regard to the debates and the results of its work. It shall also make public the declarations of interest made in accordance with Article 22.
Amendment 220 #
2017/0225(COD)
Proposal for a regulation
Article 34 – paragraph 2
Article 34 – paragraph 2
2. The Management Board shall adopt a decision laying down rules on the secondment to the agency of national experts, amongst others disallowing no- cost practices and promoting fair remuneration.
Amendment 221 #
2017/0225(COD)
Proposal for a regulation
Article 41 – paragraph 2
Article 41 – paragraph 2
2. The Agency’s host Member State shall provide the best possible conditions to ensure the proper functioning of the Agency, including the accessibility of the locationheadquarters and other offices location by international airport, the existence of adequate education facilities for the children of staff members, appropriate access to the labour market, social security and medical care for both children and spouses.
Amendment 226 #
2017/0225(COD)
Proposal for a regulation
Article 43 a (new)
Article 43 a (new)
Amendment 228 #
2017/0225(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘European cybersecurity certificate’ means a document issued by a conformity assessment body attesting that a given ICT product, process or service fulfils the specific requirements laid down in a European cybersecurity certification scheme;
Amendment 231 #
2017/0225(COD)
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Following a request from the Commission, ENISA shall prepare a candidate European cyberIT security certification scheme which meets the requirements set out in Articles 45, 46 and 47 of this Regulation. Member States or, the European Cybersecurity Certification Group (the ‘Group’) established under Article 53 or the Permanent Stakeholders Group established under Article 20 may propose the preparation of a candidate European cybersecurity certification scheme to the Commission.
Amendment 238 #
2017/0225(COD)
Proposal for a regulation
Article 44 – paragraph 2
Article 44 – paragraph 2
2. When preparing candidate schemes referred to in paragraph 1 of this Article, ENISA shall consult all relevant stakeholders and closely cooperate with the Group as well as with the consumer organisations, Article 29 Working Party and the European Data Protection Board. The Group shall provide ENISA with the assistance and expert advice required by ENISA in relation to the preparation of the candidate scheme, including by providing opinions where necessary.
Amendment 241 #
2017/0225(COD)
Proposal for a regulation
Article 3 – paragraph 2 a (new)
Article 3 – paragraph 2 a (new)
2 a. The Agency shall assist Member States and Union institutions in establishing policies and practices for the responsible management and coordinated disclosure of vulnerabilities in ICT products and services that are not publicly known.
Amendment 252 #
2017/0225(COD)
Proposal for a regulation
Article 44 – paragraph 4
Article 44 – paragraph 4
4. The Commission, based on the candidate scheme proposed by ENISA, may adopt implementing acts, in accordance with Article 55(1), providing for European cybersecurity certification schemes for ICT products and services meeting the requirements of Articles 45, 46 and 47 of this Regulation. The Commission may consult the European Data Protection Board and take account of its view before adopting such implementing acts.
Amendment 271 #
2017/0225(COD)
Proposal for a regulation
Article 4 – paragraph 7 a (new)
Article 4 – paragraph 7 a (new)
7 a. The Agency shall assist and advise Member States and Union institutions in establishing policies and practices for the responsible management and coordinated disclosure of vulnerabilities in ICT products and services that are not publicly known, inter alia, by establishing government vulnerability disclosure review processes and coordinated vulnerability disclosure policies.
Amendment 273 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2
Article 5 – paragraph 1 – point 2
2. assisting Member States to implement consistently the Union policy and law regarding cybersecurity notably in relation to Directive (EU) 2016/1148, including by means of opinions, guidelines, advice and best practices on topics such as secure software and systems development, risk management, incident reporting and information sharing, technical and organisational measures, in particular the establishment of coordinated vulnerability disclosure programmes, as well as facilitating the exchange of best practices between competent authorities in this regard;
Amendment 277 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 2 a (new)
Article 5 – paragraph 1 – point 2 a (new)
2 a. proposing a blueprint which establishes the roles, responsibilities and legal obligations of vendors, manufacturers, CERTs and CSIRTs, and which further clarifies the legal rights and protections of information security researchers in the context of a coordinated vulnerability disclosure programme, in particular in cases of multi-party vulnerability disclosures that affect multiple vulnerability finders and vendors in different Member States
Amendment 286 #
2017/0225(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point 4 – point 2 a (new)
Article 5 – paragraph 1 – point 4 – point 2 a (new)
(2 a) the development and promotion of policies that would sustain the general availability or integrity of the public core of the open internet, which provide the essential functionality to the Internet as a whole and which underpin its normal operation, including, but not limited to, the security and stability of key protocols (in particular DNS, BGP, and IPv6), the operation of the Domain Name System (including those of all Top Level Domains), and the operation of the Root Zone
Amendment 288 #
2017/0225(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point a a (new)
Article 6 – paragraph 1 – point a a (new)
(a a) Members States and Union institutions in establishing and implementing coordinated vulnerability disclosure policies and government vulnerability disclosure review processes, whose practices and determinations should be transparent and subject to independent oversight.
Amendment 306 #
2017/0225(COD)
Proposal for a regulation
Article 7 – paragraph 7 a (new)
Article 7 – paragraph 7 a (new)
7 a. The Agency shall prepare, together with the EEAS, a regular global Cybersecurity Situational Report on incidents and threats towards individuals, including towards vulnerable users outside the EU such as lawyers, journalists, or human rights defenders, in order to help the Union institutions respond to external needs and uphold its human rights responsibilities abroad
Amendment 311 #
2017/0225(COD)
Proposal for a regulation
Article 7 – paragraph 8 – point e a (new)
Article 7 – paragraph 8 – point e a (new)
(e a) assisting and advising Member States on establishing and implementing coordinated vulnerability disclosure policies and government vulnerability disclosure review processes.
Amendment 344 #
2017/0225(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
Article 8 – paragraph 1 – point c a (new)
(c a) support and promote the development and implementation of coordinated vulnerability disclosure policies and government vulnerability disclosure review processes
Amendment 390 #
2017/0225(COD)
Proposal for a regulation
Article 48 a (new)
Article 48 a (new)
Amendment 511 #
2017/0225(COD)
Proposal for a regulation
Article 46 – paragraph 2 a (new)
Article 46 – paragraph 2 a (new)
2a. The methodology to distinguish between the different assurance levels should be guided by a test which assesses the resistance of the security functionalities against attackers that have significant to unlimited resources.
Amendment 534 #
2017/0225(COD)
Proposal for a regulation
Article 47 – paragraph 1 – point j
Article 47 – paragraph 1 – point j
(j) rules concerning how previously undetected cybersecurity vulnerabilities in ICT products and services are to be reported and dealt with; requiring vulnerabilities in ICT products and services that are not publicly known to be reported expeditiously by the appropriate authorities to relevant vendors and manufacturers using a coordinated vulnerability disclosure process.
Amendment 540 #
2017/0225(COD)
Proposal for a regulation
Article 47 – paragraph 1 – point m a (new)
Article 47 – paragraph 1 – point m a (new)
(ma) rules concerning how and when Member States must inform each other when they acquire knowledge of a vulnerability that is not publicly known in an ICT product or service that is certified under this certification scheme.
Amendment 56 #
2017/0145(COD)
Proposal for a regulation
Recital 5 – point 1
Recital 5 – point 1
Since taking up its responsibilities on 1 December 2012, the Agency took over the tasks conferred on the Management Authority in relation to VIS by Regulation (EC) No 767/2008 and Council Decision 2008/633/JHA55 . It took over the tasks conferred to the Management Authority in relation to SIS II by Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA in April 2013 following the system's go-live and it took up the tasks conferred on the Commission in relation to Eurodac in accordance with Regulations (EC) No 2725/2000 and (EC) 407/2002 in June 2013. The first evaluation of the Agency's work based on an independent external evaluation and carried out in 2015-2016, concluded that eu-LISA effectively ensures the operational management of the large-scale IT systems and other tasks entrusted to it but also that a number of changes to the establishing Regulation are necessary such as the transfer to the Agency of the communication infrastructure tasks retained by the Commission. Building on the external evaluation, the Commission took into account policy, legal and factual developments and proposed in particular in its Report on the functioning of the European Agency on the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA)56 that the mandate of the Agency should be extended to carry out the tasks derived from the adoption by the co- legislators of proposals entrusting new systems to the Agency, the tasks referred to in the Commission's Communication on Stronger and Smarter Information Systems for Borders and Security of 6 April 2016, the High Level Expert Group's final report of 11 May 2017 and in the Commission's Seventh progress report towards an effective and genuine Security Union of 16 May 2017, subject where required to the adoption of the relevant legislative instruments. In particular, the Agency should be tasked with the development of a European Search Portal, a shared biometric matching service and a Common Identity Repository, subject to the adoption of the relevant legislative instrument on interoperability. Where relevant, any actions carried out on interoperability should have to be guided by the Commission Communication on the European Interoperability Framework – Implementation Strategy.57. _________________ 55 Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218, 13.8.2008, p. 129). 56 57 COM(2017) 1346, 23.39.6.2017. Annex 2 of this Communication provides the general guidelines, recommendations and best practices for achieving interoperability or at least for creating the environment to achieve better interoperability when designing, implementing and managing European public servicesCOM(2017) 346, 29.6.2017.
Amendment 85 #
2017/0145(COD)
Proposal for a regulation
Article 1 – paragraph 6 – indent 2
Article 1 – paragraph 6 – indent 2
Amendment 100 #
2017/0145(COD)
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
The Agency, together with the Commission, shall work towards establishing for all systems under the Agency's operational responsibility, automated data quality control mechanisms and common data quality indicators and towards developing a central repository for reporting and statistics, subject to specific legislative amendments to the existing systems' instruments and/or to specific provisions in new instruments.
Amendment 103 #
2017/0145(COD)
Proposal for a regulation
Article 9
Article 9
Amendment 107 #
2017/0145(COD)
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. The Agency shall on a regular basis keep the European Parliament, the Council, the Commission, and, where data protection issues areprocessing of personal data is concerned, the European Data Protection Supervisor informed on the developments referred to in paragraph 1.
Amendment 109 #
2017/0145(COD)
Proposal for a regulation
Article 11 – paragraph 1 – subparagraph 2
Article 11 – paragraph 1 – subparagraph 2
The Agency shall on a regular basis keep the European Parliament, the Council and, where data protection issues areprocessing of personal data is concerned, the European Data Protection Supervisor, informed of the evolution of the pilot projects referred to in the first subparagraph.
Amendment 118 #
2017/0145(COD)
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
Amendment 136 #
2017/0145(COD)
Proposal for a regulation
Article 15 – paragraph 1 – point n n
Article 15 – paragraph 1 – point n n
(nn) ensure annual publication and regular updates, on the Agency’s website, of the list of competent authorities authorised to search directly the data contained in SIS II pursuant to Article 31(8) of Regulation (EC) No 1987/2006 and Article 46(8) of Decision 2007/533/JHA, together with the list of Offices of the national systems of SIS II (N.SIS II) and SIRENE Bureaux as referred to in Article 7(3) of Regulation (EC) No 1987/2006 and Article 7(3) of Decision 2007/533/JHA respectively [or by Article 36(8) of Regulation XX of XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1987/2006 and by Article 53(8) of Regulation XX of XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation in criminal matters, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1986/2006, Council Decision 2007/533/JHA and Commission Decision 2010/261/EU together with the list of Offices of the national systems of SIS II (N.SIS II) and SIRENE Bureaux as referred to in Article 7(3) of Regulation XX of XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks and Article 7(3) of Regulation XX of XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation in criminal matters respectively; [as well as the list of competent authorities pursuant to Article 8(2) of Regulation (EU) XX/XXXX establishing the EES]; [the list of competent authorities pursuant to Article 11 of Regulation (EU) XX/XXXX establishing the ETIAS] and [the list of competent authorities pursuant to Article 32 of Regulation XX/XXX establishing ECRIS-TCN};]
Amendment 144 #
2017/0145(COD)
Proposal for a regulation
Article 21 – paragraph 3 – point h
Article 21 – paragraph 3 – point h
(h) protecting the financial interests of the Union by applying preventing measures against fraud, corruption and any other illegal activities, without prejudicing the investigative competence of OLAF and the European Public Prosecutor’s Office, by effective checks and, if irregularities are detected, by recovering amounts wrongly paid and, where appropriate, by imposing effective, proportionate and dissuasive administrative including financial penalties;
Amendment 163 #
2017/0145(COD)
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. Without prejudice to the provisions on data protection laid down in the legislative instruments governing the development, establishment, operation and use of large-scale IT systems, tThe processing of personal data by the Agency shall be subject to Regulation (EC) No 45/2001 [Regulation (EU) XX/2018 on protection of personal data for Union institutions and bodies].
Amendment 169 #
2017/0145(COD)
Proposal for a regulation
Article 37 – paragraph 3
Article 37 – paragraph 3
3. The Agency shall consult and follow the recommendations of the European Network and Information Security Agency regarding network security, where appropriateand information security.
Amendment 175 #
2017/0145(COD)
The Agency shall adopt internal rules requiring the members of its bodies and its staff members to avoid any situation liable to give rise to a conflict of interest during and after their employment or term of office and to report such situations.
Amendment 72 #
2017/0144(COD)
Proposal for a regulation
Recital 11
Recital 11
(11) The ECRIS-TCN system should contain only the identity information of third country nationals convicted by a criminal court within the Union. Such identity information should include alphanumeric data, and fingerprint data in accordance with Framework Decision 2009/315/JHA, and facial images in as far as they are recorded in the national criminal records databases of the Member States.
Amendment 75 #
2017/0144(COD)
Proposal for a regulation
Recital 13
Recital 13
Amendment 80 #
2017/0144(COD)
Proposal for a regulation
Recital 14
Recital 14
Amendment 90 #
2017/0144(COD)
Proposal for a regulation
Recital 18
Recital 18
(18) Member States should be obliged to make use of the ECRIS-TCN system in all cases where they receive a request for information on previous convictions of third country nationals in accordance with national law, and follow up on any hits with the Member States identified through the ECRIS system. This obligation should not be limited only to requests in connection with criminal investigations, but a clear list of other possible purposes should be set out in this Regulation.
Amendment 93 #
2017/0144(COD)
Proposal for a regulation
Recital 19
Recital 19
(19) A hit indicated by the ECRIS-TCN system should not automatically mean that the third country national concerned was convicted in the indicated Member State(s), nor that the indicated Member State(s) hold criminal record information on that third country national. The existence of previous convictions should only be confirmed based on information received from the criminal records of the Member States concerned.
Amendment 98 #
2017/0144(COD)
Proposal for a regulation
Recital 21
Recital 21
(21) The European Union Agency for Law Enforcement Cooperation (Europol) established by Regulation (EU) 2016/794 of the European Parliament and of the Council23 , Eurojust established by Council Decision 2002/187/JHA24 [and the European Public Prosecutor's Office established by Regulation (EU) …/…25 ] should have access to the ECRIS-TCN system for identifying the Member State(s) holding criminal record information on a third county national in order to support their statutory tasks. for the prevention, detection, investigation and prosecution of criminal offences. _________________ 23 Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53). 24 Council Decision 2002/187/JHA of 28 February 2002 setting up Eurojust with a view to reinforcing the fight against serious crime (OJ L 063, 6.3.2002, p.1). 25 Regulation (EU) .../... (OJ L ...).
Amendment 100 #
2017/0144(COD)
Proposal for a regulation
Recital 22
Recital 22
(22) This Regulation establishes strict access rules to the ECRIS-TCN system and the necessary safeguards, including the responsibility of the Member States in collecting and using the data. It also sets out thehow individuals' may exercise their rights to compensation, access, correction, deletion and redress, in particular the right to an effective remedy and the supervision of processing operations by public independent authorities. It therefore respects the fundamental rights and freedoms and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, including the right to protection of personal data, the principle of equality before the law and the general prohibition of discrimination, taking also into account the European Convention for the Protection of Human Rights and Fundamental Freedoms, the International Covenant on Civil and Political Rights, and other human rights obligations under international law.
Amendment 102 #
2017/0144(COD)
Proposal for a regulation
Recital 23
Recital 23
(23) Directive (EU) 2016/680 of the European Parliament and of the Council26 should apply to the processing of personal data by competent national authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Regulation (EU) 2016/679 of the European Parliament and of the Council27 should apply to the processing of personal data by national authorities provided that national provisions transposing Directive (EU) 2016/680 do not apply. Coordinated supervision should be ensured in accordance with Article 62 of [the new data protection regulation for Union institutions and bodies]. [The new data protection regulation for Union institutions and bodies] should apply to the processing of personal data by eu- LISA. _________________ 26 Directive (EU 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89) 27 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
Amendment 108 #
2017/0144(COD)
Proposal for a regulation
Recital 24 a (new)
Recital 24 a (new)
(24a) eu-LISA should provide regular statistics on the recording, storage and exchange of information extracted from criminal records through the ECRIS-TCN system, including through the use of statistics provided by Member States on the number of convicted third country nationals. However, these statistics should take into account the statistical bias stemming from the use of unrepresentative samples of the population, in this case third country nationals, and not draw any conclusions in comparative analyses.
Amendment 115 #
2017/0144(COD)
Proposal for a regulation
Recital 30
Recital 30
Amendment 125 #
2017/0144(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point g
Article 3 – paragraph 1 – point g
(g) 'third country national' means a national of a country other than a Member State regardless of whether the person also holds the nationality of a Member State, or a stateless person or a person whose nationality is unknown to the convicting Member State;
Amendment 129 #
2017/0144(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point l
Article 3 – paragraph 1 – point l
(l) 'fingerprint data' means the data relating to plain and rolled impressions of the fingerprints of all ten fingeralready collected by Member States' authorities;
Amendment 132 #
2017/0144(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point m
Article 3 – paragraph 1 – point m
Amendment 141 #
2017/0144(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point a
Article 5 – paragraph 1 – point a
(a) surname (family name); first name(s) (given names); date of birth; place of birth (town and country); nationality or nationalities; gender; parents' names; where applicable previous names, pseudonym(s) and/or alias name(s); the code of the convicting Member State;
Amendment 144 #
2017/0144(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point b
Article 5 – paragraph 1 – point b
(b) fingerprint data, only when the national law of a Member State where a conviction is handed down allows for collection and storage of fingerprints of a convicted person, and in accordance with Framework Decision 2009/315/JHA31 and with the specifications for the resolution and use of fingerprints referred to in point (b) of Article 10(1); the reference number of the fingerprint data of the convicted person including the code of the convicting Member State. _________________ 31 As amended by Directive of the European Parliament and the Council amending Council Framework Decision 2009/315/JHA, as regards the exchange of information on third country nationals and as regards the European Criminal Records Information System (ECRIS), and replacing Council Decision 2009/316/JHA (….).
Amendment 147 #
2017/0144(COD)
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
Amendment 158 #
2017/0144(COD)
Proposal for a regulation
Article 6
Article 6
Amendment 167 #
2017/0144(COD)
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. When criminal records information on a third country national is requested in a Member State for the purposes of criminal proceedings against that third country national or for any purposes other than that of criminal proceedings in accordance with its national law, the central authority of that Member State shall use the ECRIS-TCN system to identify the Member State(s) holding criminal record information on that third county national in order to obtain information on previous convictions through ECRIS.
Amendment 169 #
2017/0144(COD)
Proposal for a regulation
Article 7 – paragraph 1 a (new)
Article 7 – paragraph 1 a (new)
1a. Member States authorities shall have access to the ECRIS-TCN system also for the following purposes, where provided for in their national law: (a) the prevention, detection, investigation of criminal offences; (b) security clearances; (c) employment in professions with sensitive tasks; (d) requests for information of the concerned person on his or her own criminal record; (e) licences for firearms or other hazardous materials; (f) the issuing of residence permits; (g) visa procedures; (h) naturalisation procedures; (i) adoption of children; (j) choice of foster care parents. Member States shall use the ECRIS-TCN system through their central authority to identify the Member State(s) holding criminal record information on that third county national in order to obtain information on previous convictions through ECRIS.
Amendment 175 #
2017/0144(COD)
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
Amendment 179 #
2017/0144(COD)
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. Upon expiry of the retention period referred to in paragraph 1, the central authority of the convicting Member State shall erase the individual data record without dimmediatelay from the Central System, and in any event no later than one month after the expiry of that retention period.
Amendment 194 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – introductory part
Article 10 – paragraph 1 – introductory part
1. The Commission shall adopt, before [two years after the entry into force of this Regulation], the acts necessary for the development and technical implementation of the ECRIS- TCN system, and in particular rules on:
Amendment 196 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point d
Article 10 – paragraph 1 – point d
Amendment 203 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point f
Article 10 – paragraph 1 – point f
Amendment 205 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point g
Article 10 – paragraph 1 – point g
Amendment 207 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point h
Article 10 – paragraph 1 – point h
Amendment 209 #
2017/0144(COD)
Amendment 210 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point j
Article 10 – paragraph 1 – point j
Amendment 211 #
2017/0144(COD)
Proposal for a regulation
Article 10 – paragraph 1 – point k
Article 10 – paragraph 1 – point k
Amendment 213 #
2017/0144(COD)
Proposal for a regulation
Article 10 a (new)
Article 10 a (new)
Article 10a Adoption of delegated acts by the Commission The Commission shall adopt the delegated acts in accordance with Article 35a concerning the development and technical implementation of the ECRIS- TCN system, and in particular rules on: (a) entering the data in accordance with Article 5; (b) accessing the data in accordance with Article 7; (c) amending and deleting the data in accordance with Articles 8 and 9; (d) keeping and accessing the logs in accordance with Article 29; (e) providing statistics in accordance with Article 30; (f) performance and availability requirements of the ECRIS-TCN system.
Amendment 221 #
2017/0144(COD)
Proposal for a regulation
Article 11 – paragraph 4
Article 11 – paragraph 4
4. eu-LISA shall develop and implement the ECRIS-TCN system before [two years after the entry into force of this Regulation] and following the adoption by the Commission of the measures provided for in Article 10.
Amendment 239 #
2017/0144(COD)
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Each Member State shall give the staff of its authorities which have a right to access the ECRIS-TCN system appropriate training, in particular on data security and data protection rules and on relevant fundamental rights, before authorising them to process data stored in the Central System.
Amendment 241 #
2017/0144(COD)
Proposal for a regulation
Article 13 – paragraph 1 – point b
Article 13 – paragraph 1 – point b
(b) the data are collected lawfully and fully respect the human dignity and fundamental rights of the third country national;
Amendment 244 #
2017/0144(COD)
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Third countries and international organisations may address their requests for information on previous convictions of third country nationals to Eurojust for the same purposes as for which Member States' authorities have access to ECRIS- TCN system pursuant to points 1 and 1a of Article 7.
Amendment 245 #
2017/0144(COD)
Proposal for a regulation
Article 14 – paragraph 2
Article 14 – paragraph 2
2. When Eurojust receives a request as referred to in paragraph 1, it shall use the ECRIS-TCN system to determine which Member State(s) hold information on the third country national concerned, and shall, in cases where Member State(s) are identified, transmit the request immediately to the central authorities of those Member State(s). The Member States concerned shall be responsible for further dealing with such requests in accordance with their national law. Eurojust shall send an acknowledgement of receipt to the third country or international organisation requesting the information as referred to in paragraph 1.
Amendment 249 #
2017/0144(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. Eurojust shall have direct access to the ECRIS-TCN system for the purpose of the implementation of Article 14, as well as for the purpose of the prevention, detection, investigation and prosecution of criminal offences when fulfilling its statutory tasks.
Amendment 251 #
2017/0144(COD)
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. Europol [and the European Public Prosecutor's Office] shall have direct access to the ECRIS-TCN system for the purpose of the prevention, detection, investigation and prosecution of criminal offences when fulfilling their statutory tasks.
Amendment 254 #
2017/0144(COD)
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. Following a hit indicating the Member State(s) holding criminal records information on a third country national, Eurojust, Europol[, and the European Public Prosecutor's Office] may use their contacts with the national authorities of those Member States established in accordance with their respective constituting legal instruments to request the conviction information. The European Public Prosecutor's Office shall not be refused access to such conviction information on the mere ground that the refusing Member State is not part of the enhanced cooperation procedure establishing the European Public Prosecutor's Office.
Amendment 260 #
2017/0144(COD)
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The bodies referred to in paragraph 1 shall give their staff who have a right to access the ECRIS-TCN system appropriate training, in particular on data security and data protection rules and on relevant fundamental rights, before authorising them to process data stored in the Central System.
Amendment 273 #
2017/0144(COD)
Proposal for a regulation
Article 21 – paragraph 2
Article 21 – paragraph 2
2. eu-LISA shall be considered as data processor in accordance with Regulation (EC) No 45/2001/EU [or its successor] as regards the personal data entered into the Central System by the Member States.
Amendment 276 #
2017/0144(COD)
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. If a request is made to a Member State other than the convicting Member State, the authorities of the Member State to which the request has been made shall check the accuracy of the data and the lawfulness of the data processing in the ECRIS-TCN system within a time limit of one month if that check can be done without consulting the convicting Member State. Otherwise, the Member State other than the convicting Member State shall contact the authorities of the convicting Member State within 14ontact the authorities of the convicting Member State within seven days and the convicting Member State shall check the accuracy of the data and the lawfulness of the data processing within one month14 days from the contact.
Amendment 280 #
2017/0144(COD)
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
3. In the event that data recorded in the ECRIS-TCN system are factually inaccurate or have been recorded unlawfully, the convicting Member State shall correct or delete the data in accordance with Article 9. The convicting Member State or, where applicable, the Member State to which the request has been made shall confirm in writing to the person concerned without delay that action has been taken to correct or delete data relating to that person. If the request was made to a Member State other than the convicting Member State, that written confirmation shall specify the reasons for which the request was handled by the convicting Member State.
Amendment 283 #
2017/0144(COD)
Proposal for a regulation
Article 23 – paragraph 4
Article 23 – paragraph 4
4. If the convicting Member State to which the request has been made does not agree that data recorded in the ECRIS-TCN system are factually inaccurate or have been recorded unlawfully, that Member State shall adopt an administrative decision explaining in writing to the person concerned without delay why it is not prepared to correct or delete data relating to him.
Amendment 284 #
2017/0144(COD)
Proposal for a regulation
Article 23 – paragraph 7
Article 23 – paragraph 7
7. Whenever a person requests data relating to him- or herself in accordance with paragraph 2, the central authority shall keep a record in the form of a written document that such a request was made and how it was addressed and by which authority and shall make that document available to the supervisory authorities without delay. That record shall be deleted after three years.
Amendment 286 #
2017/0144(COD)
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. In accordance with Chapter VIII of Directive (EU) 2016/680, in each Member State any person shall have the right to bring an action orbefore a court and the right to bring a complaint in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, provided for in Article 23.
Amendment 290 #
2017/0144(COD)
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. The supervisory authority shall ensure that an audit of the data processing operations in the national criminal records and fingerprints databases is carried out in accordance with relevant international auditing standards at least every fourthree years from the start of operations of the ECRIS- TCN system.
Amendment 293 #
2017/0144(COD)
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
Amendment 296 #
2017/0144(COD)
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with relevant international auditing standards at least every fourthree years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission, the supervisory authorities and the national supervisory authorities. eu-LISA shall be given an opportunity to make comments before the report is adopted.
Amendment 297 #
2017/0144(COD)
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
Coordinated supervision shouldall be ensured in accordance with Article 62 of [new data protection Regulation for Union institutions and bodies].
Amendment 298 #
2017/0144(COD)
Proposal for a regulation
Article 29 – paragraph 4
Article 29 – paragraph 4
4. Logs and documentation shall be used only for monitoring the lawfulness of data processing and for ensuring data integrity and security. Only logs containing non-personal data may be used for the monitoring and evaluation referred to in Article 34. Those logs shall be protected by appropriate measures against unauthorised access and deleted after onthree years, if they are no longer required for monitoring procedures which have already begun.
Amendment 300 #
2017/0144(COD)
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
1. The duly authorised staff of eu- LISA, and the competent authorities, and the Commission shall have access to the data processed within the ECRIS-TCN system solely for the purposes of reporting and providing statistics without allowing for individual identification.
Amendment 301 #
2017/0144(COD)
Proposal for a regulation
Article 30 – paragraph 2
Article 30 – paragraph 2
Amendment 302 #
2017/0144(COD)
Proposal for a regulation
Article 30 – paragraph 3
Article 30 – paragraph 3
Amendment 308 #
2017/0144(COD)
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
The Member States shall notify eu-LISA of their central authorities which have access to enter, amend, delete consult or search data. eu-LISA shall regularly publish a list of these central authorities on its website.
Amendment 312 #
2017/0144(COD)
5. Three year18 months after the start of operations of the ECRIS-TCN system and every four years thereafter, the Commission shall produce an overall evaluation of the ECRIS-TCN system and the ECRIS reference implementation. That overall evaluation shall include an assessment of the application of the Regulation, an examination of results achieved against objectives and the impact on fundamental rights, and an assessment of the continuing validity of the underlying rationale, the application of the Regulation, the security of the system and any implications on future operations, and shall make any necessary recommendations. The evaluation shall cover in particular the level of exchange between Member States, including that of third country nationals; the purpose of requests and their respective number; and issues relating to protection of personal data and an assessment of the impact of this Regulation on fundamental rights. The Commission shall transmit the evaluation report to the European Parliament and the Council.
Amendment 317 #
2017/0144(COD)
Proposal for a regulation
Article 35 a (new)
Article 35 a (new)
Amendment 30 #
2017/0063(COD)
Proposal for a directive
Recital 15
Recital 15
(15) To ensure the independence of NCAs, their staff and members of the decision-making body should act with integrity and refrain from any action which is incompatible with the performance of their duties. The need to prevent the independent assessment of staff or members of the decision-making body being jeopardised entails that during their employment and term of office and for a reasonable period thereafter, they should refrain from any incompatible occuoccupation which could give rise to a conflict of interests or be otherwise incompationble, whether gainful or not. Furthermore, this also entails that during their employment and their term of office, they should not have an interest in any businesses or organisations which have dealings with a NCA to the extent that this has the potential to compromise their independence. The staff and the members of the decision-making body should declare any interest or asset which might create a conflict of interests in the performance of their duties. They should be required to inform the decision-making body, the other members thereof or, in the case of NCAs in which the decision- making power rests with only one person, their appointing authority, if, in the performance of their duties, they are called upon to decide on a matter in which they have an interest which might impair their impartiality.
Amendment 39 #
2017/0063(COD)
Proposal for a directive
Recital 39
Recital 39
(39) Applicants which have applied for leniency to the European Commission in relation to an alleged secret cartel should be able to file summary applications in relation to the same cartel to the NCAs that they deem appropriate. Applicants should be able to benefit from leniency at EU and national level in relation to the same cartel. However, to maintain the effectiveness of leniency programmes it should not be possible for multiple undertakings from the same cartel to benefit from immunity across EU and national level leniency programmes. NCAs should accept summary applications that contain a minimum set of information in relation to the alleged cartel and not request additional information beyond this minimum set before they intend to act on the case. However, the onus is on applicants to inform the NCAs to which they have submitted summary applications if the scope of their leniency application with the Commission changes. NCAs should provide applicants with an acknowledgement stating the date and time of receipt, and inform the applicant whether they have already received a previous summary or leniency application in relation to the same cartel. Once the Commission has decided not to act on the case in whole or partially, applicants should have the opportunity to submit full leniency applications to the NCAs to which they have submitted summary applications.
Amendment 45 #
2017/0063(COD)
Proposal for a directive
Article 4 – paragraph 2 – point c a (new)
Article 4 – paragraph 2 – point c a (new)
(ca) The staff and the members of the decision-making body of national administrative competition authorities are prevented, for a reasonable period after leaving office, from accepting employment, gainful or otherwise, that could give rise to conflicts of interest. The duration of this period shall take into account the specificities of the position and shall be proportionate to the threat posed by the potential conflicts of interest;
Amendment 54 #
2017/0063(COD)
Proposal for a directive
Article 16 – paragraph 3
Article 16 – paragraph 3
3. Member States shall ensure that all undertakings are eligible for immunity from fines, with the exception of: (a) undertakings that have taken steps to coerce other undertakings to participate in a secret cartel; (b) undertakings whose participation in a secret cartel has been alleged to the Commission by another participant in the cartel.
Amendment 55 #
2017/0063(COD)
Proposal for a directive
Article 16 – paragraph 3 a (new)
Article 16 – paragraph 3 a (new)
3a. Undertakings granted leniency under a national authority's leniency programme shall remain eligible for leniency under the Commission's leniency programme for proceedings concerning participation in the same secret cartel.
Amendment 44 #
2017/0003(COD)
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communicationg parties. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e- mail, internet phone calls and inter- personal messaging provided through social media. It should also apply when the confidentiality of electronic communications and the privacy of the physical environment converge, i.e. where terminal devices for electronic communication can also listen into their physical environment or use other input channels such as Bluetooth signalling or movement sensors.
Amendment 49 #
2017/0003(COD)
Proposal for a regulation
Recital 2
Recital 2
(2) The content of eElectronic communications data may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. Similarly, mMetadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc. The protection of confidentiality of communications is an essential condition for the respect of other connected fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, freedom of assembly, freedom of expression and information.
Amendment 53 #
2017/0003(COD)
Proposal for a regulation
Recital 3
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that certain provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21 , also apply to end-users who are legal persons. This includes the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulation should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 54 #
2017/0003(COD)
Proposal for a regulation
Recital 4
Recital 4
(4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may includeare generally personal data as defined in Regulation (EU) 2016/679, at least where the users or end-users are natural persons.
Amendment 56 #
2017/0003(COD)
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providersOn the contrary, it aims to provide additional, and complementary, safeguards taking into account the need for additional protection as regards the confidentiality of communications. Processing of electronic communications servicesdata should only be permitted in accordance with, and on a legal basis specifically provided by, this Regulation.
Amendment 60 #
2017/0003(COD)
Proposal for a regulation
Recital 6
Recital 6
(6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an inconsistent or insufficient effective protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concerns new techniques that allow for tracking of online behaviour of end-users, which are not covered by Directive 2002/58/EC. Directive 2002/58/EC should therefore be repealed and replaced by this Regulation. _________________ 22 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p.37).
Amendment 61 #
2017/0003(COD)
Proposal for a regulation
Recital 7
Recital 7
Amendment 66 #
2017/0003(COD)
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to hardware and software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to, processed by or stored in end- users’ terminal equipment.
Amendment 69 #
2017/0003(COD)
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union. This should be the case irrespective of whether the electronic communications are connected to a payment or not.
Amendment 71 #
2017/0003(COD)
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order toThis Regulation aims at ensureing an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]so as to ensure the confidentiality of their communication, irrespective of the technological medium chosen. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)), such as internal messaging, newsfeeds, timelines and similar functions in online services where messages are exchanged with other users within or outside that service; therefore, such type of services also having a communication functionality should be covered by this Regulation.
Amendment 76 #
2017/0003(COD)
Proposal for a regulation
Recital 12
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to-machine communications. In the context of automated supply-chains and elsewhere in the manufacturing or industrial context, the communication by the machines involved may not be inter- personal and may not involve natural persons. However, its confidentiality still needs protection in order to protect internal business information. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to- machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU.
Amendment 78 #
2017/0003(COD)
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as 'hotspowireless internet access points' situated at different places within a city, department stores, shopping malls and hospital, hospitals, airports, hotels and restaurants. Those access points might require a login or provide a password and might be provided also by public administrations, including Union bodies and agencies. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. This regulation should also apply to closed social media profiles and groups that the users have defined as private. In contrast, this Regulation should not apply to closed groups of end-users such as corporate networks, access to which access is limited to members of the corporganisation.
Amendment 83 #
2017/0003(COD)
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include location data, such as for example, the location of the terminal equipment from or to which a phone call or an internet connection has been made or the wireless access points that a device is connected to. It should also include data necessary to identify users' terminal equipment and data emitted by terminal equipment when searching for access points or other equipment. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet- switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content. The exclusion of services providing "content transmitted using electronic communications networks" from the definition of "electronic communications service" in Article 4 of this Regulation does not mean that service providers who offer both electronic communications services and content services are outside the scope of the provisions of the Regulation which applies to the providers of electronic communications services.
Amendment 85 #
2017/0003(COD)
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
Amendment 86 #
2017/0003(COD)
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any processing of electronic communications data or any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addresseeWhen the processing is allowed under this Regulation, any other processing on the basis of Article 6 of Regulation (EU) 2016/679 should be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of that Regulation. This should not prevent requesting additional consent for new processing operations. The prohibition of processing of communications data should apply during their conveyance and when they are stored afterwards, in order to reflect the growing trend that end-users do not store all communications data on their own terminal equipment, but use cloud- based storage space of the communications provider or other parties. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when othirder parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, and analysis of customers' traffic data, including browsing habits, without the end-users' consent.
Amendment 89 #
2017/0003(COD)
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such asrelated to the presence of malwarepective service, or the processing of metadata of the respective service to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 96 #
2017/0003(COD)
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end-users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end- users' consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colours to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier ismay be necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural personss foreseen, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 100 #
2017/0003(COD)
Proposal for a regulation
Recital 17 a (new)
Recital 17 a (new)
(17a) This Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata based on users' informed consent. However, users attach great importance to the confidentiality of their communications, including their online activities, and they want to control the use of their electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain users' consent to process electronic communications data. For the purposes of this Regulation, the consent of a user should have the same meaning and be subject to the same conditions as the consent of the data subject under Regulation (EU) 2016/679.
Amendment 101 #
2017/0003(COD)
Proposal for a regulation
Recital 18
Recital 18
(18) End-users may consent to the processing of their metaelectronic communications data to receive specific services requested by them, such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against counter-performance other than money, for instance by end- users being exposed to advertisements. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject's consent under Regulation (EU) 2016/679. Basic broadband internet access and voice communications services amalware, unsolicited communication, or fraudulent activities. Consent for processing electronic communications data will not be valid if the data subject has no genuine and free choice, or is unable to refuse or withdraw consent without detriment. As provided by Article 7 of Regulation (EU) 2016/679, consent is not freely given if it is required to be considered as essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse or withdraw consent without detrimaccess any service or obtained through insistent and repetitive requests. In order to prevent such abusive requests, end-users should be able to order service providers to remember their choice not to consent.
Amendment 105 #
2017/0003(COD)
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with theprocessing of content data of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility ofor providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content ofelectronic communications data, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisoarry aouthority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end- user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service an impact assessment as provided for in Regulation (EU) 2016/679 and if necessary under that Regulation, consult the supervisory authority prior to the processing. After electronic communications content has been sent by the end-user and received by the intended end-user or end- users, it may be recorded or stored by the end-user, end- users or by a thirdnother party entrusted by them to record or store such data. Any processing of such data, which could be the electronic communications provider. Any processing of such stored communications data where the data is stored on behalf of the end-user must comply with this Regulation. The end- user may further process the data, and if it contains personal data, must comply with Regulation (EU) 2016/679.
Amendment 107 #
2017/0003(COD)
Proposal for a regulation
Recital 19 a (new)
Recital 19 a (new)
(19a) It should be possible to process electronic communications data for the purposes of providing services specifically requested by a user for personal or personal work-related purposes such as search or keyword indexing functionality, text-to-speech engines and translation services, including picture-to-voice or other automated content processing used as accessibility tools by persons with disabilities. This should be possible without the consent of all users who are part of the communication, but may take place with the consent of the user requesting the service. Such specific consent also precludes the provider from processing those data for different purposes.
Amendment 108 #
2017/0003(COD)
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes informationvery sensitive data that may reveal details of an individual's emotional, political,the behaviour, psychological features, emotional condition and political convictions, religious beliefs and social complexities of an individual, including the content of communications, pictures, the location of individuals by accessing the device’'s GPS capabilities, contact lists, and other information already stored in the device, the information processed by or related to such equipment requires enhanced privacy protection. Information related to the user's device may also be collected remotely for the purpose of identification and tracking, using techniques such as so-called 'device fingerprinting', often without the knowledge of the user, and may seriously intrude upon the privacy of these users. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user's terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-user, to process data and use input and putput functionalities such as sensors, and to trace the activities. Techniques that surreptitiously monitor the actions of end- users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’' terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user's terminal equipment should be allowed only with the end-user's consent and for specific and transparent purposes.
Amendment 113 #
2017/0003(COD)
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the input, output, processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-user. This may include the storing of cookiesinformation (such as cookies and identifiers) for the duration of a single established session on a website to keep track of the end-user’'s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society service providers that engage in configuration checking to provide the service in compliance with the end-user's settings and the mere logging of the fact that the end-user’'s device is unable to receive content requested by the end-user should not constitute access to such a device or use of the device processing capabilitieillegitimate access.
Amendment 120 #
2017/0003(COD)
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. This Regulation should prevent the use of so-called "cookie walls" and "cookie banners" that do not help users to maintain control over their personal information and privacy or become informed about their rights. The use of technical means to provide consent, for example, through transparent and user- friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other applicationand to object by technical specifications using automated means, such as the appropriate settings of a hardware of software permitting the retrieval and presentation of information on the internet. Those settings should include choices concerning the use of processing and storage capabilities of the user's terminal equipment as well as a signal sent by the hardware or software indicating the user's preferences to other parties. The choices made by end- users when establishing its general privacy settings of a browser or other applicationhardware of software should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-More particularly web browsers, applications or mobile operating systems may be userd and the website. From this perspective, they are in a privileged position to play an active role tos a user's personal privacy assistant communicating the user's choices, thus help theing end-users to control the flow of information to and fromprevent information related to or processed by their terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored (for example smart phone, tablet or computer) from being accessed, processed or stored. They should therefore not abuse their position as gate-keepers and still allow for possibilities for the user to individually give consent with regard to a certain specific service or service provider.
Amendment 131 #
2017/0003(COD)
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘'accept all cookies’'. Therefore providers of hardware or software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties fromand activates as default the option to prevent the cross-domain tracking and storing information on the terminal equipment by other parties; this is often presented as ‘'reject third party trackers and cookies’'. End-uUsers should be offered a set of privacy setting options, ranging from higher (for example, ‘'never accept trackers and cookies’') to lower (for example, ‘'always accept trackers and cookies’') and intermediate (for example, ‘'reject third party cookiall trackers and cookies that are not strictly necessary to provide a service explicitly requested by the user' or 'reject all cross- domain tracking'). Thes’e or ‘only accept first party cookies’). Such privacy settings should be presented in a an easily visible and intelligible manner. ptions may also be more fine-grained and, among other aspects, reflect the possibility that another party might act as a data processor in the meaning of Regulation (EU) 2016/679 for the provider of the service. Privacy settings should also include options to allow the user to decide, for example, whether Flash, JavaScript or similar software can be executed, if a website can collect geo- location data from the user, or if it can access specific hardware such as a webcam or microphone. Such privacy settings should be presented in an easily visible and intelligible manner, and users should be informed about the possibility to change the default privacy settings among the various options at the moment of installation or first use. Information provided should not dissuade users from selecting higher privacy settings and should include relevant information about the risks associated to allowing cross- domain trackers, including the compilation of long-term records of individuals' browsing histories and the use of such records to send targeted advertising or sharing with more third parties. Hardware and software manufacturers should be required to provide easy ways for users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain information society services or to specify for such services websites trackers and cookies are always or never allowed. In case of no active choice, or action from the user, the settings shall be set by default in a manner that rejects and blocks trackers, including cookies, that are not strictly necessary in order to provide an information society service specifically requested by the user.
Amendment 136 #
2017/0003(COD)
Proposal for a regulation
Recital 24
Recital 24
Amendment 136 #
2017/0003(COD)
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union (“the Charter”) protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including information regarding when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communicationg parties. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and inter-personal messaging provided through social media. It should also apply when the confidentiality of electronic communications and the privacy of the physical environment converge, i.e. where terminal devices for electronic communication can also listen into their physical environment or use other input channels such as Bluetooth signalling or movement sensors.
Amendment 138 #
2017/0003(COD)
Proposal for a regulation
Recital 2
Recital 2
(2) The content of eElectronic communications data may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment. For the content of communications, the Court of Justice has clarified that access on a generalised basis by parties other than the communication partners and the communications service provider must be regarded as compromising the essence of the fundamental right to respect for private life, which is never acceptable. Similarly, metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc. Metadata can also be processed and analysed much easier than content, as it is already brought into a structured and standardised format. The protection of confidentiality of communications is an essential condition for the respect of other connected fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, freedom of assembly, freedom of expression and information.
Amendment 144 #
2017/0003(COD)
Proposal for a regulation
Recital 3
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, the provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that certain provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21 , also apply to end-ussubscribers who are legal persons. This includes the confidentiality and security of their communications data and the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-us subscriber, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-ussubscribers that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulationestablished on the basis of Regulation (EU) 2016/679 should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 145 #
2017/0003(COD)
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such informationelectronic communications metadata may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679only be permitted to process such electronic communications metadata based on the consent of the users concerned.
Amendment 148 #
2017/0003(COD)
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights when such a restriction is targeted at persons suspected of having committed a criminal offence and constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3)not be obliged by Union or Member States competent authorities to weaken any measures that ensure the integrity and confidentiality of electronic communications.
Amendment 148 #
2017/0003(COD)
Proposal for a regulation
Recital 4
Recital 4
(4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may includeare generally personal data as defined in Regulation (EU) 2016/679, at least where the users or subscribers are natural persons.
Amendment 150 #
2017/0003(COD)
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providersOn the contrary, it aims to provide additional, and complementary, safeguards taking into account the need for additional protection as regards the confidentiality of communications. Processing of electronic communications servicesdata should only be permitted in accordance with, and on a legal ground specifically provided under, this Regulation.
Amendment 155 #
2017/0003(COD)
Proposal for a regulation
Recital 29
Recital 29
(29) Technology exists that enables providers of electronic communications services to limit the reception of unwanted calls by end-users in different ways, including blocking silent calls and other fraudulent and nuisance calls or marketing calls with a specific code or prefix. Providers of publicly available number- based interpersonal communications services should deploy this technology and protect end-users against nuisance calls and do so free of charge. Providers should ensure that end- users are aware of the existence of such functionalities, for instance, by publicising the fact on their webpage.
Amendment 155 #
2017/0003(COD)
Proposal for a regulation
Recital 6
Recital 6
(6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an inconsistent or insufficient effective protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concerns new techniques that allow for tracking of online behaviour of end-users, which are not covered by Directive 2002/58/EC. Directive 2002/58/EC should therefore be repealed and replaced by this Regulation. _________________ 22 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p.37).
Amendment 158 #
2017/0003(COD)
Proposal for a regulation
Recital 7
Recital 7
Amendment 161 #
2017/0003(COD)
Proposal for a regulation
Recital 31
Recital 31
(31) If end-users that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories or the providers of electronic communications services should inform the end- users of the purposes of the directory and of the search functions of the directory before including them in that directory. End-users should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user's contact details can be searched should not necessarily be the same.
Amendment 162 #
2017/0003(COD)
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to hardware and software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to, processed by or stored in end-ussubscribers’ terminal equipment.
Amendment 166 #
2017/0003(COD)
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications, including for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of end-users that are legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 168 #
2017/0003(COD)
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end- ussubscribers in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-ussubscribers in the Union. This should be the case irrespective of whether the electronic communications are connected to a payment or not.
Amendment 171 #
2017/0003(COD)
Proposal for a regulation
Recital 10
Recital 10
(10) Radio equipment and its software which is placed on the internal market in the Union, must comply with Directive 2014/53/EU of the European Parliament and of the Council23. This Regulation should not affect the applicability of any of the requirements of Directive 2014/53/EU nor the power of the Commission to adopt delegated acts pursuant to Directive 2014/53/EU requiring that specific categories or classes of radio equipment incorporate safeguards to ensure that personal data and privacy of end-ussubscribers are protected. _________________ 23 Directive 2014/53/EU of the European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC (OJ L 153, 22.5.2014, p. 62).
Amendment 174 #
2017/0003(COD)
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised processing, including access, disclosure or alteration. They should ensure that such unauthorised access, disclosure or alteration is possible of being ascertained, and also ensure that electronic communications data are protected by using state of the art software and encryption technologies. Service providers should also inform end- users of measures they can take to protect their anonymity and the security of their communications, for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 174 #
2017/0003(COD)
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-usUsers and subscribers increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order to, also known as “over-the-top services” (OTTs). This Regulation aims at ensureing an effective and equal protection of end-ususers and subscribers when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Electronic Communications Code24 ]so as to ensure the confidentiality of their communication, irrespective of the technological medium chosen.. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 Commission proposal for a Directive of the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD)), such as internal messaging, newsfeeds, timelines and similar functions in online services where messages are exchanged with other users within or outside that service; therefore, such type of services also having a communication functionality should be covered by this Regulation.
Amendment 179 #
2017/0003(COD)
Proposal for a regulation
Recital 43
Recital 43
(43) Directive 2002/58/EC and Commission Regulation (EU) 611/2013 should be repealed.
Amendment 180 #
2017/0003(COD)
Proposal for a regulation
Recital 12
Recital 12
(12) Connected devices and machines increasingly communicate with each other by using electronic communications networks (Internet of Things). The transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service. In order to ensure full protection of the rights to privacy and confidentiality of communications, and to promote a trusted and secure Internet of Things in the digital single market, it is necessary to clarify that this Regulation should apply to the transmission of machine-to-machine communications. In the context of automated supply-chains and elsewhere in the manufacturing or industrial context, the communication by the machines involved may not be inter- personal and may not involve natural persons. However, its confidentiality still needs protection in order to protect internal business information. Therefore, the principle of confidentiality enshrined in this Regulation should also apply to the transmission of machine-to- machine communications. Specific safeguards could also be adopted under sectorial legislation, as for instance Directive 2014/53/EU. Or. en (see justification for new Article 5(2))
Amendment 181 #
2017/0003(COD)
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as ‘hotspowireless internet access points’ situated at different places within a city, department stores, shopping malls and hospital, hospitals, airports, hotels and restaurants. Those access points might require a login or provide a password and might be provided also by public administrations, including Union bodies and agencies. To the extent that those communications networks are provided to an undefined group of end-users, the confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. This regulation should also apply to closed social media profiles and groups that the users have defined as private. In contrast, this Regulation should not apply to closed groups of end-ussubscribers such as corporate networks, access to which is limited to members of the corporan organisation.
Amendment 187 #
2017/0003(COD)
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-us user or subscriber of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include location data, such as for example, the location of the terminal equipment from or to which a phone call or an internet connection has been made or the wireless access points that a device is connected to. It should also include data necessary to identify users’ terminal equipment and data emitted by terminal equipment when searching for access points or other equipment. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet- switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content. The exclusion of services providing “content transmitted using electronic communications networks” from the definition of “electronic communications service” in Article 4 of this Regulation does not mean that service providers who offer both electronic communications services and content services are outside the scope of the provisions of the Regulation which applies to the providers of electronic communications services.
Amendment 190 #
2017/0003(COD)
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
(14a) Modern electronic communications services, including the internet and the OTT services that run on top of it, function on the basis of the separation of layers of protocols and services, as defined by the Open Systems Interconnection model (OSI model, ISO/IEC 7498-1).An internet (TCP/IP) data packet for example is encapsulated in an underlying ethernet or wireless data packet for local routing between the terminal equipment and the nearest router, which means that the full TCP/IP packet is content as seen from the ethernet or wireless connection layer. One layer above, an e-mail including its content and metadata is encapsulated in one or more TCP/IP packets, therefore the full e-mail is treated as content on the level of the TCP/IP protocol layer. The e- mail, in turn, consists of metadata using the SMTP protocol, and content data in the body of the e-mail. That means that what is metadata on one protocol layer is content data for the layers below. Where this Regulation lays down different rules for the processing of content and metadata, this should be understood for the respective electronic communications service and the protocol layer it is operating on. An internet access provider, for example, should therefore not scan the content of the TCP/IP packets routed by it, in order to detect malicious e-mail senders or attachments, because for the internet layer, e-mail is fully content. The scanning of e-mails however could be done by the e-mail provider if it is necessary for the security of the service or if the user specifically requests this. This separation of protocol layers is crucial for maintaining the neutrality of the electronic communications services (net neutrality), which is protected under Regulation (EU) 2015/2120.
Amendment 191 #
2017/0003(COD)
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. The provisions of this Regulation particularise and complement Regulation (EU) 2016/679, by laying down specific rules for the purposes mentioned in paragraphs 1 and 2. Except where otherwise provided in this Regulation, the provisions of Regulation (EU) 2016/679 shall apply when personal data is processed.
Amendment 192 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.:
Amendment 192 #
2017/0003(COD)
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any processing of electronic communications data or any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of the user requesting a specific service or of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addresseeWhen the processing is allowed under this Regulation, any other processing on the basis of Article 6 of Regulation (EU) 2016/679 should be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of that Regulation. This should not prevent requesting additional consent for new processing operations. The prohibition of processing of communications data should apply during their conveyance and when they are stored afterwards, in order to reflect the growing trend that subscribers do not store all communications data on their own terminal equipment, but use cloud- based storage space of the communications provider or other parties. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when othirder parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, and analysis of users’ traffic data, including browsing habits, without the end-users’ consent.
Amendment 197 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point a (new)
Article 2 – paragraph 1 – point a (new)
(a) the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services, irrespective of whether a payment of the end-user is required;
Amendment 198 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point b (new)
Article 2 – paragraph 1 – point b (new)
(b) the processing of information related to or processed by the terminal equipment of end-users;
Amendment 199 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point c (new)
Article 2 – paragraph 1 – point c (new)
(c) the placing on the market of hardware and software permitting electronic communications by end-users, including the retrieval and presentation of information on the Internet;
Amendment 200 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point d (new)
Article 2 – paragraph 1 – point d (new)
(d) the provision of publicly available directories of users of electronic communication;
Amendment 201 #
2017/0003(COD)
(e) the sending of direct marketing commercial electronic communications to end-users.
Amendment 204 #
2017/0003(COD)
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such asrelated to the presence of malwarepective service, or the processing of metadata of the respective service to ensure the necessary quality of service requirements, such as latency, jitter etc. Or. en (related to the clarifications in Recital 14a(new) and Article 4.)
Amendment 205 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. The processing of electronic communications data by the Union institutions, bodies, offices and agencies insofar as they are not publicly available and not originating or having as destination publicly available communications services, is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001].
Amendment 206 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – introductory part
Article 3 – paragraph 1 – introductory part
1. This Regulation applies to: the activities referred to in Article 2 where the user or end-user is in the Union or where the communications services, hardware, software, directories, or direct marketing commercial electronic communications are provided from the territory of the Union.
Amendment 207 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
Amendment 209 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point b
Article 3 – paragraph 1 – point b
Amendment 209 #
2017/0003(COD)
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end-users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users’ consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier ismay be necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural personss foreseen, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 211 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
Amendment 214 #
2017/0003(COD)
Proposal for a regulation
Recital 17 a (new)
Recital 17 a (new)
(17a) This Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. However, users attach great importance to the confidentiality of their communications, including their online activities, and they want to control the use of their electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain users’ consent to process electronic communications data. For the purposes of this Regulation, the consent of a user should have the same meaning and be subject to the same conditions as the consent of the data subject under Regulation (EU) 2016/679.
Amendment 215 #
2017/0003(COD)
Proposal for a regulation
Recital 18
Recital 18
(18) End-uUsers may consent to the processing of their metaelectronic communications data to receive specific services requested by them, such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against counter-performance other than moneymalware, unsolicited communication, or fraudulent activities. Consent for processing electronic communications data will not be valid if the data subject has no genuine and free choice, for instance by end- users being exposed to advertises unable to refuse or withdraw consent without detriments. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject’s consent under Regulation (EU) 2016/679. Basic broadband internet access and voice communications services are to be considered as essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse orWithout prejudice to Article 7 of Regulation (EU) 2016/679, consent should not be considered as freely given if it is required to access any service or obtained through insisting and repetitive requests. In order to prevent such abusive requests, users should be able to order service providers to remember their choice not to consent and to adhere to technical specifications signalling not to consent, withdrawal of consent without detriment, or an objection.
Amendment 216 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-users, on all issues related to processing electronic communications datathe activities referred to in Article 2 for the purposes of ensuring compliance with this Regulation.
Amendment 218 #
2017/0003(COD)
5. The designation of a representative pursuant to paragraph 2 shall be without prejudice to legal actions, which could be initiated against a natural or legal person who processes electronic communications data in connection with the provision of electronic communications services from outside the Union to end-users inundertake the activities referred to in Article 2 from outside the Union.
Amendment 219 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) the definitions of ‘electronic communications network’, ‘electronic communications service’, ‘interpersonal communications service’, ‘number-based interpersonal communications service’, ‘number-independent interpersonal communications service’, ‘end-user’ and ‘call’ in points (1), (4), (5), (6), (7), (14) and (21) respectively'call' in point (21) of Article 2 of [Directive establishing the European Electronic Communications Code];
Amendment 219 #
2017/0003(COD)
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with theprocessing of content data of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content ofelectronic communications data, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end- user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such servicearry out an impact assessment as provided for in Regulation (EU) 2016/679 and if necessary under that Regulation, consult the supervisory authority prior to the processing. After electronic communications content has been sent by the end-user and received by the intended end-user or end- users, it may be recorded or stored by the end-user, end- users or by a thirdnother party entrusted by them to record or store such data. Any processing of such data, which could be the electronic communications provider. Any processing of such stored communications data where the data is stored on behalf of the end-user must comply with this Regulation. The end- user may further process the data, and if it contains personal data, must comply with Regulation (EU) 2016/679.
Amendment 220 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
Amendment 224 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘'electronic communications content’' means the content transmitted, distributed or exchanged by means of electronic communications services, such as text, voice, videos, images, and sound, including electronic communications metadata of other electronic communications services or protocols that are transmitted by using the respective service;
Amendment 224 #
2017/0003(COD)
Proposal for a regulation
Recital 19 a (new)
Recital 19 a (new)
(19a) It should be possible to process electronic communications data for the purposes of providing services specifically requested by a user for personal or personal work-related purposes such as search or keyword indexing functionality, text-to-speech engines and translation services, including picture-to-voice or other automated content processing used as accessibility tools by persons with disabilities. This should be possible without the consent of all users who are part of the communication, but may take place with the consent of the user requesting the service. Such specific consent also precludes the provider from processing those data for different purposes.
Amendment 226 #
2017/0003(COD)
Proposal for a regulation
Recital 20
Recital 20
(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is stored in or emitted by such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere of the end-users requiring protection under the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms. Given that such equipment contains or processes informationvery sensitive data that may reveal details of an individual’s emotional, political,the behaviour, psychological features, emotional condition and political convictions, religious beliefs and social complexities of an individual, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information processed by or related to such equipment requires enhanced privacy protection. Information related to the user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the user, and may seriously intrude upon the privacy of these users. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called ‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-user, to process data and use input and output functionalities such as sensors, and to trace the activities. Techniques that surreptitiously monitor the actions of end- users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposes.
Amendment 227 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘'electronic communications metadata’' means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communicationelectronic identifiers and other data broadcasted or emitted by the terminal equipment to identify users' communication or to enable it to connect to an electronic communications service or to another terminal equipment, data on the location of the terminal equipment processed in the context of providing electronic communications services, and the date, time, duration and the type of communication; where metadata of other electronic communications services or protocols are transmitted, distributed or exchanged by using the respective service, they shall be considered electronic communications content for the respective service;
Amendment 233 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point f
Article 4 – paragraph 3 – point f
(f) ‘'direct marketing communications’' means any form of advertising, whether in written, audio, video, oral oral, sent any other format, sent, broadcast, served or presented to one or more identified or identifiable end-users of electronic communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail, SMS, etc.;
Amendment 234 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h a (new)
Article 4 – paragraph 3 – point h a (new)
Amendment 235 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h b (new)
Article 4 – paragraph 3 – point h b (new)
(h b) 'electronic communications service' means a service provided via electronic communications networks, whether for remuneration or not, which encompasses one or more of the following: an 'internet access service' as defined in Article 2(2) or Regulation (EU) 2015/2120; an interpersonal communications service; a service consisting wholly or mainly in the conveyance of the signals, such as a transmission service used for the provision of a machine-to-machine service and for broadcasting, but excludes information conveyed as part of a broadcasting service to the public over an electronic communications network or service except to the extent that the information can be related to the identifiable subscriber or user receiving the information; it includes services enabling interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service; it also includes services which are not publicly available, but provide access to a publicly available electronic communications network;
Amendment 236 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h c (new)
Article 4 – paragraph 3 – point h c (new)
(h c) 'interpersonal communications service' means a service, whether provided for remuneration or not, that enables direct interpersonal and interactive exchange of information between a finite number of persons whereby the persons initiating or participating in the communication determine the recipient(s);
Amendment 237 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h d (new)
Article 4 – paragraph 3 – point h d (new)
(h d) 'number-based interpersonal communications service' means an interpersonal communications service which connects to the public switched telephone network, either by means of assigned numbering resources, i.e. number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 237 #
2017/0003(COD)
Proposal for a regulation
Recital 21
Recital 21
(21) Exceptions to the obligation to obtain consent to make use of the input, output, processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy. For instance, consent should not be requested for authorizing the technical storage or access which is strictly necessary and proportionate for the legitimate purpose of enabling the use of a specific service explicitly requested by the end-ususer or subscriber. This may include the storing of cookiesinformation (such as cookies and identifiers) for the duration of a single established session on a website to keep track of the end-user’s input when filling in online forms over several pages. Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a website. Information society service providers that engage in configuration checking to provide the service in compliance with the end-user’s settings and the mere logging of the fact that the end-user’s device is unable to receive content requested by the end- user should not constitute access to such a device or use of the device processing capabilitieillegitimate access.
Amendment 238 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h e (new)
Article 4 – paragraph 3 – point h e (new)
(h e) 'number-independent interpersonal communications service' means an interpersonal communications service which does not connect with the public switched telephone network, either by means of assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 239 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h f (new)
Article 4 – paragraph 3 – point h f (new)
(h f) 'end-user' means a legal entity or a natural person using or requesting a publicly available electronic communications service;
Amendment 240 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h g (new)
Article 4 – paragraph 3 – point h g (new)
(h g) 'user' means any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to this service;
Amendment 241 #
2017/0003(COD)
Proposal for a regulation
Chapter 2 – title
Chapter 2 – title
PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION STORED INPROCESSED BY AND RELATED TO THEIR TERMINAL EQUIPMENT
Amendment 242 #
2017/0003(COD)
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. This Regulation should prevent the use of so- called “cookie walls” and “cookie banners” that do not help users to maintain control over their personal information and privacy or become informed about their rights. The use of technical means to provide consent, for example, through transparent and user- friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other applicationor withdraw consent and to object by technical specifications using automated means, such as the appropriate settings of a hardware or software permitting the retrieval and presentation of information on the internet. Those settings should include choices concerning the use of processing and storage capabilities of the user’s terminal equipment as well as a signal sent by the hardware or software indicating the user’s preferences to other parties. The choices made by end- users when establishing its general privacy settings of a browser or other applicationhardware of software should be binding on, and enforceable against, any third parties. Web browsers are a type of software application that permits the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messaging or provide route guidance, have also the same capabilities. Web browsers mediate much of what occurs between the end-More particularly web browsers, applications or mobile operating systems may be userd and the website. From this perspective, they are in a privileged position to play an active role to help the end-s a user’s personal privacy assistant communicating the user’s choices, thus helping users to control the flow of information to and fromprevent information related to or processed by their terminal equipment. More particularly web browsers may be used as gatekeepers, thus helping end-users to prevent information from their terminal equipment (for example smart phone, tablet or computer) from being accessed or stored (for example smart phone, tablet or computer) from being accessed, processed or stored. They should therefore not abuse their position as gate- keepers and still allow for possibilities for the user to individually give consent with regard to a certain specific service or service provider.
Amendment 243 #
2017/0003(COD)
Proposal for a regulation
Article 5 – title
Article 5 – title
Confidentiality of electronic communications data
Amendment 248 #
2017/0003(COD)
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.
Amendment 250 #
2017/0003(COD)
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of hardware or software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties fromand activates as default the option to prevent the cross-domain tracking and storing information on the terminal equipment by other parties; this is often presented as ‘reject third party trackers and cookies’. End-uUsers should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept trackers and cookies’) to lower (for example, ‘always accept trackers and cookies’) and intermediate (for example, ‘reject third party cookiall trackers and cookies that are not strictly necessary to provide a service explicitly requested by the user’ or ‘reject all cross- domain tracking’). Thes’e or ‘only accept first party cookies’). Such privacy settings should be presented in an easily visible and intelligible manner. ptions may also be more fine-grained and, among other aspects, reflect the possibility that another party might act as a data processor within the meaning of Regulation (EU) 2016/679 for the provider of the service. Privacy settings should also include options to allow the user to decide for example, whether multimedia players, interactive programming language viewers, or similar software can be executed, if a website can collect geo-location data from the user, or if it can access specific hardware such as a webcam or microphone. Such privacy settings should be presented in an easily visible and intelligible manner, and at the moment of installation or first use, users should be informed about the possibility to change the default privacy settings among the various options. Information provided should not dissuade users from selecting higher privacy settings and should include relevant information about the risks associated to allowing cross-domain trackers, including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising or sharing with more third parties. Hardware and software manufacturers should be required to provide easy ways for users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain information society services or to specify for such services websites trackers and cookies are always or never allowed. In case of no active choice, or action from the user, the settings shall be set by default in a manner that rejects and blocks trackers, including cookies, that are not strictly necessary in order to provide an information society service specifically requested by the user.
Amendment 251 #
2017/0003(COD)
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 256 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 259 #
2017/0003(COD)
Proposal for a regulation
Recital 24
Recital 24
Amendment 260 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 263 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the security ofavailability, integrity and confidentiality of the respective electronic communications networks andor services, or to detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
Amendment 266 #
2017/0003(COD)
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such informationelectronic communications metadata may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679only be permitted to process such electronic communications metadata based on the consent of the users concerned.
Amendment 267 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) the user concerned has given his or her consent to the processing of his or her electronic communications data, provided that it is technically strictly necessary for the provision of a service explicitly requested by a user for his or her purely individual usage, solely for the provision of the explicitly requested service and only for the duration necessary for that purpose and without the consent of all users, only where such processing produces effects solely in relation to the user who requested the service and does not adversely affect the fundamental rights of other users.
Amendment 267 #
2017/0003(COD)
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such informationelectronic communications metadata may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679only be permitted to process such electronic communications metadata based on the consent of the users concerned.
Amendment 270 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1 (new)
Article 6 – paragraph 1 – subparagraph 1 (new)
Amendment 272 #
2017/0003(COD)
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to temporarily restrict by law certain obligations and rights when such a restriction is targeted at persons suspected of having committed a criminal offence and constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3)not be obliged by Union or Member States competent authorities to weaken any measures that ensure the integrity and confidentiality of electronic communications.
Amendment 274 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 276 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is technically strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 279 #
2017/0003(COD)
Proposal for a regulation
Recital 28
Recital 28
(28) There is justification for overriding the elimination of calling line identification presentation in specific cases. End-usSubscribers’ rights to privacy with regard to calling line identification should be restricted where this is necessary to trace nuisance calls and with regard to calling line identification and location data where this is necessary to allow emergency services, such as eCall, to carry out their tasks as effectively as possible.
Amendment 280 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 281 #
2017/0003(COD)
Proposal for a regulation
Recital 29
Recital 29
(29) Technology exists that enables providers of electronic communications services to limit the reception of unwanted calls by end-ussubscribers in different ways, including blocking silent calls and other fraudulent and nuisance calls or marketing calls with a specific code or prefix. Providers of publicly available number- based interpersonal communications services should deploy this technology and protect end-ussubscribers against nuisance calls and free of charge. Providers should ensure that end-ussubscribers are aware of the existence of such functionalities, for instance, by publicising the fact on their webpage.
Amendment 284 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user or users concerned hasve given his or hertheir specific consent to the processing of his or hetheir communications metadata by the respective electronic communications service for one or more specified purposes, including for the provision of specific services to such end- users, provided that the purpose or purposes concerned could not be fulfilled by processing informationdata that is made anonymous, and the consent has not been a condition to access or use a service.
Amendment 287 #
2017/0003(COD)
Proposal for a regulation
Recital 30
Recital 30
(30) Publicly available directories of end-ussubscribers of electronic communications services are widely distributed. Publicly available directories means any directory or service containing end-ussubscribers information such as phone numbers (including mobile phone numbers), email address contact details and includes inquiry services. The right to privacy and to protection of the personal data of a natural person requires that end-ussubscribers that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities requires that end-ussubscribers that are legal entities have the right to object to the data related to them being included in a directory.
Amendment 289 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
Article 6 – paragraph 3 – introductory part
3. Providers of the electronic communications services may process electronic communications content only if:
Amendment 292 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content andthe user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the end-user, for the duration necessary for that purpose, provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or
Amendment 292 #
2017/0003(COD)
Proposal for a regulation
Recital 31
Recital 31
(31) If end-ussubscribers that are natural persons give their consent to their data being included in such directories, they should be able to determine on a consent basis which categories of personal data are included in the directory (for example name, email address, home address, user name, phone number). In addition, providers of publicly available directories or the providers of electronic communications services should inform the end-ussubscribers of the purposes of the directory and of the search functions of the directory before including them in that directory. End-usSubscribers should be able to determine by consent on the basis of which categories of personal data their contact details can be searched. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-ussubscriber’s contact details can be searched should not necessarily be the same.
Amendment 298 #
2017/0003(COD)
Proposal for a regulation
Recital 32
Recital 32
(32) In this Regulation, direct marketing refers to any form of advertising by which a natural or legal person sends or presents direct marketing communications directly to one or more identified or identifiable end-ussubscribers using electronic communications services. In addition to the offering of products and services for commercial purposes, this should also include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties. The same should apply to messages sent by other non-profit organisations to support the purposes of the organisation.
Amendment 301 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
Amendment 301 #
2017/0003(COD)
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-ussubscribers against unsolicited communications, including for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-ussubscriber is obtained before commercial electronic communications for direct marketing purposes are sent to end-ussubscribers in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of subscribers that are legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 304 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to points (b) and (c) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third partparty, which could be the provider of the electronic communication service, specifically entrusted by them end-user to record, store or otherwise process such data,. The end-user may further process the content in accordance with Regulation (EU) 2016/679, if applicable.
Amendment 306 #
2017/0003(COD)
Proposal for a regulation
Recital 34
Recital 34
(34) When end-ussubscribers have provided their consent to receiving unsolicited communications for direct marketing purposes, they should still be able to withdraw their consent at any time in an easy manner. To facilitate effective enforcement of Union rules on unsolicited messages for direct marketing, it is necessary to prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending unsolicited commercial communications for direct marketing purposes. Unsolicited marketing communications should therefore be clearly recognizable as such and should indicate the identity of the legal or the natural person transmitting the communication or on behalf of whom the communication is transmitted and provide the necessary information for recipients to exercise their right to oppose to receiving further written and/or oral marketing messages.
Amendment 308 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Without prejudice to point (b) and (c) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication.
Amendment 309 #
2017/0003(COD)
Proposal for a regulation
Recital 35
Recital 35
(35) In order to allow easy withdrawal of consent, legal or natural persons conducting direct marketing communications by email should present a link, or a valid electronic mail address, which can be easily used by end-ussubscribers to withdraw their consent. Legal or natural persons conducting direct marketing communications through voice-to-voice calls and through calls by automating calling and communication systems should display their identity line on which the company can be called orand present a specific code identifying the fact that the call is a marketing call.
Amendment 311 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadataonly the metadata that is strictly necessary for this purpose may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 312 #
2017/0003(COD)
Proposal for a regulation
Recital 36
Recital 36
Amendment 313 #
2017/0003(COD)
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of information stored in and, related to and processed by end-users’' terminal equipment
Amendment 315 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of input, output, processing and storage capabilities of terminal equipment and the collectionprocessing of information from end-users’ terminal equipment, including about' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 316 #
2017/0003(COD)
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should inform end- usprocess electronic communications data in such a way as to prevent unauthorised processing, including access, disclosure or alteration. They should ensure that such unauthorised access, disclosure or alteration can be detected, and also ensure that electronic communications data are protected by using state-of the art software and encryption technologies. Service providers should also inform subscribers of measures they can take to protect their anonymity and the security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-ussubscribers of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 317 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) it is strictly technically necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications networkservice; or
Amendment 320 #
2017/0003(COD)
Proposal for a regulation
Recital 38
Recital 38
(38) To ensure full consistency with Regulation (EU) 2016/679, the enforcement of the provisions of this Regulation should be entrusted to the same authorities responsible for the enforcement of the provisions Regulation (EU) 2016/679, and this Regulation relies on the consistency mechanism of Regulation (EU) 2016/679. Member States should be able to have more than one supervisory authority, to reflect their constitutional, organisational and administrative structure. The supervisory authorities should also be responsible for monitoring the application of this Regulation regarding electronic communications data for legal entities. Such additional tasks should not jeopardise the ability of the supervisory authority to perform its tasks regarding the protection of personal data under Regulation (EU) 2016/679 and this Regulation. Each supervisory authority should be provided with the additional financial and human resources, premises and infrastructure necessary for the effective performance of the tasks under this Regulation.
Amendment 321 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service, for the duration necessary for that purpose; or
Amendment 323 #
2017/0003(COD)
Proposal for a regulation
Recital 41
Recital 41
(41) In order to fulfil the objectivesmplementing powers should be conferred ofn this Regulation, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance with Article 290 of the Treatye Commission to specify a code to identify direct marketing calls including those made through automated calling and communication systems. Furthermore, implementing powers should be delegatconferred ton the Commission to supplement this Regulation. In particular, delegated acts should be adopted in respect of the information to be presented, including by means of standardised icons in order to give an easily visible and intelligible overview of the collection of information emitted by terminal equipment, its purpose, the person responsible for it and of any measure the end-with regard to the establishment of procedures and the circumstances where providers of publicly available number- based interpersonal communication services shall override the elimination of the presentation of the calling line identification on a temporary basis, where users of the terminal equipment can take to minimise the collection. Delegated acts are also necessary to specify a code to identify direct marketing calls including those made through automated calling and communication systemsr subscribers request the tracing of malicious or nuisance calls. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. It is of particular importance that the Commission carries out appropriate consultations and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 201625 . In particular, to ensure equal participation in the preparation of delegated actimplementing measures, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. Furthermore, in order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. _________________ 25 Interinstitutional Agreement between the European Parliament, the Council of the European Union and the European Commission on Better Law-Making of 13 April 2016 (OJ L 123, 12.5.2016, p. 1–14).
Amendment 325 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is strictly technically necessary for providing an information society service specifically requested by the end-ususer, for the duration necessary for that provision of the service, provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider; or
Amendment 332 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.:
Amendment 334 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
Amendment 336 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point a (new)
Article 2 – paragraph 1 – point a (new)
(a) the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services, irrespective of whether a payment is required;
Amendment 337 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point b (new)
Article 2 – paragraph 1 – point b (new)
(b) the processing of information related to or processed by the terminal equipment of end-users;
Amendment 338 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point c (new)
Article 2 – paragraph 1 – point c (new)
(c) the placing on the market of hardware and software permitting electronic communications by users and subscribers, including the retrieval and presentation of information on the Internet;
Amendment 339 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point d (new)
Article 2 – paragraph 1 – point d (new)
(d) the provision of publicly available directories of subscribers of electronic communication;
Amendment 340 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point e (new)
Article 2 – paragraph 1 – point e (new)
(e) the sending of direct marketing commercial electronic communications to end-users.
Amendment 344 #
2017/0003(COD)
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. The processing of electronic communications data by the Union institutions, bodies, offices and agencies insofar as they are not publicly available and not originating or having as destination publicly available communications services, is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001].
Amendment 345 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – introductory part
Article 3 – paragraph 1 – introductory part
1. This Regulation applies to: the activities referred to in Article 2 where the user or subscriber is in the Union, where the communications services, hardware, software, directories, or direct marketing commercial electronic communications are provided from the territory of the Union, or where the the processing of information related to or processed by the terminal equipment of users or subscribers takes place in the Union.
Amendment 346 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) it is strictly technically necessary for a security update, provided that: (i) such updates are discreetly packaged and do not in any way change the functionality of the hardware or software or the privacy settings chosen by the user; (ii) the user is informed in advance each time such an update is being installed; and (iii) the user has the possibility to postpone or turn off the automatic installation of such updates;
Amendment 346 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
Amendment 350 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point b
Article 3 – paragraph 1 – point b
Amendment 351 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) in the context of employment relationships, it is strictly technically necessary for the execution of an employee's task, where: (i) the employer provides and/or is the end-user of the terminal equipment; (ii) the employee is the user of the terminal equipment; (iii) it is not further used for monitoring the employee.
Amendment 351 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
Amendment 356 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Where the provider of an electronic communications service, of publicly available directories, of hardware of software permitting electronic communications, or the person sending direct marketing commercial communications, or the person processing information related to or processed by the terminal equipment of users or subscribers is not established in the Union, it shall designate in writing a representative in the Union.
Amendment 360 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
Amendment 360 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
3. The representative shall be established in one of the Member States where the end-ususers or subscribers of such electronic communications services are located.
Amendment 361 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
4. The representative shall have the power to answer questions and provide information in addition to or instead of the provider it represents, in particular, to supervisory authorities, and end-ususers, and subscribers, on all issues related to processing electronic communications datathe activities referred to in Article 2 for the purposes of ensuring compliance with this Regulation.
Amendment 362 #
2017/0003(COD)
Proposal for a regulation
Article 3 – paragraph 5
Article 3 – paragraph 5
5. The designation of a representative pursuant to paragraph 2 shall be without prejudice to legal actions, which could be initiated against a natural or legal person who processes electronic communications data in connection with the provision of electronic communications services from outside the Union to end-users inundertake the activities referred to in Article 2 from outside the Union.
Amendment 365 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) the definitions of ‘electronic communications network’, ‘electronic communications service’, ‘interpersonal communications service’, ‘number-based interpersonal communications service’, ‘number-independent interpersonal communications service’, ‘end-user’ and ‘call’ in points (1), (4), (5), (6), (7), (14) and (21) respectively'call' in point (21) of Article 2 of [Directive establishing the European Electronic Communications Code];
Amendment 369 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
Amendment 377 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
Amendment 377 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point a a (new)
Article 4 – paragraph 3 – point a a (new)
(a a) (-a) 'electronic communications network' means a transmission system, whether or not based on a permanent infrastructure or centralised administration capacity, and, where applicable, switching or routing equipment and other resources, including network elements which are not active, which permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including satellite networks, electricity cable systems, to the extent that they are used for the purpose of transmitting signals, networks used for radio and television broadcasting, and cable television networks, irrespective of the type of information conveyed; (-aa) 'electronic communications service' means a service provided via electronic communications networks, whether for remuneration or not, which encompasses one or more of the following:an 'internet access service' as defined in Article 2(2) or Regulation (EU) 2015/2120;an interpersonal communications service;a service consisting wholly or mainly in the conveyance of the signals, such as a transmission service used for the provision of a machine-to-machine service and for broadcasting, but excludes information conveyed as part of a broadcasting service to the public over an electronic communications network or service except to the extent that the information can be related to the identifiable subscriber or user receiving the information;it includes services enabling interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service;it also includes services which are not publicly available, but provide access to a publicly available electronic communications network; (-ab) 'interpersonal communications service' means a service, whether provided for remuneration or not, that enables direct interpersonal and interactive exchange of information between a finite number of persons whereby the persons initiating or participating in the communication determine the recipient(s); (-ac) 'number-based interpersonal communications service' means an interpersonal communications service which connects to the public switched telephone network, either by means of assigned numbering resources, i.e. number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans; (-ad) 'number-independent interpersonal communications service' means an interpersonal communications service which does not connect with the public switched telephone network, either by means of assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans; (-ae) 'subscriber' means a legal entity or a natural person using or requesting a publicly available electronic communications service; (-af) 'user' means any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to this service; (this should be before point (a))
Amendment 378 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point b
Article 4 – paragraph 3 – point b
(b) ‘'electronic communications content’' means the content transmitted, distributed or exchanged by means of electronic communications services, such as text, voice, videos, images, and sound, including electronic communications metadata of other electronic communications services or protocols that are transmitted by using the respective service;
Amendment 381 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘'electronic communications metadata’' means all data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, electronic identifiers and any other data broadcasted or emitted by the terminal equipment, data on the location of the device generatterminal equipment processed in the context of providing electronic communications services, and the date, time, duration and the type of communication; where metadata of other electronic communications services or protocols are transmitted, distributed or exchanged by using the respective service, they shall be considered electronic communications content for the respective service;
Amendment 382 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
Amendment 384 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point d
Article 4 – paragraph 3 – point d
(d) ‘publicly available directory’ means a directory of end-ussubscribers of electronic communications services, whether in printed or electronic form, which is published or made available to the public or to a section of the public, including by means of a directory enquiry service;
Amendment 386 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point f
Article 4 – paragraph 3 – point f
(f) ‘'direct marketing communications’' means any form of advertising, whether in written or oral, sent, audio, video, oral or any other format, sent, broadcast, served or presented to one or more identified or identifiable end-ussubscribers of electronic communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail, SMS, fax, etc.;
Amendment 388 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point g
Article 4 – paragraph 3 – point g
(g) ‘'direct marketing voice-to-voice calls’' means live calls, which do not entail the use of automated calling systems and communication systems, including calls made using automated calling and communication systems which connect the called person to an individual;
Amendment 390 #
2017/0003(COD)
Proposal for a regulation
Article 4 – paragraph 3 – point h
Article 4 – paragraph 3 – point h
(h) ‘automated calling and communication systems’ means systems capable of automatically initiating calls to one or more recipients in accordance with instructions set for that system, and transmitting sounds which are not live speech, including calls made using automated calling and communication systems which connect the called person to an individual.
Amendment 393 #
2017/0003(COD)
Proposal for a regulation
Chapter 2 – title
Chapter 2 – title
PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION STORED INPROCESSED BY AND RELATED TO THEIR TERMINAL EQUIPMENT
Amendment 395 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internetpecifications for electronic communications services or information society services which allow for specific consent for specific purposes. When such technical specifications are used by the user's terminal equipment or the software running on it, they shall be binding on, and enforceable against, any other party.
Amendment 396 #
2017/0003(COD)
Proposal for a regulation
Article 5 – title
Article 5 – title
Confidentiality of electronic communications data
Amendment 399 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-uUsers who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) ofgiven their consent pursuant to Article 6 or Article 6(3)8 shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.
Amendment 399 #
2017/0003(COD)
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Electronic communications data shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.
Amendment 402 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
Amendment 409 #
2017/0003(COD)
Proposal for a regulation
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
2.Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.
Amendment 412 #
2017/0003(COD)
Proposal for a regulation
Article 10 – title
Article 10 – title
Amendment 413 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. SHardware and software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storingthat enable access to and use of electronic communications services or access to and use of information society services shall be able to prevent other parties from the use of input, output, processing and storage capabilities of terminal equipment and the processing of information on thefrom users' terminal equipment, of an end-user or processing information already stored on that equipmentr making information available through the terminal equipment, including information about and processed by its software and hardware.
Amendment 415 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. PNotwithstanding Article 6 of Regulation (EU) 2016/679, providers of electronic communications networks and services may process electronic communications data if: only if: Or. en (See also the clarification in Recital 15.)
Amendment 419 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, requiBy default, such hardware or software shall have activated privacy settings that prevent other parties from exercising the activities referred to in paragraph 1. If the hardware or software allows for deviating settings, the user shall be informed about the privacy settings options during first use or installation and shall be offered the end-user to consent to a settingpossibility to change or confirm them.
Amendment 421 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) it is technically strictly necessary to achieve the transmission of the communication, for the duration necessary for that purpose; or
Amendment 426 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
Amendment 426 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the security ofavailability, integrity and confidentiality of the respective electronic communications networks and or services, or to detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
Amendment 430 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1, 2 and 2a shall be complied with at the time of the first update of the software, but no later than 25 August 2018.
Amendment 433 #
2017/0003(COD)
Proposal for a regulation
Article 11
Article 11
Amendment 437 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) the user concerned has given his or her consent to the processing of his or her electronic communications data, provided that it is technically strictly necessary for the provision of a service explicitly requested by a user for his or her purely individual usage, solely for the provision of the explicitly requested service and only for the duration necessary for that purpose and without the consent of all users, only where such processing produces effects solely in relation to the user who requested the service and does not adversely affect the fundamental rights of other users.
Amendment 440 #
2017/0003(COD)
Proposal for a regulation
Article 11 a (new)
Article 11 a (new)
Article 11 a Restrictions on the rights of the user or end-user 1. Union or Member State law to which the provider is subject may restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.
Amendment 441 #
2017/0003(COD)
Proposal for a regulation
Article 11 b (new)
Article 11 b (new)
Article 11 b Restrictions on the confidentiality of communications 1. Union or Member State law to which the provider is subject may restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679. 3. No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.
Amendment 443 #
2017/0003(COD)
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Regardless of whether the calling user or end-user has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification and the denial or absence of consent of an end- user for the processing of metadata, on a per-line basis for organisations dealing with emergency communications, including public safety answering points, for the purpose of responding to such communications.
Amendment 444 #
2017/0003(COD)
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. Member States shall establish more specific provisionsThe Commission shall be empowered to adopt implementing measures in accordance with Article 26(1 ) with regard to the establishment of procedures and the circumstances where providers of publicly available number- based interpersonal communication services shall override the elimination of the presentation of the calling line identification on a temporary basis, where users or end-users request the tracing of malicious or nuisance calls.
Amendment 445 #
2017/0003(COD)
Proposal for a regulation
Article 14 – paragraph 1 – point a
Article 14 – paragraph 1 – point a
(a) to block incoming calls from specific numbers, or numbers having a specific code or prefix identifying the fact that the call is a marketing call referred to in Article 16(3)(b), or from anonymous sources;
Amendment 445 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Before processing electronic communications data, the provider shall carry out a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, and if necessary a prior consultation with the supervisory authority pursuant to Article 36 of Regulation (EU) 2016/679.
Amendment 450 #
2017/0003(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The providers of publicly available directories or the electronic communication service providers shall obtain the consent of end- users who are natural persons to include their personal data in the directory and, consequently, shall obtain consent from these end-users for inclusion of data per category of personal data, to the extent that such data are relevantnecessary for the purpose of the directory as determined by the provider of the directory. Providers shall give end-users who are natural persons the means to verify, correct and delete such data.
Amendment 451 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 455 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) it is technically strictly necessary to meet mandatory quality of service requirements pursuant to [Directive establishing the European Electronic Communications Code] or Regulation (EU) 2015/212028 for the duration necessary for that purpose; or _________________ 28 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1–18).
Amendment 461 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) it is strictly necessary for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communications services; or
Amendment 466 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user or users concerned hasve given his or hertheir specific consent to the processing of his or their communications metadata by the respective electronic communications service for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing informationdata that is made anonymous, and the consent has not been a condition to access or use a service.
Amendment 467 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Natural or legal persons may use electronic communications services for the purposes of sendingpresenting or sending unsolicited or direct marketing communications to end-users who are natural persons thatand have given their explicit consent.
Amendment 469 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic -mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The customer shall be informed about the right to object and shall be given an easy way to exercise it at the time of collection and each time a message is sent.
Amendment 476 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 3 – point a
Article 16 – paragraph 3 – point a
(a) present the identity of a line on which they can be contacted; orand
Amendment 480 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 3 a (new)
Article 16 – paragraph 3 a (new)
3 a. Unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted. Such communications shall provide the necessary information for recipients to exercise their right to refuse further written or oral marketing messages.
Amendment 482 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
Amendment 483 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – introductory part
Article 6 – paragraph 3 – introductory part
3. Providers of the electronic communications services may process electronic communications content only if:
Amendment 484 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 5
Article 16 – paragraph 5
5. Member States shall ensure , in the framework of Union law and applicable national law, that the legitimate interest of end-users that are legal persons with regard to unsolicited communications sent to them by means set forth under paragraph 1 are sufficiently protected. Member States shall specifically provide that the placing of direct marketing voice-to-voice calls to end-users who are legal persons shall only be allowed in respect of end-users who have not expressed their objection or have consented to receiving those communications. Member States shall provide that end-users can object to receiving the unsolicited communications via a national Do Not Call Register, thereby also ensuring that the user is only required to opt out once.
Amendment 485 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-users of the marketing nature of the communication and the identity of the legal or natural person on behalf of whom the communication is transmitted and shall provide the necessary information for recipients to exercise their right to withdraw their consent, in an easy manner or to object, in a manner that is as easy as giving the consent and free of charge, to receiving further marketing communications.
Amendment 486 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content andthe user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the user, for the duration necessary for that purpose, , provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or
Amendment 489 #
2017/0003(COD)
Proposal for a regulation
Article 17 – title
Article 17 – title
Integrity of the communications and information about detected security risks
Amendment 490 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 492 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 a (new)
Article 17 – paragraph 1 a (new)
Providers of electronic communications services and manufacturers of terminal equipment shall not use any means, no matter if technical, operational, or by terms of use or by contracts, that could prevent users and end-users from applying the best available techniques against intrusions and interceptions and to secure their networks, terminal equipment and electronic communications. Breaking, decrypting, restricting or circumventing such measure taken by users or end-users shall be prohibited.
Amendment 492 #
2017/0003(COD)
Proposal for a regulation
Article 6 – paragraph 3 – point b
Article 6 – paragraph 3 – point b
(b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
Amendment 493 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 b (new)
Article 17 – paragraph 1 b (new)
In the case of a particular risk that may compromise the security of networks, electronic communications services, or terminal equipment, the relevant provider or manufacturer shall inform end-users of such a risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end- users of any possible remedies. It shall also inform the relevant manufacturer and service provider.
Amendment 494 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 c (new)
Article 17 – paragraph 1 c (new)
As regards the security of networks and services and related security obligations, the obligations of Article 40 of the [European Electronic Communications Code] shall apply mutatis mutandis to all services in the scope of this Regulation.
Amendment 495 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 d (new)
Article 17 – paragraph 1 d (new)
This Article shall be without prejudice to the security obligations provided for in Articles 32 to 34 of Regulation (EU) 2016/679.
Amendment 498 #
2017/0003(COD)
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. The independent supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Regulation. Chapter VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to users and end- users.
Amendment 499 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication contenafter receipt by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third partparty, which could be the provider of the electronic communication service, specifically entrusted by them subscriber to record, store or otherwise process such data,. The subscriber may further process the data in accordance with Regulation (EU) 2016/679, if applicable.
Amendment 500 #
2017/0003(COD)
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. The supervisory authority or authorities referred to in paragraph 1 shall cooperate whenever appropriate with national regulatory authorities established pursuant to the [Directive Establishing the European Electronic Communications Code], and vice versa.
Amendment 501 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) draw up guidelines for supervisory authorities concerning the application of Article 9(1) and the particularities of expression of consent by legal entities;
Amendment 502 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)
Article 19 – paragraph 1 – point b b (new)
(b b) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for types of services that may be requested for purely individual or work-related usage as referred to in Article 6(3a);
Amendment 503 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b c (new)
Article 19 – paragraph 1 – point b c (new)
(b c) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for: (i) security updates referred to in Article 8(1)(e); (ii) the interference in the context of employment relationships referred to in Article 8(1)(f); (iv) the collection processing of information emitted by the terminal equipment referred to in Article 8(2)(c); (v) technical specifications and signalling methods that fulfil the conditions for consent and objection pursuant to Article 8(2a). (vi) software settings referred to in Article 10(1) and (2); and (vii) technical measures according to ensure confidentiality and integrity of the communication pursuant to Article 17(1).
Amendment 505 #
2017/0003(COD)
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, every user and end-user of electronic communications services and, where applicable, every body, organisation or association, shall have the same remedies provided for in Articles 77, 78, 79, and 7980 of Regulation (EU) 2016/679.
Amendment 506 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Without prejudice to point (b) and (c) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication.
Amendment 508 #
2017/0003(COD)
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadata may be keptonly the metadata that is strictly necessary for this purpose may be kept at the request of the subscriber until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.
Amendment 512 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point a
Article 23 – paragraph 2 – point a
(a) the obligations of any legal or natural person who process electronic communications datathe providers of publicly available directories pursuant to Article 815;
Amendment 513 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point b
Article 23 – paragraph 2 – point b
(b) the obligations of the provider of software enablingany legal or natural person who uses electronic communications, services pursuant to Article 106;
Amendment 513 #
2017/0003(COD)
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of information stored in and, related to eand- processed by users’' terminal equipment
Amendment 514 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point c
Article 23 – paragraph 2 – point c
(c) the obligations of the providers of publicly available directorinumber-based interpersonal communication services pursuant to Articles 152, 13 and 14;
Amendment 515 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point d
Article 23 – paragraph 2 – point d
(d) the obligations of any legal or natural person who usesthe provider of an electronic communications services pursuant to Article 167.
Amendment 515 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of input, output, processing and storage capabilities of terminal equipment and the collectionprocessing of information from end-users’ terminal equipment, including about' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 516 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7following provisions of this Regulation shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.higher: - the principle of confidentiality of communications pursuant to Article 5; - the permitted processing of electronic communications data, pursuant to Article 6, - the time limits for erasure and the confidentiality obligations pursuant to Article 7; - the obligations of any legal or natural person who process electronic communications data pursuant to Article 8; - the requirements for consent pursuant to Article 9; - the obligations of the provider of software enabling electronic communications, pursuant to Article 10;
Amendment 518 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 4
Article 23 – paragraph 4
Amendment 521 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) it is strictly technically necessary for the sole purpose of carrying out the transmission of an electronic communication over an electronic communications networkservice; or
Amendment 523 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service or use a terminal equipment, for the duration strictly technically necessary for that purpose; or
Amendment 524 #
2017/0003(COD)
Proposal for a regulation
Article 25 – paragraph 6
Article 25 – paragraph 6
6. A delegated act adopted pursuant to Article 8(4) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of twohree months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by twohree months at the initiative of the European Parliament or of the Council.
Amendment 525 #
2017/0003(COD)
1. The Commission shall be assisted by the Communications Committee established under Article 11093 of the [Directive establishing the European Electronic Communications Code]Regulation (EU) 2016/679. That committee shall be a committee within the meaning of Regulation (EU) No 182/201129 . _________________ 29 Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13–18).
Amendment 526 #
2017/0003(COD)
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC isand Commission Regulation 611/2013 are repealed with effect from 25 May 2018.
Amendment 535 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) it is strictly technically necessary for providing an information society service specifically requested by the end-ususer, for the duration necessary for that provision of the service, provided that the provision of that specific service cannot be fulfilled without the processing of such information by the provider; or
Amendment 539 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
Amendment 553 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d a (new)
Article 8 – paragraph 1 – point d a (new)
(d a) it is strictly technically necessary for a security update, provided that: (i) such updates are discreetly packaged and do not in any way change the functionality of the hardware or software or the privacy settings chosen by the user; (ii) the user is informed in advance each time such an update is being installed;and (iii) the user has the possibility to postpone or turn off the automatic installation of such updates;
Amendment 562 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point d b (new)
Article 8 – paragraph 1 – point d b (new)
(d b) in the context of employment relationships, it is strictly technically necessary for the execution of an employee's task, where: (i) the employer provides and/or is the subscriber of the terminal equipment; (ii) the employee is the user of the terminal equipment;and (iii) it is not further used for monitoring the employee.
Amendment 583 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
Amendment 597 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
Amendment 605 #
2017/0003(COD)
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
Amendment 610 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EUin Regulation (EU) 2016/679/EU, including, inter alia, in its Articles 4(11), 7 and 8, shall apply.
Amendment 620 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed and withdrawn by using the appropriate technical settings of a software application enabling access to thpecifications for electronic communications services or information society services which allow for specific consent for specific purposes and with regard to specific service providers actively selected by the user in each case, pursuant to paragraph 1. When such technical specifications are used by the user's terminal equipment or the software running on it, they may signal the user's preferences based on previous active selections by him or her. These signals shall be binternetding on, and enforceable against, any other party.
Amendment 632 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) ofWithout prejudice to paragraph 2, users who have given their consent pursuant to Article 6 or Article 6(3)8 shall be gihaven the possibilityright to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and shall be reminded of this possibility by the providers at periodic intervals of 6 months, as long as the processing continues.
Amendment 633 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
3 a. Without prejudice to Article 7(4) of Regulation (EU) 2016/679, a user shall not be denied access to any electronic communications service, information society service or functionality of a terminal equipment, regardless of whether this is remunerated or not, on the mere grounds that he or she has not given his or her consent to (a) the processing of electronic communications data, metadata or content pursuant to Article 6;or (b) the use of input, output, processing and storage capabilities of terminal equipment and the processing of information related to or processed by the users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, pursuant to Article 8(1) that is technically not strictly necessary for the provision of that service or functionality.
Amendment 634 #
2017/0003(COD)
Proposal for a regulation
Article 9 – paragraph 3 b (new)
Article 9 – paragraph 3 b (new)
3 b. Any processing based on consent must not adversely affect the rights and freedoms of individuals whose personal data are related to or transmitted by the communication, in particular their rights to privacy and the protection of personal data.
Amendment 638 #
2017/0003(COD)
Proposal for a regulation
Article 10 – title
Article 10 – title
Amendment 639 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. SHardware and software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the optionthat enable the access to and use of electronic communications services or the access to and use of information society services shall be able to prevent othirder parties from ustoring information on the terminal equipment of an end-user or processing information already stored on that equipmentput, output, processing and storage capabilities of terminal equipment and the processing of information related to or processed by a users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware.
Amendment 655 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, requiBy default, such hardware or software shall have activated privacy settings that prevent other parties from exercising the activities referred to in paragraph 1. If the hardware or software allows for deviating settings, the user shall be informed about the privacy settings options during first use or installation and shall be offered the end-user to consent to a settingpossibility to change or confirm them.
Amendment 659 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2 a. For the purposes of (a) giving or withdrawing consent pursuant to Article 9(2) of this Regulation, and (b) objecting to the processing of personal data pursuant to Article 21(5) of Regulation (EU) 2017/679, the settings shall lead to a signal based on technical specifications which is sent to the other parties to inform them about the user's intentions with regard to consent or objection.This signal shall be legally valid and be binding on, and enforceable against, any other party. The European Data Protection Board shall issue guidelines to determine which technical specifications and signalling methods fulfil the conditions for consent and objection pursuant to points (a) and (b).
Amendment 665 #
2017/0003(COD)
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1, 2 and 2a shall be complied with at the time of the first update of the software, but no later than 25 August 2018.
Amendment 670 #
2017/0003(COD)
Proposal for a regulation
Article 11
Article 11
Amendment 678 #
2017/0003(COD)
Proposal for a regulation
Article 11 a (new)
Article 11 a (new)
Article 11 a Restrictions on the rights of the user or subscriber 1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (c) defence; (d) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.
Amendment 681 #
2017/0003(COD)
Proposal for a regulation
Article 11 b (new)
Article 11 b (new)
Article 11 b Restrictions of the confidentiality of communications 1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.It shall also require prior judicial authorisation for any access to content or metadata. 3.No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.
Amendment 683 #
2017/0003(COD)
Proposal for a regulation
Article 11 c (new)
Article 11 c (new)
Article 11 c Documentation and reporting of restrictions 1.Providers of electronic communications services shall keep documentation about requests made by competent authorities to access communications content or metadata pursuant to Article 11b(2).This documentation shall include for each request: (a) the in-house staff member who handled the request; (b) the identity of the body making the request; (c) the purpose for which the information was sought; (d) the date and time of the request; (e) the legal basis and authority for the request, including the identity and status or function of the official submitting the request; (f) the judicial authorisation of the request; (g) the number of subscribers to whose data the request related; (h) the data provided to the requesting authority;and (i) the period covered by the data. The documentation shall be made available to the competent supervisory authority upon request. 2.Member States' competent authorities shall publish once per year a report with statistical information per month about data access requests pursuant to Article 11b(2), including requests that were not authorised by a judge, including, but not limited to, the following points: (a) the number of requests; (b) the categories of purposes for the request; (b) the categories of data requested; (c) the legal basis and authority for the request; (d) the number of subscribers to whose data the request related; (e) the period covered by the data; The reports shall also contain statistical information per month about any other restrictions pursuant to Articles 11a and 11b.
Amendment 686 #
2017/0003(COD)
Proposal for a regulation
Article 12 – paragraph 1 – point a
Article 12 – paragraph 1 – point a
(a) the calling end-ususer or subscriber with the possibility of preventing the presentation of the calling line identification on a per call, per connection or permanent basis;
Amendment 687 #
2017/0003(COD)
Proposal for a regulation
Article 12 – paragraph 1 – point b
Article 12 – paragraph 1 – point b
(b) the called end-ususer or subscriber with the possibility of preventing the presentation of the calling line identification of incoming calls;
Amendment 688 #
2017/0003(COD)
Proposal for a regulation
Article 12 – paragraph 1 – point c
Article 12 – paragraph 1 – point c
(c) the called end-ususer or subscriber with the possibility of rejecting incoming calls where the presentation of the calling line identification has been prevented by the calling end-ususer or subscriber;
Amendment 689 #
2017/0003(COD)
Proposal for a regulation
Article 12 – paragraph 1 – point d
Article 12 – paragraph 1 – point d
(d) the called end-ususer or subscriber with the possibility of preventing the presentation of the connected line identification to the calling end-ususer or subscriber.
Amendment 690 #
2017/0003(COD)
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
Amendment 692 #
2017/0003(COD)
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Regardless of whether the calling end-ususer or subscriber has prevented the presentation of the calling line identification, where a call is made to emergency services, providers of publicly available number-based interpersonal communications services shall override the elimination of the presentation of the calling line identification and the denial or absence of consent of an end- user for the processing of metadata, on a per-line basis for organisations dealing with emergency communications, including public safety answering points, for the purpose of responding to such communications.
Amendment 693 #
2017/0003(COD)
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. Member States shall establish more specific provisionsThe Commission shall be empowered to adopt implementing measures in accordance with Article 26(1) with regard to the establishment of procedures and the circumstances where providers of publicly available number- based interpersonal communication services shall override the elimination of the presentation of the calling line identification on a temporary basis, where end-ususers or subscribers request the tracing of malicious or nuisance calls.
Amendment 694 #
2017/0003(COD)
Proposal for a regulation
Article 14 – paragraph 1 – introductory part
Article 14 – paragraph 1 – introductory part
Providers of publicly available number- based interpersonal communications services shall deploy state of the art measures to limit the reception of unwanted calls by end-users and shall also provide the called end-user with the following possibilities, free of charge:
Amendment 695 #
2017/0003(COD)
Proposal for a regulation
Article 14 – paragraph 1 – point a
Article 14 – paragraph 1 – point a
(a) to block incoming calls from specific numbers, or numbers having a specific code or prefix identifying the fact that the call is a marketing call referred to in Article 16(3)(b), or from anonymous sources;
Amendment 696 #
2017/0003(COD)
Proposal for a regulation
Article 14 – paragraph 1 – point b
Article 14 – paragraph 1 – point b
(b) to stop automatic call forwarding by a third party to the end-ussubscriber's terminal equipment.
Amendment 699 #
2017/0003(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The providers of publicly available directories or the electronic communication service providers shall obtain the consent of end- ussubscribers who are natural persons to include their personal data in the directory and, consequently, shall obtain consent from these end-ussubscribers for inclusion of data per category of personal data, to the extent that such data are relevantnecessary for the purpose of the directory as determined by the provider of the directory. P. Without prejudice to Articles 12 to 22 of Regulation (EU) 2016/679, providers shall give end-ussubscribers who are natural persons the means to verify, correct and delete such data.
Amendment 712 #
2017/0003(COD)
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The providers of a publicly available directory shall inform end-ussubscribers who are natural persons whose personal data are in the directory of the available search functions of the directory and obtain end-ussubscribers’' consent before enabling such search functions related to their own data.
Amendment 721 #
2017/0003(COD)
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The providers of publicly available directories shall provide end-ussubscribers that are legal persons with the possibility to object to data related to them being included in the directory. Providers shall give such end-ussubscribers that are legal persons the means to verify, correct and delete such data.
Amendment 723 #
2017/0003(COD)
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. TWithout prejudice to Article 12(5) of Regulation (EU) 2016/679, the information to the subscribers and the possibility for end-ussubscribers not to be included in a publicly available directory, or to verify, correct and delete any data related to them shall be provided free of charge.
Amendment 736 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Natural or legal persons may use electronic communications services for the purposes of sendingpresenting or sending unsolicited or direct marketing communications to end-ussubscribers who are natural persons thatonly if these have given their explicit consent.
Amendment 738 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Where a natural or legal person obtains electronic contact details for electronic mail from its customer, in the context of the sale of a product or a service, in accordance with Regulation (EU) 2016/679, that natural or legal person may use these electronic contact details for direct marketing of its own similar products or services only if customers are clearly and distinctly given the opportunity to object, free of charge and in an easy manner, to such use. The customer shall be informed about the right to object and shall be given an easy way to exercise it at the time of collection and each time a message is sent.
Amendment 747 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 3 – point a
Article 16 – paragraph 3 – point a
(a) present the identity of a line on which they can be contacted; orand
Amendment 753 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
Amendment 758 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 5
Article 16 – paragraph 5
5. Member States shall ensure, in the framework of Union law and applicable national law, that the legitimate interest of end-ussubscribers that are legal persons with regard to unsolicited communications sent to them by means set forth under paragraph 1 are sufficiently protected. Member States shall specifically provide that the placing of direct marketing voice-to-voice calls to subscribers who are legal persons shall only be allowed in respect of subscribers who have not expressed their objection or have consented to receiving those communications. Member States shall provide that subscribers can object to receiving the unsolicited communications via a national Do Not Call Register, thereby also ensuring that the user is only required to opt out once.
Amendment 760 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. Any natural or legal person using electronic communications services to transmit direct marketing communications shall inform end-usclearly and visibly inform subscribers of the marketing nature of the communication and the identity of the legal or natural person transmitting the communication and on behalf of whom the communication is transmitted and shall provide the necessary information and means for recipients to exercise their right to withdraw their consent or to object, in an easy manner, to receiving further marketing communications.
Amendment 764 #
2017/0003(COD)
Proposal for a regulation
Article 16 – paragraph 7
Article 16 – paragraph 7
7. The Commission shall be empowered to adopt implementing measures in accordance with Article 26(2) specifying the code/ or prefix to identify marketing calls, pursuant to point (b) of paragraph 3.
Amendment 767 #
2017/0003(COD)
Proposal for a regulation
Article 17 – title
Article 17 – title
Integrity of the communications and information about detected security risks
Amendment 770 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 776 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 a (new)
Article 17 – paragraph 1 a (new)
Providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and integrity of the communication in transmission or stored are also guaranteed by technical measures according to the state of the art, including end-to-end encryption of the electronic communications data. When encryption of electronic communications data is used, decryption by anybody else than the user shall be prohibited. Member States shall not impose any obligations on electronic communications service providers or on hardware or software manufacturers that would result in the weakening of the confidentiality and integrity of their networks and services of the terminal equipment, including the encryption methods used.
Amendment 778 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 b (new)
Article 17 – paragraph 1 b (new)
Providers of electronic communications services, providers of information society services, and manufacturers of hardware and software permitting the retrieval and presentation of information on the internet shall not use any means, no matter if technical, operational, or by terms of use or by contracts, that could prevent users and subscribers from applying the best available techniques against intrusions and interceptions and to secure their networks, terminal equipment and electronic communications. Breaking, decrypting, restricting or circumventing such measure taken by users or subscribers shall be prohibited.
Amendment 780 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 c (new)
Article 17 – paragraph 1 c (new)
In the case of a particular risk that may compromise the security of networks, electronic communications services, information society services, hardware or software, the relevant provider or manufacturer shall inform all subscribers of such a risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform subscribers of any possible remedies. It shall also inform the relevant manufacturer and service provider.
Amendment 781 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 d (new)
Article 17 – paragraph 1 d (new)
As regards the security of networks and services and related security obligations, the obligations of Article 40 of the [European Electronic Communications Code] shall apply mutatis mutandis to all services in the scope of this Regulation.
Amendment 782 #
2017/0003(COD)
Proposal for a regulation
Article 17 – paragraph 1 e (new)
Article 17 – paragraph 1 e (new)
This Article shall be without prejudice to the obligations provided for in Articles 32 to 34 of Regulation (EU) 2016/679 and the obligations provided for in Directive (EU) 2016/1148.
Amendment 783 #
2017/0003(COD)
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. The independent supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Regulation. Chapter VI and VII of Regulation (EU) 2016/679 shall apply mutatis mutandis. The tasks and powers of the supervisory authorities shall be exercised with regard to end-usersWhere Regulation (EU) 2016/679 refers to data subjects, the tasks and powers of the supervisory authorities shall be exercised with regard to users and subscribers under this Regulation. Where Regulation (EU) 2016/679 refers to data controllers, the tasks and powers of the supervisory authorities shall be exercised with regard to providers of electronic communications services and information society services, and manufacturers of hardware and software under this Regulation.
Amendment 786 #
2017/0003(COD)
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. The supervisory authority or authorities referred to in paragraph 1 shall cooperate whenever appropriate with national regulatory authorities established pursuant to the [Directive Establishing the European Electronic Communications Code], and vice versa.
Amendment 788 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b a (new)
Article 19 – paragraph 1 – point b a (new)
(b a) draw up guidelines for supervisory authorities concerning the application of Article 9(1) and the particularities of expression of consent by legal entities;
Amendment 789 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b b (new)
Article 19 – paragraph 1 – point b b (new)
(b b) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for types of services that may be requested for purely individual or work-related usage as referred to in Article 6(3a);
Amendment 790 #
2017/0003(COD)
Proposal for a regulation
Article 19 – paragraph 1 – point b c (new)
Article 19 – paragraph 1 – point b c (new)
(b c) issue guidelines, recommendations and best practices in accordance with point (b) of this paragraph for the purpose of further specifying the criteria and requirements for: (i) security updates referred to in Article 8(1)(e); (ii) the interference in the context of employment relationships referred to in Article 8(1)(f); (iv) the processing of information emitted by the terminal equipment referred to in Article 8(2)(c); (v) technical specifications and signalling methods that fulfil the conditions for consent and objection pursuant to Article 8(2a). (vi) software settings referred to in Article 10(1) and (2); and (vii) technical measures to ensure confidentiality and integrity of the communication pursuant to Article 17(1).
Amendment 791 #
2017/0003(COD)
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, every end-ususer and subscriber of electronic communications services and, where applicable, every body, organisation or association, shall have the same remedies provided for in Articles 77, 78, 79, and 7980 of Regulation (EU) 2016/679.
Amendment 794 #
2017/0003(COD)
Proposal for a regulation
Article 21 – paragraph 2
Article 21 – paragraph 2
2. Any natural or legal person other than end-ususers or subscribers adversely affected by infringements of this Regulation and having a legitimate interest in the cessation or prohibition of alleged infringements, including a provider of electronic communications services protecting its legitimate business interests, shall have a right to bring legal proceedings in respect of such infringements.
Amendment 798 #
2017/0003(COD)
Proposal for a regulation
Article 22 – paragraph 1
Article 22 – paragraph 1
Any end-ususer or subscriber of electronic communications services who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the infringer for the damage suffered, unless the infringer proves that it is not in any way responsible for the event giving rise to the damage in accordance with. Article 82 of Regulation (EU) 2016/679. shall apply mutatis mutandis also for subscribers which are legal persons.
Amendment 801 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point a
Article 23 – paragraph 2 – point a
Amendment 802 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point a a (new)
Article 23 – paragraph 2 – point a a (new)
(a a) the obligations of the providers of electronic communications services for documentation, pursuant to Article 11c(1);
Amendment 805 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point b
Article 23 – paragraph 2 – point b
Amendment 806 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 2 – point d a (new)
Article 23 – paragraph 2 – point d a (new)
(d a) the obligations of the providers of publicly available number-based interpersonal communication services pursuant to Article 12, 13 and 14.
Amendment 808 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7following provisions of this Regulation shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.:
Amendment 810 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 3 – subparagraph 1 (new)
Article 23 – paragraph 3 – subparagraph 1 (new)
(a) the principle of confidentiality of communications pursuant to Article 5; (b) the permitted processing of electronic communications data, pursuant to Article 6, (c) the time limits for erasure and the confidentiality obligations pursuant to Article 7; (d) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8; (e) the requirements for consent pursuant to Article 9; (f) the obligations of the provider of software enabling electronic communications, pursuant to Article 10; (g) the obligations of the providers of electronic communications services, of the providers of information society services, or of the manufacturers of hardware and software permitting the retrieval and presentation of information on the internet pursuant to Article 17.
Amendment 811 #
2017/0003(COD)
Proposal for a regulation
Article 23 – paragraph 4
Article 23 – paragraph 4
Amendment 816 #
2017/0003(COD)
Proposal for a regulation
Article 25
Article 25
Amendment 817 #
2017/0003(COD)
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. The Commission shall be assisted by the Communications Committee established under Article 11093 of the [Directive establishing the European Electronic Communications Code]Regulation (EU) 2016/679. That committee shall be a committee within the meaning of Regulation (EU) No 182/201129 . _________________ 29 Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13–18).
Amendment 819 #
2017/0003(COD)
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Directive 2002/58/EC isand Commission Regulation 611/2013 are repealed with effect from 25 May 2018.
Amendment 59 #
2017/0002(COD)
Proposal for a regulation
Recital 7 a (new)
Recital 7 a (new)
(7a) The data protection legal framework for processing in the course of activities of Union institutions and bodies in the areas of freedom, security and justice and of the common foreign and security policy remains fragmented and creates legal uncertainty. This Regulation should therefore provide for harmonised rules for the protection and the free movement of personal data processed by the Union institutions and bodies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of Part Three of the TFEU and Chapter 2 of Title V of the TEU.
Amendment 61 #
2017/0002(COD)
Proposal for a regulation
Recital 8
Recital 8
(8) In Declaration No 21 on the protection of personal data in the fields of judicial cooperation in criminal matters and police cooperation, annexed to the final act of the intergovernmental conference which adopted the Treaty of Lisbon, the conference acknowledged that specific rules on the protection of personal data and the free movement of personal data in the fields of judicial cooperation in criminal matters and police cooperation based on Article 16 TFEU could prove necessary because of the specific nature of those fields. This Regulation should therefore apply to Union agencies carrying out activities in the fields of judicial cooperation in crimiFurthermore, the field of common foreign and security policy also has a specific nature and specific rules on the protection of personal data and the free movement of personal data could prove necessary as well. It is therefore appropriate to regulate the processing of operational personal mdatters and police cooperation only to the extent that Union law applicable to such agencies does not contain specific rules on the processing of personal data. a, such as personal data processed for criminal investigation purposes, by Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by missions referred to in Article 42(1), 43 and 44 of the TEU by specific rules, derogating from a number of general rules of this Regulation. Those specific rules are aligned with the provisions of the Directive (EU) 2016/680 and should be interpreted homogenously. Processing of administrative personal data by those bodies, offices or agencies, such as staff data, should be covered by this Regulation.
Amendment 69 #
2017/0002(COD)
Proposal for a regulation
Recital 10
Recital 10
(10) Where the founding act of a Union agency carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty lays down a standalone data protection regime for the processing of operational personal data, such regimes should be unaffected byoverridden by the provisions in this Regulation. This Regulation should therefore repeal specific articles in specific acts that could potentially conflict with the provisions in this Regulation. However, the Commission should, in accordance with Article 62 of Directive (EU) 2016/680, by 6 May 2019 review Union acts which regulate processing by the competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and, where appropriate, make the necessary proposals to amend those acts to ensure a consistent approach to the protection of personal data in the area of judicial cooperation in criminal matters and police cooperation.
Amendment 78 #
2017/0002(COD)
Proposal for a regulation
Recital 18
Recital 18
(18) The Union law including the internal rules referred to in this Regulation should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the Court of Justice of the European Union and the European Court of Human Rights.
Amendment 84 #
2017/0002(COD)
Proposal for a regulation
Recital 26
Recital 26
(26) The processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be subject to appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation. Those safeguards should ensure that technical and organisational measures are in place in order to ensure, in particular, the principle of data minimisation. The further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is to be carried out when the controller has assessed the feasibility to fulfil those purposes by processing data which do not permit or no longer permit the identification of data subjects, provided that appropriate safeguards exist (such as, for instance, pseudonymisation of the data). Union institutions and bodies should provide for appropriate safeguards for the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in Union law, which may include internal rules.
Amendment 88 #
2017/0002(COD)
Proposal for a regulation
Recital 37 – paragraph 1
Recital 37 – paragraph 1
Legal acts adopted on the basis of the Treaties or internal rules of Union institutions and bodies may impose restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data portability, confidentiality of electronic communications as well as the communication of a personal data breach to a data subject and certain related obligations of the controllers, as far as necessary and proportionate in a democratic society to safeguard public security, the prevention, investigation and prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, including the protection of human life especially in response to natural or manmade disasters, internal security of Union institutions and bodies, other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, the keeping of public registers kept for reasons of general public interest or the protection of the data subject or the rights and freedoms of others, including social protection, public health and humanitarian purposes.
Amendment 90 #
2017/0002(COD)
Proposal for a regulation
Recital 37 – paragraph 2
Recital 37 – paragraph 2
Amendment 92 #
2017/0002(COD)
Proposal for a regulation
Recital 49
Recital 49
(49) The European Data Protection Supervisor should be informed about administrative measures and internal rules of Union institutions and bodies which provide for the processing of personal data, lay down conditions for restrictions of data subject rights or provide appropriate safeguards for data subject rights, in order to ensure compliance of the intended processing with this Regulation and in particular to mitigate the risk involved for the data subject.
Amendment 96 #
2017/0002(COD)
Proposal for a regulation
Recital 65
Recital 65
(65) In certain instances, Union law provides for a model of coordinated supervision, shared between the European Data Protection Supervisor and the national supervisory authorities. Moreover, the European Data Protection Supervisor is the supervisory authority of Europol and a specific model of cooperation with the national supervisory authorities is established through a cooperation board with an advisory function. In order to improve the effective supervision and enforcement of substantive data protection rules, a single, coherent model of coordinated supervisthis Regulation should be introduced in the Union. The Commission should therefor a single, wcohere appropriate, submit legislative proposals with a view to amending Union legal acts providing for a model of coordinated supervision, in order to align them with the coordinated supervision model of this Regulatnt model of coordinated supervision. The European Data Protection Board should serve as a single forum for ensuring the effective coordinated supervision across the board.
Amendment 105 #
2017/0002(COD)
Proposal for a regulation
Article 2 – paragraph 2 a (new)
Article 2 – paragraph 2 a (new)
2a. This Regulation shall also apply to Union agencies carrying out activities which fall within the scope of Chapters 4 and 5 of Title V of the Treaty, including where the founding acts of these Union agencies lay down a standalone data protection regime for the processing of operational personal data. The provisions in this Regulation shall take precedence over the conflicting provisions in the founding acts of these Union agencies.
Amendment 108 #
2017/0002(COD)
Proposal for a regulation
Article 3 – paragraph 2 – point d a (new)
Article 3 – paragraph 2 – point d a (new)
(da) 'operational personal data' means personal data processed by the Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by the missions referred to in Article 42(1), 43 and 44 of the TEU, for the purposes of meeting the objectives laid down in acts establishing those agencies or missions.
Amendment 121 #
2017/0002(COD)
Proposal for a regulation
Article 9 – paragraph 1 – introductory part
Article 9 – paragraph 1 – introductory part
1. Without prejudice to Articles 4, 5, 6, 10, 14, 15(3) and 106(4), personal data shall only be transmitted to recipients established in the Union and subject to Regulation (EU) 2016/679 or to the national law adopted pursuant to Directive (EU) 2016/680, if the recipient establishescontroller demonstrates, on the basis of a reasoned request by the recipient:
Amendment 124 #
2017/0002(COD)
(b) that it is necessary to have the data transmitted, it is proportionate toproportionate and necessary for the purposes of the transmission and if there is no reason to assume that the data subject's rights and freedoms and legitimate interests might be prejudicedserving a public interest such as transparency or good administration.
Amendment 128 #
2017/0002(COD)
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
Processing of personal data relating to criminal convictions and offences or related security measures pursuant to Article 5(1) may be carried out only if authorised by Union law, which may include internal rules, providing the appropriate specific safeguards for the rights and freedoms of data subjects.
Amendment 138 #
2017/0002(COD)
Proposal for a regulation
Article 25 – paragraph 1 – introductory part
Article 25 – paragraph 1 – introductory part
1. Legal acts adopted on the basis of the Treaties or, in matters relating to the operation of the Union institutions and bodies, internal rules laid down by the latter, which should be clear and precise and their application should be foreseeable to persons subject to it, may restrict the application of Articles 14 to 22, 34 and 38, as well as Article 4 in so far as its provisions correspond to the rights and obligations provided for in Articles 14 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
Amendment 144 #
2017/0002(COD)
Proposal for a regulation
Article 25 – paragraph 2
Article 25 – paragraph 2
Amendment 146 #
2017/0002(COD)
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
3. Where personal data are processed for scientific or historical research purposes or statistical purposes, Union law, which may include internal rules, may provide for derogations from the rights referred to in Articles 17, 18, 20 and 23 subject to the conditions and safeguards referred to in Article 13 in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
Amendment 149 #
2017/0002(COD)
Proposal for a regulation
Article 25 – paragraph 4
Article 25 – paragraph 4
4. Where personal data are processed for archiving purposes in the public interest, Union law, which may include internal rules, may provide for derogations from the rights referred to in Articles 17, 18, 20, 21, 22 and 23 subject to the conditions and safeguards referred to in Article 13 in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
Amendment 150 #
2017/0002(COD)
Proposal for a regulation
Article 25 – paragraph 5
Article 25 – paragraph 5
Amendment 166 #
2017/0002(COD)
Proposal for a regulation
Article 41 – paragraph 1
Article 41 – paragraph 1
The Union institutions and bodies shall inform the European Data Protection Supervisor when drawing up administrative measures and internal rules relating to the processing of personal data involving a Union institution or body alone or jointly with others.
Amendment 174 #
2017/0002(COD)
Proposal for a regulation
Article 44 – paragraph 4
Article 44 – paragraph 4
4. The data protection officer may be a staff member of the Union institution or body, or, taking into account the organisational structure and size of the Union institution or body, fulfil the tasks on the basis of a service contract.
Amendment 187 #
Amendment 188 #
2017/0002(COD)
Proposal for a regulation
Article 52 a (new)
Article 52 a (new)
Article 52 a Scope By way of derogation from Articles 4, 6, 7, 8, 10, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 35, 41, 43, 49, 50 and 51, the provisions of this Chapter shall apply to processing of operational data by Union agencies established on the basis of Chapters 4 and 5 of Title V of Part Three of the TFEU and by missions referred to in Article 42(1), 43 and 44 of the TEU.
Amendment 189 #
2017/0002(COD)
Proposal for a regulation
Article 52 b (new)
Article 52 b (new)
Amendment 190 #
2017/0002(COD)
Proposal for a regulation
Article 52 c (new)
Article 52 c (new)
Article 52 c Lawfulness of processing 1. Processing shall be lawful only if and to the extent that processing is necessary for the performance of a task carried out by Union agencies and missions and that it is based on Union law. 2. Union law specifying and complementing this Regulation as regards the processing within the scope of this Chapter shall specify the objectives of processing, the personal data to be processed and the purposes of the processing.
Amendment 191 #
2017/0002(COD)
Proposal for a regulation
Article 52 d (new)
Article 52 d (new)
Amendment 192 #
2017/0002(COD)
Proposal for a regulation
Article 52 e (new)
Article 52 e (new)
Article 52 e Distinction between personal data and verification of quality of personal data 1. Union agencies and missions shall distinguish personal data based on facts from personal data based on personal assessments. 2. Union agencies and missions shall process personal data in such a way that it can be established which authority provided the data or where the data has been retrieved from. 3. Union agencies and missions shall ensure that personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available. To that end, Union agencies and missions shall verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of personal data, Union agencies and missions shall add necessary information enabling the recipient to assess the degree of accuracy, completeness and reliability of personal data, and the extent to which they are up to date shall be added. 4. If it emerges that incorrect personal data have been transmitted or personal data have been unlawfully transmitted, the recipient shall be notified without delay. In such a case, the personal data shall be rectified or erased or processing shall be restricted.
Amendment 193 #
2017/0002(COD)
Proposal for a regulation
Article 52 f (new)
Article 52 f (new)
Article 52 f Specific processing conditions 1. When Union agencies and missions provide for specific conditions for processing, they shall inform the recipient of such personal data of those conditions and the requirement to comply with them. 2. Union agencies and missions shall comply with specific processing conditions for processing provided by a national authority in accordance with Article 9 (3) and (4) of Directive (EU) 2016/680.
Amendment 194 #
2017/0002(COD)
Proposal for a regulation
Article 52 g (new)
Article 52 g (new)
Amendment 195 #
2017/0002(COD)
Proposal for a regulation
Article 52 h (new)
Article 52 h (new)
Article 52 h Processing of special categories of personal data 1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning a natural person's sex life or sexual orientation shall be allowed only where strictly necessary for the performance of tasks of Union agencies and missions, subject to appropriate safeguards for the rights and freedoms of the data subject and only if they supplement other operational personal data already processed by Union agencies and missions. 2. The data protection officer shall be informed immediately of recourse to this Article.
Amendment 196 #
2017/0002(COD)
Proposal for a regulation
Article 52 i (new)
Article 52 i (new)
Article 52 i Automated individual decision-making, including profiling The data subject shall have the right not to be subject to a decision of Union agencies and missions based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.
Amendment 197 #
2017/0002(COD)
Proposal for a regulation
Article 52 j (new)
Article 52 j (new)
Amendment 198 #
2017/0002(COD)
Proposal for a regulation
Article 52 k (new)
Article 52 k (new)
Article 52 k Right of access by the data subject The data subject shall have the right to obtain from Union agencies and missions confirmation as to whether or not personal data concerning that subject are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of and legal basis for the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from Union agencies and missions rectification or erasure of personal data or restriction of processing of personal data concerning the data subject; (f) the right to lodge a complaint with the European Data Protection Supervisor and his or her contact details; (g) communication of the personal data undergoing processing and of any available information as to their origin.
Amendment 199 #
2017/0002(COD)
Proposal for a regulation
Article 52 l (new)
Article 52 l (new)
Article 52 l Limitations to the right of access 1. Union agencies and missions may restrict, wholly or partly, the data subject's right of access to the extent that, and for as long as, such a partial or complete restriction is provided for by a legal act adopted on the basis of the Treaties and constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the natural person concerned, in order to: (a) avoid obstructing official or legal inquiries, investigations or procedures; (b) avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; (c) protect public security of the Member States; (d) protect national security of the Member States; (e) protect the rights and freedoms of others. 2. In the cases referred to in paragraph 1, Union agencies and missions shall inform the data subject, without undue delay, in writing of any refusal or restriction of access and of the reasons for the refusal or the restriction. Such information may be omitted where the provision thereof would undermine a purpose under paragraph 1. Union agencies and missions shall inform the data subject of the possibility of lodging a complaint with the European Data Protection Supervisor or seeking a judicial remedy in the Court of Justice of the European Union. 3. Union agencies and missions shall document the factual or legal reasons on which the decision is based. That information shall be made available to the European Data Protection Supervisor on request.
Amendment 200 #
2017/0002(COD)
Proposal for a regulation
Article 52 m (new)
Article 52 m (new)
Amendment 201 #
2017/0002(COD)
Proposal for a regulation
Article 52 n (new)
Article 52 n (new)
Amendment 202 #
2017/0002(COD)
Proposal for a regulation
Article 52 o (new)
Article 52 o (new)
Article 52 o Logging 1. Union agencies and missions shall keep logs for any of the following processing operations in automated processing systems: collection, alteration, consultation, disclosure including transfers, combination and erasure. The logs of consultation and disclosure shall make it possible to establish the justification for, and the date and time of, such operations, the identification of the person who consulted or disclosed personal data, and, as far as possible, the identity of the recipients of such personal data. 2. The logs shall be used solely for verification of the lawfulness of processing, self-monitoring, ensuring the integrity and security of the personal data, and for criminal proceedings. Such logs shall be deleted after three years, unless they are required for on-going control. 3. Union agencies or missions shall make the logs available to their data protection officer and to the European Data Protection Supervisor on request.
Amendment 203 #
2017/0002(COD)
Proposal for a regulation
Article 52 p (new)
Article 52 p (new)
Amendment 204 #
2017/0002(COD)
Proposal for a regulation
Article 52 q (new)
Article 52 q (new)
Article 52 q Derogations for specific situations 1. In the absence of an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 or Article 36 of Directive (EU) 2016/680, or of appropriate safeguards pursuant to Article 52p, Union agencies and missions may, on a case-by-case basis, transfer personal data to a third country or an international organisation only on the condition that the transfer is proportionate and necessary: (a) in order to protect the vital interests of the data subject or another person; (b) to safeguard legitimate interests of the data subject; (c) for the prevention of an immediate and serious threat to public security of a Member State or a third country; or (d) in individual cases for the performance of the tasks of Union agencies and missions, unless they determine that fundamental rights and freedoms of the data subject concerned override the public interest in the transfer. 2. Union agencies shall seek authorisation from the European Data Protection Supervisor when transferring personal data under point (b) of paragraph 1. 3. Where a transfer is based on paragraph 1, such a transfer shall be documented and the documentation shall be made available to the European Data Protection Supervisor on request, including the date and time of the transfer, and information about the receiving competent authority, about the justification for the transfer and about the personal data transferred.
Amendment 220 #
2017/0002(COD)
Proposal for a regulation
Article 59 – paragraph 3 – point b a (new)
Article 59 – paragraph 3 – point b a (new)
(ba) to authorise or not the processing operations as referred to in Article 40(4);
Amendment 223 #
2017/0002(COD)
Proposal for a regulation
Article 61 – paragraph 1
Article 61 – paragraph 1
The European Data Protection Supervisor shall cooperate with supervisory authorities established under Article 41 of Regulation (EU) 2016/679 and Article 51 of Directive (EU) 2016/680 (hereinafter “"national supervisory authorities”") and with the joint supervisory authority established under Article 25 of Council Decision 2009/917/JHA21 to the extent necessary for the performance of their respective duties, in particular by providing each other with relevant information, requesting national supervisory authoritieseach other to exercise their powers or responding to a request from such authorities. _________________ 21 Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes, OJ L 323, 10.12.2009, p. 20–30each other's requests.
Amendment 228 #
2017/0002(COD)
Proposal for a regulation
Article 62 – paragraph 1
Article 62 – paragraph 1
1. Where a Union act refers to this Article,envisages that the European Data Protection Supervisor shall cooperupervises the processing of personal datea actively with thet the Union level and national supervisory authorities, supervise the processing order to ensure effective supervision of large IT systems or Union agenciesf personal data at national level in a large IT system or a Union body, office or agency, the European Data Protection Supervisor and the national supervisory authorities, each acting within the scope of their respective competencies, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision.
Amendment 231 #
2017/0002(COD)
Proposal for a regulation
Article 62 – paragraph 2
Article 62 – paragraph 2
Amendment 233 #
2017/0002(COD)
Proposal for a regulation
Article 62 – paragraph 3
Article 62 – paragraph 3
3. For the purposes laid down in paragraph 2, the European Data Protection Supervisor shall meet withand the national supervisory authorities shall meet at least twice a year within the framework of the European Data Protection Board. The costs and servicing of those meetings shall be borne by the European Data Protection Board. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointlyFor these purposes, the European Data Protection Board may develop further working methods as necessary.
Amendment 240 #
2017/0002(COD)
Proposal for a regulation
Article 66 – paragraph 2
Article 66 – paragraph 2
2. Infringements of the obligations of the Union institution or body pursuant to Articles 8, 12 27, 28, 29, 30, 31, 32, 33, 37, 38, 39, 40, 44, 45 and 46 shall, in accordance with paragraph 1, be subject to administrative fines up to 25 000 EUR per infringement and up to a total of 250 000 EUR% of the annual budget of the Union institution or body per year.
Amendment 241 #
2017/0002(COD)
3. Infringements of the following provisions by the Union institution or body shall, in accordance with paragraph 1, be subject to administrative fines up to 50 000 EUR per infringement and up to a total of 500 000 EUR4% of the annual budget of the Union institution or body per year:
Amendment 244 #
2017/0002(COD)
Proposal for a regulation
Article 71 a (new)
Article 71 a (new)
Article 71 a Amendments to SIS II Regulation (EC) No 1987/2006 and SIS II Council Decision 2007/533/JHA Article 46 of Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) and Article 62 of Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) are replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 246 #
2017/0002(COD)
Proposal for a regulation
Article 71 b (new)
Article 71 b (new)
Article 71 b Amendments to VIS Regulation (EC) No 767/2008 Article 43 of Regulation (C) No 767/2008 of the European Parliament and the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 248 #
2017/0002(COD)
Proposal for a regulation
Article 71 c (new)
Article 71 c (new)
Article 71 c Amendments to Customs Information System Council Regulation (EC) No 515/97 and Council decision 2009/917/JHA 1. Paragraph (4) of Article 37 of Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]". 2. Article 25 of Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes is hereby deleted. Paragraphs (2) and (3) of Article 26 of that Council Decision are replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 251 #
2017/0002(COD)
Proposal for a regulation
Article 71 d (new)
Article 71 d (new)
Article 71 d Amendments to Europol Regulation (EU) 2016/794 Articles 28, 30, 33, 34, 35, 36, 37, 40, 41, 45, and 46 of Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA are hereby deleted. Article 44 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 253 #
2017/0002(COD)
Proposal for a regulation
Article 71 e (new)
Article 71 e (new)
Article 71 e Amendments to Council Regulation (EU) 2017/XX on EPPO Articles 36e, 36f, 37, 37b, 37c, 37cc, 37ccc, 37d, 37e, 37f, 37g, 37h, 37i, 37j, 37k, 37n, 37o, 41, 41a, 41b, 43a, 43b, 43c, 43d, 43e and 46 of Council Regulation (EU) 2017/... of implementing enhanced cooperation on the establishment of the European Public Prosecutor's Office ("the EPPO") are hereby deleted. Article 45 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 256 #
2017/0002(COD)
Proposal for a regulation
Article 71 f (new)
Article 71 f (new)
Article 71 f Amendments to Eurojust Regulation (EU) 2017/XX Articles 27, 29, 30, 31, 33, 36 and 37 of Regulation (EU) 2017/... of the European Parliament and of the Council on the European Union Agency for Criminal Justice Cooperation (Eurojust) are hereby deleted. Article 35 of that Regulation is replaced with the following: "national supervisory authorities and the EDPS shall, each acting within their respective competences, cooperate with each other in accordance with Article 62 of [New Regulation 45/2001]".
Amendment 257 #
2017/0002(COD)
Proposal for a regulation
Article 71 g (new)
Article 71 g (new)
Amendment 1 #
2016/3018(RSP)
Citation 6 a (new)
– having regard to the Commission communication to the European Parliament and the Council of 10 January 2017 on Exchanging and Protecting Personal Data in a Globalised World1a; _________________ 1a COM(2017)07, 10.01.2017
Amendment 2 #
2016/3018(RSP)
Citation 6 b (new)
– having regard to the judgment of the European Court of Justice of 21 December 2016 in Cases C-203/15 Tele2 Sverige AB v Post- och telestyrelsen and C-698/15 Secretary of State for the Home Department v Tom Watson and Others1a ; _________________ 1a EU:C:2016:970
Amendment 7 #
2016/3018(RSP)
Paragraph 2
2. Acknowledges that the EU-U.S. Privacy Shield contains significant improvements regarding the clarity of standards compared to the former EU- U.S. Safe Harbour and that U.S. organisations self- certifying adherence to the EU-U.S. Privacy Shield will have to comply with highclearer data protection standards than under Safe Harbour;
Amendment 23 #
2016/3018(RSP)
Paragraph 7 a (new)
7a. Specifically notes the significant difference between the protection provided by Article 7 of Directive 95/46/EC and the “notice and choice” principle of the Privacy Shield arrangement, as well as the considerable differences between Article 6 of Directive 95/46/EC and the “data integrity and purpose limitation” principle of the Privacy Shield arrangement; points out that instead of the need for a legal basis (such as consent or contract) that applies to all processing operations, the data subject rights under the Privacy Shield Principles only apply to two narrow processing operations (disclosure and change of purpose) and only provide for a right to object (“opt-out”);
Amendment 28 #
2016/3018(RSP)
Paragraph 8 a (new)
8a. Notes that only a fraction of the U.S. organisations that have joined Privacy Shield have chosen to use an EU data protection authority for the dispute resolution mechanism; is concerned that this constitutes a disadvantage for EU citizens when trying to enforce their rights;
Amendment 34 #
2016/3018(RSP)
Paragraph 9 a (new)
9a. Stresses that in in its judgment of 21 December 2016, the Court of Justice of the European Union clarified that the Charter of Fundamental Rights “must be interpreted as precluding national legislation which, for the purpose of fighting crime, provides for the general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication”; points out that the bulk surveillance in the U.S. therefore does not provide for an essentially equivalent level of the protection of personal data and communications;
Amendment 36 #
2016/3018(RSP)
Paragraph 9 a (new)
9a. Is alarmed by the recent revelations about bulk surveillance done by Yahoo on all emails reaching its servers, on behalf of the NSA and the FBI, as late as 2015, which is two years after the revelations by Edward Snowden and one year after Presidential Policy Directive 28 was adopted; sees this as a reason to strongly doubt the assurances brought by the Director of National Intelligence Office; points out that the new U.S. President can unilaterally repeal or amend PPD-28;
Amendment 40 #
2016/3018(RSP)
Paragraph 9 b (new)
9b. Is equally alarmed by the new Raw SIGINT Availability Procedures under Executive Order 12333 of 12 January 20171a, which give U.S. intelligence agencies much broader access to raw communications data collected by the NSA; points out that signals intelligence data collections under EO 12333 take place without warrants or court approval; _________________ 1a https://www.dni.gov/files/documents/icotr/ RawSIGINTGuidelines-as-approved- redacted.pdf
Amendment 42 #
2016/3018(RSP)
Paragraph 10
10. Deplores that, neither the Privacy Shield Principles nor the letters of the U.S. administration providing clarifications and assurances demonstrate the existence of effective judicial redress rights for individuals in the EU whose personal data are transferred to an U.S. organisation under the Privacy Shield Principles and further accessed and processed by U.S. public authorities for law enforcement and public interest purposes, as required bywhich were emphasized by the European Court of Justice in its judgment of 6 October 2015 as the essence of the fundamental right in article 47 of the Charter;
Amendment 48 #
2016/3018(RSP)
Paragraph 11 a (new)
11a. Is in summary not convinced that the improvements made since its Resolution of 26 May 2016 will be sufficient to prevent the European Court of Justice from invalidating Commission Implementing Decision (EU)2016/1250 on the Privacy Shield; is therefore concerned that this will undermine the overall trust in Commission Implementing Decisions on adequacy and thereby damage the Commission’s new strategy for exchanging and protecting data in a globalised world;
Amendment 53 #
2016/3018(RSP)
Paragraph 14
14. Calls on the Commission to take all the necessary measures to ensure that the Privacy Shield will fully comply with Regulation (EU) 2016/679, to be applied as from 16 May 2018, which includes either a full revision, including substantive changes in U.S. laws and practices, or a repeal of Commission Implementing Decision (EU)2016/1250, by then;
Amendment 63 #
2016/3018(RSP)
Paragraph 16
16. Calls on the Commission to ensure that for the conducting of the joint annual review, all the members of the team shall have full and unrestricted access to all documents and premises necessary for the performance of their task and that their independence in the performance of their tasks is ensured, including being entitled to issue dissident opinions in the final report of the joint review, which will be public and annexed to the joint report;
Amendment 21 #
2016/2271(INI)
Draft opinion
Paragraph 2 a (new)
Paragraph 2 a (new)
2 a. Calls for commercial software and hardware producers to be held responsible for assuring safety and security standards according to the available state of the art technology; stresses that regarding the Internet of Things, producers are the key starting point for tightening up liability regimes which will lead to a better quality of products. If a device that can be connected to the internet is sold in the EU, it shall comply with the following rules: - all external accesses to the device must be documented, - these external accesses must be secured against unauthorized persons during the installation at the latest; No default passwords may be used, - there must be a documented possibility for updates for which producers are responsible.
Amendment 11 #
2016/2225(INI)
Motion for a resolution
Recital A a (new)
Recital A a (new)
A a. whereas certain big data use-cases involve the training of artificial intelligence appliances such as neuronal networks and statistical models in order to predict certain events and behaviours; whereas the training data often is of questionable quality and not neutral;
Amendment 15 #
2016/2225(INI)
Motion for a resolution
Recital B
Recital B
B. whereas the progress of communication technologies and the ubiquitous use of electronic devices, monitoring gadgets, social media, web interactions and networks, including devices which communicate information without human interference, have led to the development of massive, ever-growing data sets which, through advanced processing techniques and analytics, may provide unprecedented insight into human behaviour and our societies;
Amendment 32 #
2016/2225(INI)
Motion for a resolution
Recital D a (new)
Recital D a (new)
D a. whereas media reports have revealed the scale of personalised and targeted communication in political campaigns, not only, but also in the context of elections in the United States for several years now, and more recently in the context of the UK "Brexit" referendum;
Amendment 58 #
2016/2225(INI)
Motion for a resolution
Recital G
Recital G
G. whereas the proliferation of data processing and analytics, the multitude of actors involved in collecting, retaining, processing and sharing data and the combination of large data sets containing personal data from a variety of sources, retained for unlimited amounts of time, have all created great uncertainty for both citizens and businesses over the specific requirements for compliance with general data- protection principleslegislation;
Amendment 69 #
2016/2225(INI)
Motion for a resolution
Paragraph 1
Paragraph 1
1. Emphasises that information revealed by big data analysis is only as reliable as the underlying data permits, and that strong scientific and ethical standards are therefore needed for judging the results of such analysis and its predictive algorithmnalysis;
Amendment 70 #
2016/2225(INI)
Motion for a resolution
Paragraph 1 a (new)
Paragraph 1 a (new)
1 a. Emphazises that even if such scientific and ethical standards are met, predictive analysis based on big data can only offer a statistical probability and by no means can predict individual behaviour;
Amendment 71 #
2016/2225(INI)
Motion for a resolution
Paragraph 1 b (new)
Paragraph 1 b (new)
1 b. Points out that sensitive information about persons can be inferred from non-sensitive data, which blurs the line between sensitive and non-sensitive data;
Amendment 82 #
2016/2225(INI)
Motion for a resolution
Paragraph 2 a (new)
Paragraph 2 a (new)
2 a. Stresses that big data may not only result in infringements of the fundamental rights of individuals, but also in different treatments and indirect discrimination for groups of persons that have similar characteristics;
Amendment 94 #
2016/2225(INI)
Motion for a resolution
Paragraph 3
Paragraph 3
3. Points out that Union law for the protection of privacy and personal data, as well as the rights to equality and non- discrimination, are applicable to data processing even when that processing is preceded by pseudonymisation andtechniques, and by anonymisation techniques, insofar as there are risks of re-identification, or, in any case, when use of non-personal data might impact on individuals’ private lives or other rights and freedoms;
Amendment 99 #
2016/2225(INI)
Motion for a resolution
Paragraph 3 a (new)
Paragraph 3 a (new)
3 a. Recalls that under the GDPR, the further processing of personal data for statistical purposes may only result in aggregate data which cannot be re- applied to individuals;
Amendment 101 #
2016/2225(INI)
Motion for a resolution
Paragraph 4
Paragraph 4
4. Takes the view that transparency, fairness, accountability and control over personal data are core values through which specific rights and obligations are derived, and which should guide the action of corporations, public authorities and other actors that use data to frame their decision-making procedures; emphasises the need for much greater transparency and for algorithmic accountability with regard to data processing and analytics by businesses; recalls that the GDPR already foresees a right to be informed about the logic involved in data processing;
Amendment 123 #
2016/2225(INI)
Motion for a resolution
Paragraph 5 a (new)
Paragraph 5 a (new)
5 a. Underlines that the essence of big data should be to achieve comparable correlations with as little personal data as possible; stresses in that regard that science, business and public communities should focus on research and innovation in the area of anonymisation;
Amendment 124 #
2016/2225(INI)
Motion for a resolution
Paragraph 5 b (new)
Paragraph 5 b (new)
5 b. Recognises that while the application of pseudonymisation, anonymisation or encryption to personal data can reduce the risks to the data subjects concerned when personal data are used in big data applications or cloud computing, any processing of sensitive data should take into account the risks of future abuses of these measures; recalls that anonymisation is an irreversible process by which personal data can no longer be used to identify or single out a natural person;
Amendment 150 #
2016/2225(INI)
Motion for a resolution
Paragraph 8
Paragraph 8
8. Acknowledges that data loss and theft, infection by malware, unauthorised access to data and unlawful surveillance are some of the most pressing risks associated with contemporary data processing activities, such as big data techniques, especially in the context of the "Internet of things"; believes that tackling such threats requires genuine and concerted cooperation between the private sector, governments, law enforcement authorities and independent supervisory authorities; as well as additional legal measures such as software liability;
Amendment 166 #
2016/2225(INI)
Motion for a resolution
Paragraph 9
Paragraph 9
9. Calls on the Union andCommission, the Member States and the data protection authorities to identify and minimise algorithmic discrimination and bias, including price-discrimination, and to develop a strong and common ethics framework for the processing of personal data and automated decision-making;
Amendment 173 #
2016/2225(INI)
Motion for a resolution
Paragraph 9 a (new)
Paragraph 9 a (new)
9 a. Calls on the Commission, the Member States and the data protection authorities to specifically evaluate the need for not only algorithmic transparency, but also for transparency about possible biases in the training data used to make inferences based on big data;
Amendment 181 #
2016/2225(INI)
Motion for a resolution
Paragraph 10
Paragraph 10
10. EncouragesCalls on all law enforcement actors that use data processing and analytics to ensure appropriate human intervention throughout the various stages of the processing and analysis of data, especially when decisions may carry high risks for individuals;
Amendment 193 #
2016/2225(INI)
Motion for a resolution
Paragraph 11 a (new)
Paragraph 11 a (new)
11 a. Points out that certain models of predictive policing are more privacy- friendly than others, e.g. where probabilistic predictions are made about places or events and not about individual persons; is concerned that almost all predictive policing tools are proprietary software, which limits transparency and accountability;
Amendment 209 #
2016/2225(INI)
Motion for a resolution
Paragraph 13
Paragraph 13
13. Warns that, owing to the intrusiveness of decisions and measures taken by law enforcement authorities in citizens’' lives and rights, maximum caution is necessary to avoid unlawful discrimination and the targeting of certain population groups, especially marginalised groups and ethnic and racial minorities, but also individuals who by coincidence have certain characteristics;
Amendment 9 #
2016/2145(INI)
Draft opinion
Paragraph 1 a (new)
Paragraph 1 a (new)
1a. Calls on the Commission to develop a European strategy for greater IT independence (a 'digital new deal' including the allocation of adequate resources at national and EU level) in order to boost IT industry in general and cloud computing in particular, and allow European companies to exploit the EU privacy competitive advantage to compete with US and Asiatic IT industries;
Amendment 56 #
2016/2145(INI)
Draft opinion
Paragraph 5 a (new)
Paragraph 5 a (new)
5a. Calls on the Commission to set the basis for a European Cloud by encouraging SMEs to offer competitive solutions for data processing and storage in facilities based in Member States;
Amendment 57 #
2016/2145(INI)
Draft opinion
Paragraph 5 b (new)
Paragraph 5 b (new)
5b. Calls on the Commission to direct more resources towards boosting European research, development, innovation and training in the field of cloud computing, in particular privacy enhancing technologies and infrastructures, anonymisation and pseudonymisation procedures, cryptology, secure computing, the best possible security solutions including open-source security, and other information society services, and also to promote the internal market in European software, hardware, and encrypted means of communication and communication infrastructures; stresses that no EU funding should be granted to projects having the sole purpose of developing tools for gaining illegal access into IT systems;
Amendment 60 #
2016/2145(INI)
Draft opinion
Paragraph 5 c (new)
Paragraph 5 c (new)
5c. Calls to encourage initiatives to further develop data protection and privacy and thus enhance the trustworthiness of European products and services as an EU selling point;
Amendment 61 #
2016/2145(INI)
Draft opinion
Paragraph 5 d (new)
Paragraph 5 d (new)
5d. Calls on the Member States to make every effort to ensure better cooperation with a view to providing safe cloud computing, especially with regard to espionage and organised crime, in cooperation with the relevant EU bodies and agencies, for the protection of EU citizens and institutions, European companies, EU industry, and IT infrastructure and networks, as well as European research;
Amendment 64 #
2016/2145(INI)
Draft opinion
Paragraph 5 e (new)
Paragraph 5 e (new)
5e. Considers the active involvement of EU stakeholders to be a precondition for an effective exchange of information;
Amendment 65 #
2016/2145(INI)
Draft opinion
Paragraph 5 f (new)
Paragraph 5 f (new)
5f. Points out that security threats have become more international, diffuse and complex, thereby requiring an enhanced European cooperation;
Amendment 66 #
2016/2145(INI)
Draft opinion
Paragraph 5 g (new)
Paragraph 5 g (new)
5g. Calls for commercial software and hardware producers to be held responsible for assuring safety and security standards according to the available state of the art technology and to be held liable despite non-liability clauses in users' agreements;
Amendment 67 #
2016/2145(INI)
Draft opinion
Paragraph 5 h (new)
Paragraph 5 h (new)
5h. Welcomes the Commission's aim of promoting open science, notably through the initiatives on the European Open Science Cloud and the Open Science Policy Platform; notes that a comprehensive approach to open science is necessary, which encompasses infrastructure, interoperability, the update of legislation to facilitate the re-use of research results, as well as the involvement of the open science community, including citizen scientists;
Amendment 1072 #
2016/2114(REG)
Parliament's Rules of Procedure
Rule 136
Rule 136
Amendment 9 #
2016/2100(INI)
Draft opinion
Paragraph 1 a (new)
Paragraph 1 a (new)
1a. Welcomes the recent decision by the Commission which condemns undue fiscal advantages to businesses as anti- competition practices; calls on the Commission to pursue in the same direction for similar cases;
Amendment 25 #
2016/2100(INI)
Draft opinion
Paragraph 2 a (new)
Paragraph 2 a (new)
2a. Emphasizes that market power of an enterprise resulting from information and data as well as the handling of such information and data by the enterprise has to be taken into account as a test criterion;
Amendment 29 #
2016/2100(INI)
Draft opinion
Paragraph 2 b (new)
Paragraph 2 b (new)
2b. Calls for considering whether data and information on customers is merged as well during a merger that results in a distortion of competition and in a weakening of data protection;
Amendment 31 #
2016/2100(INI)
Draft opinion
Paragraph 2 c (new)
Paragraph 2 c (new)
2c. Reiterates that the number of users of an offer and the purchasing price have to be established as test criteria for mergers for the rating of market power;
Amendment 32 #
2016/2100(INI)
Draft opinion
Paragraph 2 d (new)
Paragraph 2 d (new)
2d. Calls on antitrust authorities to take into account an enterprise's access to exclusive analytical methods and patents. Considers that ignoring this might lead to the complete exclusion of competitors from markets for many years to the detriment of the consumers and competition;
Amendment 39 #
2016/2100(INI)
Draft opinion
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Stresses the risk of quality deterioration for consumers and the risk of a deterioration of the terms of competition during a merger of enterprises in a dominant market position. Considers that these risks should be placed more into the focus of cartel authorities;
Amendment 42 #
2016/2100(INI)
Draft opinion
Paragraph 3 b (new)
Paragraph 3 b (new)
3b. Calls for the strengthening of the freedom of choice for consumers. Considers that enshrined right to data portability in the GDPR is a good approach to strengthening the rights of consumers and competition. Underlines the need to examine how interoperability between digital networks by open standards and interfaces can be ensured;
Amendment 51 #
2016/2100(INI)
Draft opinion
Paragraph 4 a (new)
Paragraph 4 a (new)
4a. Calls for criteria for market delineation in mergers to be modified so that antitrust authorities can also take into account the merging of data, the impact of network effects and the restrictions on competition on upstream and downstream markets;
Amendment 54 #
2016/2100(INI)
Draft opinion
Paragraph 4 b (new)
Paragraph 4 b (new)
4b. Stresses that as a last resort a possibility of unbundling should be embedded in the antitrust law and enforcement;
Amendment 86 #
2016/2019(BUD)
Motion for a resolution
Paragraph 24 a (new)
Paragraph 24 a (new)
24a. Considers that the structural and organisational reforms aimed at achieving greater efficiency, environmental sustainability, and effectiveness should continue through the thorough examination of possible synergies and savings; recalls the substantial savings that could be made by having only one place of work instead of three (Brussels, Strasbourg, Luxembourg); underlines that this process should be lead without endangering Parliament's legislative excellence, its budgetary powers and powers of scrutiny, or the quality of working conditions for Members, assistants, and staff;
Amendment 34 #
2016/2007(INI)
Draft opinion
Paragraph 6 a (new)
Paragraph 6 a (new)
6a. Highlights the need for consumer protection when using VCs, notably in terms of cybersecurity of assets, contact persons and contact details in case of queries or problems, and clear and easily understood terms and conditions including clear statement of the risks and fact that VCs and their value are not guaranteed by any bank or country;
Amendment 39 #
2016/2007(INI)
Draft opinion
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Stresses the importance of pseudonymisation and personal data protection when using VCs as well as the importance of transparency regarding transactions and the block chain
Amendment 43 #
2016/0414(COD)
Proposal for a directive
Recital 6
Recital 6
(6) Tax crimes relating to direct and indirect taxes should be included in the definition of criminal activity, in line with the revised FATF Recommendations. Given that different tax offences may in each Member State constitute a criminal activity punishable by means of the sanctions referred to in this Directive, definitions of tax crimes may diverge in national law. However no harmonisation of the definitions of tax crimes in Member States’ national law is sought. tax crimes should be understood as including at least tax fraud, aggravated tax fraud and tax evasion offences and any fraudulent behaviour involving concealment of income or profits or the organisation of one’s insolvency which aims at reducing or suppressing tax liability. The definitions of tax crimes should not include thresholds requiring the existence of a significant amount of unpaid taxes or the systematic use of fraudulent manoeuvres in national law.
Amendment 47 #
2016/0414(COD)
Proposal for a directive
Recital 8
Recital 8
(8) Where money laundering activity does not simply amount to the mere possession or use, but also involves the transfer or the concealing and disguise of property through the financial system and results in further damage than that already caused by the predicate offence, such as damaging the integrity of the financial system, that activity should be punished separately. Member States should thus ensure that such conduct is also punishable when committed by the perpetrator of the criminal activity that generated that property (so-called self-laundering). Given the high risks that self-laundering may bring to the principle of ne bis in idem and the right not to incriminate oneself, Member States should punish self- laundering only if the two conditions are met: a) there is a previous conviction or the predicate offence is tried at the same time, and b) the actions have the clear intention to hide the illegal origin of the property.
Amendment 52 #
2016/0414(COD)
Proposal for a directive
Recital 9
Recital 9
(9) In order for money laundering to be an effective tool against organised crime, it should not be necessary to identify the specifics of and in order to safeguard the crime that generated the property, let alone requireght to presumption of innocence, a prior or simultaneous conviction for thate crime that generated the property is necessary. Prosecutions for money laundering should also not be impeded by the mere fact that the predicate offence was committed in another Member State or third country, provided it is a criminal offence in that Member State or third country. Member States may establish as a prerequisite the fact that the predicate offence would have been a crime in its national law, had it been committed there. The presumption that a predicate offence in a third country is a crime under national law should be based on factual and objective evidence, especially as regards terrorist offences.
Amendment 64 #
2016/0414(COD)
Proposal for a directive
Recital 10 a (new)
Recital 10 a (new)
(10a) This Directive should not limit the right of suspects and accused persons to have access to a lawyer and the right to a fair trial, as enshrined in Articles 47 and 48 of the EU Charter of Fundamental Rights. A lawyer should not run the risk of being prosecuted for money laundering for having accepted to defend a client accused of the same offence. Similarly, a suspect should not be obliged to confess that the payment of his or her legal fees originates from money laundering as this would constitute an obvious violation of the right not to incriminate oneself.
Amendment 88 #
2016/0414(COD)
Proposal for a directive
Article 2 – paragraph 1 – point 1 – point b
Article 2 – paragraph 1 – point 1 – point b
(b) terrorism, including any of thethe relevant offences set out in Directive 2017/XX/EU40 ; _________________ 40 Directive 2017/XX/EU of the European Parliament and of the Council of X X 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA on combating terrorism (OJ x L, xx.xx.2017, p. x.).
Amendment 94 #
2016/0414(COD)
Proposal for a directive
Article 2 – paragraph 1 – point 1 – point p a (new)
Article 2 – paragraph 1 – point 1 – point p a (new)
(pa) tax crimes relating to direct taxes and indirect taxes, including evading taxes by concealing income, earned either legally or illegally, from detection and collection by the tax authorities;
Amendment 96 #
2016/0414(COD)
Proposal for a directive
Article 2 – paragraph 1 – point 1 – point u
Article 2 – paragraph 1 – point 1 – point u
(u) cybercrimeattacks against information systems, including any of the offences set out in Directive 2013/40/EU52 ; _________________ 52 Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA (OJ L 218, 14.8.2013, p. 8).
Amendment 101 #
2016/0414(COD)
Proposal for a directive
Article 2 – paragraph 1 – point 1 – point v
Article 2 – paragraph 1 – point 1 – point v
(v) all offences, including tax crimes relating to direct taxes and indirect taxes as defined in the national law of the Member States, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards Member States that have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months;
Amendment 113 #
2016/0414(COD)
Proposal for a directive
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
(c) the acquisition, possession or use of property, knowing at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity.
Amendment 117 #
2016/0414(COD)
Proposal for a directive
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
Amendment 127 #
2016/0414(COD)
Proposal for a directive
Article 3 – paragraph 3
Article 3 – paragraph 3
3. The offences referred to in points (a) and (b) of paragraph 1 shall also apply to persons who committed or participated in the criminal activity from which the property was derived if the following conditions apply: a) there is a previous conviction for the criminal activity from which the property was derived, or the criminal activity is tried at the same time as the offences referred to in points (a) and (b) of paragraph 1, and b) the actions have the clear intention to hide the illegal origin of the property.
Amendment 143 #
2016/0414(COD)
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Each Member State shall ensure that the offences referred to in Article 3 shall be punishable by a maximum term of imprisonmentpenalty of at least four years, at least in serious cases of imprisonment.
Amendment 168 #
2016/0414(COD)
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
Each Member State shall ensure that a legal person held liable for offences pursuant to Article 67 shall be punishable by effective, proportionate and dissuasive sanctions, which shall include criminal or non-criminal fines and may include other sanctions, such afines and may, at the judge’s discretion, also include the following temporary or permanent sanctions:
Amendment 172 #
2016/0414(COD)
Proposal for a directive
Article 8 – paragraph 1 – point 1 a (new)
Article 8 – paragraph 1 – point 1 a (new)
(1a) the exclusion of that legal person from entitlement to European Union funds;
Amendment 176 #
2016/0414(COD)
Proposal for a directive
Article 9 – paragraph 1 – point a
Article 9 – paragraph 1 – point a
(a) the offence is committed in whole or in part in its territory; or
Amendment 185 #
2016/0414(COD)
Proposal for a directive
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2a. When an offence falls within the jurisdiction of more than one Member State and when any of the Member States concerned can validly prosecute on the basis of the same facts, Member States shall take into account the following factors, listed in order of priority, to decide which of them will prosecute the offenders: (a) the territory of the Member State where the offence was committed; (b) the nationality or residency of the offender; (c) the country of origin of the victims; (d) the territory of the Member State where the offender was found. Member States may have recourse to Eurojust in order to facilitate cooperation between their judicial authorities and the coordination of their action.
Amendment 192 #
Amendment 197 #
2016/0414(COD)
Proposal for a directive
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. Each Member State shall ensure that adequate and sufficient human and financial resources are allocated to investigate and prosecute the offences referred to in Articles 3 and 4.Persons, units or services responsible for investigating or prosecuting the offences referred to in Articles 3 and 4 shall receive specific and targeted training.
Amendment 199 #
2016/0414(COD)
Proposal for a directive
Article 10 – paragraph 1 b (new)
Article 10 – paragraph 1 b (new)
1b. Each Member State shall ensure that their national authorities investigating or prosecuting offences referred to in Articles 3 and 4 are empowered to cooperate with other national authorities and their counterparts in other Member States.
Amendment 204 #
2016/0414(COD)
Proposal for a directive
Article 12 – paragraph 1 – subparagraph 1
Article 12 – paragraph 1 – subparagraph 1
Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [124 months after adoption] at the latest. They shall immediately communicate the text of those provisions to the Commission.
Amendment 209 #
2016/0414(COD)
Proposal for a directive
Article 13 – paragraph 1 a (new)
Article 13 – paragraph 1 a (new)
The Commission shall also, by 36 months after the deadline for implementation of this Directive, submit a report to the European Parliament and to the Council evaluating the added value and efficiency of this Directive on countering money laundering, as well as on the impact of this Directive on fundamental rights such as the right to an effective remedy and to a fair trial, the presumption of innocence and right of defence or the right not to be tried or punished twice in criminal proceedings for the same criminal offence. On the basis of this evaluation, the Commission shall, if necessary, decide on appropriate follow-up actions.
Amendment 3 #
2016/0357B(COD)
Proposal for a regulation
Article 70 – paragraph 1 – point 1
Article 70 – paragraph 1 – point 1
Regulation (EU) 2016/794
Article 4 – paragraph 1 – point n
Article 4 – paragraph 1 – point n
Amendment 147 #
Amendment 170 #
2016/0357A(COD)
Proposal for a regulation
Recital 4
Recital 4
(4) It is necessary to specify the objectives of the European Travel Information and Authorisation System (ETIAS), to define its technical architecture, to set up the ETIAS Central Unit, the ETIAS National Units and the ETIAS ScreeningAssessment Board, to lay down rules concerning the operation and the use of the data to be entered into the system by the applicant, to establish rules on the issuing or refusal of the travel authorisations, to lay down the purposes for which the data are to be processed, to identify the authorities authorised to access the data and to ensure protection of personal data.
Amendment 177 #
2016/0357A(COD)
Proposal for a regulation
Recital 8
Recital 8
(8) The right to obtain a travel authorisation is not unconditional as it can be denied to those family members who represent a risk to public policy, public security or public health pursuant to Directive 2004/38/EC. Against this background, family members can be required to provide their personal data related to their identification and their status only insofar these are relevant for assessment of the security threat they could represent. Similarly, examination of their travel authorisation applications should be made exclusively against the security concerns, and not those related to migration risks.
Amendment 178 #
2016/0357A(COD)
Proposal for a regulation
Recital 9
Recital 9
(9) The ETIAS should establish a travel authorisation for third country nationals exempt from the requirement to be in possession of a visa when crossing the external borders ('the visa requirement') enabling to determine whether their presence in the territory of the Member States does not pose an irregular migration, security or public health risk threat to security. Holding a valid travel authorisation should be a new entry condition for the territory of the Member States, however mere possession of a travel authorisation should not confer an automatic right of entry.
Amendment 189 #
2016/0357A(COD)
Proposal for a regulation
Recital 10
Recital 10
(10) The ETIAS should contribute to a high level of security, to the prevention of irregular migration and to the protection of public health by providing an assessment of visitors prior to their arrival at the external borders crossing points.
Amendment 201 #
2016/0357A(COD)
Proposal for a regulation
Recital 14
Recital 14
(14) The ETIAS Central Unit should be part of the European Border and Coast Guard Agency. The ETIAS Central Unit should be responsible for verifying travel authorisations' applications rejected from the automated process in order to determine whether the applicant personal data corresponds to the personal data of the person having triggered a hit, for the screening rules, and for carrying out regular audits on the processing of applications. The ETIAS Central Unit should work in 24/7 regime.
Amendment 206 #
2016/0357A(COD)
Proposal for a regulation
Recital 16
Recital 16
(16) To meet its objectives, the ETIAS should provide an online application form that the applicant should fill in with declarations relating to his or her identity, travel document, residence information, contact details, education and current occupation, his or her condition of family member to EU citizens or third country nationals benefiting from free movement not holding a residence card, if the applicant is minor, identity of the responsible person and answers to a set of background questions (whether or not the applicant is subject to any disease with epidemic potential as defined by the International Health Regulations of the World Health Organisation or other infectious or contagious parasitic diseases, criminal records, presence in war zones, decision to return to borders/orders to leave territory). Access to the applicants' health data should only be allowed to determine whether they represent a threat to public healthcriminal records, presence in war zones, decision to return to borders/orders to leave territory).
Amendment 210 #
2016/0357A(COD)
Proposal for a regulation
Recital 18
Recital 18
Amendment 220 #
2016/0357A(COD)
Proposal for a regulation
Recital 20
Recital 20
(20) The personal data provided by the applicant should be processed by the ETIAS for the sole purposes of verifying in advance the eligibility criteria laid down in Regulation (EU) 2016/39924 and assessing whether the applicant is likely to irregularly migrate, whether the entry of the applicant in the Union could pose a threat to security or to public health in the Union. _________________ 24 Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code)in the Union.
Amendment 224 #
2016/0357A(COD)
Proposal for a regulation
Recital 21
Recital 21
(21) The assessment of such risks cannot be carried out without processing the personal data listed in recital (16). Each item of personal data in the applications should be compared with the data present in a record, file or alert registered in an information system (the Schengen Information System (SIS), the Visa Information System (VIS), the Europol data, the Interpol Stolen and Lost Travel Document database (SLTD), the Entry/Exit System (EES), the Eurodac, the European Criminal Records Information System (ECRIS) and/or the Interpol Travel Documents Associated with Notices database (Interpol TDAWN)) or against the ETIAS watchlists, or against specific risk indicators. The categories of personal data that should be used for comparison should be limited to the categories of data present in the queried information systems, the ETIAS watchlist or the specific risk indicators.
Amendment 227 #
2016/0357A(COD)
Proposal for a regulation
Recital 22
Recital 22
(22) The comparison should take place by automated means. Whenever such comparison reveals that a correspondence (a 'hit') exists with any of the personal data or combination thereof in the applications and a record, file or alert in the above information systems, or with personal data in the ETIAS watchlist, or with risk indicators, the application should be processed manually by an operator in the ETIAS National Unit of the Member State of declared first entry. The assessment performed by the ETIAS National Unit should lead to the decision to issue or not the travel authorisation.
Amendment 232 #
2016/0357A(COD)
Proposal for a regulation
Recital 24
Recital 24
(24) Applicants who have been refused a travel authorisation should have the right to appeal. Appealn effective remedy. Remedy procedures should be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State, which should include the possibility for a judicial remedy.
Amendment 234 #
2016/0357A(COD)
Proposal for a regulation
Recital 25
Recital 25
Amendment 242 #
2016/0357A(COD)
Proposal for a regulation
Recital 26
Recital 26
Amendment 247 #
2016/0357A(COD)
Proposal for a regulation
Recital 27
Recital 27
(27) The continuous emergence of new forms of security threats, new patterns of irregular migration and public health threats requires effective responses and needs to be countered with modern means. Since these means entail the processing of important amounts of personal data, appropriate safeguards should be introduced to keep the interference with the right to protection of private life and to the right of protection of personal data limited to what is necessary in a democratic society.
Amendment 252 #
2016/0357A(COD)
Proposal for a regulation
Recital 29
Recital 29
(29) Issued travel authorisations should be annulled or revoked as soon as it becomes evident that the conditions for issuing it were not or are no longer met. In particular, when a new SIS alert is created for a refusal of entry or for a reported lost or stolen travel document, the SIS should inform the ETIAS which should verify whether this new alert corresponds to a valid travel authorisation. In such a case, the ETIAS National Unit of the Member State having created the alert should be immediately informed and revoke the travel authorisation. Following a similar approach, new elements introduced in the ETIAS watchlist shall be compared with the application files stored in the ETIAS in order to verify whether this new element corresponds to a valid travel authorisation. In such a case, the ETIAS National Unit of the Member State of first entry should assess the hit and, where necessary, revoke the travel authorisation. A possibility to revoke the travel authorisation at the request of the applicant should also be provided.
Amendment 259 #
2016/0357A(COD)
Proposal for a regulation
Recital 30
Recital 30
(30) When, in exceptional circumstances, a Member State considerit is necessary to allow a third country national to travel to its territory on humanitarian grounds, for reasons of national interest or because of international obligations, it should have thbe possibilityle to issue a travel authorisation with limited territorial and temporal validity.
Amendment 264 #
2016/0357A(COD)
Proposal for a regulation
Recital 31
Recital 31
(31) Prior to boarding, air and sea carriers, as well as carriers transporting groups overland by coachcarriers should have the obligation to verify if travellers have all the travel documents required for entering the territory of the Member States pursuant to the Schengen Convention25 . This should include verifying that travellers are in possession of a valid travel authorisation. The ETIAS file itself should not be accessible to carriers. A secure internet access, including the possibility using mobile technical solutions, should allow carriers to proceed with this consultation using travel document data. _________________ 25 Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders.
Amendment 269 #
2016/0357A(COD)
Proposal for a regulation
Recital 33
Recital 33
Amendment 272 #
2016/0357A(COD)
Proposal for a regulation
Recital 34
Recital 34
Amendment 275 #
2016/0357A(COD)
Proposal for a regulation
Recital 35
Recital 35
Amendment 278 #
2016/0357A(COD)
Proposal for a regulation
Recital 36
Recital 36
Amendment 280 #
2016/0357A(COD)
Proposal for a regulation
Recital 37
Recital 37
Amendment 282 #
2016/0357A(COD)
Proposal for a regulation
Recital 38
Recital 38
Amendment 284 #
2016/0357A(COD)
Proposal for a regulation
Recital 39
Recital 39
Amendment 290 #
2016/0357A(COD)
Proposal for a regulation
Recital 40
Recital 40
(40) The personal data recorded in the ETIAS should be kept for no longer than is necessary for its purposes. In order for the ETIAS to function, it is necessary to keep the data related to applicants for the period of validity of the travel authorisation. In order to assess the security, irregular migration and public health risks posed by the applicants it is necessary to keep the personal data for five years from the last entry record of the applicant stored in the EES. In fact, the ETIAS should rely on accurate preliminary assessments of the security, public health and irregular migration risks, notably through the use of the screening rules. In order to constitute a reliable basis for the manual risk assessment by the Member States, and reduce to the minimum the occurrence of hits not corresponding to real risks ('false positives'), the hits resulting from screening rules based on statistics generated by ETIAS data itself need to be representative of a sufficiently broad population. This cannot be achieved exclusively on the basis of the data of the travel authorisations in their validity period. The retention period should start from the last entry record of the applicant stored in the EES, since that constitutes the last actual use of the travel authorisation. A retention period of five years corresponds to the retention period of an EES record with an entry authorisation granted on the basis of an ETIAS travel authorisation or a refusal of entry. This synchronisation of retention periods ensures that both the entry record and the related travel authorisation are kept for the same duration and is an additional element ensuring the future interoperability between ETIAS and EES. This synchronisation of data retention periods is necessary to allow the competent authorities to perform the risk analysis requested by the Schengen Borders Code. A decision to refuse, revoke or annul a travel authorisation could indicate a higher security or irregular migration riskA decision to refuse, revoke or annul a travel authorisation could indicate a possible threat to security posed by the applicant. Where such a decision has been issued, the 5one years retention period for the related data should start from its date of issuance, in order for ETIAS to be able to take accurately into account the higher risk possiblypossible threat posed by the applicant concerned. After the expiry of such period, the personal data should be deleted.
Amendment 296 #
2016/0357A(COD)
Proposal for a regulation
Recital 42
Recital 42
(42) Regulation (EC) No 45/2001 of the European Parliament and the Council30 applies to the activities of eu-LISA, Europol and the European Coast and Border Guard Agency when carrying out the tasks entrusted to them in this Regulation. _________________ 30 Regulation (EC) No 45/2001 of the European Parliament and the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).
Amendment 298 #
2016/0357A(COD)
Proposal for a regulation
Recital 43
Recital 43
(43) [Regulation (EU) 2016/679]31 applies to the processing of personal data by the Member States in application of this Regulation unless such processing is carried out by the designated or verifying authorities of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences. ETIAS National Units for the purposes of the prevention of threats to public security. _________________ 31 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Amendment 299 #
2016/0357A(COD)
Proposal for a regulation
Recital 44
Recital 44
(44) The processing of personal data by the authorities of the Member StateETIAS National Units for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences of threats to public security pursuant to this Regulation should be subject to a standard of protection of personal data under their national law which complies with [Directive (EU) 2016/680]32 . _________________ 32 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
Amendment 301 #
2016/0357A(COD)
Proposal for a regulation
Recital 48
Recital 48
(48) In order to assess the security, irregular migration or public health riskthreat to security which could be posed by a traveller, interoperability between the ETIAS Information System and other information systems consulted by ETIAS such as the Entry/Exit System (EES), the Visa Information System (VIS), the Europol data, and the Schengen Information System (SIS), the Eurodac and the European Criminal Records Information System (ECRIS) should have to be established. However this interoperability can only be fully ensured once the proposals to establish the EES33 , the ECRIS34 and the recast proposal of the Eurodac Regulation35 havehas been adopted. _________________ 33 Proposal for a Regulation of the European Parliament and of the Council establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes and amending Regulation (EC) No 767/2008 and Regulation (EU) COM(2016) 194 final. 34 Proposal for a Directive of the European Parliament and of the Council amending Council Framework Decision 2009/315/JHA, as regards the exchange of information on third country nationals and as regards the European Criminal Records Information System (ECRIS), and replacing Council Decision 2009/316/JHA. 35 European Parliament and of the Council on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of [Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] , for identifying an illegally staying third-country national or stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes (recast) COM(2016) 272 final.Regulation of the
Amendment 310 #
2016/0357A(COD)
Proposal for a regulation
Recital 50 – indent 1
Recital 50 – indent 1
Amendment 312 #
2016/0357A(COD)
Proposal for a regulation
Recital 50 – indent 3
Recital 50 – indent 3
Amendment 313 #
2016/0357A(COD)
Proposal for a regulation
Recital 50 – indent 5
Recital 50 – indent 5
Amendment 324 #
2016/0357A(COD)
Proposal for a regulation
Recital 55
Recital 55
Amendment 332 #
2016/0357A(COD)
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation establishes a 'European Travel Information and Authorisation System' (ETIAS) for third country nationals exempt from the requirement to be in possession of a visa when crossing the external borders ('the visa requirement') enabling to determineassess whether their presence in the territory of the Member States does not pose an irregular migration, security or public health risk threat to security. For this purpose a travel authorisation and the conditions and procedures to issue or refuse it are introduced.
Amendment 336 #
2016/0357A(COD)
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
Amendment 355 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point d
Article 3 – paragraph 1 – point d
(d) 'travel authorisation' means a decision issued in accordance with this Regulation indicating that there are no factual indications or reasonable groundreasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses an irregular migration, threat to security or public health risk and which is a requirement for third country nationals referred to in Article 2 to fulfil the entry condition laid down in Article 6(1)(b) of Regulation (EU) 2016/399.
Amendment 359 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point e
Article 3 – paragraph 1 – point e
Amendment 360 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point e a (new)
Article 3 – paragraph 1 – point e a (new)
(ea) 'threat to security' means a clear and present danger, based on factual substantiations, that the third country national will commit a serious criminal offence or a terrorist offence while staying in the Union;
Amendment 362 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point h a (new)
Article 3 – paragraph 1 – point h a (new)
(ha) 'carrier' means any natural or legal person whose profession it is to provide transport of persons by air;
Amendment 366 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point k
Article 3 – paragraph 1 – point k
(k) 'hit' means the existence of a correspondence established by comparing the personal data recorded in an application file of the ETIAS Central System with the personal data stored in a record, file or alert registered in an information system queried by the ETIAS Central System, in the ETIAS watchlist or with the specific risk indicators referred to in Article 28;
Amendment 371 #
2016/0357A(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point n
Article 3 – paragraph 1 – point n
(n) 'Europol data' means personal data provided to Europol for the purpose referred to in Article 18(2)(a)(i) of Regulation (EU) 2016/794.
Amendment 376 #
2016/0357A(COD)
Proposal for a regulation
Article 4 – paragraph 1 – point a
Article 4 – paragraph 1 – point a
(a) contribute to a high level of security by providing for a thorough security riskthreat assessment of applicants, prior to their arrival at the external borders crossing points, in order to determine whether there are factual indications or reasonable groundreasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a threat to security risk;
Amendment 381 #
2016/0357A(COD)
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
Amendment 385 #
2016/0357A(COD)
Proposal for a regulation
Article 4 – paragraph 1 – point c
Article 4 – paragraph 1 – point c
Amendment 388 #
2016/0357A(COD)
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. [The Central System, the National Uniform Interfaces, the web service, the carrier gateway and the Communication Infrastructure of the ETIAS shall share and re-use as much as technically possible the hardware and software components of respectively the EES Central System, the EES National Uniform Interfaces, the EES web service, the EES carrier gateway and the EES Communication Infrastructure.]
Amendment 394 #
2016/0357A(COD)
Proposal for a regulation
Article 7 – paragraph 2 – point b
Article 7 – paragraph 2 – point b
(b) verifying travel authorisations' applications rejected from the automated process in order to determine whether the applicant personal data corresponds to the personal data of the person having triggered a hit in one of the consulted information systems/databases or the specific risk indicators referred to in Article 28;
Amendment 396 #
2016/0357A(COD)
Proposal for a regulation
Article 7 – paragraph 2 – point c
Article 7 – paragraph 2 – point c
Amendment 401 #
2016/0357A(COD)
Proposal for a regulation
Article 7 – paragraph 2 – point d
Article 7 – paragraph 2 – point d
Amendment 406 #
2016/0357A(COD)
Proposal for a regulation
Article 7 – paragraph 2 a (new)
Article 7 – paragraph 2 a (new)
2a. The fundamental rights officer of the European Border and Coast Guard Agency shall be in charge of carrying out regular audits on the processing of applications including regularly assessing the impact on fundamental rights, in particular with regard to non- discrimination. The data protection officer of the European Border and Coast Guard Agency shall be in charge of carrying out regular audits on the processing of applications including regularly assessing the impact on privacy and personal data protection.
Amendment 407 #
2016/0357A(COD)
Proposal for a regulation
Article 7 – paragraph 2 b (new)
Article 7 – paragraph 2 b (new)
2b. The ETIAS Central Unit shall publish an annual activity report. This report shall include: (a) statistics as to: (i) the number of travel authorisations issued automatically by the ETIAS Central System; (ii) the number of applications verified by the Central Unit; (iii) the number of applications processed manually per Member State; and the number of application s that were rejected by country, type of traveller, and reason for the rejection; (iv) the extent to which the deadlines referred to in Articles 20(6), 23, 26 and 27 are met, including statistics on the reasons they were not met; (v) the number of applications filed at border crossing points, and how many of those were approved and rejected; and (b) general information on the activities of the ETIAS Central Unit. The annual activity report shall be transmitted to the European Parliament, the Council and the Commission by 31 March of the following year at the latest.
Amendment 414 #
2016/0357A(COD)
Proposal for a regulation
Article 8 – paragraph 2 – point d
Article 8 – paragraph 2 – point d
(d) providing applicants with information regarding the remedy procedure to be followed in the event of an appeal in accordance with Article 31(2);
Amendment 416 #
Amendment 417 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. An ETIAS ScreeningAssessment Board with an advisory function is hereby established within the European Border and Coast Guard Agency. It shall be composed of a representative of each ETIAS National Unit and Europol, Europol, the European Data Protection Supervisor, and the Fundamental Rights Agency.
Amendment 419 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 2 – introductory part
Article 9 – paragraph 2 – introductory part
2. The ETIAS ScreeningAssessment Board shall be consulted on: the proper implementation of the ETIAS system, including on its effects on fundamental rights.
Amendment 423 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 2 – point a
Article 9 – paragraph 2 – point a
Amendment 425 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 2 – point b
Article 9 – paragraph 2 – point b
Amendment 426 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. For the purpose referred to in paragraph 1, the ETIAS ScreeningAssessment Board shall issue opinions, guidelines, recommendations and best practices.
Amendment 429 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The ETIAS ScreeningAssessment Board shall meet whenever necessary, and at least twice a year. The costs and servicing of its meetings shall be borne by the European Border and Coast Guard Agency.
Amendment 430 #
2016/0357A(COD)
Proposal for a regulation
Article 9 – paragraph 5
Article 9 – paragraph 5
5. The ETIAS ScreeningAssessment Board shall adopt rules of procedure at its first meeting by a simple majority of its members.
Amendment 437 #
2016/0357A(COD)
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
Interoperability between the ETIAS Information System and other information systems consulted by ETIAS such as [the Entry/Exit System (EES)], the Visa Information System (VIS), the Europol data, and the Schengen Information System (SIS), [the Eurodac] and [the European Criminal Records Information System (ECRIS)] shall be establishedshall be established for the sole purpose of implementing this Regulation and, in particular, to enable carrying out the riskthreat assessment referred to in Article 18.
Amendment 445 #
2016/0357A(COD)
Proposal for a regulation
Article 11 – paragraph 3 a (new)
Article 11 – paragraph 3 a (new)
3a. Access by immigration authorities to the ETIAS Central System shall be limited to searching the ETIAS Central System to obtain the travel authorisation status of a traveller present on the territory of the Member State for the purposes of verifying whether the conditions of entry and stay are fulfilled.
Amendment 449 #
2016/0357A(COD)
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
Processing of personal data within the ETIAS Information System by any user shall not result in discrimination against third country nationals on the grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, the elderly and persons with a disabile, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. It shall fully respect human dignity and integrity.
Amendment 454 #
2016/0357A(COD)
Proposal for a regulation
Article 13 – paragraph 1 a (new)
Article 13 – paragraph 1 a (new)
1a. In case the applicant has not been in a position to apply for a travel authorisation in advance and submits, if required, supporting documents substantiating unforeseeable and imperative reasons for the travel, he or she shall be permitted to file an application and receive the authorisation directly at the border crossing point. Member States shall provide the means that allow such applicants to file the applications and receive the authorisations.
Amendment 455 #
2016/0357A(COD)
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. Applications may be lodged by the applicant or by a person or a commercial intermediary authorised by the applicant to lodge the application in his or her behalf. The European Union Delegations in third countries shall provide necessary assistance to the applicants.
Amendment 460 #
2016/0357A(COD)
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The public website and the mobile app for mobile devices shall enable third country nationals subject to the travel authorisation requirement to launch a travel authorisation application, to provide the data required in the application form in accordance with Article 15 and to pay the travel authorisation fee.
Amendment 467 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. Each applicant shall submit a completed application form including a declaration of authenticity, completeness and reliability of the data submitted and a declaration of veracity and reliability of the statements made. Minors shall submit an application form electronically signconfirmed by a person exercising permanent or temporary parental authority or legal guardianship.
Amendment 470 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 2 – point a
Article 15 – paragraph 2 – point a
(a) surname (family name), first name(s) (given name(s)), surname at birth; date of birth, place of birth, country of birth, sex, current nationality, first name(s) of the parents of the applicant;
Amendment 473 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 2 – point g
Article 15 – paragraph 2 – point g
(g) e-mail address (if available), phone number;
Amendment 476 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 2 – point h
Article 15 – paragraph 2 – point h
Amendment 479 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 2 – point i
Article 15 – paragraph 2 – point i
Amendment 492 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 2 – point m
Article 15 – paragraph 2 – point m
(m) in the case of applications filled in by a person other than the applicant, the surname, first name(s), name of firm, organization if applicable, e-mail address, mailing address, phone number; relationship to the applicant and an electronically signconfirmed representative declaration.
Amendment 503 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 4 – point a
Article 15 – paragraph 4 – point a
Amendment 508 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 4 – point b
Article 15 – paragraph 4 – point b
(b) whether he or she has everover the last ten years has been convicted of any serious criminal offence in any, when, and in which country;
Amendment 512 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 4 – point c
Article 15 – paragraph 4 – point c
(c) regarding any staywhether he or she has stayed as a combatant in a specific war or armed conflict zone over the last ten years, when, and the reasons for the stay;
Amendment 514 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 4 – point d
Article 15 – paragraph 4 – point d
(d) regarding any decisionwhether he or she has been subject to any decision over the last five years requiring him or her to leave the territory of a Member State or of any other country or whether he or she was subject to any return decision issued over the last tenfive years.
Amendment 523 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 6
Article 15 – paragraph 6
6. The applicant shall provide answers to those questions. Where the applicant answers affirmatively to any of the questions, he or she shall be required to provide answers to additional questions on the application form aimed at collecting further information via providing answers to a predetermined list of questions. The Commission shall be empowered to adopt delegated acts in accordance with Article 78 to lay down the content and format of those additional questions and the predetermined list of answers to those questions.
Amendment 526 #
2016/0357A(COD)
Proposal for a regulation
Article 15 – paragraph 8
Article 15 – paragraph 8
Amendment 530 #
2016/0357A(COD)
Proposal for a regulation
Article 16
Article 16
Amendment 542 #
2016/0357A(COD)
Proposal for a regulation
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
Amendment 544 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 2 – subparagraph 1
Article 18 – paragraph 2 – subparagraph 1
The ETIAS Central System shall compare the relevant data referred to in Article 15(2)(a),(b),(d),(f),(g),(m) and (8) to the data present in a record, file or alert registered in the ETIAS Central System, the Schengen Information System (SIS), [the Entry/Exit System (EES)], the Visa Information System (VIS), [the Eurodac], [the European Criminal Records Information System (ECRIS)], the Europol data, the Interpol Stolen and Lost Travel Document database (SLTD) and the Interpol Travel Documents Associated with Notices database (Interpol TDAWN).
Amendment 552 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 2 – subparagraph 2 – point i
Article 18 – paragraph 2 – subparagraph 2 – point i
Amendment 556 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 2 – subparagraph 2 – point k
Article 18 – paragraph 2 – subparagraph 2 – point k
Amendment 559 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 2 – subparagraph 2 – point l
Article 18 – paragraph 2 – subparagraph 2 – point l
Amendment 561 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 4
Article 18 – paragraph 4
Amendment 564 #
2016/0357A(COD)
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
Amendment 575 #
2016/0357A(COD)
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
1. Where the automated processing laid down in Article 18(2) to (53) does not report any hit, the ETIAS Central System shall automatically issue a travel authorisation in accordance with Article 30 and shall immediately notify the applicant in accordance with Article 32.
Amendment 578 #
2016/0357A(COD)
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. Where the automated processing laid down in Article 18(2) to (53) reports one or several hit(s), the application shall be assessed in accordance with the procedure laid down in Article 22.
Amendment 581 #
2016/0357A(COD)
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. Where the automated processing laid down in Article 18(2) to (53) is inconclusive because the ETIAS Central System is not in a position to certify that the data recorded in the application file correspond to the data triggering a hit, the application shall be assessed in accordance with the procedure laid down in Article 20.
Amendment 582 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. Where the ETIAS Central System is not in a position to certify that the data recorded in the application file corresponds to the data triggering a hit during the automated processing pursuant to Article 18(2) to (53) the ETIAS Central System shall automatically consult the ETIAS Central Unit.
Amendment 583 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Where consulted, the ETIAS Central Unit shall have access to the application file and the linked application file(s), if any, as well as to all the hits triggered during the automated processing pursuant to Article 18(2) to (53).
Amendment 585 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 3
Article 20 – paragraph 3
3. The ETIAS Central Unit shall verify whether the data recorded in the application file corresponds to the data present in one of the consulted information systems/databases, the ETIAS watchlist referred to in Article 29 or the specific risk indicators referred to in Article 28.
Amendment 589 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 4
Article 20 – paragraph 4
4. Where the data do not correspond, and no other hit has been reported during the automated processing pursuant to Article 18(2) to (53), the ETIAS Central Unit shall delete the false hit from the application file and the ETIAS Central System shall automatically issue a travel authorisation in accordance with Article 30.
Amendment 590 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 5 a (new)
Article 20 – paragraph 5 a (new)
5a. Where the hit was triggered by an entry from a third country in the Interpol TDAWN, the ETIAS Central Unit shall assess whether the entry could reasonably likely have been made with the objective to prevent political opponents and other persons in need of international protection from leaving the country. If the ETIAS Central Unit comes to that conclusion, it shall automatically issue a travel authorisation in accordance with Article 30.
Amendment 591 #
2016/0357A(COD)
Proposal for a regulation
Article 20 – paragraph 6
Article 20 – paragraph 6
6. The ETIAS Central Unit shall complete the manual examination within a maximum of 12 hours from receipt of the application file, and within maximum 1 hour where the application was made at a border pursuant to Article 13(1a).
Amendment 595 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. For third country nationals referred to in Article 2(1)(c), the travel authorisation as defined in Article 3(d) shall be understood as a decision issued in accordance with this Regulation indicating that there are no factual indications or reasonable groundreasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security or public health riskthreat to security in accordance with Directive 2004/38/EC.
Amendment 598 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 2 – point c
Article 21 – paragraph 2 – point c
Amendment 600 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 3 – subparagraph 1 – point b
Article 21 – paragraph 3 – subparagraph 1 – point b
Amendment 603 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 3 – subparagraph 2
Article 21 – paragraph 3 – subparagraph 2
Amendment 608 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
Amendment 612 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 5 – point b
Article 21 – paragraph 5 – point b
(b) an appeal remedy procedure as referred to in Article 32 shall be made in accordance with Directive 2004/38/EC;
Amendment 613 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 5 – point c – point i
Article 21 – paragraph 5 – point c – point i
i) the period of validity of the travel authorisation; or
Amendment 614 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 5 – point c – point ii
Article 21 – paragraph 5 – point c – point ii
Amendment 616 #
2016/0357A(COD)
Proposal for a regulation
Article 21 – paragraph 5 – point c – point iii
Article 21 – paragraph 5 – point c – point iii
iii) fivone years from the last decision to refuse, revoke or annul the travel authorisation in accordance with Articles 31, 34 and 35.
Amendment 626 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 2
Article 22 – paragraph 2
2. Where the automated processing laid down in Article 18(2) to (53) reported one or several hit(s), the application shall be processed manually by the ETIAS National Unit of the responsible Member State. The ETIAS National Unit shall have access to the application file and the linked application file(s), if any, as well as to all the hits triggered during the automated processing laid down in Article 18(2) to (53).
Amendment 627 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 4 – point a
Article 22 – paragraph 4 – point a
(a) where the hit corresponds to one or several of the categories laid down in Article 18(2)(a) toand (cb), refuse a travel authorisation., unless the applicant can verify that the lost or stolen travel document is his or hers, and he or she has been able to obtain it since it was reported as lost or stolen;
Amendment 632 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 4 – point a a (new)
Article 22 – paragraph 4 – point a a (new)
(aa) where the hit corresponds to the category laid down in Article 18(2)(c), refuse a travel authorisation;
Amendment 633 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 4 – point a b (new)
Article 22 – paragraph 4 – point a b (new)
(ab) where the hit corresponds to one or several of the categories laid down in Article 18(2)(d), issue a pro forma travel authorisation that is marked in the ETIAS Central System as such, and alert the responsible Member States, so that the arrest warrant can be executed;
Amendment 636 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 4 – point b
Article 22 – paragraph 4 – point b
(b) where the hit corresponds to one or several of the categories laid down in Article 18(2)(de) to (m), assess the threat to security or irregular migration risk and decide whether to issue or refuse a travel authorisation.
Amendment 645 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 5
Article 22 – paragraph 5
5. Where the automated processing laid down in Article 18(3) has reported that the applicant replied affirmatively to one of the questions referred to in Article 15(4), the ETIAS National Unit of the responsible Member State shall assess the irregular migration, security or public health riskthreat to security and decide whether to issue or refuse a travel authorisation.
Amendment 649 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 6
Article 22 – paragraph 6
Amendment 650 #
2016/0357A(COD)
Proposal for a regulation
Article 22 – paragraph 7
Article 22 – paragraph 7
Amendment 662 #
2016/0357A(COD)
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Where the information provided by the applicant in the application form does not allow the ETIAS National Unit of the responsible Member State to decide whether to issue or refuse a travel authorisation, that ETIAS National Unit mayshall request the applicant for additional information or documentation.
Amendment 664 #
2016/0357A(COD)
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. The request for additional information or documentation shall be notified to the contact e-mail address recorded in the application file, or by phone. The request for additional information or documentation shall clearly indicate the information or documentation that the applicant is required provide. The applicant shall provide the additional information or documentation directly to the ETIAS National Unit through the secure account service referred to in Article 6(2)(g) within 7 working days of the date of receipt of the request.
Amendment 674 #
2016/0357A(COD)
Proposal for a regulation
Article 23 – paragraph 5
Article 23 – paragraph 5
5. The invitation shall be notified to the applicant by the ETIAS National Unit of the Member and shall be notified to the contact e-mail address recorded in the application file, or by phone.
Amendment 677 #
2016/0357A(COD)
Proposal for a regulation
Article 24 – paragraph 1
Article 24 – paragraph 1
1. For the purpose of carrying out the assessment referred to in Article 22(4)(b) the ETIAS National Unit of the responsible Member State shall consult the authorities of the Member State(s) responsible for the data having triggered a hit pursuant to Article 18(2)(d),(e),(g),(h),(i) or (kh).
Amendment 679 #
2016/0357A(COD)
Proposal for a regulation
Article 24 – paragraph 2
Article 24 – paragraph 2
2. For the purpose of carrying out the assessment referred to in Article 22(4)(b), (6) and (7) the ETIAS National Unit of the responsible Member State may consult the authorities of one or several Member States.
Amendment 683 #
2016/0357A(COD)
Proposal for a regulation
Article 24 – paragraph 3
Article 24 – paragraph 3
3. Where the responsible Member State consults with one or several Member States during the manual processing of an application, the ETIAS National Units of those Member States shall have access to the relevant data of the application file as well as to the hits obtained by the automated system pursuant to Article 18 (2), (4) and (5) which are necessary for the purpose the consultation. The ETIAS National Units of the Member States consulted shall also have access to the relevant additional information or documentation provided by the applicant following a request from the responsible Member State in relation to the matter for which they are being consulted.
Amendment 689 #
2016/0357A(COD)
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. For the purpose of carrying out the assessment of security risks following a hit pursuant to Article 18(2)(j) and (4), the ETIAS National Unit of the responsible Member State shall consult Europol in cases falling under Europol's mandate. The consultation shall take place through existing communication channels between the Member State and Europol as established under Article 7 of Regulation (EU) 2016/794.
Amendment 691 #
2016/0357A(COD)
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
Amendment 710 #
2016/0357A(COD)
Proposal for a regulation
Article 28
Article 28
Amendment 750 #
2016/0357A(COD)
Amendment 771 #
2016/0357A(COD)
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
1. Where the examination of an application pursuant to the procedures laid down in Chapters III, IV and V indicates that there are no factual indications or reasonable groundreasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses an irregular migration, security or public health risk threat to security, a travel authorisation shall be issued by the ETIAS Central System or the ETIAS National Unit of the responsible Member State.
Amendment 781 #
2016/0357A(COD)
Proposal for a regulation
Article 30 – paragraph 3
Article 30 – paragraph 3
Amendment 790 #
2016/0357A(COD)
Proposal for a regulation
Article 31 – paragraph 1 – subparagraph 1 – point b
Article 31 – paragraph 1 – subparagraph 1 – point b
Amendment 794 #
2016/0357A(COD)
Proposal for a regulation
Article 31 – paragraph 1 – subparagraph 1 – point c
Article 31 – paragraph 1 – subparagraph 1 – point c
(c) poses a threat to security risk;
Amendment 796 #
2016/0357A(COD)
Proposal for a regulation
Article 31 – paragraph 1 – subparagraph 1 – point d
Article 31 – paragraph 1 – subparagraph 1 – point d
Amendment 800 #
2016/0357A(COD)
Proposal for a regulation
Article 31 – paragraph 1 – subparagraph 2
Article 31 – paragraph 1 – subparagraph 2
A travel authorisation shall also be refused if there are reasonable, serious, and substantiated doubts as to the authenticity of the data, the reliability of the statements made by the applicant, the supporting documents provided by the applicant or the veracity of their contents.
Amendment 804 #
2016/0357A(COD)
Proposal for a regulation
Article 31 – paragraph 2
Article 31 – paragraph 2
2. Applicants who have been refused a travel authorisation shall have the right to appeal. Appealn effective remedy. Remedy procedures shall be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State, which shall include the possibility for a judicial remedy. The ETIAS National Unit of the responsible Member State shall provide applicants with information regarding the procedure to be followed in the event of an appeal.
Amendment 820 #
2016/0357A(COD)
Proposal for a regulation
Article 32 – paragraph 2 – point d
Article 32 – paragraph 2 – point d
(d) information on the procedure to be followed for an appealeffective remedy.
Amendment 829 #
2016/0357A(COD)
Proposal for a regulation
Article 34 – paragraph 3
Article 34 – paragraph 3
3. A person whose travel authorisation has been annulled shall have the right to appeal. Appealn effective remedy. Remedy procedures shall be conducted in the Member State that has taken the decision on the annulment in accordance with the national law of that Member State, which shall include the possibility for a judicial remedy.
Amendment 833 #
2016/0357A(COD)
Proposal for a regulation
Article 35 – paragraph 4
Article 35 – paragraph 4
Amendment 837 #
2016/0357A(COD)
Proposal for a regulation
Article 35 – paragraph 5
Article 35 – paragraph 5
5. An applicant whose travel authorisation has been revoked shall have the right to appeal. Appealn effective remedy. Remedy procedures shall be conducted in the Member State that has taken the decision on the revocation and in accordance with the national law of that Member State, which shall include the possibility for a judicial remedy.
Amendment 843 #
2016/0357A(COD)
Proposal for a regulation
Article 36 – paragraph 1 – point d
Article 36 – paragraph 1 – point d
(d) information on the remedy procedure to be followed for an appeal.
Amendment 847 #
2016/0357A(COD)
Proposal for a regulation
Article 37 a (new)
Article 37 a (new)
Article 37 a Remedies 1. Any person may bring an action before the courts or the authority competent under the law of any Member State to obtain compensation or annulment regarding a refusal, annulment, or revocation of a travel authorisation relating to him or her. 2. The Member States undertake mutually to enforce final decisions handed down by the courts or authorities referred to in paragraph 1.
Amendment 851 #
2016/0357A(COD)
Proposal for a regulation
Article 38 – paragraph 1
Article 38 – paragraph 1
1. A travel authorisation with limited territorial validity mayshall be issued exceptionally, when the Member State concerned considers itit is necessary on humanitarian grounds, for reasons of national interest or because of international obligations notwithstanding the fact that the manual assessment process pursuant to Article 22 is not yet completed or that a travel authorisation has been refused, annulled or revoked.
Amendment 879 #
2016/0357A(COD)
Proposal for a regulation
Article 39 – paragraph 2 – subparagraph 2
Article 39 – paragraph 2 – subparagraph 2
The ETIAS Central System shall respond by indicating whether or not the person has a valid travel authorisation. Carriers may store the information sent and the answer received until the booked date of travel or any new dates in case the travel has been re-booked.
Amendment 893 #
2016/0357A(COD)
Proposal for a regulation
Article 43
Article 43
Amendment 898 #
2016/0357A(COD)
Proposal for a regulation
Article 44
Article 44
Amendment 910 #
Amendment 928 #
2016/0357A(COD)
Proposal for a regulation
Article 46
Article 46
Amendment 940 #
2016/0357A(COD)
Proposal for a regulation
Article 47 – paragraph 1 – point b
Article 47 – paragraph 1 – point b
Amendment 949 #
2016/0357A(COD)
Proposal for a regulation
Article 47 – paragraph 1 – point c
Article 47 – paragraph 1 – point c
(c) fivone years from the last decision to refuse, revoke or annul the travel authorisation in accordance with Articles 31, 34 and 35.
Amendment 958 #
2016/0357A(COD)
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. Regulation (EC) No 45/2001 shall apply to the processing of personal data by the European Border and Coast Guard Agency, Europol and eu-LISA.
Amendment 961 #
2016/0357A(COD)
Proposal for a regulation
Article 49 – paragraph 3
Article 49 – paragraph 3
3. [Directive (EU) 2016/680] shall apply to the processing by Member States designated authorities for the purposes of Article 1(2)of personal data by the ETIAS National Units for the purposes of the prevention of threats to public security.
Amendment 965 #
2016/0357A(COD)
Proposal for a regulation
Article 49 – paragraph 4
Article 49 – paragraph 4
4. Regulation (EU) 2016/794 shall apply to the processing of personal data by Europol pursuant to Articles 24 and 465.
Amendment 969 #
Amendment 972 #
2016/0357A(COD)
Proposal for a regulation
Article 53
Article 53
Amendment 974 #
Amendment 983 #
2016/0357A(COD)
Proposal for a regulation
Article 55 – paragraph 2
Article 55 – paragraph 2
Amendment 989 #
2016/0357A(COD)
Proposal for a regulation
Article 56 – title
Article 56 – title
Amendment 990 #
2016/0357A(COD)
Proposal for a regulation
Article 56 – paragraph 2
Article 56 – paragraph 2
2. Member States shall ensure that their supervisory authority has sufficient resources and expertise to fulfil the tasks entrusted to it under this Regulation.
Amendment 992 #
2016/0357A(COD)
Proposal for a regulation
Article 56 – paragraph 3 a (new)
Article 56 – paragraph 3 a (new)
3a. A report of the audit shall be made public.
Amendment 993 #
2016/0357A(COD)
Proposal for a regulation
Article 57 – title
Article 57 – title
Amendment 994 #
2016/0357A(COD)
Proposal for a regulation
Article 57 – paragraph 1
Article 57 – paragraph 1
The European Data Protection Supervisor shall ensure that an audit of eu-LISA's and the ETIAS Central Unit personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu- LISA, the Commission and the Member States, and shall be made public. eu-LISA and the European Border and Coast Guard Agency shall be given an opportunity to make comments before their reports are adopted. The EDPS shall be provided with sufficient resources and expertise to fulfil the tasks entrusted to it under this Regulation.
Amendment 997 #
2016/0357A(COD)
Proposal for a regulation
Article 58 – paragraph 1
Article 58 – paragraph 1
1. TPursuant to Article 62 of Regulation (EU) 2017/XX... [new proposal repealing Regulation 45/2001], the European Data Protection Supervisor shall act in close cooperation with national supervisory authorities with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the ETIAS, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.
Amendment 999 #
Amendment 1000 #
Amendment 1013 #
2016/0357A(COD)
Proposal for a regulation
Article 63 – paragraph 3 – subparagraph 1
Article 63 – paragraph 3 – subparagraph 1
eu-LISA shall be responsible for the technical development of the ETIAS Information System, and for any technical development required for establishing interoperability between the ETIAS Central System and the information systems referred to in Article 10. The final responsibility lies with the European Coast and Border Guard Agency, to which eu-LISA shall report at all times, pursuant to point (a) of Article 65(1).
Amendment 1015 #
2016/0357A(COD)
Proposal for a regulation
Article 63 – paragraph 3 – subparagraph 2
Article 63 – paragraph 3 – subparagraph 2
eu-LISA shall define the design of the physical architecture of the system including its Communication Infrastructure as well as the technical specifications and their evolution as regards the Central System, the Uniform Interfaces, which shall be reviewed and in, case of a favourable result, adopted by the Management Board, subject to a favourable opinion of the Commission and the EDPS. eu-LISA shall also implement any necessary adaptations to the EES, SIS, Eurodac, ECRIS or Vor SIS deriving from the establishment of interoperability with the ETIAS. eu-LISA shall adhere to the principles of data protection by design and by default, as laid out in Regulation (EU) 2016/679.
Amendment 1028 #
2016/0357A(COD)
Proposal for a regulation
Article 67 – paragraph 1
Article 67 – paragraph 1
1. Europol shall ensure processing of the queries referred to in Article 18(2)(j) and (4) and accordingly adapting its information system.
Amendment 1030 #
2016/0357A(COD)
Proposal for a regulation
Article 67 – paragraph 2
Article 67 – paragraph 2
Amendment 1038 #
Amendment 1043 #
2016/0357A(COD)
Proposal for a regulation
Article 73 – paragraph 1 – point e
Article 73 – paragraph 1 – point e
Amendment 1045 #
2016/0357A(COD)
Proposal for a regulation
Article 73 – paragraph 2
Article 73 – paragraph 2
Amendment 1059 #
2016/0357A(COD)
Proposal for a regulation
Article 75
Article 75
Amendment 1063 #
2016/0357A(COD)
Proposal for a regulation
Article 76 – paragraph 3
Article 76 – paragraph 3
Amendment 1066 #
2016/0357A(COD)
Proposal for a regulation
Article 77 – paragraph 1 – point d
Article 77 – paragraph 1 – point d
(d) the Member States and the ETIAS Central Unit have notified to the Commission the data concerning the various authorities referred to in Article 76(1) and (3).
Amendment 1067 #
2016/0357A(COD)
Proposal for a regulation
Article 78 – paragraph 2
Article 78 – paragraph 2
2. The power to adopt delegated acts referred to in Article 15(3) and (4), Article 16(4), Article 28(34) and Article 72(1) and (54) shall be conferred on the Commission for an indeterminate period of time from [the date of entry into force of this Regulation].
Amendment 1070 #
2016/0357A(COD)
Proposal for a regulation
Article 78 – paragraph 3
Article 78 – paragraph 3
3. The delegation of power referred to in Article 15(3) and (4), Article 16(4), Article 28(34) and Article 72(1) and (5) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
Amendment 1072 #
2016/0357A(COD)
Proposal for a regulation
Article 78 – paragraph 5
Article 78 – paragraph 5
5. A delegated act adopted pursuant to Article 15(2) and (4), Article 16(4), Article 28(34) and Article 72(1) and (4) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of [two months] of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council.
Amendment 1081 #
2016/0357A(COD)
Proposal for a regulation
Article 81 – paragraph 5 – subparagraph 1 – point c
Article 81 – paragraph 5 – subparagraph 1 – point c
Amendment 1084 #
2016/0357A(COD)
Proposal for a regulation
Article 81 – paragraph 5 – subparagraph 1 – point f
Article 81 – paragraph 5 – subparagraph 1 – point f
(f) the impact on fundamental rights, in particular the protection of personal data and non-discrimination.
Amendment 1087 #
2016/0357A(COD)
Proposal for a regulation
Article 81 – paragraph 8
Article 81 – paragraph 8
Amendment 36 #
2016/0288(COD)
Proposal for a directive
Recital 91 a (new)
Recital 91 a (new)
(91 a) In order to ensure a safeguard to the security and integrity of networks and services, the use of end-to-end encryption should be promoted and, where technically feasible, be mandatory in accordance with the principles of data protection by design and privacy by design. In particular, Member States should not impose any obligation to encryption providers, providers of electronic communications services and all other organisations (at all levels of the supply chain) that would result in the weakening of the security of their networks and services, such as allowing or facilitating "backdoors".
Amendment 43 #
2016/0288(COD)
Proposal for a directive
Article 39 – paragraph 2 – subparagraph 1
Article 39 – paragraph 2 – subparagraph 1
Member States shall encourage the use of the standards and/or specifications referred to in paragraph 1, for the provision of services, technical interfaces and/or network functions, to the extent strictly necessary to ensure interoperability and interconnectivity of services andin order to improve freedom of choice for users and facilitate switching.
Amendment 44 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 1
Article 40 – paragraph 1
1. Member States shall ensure that undertakings providing public communications networks or publicly available electronic communications services take appropriate technical and organisational measures to appropriately manage the risks posed to security of networks and services. Having regard to the state of the art, these measures shall ensure a level of security appropriate to the risk presented. In particular, measures shall be taken to ensure that electronic communications content is, wherever technically feasible, encrypted from end- to-end by default, in order to prevent and minimise the impact of security incidents on users and on other networks and services.
Amendment 45 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 1 a (new)
Article 40 – paragraph 1 a (new)
1 a. Member States shall not impose any obligation on providers of public communications networks or publicly available electronic communications services that would result in a weakening of the security of their networks or services. Where Member States impose additional security requirements on providers of public communications networks or publicly available electronic communications services in more than one Member State, they shall notify those measures to the Commission and ENISA. ENISA shall assist Member States in coordinating the measures taken to avoid duplication or diverging requirements that may create security risks and barriers to the internal market.
Amendment 46 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 1
Article 40 – paragraph 3 – subparagraph 1
Member States shall ensure that undertakings providing public communications networks or publicly available electronic communications services notify without undue delay the competent authority of a breach of secusecurity incident or loss of integrity that has had a significant impact on the operation of networks or services.
Amendment 47 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point a
Article 40 – paragraph 3 – subparagraph 2 – point a
(a) the number of users affected by the breachincident;
Amendment 48 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point b
Article 40 – paragraph 3 – subparagraph 2 – point b
(b) the duration of the breachincident;
Amendment 49 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point c
Article 40 – paragraph 3 – subparagraph 2 – point c
(c) the geographical spread of the area affected by the breachincident;
Amendment 50 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 2 – point d
Article 40 – paragraph 3 – subparagraph 2 – point d
(d) the extent to which the functioning of the network or service is disrupaffected;
Amendment 51 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 3 – subparagraph 3
Article 40 – paragraph 3 – subparagraph 3
Where appropriate, the competent authority concerned shall inform the competent authorities in other Member States and the European Network and Information Security Agency (ENISA). The competent authority concerned may inform the public or require the undertakingproviders to do so, where it determines that disclosure of the breachincident is in the public interest.
Amendment 52 #
2016/0288(COD)
Proposal for a directive
Article 40 – paragraph 5 a (new)
Article 40 – paragraph 5 a (new)
5 a. By ...[date] in order to contribute to the consistent application of measures for the security of networks and services, ENISA shall, after consulting stakeholders and in close cooperation with the Commission and BEREC, issue guidelines on minimum criteria and common approaches for the security of networks and services and for the use and application of end-to-end encryption.
Amendment 54 #
2016/0288(COD)
Proposal for a directive
Article 41 – paragraph 1
Article 41 – paragraph 1
1. Member States shall ensure that in order to implement Article 40, the competent authorities have the power to issue binding instructions, including those regarding the measures required to remedy a breachprevent or remedy an incident and time-limits for implementation, to undertakings providing public communications networks or publicly available electronic communications services.
Amendment 54 #
2016/0280(COD)
Proposal for a directive
Recital 38 – paragraph 1
Recital 38 – paragraph 1
Where information society service providers store and provide access to the public to copyright protected works or other subject-matter uploaded by their users, thereby going beyond the mere provision of physical facilities and performing an act of communication to the public, they are obliged to conclude licensing agreements with rightholders, unless they are eligible for the liability exemptions provided in Article 14 of Directive 2000/31/EC of the European Parliament and of the Council34 . __________________ 34 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ L 178, 17.7.2000, p. 1–16).
Amendment 63 #
2016/0280(COD)
Proposal for a directive
Recital 38 – paragraph 2
Recital 38 – paragraph 2
Amendment 70 #
2016/0280(COD)
Proposal for a directive
Recital 38 – paragraph 3
Recital 38 – paragraph 3
In order to ensure the functioning of any licensing agreement, information society service providers storing and providing access to the public to large amounts of copyright protected works or other subject- matter uploaded by their users should take appropriate and proportionate measures to ensure protection of works or other subject-matter, s. Such as implementing effective technologies. This obligation should also apply when the information society service providers are eligible for the liability exemption provided in Article 14 of Directive 2000/31/ECmeasures should respect the fundamental rights of users and should not impose a general obligation on information society service providers to monitor the information which they transmit or store or a general obligation actively to seek facts or circumstances indicating illegal activity.
Amendment 112 #
2016/0280(COD)
Proposal for a directive
Article 13 – paragraph 1
Article 13 – paragraph 1
1. IWhere information society service providers that store and provide to the public access to large amounts of copyright protected works or other subject-matter uploaded by their users shall, in cooperation with rightholders, tak, and where such activity is not eligible for the liability exemptions provided for in Directive 2000/31/EC, they shall take appropriate and proportionate measures to ensure the functioning of licensing agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures, such as the use of effective content recognition technologies, shall be appropriate and proportionate. The service providers shall provide rightholders with adequate information on the functioning and the deployment of the measures, as well as, when relevant, adequate reporting on the recognition and use of the works and other subject-matter. The implementation of such agreements shall respect the fundamental rights of users and shall not impose a general obligation on information society service providers to monitor the information which they transmit or store or a general obligation actively to seek facts or circumstances indicating illegal activity.
Amendment 731 #
2016/0280(COD)
Proposal for a directive
Article 11
Article 11
Amendment 48 #
2016/0151(COD)
Proposal for a directive
Citation 1 a (new)
Citation 1 a (new)
Having regard to the Charter of Fundamental Rights of the European Union, and in particular Article 7, 10, 11, 21, 24, 26, 47 and 52 thereof,
Amendment 54 #
2016/0151(COD)
Proposal for a directive
Recital 8
Recital 8
(8) In order to ensure coherence and give legal certainty to businesses and Member States' authorities, the notion of "incitement to hatred" should, to the appropriate extent, be aligned towith the definition in the Council Framework Decision 2008/913/JHA of 28 November 2008 on combating certain forms and expressions of racism and xenophobia by means of criminal law which defines hate speech as "publicly inciting to violence or hatred". This should include aligning the grounds on which incitement to violence or hatred is bas as well as those grounds not covered by Framework Decision 2008/913/JHA such as social origin, genetic features, language, political or any other opinion, membership of a national minority, property, birth, disability, age, gender, gender expression, gender identity, sexual orientation, residence status or health. These grounds are intended to further specify the characteristics of "publicly inciting to violence or hatred" but should not alone be considered as a basis for restricting the making available of audio-visual content. All circumstances, including the intention, should be taken into account, and freedom of expression, in particular artistic, literary and journalistic expression, should be respected.
Amendment 64 #
2016/0151(COD)
Proposal for a directive
Recital 10
Recital 10
(10) Certain widely recognised nutritional guidelines exist at national and international level, such as the WHO Regional Office for Europe's nutrient profile model, in order to differentiate foods on the basis of their nutritional composition in the context of foods television advertising to children. Member States should be encouraged to ensure that self-and co-regulatory codes of conduct are used to effectively reduce the exposure of children and minors to audiovisual commercial communications regarding foods and beverages that are high in salt, sugars or fat or that otherwise do not fit these national or international nutritional guidelines.
Amendment 66 #
2016/0151(COD)
Proposal for a directive
Recital 11
Recital 11
(11) Similarly, Member States should be encouraged to ensure that self-and co- regulatory codes of conduct are used to effectively limit the exposure of children and minors to audiovisual commercial communications for alcoholic beverages. Certain co- regulatory or self-regulatory systems exist at Union and national level in order to market responsibly alcoholic beverages, including in audiovisual commercial communications. ThoseCo-regulatory systems should be further encouraged, in particular those aiming at ensuring that responsible drinking messages accompany audiovisual commercial communications for alcoholic beverages.
Amendment 68 #
2016/0151(COD)
Proposal for a directive
Recital 12
Recital 12
(12) In order to remove barriers to the free circulation of cross-border services within the Union, it is necessary to ensure the effectiveness of self- and co-regulatory measures aiming, in particular, at protecting consumers or public health. When well enforced and monitored, codes of conduct at Union level might be a good means of ensuring a more coherent and effective approach.
Amendment 77 #
2016/0151(COD)
Proposal for a directive
Recital 26
Recital 26
(26) There are new challenges, in particular in connection with video-sharing platforms, on which users - particularly minors - increasingly consume audiovisual content. In this context, harmful content and hate speech stored on video-sharing platforms have increasingly given rise to concern. Iaddition, the decision to remove such content, being often dependent on a subjective interpretation, can undermine the freedom of expression and information. In this context, it is necessary, in order to protect minors from harmful content and all citizens from content containing incitement to violence or hatred hosted on video-sharing platforms, but also to protect and guarantee the fundamental rights of users, to set out common and proportionate rules on those matters. Such rules should, in particular, further define at Union level the characteristics of "harmful content" and "incitement to violence and hatred", taking into account the intention and effect of such content. Co-regulatory measures implemented or approved by Member States or by the Commission should fully respect the obligations of the Charter of Fundamental Rights of the European Union, in particular Article 52 thereof. National regulatory bodies and authorities should retain effective enforcement powers.
Amendment 90 #
2016/0151(COD)
Proposal for a directive
Recital 30
Recital 30
(30) It is appropriate to involve relevant stakeholders including civil society organisations and the video-sharing platform providers as much as possible when implementing the appropriate measures to be taken pursuant to this Directive. Co-regulation that is transparent and accountable should therefore be encouraged. With a view to ensuring a clear and consistent approach in this regard across the Union, Member States should not be entitled to require video-sharing platform providers to take stricter measures to protect minors from harmful content and all citizens from content containing incitement to violence or hatred than the ones provided for in this Directive. However, it should remain possible for Member States to take such stricter measures where that content is illegal, provided that they comply with Articles 14 and 15 of Directive 2000/31/EC, and to take measures with respect to content on websites containing or disseminating child pornography, as required by and allowed under Article 25 of Directive 2011/93/EU of the European Parliament and the Council35. It should also remain possible for video-sharing platform providers to take stricter measures on a voluntary basis. _________________ 35 Directive 2011/93/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA (OJ L 335, 17.12.2011, p. 1).
Amendment 106 #
2016/0151(COD)
Proposal for a directive
Recital 38
Recital 38
(38) This Directive is without prejudice to the ability of Member States to impose obligations to ensure discoverability and accessibilityaccess to and appropriate prominence of content of general interest under defined general interest objectives such as media pluralism, freedom of speech and cultural diversity. Such obligations should only be imposed where they are necessary to meet general interest objectives clearly defined by Member States in conformity with Union law. In this resp. Such obligations should be proportionate and meet general interest objectives such as media pluralism, freedom of speecth, Member States should in particular examine the need for regulatory intervention against the results of the outcome of market forces. Where Member States decide to impose discoverability rules, they should only impose proportionate obligations on undertakings, in the interest of legitimate public policy considerationscultural and regional diversity, as well as language preservation clearly defined by Member States in conformity with Union law.
Amendment 109 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 1 – point b
Article 1 – paragraph 1 – point 1 – point b
Directive 2010/13/EU
Article 1 – paragraph 1 – point a a – point iii
Article 1 – paragraph 1 – point a a – point iii
(iii) the principal purpose of the service or a dissociable section thereof is devoted to, or the service plays a significant role in, providing programmes and user- generated videos to the general public, in order to inform, entertain or educate;
Amendment 115 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 5 – point d
Article 1 – paragraph 1 – point 5 – point d
Directive 2010/13/EU
Article 4 – paragraph 7 – subparagraph 1
Article 4 – paragraph 7 – subparagraph 1
Member States shall encourage co- regulation and self-regulation through codes of conduct adopted at national level in the fields coordinated by this Directive to the extent permitted by their legal systems. Those codes shall be such that they are broadly accepted by the main stakeholders in the Member States concerned and approved by the national regulatory body or authority. The codes of conduct shall clearly and unambiguously set out their objectives and measures. They shall provide for regular, transparent and independent monitoring and evaluation of the achievement of the objectives aimed at. They shall provide for effective and transparent enforcement, including when appropriate effective and proportionate sanctions. Member States shall ensure that in the event the co- regulation fails to achieve the desired level of protection, national regulatory bodies and authorities have effective enforcement powers, including through issuing binding codes of conduct and applying administrative sanctions.
Amendment 119 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 8
Article 1 – paragraph 1 – point 8
Directive 2010/13/EU
Article 6
Article 6
Member States shall ensure by appropriate means that audiovisual media services provided by media service providers under their jurisdiction do not contain any incitement to violence or hatred directed against a group of persons or a member of such a group defined by reference to sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.;.
Amendment 130 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 14
Article 1 – paragraph 1 – point 14
Directive 2010/13/EU
Article 12 – paragraph 1
Article 12 – paragraph 1
Member States shall take appropriate measures to ensure that programmes provided by audiovisual media service providers under their jurisdiction, which may impair the physical, or mental or moral development of minors are only made available in such a way as to ensure that minors will not normally hear or see them. Such measures may include selecting the time of the broadcast, or age verification tools or other technical measures. They shall be proportionate to the potential harm of the programme and shall not lead to any additional processing of personal data and be without prejudice to Article 8 of Regulation (EU)2016/679.
Amendment 132 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 14
Article 1 – paragraph 1 – point 14
Directive 2010/13/EU
Article 12 – paragraph 2
Article 12 – paragraph 2
Amendment 142 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28 a – paragraph 1 – point b
Article 28 a – paragraph 1 – point b
(b) protect all citizens from content they have obtained actual knowledge of, which containings incitement to violence or hatred directed against a group of persons or a member of such a group defined by reference to sex, race, colour, religion, descent or national or ethnic origin. Member States shall ensure that all circumstances such as the intention are taken into account, and freedom of expression, in particular artistic, literary and journalistic expression, is respected.
Amendment 148 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28 a – paragraph 2 – subparagraph 2 – point a
Article 28 a – paragraph 2 – subparagraph 2 – point a
(a) definingspecifying the characteristics of and applying in the terms and conditions of the video-sharing platform providers the concepts of incitement to violence or hatred as referred to in point (b) of paragraph 1 and of content which may impair the physical, or mental or moral development of minors, in accordance with Articles 6 and 12 respectively. Member States shall ensure that measures based on terms and conditions are only permitted if national procedural rules provide a possibility for users to assert their rights before a court after learning of such measures;
Amendment 152 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28 a – paragraph 2 – subparagraph 2 – point c
Article 28 a – paragraph 2 – subparagraph 2 – point c
(c) establishing and operating age verification systems for users of video- sharing platforms with respect to content which may impair the physical, or mental or moral development of minors. Such systems shall not lead to any additional processing of personal data and be without prejudice to Article 8 of Regulation (EU)2016/679;
Amendment 156 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28 a – paragraph 2 – subparagraph 2 – point e
Article 28 a – paragraph 2 – subparagraph 2 – point e
(e) providing for parental control systems that are under the control of the end-users, with respect to content which may impair the physical, or mental or moral development of minors;
Amendment 161 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28 a – paragraph 5
Article 28 a – paragraph 5
5. Member States shall not impose on video-sharing platform providers measures that are stricter than the measures referred to in paragraph 1 and 2. Member States shall not be precluded from imposing stricter measures with respect to illegal content. When adopting such measures, they shall respect the conditions set by applicable Union law, such as, where appropriate, those set , provided that any measure taken is strictly limited to what is necessary and proportionate and is taken on the basis of prior judicial authorisation, notwithstanding Articles 14 and 15 of Directive 2000/31/EC or, Article 25 of Directive 2011/93/EU or Article 21b of Directive 2016/XXX/EU [replace with reference to Terrorism Directive once that is published and update Article number].
Amendment 163 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Directive 2010/13/EU
Article 28a – paragraph 6
Article 28a – paragraph 6
6. Member States shall ensure that effective complaint and redress mechanisms, including counter-notice procedure, are available for the settlement of disputes between users and video- sharing platform providers relating to the application of the appropriate measures referred to in paragraphs 1 and 2.
Amendment 164 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 20
Article 1 – paragraph 1 – point 20
Directive 2010/13/EU
Chapter XI – title
Chapter XI – title
REGULATORY BODIES AND AUTHORITIES OF THE MEMBER STATES;
Amendment 165 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 21
Article 1 – paragraph 1 – point 21
Directive 2010/13/EU
Article 30 – paragraph 1
Article 30 – paragraph 1
1. Each Member State shall designate one or more independent national regulatory bodies and authorities. Member States shall ensure that they are legally distinctfree from any governmental power or influence and functionally independent of any other public or private body. This shall be without prejudice to the possibility for Member States to set up regulators having oversight over different sectors.
Amendment 167 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 21
Article 1 – paragraph 1 – point 21
Member States shall ensure that national regulatory bodies and authorities exercise their powers impartially and transparently and in accordance with the objectives of this Directive, in particular media pluralism, cultural diversity, consumer protection, internal market and the promotion of fair competition.
Amendment 168 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 21
Article 1 – paragraph 1 – point 21
Directive 2010/13/EU
Article 30 – paragraph 4
Article 30 – paragraph 4
4. Member States shall ensure that national regulatory authorities have adequate enforcement powers and resources to carry out their functions effectively.
Amendment 169 #
2016/0151(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 22
Article 1 – paragraph 1 – point 22
Directive 2010/13/EU
Article 30 a – paragraph 2
Article 30 a – paragraph 2
2. It shall be composed of national independent regulatory authorities in the field of audiovisual media services, which may include those regional independent regulatory bodies and authorities with full competence in the field of audiovisual media services. They shall be represented by the heads or by nominated high level representatives of the national regulatory authority with primary responsibility for overseeing audiovisual media services, or in cases where there is no national regulatory authority, by other representatives as chosen through their procedures. A Commission representative shall participate in the group meetings.
Amendment 150 #
2016/0106(COD)
Draft legislative resolution
Paragraph 1
Paragraph 1
1. Adopts its position at first reading hereinafter set outRejects the Commission proposal;
Amendment 153 #
2016/0106(COD)
Draft legislative resolution
Paragraph 2
Paragraph 2
2. Calls on the Commission to refer the matter to Parliament again if it intends to amend its proposal substantially or replace it with another textwithdraw its proposal;
Amendment 177 #
2016/0106(COD)
Proposal for a regulation
Recital 8
Recital 8
(8) The EES should apply to third country nationals admitted for a short stay to the Schengen area. It should also apply to third country nationals whose entry for a short stay has been refused.
Amendment 190 #
2016/0106(COD)
Proposal for a regulation
Recital 9
Recital 9
(9) The EES should have the objective of improving the management of external borders, preventing irregular immigration and facilitating the management of migration flows. The EES should, in particular and when relevant, contribute to the identification of any person who does not or no longer fulfils the conditions of duration of stay within the territory of the Member States.
Amendment 192 #
2016/0106(COD)
Proposal for a regulation
Recital 10
Recital 10
(10) To meet those objectives, the EES should process alphanumeric data and biometric data (fingerprints and facial image). The use of biometrics, despite its impact on the privacy of travellers, is justified for two reasons. Firstly, biometrics are a reliable method to identify third country nationals within the territory of the Member States not in possession of travel documents or any other means of identification, a common modus operandi of irregular migrants. Secondly, biometrics provide for the more reliable matching of entry and exit data of legal travellers. Where facial images are used in combination with fingerprint data, it allows for the reduction of fingerprints registered while enabling the same result in terms of accuracy of the identification.
Amendment 198 #
2016/0106(COD)
Proposal for a regulation
Recital 11
Recital 11
(11) Four fingerprints of visa exempt third country nationals should be enrolled in the EES, if physically possible, to allow for accurate verification and identification (ensuring that the third country national is not already enrolled under another identity or with another travel document) and to guarantee that sufficient data is available in every circumstance. The check of the fingerprints of visa holders will be done against the Visa Information System. (VIS) established by Council Decision 2004/512/EC21. The facial image of both visa exempt and visa holding third country nationals should be registered in the EES and it should be used as the main biometric identifier for verifying the identity of third country nationals who have been previously registered in the EES and for as long as their individual file has not been deleted. Alternatively, that verification should be performed using fingerprints. _________________ 21Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) (OJ L 213, 15.6.2004, p.5).
Amendment 208 #
2016/0106(COD)
Proposal for a regulation
Recital 13
Recital 13
(13) Interoperability should be established between the EES and the VIS by way of a direct communication channel between the Central Systems to enable the border authorities using the EES to consult the VIS in order to retrieve visa-related data to create or update the individual file; to enable the border authorities to verify the validity of the visa and the identity of a visa holder by means of fingerprints directly against the VIS at the external borders and to enable the border authorities to verify the identity of visa exempt third country nationals against the VIS with fingerprints. Interoperability should also enable the border authorities using the VIS to directly consult the EES from the VIS for the purposes of examining visa applications and decisions relating to those applications and enable visa authorities to update the visa-related data in the EES in the event that a visa is annulled, revoked or extended. Regulation (EC) No 767/2008/EC of the European Parliament and of the Council22 should be amended accordingly. _________________ 22 Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p.60).
Amendment 223 #
2016/0106(COD)
Proposal for a regulation
Recital 15
Recital 15
(15) Any processing of EES data should be proportionate to the objectives pursued and necessary for the performance of tasks of the competent authorities. When using the EES, the competent authorities should ensure that the human dignity and integrity of the person, whose data are requested, are respected and should not discriminate against persons on grounds of sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.
Amendment 224 #
2016/0106(COD)
Proposal for a regulation
Recital 16
Recital 16
Amendment 231 #
2016/0106(COD)
Proposal for a regulation
Recital 17
Recital 17
Amendment 237 #
2016/0106(COD)
Proposal for a regulation
Recital 18
Recital 18
Amendment 241 #
2016/0106(COD)
Proposal for a regulation
Recital 19
Recital 19
Amendment 245 #
2016/0106(COD)
Proposal for a regulation
Recital 20
Recital 20
Amendment 247 #
2016/0106(COD)
Proposal for a regulation
Recital 21
Recital 21
Amendment 249 #
2016/0106(COD)
Proposal for a regulation
Recital 22
Recital 22
Amendment 251 #
2016/0106(COD)
Proposal for a regulation
Recital 23
Recital 23
Amendment 254 #
2016/0106(COD)
Proposal for a regulation
Recital 24
Recital 24
Amendment 257 #
2016/0106(COD)
Proposal for a regulation
Recital 25
Recital 25
(25) The personal data stored in the EES should be kept for no longer than is necessary for the purposes of the EES. It is appropriate to keep the data related to third country nationals for a period of five years for border management purposes in order to avoid the need for third country nationals to re-enrol in the EES before that period has lapsed. For third country nationals who are family members of a Union citizen to whom Directive 2004/38/EC27 applies or of a national of a third country enjoying the right of free movement under Union law and who do not hold a residence card referred to under Directive 2004/38/EC, it is appropriate to store each coupled entry/ exit record for a maximum period of one year after the last exit. _________________ 27Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77)very short period after exit.
Amendment 263 #
2016/0106(COD)
Proposal for a regulation
Recital 26
Recital 26
Amendment 275 #
2016/0106(COD)
Proposal for a regulation
Recital 27
Recital 27
(27) The same retention period of fivone years would be necessary for data on persons who have not exited the territory of the Member States within the authorised period of stay in order to support the identification and return process and for persons whose entry for a short stay {or on the basis of a touring visa} has been refused. The data should be deleted after the period of fivone years, unless there are grounds to delete it earlier.
Amendment 282 #
2016/0106(COD)
Proposal for a regulation
Recital 29 a (new)
Recital 29 a (new)
(29a) Carriers should be informed whether or not third-country nationals who are about to use their travelling services and hold a single or double entry visa have already used the visa through an OK/NOT OK answer conveyed through the Customs Response Message (CUSRES) in the interactive Advance Passenger Information (API) system. The Commission should comply with the standards and recommended practices laid down in Annex 9 to the Convention on International Civil Aviation signed on 7 December 1944 in order to ensure that the EES is compatible with established API systems..
Amendment 284 #
2016/0106(COD)
Proposal for a regulation
Recital 31
Recital 31
Amendment 287 #
2016/0106(COD)
Proposal for a regulation
Recital 32
Recital 32
(32) Personal data obtained by Member States pursuant to this Regulation should not be transferred or made available to a third country, an international organisation or any private party established in or outside the Union except if necessary in individual cases in order to assist the identification of a third country national in relation to his/her return and subject to strict conditions.
Amendment 292 #
2016/0106(COD)
Proposal for a regulation
Recital 35
Recital 35
Amendment 302 #
2016/0106(COD)
Proposal for a regulation
Recital 42
Recital 42
(42) The projected costs of the EES are lower than the budget earmarked for Smart Borders in Regulation (EU) 515/2014 of the European Parliament and the Council33. Accordingly, following the adoption of this Regulation, pursuant to Article 5(5)(b) of Regulation (EU) 515/2014, the Commission should, by means of a delegated act, re-allocate the amount currently attributed for developing IT systems supporting the management of migration flows across the external borders. _________________ 33 Regulation (EU) No 515/2014 of the European Parliament and of the Council of 16 April 2014 establishing as part of the Internal Security Fund, the Instrument for financial support for external borders and visa and repealing Decision No 574/2007/EC (OJ L 150, 20.5.2014, p. 143).
Amendment 313 #
2016/0106(COD)
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
Amendment 341 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 15
Article 3 – paragraph 1 – point 15
Amendment 342 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 17
Article 3 – paragraph 1 – point 17
(17) ‘'biometric data’' means fingerprint data and facial imagedata based on a facial image which has been processed in order to allow biometric matching;
Amendment 345 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 22
Article 3 – paragraph 1 – point 22
Amendment 346 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 23
Article 3 – paragraph 1 – point 23
Amendment 347 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 25
Article 3 – paragraph 1 – point 25
Amendment 348 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 26
Article 3 – paragraph 1 – point 26
Amendment 349 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 27
Article 3 – paragraph 1 – point 27
Amendment 350 #
2016/0106(COD)
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
Amendment 354 #
2016/0106(COD)
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
The Agency for the operational management of large-scale information systems in the area of freedom, security and justice ('eu-LISA') shall develop the EES and ensure its operational management, including the functionalities for processing biometric data referred to in Article 14(1)(f) and Article 15.
Amendment 359 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point a
Article 5 – paragraph 1 – point a
(a) enhance the efficiency of border checks byallow for the calculationg and monitoring of the duration of the authorised stay at entry and exit of third- country nationals admitted for a short stay {or on the basis of a touring visa};
Amendment 364 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point c
Article 5 – paragraph 1 – point c
(c) allow to identify and detect overstayers (also within the territory) and enable competent national authorities of the Member States to take appropriate measures including to increase the possibilities for return;
Amendment 365 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point d
Article 5 – paragraph 1 – point d
Amendment 366 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point e
Article 5 – paragraph 1 – point e
Amendment 368 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point h
Article 5 – paragraph 1 – point h
(h) gather statistics on the entries and exits, refusals of entry and overstays of third country nationals to improve the assessment of the risk of overstays and to support evidence-based Union migration policy making;
Amendment 370 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point i
Article 5 – paragraph 1 – point i
(i) combat identity fraud at the external borders, which is committed for the purpose of entering the Union;
Amendment 373 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point j
Article 5 – paragraph 1 – point j
Amendment 378 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point k
Article 5 – paragraph 1 – point k
(k) enable identifying and apprehending terrorist, and criminal suspects as well as ofidentifying victims crossing the external borders;
Amendment 380 #
2016/0106(COD)
Proposal for a regulation
Article 5 – paragraph 1 – point l
Article 5 – paragraph 1 – point l
Amendment 389 #
2016/0106(COD)
Proposal for a regulation
Article 7 – paragraph 2 – point e
Article 7 – paragraph 2 – point e
Amendment 395 #
2016/0106(COD)
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Each competent authority shall ensure that in using the EES, it does not discriminate against third country nationals on the grounds of sex, racial or ethnic origin, religion or beliefe, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation and that it fully respects human dignity and the integrity of the person. Particular attention shall be paid to the specific situation of children, the elderly and persons with a disability. In particular, when retaining a child's data, the best interest of the child shall be a primary consideration.
Amendment 418 #
2016/0106(COD)
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. A list generated by the system containing the data referred to in Article 14 and 15 of all identified overstayers shall be available to the designated competent national authorities.
Amendment 429 #
2016/0106(COD)
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Carriers may use the secure internet access to the web service referred to in paragraph 1 to verify whether or not third country nationals holding a single or double entry visa have already used the visa. The carrier shall provide the data listed in Article 14(1)(d). The web service shall on that basis provide the carriers with an OK/NOT OK answer. Carriers may store the information sent and the answer receivedshall be informed whether or not third country nationals wanting to use their transport services and holding a single or double entry visa have already used the visa by an OK/NOT OK answer conveyed through the CUSRES message of an interactive API system. Carriers may store the answer received for the sole purpose of informing the respective third country nationals.
Amendment 432 #
2016/0106(COD)
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Border authorities shall verify, in accordance with Article 21, whether a previous individual file has been created in the EES for the third country national as well as their identity. Where a third country national uses a self-service system for pre-enrolment of data or for the performance of border checks [should this self-service system not be defined or explained?], a verification may be carried out through the self service system.
Amendment 434 #
2016/0106(COD)
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. Where a previous individual file has been created, the border authority shall, if necessary, update the individual file data, and enter an entry/exit record for each entry and exit in accordance with Articles 14 and 15 or, where applicable, a refusal of entry record in accordance with Article 16. That record shall be linked to the individual file of the third country national concerned. Where applicable, the data referred to in Article 17(1) shall be added to the individual file and the data referred to in Article 17(3) and (4) shall be added to the entry/exit record of the third country national concerned. The different travel documents and identities used legitimately by a third country national shall be added to the third country national's individual file. Where a previous file has been registered and the third country national presents a travel document which differs from the one which was previously registered, the data referred under Article 14(1)(f) shall also be updated if the facial image recorded in the chip of the new travel document can be extracted electronically.
Amendment 438 #
2016/0106(COD)
Proposal for a regulation
Article 13 – paragraph 4
Article 13 – paragraph 4
4. In the absence of a previous registration of a third country national in the EES, the border authority shall create the individual file of the person by entering the data referred to in Articles 14, 15 and 16 as applicable.
Amendment 439 #
2016/0106(COD)
Proposal for a regulation
Article 13 – paragraph 5
Article 13 – paragraph 5
Amendment 447 #
2016/0106(COD)
Proposal for a regulation
Article 14 – paragraph 1 a (new)
Article 14 – paragraph 1 a (new)
1a. Member States shall ensure that appropriate procedures guaranteeing the dignity of the person are in place in the event of difficulties encountered in the capturing of facial images.
Amendment 453 #
2016/0106(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. For third country nationals exempt from the visa obligation, the border authority shall enter into their individual file the data provided for in Article 14(1)(a), (b), (c) and (f). In addition it shall enter into that individual file the four fingerprint of the index, middle- finger, ring-finger and little finger from the right hand, and where this is not possible the same fingers from the left hand, in accordance with the specifications for the resolution and use of fingerprints adopted by the Commission in accordance with Article 61(2). For third country nationals exempt from the visa obligation, Articles 14(2) to 14(4) shall apply.
Amendment 455 #
2016/0106(COD)
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
Amendment 458 #
2016/0106(COD)
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
Amendment 461 #
2016/0106(COD)
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
Amendment 464 #
2016/0106(COD)
Proposal for a regulation
Article 16
Article 16
Amendment 475 #
2016/0106(COD)
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
In that case Article 12 of Regulation (EU) 2016/399 shall apply and if that presumption is rebutted by proofan explanation that the third country national concerned has respected the conditions relating to the condition of short stay, the competent authorities shall create an individual file for that third country national in the EES if necessary, or update the latest entry/exit record by entering the missing data in accordance with Articles 14 and 15 or delete an existing file where Article 32 applies.
Amendment 478 #
2016/0106(COD)
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
In the event of technical impossibility in entering data in the Central System or in the event of a failure of the Central System, the data referred to in Articles 14, 15, 16, 17 and 18 shall be temporarily stored in the National Uniform Interface as provided for in Article 6. If this is not possible, the data shall be temporarily stored locally. In both cases, the data shall be entered into the Central System of the EES as soon as the technical impossibility or failure has been remedied. The Member States shall take the appropriate measures and deploy the required infrastructure, equipment and resources to ensure that such temporary local storage can be carried out at any time and for any of their border crossing points.
Amendment 482 #
2016/0106(COD)
Proposal for a regulation
Article 21 – paragraph 2 – subparagraph 3
Article 21 – paragraph 2 – subparagraph 3
If the search in the EES with those data indicates that data on the third country national are recorded in the EES, the border authorities shall compare the live facial image of the third country national with the facial image referred to in Article 14(1)(f). Where the technology is not available at the border crossing for the use of live facial image, the border authorities shall, in the case of visa exempt third country nationals, proceed to a verification of fingerprints against the EES and in the case of visa holding third country nationals, proceed to a verification of fingerprints directly against the VIS in accordance with Article 18 of Regulation (EU) No 767/2008. For the verification of fingerprints against the VIS for visa holders, the border authorities may launch the search in the VIS directly from the EES as provided in Article 18(6) of Regulation (EC) No 767/2008or if the verification of the facial image fails, the border authorities shall verify the alphanumeric data.
Amendment 484 #
2016/0106(COD)
Proposal for a regulation
Article 21 – paragraph 2 – subparagraph 4
Article 21 – paragraph 2 – subparagraph 4
Amendment 486 #
2016/0106(COD)
Proposal for a regulation
Article 21 – paragraph 4 – subparagraph 2
Article 21 – paragraph 4 – subparagraph 2
Amendment 487 #
2016/0106(COD)
Proposal for a regulation
Article 22 – paragraph 2 – point c
Article 22 – paragraph 2 – point c
(c) the biometric data as referred to in Articles 14(1)(f) and 15.
Amendment 492 #
2016/0106(COD)
Proposal for a regulation
Article 24 – paragraph 1 – subparagraph 2
Article 24 – paragraph 1 – subparagraph 2
If the search indicates that data on the third country national are recorded in the EES, the competent authorities shall compare the live facial image of the third country national with the facial image referred to in Article 14(1)(f). Where the technology is not available for the use of live facial imaging, the competent authorities shall proceed with the verification of fingerprints of visa exempt third country nationals in the EES and of visa holding third country nationals in the VIS in accordance with Article 19 of Regulation (EC) No 767/2008.
Amendment 494 #
2016/0106(COD)
Proposal for a regulation
Article 25 – paragraph 1 – subparagraph 1
Article 25 – paragraph 1 – subparagraph 1
For the sole purpose of identifying any third country national who may have been registered previously in the EES under a different identity or who does not or no longer fulfils the conditions for entry to, for stay or for residence on the territory of the Member States, the competent authorities for carrying out checks at external border crossing points in accordance with Regulation (EU) 2016/399 or within the territory of the Member States as to whether the conditions for entry to, stay or residence on the territory of the Member States are fulfilled shall have access to search with the biometric data of that third country national referred to in Articles 14(1)(f) and 15(1).
Amendment 496 #
2016/0106(COD)
Proposal for a regulation
Article 25 – paragraph 1 – subparagraph 2
Article 25 – paragraph 1 – subparagraph 2
Where the search with the data referred to in Articles 14(1)(f) and 15(1) indicates that data on that third country national are not recorded in the EES, access to data for identification shall be carried out in the VIS in accordance with Article 20 of Regulation (EC) No 767/2008. At external borders, pPrior to any identification against the VIS, the competent authorities shall first access the VIS in accordance with Articles 18 or 19a of Regulation (EC) No 767/2008.
Amendment 497 #
2016/0106(COD)
Where the fingerprints of that third country national cannot be used or the search with the fingerprints andsearch with the facial image has failed, the search shall be carried out with the data referred to in Article 14(1)(a) or (b) or in both.
Amendment 499 #
2016/0106(COD)
Proposal for a regulation
Article 26
Article 26
Amendment 509 #
2016/0106(COD)
Proposal for a regulation
Article 27
Article 27
Amendment 514 #
2016/0106(COD)
Proposal for a regulation
Article 28
Article 28
Amendment 520 #
Amendment 547 #
2016/0106(COD)
Proposal for a regulation
Article 30
Article 30
Amendment 560 #
2016/0106(COD)
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. Each entry/exit record or refusal of entry record linked to an individual file shall be stored for five year: (a) 181 days following the date of the exitntry record for of the refusal of entry record, as applicable. holders of multiple-entry visas, or for third-country nationals who do not require a visa, or for third-country nationals who are family members of a Union citizen to whom Directive 2004/38/EC applies, or for third-country nationals enjoying the right of free movement under Union law who do not hold a residence card referred to under Directive 2004/38/EC; (b) 72 hours following the date of the exit record for holders of single-entry visas.
Amendment 566 #
2016/0106(COD)
Proposal for a regulation
Article 31 – paragraph 2
Article 31 – paragraph 2
Amendment 578 #
2016/0106(COD)
Proposal for a regulation
Article 31 – paragraph 3
Article 31 – paragraph 3
3. If there is no exit record following the date of expiry of the authorised period of stay, the data shall be stored for a period of fivone years following the last day of the authorised stay. The EES shall automatically inform the Member States threewo months in advance of the scheduled deletion of data on overstayers in order for them to adopt the appropriate measures.
Amendment 583 #
2016/0106(COD)
Proposal for a regulation
Article 31 – paragraph 4
Article 31 – paragraph 4
4. By way of derogation tofrom paragraphs (2) and (3), the entry/exit record(s) generated by third country nationals in their condition of family members of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement under Union law and who do not hold a residence card referred to under Directive 2004/38/EC, shall be stored in the EES for a maximum of one year after the lastsix months following the last day of the authorised stay, if there is no exit record.
Amendment 586 #
2016/0106(COD)
Proposal for a regulation
Article 31 – paragraph 5
Article 31 – paragraph 5
5. Upon expiry of the retention period referred to in paragraphs 1, 3 and 24, such data shall automatically be erased from the Central System
Amendment 590 #
2016/0106(COD)
Proposal for a regulation
Article 32 – paragraph 3
Article 32 – paragraph 3
3. By way of derogation from paragraphs 1 and 2, if a Member State other than the Member State responsible has evidence to suggest that data recorded in the EES are factually inaccurate or that data were processed in the EES in contravention of this Regulation, it shall check the data concerned if it is possible to do this without consulting the Member State responsible and, if necessary, amend or erase them from the EES without delay and, where applicable, from the list of identified persons referred to in Article 11. Otherwise the Member State shall contact the authorities of the Member State responsible within a time limit of 14seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of its processing within a time limit of one month14 days. This may also be done at the request of the person concerned in accordance with Article 46.
Amendment 591 #
2016/0106(COD)
Proposal for a regulation
Article 32 – paragraph 5
Article 32 – paragraph 5
5. The data of identified persons referred to in Article 11 shall be deleted without delay from the list referred to in that Article and shall be corrected in the EES where the third country national provides evidenceexplains, in accordance with the national law of the Member State responsible or of the Member State to which the request has been made, thate reasons for which he or she was forced to exceed the authorised duration of stay due to unforeseeable and serious events, that he or she has acquired a legal right to stay, or in case of errorsthat he or she left the Union in time but at a location where there was no border-crossing point for recording the exit. In case of errors the data shall be corrected in the EES without requiring an explanation from the third country national. The third country national shall have access to an effective judicial remedy to ensure the data is amended.
Amendment 598 #
2016/0106(COD)
Proposal for a regulation
Article 33 – paragraph 1 – point a
Article 33 – paragraph 1 – point a
(a) the specifications for the resolution and use of fingerprints for biometric verification and identification in the EES;
Amendment 602 #
2016/0106(COD)
Proposal for a regulation
Article 33 – paragraph 1 – point b
Article 33 – paragraph 1 – point b
(b) entering the data in accordance with Articles 14, 15, 16, 17 and 18;
Amendment 604 #
2016/0106(COD)
Proposal for a regulation
Article 33 – paragraph 1 – point c
Article 33 – paragraph 1 – point c
(c) accessing the data in accordance with Articles 21 to 3025;
Amendment 613 #
2016/0106(COD)
Proposal for a regulation
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
(b) the organisation, management, operation and maintenance of its existing national border infrastructure and of its connection to the EES for the purpose of Article 5 excepted points (j), (k) and (lwith the exception of point (k);
Amendment 614 #
2016/0106(COD)
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
Amendment 615 #
2016/0106(COD)
Proposal for a regulation
Article 35 – paragraph 2
Article 35 – paragraph 2
Amendment 618 #
2016/0106(COD)
Proposal for a regulation
Article 35 – paragraph 4 a (new)
Article 35 – paragraph 4 a (new)
4a. Member States shall not process the EES data for purposes other than those laid down in this Regulation.
Amendment 627 #
2016/0106(COD)
Proposal for a regulation
Article 38 – paragraph 2
Article 38 – paragraph 2
Amendment 633 #
2016/0106(COD)
Proposal for a regulation
Article 38 – paragraph 3
Article 38 – paragraph 3
Amendment 637 #
2016/0106(COD)
Proposal for a regulation
Article 38 – paragraph 4
Article 38 – paragraph 4
Amendment 639 #
2016/0106(COD)
Proposal for a regulation
Article 39 – paragraph 2 – point g
Article 39 – paragraph 2 – point g
(g) ensure that all authorities with a right of access to the EES create profiles describing the functions and responsibilities of persons who are authorised to enter, amend, delete, consult and search the data and make their profiles available to the national supervisory authorities referred to in Article 49 and to the national supervisory authorities referred to in Article 52(2) without delay at their request;
Amendment 643 #
2016/0106(COD)
Proposal for a regulation
Article 44 – paragraph 1 – point a
Article 44 – paragraph 1 – point a
Amendment 647 #
2016/0106(COD)
Proposal for a regulation
Article 44 – paragraph 1 – point b
Article 44 – paragraph 1 – point b
Amendment 651 #
2016/0106(COD)
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Without prejudice to Article 12 of Directive 95/46/EC any third country national shall have the right to obtain the data relating to him or her recorded in the EES and of the Member State which transmitted it to the EES and may request that data relating to him or her which are inaccurate be corrected and that data recorded unlawfully be erased. The Member State responsible shall reply to such requests within 14 days of receipt of the request.
Amendment 655 #
2016/0106(COD)
Proposal for a regulation
Article 46 – paragraph 2
Article 46 – paragraph 2
2. If a request for correction or deletion is made to a Member State other than the Member State responsible, the authorities of the Member State to which the request has been made shall check the accuracy of the data and the lawfulness of the data processing in the EES within a time limit of one month14 days if that check can be done without consulting the Member State responsible. Otherwise the Member State other than the Member State responsible shall contact the authorities of the Member State responsible within a time limit of 14seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within a time limit of one month14 days.
Amendment 664 #
2016/0106(COD)
Proposal for a regulation
Article 46 – paragraph 6
Article 46 – paragraph 6
6. Any request made pursuant to paragraphs 1 and 2 shall contain the necessary information to identify the person concerned, including fingerprints. That information shall be used exclusively to enable t the exercise of the rights referred to in paragraphs 1 and 2 and shall be erased immediately afterwards.
Amendment 675 #
2016/0106(COD)
Proposal for a regulation
Article 52
Article 52
Amendment 677 #
2016/0106(COD)
Proposal for a regulation
Article 53 – paragraph 1
Article 53 – paragraph 1
1. Each Member State and Europol shall ensure that all data processing operations resulting from requests to access to EES data for the purposes laid down in Article 1(2) are logged or documented for the purposes of checking the admissibility of the request, monitoring the lawfulness of the data processing and data integrity and security, and self-monitoring.
Amendment 678 #
2016/0106(COD)
Proposal for a regulation
Article 53 – paragraph 2 – point a
Article 53 – paragraph 2 – point a
(a) the exact purpose of the request for access to EES data, including the terrorist offence or other serious criminal offence concerned and, for Europol, the exact purpose of the request for access;
Amendment 679 #
2016/0106(COD)
Proposal for a regulation
Article 53 – paragraph 2 – point b
Article 53 – paragraph 2 – point b
Amendment 680 #
2016/0106(COD)
Proposal for a regulation
Article 53 – paragraph 2 – point f
Article 53 – paragraph 2 – point f
Amendment 681 #
2016/0106(COD)
Proposal for a regulation
Article 53 – paragraph 2 – point h
Article 53 – paragraph 2 – point h
(h) in accordance with national rules or with Decision 2009/371/JHA, the identifying mark of the official who carried out the search and of the official who ordered the search or supply.
Amendment 683 #
2016/0106(COD)
Proposal for a regulation
Article 55 – paragraph 4
Article 55 – paragraph 4
Regulation (EU) No 767/2008
Article 17 a – paragraph 3 – point e
Article 17 a – paragraph 3 – point e
Amendment 684 #
2016/0106(COD)
Proposal for a regulation
Article 55 – paragraph 5
Article 55 – paragraph 5
Regulation (EU) No 767/2008
Article 18 – paragraph 6
Article 18 – paragraph 6
Amendment 685 #
2016/0106(COD)
Proposal for a regulation
Article 55 – paragraph 7
Article 55 – paragraph 7
Regulation (EU) No 767/2008
Article 19 a – paragraph 5
Article 19 a – paragraph 5
Amendment 686 #
2016/0106(COD)
Proposal for a regulation
Article 56 – paragraph 8 – point b
Article 56 – paragraph 8 – point b
Regulation (EU) No 1077/2011
Article 19 – paragraph 3
Article 19 – paragraph 3
Amendment 694 #
2016/0106(COD)
Proposal for a regulation
Article 57 – paragraph 1 – point h
Article 57 – paragraph 1 – point h
Amendment 695 #
2016/0106(COD)
Proposal for a regulation
Article 57 – paragraph 1 – point i
Article 57 – paragraph 1 – point i
Amendment 698 #
2016/0106(COD)
Proposal for a regulation
Article 57 – paragraph 2 – subparagraph 1
Article 57 – paragraph 2 – subparagraph 1
For the purpose of paragraph 1, eu-LISA shall establish, implement and host a central repository in its technical sites containing the data referred to in paragraph 1 which would not allow for the identification of individuals and would allow the authorities listed in paragraph 1 to obtain customisable reports and statistics on the entries and exits, refusals of entry and overstay of third country nationals to improve the assessment of the risk of overstay, to enhance the efficiency of border checks, to help consulates processing the visa applications and to support evidence-based Union migration policymaking. The repository shall also contain daily statistics on the data referred to in paragraph 4. Access to the central repository shall be granted by means of secured access through S-TESTA with control of access and specific user profiles solely for the purpose of reporting and statistics.
Amendment 701 #
2016/0106(COD)
Proposal for a regulation
Article 57 – paragraph 4
Article 57 – paragraph 4
4. Every quarter, eu-LISA shall publish statistics on the EES showing in particular the number, nationality and border crossing point of entry of overstayers, of third country nationals who were refused entry, including the grounds for refusal, and of third country nationals whose stays were revoked or extended as well as the number of third country nationals exempt from the requirement to give fingerprints and of third country nationals whose stays were revoked or extended.
Amendment 705 #
2016/0106(COD)
Proposal for a regulation
Article 58 – paragraph 4
Article 58 – paragraph 4
4. Each Member State and Europol shall set up and maintain at their expense the technical infrastructure necessary to implement Article 5(2) and shall be responsible for bearing the costs resulting from access to the EES for that purpose.
Amendment 706 #
2016/0106(COD)
Proposal for a regulation
Article 59 – paragraph 4
Article 59 – paragraph 4
Amendment 717 #
2016/0106(COD)
Proposal for a regulation
Article 64 – paragraph 6
Article 64 – paragraph 6
6. The Member States and Europol shall provide eu-LISA and the Commission with the information necessary to draft the reports referred to in paragraphs 4 and 5 according to the quantitative indicators predefined by the Commission and/or eu- LISA . This information shall not jeopardise working methods or include information that reveals sources, staff members or investigations of the designated authorities.
Amendment 718 #
2016/0106(COD)
Amendment 20 #
2016/0105(COD)
Draft legislative resolution
Paragraph 1
Paragraph 1
1. Adopts its position at first reading hereinafter set outRejects the Commission proposal;
Amendment 22 #
2016/0105(COD)
Draft legislative resolution
Paragraph 2
Paragraph 2
2. Calls on the Commission to refer the matter to Parliament again if it intends to amend its proposal substantially or replace it with another textwithdraw its proposal;
Amendment 24 #
2016/0105(COD)
Proposal for a regulation
Recital 2
Recital 2
(2) [Regulation (EU) N° XXX of the European Parliament and of the Council establishing the Entry/Exit System ('EES') to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes]9 aims at creating a centralised system for the registration of entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the Union for a short stay [or for a stay on the basis of a touring visa]. _________________ 9 OJ L …
Amendment 39 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 1
Article 1 – paragraph 1 – point 1
Regulation (EU) 2016/399
Article 2 – point 22
Article 2 – point 22
22. 'Entry/Exit System (EES)' means the system established by [Regulation No° XXX of the European Parliament and of the Council establishing the Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes;
Amendment 60 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point b – point i
Article 1 – paragraph 1 – point 3 – point b – point i
Regulation (EU) 2016/399
Article 8 – paragraph 3 – point a – point iii
Article 8 – paragraph 3 – point a – point iii
(iii) for persons whose entry or whose refusal of entry is subject to a registration in the EES pursuant to Article 6a of this Regulation, a verification of the identity of the person and, where applicable, an identification shall be carried out in accordance with Article 21(4) of [Regulation establishing the Entry/Exit System (EES)].
Amendment 62 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point b – point ii
Article 1 – paragraph 1 – point 3 – point b – point ii
(iii a) for persons whose entry or whose refusal of entry is subject to a registration in the EES pursuant to Article 6a of this Regulation, verification that the third country national has not already reached or exceeded the maximum duration of authorised stay in the territory of the Member States and, for third country nationals holding a single or double entry visa, verification that they have respected the number of the maximum authorised entries, by consulting the EES in accordance with Article 21 of [Regulation establishing the Entry/Exit System (EES) ].
Amendment 79 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 6
Article 1 – paragraph 1 – point 6
Regulation (EU) 2016/399
Article 8c
Article 8c
Amendment 96 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 9 – point b
Article 1 – paragraph 1 – point 9 – point b
Regulation (EU) 2016/399
Article 9 – paragraph 3a – point i
Article 9 – paragraph 3a – point i
(i) by way of derogation from Article 6a of this Regulation, the data referred to in Articles 14, 15, 16, 17 and 18 of [Regulation establishing the Entry/Exit System (EES)] shall be temporally stored in the National Uniform Interface as defined in Article 6 of [Regulation establishing the Entry/Exit System (EES)]. If this is not possible, the data shall be temporarily stored locally. In both situations, the data shall be entered into the Central System of the EES as soon as the technical impossibility or failure has been remedied. Member States shall take the appropriate measures and deploy the required infrastructure, equipment and resources in order to ensure that such temporary local storage can be carried out at any time and for any of their border crossing points;
Amendment 98 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 11 – introductory part
Article 1 – paragraph 1 – point 11 – introductory part
(11) Article 11 is replaced by the following:deleted.
Amendment 100 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation (EU) 2016/399
Article 12 – paragraph 2
Article 12 – paragraph 2
2. This presumption shall not apply to a third -country national who can provideis able to explain, by any means, and in a credible evidenceway, that the person enjoys the right of free movement under Union law or that the person holds a residence permit or a long stay visa. Where applicable, Article 32 of [Regulation establishing the Entry/Exit System (EES)] shall be applied.
Amendment 101 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation (EU) 2016/399
Article 12 – paragraph 3
Article 12 – paragraph 3
The presumption referred to in paragraph 1 may be rebutted where the person provides, by any means, credible explanation or evidence, such as transport tickets or proof of his or her presence outside the territory of the Member State or of the date of expiry of a previous residence permit or long stay visa, that he or she has respected the conditions relating to the duration of a short stay.
Amendment 102 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 14
Article 1 – paragraph 1 – point 14
Regulation (EU) 2016/399
Article 14
Article 14
Amendment 104 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 15
Article 1 – paragraph 1 – point 15
Regulation (EU) 2016/399
Annex III, IV and V
Annex III, IV and V
(15) Annexes III, IV and V are is amended in accordance with the Annex to this Regulation
Amendment 105 #
2016/0105(COD)
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation (EU) 2016/399
Annexes IV and VIII
Annexes IV and VIII
(16) Annexes IV and VIII isare deleted.
Amendment 106 #
2016/0105(COD)
Proposal for a regulation
Annex I – paragraph 1 – point 2
Annex I – paragraph 1 – point 2
Regulation (EU) 2016/399
Annex IV
Annex IV
Amendment 107 #
2016/0105(COD)
Proposal for a regulation
Annex I – paragraph 1 – point 3
Annex I – paragraph 1 – point 3
Regulation (EU) 2016/399
Annex V – part A
Annex V – part A
Amendment 36 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Council Framework Decision 2009/315/JHA
Article 4 a – paragraph 1
Article 4 a – paragraph 1
1. The Member State where a conviction is handed down against a third country national shall always store the following information, unless, in exceptional individual cases, this is not possible (obligatory information): (a) information on the convicted person (full name, date of birth, place of birth (town and country), gender, nationality and – if applicable – previous name(s); (b) information on the nature of the conviction (date of conviction, name of the court, date on which the decision became final); (c) information on the offence giving rise to the conviction (date of the offence underlying the conviction and name or legal classification of the offence as well as reference to the applicable legal provisions); (d) information on the contents of the conviction (notably the sentence as well as any supplementary penalties, security measures and subsequent decisions modifying the enforcement of the sentence); (e1b. The Member State where a conviction is handed down against a third country national may store the following information, if available (optional information): (a) the convicted person's parents' names; (fb) the reference number of the conviction; (gc) the place of the offence; (hd) if applicable, disqualifications arising from the conviction; (ie) the convicted person's identity number, or the type and number of the person's identification document; (jf) fingerprints of the person only when the national law of a Member State where a conviction is handed down allows for collection and storage of fingerprints of a convicted person; (kg) if applicable, pseudonym and/or alias name(s).
Amendment 41 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Council Framework Decision 2009/315/JHA
Article 4 a – paragraph 2
Article 4 a – paragraph 2
2. The central authority shall create an index-filter containing anpseudonymised information of the types referred to in points (a), (e), (i), (j) and (k) of paragraph 1 concerning third country nationals convicted in its Member State. The central authority shall transmit this index-filter, and any updates to it, to all Member States.
Amendment 45 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Council Framework Decision 2009/315/JHA
Article 4 a – paragraph 4
Article 4 a – paragraph 4
4. Paragraph 2 and paragraph 3 shall not apply with respect to the index-filter also regarding third country nationals who hold the nationality of a Member State. Any third country national also holding the nationality of a Member State shall be treated as a national of that Member State in accordance with Article 4, to the extent that the information referred to in points (a), (e), (i), (j) and (k) of paragraph 1 is stored by the central authority in respect of nationals of Member States. Member States shall ensure that any third country national who subsequently obtains the nationality of a Member State is treated as a national of that Member State as soon as he obtains that nationality and that information referred to in paragraph 1 is corrected in line with paragraph 3.
Amendment 48 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Council Framework Decision 2009/315/JHA
Article 4 a – paragraph 5 a (new)
Article 4 a – paragraph 5 a (new)
5a. This Article shall not apply to convictions relating to irregular entry and stay of a person in the territory of any Member State for purposes other than criminal proceedings.
Amendment 50 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 5
Article 1 – paragraph 1 – point 5
Council Framework Decision 2009/315/JHA
Article 4 b – paragraph 2
Article 4 b – paragraph 2
2. This Article applies alsoshall not apply regarding a third country national who holds the nationality of a Member State. Any third country national also holding the nationality of a Member State shall be treated as a national of that Member State in accordance with Article 4.
Amendment 52 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 6 – point b
Article 1 – paragraph 1 – point 6 – point b
Council Framework Decision 2009/315/JHA
Article 6 – paragraph 3 – subparagraph 3 (new)
Article 6 – paragraph 3 – subparagraph 3 (new)
Where applicable, if a search on the index-filters returns no hits, the third country national asking for information on his own criminal record shall receive a statement certifying that the search on the index-filters returned no hits.
Amendment 62 #
2016/0002(COD)
Proposal for a directive
Article 1 – paragraph 1 – point 13
Article 1 – paragraph 1 – point 13
Council Framework Decision 2009/315/JHA
Article 13 a – paragraph 3 a (new)
Article 13 a – paragraph 3 a (new)
3a. Every two years, the Commission shall publish an assessment of the compliance with and impact on fundamental rights of this Framework Decision. Such assessment shall evaluate the effects of ECRIS on the fundamental rights of third-country nationals in comparison with its effects on the fundamental rights of Union citizens. This assessment shall be published for the first time on [24 months after implementation] and be transmitted to the Council and the European Parliament.
Amendment 28 #
2015/2161(DEC)
Motion for a resolution
Paragraph 15 a (new)
Paragraph 15 a (new)
15a. Takes note of the Ombudsman´s calculations with regard to potential savings of EUR 195 000 should there be only one seat of the institution; takes into account that the seat of the Ombudsman is tied with the seat of the Parliament and therefore deems it necessary that the Ombudsman is included in any debate on centralisation of the Parliament´s seat; stresses that such centralization should be actively promoted;
Amendment 23 #
2015/2155(DEC)
Motion for a resolution
Paragraph 17 a (new)
Paragraph 17 a (new)
17a. Stresses that the Court of Auditors report adopted on 11.07.2014 states that the potential saving for the EU budget would be about 114 million EUR per year if the European Parliament centralised its activities; reiterates the call on Parliament and the Council to address, in order to create long term savings, the need for a roadmap to a single seat, as stated by Parliament in several previous resolutions;
Amendment 13 #
2015/2147(INI)
Draft opinion
Paragraph 2
Paragraph 2
2. Calls for measures to tackle illegal content on the internet that will be in compliance with the fundamental right to freedom of expression and information and with the principle of due process; considers that, in order to achieve that goal, it is necessary to provide appropriate law enforcement tools, to support public- private partnerships and cooperation, to consider the role of intermediaries, and to promote education and awareness-raising campaigns;
Amendment 40 #
2015/2147(INI)
Draft opinion
Paragraph 3
Paragraph 3
3. Highlights the fact that the fast-growing number of attacks on networks and acts of cybercrimerime in an online environment calls for a harmonised EU response with a view to ensuring a high level of cybersecurity; believes that providing security on the internet means protecting networks and critical infrastructure, the ability of law enforcement agencies to fight criminality, including terrorism, radicalisation and child pornography, and the use of the necessary data to fight crime online and offline; stresses that security, thus defined, is necessary to reinforce trust in digital services and the processing of personal datainformation security;
Amendment 48 #
2015/2147(INI)
Draft opinion
Paragraph 3 a (new)
Paragraph 3 a (new)
3 a. Believes that providing security on the internet means protecting networks, information, and critical infrastructure, the ability of law enforcement agencies to fight criminality, and limiting the use of data to what is strictly necessary to fight crime online and offline; stresses that security, thus defined, is necessary to reinforce trust in digital services and the processing of personal data;
Amendment 53 #
2015/2147(INI)
Draft opinion
Paragraph 3 b (new)
Paragraph 3 b (new)
3 b. Stresses that commercial software and hardware producers shall be held responsible despite non liability clauses in users' agreement in case of gross negligence regarding safety and security;
Amendment 55 #
2015/2147(INI)
Draft opinion
Paragraph 3 c (new)
Paragraph 3 c (new)
3 c. Warns for the obvious downward spiral for the fundamental right to privacy and personal data protection when every bit of information on human behaviour is considered to be potentially useful in combatting future criminal acts, necessarily resulting in a mass surveillance culture where every citizen is treated as a potential suspect and leading to corrosion of societal coherence and trust;
Amendment 57 #
2015/2147(INI)
Draft opinion
Paragraph 3 d (new)
Paragraph 3 d (new)
3 d. Calls on the Member States and the Commission to actively contribute to reach an ambitious agreement for the final adoption of the Directive on the Network Information Security with a view to adopt a new consistent regulatory framework to secure strategic and operational cyber security both at EU and national levels while ensuring data protection for businesses, public administration and citizens;
Amendment 63 #
2015/2147(INI)
Draft opinion
Paragraph 4
Paragraph 4
4. Considers that big data, cloud services, the Internet of Things, research and innovation are key to economic development; believes that data protection safeguards and security are crucial for building trust in the data-driven economy sector; stresses the need to raise awarenesscalls for R&D to include research ofn the role of data and data- sharing consequences of using big data in certain ways, including the economrisk of drawing wrong conclusions based on merely rand to clarify data ownership rules; underlines the role of personom correlations, and also to address the ethical and moral questions, such as statistics-based "normaliszation" of scervices and products that should be developed as a balanced solutain behaviours and the impact on individual freedoms; calls on the Commission to review the EU's regulatory framework on consumer protection, in compliance with data protection requirements; calls for the promotion of privacy by default and by design; underlines the importance of a risk-based approach in data protection legislation, especially for SMEsparticular the Unfair Commercial Practices Directive, in light of the risks of fraudulent or discriminatory behaviour linked to the use of big data, in particular regarding the personalised tracking, targeting and pricing;
Amendment 75 #
2015/2147(INI)
Draft opinion
Paragraph 4 a (new)
Paragraph 4 a (new)
4 a. Stresses the need to raise awareness of the role of data and data-sharing in the economy and urges the Commission to clarify data ownership rules; emphasises that ownership rules do not apply to personal data; underlines the role of personalisation of services and products that should be developed as a balanced solution in compliance with data protection requirements leaving the sovereignty of decision making on personal data to the concerned individual, the execution of a contract or the provision of a service shall not be made conditional on the consent to the processing of data that is not necessary for the execution of the contract or the provision of the service;
Amendment 81 #
2015/2147(INI)
Draft opinion
Subheading 4.1 a (new)
Subheading 4.1 a (new)
4.1 a. Calls for the promotion of privacy and data protection by default and by design; underlines the importance of a risk-based approach in data protection legislation taking into account the nature scope, context and purpose of the processing, including small and micro enterprises;
Amendment 83 #
2015/2147(INI)
Draft opinion
Subheading 4.1 b (new)
Subheading 4.1 b (new)
4.1 b. Stresses that personal data needs special protection, as enshrined in Article 8 of the Charter of Fundamental Rights, and that the digital single market can and should to a huge extent be based on anonymous or anonymized data;
Amendment 106 #
2015/2147(INI)
Draft opinion
Paragraph 7 a (new)
Paragraph 7 a (new)
7 a. Welcomes in its ruling of 6 October 2015 the Court of Justice declaring invalid the Commission Adequacy Decision 2000/520 on the US Safe Harbour which has confirmed the long standing position of the Parliament regarding the lack of adequate level of protection of this instrument; calls on the Commission, taking into account any indiscriminate mass surveillance activities, to immediately take the necessary measures to ensure that all personal data transferred to the US is subject to an effective level of protection essentially equivalent to that guaranteed within the European Union.
Amendment 17 #
2015/2103(INL)
Draft opinion
Recital B a (new)
Recital B a (new)
Ba. whereas developments in the field of medical applications, such as robotic prostheses and implants, make persons carrying them vitally reliant on the availability of maintenance, repairs, and enhancements;
Amendment 24 #
2015/2103(INL)
Draft opinion
Paragraph 1
Paragraph 1
1. Stresses that an EU-level approach is needed to avoid fragmentation in the internal market, and at the same time underlines the importance of the mutual recognition principle in the cross-border use of robots and robotic systems; recalls that testing, certification and market approval is only necessary in a single Member State; stresses that this should be supplemented by effective market surveillance which includes access to software where necessary, and that market surveillance authorities need to be equipped with strict legal remedies and powers to recall and sanction infractions;
Amendment 25 #
2015/2103(INL)
Draft opinion
Paragraph 2 a (new)
Paragraph 2 a (new)
Amendment 39 #
2015/2103(INL)
Draft opinion
Paragraph 4
Paragraph 4
4. Calls on the Commission to ensure that any Union legislation on robotics and artificial intelligence will include rules on privacy and data protection, the requirement to follow principles of privacy by design and by default as well as principles of proportionality and necessity regarding the processing of data; as well as the principles of data minimisation and purpose limitation, calls for the review of rules, principles and criteria regarding the use of cameras and sensors in robots and artificial intelligence in accordance with the Union legal framework for data protection;
Amendment 43 #
2015/2103(INL)
Draft opinion
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Stresses that in the continental European understanding of authors' rights, intellectual creation is tied to the personality of the author; therefore, artificial agents such as computers or robots cannot be perceived to be authors, and information produced by them cannot be eligible for copyright protection;
Amendment 48 #
2015/2103(INL)
Draft opinion
Paragraph 3 b (new)
Paragraph 3 b (new)
3b. Points out that for the field of vital medical applications such as robotic prostheses, continuous, sustainable access to maintenance, enhancement, and in particular software updates that fix malfunctions and vulnerabilities needs to be ensured; to this end, a person carrying such a device is to be considered the full owner of the device and all its components, including software source code; considers this necessary to retain the means to support these vital devices, for example if support is no longer carried out by a supplier; therefore, additionally suggests the creation of independent trusted entities that retain the technology necessary to provide persons carrying these devices with such care, including the means to assemble and install software updates on the device; supports creating an obligation for manufacturers to provide these independent trusted entities with comprehensive design instructions as well as source code to this end, similar to the legal deposit of publications in a national library;
Amendment 55 #
2015/2103(INL)
Draft opinion
Paragraph 5 a (new)
Paragraph 5 a (new)
5a. Commercial software and hardware producers shall be held responsible despite non liability clauses in users' agreements in case of gross negligence regarding safety and security.
Amendment 60 #
2015/2103(INL)
Draft opinion
Paragraph 6 a (new)
Paragraph 6 a (new)
6a. Reiterates its call on the EU Council to develop an EU common position on the use of armed drones, giving the utmost importance to respect for human rights and international humanitarian law and addressing issues such as the legal framework, proportionality, accountability, the protection of civilians and transparency; urges the EU once again to ban the production, development, and use of fully autonomous weapons which enable strikes to be carried out without human intervention; insists that human rights should be part of all;
Amendment 66 #
2015/2103(INL)
Draft opinion
Paragraph 6 b (new)
Paragraph 6 b (new)
6b. Underlines the need to promote a policy response at global level on the use of armed drones, aimed at keeping their use strictly within the limits of international human rights and humanitarian law; to promote a ban on the development, production and use of fully autonomous weapons which enable strikes to be carried out without human intervention; to make sure that human rights are part of all dialogues with third countries on counter-terrorism;
Amendment 78 #
2015/2103(INL)
Draft opinion
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Special attention should be paid to care robots that pose a significant privacy threat as they are expected to provide new points of access to traditionally protected spaces through the extraction and transmission of sensitive personal data information;
Amendment 81 #
2015/2103(INL)
Draft opinion
Paragraph 7 b (new)
Paragraph 7 b (new)
7b. The dual character of technology's impact on human capabilities has to be always considered in ethical and regulatory terms;
Amendment 83 #
2015/2103(INL)
Draft opinion
Paragraph 7 c (new)
Paragraph 7 c (new)
7c. Underlying algorithms and their parameters should be made explicit as a mandatory requirement;
Amendment 85 #
2015/2103(INL)
Draft opinion
Paragraph 7 d (new)
Paragraph 7 d (new)
7d. Special training on the ethical aspects in the design of algorithms should be followed by designers of robots and artificial intelligence;
Amendment 86 #
2015/2103(INL)
Draft opinion
Paragraph 7 e (new)
Paragraph 7 e (new)
7e. Designers of robotics and artificial intelligence have a responsibility to develop and follow procedures for valid consent, confidentiality, anonymity, fair treatment and due process;
Amendment 38 #
2015/0287(COD)
Proposal for a directive
Recital 13
Recital 13
(13) In the digital economy, information about individuals is often and increasingly seen by market participants as having a value comparable to money. Digital content is often supplied not in exchange for a price but against counter-performance other than money i.e. by giving access to personal data or other data or by the supplier collecting and processing such data. Those specific business models apply in different forms in a considerable part of the market. I, often without the knowledge or consent of the consumer, and in breach of the relevant provisions of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council. This Directive should only cover such counter-performance in the form of personal data that is in line with Regulation (EU) 2016/679, in particular with regard to Article 7(4). In those limited cases, introducing a differentiation depending on the nature of the counter- performance would discriminate between different business models; it would provide an unjustified incentive for businesses to move towards offering digital content against data. A level playing field should be ensured. In addition, defects of the performance features of the digital content supplied against counter-performance other than money may have an impact on the economic interests of consumers. Therefore the applicability of the rules of this Directive should not depend on whether a price is paid for the specific digital content in question.
Amendment 43 #
2015/0287(COD)
Proposal for a directive
Recital 14
Recital 14
(14) As regards digital content supplied not in exchange for a price but against counter-performance other than money, this Directive should also apply only to contracts where the supplier requests and the consumer actively provides data, such as name and e-mail address or photos, directly or indirectly to the supplier for example through individual registration or on the basis of a contract which allows access to consumers' photos, or where the consumer consents to the processing of data by the supplier. Such consent should be understood as defined in Regulation (EU) 2016/679. This Directive should not apply to situations where the supplier collects data necessary for the digital content to function in conformity with the contract, for example geographical location where necessary for a mobile application to function properly, or for the sole purpose of meeting legal requirements, for instance where the registration of the consumer is required for security and identification purposes by applicable laws. This Directive should also not apply to situations where the supplier collects information, including personal data, such as the IP address, or other automatically generated information such as information collected and transmitted by a cookie, without the consumer actively supplying it, even if the consumer accepts the cookie. It should also not apply to situations where the consumer is exposed to advertisements exclusively in order to gain access to digital content.
Amendment 49 #
2015/0287(COD)
Proposal for a directive
Recital 17
Recital 17
Amendment 51 #
2015/0287(COD)
Proposal for a directive
Recital 18
Recital 18
(18) Contracts may include general terms and conditions of the supplier that need to be accepted by the consumer. For some digital content, suppliers often describe the service and measurable service targets in a service level agreement. These service level agreements are generally appended to the main contract and form an important component of the contractual relationship between the supplier and the consumer. They should be covered by the definition of a contract under this Directive, and should thus comply with the rules laid down therein. In cases where consent to the processing of personal data is given as a counter-performance other than money, the contract should contain the information about the processing pursuant to Regulation (EU) 2016/679, but clearly distinguishable from other elements of the contract. In addition, easily understandable icons should illustrate the main elements of the processing of personal data.
Amendment 53 #
2015/0287(COD)
Proposal for a directive
Recital 22
Recital 22
(22) The protection of individuals with regard to the processing of personal data is governed by Directive 95/46/ECRegulation (EU) 2016/679 of the European Parliament and of the Council31 and by Directive 2002/58/EC of the European Parliament and of the Council32 which are fully applicable in the context of contracts for the supply of digital content. Those Directives already establish a legal framework in the field of personal data in the Union. The implementation and application of this Directive should be made in full compliance with that legal framework. _________________ 31 OJ L 281, 23/11/1995119, 04/05/2016, p. 31 - 50)85 32 OJ L 201, 31.7.2002, p. 37–47. [to be replaced by the General Data Protectionupcoming e-Privacy Regulation, once adopted]. 32 OJ L 201, 31.7.2002, p. 37–47.
Amendment 57 #
2015/0287(COD)
Proposal for a directive
Recital 25
Recital 25
(25) In cases where the contract does not stipulate sufficiently clear and comprehensive benchmarks to ascertain the conformity of the digital content with the contract, and therefore it cannot be assumed that consumers could sufficiently comprehend and assess those benchmarks, it is necessary to set objective conformity criteria to ensure that consumers are not deprived of their rights. In such cases the conformity with the contract should be assessed considering the purpose for which digital content of the same description would normally be used.
Amendment 73 #
2015/0287(COD)
Proposal for a directive
Recital 37
Recital 37
(37) As a second step, the consumer should be entitled to have the price reduced or the contract terminated. The right of a consumer to have the contract terminated should be limited to those cases where for instance bringing the digital content to conformity is not possible and the non- conformity impairs the main performance features of the digital content. Where the consumer terminates the contract, the supplier should reimburse the price paid by the consumer or, where the digital content is supplied not in exchange for a price but against access to data provided by the consumer, the supplier should refrain from using it, from transferring that data to third parties or allowing third parties to access it after termination of the contract. Fulfilling the obligation to refrain from using data should mean in the case when the counter- performance consists of personal data, that the supplier should take all measures in order to comply with data protection rules by deleting it or rendering it anonymous in such a way that the consumer cannot be identified by any means likely reasonably to be used either by the supplier or by any other person. Without prejudice to obligations of a controller under Directive 95/46/ECRegulation (EU) 2016/679 the supplier should not be obliged to undertake any further steps in relation to data which the supplier has lawfully provided to third parties in the course of the duration of the contract for the supply of the digital content.
Amendment 97 #
2015/0287(COD)
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. This Directive shall apply to any contract where the supplier supplies digital content to the consumer or undertakes to do so and, in exchange, a price is to be paid or the consumer actively provides countfreely choses to give consent to the processing of his or her- perfsonal data orm ancey other than money in the form of personal data or any other datadata by the supplier, instead of paying a price, insofar this is possible in line with Regulation (EU) 2016(679), in particular with regard to Article 7(4) thereof.
Amendment 103 #
2015/0287(COD)
Proposal for a directive
Article 3 – paragraph 4
Article 3 – paragraph 4
4. This Directive shall not apply to digital content provided against counter- performance other than money to the extent the supplier requests the consumer to providethe extent the processing of personal data by the processing of which is strictlysupplier is necessary for the performance of the contract or for meeting legal requirements and the supplier does not further process them in a way incompatible with this purpose. It shall equally not apply to any other data the supplier requests the consumer to provide for the purpose of ensuring that the digital content is in conformity with the contract or of meeting legal requirements, and the supplier does not use that data for commercialother purposes.
Amendment 106 #
2015/0287(COD)
Proposal for a directive
Article 3 – paragraph 7
Article 3 – paragraph 7
7. If any provision of this Directive conflicts with a provision of another Union act governing a specific sector or subject matter, the provision of that other Union act shall take precedence over this Directive. .
Amendment 111 #
2015/0287(COD)
Proposal for a directive
Article 3 – paragraph 8
Article 3 – paragraph 8
8. This Directive is without prejudice to the protection of individuals with regard to the processing of personal data as laid out in Regulation (EU) 2016/679 of the European Parliament and the Council and in Directive 2002/58 of the European Parliament and the Council.
Amendment 112 #
2015/0287(COD)
Proposal for a directive
Article 3 – paragraph 9 a (new)
Article 3 – paragraph 9 a (new)
9 a. Where, in the context of supplying digital content within the scope of this Directive, the law of another Member State than the one of the consumer's permanent residence applies, the supplier shall inform the consumer accordingly before entering into the contract.
Amendment 115 #
2015/0287(COD)
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. The supplier shall supply the digital content immediately after the conclusion of the contract, unless the parties have agreed otherwise, and without prejudice to Article 16(m) of Directive 2011/83/EU of the European Parliament and the Council1a. The supply shall be deemed to take place when the digital content is supplied to the consumer or, where point (b) of paragraph 1 applies, to the third party chosen by the consumer, whichever is the earlier. _________________ 1a OJ L304, 22/11/2011, p. 64-88
Amendment 119 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. In order to conform with the contract, the digital content shall, where relevant:
Amendment 121 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) be fit for any particular purpose for which the consumer requires it and which the consumer made known to the supplier at the time of the conclusion of the contract and which the supplier accepted, or any particular purpose which the consumer could reasonably expect;
Amendment 123 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 1 – point d
Article 6 – paragraph 1 – point d
(d) be updated as stipulated by the contract or as necessary to guarantee the characteristics provided for in points (a) and (b), in particular continuity and security.
Amendment 129 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) where relevant, any existing international technical standards or, in the absence of such technical standards, applicable industry codes of conduct and good practices; and
Amendment 131 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 2 – point b a (new)
Article 6 – paragraph 2 – point b a (new)
(b a) any existing security best practices for information systems and digital environments;
Amendment 132 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Where the contract stipulates that the digital content shall be supplied over a period of time, the digital content shall be in conformity with the contract throughout the duration of that period, including, where necessary, security updates to be provided by the supplier.
Amendment 133 #
2015/0287(COD)
Proposal for a directive
Article 6 – paragraph 5 a (new)
Article 6 – paragraph 5 a (new)
5 a. The contract shall include all relevant elements enabling the conformity of the digital content to be assessed, as well as all relevant information regarding the processing of personal data, in particular as provided for in Articles 12 and 13 of Regulation (EU) 2016(679), to be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Information on the processing of personal data shall be accompanied by the standardised icons pursuant to Article 12(8) of Regulation (EU) 2016/679.
Amendment 135 #
2015/0287(COD)
Proposal for a directive
Article 9 – paragraph 3
Article 9 – paragraph 3
3. The consumer shall cooperate with the supplier to the extent possible and necessary to determine the consumer's digital environment. The obligation to cooperate shall be limited to the technically available means which are the least intrusive for the consumer. Where the consumer fails to cooperate, the burden of proof with respect to the non-conformity with the contract shall be on the consumer. The consumer shall not have to cooperate where the supplier requests access to private or personal information and communication.
Amendment 136 #
2015/0287(COD)
Proposal for a directive
Article 10 – paragraph 1 – point b
Article 10 – paragraph 1 – point b
(b) any lack of conformity which exists at the time the digital content is supplied; and
Amendment 137 #
2015/0287(COD)
Proposal for a directive
Article 10 – paragraph 1 – point b a (new)
Article 10 – paragraph 1 – point b a (new)
(b a) any lack of security which was known to the supplier or could reasonably have been known to it according to security best practices for information systems and digital environments; and
Amendment 139 #
2015/0287(COD)
Proposal for a directive
Article 12 – paragraph 2
Article 12 – paragraph 2
2. The supplier shall bring the digital content in conformity with the contract pursuant to paragraph 1 within a reasonable timeout undue delay from the time the supplier has been informed by the consumer about the lack of conformity with the contract and without any significant inconvenience to the consumer, taking account of the nature of digital content and the purpose for which the consumer required this digital content.
Amendment 140 #
2015/0287(COD)
Proposal for a directive
Article 12 – paragraph 5
Article 12 – paragraph 5
5. TWithout prejudice to other legal grounds for terminating the contract, the consumer may terminate the contract only if the lack of conformity with the contract impairs functionality, interoperability and other main performance features of the digital content such as its accessibility, continuity and security where required by Article 6 paragraphs (1) and (2). The burden of proof that the lack of conformity with the contract does not impair functionality, interoperability and other main performance features of the digital content shall be on the supplier.
Amendment 142 #
2015/0287(COD)
Proposal for a directive
Article 13 – paragraph 1 a (new)
Article 13 – paragraph 1 a (new)
1 a. Where Article 3(1a) applies, a withdrawal of the consent to the processing of personal data pursuant to Article 7(3) of Regulation (EU) 2016/679 shall imply a termination of the contract by the consumer.
Amendment 144 #
2015/0287(COD)
Proposal for a directive
Article 13 – paragraph 2 – point b
Article 13 – paragraph 2 – point b
(b) the supplier shall take all measures which could be expected in order to refrain from the use of the counter- performance other than money which the consumer has provided in exchange for the digital content and any other data collected by the supplier in relation to the supply of the digital content including any content provided by the consumer with the exception of the content which has been generated jointly by the consumer and others who continue to make use of the content, insofar as the supplier is able to determine which counter- performance and which data had been provided by the consumer. The supplier shall not process more personal data than necessary for the execution of the contract for the mere purpose of being able to link it to the consumer in case he or she terminates the contract. Where personal data of the consumer have been transferred or disclosed to third parties, the supplier shall inform those of the termination of the contract. The supplier shall inform the consumer about those third parties if the consumer requests it;
Amendment 148 #
2015/0287(COD)
Proposal for a directive
Article 13 – paragraph 2 – point c
Article 13 – paragraph 2 – point c
(c) the supplier shall provide the consumer with technical means to retrieve all content provided by the consumer and any other data produced or generated through the consumer's use of the digital content to the extent that data has been retained by the supplier. The consumer shall be entitled to retrieve the content free of charge, without significant inconvenience, in reasonable time and in a structured, commonly used data formatand machine-readable data format and to transmit those content to another supplier without hindrance from the supplier to which the personal data have been provided;
Amendment 155 #
2015/0287(COD)
Proposal for a directive
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The supplier shall be liable to the consumer for any economic damage to the digital environment of the consumer caused by a lack of conformity with the contract or a failure to supply the digital content. Damages shall put the consumer as nearly as possible into the position in which the consumer would have been if the digital content had been duly supplied and been in conformity with the contract.
Amendment 156 #
2015/0287(COD)
Proposal for a directive
Article 14 – paragraph 2
Article 14 – paragraph 2
2. The Member States shall lay down detailed rules for the exercise of the right to damages. When laying down those rules, Member States may provide for a reduced or increased degree of liability for damages based on objecitve criteria for assessing the efforts made by the supplier to avoid non-conformity of the digital content and the occurrence of the damage, such as security best practices or the state of the art of technology.
Amendment 158 #
2015/0287(COD)
Proposal for a directive
Article 15 – paragraph 1 – introductory part
Article 15 – paragraph 1 – introductory part
1. Where the contract provides that the digital content shall be supplied over the period of time stipulated in the contract, the supplier may alter functionality, interoperability and other main performance features of the digital content such as its accessibility, and continuity and security, to the extent those alternations adversely affect access to or use of the digital content by the consumer, only if:
Amendment 159 #
2015/0287(COD)
Proposal for a directive
Article 15 – paragraph 1 – point a a (new)
Article 15 – paragraph 1 – point a a (new)
(a a) it is necessary for the security of the content in line with best practices;
Amendment 160 #
2015/0287(COD)
Proposal for a directive
Article 15 – paragraph 1 – point b
Article 15 – paragraph 1 – point b
(b) the consumer is notified reasonably in advance of the modification by an explicit notice on a durable medium;
Amendment 162 #
2015/0287(COD)
Proposal for a directive
Article 15 – paragraph 1 – point d
Article 15 – paragraph 1 – point d
(d) upon termination of the contract in accordance with point (c), the consumer is provided with technical means to retrieve all content provided in accordance with Article 13(2)(c) or Article 16(4)(a).
Amendment 163 #
2015/0287(COD)
Proposal for a directive
Article 16 – paragraph 4 – point a
Article 16 – paragraph 4 – point a
(a) the supplier shall take all measures which could be expected in order to refrain from the use of other counter- performance than money which the consumer has provided in exchange for the digital content and any other data collected by the supplier in relation to the supply of the digital content including any content provided by the consumer, with the exception of the content which has been generated jointly by the consumer and others who continue to make use of the content. insofar as the supplier is able to determine which counter-performance and which data had been provided by the consumer. The supplier shall not process more personal data than necessary for the execution of the contract for the mere purpose of being able to link it to the consumer in case he or she terminates the contract;
Amendment 168 #
2015/0287(COD)
Proposal for a directive
Article 16 – paragraph 4 – point b
Article 16 – paragraph 4 – point b
(b) the supplier shall provide the consumer with technical means to retrieve all any content provided by the consumer and any other data produced or generated through the consumer's use of the digital content to the extent this data has been retained by the supplier. The consumer shall be entitled to retrieve the content and data without significant inconvenience, in reasonable time and in a structured, commonly used data formatand machine-readable data format and have the right to transmit those content and data to another supplier without hindrance from the supplier to which the content have been provided; and
Amendment 172 #
2015/0287(COD)
Proposal for a directive
Article 18 – paragraph 2 – point c a (new)
Article 18 – paragraph 2 – point c a (new)
(c a) organisations which are active in the field of the protection of data subjects' rights and freedoms with regard to the protection of their personal.
Amendment 74 #
2015/0281(COD)
Proposal for a directive
Recital 4 a (new)
Recital 4 a (new)
(4a) Member States should strengthen the professionalism of security forces, law enforcement agencies and justice institutions; and ensure effective oversight and accountability of such bodies, in conformity with international human rights law and the rule of law. This includes human rights training to security forces including on how to respect human rights within the context of measures taken to counter violent extremism and terrorism.
Amendment 95 #
2015/0281(COD)
Proposal for a directive
Recital 6 a (new)
Recital 6 a (new)
(6a) The provision of humanitarian assistance by impartial humanitarian organisations recognised by international humanitarian law such as the International Committee of the Red Cross (ICRC) should not be considered as contributing to the criminal activities of a terrorist group.
Amendment 98 #
2015/0281(COD)
Proposal for a directive
Recital 6 b (new)
Recital 6 b (new)
(6b) This Directive covers acts which are considered by all Member States as serious infringements of their criminal laws committed by individuals whose objectives constitute a threat to their democratic societies respecting the rule of law and the civilisation upon which these societies are founded. It has to be understood in this sense and cannot be construed so as to argue that the conduct of those who have acted in the interest of preserving or restoring these democratic values, as was notably the case in some Member States during the Second World War, could now be considered as "terrorist" acts. Nor can it be construed so as to incriminate on terrorist grounds persons exercising their fundamental right to manifest their opinions, even if in the course of the exercise of such right they commit offences, or persons or groups conducting attacks against the military and military infrastructure of dictatorial regimes. Similarly, incitement to attacks against the military infrastructure of dictatorial regimes, and glorification of such attacks, should not be covered by this Directive.
Amendment 100 #
2015/0281(COD)
Proposal for a directive
Recital 7
Recital 7
Amendment 110 #
2015/0281(COD)
Proposal for a directive
Recital 8
Recital 8
(8) Considering the seriousness of the threat and the need to in particular stem the flow of foreign terrorist fighters, it is necessary to criminalise the travelling abroad for terrorist purposes, being not only the commission of terrorist offences and providing or receiving training but also to participate in the activities of a terrorist group. Any act of facilitation of such travel should also be criminalised. The act of travelling should be criminalised under very specific conditions and only when the intention of doing so for a terrorist purpose is proven by inferring from objective, factual circumstances.
Amendment 114 #
2015/0281(COD)
Proposal for a directive
Recital 9
Recital 9
(9) Criminalisation of the receiving training for terrorism complements the existing offence of providing training and specifically addresses the threats resulting from those actively preparing for the commission of terrorist offences, including those ultimately acting alone. This criminalisation should only cover active participation in the training; the mere fact of visiting websites containing information or receiving communications should not be covered.
Amendment 119 #
2015/0281(COD)
Proposal for a directive
Recital 10
Recital 10
(10) TWithout prejudice to Directive 2015/849/EU of the European Parliament and of the Council1a, terrorist financing should be punishable in the Member States and cover not only the financing of terrorist acts, but also the financing of a terrorist groupterrorist organisations and individual terrorists even in the absence of a link to a specific terrorist act or acts, as well as other offences related to terrorist activities, such as the recruitment and training, or travel for terrorist purposes, with a view to disrupting the support structures facilitating the commission of terrorist offences. Aiding and abetting or attempting terrorist financing should also be punishable. Sanctions should be reviewed by an independent oversight body and any sanctions should be linked to a specific criminal offence, to avoid arbitrary decisions on the basis of national, religious, ethnical, or racial criteria. __________________ 1a Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
Amendment 125 #
2015/0281(COD)
Proposal for a directive
Recital 10 a (new)
Recital 10 a (new)
(10a) Financial investigations may be fundamental in uncovering the facilitation of terrorist offences and the networks and schemes of terrorist organisations. Such investigations may be very productive, particularly when tax and customs authorities, financial intelligence units (FIUs) and judicial authorities are involved at an early stage of the investigation. Member States should endeavour to ensure a more efficient and coordinated approach aiming at establishing specialised units at national level to deal with financial investigations into terrorism. Such a centralisation of expertise may have considerable added value and contribute substantially to securing successful prosecutions. In addition, cooperation between FIUs through the FIU.net platform should be strengthened.
Amendment 151 #
2015/0281(COD)
Proposal for a directive
Recital 15 a (new)
Recital 15 a (new)
(15a) The Internet plays an essential role in promoting values of peace, tolerance and solidarity as well as promoting and protecting Human Rights and Fundamental Freedoms within and outside the European Union.
Amendment 157 #
2015/0281(COD)
Proposal for a directive
Recital 15 b (new)
Recital 15 b (new)
(15b) In order to prevent and combat terrorism, a closer cross-border cooperation among the competent national and European authorities is needed with regard to expedient exchange of any relevant information from criminal records or other available sources on individuals who are suspects of a criminal offence or have been subject to criminal proceedings or asset freezing. This provision is without prejudice to the [Data Protection Directive (Directive (EU) 2016/... of the European Parliament and of the Council of ...on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA)].
Amendment 160 #
2015/0281(COD)
Proposal for a directive
Recital 15 c (new)
Recital 15 c (new)
(15c) Member States should cooperate among each other, notably through Eurojust, to ensure a coordinated approach for the development of necessary, proportionate and effective measures in dealing with the gathering, sharing, and admissibility of electronic evidence, in compliance with the [Data Protection Directive (Directive (EU) 2016/... of the European Parliament and of the Council of ...on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA)].
Amendment 177 #
2015/0281(COD)
Proposal for a directive
Recital 17 a (new)
Recital 17 a (new)
(17a) A comprehensive policy to prevent the radicalisation and recruitment of citizens of the Union by terrorist organisations can only be successfully put in place if accompanied by long-term proactive de-radicalisation processes in the judicial sphere. Strategies on social inclusion, education, employment and housing and policies tackling discrimination and exclusion to stop vulnerable individuals joining violent extremist organisations are crucial to countering terrorism. Member States should therefore share good practices on the setting-up of de-radicalisation structures and their judicial approach in this regard notably through Eurojust. They should share such good practices not only among each other but also with third countries which have already acquired experience and achieved positive results in this area.
Amendment 192 #
2015/0281(COD)
Proposal for a directive
Recital 19
Recital 19
(19) This Directive should respects the principles recognised, inter alia, by Articles 2 and 6 of the Treaty on the European Union, should respects fundamental rights and freedoms and should observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, including those set out in Chapters II, III, V and VI thereof which encompass inter alia the right to liberty and security, freedom of expression and information, freedom of assembly and association and freedom of thought conscience and religion, the general prohibition of discrimination in particular on grounds of race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, the right to respect for private and family life and the right to protection of personal data, the principle of legality and proportionality of criminal offences and penalties, covering also the requirement of precision, clarity and foreseeability in criminal law, the presumption of innocence, should respect the principles recognised in the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and in the International Covenant on Civil and Political Rights (ICCPR), as well as freedom of movement as set forth in Article 21(1) of the Treaty on the Functioning of the European Union and Directive 2004/38/EC. This Directive has to be implemennterpreted in accordance with these rights and principles.
Amendment 194 #
2015/0281(COD)
Proposal for a directive
Recital 19 a (new)
Recital 19 a (new)
(19a) Nothing in this Directive should be interpreted as being intended to reduce or restrict the dissemination of information for scientific, academic, journalistic or reporting purposes. The expression of radical, polemic or controversial views in the public debate on sensitive political questions falls outside the scope of this Directive and in particular of the definition of public provocation to commit terrorist offences.
Amendment 197 #
2015/0281(COD)
Proposal for a directive
Recital 20
Recital 20
(20) The implementation of the criminalisation under this Directive should be proportional to the nature and circumstances of the offenceach case, with respect to the legitimate aims pursued and to their necessity in a democratic society, and should exclude any form of arbitrariness or discrimination.
Amendment 210 #
2015/0281(COD)
Proposal for a directive
Article 2 – paragraph 1 – point d
Article 2 – paragraph 1 – point d
(d) "Structured group" shall mean a group that is not randomly formed for the immediate commission of an offence and that does not need to have formally defined roles for its members, or continuity of its membership or a developed structure.
Amendment 219 #
2015/0281(COD)
Proposal for a directive
Article 3 – paragraph 1 – point b
Article 3 – paragraph 1 – point b
(b) unduly compellingsing violence or the threat of violence to compel or seek to compel a Government or international organisation to perform or abstain from performing any act,
Amendment 228 #
2015/0281(COD)
Proposal for a directive
Article 3 – paragraph 2 – point d
Article 3 – paragraph 2 – point d
(d) causing extensive destruction to a Government or public facility, a transport system, an infrastructure facility, including an information system, a fixed platform located on the continental shelf, a public place or private property likely to endanger human life or result in major economic loss;
Amendment 237 #
2015/0281(COD)
Proposal for a directive
Article 3 – paragraph 2 – point i
Article 3 – paragraph 2 – point i
(i) seriously threatening to commit any of the acts listed in points (a) to (h), on the basis of objective, factual circumstances.
Amendment 246 #
2015/0281(COD)
Proposal for a directive
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
Member States shall ensure that the provision of humanitarian assistance by impartial humanitarian organisations recognised by international humanitarian law shall not be considered as participating in the activities of a terrorist group.
Amendment 251 #
2015/0281(COD)
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
Member States shall take the necessary measures to ensure that the distribution, or otherwise making available, of a message to the public, with the clear intent to incite the commission of one of the offences listed in points (a) to (h) of Article 3(2), where such conduct, whether or not directexpressly advocating the commission of terrorist offences, causes amanifestly causes a clear and substantial danger that one or more such offences may be committed, is punishable as a criminal offence when committed intentionally and unlawfully.
Amendment 287 #
2015/0281(COD)
Proposal for a directive
Article 9 – paragraph 1 a (new)
Article 9 – paragraph 1 a (new)
Member States shall ensure that the defendant does not in any circumstances bear the burden of proof in establishing that his or her travel to another country is for a legitimate purpose.
Amendment 328 #
2015/0281(COD)
Proposal for a directive
Article 16 – paragraph 2
Article 16 – paragraph 2
Amendment 339 #
2015/0281(COD)
Proposal for a directive
Article 17 a (new)
Article 17 a (new)
Article 17a Right to effective remedies 1. Any person whose fundamental rights and freedoms have been violated in the exercise of counter-terrorism powers or the application of counter-terrorism law has a right to a speedy, effective and enforceable remedy. 2. Member States' judicial authorities shall have the ultimate responsibility to ensure that this right is effective.
Amendment 408 #
2015/0281(COD)
Proposal for a directive
Article 23 a (new)
Article 23 a (new)
Article 23a Proportionality, necessity and fundamental rights 1. In the implementation of this Directive, Member States shall ensure that criminalisation is provided for by law, proportionate to the legitimate aims pursued and necessary in a democratic society and shall exclude any form of arbitrariness and discrimination. This Directive shall not result in arbitrary decisions or in discriminatory policies and practices based on perceived nationality, religion, ethnic or racial origin. 2. This Directive shall not have the effect of altering the obligation to respect fundamental rights and fundamental legal principles as enshrined in the Charter of Fundamental Rights of the European Union as well as in the European Convention for the Protection of Human Rights and Fundamental Freedoms, the International Covenant on Civil and Political Rights and other obligations under international humanitarian law. 3. This Directive shall not have the effect of altering the obligation to respect fundamental rights and fundamental legal principles as enshrined in Articles 2 and 6 of the Treaty on European Union.
Amendment 414 #
2015/0281(COD)
Proposal for a directive
Article 23 b (new)
Article 23 b (new)
Article 23b Fundamental principles relating to freedom of expression 1. Nothing in this Directive may be interpreted as being intended to reduce or restrict the dissemination of information for the expression of an opinion. The expression of radical, polemical or controversial views in the public debate on sensitive political questions, including terrorism, falls outside the scope of this Directive and, in particular, of the definition of public provocation to commit a terrorist offence. 2. This Directive shall not have the effect of requiring Member States to take measures in contradiction of fundamental principles relating to freedom of expression, in particular freedom of the press and the freedom of expression in other media as they result from constitutional traditions or rules governing the rights and responsibilities of, and the procedural guarantees for, the press or other media where these rules relate to the determination or limitation of liability.
Amendment 417 #
2015/0281(COD)
Proposal for a directive
Article 23 c (new)
Article 23 c (new)
Article 23c Non-discrimination This Directive shall not have the effect of requiring Member States to take measures which could result in direct or indirect discrimination or which would be based on religious practice and ethnic criteria.
Amendment 419 #
2015/0281(COD)
Proposal for a directive
Article 23 d (new)
Article 23 d (new)
Article 23d Emergency situations and fundamental rights In time of war or other public emergency threatening the life of the nation, Member States may take measures to derogate from certain rights, in line with Union and international law. Such circumstances do not relieve the authorities from demonstrating that the measures undertaken are applied solely for the purpose of combating terrorism and are directly related to the specific objective of combating terrorism.
Amendment 422 #
2015/0281(COD)
Proposal for a directive
Article 25 – title
Article 25 – title
Transposition and review mechanisms by Member States
Amendment 424 #
2015/0281(COD)
Proposal for a directive
Article 25 – paragraph 2
Article 25 – paragraph 2
2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.
Amendment 425 #
2015/0281(COD)
Proposal for a directive
Article 25 – paragraph 2 a (new)
Article 25 – paragraph 2 a (new)
2a. Member States shall conduct annual independent reviews of and reporting on the exercise of powers under the laws falling within the scope of this Directive.
Amendment 429 #
2015/0281(COD)
Proposal for a directive
Article 26 – paragraph 1
Article 26 – paragraph 1
1. The Commission shall, by [24 months after the deadline for implementation of this Directive], submit a report to the European Parliament and to the Council, assessing the extent to which the Member States have taken the necessary measures to comply with this Directive. Regular evaluation of the Directive implementation should include assessment of a potential disproportionate impact of measures on groups of the population, and remedial procedures to correct discriminatory practices.
Amendment 431 #
2015/0281(COD)
Proposal for a directive
Article 26 – paragraph 2
Article 26 – paragraph 2
2. The Commission shall, by [4812 months after the deadline for implementation of this Directive], submit a report to the European Parliament and to the Council, assessing the impact and added value of this Directive on combating terrorism and its impact on fundamental rights and freedoms and the rule of law. The Commission shall take into account the information provided by Member States under Decision 2005/671/JHA and any other relevant information regarding the exercise of powers under counter-terrorism laws related to the transposition and implementation of this Directive.
Amendment 435 #
2015/0281(COD)
Proposal for a directive
Article 26 – paragraph 2 a (new)
Article 26 – paragraph 2 a (new)
2a. In light of the independent reports of the European Commission, Member States shall conduct parliamentary periodic reviews.
Amendment 317 #
2014/2254(INI)
Motion for a resolution
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Is concerned about the recent laws approved in some Member States such as the new Spanish law on Citizenship Security 4/2015, increasing repression measures against social movements and demonstrations thus jeopardizing the right of assembly and of association as established in the Article 12 of the Fundamental Right Charter of the European Union. Calls on the Spanish Government to repeal the law;
Amendment 318 #
2014/2254(INI)
Motion for a resolution
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Is concerned about recent ruling by the Spanish Supreme Court number 161/2015 condemning to three years of prison 8 activists who were demonstrating against the new budgetary cuts of the Catalan Government;
Amendment 891 #
2014/2248(INI)
Motion for a resolution
Paragraph 38 a (new)
Paragraph 38 a (new)
38a. Reiterates its commitment to initiating an ordinary treaty revision procedure under Article 48 TEU with a view to proposing the changes to Article 341 TEU and Protocol 6 necessary to allow Parliament to decide on the location of its seat and its internal organisation;
Amendment 901 #
2014/2248(INI)
Motion for a resolution
Paragraph 39
Paragraph 39
39. Reiterates its call for a single seat for the European Parliament; proposes that Parliament and the Council each decide the location of their own seat after having obtained the consent of the other; further proposes that the seats of all the other EU institutions, agencies and bodies be determined by Parliament and the Council on a proposal by the European executive, acting in accordance with a special legislative procedure;
Amendment 24 #
2014/2228(INI)
Draft opinion
Paragraph -1 (new)
Paragraph -1 (new)
-1. Addresses the following recommendations to the Commission:
Amendment 2 #
2014/2158(INI)
Draft opinion
Paragraph 1
Paragraph 1
1. Underlines that tackling the fragmentation of the digital single market and guaranteeing an open internet and net neutrality are essential to foster competition and boost growth and competitiveness in the digital sector; deems that the competition policy should contribute at promoting and enforcing open standards and interoperability in order to prevent technological lock-in of consumers and clients by a minority of market players
Amendment 19 #
2014/2158(INI)
Draft opinion
Paragraph 2
Paragraph 2
2. Calls on the Commission to closely evaluate the implementation by Google of the binding commitments resulting from the agreement of February 2014; believes abusive dominant positions created by the so-called ‘first mover’ advantages and network effects in the digital sector should be more closely monitored; underlines that all search engines, including those of companies established in third countries, must fully respect and comply with EU data protection rules
Amendment 25 #
2014/2158(INI)
Draft opinion
Paragraph 3
Paragraph 3
3. Strongly welcomes the comments by Commissioner-designate Vestager in her hearing before the Parliament that free competition and protection against dominant positions in the digital economy is ultimately for the benefit of consumers; emphasises the need for more transparency from authorities in charge of implementing competition and data protection rules
Amendment 38 #
2014/2158(INI)
Draft opinion
Paragraph 4
Paragraph 4
4. Calls on Member States to implement the new EU public procurement rules in a timely manner in order to boost fair competition and, ensure best value for money for public authorities, encourage the use of qualitative environmental and social award criteria by contracting authorities and foster innovation; urges the Commission to ensure their application to the fullest possible extent in order to tackle distortions of competition caused by bid- rigging, abuses of dominant positions and discrimination in the public procurement sector, and facilitate the access of SMEs to public procurement;
Amendment 5 #
2014/2078(DEC)
Motion for a resolution
Recital D a (new)
Recital D a (new)
Da. whereas the Court of Auditors Report adopted on 11.07.2014 states that the potential saving for the EU Budget would be about 114 million euro a year if the European Parliament centralised its activities;
Amendment 48 #
2014/2078(DEC)
Motion for a resolution
Paragraph 33 c (new)
Paragraph 33 c (new)
33c. Stresses that the Parliament and the Council, in order to create long term savings in the Union budget, must address the need for a roadmap to a single seat, as stated by the Parliament in several previous resolutions;
Amendment 17 #
2014/0185(COD)
Proposal for a decision
Article 4 – point b – indent 4
Article 4 – point b – indent 4
– security and privacyrespect for privacy by default and design, in accordance with data protection law;
Amendment 19 #
2014/0185(COD)
Proposal for a decision
Article 6 – paragraph 10
Article 6 – paragraph 10
10. All actions and iInteroperability solutions funded under the ISA2 Programme shall be encouraged, where appropriate, to re-use available interoperability solutionsthat require processing of personal data, shall, where appropriate and possible, be preceded by a data protection impact assessment in accordance with Article 331a of Regulation …/…1b. __________________ 1aOr such amended article once Regulation …/… is adopted. 1b Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (COM(2012)0011).
Amendment 21 #
2014/0185(COD)
Proposal for a decision
Article 11 – paragraph 3 a (new)
Article 11 – paragraph 3 a (new)
3a. The interim evaluation and final evaluation of the ISA2 Programme shall include a separate analysis of compliance with data protection rules in all actions and interoperability solutions that require the processing of personal data.
Amendment 22 #
2014/0185(COD)
Proposal for a decision
Article 11 – paragraph 4
Article 11 – paragraph 4
4. The evaluations shall examine issues such as the relevance, effectiveness, efficiency, utility, sustainability and coherence, coherence and regard for citizens’ data protection of Programme actions. The final evaluation shall, in addition, examine the extent to which the Programme has achieved its objective.
Amendment 24 #
2014/0185(COD)
Proposal for a decision
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Cooperation with other third countries and international organisations or bodies shall be encouraged, notably in the framework of the Euro-Mediterranean and Eastern Partnerships and with neighbouring countries, in particular those of the Western Balkans and Black Sea regions in accordance with Data Protection rules. Related costs shall not be covered by the ISA2 Programme.
Amendment 1 #
2013/2188(INI)
Motion for a resolution
Citation 8 a (new)
Citation 8 a (new)
- having regard to the Vienna Convention on Diplomatic Relations, notably its Articles 24, 27 and 40,
Amendment 6 #
2013/2188(INI)
Motion for a resolution
Citation 36 a (new)
Citation 36 a (new)
– having regard to US Presidential Policy Directive PPD-28 on Signals Intelligence Activities of 17 January 2014,
Amendment 13 #
2013/2188(INI)
Motion for a resolution
Recital A
Recital A
A. whereas the ties between Europe and the United States of America are based on the spirit and principles of democracy and rule of law, liberty, justice and solidarity;
Amendment 15 #
2013/2188(INI)
Motion for a resolution
Recital A a (new)
Recital A a (new)
Aa. whereas, given that the EU's core aim is to promote freedom of the individual, security measures, including counterterrorism measures, must be pursued through the rule of law and must be subject to fundamental rights obligations, including those relating to privacy and data protection;
Amendment 21 #
2013/2188(INI)
Motion for a resolution
Recital C
Recital C
C. whereas in September 2001 the world entered a new phase which resulted in the fight against terrorism being listed among the top priorities of most governments; whereas the revelations based on leaked documents from whistleblower Edward Snowden, former NSA contractor, put democratically -elected leaders under anthe obligation to address the challenges of the increasing capabilities ofoverseeing and controlling intelligence agencies in surveillance activities and their implications forcting outside the rule of law in a democratic society;
Amendment 26 #
2013/2188(INI)
Motion for a resolution
Recital D – point 2
Recital D – point 2
· the high risk of violation of EU legal standards, fundamental rights and data protection standards;
Amendment 30 #
2013/2188(INI)
Motion for a resolution
Recital D – point 5
Recital D – point 5
· the degreelack of control and effective oversight by the US political authorities and certain EU Member States over their intelligence communities;
Amendment 31 #
2013/2188(INI)
Motion for a resolution
Recital D – point 6
Recital D – point 6
· the possibilityfact of these mass surveillance operations being used for reasons other than national security and the strict fight against terrorism, for example economic and industrial espionage or profiling on political grounds;
Amendment 34 #
2013/2188(INI)
Motion for a resolution
Recital D – point 8
Recital D – point 8
· the increasingly blurred boundaries between law enforcement and intelligence activities, leading to every citizen being treated as a suspect and being surveilled;
Amendment 38 #
2013/2188(INI)
Motion for a resolution
Recital D – point 9 a (new)
Recital D – point 9 a (new)
the undermining of the communications with members of a profession with a confidentiality privilege such as lawyers, journalists, physicians or priests;
Amendment 42 #
2013/2188(INI)
Motion for a resolution
Recital F
Recital F
F. whereas the US authorities have denied some of the information revealed but not contested the vast majority of it; whereas the public debate has developed on a large scale in the US and in a limited number of EU Member States; whereas EU governments too often remain silent and fail to launch adequate investigations;
Amendment 52 #
2013/2188(INI)
Motion for a resolution
Recital K a (new)
Recital K a (new)
Ka. whereas US President Barrack Obama in his speech on 17 January has announced some policy changes to the mass surveillance programmes, he has not called for changes in legislation, particularly the prohibition of mass surveillance activities and bulk processing of personal data and the introduction of legal redress for non-US persons;
Amendment 58 #
2013/2188(INI)
Motion for a resolution
Recital M a (new)
Recital M a (new)
Ma. whereas in all Member States the law protects from disclosure information communicated in confidence between lawyer and client, a principle which has been recognised by the European Court of Justice26a; __________________ 26a Judgement of 18 May 1982 in case C- 155/79, AM & S Europe Limited v Commission of the European Communities
Amendment 60 #
2013/2188(INI)
Motion for a resolution
Recital N
Recital N
N. whereas according to Article 67(3) TFEU the EU ‘"shall endeavour to ensure a high level of security’"; whereas the provisions of the Treaty (in particular Article 4(2) TEU, Article 72 TFEU and Article 73 TFEU) imply that the EU disposes of certain competences on matters relating to the collective external security of the Union; whereas the EU has exercised competence in matters of internal security (Article 4(j) TFEU) and has exercised this competence by deciding on a number of legislative instruments and concluding international agreements (PNR, TFTP) aimed at fighting serious crime and terrorism and by setting -up an internal security strategy and agencies working in this field;
Amendment 67 #
2013/2188(INI)
Motion for a resolution
Recital P
Recital P
P. whereas, underin accordance with Article 6 TEU, covering the EU Charter of Fundamental Rights and the ECHR, Member States’' agencies and even private parties acting in the field of national security also have to respect the rights enshrined therein, be they of their own citizens or of citizens of other States; whereas this also goes forgoes also as far as cooperation with other States’' authorities in the field of national security is concerned;
Amendment 70 #
2013/2188(INI)
Motion for a resolution
Recital Q
Recital Q
Q. whereas the extra-territorial application by a third country of its laws, regulations and other legislative or executive instruments in situations falling under the jurisdiction of the EU or its Member States may impact on the established legal order and the rule of law, or even violate international or EU law, including the rights of natural and legal persons, taking into account the extent and the declared or actual aim of such an application; whereas, in these exceptional circumstances, it is necessary to take action at the EU level to ensure that the rule of law, and the rights of natural and legal persons are respected within the EU, in particular by removing, neutralising, blocking or otherwise countering the effects of the foreign legislation concerned;
Amendment 80 #
2013/2188(INI)
Motion for a resolution
Recital AC
Recital AC
AC. whereas according to the information revealed and to the findings of the inquiry conducted by the LIBE Committee, the national security agencies of New Zealand and Canada have beenare involved on ain large scale in mass surveillance of electronic communications and have actively cooperated with the US, the UK and Australia, under the so called ‘"Five eyes’" programme, and may have exchanged with each other personal data of EU citizens transferred from the EU to each other;
Amendment 82 #
2013/2188(INI)
Motion for a resolution
Recital AI
Recital AI
AI. whereas national data protection authorities have developed binding corporate rules (BCRs) in order to facilitate international transfers within a multinational corporation with adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights; whereas before being used, BCRs need to be authorised by the Member States’ competent authorities after the latter have assessed compliance with Union data protection law; whereas BCRs for data processors have been rejected in the LIBE Committee report on the General Data Protection Regulation, as they would leave the data controller and the data subject without any control over the jurisdiction in which their data is processed;
Amendment 101 #
2013/2188(INI)
Motion for a resolution
Recital BA a (new)
Recital BA a (new)
BAa. whereas US intelligence agencies have a policy of systematically undermining cryptographic protocols and products in order to be able to intercept even encrypted communication; whereas the US National Security Agency has collected vast numbers of so called "zero- day exploits" – IT security vulnerabilities that are not yet known to the public or the product vendor; whereas such activities massively undermine global efforts to improve IT security;
Amendment 103 #
2013/2188(INI)
Motion for a resolution
Recital BA b (new)
Recital BA b (new)
BAb. whereas IT vendors often deliver products that have not been properly tested for IT security or that even sometimes have back-doors implanted purposefully by the vendor; whereas the lack of liability rules for software vendors has led to such a situation which is in turn exploited by intelligence agencies, but also leaves the risk of attacks by other entities;
Amendment 105 #
2013/2188(INI)
Motion for a resolution
Recital BB
Recital BB
BB. whereas intelligence services perform an important functioncan provide help in protecting the democratic society against internal and external threats subject to democratic accountability and judicial oversight; whereas they are given special powers and capabilities to this end; whereas these powers are to be limited to the extent strictly necessary and proportionate and used within the rule of law, as otherwise they risk losing legitimacy and erodinge the democratic nature of society;
Amendment 111 #
2013/2188(INI)
Motion for a resolution
Recital BD
Recital BD
BD. whereas technological developments have led tobeen used for increased international intelligence cooperation, also involving the exchange of personal data, and often blurring the line between intelligence and law enforcement activities;
Amendment 115 #
2013/2188(INI)
Motion for a resolution
Recital BE
Recital BE
BE. whereas most of existing national oversight mechanisms and bodies were set up or revamped in the 1990s and have not necessarily been adapted to the rapid political and technological developments over the last decade;
Amendment 126 #
2013/2188(INI)
Motion for a resolution
Paragraph 2
Paragraph 2
2. Points out specifically to US NSA intelligence programmes allowing for the mass surveillance of EU citizens through direct access to the central servers of leading US internet companies (PRISM programme), the analysis of content and metadata (Xkeyscore programme), the circumvention of online encryption (BULLRUN), access to computer and telephone networks, and access to location data, as well as to systems of the UK intelligence agency GCHQ such as itsthe upstream surveillance activity (Tempora programme) and the decryption programme (Edgehill); believethe targeted man- in-the-middle attacks on information systems (Quantumtheory and Foxacid programmes); the collection and retention of 200 million SMS text messages per day (Dishfire programme); considers that the existence of programmes of a similar nature, even if on a more limited scaledimension, is likely in other EU countries such as France (DGSE), Germany (BND) and Sweden (FRA);
Amendment 130 #
2013/2188(INI)
Motion for a resolution
Paragraph 3
Paragraph 3
3. Notes the allegations of ‘hacking’ or tapping into the Belgacom systems by the UK intelligence agency GCHQ; reiteranotes the indication by Belgacom that it could not confirm that EU institutions were targeted or affected, and that the malware used was extremely complex and required the use of extensive financial and staffing resources for its development and use that would not be available to private entities or hackers;
Amendment 138 #
2013/2188(INI)
Motion for a resolution
Paragraph 5
Paragraph 5
5. Notes that several governments claim that these mass surveillance programmes are necessary to combat terrorism; wholeheartedly supports the fight against terrorism, but strongly believes that it can never in itself never be a justification for untargeted, secret, and sometimes even illegal mass surveillance programmes; expresses concerns, therefore, regarding the legality, necessity and proportionality of these programmesdeems such programmes disproportionate and incompatible with the concept of a democratic society based on the rule of law;
Amendment 145 #
2013/2188(INI)
Motion for a resolution
Paragraph 6
Paragraph 6
6. Considers it very doubtful that data collection of such magnitude isbe not only guided by the fight against terrorism, as it involves the collection of all possible data of all citizens; points therefore to the possible existence of other power motives such as political and economic espionage;
Amendment 154 #
2013/2188(INI)
Motion for a resolution
Paragraph 9
Paragraph 9
9. Condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of the press, thought and speech and on freedom of assembly and of association, as well as a significant potential for abuse of the information gathered against political adversaries; emphasises that these mass surveillance activities appear also tlso entail illegal actions by intelligence services and raise questions regarding the extra-territoriality of national laws;
Amendment 160 #
2013/2188(INI)
Motion for a resolution
Paragraph 11
Paragraph 11
11. Is adamant that secret laws, treaties and courts violate the rule of law; points outinsists that any judgment of a court or tribunal and any decision of an administrative authority of a non-EU sState authorising, directly or indirectly, surveillance activities such as those examined by this inquiry may not be automaticallythe transfer of personal data, may not be recogniszed or enforced, but must be submitted individually to the appropria in any manner, without prejudice to a mutual legal assistance treaty or an inte rnational procedures on mutual recognition and legal assistance, including rules imposed by bilateral agreementsagreement in force between the requesting third country and the Union or a Member State and a prior authorisation by the competent supervisory authority;
Amendment 163 #
2013/2188(INI)
Motion for a resolution
Paragraph 12
Paragraph 12
12. Points out that the abovementioned concerns are exacerbated by rapid technological and societal developments; considers that, since internet and mobile devices are everywhere in modern daily life (‘ubiquitous computing’) and the business model of most internet companies is based on the processing of personal data of all kinds that puts at risk the integrity of the person, the scale of this problem is unprecedented; underlines that this may create a "turnkey tyranny" situation that can severely be misused in case of changes in political leadership;
Amendment 169 #
2013/2188(INI)
Motion for a resolution
Paragraph 14
Paragraph 14
14. Strongly rejects the notion that these issues are purely a matter of national security and therefore the sole competence of Member States; recalls a recent ruling of the Court of Justice according to which ‘although it is for Member States to take the appropriate measures to ensure their internal and external security, the mere fact that a decision concerns State security cannot result in European Union law being inapplicable’38 ; recalls further that the protection of the privacy of all EU citizens is at stake, as are the security and reliability of all EU communication networks; believes therefore that discussion and action at EU level is not only legitimate, but also a matter of EU autonomy and sovereignty; __________________ 38 No 1 BvR 518/02 of 4 April 2006. Judgement in case C-300/11, ZZ v Secretary of State for the Home Department, 4 June 2013
Amendment 173 #
2013/2188(INI)
Motion for a resolution
Paragraph 15
Paragraph 15
15. Commends the current discussions, inquiries and reviews concerning the subject of this iInquiry in several parts of the world; points to the Global Government Surveillance Reform signed up to by the world’'s leading technology companies, which callsing for sweeping changes to national surveillance laws, including an international ban on bulk collection of data to help preserve the public’'s trust in the internet; points to the call by hundreds of leading academics for ending mass surveillance38a; points to the calls by many civil society organisations for ending mass surveillance38b and for the strict adherence of necessity and proportionality into surveillance measures38c; points to the call by a large group of authors, including a number of Nobel prize winners, along similar lines38d, notes with great interest the recommendations published recently by the US President’'s Review Group on Intelligence and Communications Technologies; strongly urges governments to take these calls and recommendations fully into account and to overhaul their national frameworks for the intelligence services in order to implement appropriate safeguards and oversight; __________________ 38a www.academicsagainstsurveillance.net 38b www.stopspyingonus.com 38c www.en.necessaryandproportionate.org 38d www.faz.net/aktuell/feuilleton/buecher/ themen/autoren-gegen- ueberwachung/demokratie-im-digitalen- zeitalter-der-aufruf-der-schriftsteller- 12702040.html
Amendment 182 #
2013/2188(INI)
Motion for a resolution
Paragraph 18 a (new) after heading «Recommendations»
Paragraph 18 a (new) after heading «Recommendations»
18a. Calls on EU Member States to drop criminal charges, if any, against Edward Snowden and to offer him protection from prosecution, extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender;
Amendment 185 #
2013/2188(INI)
Motion for a resolution
Paragraph 18 b (new)
Paragraph 18 b (new)
18b. Calls on the US to drop any criminal charges Edward Snowden in recognition of his status as whistleblower and international human rights defender;
Amendment 186 #
2013/2188(INI)
Motion for a resolution
Paragraph 18 c (new)
Paragraph 18 c (new)
18c. Draws attention to the plight of other whistleblowers and their supporters, including any journalists involved, who find themselves under pressure from government authorities;
Amendment 192 #
2013/2188(INI)
Motion for a resolution
Paragraph 19 a (new)
Paragraph 19 a (new)
19a. Calls on the US as well as EU and Member States' legislators to revise legislation on electronic communications and signals intelligence and the processing and transfer of such intelligence information to fully respect the principles of legality, legitimate aim and purpose limitation, necessity, adequacy, proportionality, authorisation by a competent judicial authority, due process, user notification, transparency, public and parliamentary oversight, protection of the integrity of communications and systems, including safeguards for international cooperation and against illegitimate access;
Amendment 201 #
2013/2188(INI)
Motion for a resolution
Paragraph 20
Paragraph 20
20. Calls on certainall EU Member States, including the UK, Germany, France, Sweden and the Netherlands, toand in particular those participating in the so- called "9-eyes" and "14-eyes" programmes, to comprehensively evaluate and revise where necessary their national legislation and practices governing the activities of intelligence services – including their (strategic) surveillance powers, authorisation procedures and oversight mechanisms - so as to ensure that they are in line with the standards of the European Convention on Human Rights and comply with their fundamental rights obligations as regards data protection, privacy and, presumption of innocence; in particular, given the extensive media reports referring to mass surveillance in the UK, would emphasise that the current legal framework which is made up of a ‘complex interaction’ between three separate pieces of legislation – the Human Rights Act 1998, the Intelligence Services Act 1994 and the Regulation of Investigatory Powers Act 2000 – should be revised;, the necessity and proportionality of surveillance activities, as well as parliamentary and judicial oversight, the UN compilations of good practices38g and the recommendations of the Venice Commission38h; __________________ 38g United Nations General Assembly, A/HRC/14/46, 17 May 2010. 38h European Commission for Democracy through Law (Venice Commission): Report on Counter-Terrorism and Human Rights, CDL-AD(2010)022, adopted 4 June 2010; Report on the Democratic Oversight of the Security Services, CDL- AD(2007)016, adopted 2 June 2007.
Amendment 207 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 a (new)
Paragraph 20 a (new)
20a. Calls on UK to revise their national legislation and practices governing the activities of intelligence services so as to ensure that they are in line with the standards of the European Convention on Human Rights and comply with their fundamental rights obligations as regards data protection, privacy and presumption of innocence; in particular, given the extensive media reports referring to mass surveillance in the UK, would emphasise that the current legal framework which is made up of a 'complex interaction' between three separate pieces of legislation – the Human Rights Act 1998, the Intelligence Services Act 1994 and the Regulation of Investigatory Powers Act 2000 – should be revised;
Amendment 208 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 b (new)
Paragraph 20 b (new)
20b. Calls on France to revise its legal framework in the field of intelligence activities in order to comply with the European Convention on Human Rights' requirements, to strengthen its general oversight mechanisms, both as regards the ex ante authorisation procedures, the involvement of the Parliament in the monitoring of intelligence activities and the reinforcement of technical capabilities and investigative powers of the latter. Moreover, existing independent administrative authorities should be entitled to monitor more closely and effectively the processing of data collected by the various intelligence agencies. Urges French government to clarify its relations and potential agreements with telecommunication companies as regards access to and exchange of personal data and access to communication facilities including Transatlantic cables;
Amendment 209 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 c (new)
Paragraph 20 c (new)
20c. Calls on Germany to revise the law on the German foreign intelligence service (BND) and the G-10 Law by making them more specific and ending the mass surveillance of cross-border telecommunications by the BND, reinforcing the rights of all persons whose communications are intercepted, providing for more public information in particular as to the activities of the G10 Commission, reinforcing the technical capabilities and investigative powers of the parliamentary oversight bodies; underlines in this context that under the ECHR and the Charter of Fundamental Rights governments have to respect and protect fundamental rights, including the secrecy of communications, of all persons, not only of their own citizens and residents;
Amendment 210 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 d (new)
Paragraph 20 d (new)
Amendment 211 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 e (new)
Paragraph 20 e (new)
20e. Takes note of the review of the Dutch Intelligence and Security Act 2002 (report by the "Dessens Commission" of 2 December 2013); supports those recommendations of the review commission which aim to strengthen the transparency of and the control and oversight on the Dutch intelligence services; calls on the Netherlands to refrain from extending the powers of the intelligence services so that untargeted and large-scale surveillance could also be performed on cable-bound communications of innocent citizens, especially given the fact that one of the biggest Internet Exchange Points in the world is located in Amsterdam (AMS-IX); calls for caution in defining the mandate and capabilities of the new Joint Sigint Cyber Unit, as well as for the presence and operation by US intelligence personnel on Dutch territory;
Amendment 212 #
2013/2188(INI)
Motion for a resolution
Paragraph 20 f (new)
Paragraph 20 f (new)
20f. Calls on Poland to revise police and secret services' powers (in particular as far as their access to citizens' personal data from various sources is concerned) and introduce an independent supervisory mechanism over their activity, notably in the area of intelligence and general crime prevention; strongly recommends that Poland properly applies freedom of information laws with respect to national security issues in accordance with the Global Principles on the National Security and Access to Information, recently endorsed by the Parliamentary Assembly of the Council of Europe in its Resolution 1954 (2013) on National security and access to information; recommends further that any freedom of information requests shall be duly and adequately treated, notably when relevant for explaining government involvement in programs of mass surveillance and for thereby holding decision-makers accountable;
Amendment 222 #
2013/2188(INI)
Motion for a resolution
Paragraph 28
Paragraph 28
28. Notes that the companies identified by media revelations as being involved in the large- scale mass surveillance of EU data subjects by US NSA are companies that have self-certified their adherence to the Safe Harbour, and that the Safe Harbour is the legal instrument used for the transfer of EU personal data to the US (Google, Microsoft, Yahoo!, Facebook, Apple, LinkedIn); expresses its concerns onis alarmed by the fact that these organisations admitted that they do not encrypt information and communications flowing between their data centres, thereby enabling intelligence services to intercept information39 ; __________________ 39 The Washington Post, 31 October 2013. The Washington Post, 31 October 2013.
Amendment 224 #
2013/2188(INI)
Motion for a resolution
Paragraph 29
Paragraph 29
29. Considers that large-scale access by US intelligence agencies to EU personal data processed by Safe Harbour does not per se meet the criteria for derogation under ‘national security’;
Amendment 233 #
2013/2188(INI)
Motion for a resolution
Paragraph 33
Paragraph 33
33. Calls on the Commission to present by June 2014 a comprehensive assessment of the US privacy framework covering commercial, law enforcement and intelligence activities in response to the fact that the EU and the US legal systems for protecting personal data are drifting apartand concrete recommendations and consequences based on the absence of a general data protection law in the US;
Amendment 237 #
2013/2188(INI)
Motion for a resolution
Paragraph 37
Paragraph 37
37. Calls on the Commission and the Member States to assess without delay whether the adequate level of protection of the New Zealand and of the Canadian Personal Information Protection and Electronic Documents Act, as declared by Commission Decisions 2013/6540 and 2/2002 of 20 December 2001, have been affected by the involvement of their national intelligence agencies in the mass surveillance of EU citizens and, if necessary, to take appropriate measures to suspend or revers the adequacy decisions; also calls on the Commission to assess the situation for other countries that have received an adequacy rating; expects the Commission to report to the European Parliament on its findings on the abovementioned countries by December 2014 at the latest; __________________ 40 OJ L 28, 30.1.2013, p. 12.
Amendment 238 #
2013/2188(INI)
Motion for a resolution
Paragraph 39
Paragraph 39
39. Calls on the Member States to prohibit or suspend data flows to third countries based on the standard contractual clauses, contractual clauses or BCRs authorised by the national competent authorities where it is established that the law to which the data importerrecipient is subject imposes upon him requirements which go beyond the restrictions necessarystrictly necessary, adequate and proportionate in a democratic society and which are likely to have a substantialn adverse effect on the guarantees provided by the applicable data protection law and the standard contractual clauses, or because continuing transfer would create an imminent risk of grave harm to the data subjects risk of mass surveillance of the data subjects without suspicion;
Amendment 241 #
2013/2188(INI)
Motion for a resolution
Paragraph 41
Paragraph 41
41. Calls on the Commission to examine without delay the standard contractual clauses it has established in order to assess whether they provide the necessary protection as regards access to personal data transferred under the clauses for intelligence purposes and, if appropriate, to review them;
Amendment 250 #
2013/2188(INI)
Motion for a resolution
Paragraph 45
Paragraph 45
45. Reiterates its resolution of 23 October 2013 and asks the Commission for the suspenstermination of the TFTP Agreement;
Amendment 255 #
2013/2188(INI)
Motion for a resolution
Paragraph 46
Paragraph 46
46. Calls on the European Commission to react to concerns that three of the four major computerised reservation systems used by airlines worldwide are based in the US and that PNR data are saved in cloud systems operating on US soil under US law, which lacks data protection adequacy; states that this undermines the legitimacy and effectiveness of the PNR agreement; calls for termination of the EU US PNR agreement;
Amendment 269 #
2013/2188(INI)
Motion for a resolution
Paragraph 52
Paragraph 52
52. Stresses that both the Data Protection Regulation and the Data Protection Directive are necessary to protect the fundamental rights of individuals and therefore must be treated as a package to be adopted simultaneously, in order to ensure that all data-processing activities in the EU provide a high level of protection in all circumstances; stresses that it will only adopt further law enforcement cooperation measures once Council has entered into negotiations with Parliament and Commission on the Data Protection Package;
Amendment 274 #
2013/2188(INI)
Motion for a resolution
Paragraph 53
Paragraph 53
53. Notes that trust in US cloud computing and cloud providers has been negatively affected by the abovementioned practices; emphasises, therefore, the development of European clouds and IT solutions as an essential element for growth and employment and trust in cloud computing services and providers and for ensuring a high level of personal data protection;
Amendment 279 #
2013/2188(INI)
Motion for a resolution
Paragraph 55
Paragraph 55
55. RegDeplorets the fact that such access is usually attained by means of direct enforcement by third-country authorities of their own legal rules, without recourse to international instruments established for legal cooperation such as mutual legal assistance (MLA) agreements or other forms of judicial cooperation;
Amendment 280 #
2013/2188(INI)
Motion for a resolution
Paragraph 56
Paragraph 56
56. Calls on the Commission and the Member States to speed up the work of establishing a European Cloud Partnership while fully including civil society and the technical community, such as the Internet Engineering Task Force (IETF), and incorporating data protection aspects;
Amendment 289 #
2013/2188(INI)
Motion for a resolution
Paragraph 58
Paragraph 58
58. Recognises that the EU and the US are pursuing negotiations for a Transatlantic Trade and Investment Partnership, which is of major strategic importance for creating further economic growth and for the ability of both the EU and the US to set future global regulatory standards;
Amendment 292 #
2013/2188(INI)
Motion for a resolution
Paragraph 59
Paragraph 59
59. Strongly emphasises, given the importance of the digital economy in the relationship and in the cause of rebuilding EU-US trust, that the European Parliament will only consent tosee to it that the final TTIP agreement provided the agreement, among other criteria, fully respects fundamental rights recognised by the EU Charter, and that the protection of the privacy of individuals in relation to the processing and dissemination of personal data must continue to be governed by Article XIV of the GATSshall remain governed by Article XIV of the GATS before consenting to it; stresses that EU data protection legislation cannot be deemed an "arbitrary or unjustifiable discrimination" in the application of Article XIV of the GATS; stresses furthermore that the European Parliament shall not consent to any final TTIP agreement as long as the blanket mass surveillance activities and bulk processing of personal data as well as the interception of communications in EU institutions and diplomatic representations are not fully stopped;
Amendment 311 #
2013/2188(INI)
Motion for a resolution
Paragraph 62
Paragraph 62
62. Calls forDecides the setting up of a hHigh-l Level gGroup in order to strengthen cooperationparliamentary oversight in the field of intelligence at EU level, combined with a proper oversight mechanism ensuring both democratic legitimacy and adequate technical capacity; stresses that the high- level group should cooperate closely with national parliaments in order to propose further steps to be taken for increased oversight collaboration in the EU;
Amendment 319 #
2013/2188(INI)
Motion for a resolution
Paragraph 64
Paragraph 64
64. Calls on the high-level group to set strict limits on the duration and scope of any surveillance ordered unless its continuation is duly justified by the authorising/oversight authority;
Amendment 322 #
2013/2188(INI)
Motion for a resolution
Paragraph 66
Paragraph 66
66. Intends to organise a conference with national oversight bodies, whether parliamentary or independent, byefore the end of 2014;
Amendment 326 #
2013/2188(INI)
Motion for a resolution
Paragraph 68
Paragraph 68
68. Calls on the Member States to develop cooperation among oversight bodies, in particular within the European Network of National Intelligence Reviewers (ENNIR); calls particularly on the oversight bodies of those Member States whose governments have refused to cooperate with the EP inquiry - UK, France, Germany, Netherlands, Poland, Sweden – to further coordinate their activities;
Amendment 329 #
2013/2188(INI)
Motion for a resolution
Paragraph 69
Paragraph 69
69. Urges the Commission to present, by September 2014, a proposal for a legal basis for the activities of the EU Intelligence Analysis Centre (IntCen), as well as a proper oversight mechanism adapted to its activities, including regular reporting to the European Parliament; decides not to allocate funding to IntCen until its activities are covered by a proper legal basis;
Amendment 335 #
2013/2188(INI)
Motion for a resolution
Paragraph 72
Paragraph 72
72. Calls on the Europol Joint Supervisory Body, together with national data protection authorities, to conduct a joint inspection before the end of 2014 in order to ascertain whether information and personal data shared with Europol has been lawfully acquired by national authorities, particularly if the information or data was initially acquired by intelligence services in the EU or a third country, and whether appropriate measures are in place to prevent the use and further dissemination of such information or data; considers that Europol should not process any information or data which was obtained in violation of fundamental rights which would be protected under the Charter of Fundamental Rights;
Amendment 348 #
2013/2188(INI)
Motion for a resolution
Paragraph 75
Paragraph 75
75. Considers that the detention of Mr Miranda and the seizure of the material in his possession under Schedule 7 of the Terrorism Act 2000 (and also the request to The Guardian to destroy or hand over the material) by UK authorities constitutes an interference with the right of freedom of expression as recognised by Article 10 of the ECHR and Article 11 of the EU Charter;
Amendment 353 #
2013/2188(INI)
Motion for a resolution
Paragraph 76 a (new)
Paragraph 76 a (new)
Professional Secrecy and Confidentiality Privilege 76a. Considers that it is of the essence of professional secrecy privilege for lawyers, journalists, priests and other regulated professions that their members are told by their clients, patients or sources about matters which they would not tell to others and that without the certainty of confidentiality, there can be no trust; stresses that if the right of EU citizens to be protected against any divulging of communications with their lawyers is denied, they may be denied access to legal advice and to justice; stresses that if the right of journalists to protect their sources against any divulging of communications is denied, the critical role of investigative journalism for democracy is undermined;
Amendment 365 #
2013/2188(INI)
Motion for a resolution
Paragraph 78
Paragraph 78
78. Takes the view that the mass surveillance revelations that have initiated this crisis can be used as an opportunity for Europe to take the initiative and build up an autonomous IT key-resource capability for the mid term; underlines that in order to gain trust, such a European IT capability must be based on open standards and free and open software and if possible hardware, making the whole stack from processor design to the application layer reviewable by every interested party; points out that in order to re-gain competitiveness in the strategic sector of IT services, a digital new deal is needed with joint and large-scale efforts by EU institutions, member state governments, research institutions, industry and civil society; calls on the Commission and the Member States to use public procurement as leverage to support such resource capability in the EU by making EU security and privacy standards a key requirement in the public procurement of IT goods and services;
Amendment 367 #
2013/2188(INI)
Motion for a resolution
Paragraph 79
Paragraph 79
79. Is highly concerned by indications that foreignStrongly condemns that that intelligence services sought to lower IT security standards and to install backdoors in a broad range of IT systems; asks the Commission to present draft legislation to ban the use of backdoors by law enforcement agencies;
Amendment 373 #
2013/2188(INI)
Motion for a resolution
Paragraph 81
Paragraph 81
81. Calls on the Commission, standardisation bodies and ENISA to develop, by September 2014, minimum security and privacy standards and guidelines for IT systems, networks and services, including cloud computing services, in order to better protect EU citizens’' personal data; believes that such standards should be set in an open and democratic process, not driven by a single country, entity or multinational company; takes the view that, while legitimate law enforcement and intelligence concerns need to be taken into account in order to support the fight against terrorism, they should not lead to a general undermining of the dependability of all IT systemsexpresses support for the recent decisions by the Internet Engineering Task Force (IETF) to include governments in the threat model for internet security;
Amendment 376 #
2013/2188(INI)
Motion for a resolution
Paragraph 82
Paragraph 82
82. Points out that both telecom companies and the EU and national telecom regulators have clearly neglected the IT security of their users and clients; calls on the Commission to make full use of its existing powers under the ePrivacy and Telecommunication Framework Directive to strengthen the protection of confidentiality of communication by adopting measures to ensure that terminal equipment is compatible with the right of users to control and protect their personal data, and to ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications;
Amendment 380 #
2013/2188(INI)
Motion for a resolution
Paragraph 83
Paragraph 83
83. Supports the EU cyber strategy but considers that it does not cover all possible threats and should be extended to cover malicious state behaviours; underlines the need for more robust IT security and resilience of IT systems;
Amendment 387 #
2013/2188(INI)
Motion for a resolution
Paragraph 85
Paragraph 85
85. Calls on the Commission, in the framework of the next Work Programme of the Horizon 2020 Programme, to assess whether more resources should be directed towards boosting European research, development, innovation and training in the field of IT technologies, in particular privacy-enhancing technologies and infrastructures, cryptology, secure computing, open-source security solutions and the Information Society; stresses that no EU funding should be spent for the sole purpose of breaking into IT systems or developing tools for this;
Amendment 401 #
2013/2188(INI)
Motion for a resolution
Paragraph 87
Paragraph 87
87. Deems it necessary for the EU to be supported byAsks the Commission to also consider the possible additional need for an EU IT Academy that brings together the best European experts in all related fields, tasked with providing all relevant EU Institutions and bodies with scientific advice on IT technologies, including security-related strategies; as a first step asks the Commission to set up an independent scientific expert panel;
Amendment 414 #
2013/2188(INI)
Motion for a resolution
Paragraph 88 – point 5
Paragraph 88 – point 5
· the use of more free and open-source systems and fewer off-the-shelf commercial systems;
Amendment 418 #
2013/2188(INI)
Motion for a resolution
Paragraph 88 – point 10
Paragraph 88 – point 10
· the use of cloud storage by the EP, including what kind of data is stored on the cloud, how the content and access to it is protected and where the cloud is located, clarifying the applicable data protection and intelligence legal regimes;
Amendment 420 #
2013/2188(INI)
Motion for a resolution
Paragraph 88 – point 13
Paragraph 88 – point 13
· an analysis of the benefits of plan for using the GNU Privacy Guard as a default encryption standard for emails which would at the same time allow for the use of digital signatures;
Amendment 428 #
2013/2188(INI)
Motion for a resolution
Paragraph 93
Paragraph 93
93. Calls on standards bodies such as the IETF for the overall architecture of the internet in terms of data flows and storage to be reconsidered, striving for more data minimisation and transparency and less centralised mass storage of raw data, as well as avoiding unnecessaryfull end-to-end encryption of all internet traffic so that the routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy does not create a risk;
Amendment 430 #
2013/2188(INI)
Motion for a resolution
Paragraph 94
Paragraph 94
94. Calls on the Member States, in cooperation with ENISA, Europol’'s CyberCrime Centre, CERTs and national data protection authorities and cybercrime units, to start an education and awareness- raising campaign in order to enable citizens to make a more informed choice regarding what personal data to put on line and how better to protect them, including through ‘digital hygiene’, encryption and safe cloud computing, making full use of the public interest information platform provided for in the Universal Service Directive;
Amendment 436 #
2013/2188(INI)
Motion for a resolution
Paragraph 95
Paragraph 95
95. Calls on the Commission, by September 2014, to evaluate the possibilities ofpropose draft legislation encouraging software and hardware manufacturers to introduce more security and privacy throughby design and by default features in their products, including the possibilit by of introducing legal liability on the part of manufacturers for unpatched known vulnerabilities, faulty or insecure software, or the installation of secret backdoors, and disincentives for the undue and disproportionate collection of mass personal data, and if appropriate to come forward with legislative proposals;
Amendment 438 #
2013/2188(INI)
Motion for a resolution
Paragraph 96
Paragraph 96
96. Believes, beyond the need for legislative change, that the inquiry has shown the need for the US to restore trust with its partners, as US intelligence agencies’' activities are primarily at stake;
Amendment 444 #
2013/2188(INI)
Motion for a resolution
Paragraph 101
Paragraph 101
101. Is ready actively to engage in a dialogue with US counterparts so that, in the ongoing American public and congressional debate on reforming surveillance and reviewing intelligence oversight, the privacy rights of EU citizens are addressed, equal information rights and privacy protection in US courts guaranteed and the current discrimination not perpetuated; urges the US to enact a general data protection law and amend the Privacy Act to create legal redress options for non-US persons;
Amendment 447 #
2013/2188(INI)
Motion for a resolution
Paragraph 102
Paragraph 102
102. Insists that necessary reforms be undertaken and effective guarantees given to Europeans to ensure that the use of surveillance and data processing for foreign intelligence purposes is limited by clearly specified conditions and related to reasonable suspicion or probable cause of terrorist or criminal activity; stresses that this purpose must be subject to transparent judicial oversight;
Amendment 451 #
2013/2188(INI)
Motion for a resolution
Paragraph 103
Paragraph 103
103. Considers that clear political signals are needed from our American partners to demonstrate that the US distinguishes between allies and adversaries; considers the actions taken and announcements by the US government so far as insufficient;
Amendment 456 #
2013/2188(INI)
Motion for a resolution
Paragraph 107
Paragraph 107
107. Also believes that that the involvement and activities of EU Members States has led to a loss of trust; is of the opinion that only full clarity as to purposes and means of surveillance, public debate and, ultimately, revision of legislation, including a and practices to end mass surveillance activities and strengthening of the system of judicial and parliamentary oversight, will be able to re-establish the trust lost;
Amendment 461 #
2013/2188(INI)
Motion for a resolution
Paragraph 108
Paragraph 108
108. Is aware that some EU Member States are pursuing bilateral communication with the US authorities on spying allegations, and that some of them have concluded (United Kingdom) or envisage concluding (Germany, France) so-called ‘'anti-spying’' arrangements; underlines that these Member States need to observe fully the interests of the EU as a whole; doubts the relevance of such agreements in the light of revelations that even members of the "Five Eyes" spy on each other;
Amendment 465 #
2013/2188(INI)
Motion for a resolution
Paragraph 108 a (new)
Paragraph 108 a (new)
108a. Asks the Council to inform Parliament about discussions by Member States on an EU-wide mutual no-spy arrangement;
Amendment 466 #
2013/2188(INI)
Motion for a resolution
Paragraph 109
Paragraph 109
109. Considers that such arrangements should not breach European Treaties, especially the principle of sincere cooperation (under Article 4 paragraph 3 TEU), or undermine EU policies in general and, more specifically, the internal market, fair competition and economic, industrial and social development; decides to review any such arrangements for their compatibility with European law and reserves its right to activate Treaty procedures in the event of such arrangements being proved to contradict the Union’'s cohesion or the fundamental principles on which it is based;
Amendment 481 #
2013/2188(INI)
Motion for a resolution
Subheading 36
Subheading 36
Priority Plan: A European Digital Habeas CorpusDeclaration of Independence
Amendment 485 #
2013/2188(INI)
Motion for a resolution
Paragraph 114 – introductory part
Paragraph 114 – introductory part
114. Decides to launch A European Digital Habeas CorpusDeclaration of Independence for protecting privacy based on the following 7 actions with a European Parliament watchdog:
Amendment 505 #
2013/2188(INI)
Motion for a resolution
Paragraph 114 – point 6
Paragraph 114 – point 6
Action 6: Develop a European strategy for IT independence (a "digital new deal" including the allocation of adequate resources at national and EU level);
Amendment 510 #
2013/2188(INI)
Motion for a resolution
Paragraph 115
Paragraph 115
115. Calls on the EU Institutions and the Member States to support and promote the European Digital Habeas CorpusDeclaration of Independence; undertakes to act as the EU citizens’' rights watchdog, with the following timetable to monitor implementation:
Amendment 517 #
2013/2188(INI)
Motion for a resolution
Paragraph 115 – point 3
Paragraph 115 – point 3
· Spring 2014: a formal call on the European Council to include the European Digital Habeas CorpusDeclaration of Independence in the guidelines to be adopted under Article 68 TFEU;
Amendment 519 #
2013/2188(INI)
Motion for a resolution
Paragraph 115 – point 4
Paragraph 115 – point 4
Autumn 2014: a commitment that the European Digital Habeas CorpusDeclaration of Independence and related recommendations will serve as key criteria for the approval of the next Commission;
Amendment 521 #
2013/2188(INI)
Motion for a resolution
Paragraph 115 – point 7
Paragraph 115 – point 7
20154: a conference bringing together high- level European experts in the various fields conducive to IT security (including mathematics, cryptography and privacy- enhancing technologies) to help foster an EU IT strategy for the next legislature;
Amendment 17 #
2013/2024(INI)
Motion for a resolution
Paragraph 6
Paragraph 6
6. Encourages the Commission, therefore, to assume its role in framing policies and setting legislative priorities and to make use of its right to propose legislation whenever necessary in order to guarantee a holistic and coherent approach to the Area of Freedom, Justice and Security; states, at the same time, its opposition to any return to the intergovernmental approach which characterised the era prior to the entry into force of the Treaty of Lisbon;
Amendment 60 #
2013/2024(INI)
Motion for a resolution
Paragraph 16
Paragraph 16
16. Calls urgently for measures to address the so-called Copenhagen dilemma, describing a situation in which the Union sets high standards for candidate countries to meet but lacks tools for Member States; announces its intention to set up a Copenhagen Commission within the Committee on Civil Liberties, Justice and Home Affairs; urges the Commission to adopt a country by country approach to monitoring and reporting the situation of fundamental rights within EU member states; calls on the Commission to expand its initiative to create a Justice Scoreboard, to include apart from justice, the rule of law.
Amendment 79 #
2013/2024(INI)
Motion for a resolution
Paragraph 18 a (new)
Paragraph 18 a (new)
18 a. Calls attention to the importance of the forthcoming Commission Report on the Transposition of the Framework Decision 2008/913/JHA on combating forms and expression of racism and xenophobia by means of criminal law (due out by the 28th November 2013); encourages strengthened efforts to combat impunity and redress inconsistencies in Member States' laws and practices, as there is still no legislative provision in some Member States providing for the imposition of restrictions, including prohibition, on political parties involved in racism and hate, including Holocaust denial; Call on the Commission to step up efforts to condemn hate speech and Holocaust denial made by public and political figures and begin the process to launch infringement proceedings as early as 2014;
Amendment 80 #
2013/2024(INI)
Motion for a resolution
Paragraph 18 b (new)
Paragraph 18 b (new)
18 b. Considers that a proper accountability process is crucial to protect and promote human rights effectively in the EU's internal and external policies and to ensure legitimate and effective security policies based on the rule of law; calls on the Commission to propose an accountability mechanism aimed at strengthening the EU and Member States' capacity to prevent, investigate and redress human rights violations at EU level, notably those committed in the context of the CIA programme
Amendment 83 #
2013/2024(INI)
Motion for a resolution
Paragraph 19 a (new)
Paragraph 19 a (new)
19 a. Considers that greater attention is needed to respond to the particular situation of vulnerable groups, as mentioned in point 2.3.3. of the Stockholm Programme and in strengthening the fight against racism, xenophobia, anti-Semitism, Islamophobia, Afrophobia, anti-Gypsyism, and homophobia in the European Union;
Amendment 112 #
2013/2024(INI)
Motion for a resolution
Paragraph 24
Paragraph 24
24. Considers that mutual recognition requires that citizens and legal professionals trust each other's legal institutions; notes that the strengthening of a truly European legal culture that is fully respectful of fundamental rights as set out in the Charter of Fundamental Rights of the European Union, the principles of subsidiary and of judicial independence, the establishment of common standards and an understanding of other legal systems plays a very important role in underpinning mutual recognition and trust; points out that mutual recognition and trust can lead to gradual changes in national civil law traditions through an exchange of best practices between Member States;
Amendment 124 #
2013/2024(INI)
Motion for a resolution
Paragraph 26
Paragraph 26
26. AcknowledgRecognises the progress madthat has been made to date with the roadmap for strengthening procedural rights in criminal proceedings, but regrets that key proposals on legal aid and vulnerable suspects are outstanding and that the level of ambiof suspects and accused persons in criminal proceedings, including the adoption of Directives on the right to interpretation and translation and on the right to information in criminal proceedings, and the agreement of a Directive on the right of access to a lawyer in criminal proceedings (the Roadmap Directives) and reiterates that these measures are crucial to the proper functioning of the Council seems to be decreasing more and more;EU mutual recognition crime cooperation measures such as the European Arrest Warrant and that continuing progress on the protection of the rights of suspects and defendants is essential.
Amendment 130 #
2013/2024(INI)
Motion for a resolution
Paragraph 26 a (new)
Paragraph 26 a (new)
26 a. Regrets that key proposals set out in the roadmap for strengthening procedural rights of suspects and accused persons in criminal proceedings remain outstanding and recognises the need for proposals on, and the conclusion of, the remaining measures on legal aid and vulnerable suspects; strongly believes that legal aid in particular must be effectively guaranteed to ensure effective implementation of the Roadmap Directives, and particularly the Directive on the right to access a lawyer.
Amendment 135 #
2013/2024(INI)
Motion for a resolution
Paragraph 26 b (new)
Paragraph 26 b (new)
26 b. Regrets that further work remains outstanding in relation to pre-trial detention, administrative detention and the detention of minors, in relation to which standards in many Member States fall short of human rights and other international standards; recognises the need for an assessment of the effectiveness of non-legislative work on existing Framework Decisions, the widespread recognition of problems with pre-trial detention law and practice across Europe identified as part of the Commission's consultation, and a commitment to revisit the case for establishing minimum and enforceable standards in relation to pre-trial detention through legislative action; calls on the Commission to revisit the case for establishing minimum and enforceable standards in relation to pre-trial detention, administrative detention and detention of minors through legislative action.
Amendment 142 #
2013/2024(INI)
Motion for a resolution
Paragraph 28
Paragraph 28
28. Believes that mutual trust between the Member States must be strengthened andthe protection of the procedural rights of suspects and accused persons is a necessary precondition to the strengthening of mutual trust between Member States; recognises that each of the Roadmap Directives must be implemented effectively to ensure that they improve standards of criminal justice across the EU, by working with Member States towards full transposition into domestic law and by providing training to government officials, judges, prosecutors and defence practitioners; believes that mutual recognition and harmonisation of EU criminal law cannot progress without serious feed-back on the implementation of these rules at Member State level;
Amendment 148 #
2013/2024(INI)
Motion for a resolution
Paragraph 28 a (new)
Paragraph 28 a (new)
28 a. Recognises that implementation of the Roadmap Directives already adopted, progress on any unfinished measures, and the consideration of suspects' rights protections beyond those included in the Stockholm Programme, will all require action beyond the time period allotted for that Programme, and must therefore remain high on the agenda for the next legislative period.
Amendment 163 #
2013/2024(INI)
Motion for a resolution
Paragraph 30 a (new)
Paragraph 30 a (new)
30 a. Urges the Commission to intensify and reinforce its efforts to protect the financial interests of the Union and to complete delayed reform of the European Anti-Fraud Office fully integrating data protection and suspects rights and basing itself on proper criminal definitions;
Amendment 167 #
2013/2024(INI)
Motion for a resolution
Paragraph 30 b (new)
Paragraph 30 b (new)
30 b. Finds it regrettable that the Commission's second communication on the implementation of the ISS, of 10 April 2013, expresses scant criticism of activities carried out under the ISS, reasserting the same priorities as its initial communication of November 2010 and failing, in particular, to take account of the consequences of the incorporation of the Charter of Fundamental Rights, most of the provisions of which apply not only to EU citizens but to everyone on EU territory;
Amendment 178 #
2013/2024(INI)
Motion for a resolution
Paragraph 33 a (new)
Paragraph 33 a (new)
33 a. Urges a comprehensive agreement on the Data protection package which ensures a uniform and high level of protection for data subjects and a level playing field for business; insists that this is a precondition for free trade and police and judicial cooperation;
Amendment 187 #
2013/2024(INI)
Motion for a resolution
Paragraph 34 a (new)
Paragraph 34 a (new)
34 a. Rejects the notion of predictive policing without an initial suspicion, in particular the EU PNR proposal and the idea of an EU Terrorist Finance Tracking System; calls on the Commission to repeal the Data Retention Directive;
Amendment 204 #
2013/2024(INI)
Motion for a resolution
Paragraph 37
Paragraph 37
37. Welcomes the conclusion of the negotiations on the Schengen Governance Package; cCalls on the Commission fully to play its roles as coordinator of the Schengen evaluations and as guardian of the Treaty, in order to avoid any situation that could endanger the functioning of the Schengen area; repeats its position that the Schengen area should, without further delay, be enlarged to include Romania and Bulgaria;
Amendment 213 #
2013/2024(INI)
Motion for a resolution
Paragraph 39
Paragraph 39
39. Acknowledges that the Schengen area is a kind of laboratory that so far has been developed step by step; is nevertheless of the opinion that a long-term reflection about its further development is necessary; believes that the Schengen external borders should in the future be guarded by European border guon the basis of the highest common standards;.
Amendment 311 #
2013/2024(INI)
Motion for a resolution
Paragraph 55
Paragraph 55
55. Is of the opinion that guidance, coherence and benchmarks for the area of freedom, security and justice are necessary, to truly safeguard the rights of the citizens, and should be ensured in accordance with Article 17(1) TEU; proposes that the multiannual programming be agreed by the three institutions in accordance with this provision of the TEU; looks to the Commission to take appropriate steps to bring this about and to submit a proposal on that basis;
Amendment 47 #
2013/0407(COD)
Proposal for a directive
Recital -1 (new)
Recital -1 (new)
(-1) Article 48 of the Charter of Fundamental Rights of the European Union stipulates that everyone who has been charged shall be presumed innocent until proved guilty according to law; respect for the rights of the defence of anyone who has been charged shall be guaranteed. Article 6 of the European Convention for the Protection of Human Rights and Fundamental Freedoms protects the right to a fair trial, which implies that everyone charged with a criminal offence shall be presumed innocent until proved guilty according to law and has a right to defend himself in person or through legal assistance of his choosing. Article 14 of the International Covenant on Civil and Political Rights stipulates that everyone charged with a criminal offence shall have the right to be presumed innocent until proved guilty according to law and the right to be tried in his presence, and to defend himself in person or through legal assistance of his own choosing.
Amendment 50 #
2013/0407(COD)
Proposal for a directive
Recital 1
Recital 1
(1) The purpose of this Directive is to enhance the right to a fair trial in criminal proceedings by laying down minimum rules concerning certain aspects of the presumption of innocence and the right to be present at the trial, and to ensure that a common and sufficiently high level of protection and the procedural safeguards linked thereto are available to suspects and accused persons throughout the EU, without prejudice to the higher protection standards which may be in use in a given Member State.
Amendment 61 #
2013/0407(COD)
Proposal for a directive
Recital 6
Recital 6
(6) This Directive should apply only to criminal proceedings. A and similar administrative proceedings leading to sanctions such as competition, trade, tax, financial services proceedings and othercomparable sanctions of a punitive and deterrent nature Administrative proceedings leading to sanctions of a non- punitive nature and investigations by administrative authorities in relation to these proceedings, and also civil proceedings are not covered by this Directive.
Amendment 66 #
2013/0407(COD)
Proposal for a directive
Recital 8
Recital 8
(8) This Directive should apply to natural and legal persons who are suspected or accused of having committed a criminal offence. It should apply at any stage of the proceedings, even before those persons are made aware by the competent authorities of a Member State, by official notification or otherwise, that they are suspected or accused of having committed a criminal offence, until the conclusion of such proceedings.
Amendment 69 #
2013/0407(COD)
Proposal for a directive
Recital 9
Recital 9
Amendment 73 #
2013/0407(COD)
Proposal for a directive
Recital 10
Recital 10
Amendment 76 #
2013/0407(COD)
Proposal for a directive
Recital 11
Recital 11
Amendment 78 #
2013/0407(COD)
Proposal for a directive
Recital 11 a (new)
Recital 11 a (new)
(11a) If a person other than a suspect or accused person, for example a witness, becomes a suspect or accused person, that person's right to the presumption of innocence and his or her right not to incriminate him or herself should be protected, and he or she should have the right to remain silent, as confirmed by the case law of the European Court of Human Rights. This Directive therefore makes express reference to the practical situation where such a person becomes a suspect or accused person during questioning by the police or by another law enforcement authority in the context of criminal proceedings. Where, in the course of such questioning, a person other than a suspect or accused person becomes a suspect or accused person, questioning should be suspended immediately. However, it should be possible to continue the questioning if the person concerned has been informed that he or she is a suspect or accused person and of his or her procedural rights in accordance with Directive 2012/13/EU. Evidence collected prior to the notification of rights should not be admissible during the criminal proceedings which follow.
Amendment 84 #
2013/0407(COD)
Proposal for a directive
Recital 13
Recital 13
(13) The presumption of innocence is violated if, without the accused’'s having previously been proved guilty according to law, a judicial decision or, a public statement or other act by judicial or other public authorities or public officials presents the suspects or accused persons as if they were convicted.
Amendment 94 #
2013/0407(COD)
Proposal for a directive
Recital 15
Recital 15
Amendment 96 #
2013/0407(COD)
Proposal for a directive
Recital 17
Recital 17
Amendment 103 #
2013/0407(COD)
Proposal for a directive
Recital 18
Recital 18
(18) The right not to incriminate oneself and not to cooperate should not extend to the use in criminal proceedings of material which may be obtained from the suspect or accused person through the use of lawful compulsory powers but which has an existence independent of the will of the suspects or accused persons, such as. However, this should only apply to material acquired pursuant to a warrant, material in respect of which there is a legal obligation of retention and production upon request, and breath, blood and urine samples and bodily tissue for the purpose of DNA testing.
Amendment 106 #
2013/0407(COD)
Proposal for a directive
Recital 19 a (new)
Recital 19 a (new)
(19a) Possible violations of the right to silence or not to incriminate oneself should be assessed by reference to all relevant factors including the use of physical compulsion, compliance with the notification obligations under Directive 2012/13/EU and the authorities' reference to possible pre-trial detention to discourage the exercise of the right to silence.
Amendment 109 #
2013/0407(COD)
Proposal for a directive
Recital 20 a (new)
Recital 20 a (new)
(20a) Any evidence obtained in violation of the right not to incriminate oneself and to refuse to cooperate and in violation of the right to remain silent, as laid down in this Directive, should be declared inadmissible. The use in criminal proceedings of statements or evidence obtained in violation of these rights automatically renders the proceedings as a whole unfair.
Amendment 113 #
2013/0407(COD)
Proposal for a directive
Recital 22
Recital 22
(22) However, the right of the accused person to be present at the trial is not absolute. Under certain conditions the accused person may, expressly or tacitly butand unequivocally, waive that right.
Amendment 117 #
2013/0407(COD)
Proposal for a directive
Recital 26
Recital 26
(26) The principle of effectiveness of Union law requires that Member States put in place adequate and effective remedies in the event of a breach of a right conferred upon individuals by Union law. An effective remedy available in the event of a breach of any of the principles laid down in this Directive should have, as far as possible,both consist of an appropriate mechanism of compensation for damages and have the effect of placing the suspects or accused persons in the same position in which they would have found themselves had the breach not occurred.
Amendment 124 #
2013/0407(COD)
Proposal for a directive
Recital 29 a (new)
Recital 29 a (new)
(29a) The transposition of this Directive should contribute to the creation of an Area of Freedom, Security and Justice within the Union, whose overarching value is the respect of fundamental rights. Consequently, if there are substantial grounds for believing that this Directive may have the effect of modifying the obligation incumbent on public authorities to respect the fundamental rights and legal principles as enshrined in Article 6 of the Treaty on European Union, including the rights of persons subject to criminal proceedings, such obligations should remain unaffected.
Amendment 129 #
2013/0407(COD)
Proposal for a directive
Article 2
Article 2
This Directive applies to natural persons suspected or accused in criminal proceedingsand legal persons, regardless of their nationality, place of residence or place of registration or incorporation, suspected or accused in criminal proceedings and similar administrative proceedings leading to comparable sanctions of a punitive and deterrent nature until the final conclusion of those proceedings.
Amendment 135 #
2013/0407(COD)
Proposal for a directive
Article 3
Article 3
Member States shall ensure that suspects or accused persons are presumed innocent until proven guilty according to lawby a final judgment, delivered according to law, in a public trial at which they have had all the guarantees necessary for their defence.
Amendment 137 #
2013/0407(COD)
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
Member States shall ensure that, before a final conviction or after a final acquittal, public statements and, official decisions from public authorities do not refer to the suspects or accused persons as if they were convicted(including on pre-trial detention) and other acts by public authorities or public officials do not refer to the suspects or accused persons as if they were convicted. In particular, any statements should not be of such a nature as to serve to encourage the public to believe the person is guilty and to prejudge assessment of the facts by the competent judiciary authority. Member States shall ensure that appropriate measures are taken in the event of a breach of that requirement, such as a retrial and compensation.
Amendment 149 #
2013/0407(COD)
Proposal for a directive
Article 4 a (new)
Article 4 a (new)
Article 4a Presentation of suspects or accused persons 1. Member States shall ensure that suspects or accused persons are not presented in court or to the media in ways that suggest their guilt, including in particular in prison clothing, handcuffs or the use of enclosures. 2. Paragraph 1 shall not prevent a Member State from applying measures which are genuinely required for case- specific security reasons, on the basis of specific identified risks posed by the individual suspected or accused person.
Amendment 151 #
2013/0407(COD)
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Member States shall ensure that the burden of proof in establishing the guilt of suspects or accused persons is on the prosecution. This is without prejudice to any ex officio fact finding powers of the trial court and to the right of the defence to present evidence in accordance with the applicable national rules.
Amendment 154 #
2013/0407(COD)
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
Amendment 159 #
2013/0407(COD)
Proposal for a directive
Article 5 – paragraph 3
Article 5 – paragraph 3
3. Any doubt shall benefit natural persons suspected or accused in criminal proceedings. Member States shall ensure that where the trial court makes an assessment as to the guilt of a suspect or accused person and there is reasonable doubt as to the guilt of that person, the person concerned shall be acquitted.
Amendment 170 #
2013/0407(COD)
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. The right referred to in paragraph 1 shall not extend to the use in criminal proceedings of material which may bethe following material, provided that the latter is obtained from the suspects or accused persons through the use of lawful compulsory powers but whichand has an existence independent of the will of the suspects or accused persons: a) material acquired pursuant to a warrant; b) material in respect of which there is a legal obligation of retention and production upon request; c) breath, blood and urine samples and bodily tissue for the purpose of DNA testing.
Amendment 178 #
2013/0407(COD)
Proposal for a directive
Article 6 – paragraph 4
Article 6 – paragraph 4
4. Any evidence obtained in breach of this Article shall not be admissible, unless the use of such evidence would not prejudice the overall fairness of the proceedings.
Amendment 192 #
2013/0407(COD)
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Any evidence obtained in breach of this Article shall not be admissible, unless the use of such evidence would not prejudice the overall fairness of the proceedings.
Amendment 194 #
2013/0407(COD)
Proposal for a directive
Article 7 – paragraph 4 a (new)
Article 7 – paragraph 4 a (new)
4a. In order to facilitate the effective protection of the right to remain silent, Member States shall ensure that questioning of suspects and accused persons is audio-visually recorded.
Amendment 197 #
2013/0407(COD)
Proposal for a directive
Article 8 – paragraph 2 – introductory part
Article 8 – paragraph 2 – introductory part
2. Member States may provide for a possibility under which the trial court may decide on the guilt in the absence of the suspect or the accused person, only if the offence which gave rise to the proceedings is punishable by a fine, and under no circumstances if the offence is punishable by a term of imprisonment, provided that the suspect or accused person:
Amendment 202 #
2013/0407(COD)
Proposal for a directive
Article 8 – paragraph 2 – point a – point i
Article 8 – paragraph 2 – point a – point i
(i) either was summoned in person and thereby clearly and unequivocally informed of the scheduled date and place of the trial, or by other means actually received official information of the scheduled date and place of that trial in such a manner that it was unequivocally established that he or she was aware of the scheduled trialand of the consequences of an unexcused non-appearance;
Amendment 203 #
2013/0407(COD)
Proposal for a directive
Article 8 – paragraph 2 – point a – point ii
Article 8 – paragraph 2 – point a – point ii
Amendment 208 #
2013/0407(COD)
Proposal for a directive
Article 8 – paragraph 2 a (new)
Article 8 – paragraph 2 a (new)
2a. Suspects or accused persons shall always have the right to request a new trial or a new date for a trial if, for reasons beyond their control, they were unable to be present.
Amendment 209 #
2013/0407(COD)
Proposal for a directive
Article 8 – paragraph 3
Article 8 – paragraph 3
Amendment 218 #
2013/0407(COD)
Proposal for a directive
Article 9
Article 9
Member States shall ensure that where the suspects or accused persons were not present at the trial referred to in Article 8(1) and the conditions laid down in Article 8(2) and (3) are not met, the person concerned has the right to a new trial at which they have the right to be present and which allows a fresh determination of the merits of the case, includingmeeting at least all the requirements of Article 6 of the ECHR and any Directives adopted under Article 82(2)(b) TFEU, at which they have the right to be present and which allows a fresh determination of the merits of the case, including confrontation or evidence which served as the basis for the initial determination, cross- examination of witnesses and examination of new evidence, and which may lead to the original decision to be reversed.
Amendment 220 #
2013/0407(COD)
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The remedy shall have, as far as possible,both consist of an appropriate mechanism of compensation for damages and the effect of placing suspects or accused persons in the same position in which they would have found themselves had the breach not occurred, with a view to preserving the right to a fair trial and the right to defence.
Amendment 221 #
2013/0407(COD)
Proposal for a directive
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2a. Evidence collected in administrative proceedings, where such collection would have infringed the terms of this Directive had the proceedings been criminal, shall not be admissible as evidence in criminal proceedings covered by this Directive.
Amendment 223 #
2013/0407(COD)
Proposal for a directive
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
This Directive shall not have the effect of modifying the obligation to respect the fundamental rights and legal principles as enshrined in Article 6 of the Treaty on European Union, including the rights of persons subject to criminal proceedings, and any obligations incumbent on public authorities in this respect shall remain unaffected.
Amendment 23 #
2013/0309(COD)
Proposal for a regulation
Recital 6
Recital 6
(6) This Regulation aims at the completion of the single electronic communications market through action on three broad, inter-related axes. First, it should secure the freedom to provide electronic communications services across borders and networks in different Member States, building on the concept of a single EU authorisation which puts in place the conditions for ensuring greater consistency and predictability in the content and implementation of sector-specific regulation throughout the Union. Second, it is necessary to enable access on much more convergent terms and conditions to essential inputs for the cross-border provision of electronic communications networks and services, not only for wireless broadband communications, for which both licensed and unlicensed spectrum is key, but also for fixed line connectivity. Third, in the interests of aligning business conditions and building the digital confidence of citizens, this Regulation should harmonise rules on the protection of end-users, especially consumers. This includes rules on non- discrimination, contractual information, termination of contracts and switching, in addition to rules on access to online content, applications and services and on traffic management which not only protect end-users but simultaneously guarantee the continued functioning of the Internet ecosystem as an engine of innovation. In addition, further reforms in the field of roaming should give end-users the confidence to stay connected when they travel in the Union, and should become over time a driver of convergent pricing and other conditions in the Union.
Amendment 25 #
2013/0309(COD)
Proposal for a regulation
Recital 45
Recital 45
(45) The internet has developed over the past decades as an open platform for innovation with low access barriers for end-users, content and application providers and internet service providers. The existing regulatory framework aims at promoting the ability of end-users to access and distribute information or run applications and services of their choice. Recently, however, the report of the Body of European Regulators for Electronic Communications (BEREC) on traffic management practices published in May 2012 and a study, commissioned by the Executive Agency for Consumers and Health and published in December 2012, on the functioning of the market of internet access and provision from a consumer perspective, showed that a significant number of end-users are affected by traffic management practices which block or slow down specific applications. These tendencies require clear rules at the Union level to maintain the open internet and to avoid fragmentation of the single market resulting from individual Member States' measures. Indeed, as stated by the European Parliament resolution of 17 November 2011 on the open internet and net neutrality in Europe 2011/2866, the internet's open character has been a key driver of competitiveness, economic growth, social development and innovation – which has led to spectacular levels of development in online applications, content and services – and thus of growth in the offer of, and demand for, content and services, and has made it a vitally important accelerator in the free circulation of knowledge, ideas and information, including in countries where access to independent media is limited
Amendment 29 #
2013/0309(COD)
Proposal for a regulation
Recital 46
Recital 46
(46) The freedom of end-users to access and distribute information and lawful content, run applications and use services of their choice is subject to the respect of Union and compatible national law. This Regulation defines the limits for any restrictions to this freedom by providers of electronic communications to the public but is without prejudice to other Union legislation, including copyright rules and Directive 2000/31/EC.
Amendment 31 #
2013/0309(COD)
Proposal for a regulation
Recital 46 a (new)
Recital 46 a (new)
(46a) Potential anti-competitive and discriminative behaviour in traffic management would be contrary to the principle of net neutrality and the open internet, and should be therefore prevented, as also stated by the European Parliament in its initiative report 2013/2080;
Amendment 32 #
2013/0309(COD)
Proposal for a regulation
Recital 47
Recital 47
(47) In an open internet, providers of electronic communications to the public should, within contractually agreed limits on data volumes and speeds for internet access services, not block, slow down, degrade or discriminate against specific content, applications or services or specific classes thereof except for a limited number of reasonabletechnically-reasonable, not commercially motivated traffic management measures. Such measures should be transparent, necessary, proportionate and non- discriminatory. Reasonable traffic management encompasses prevention or impediment of serious crimes, including voluntary actions of providers to prevent access to and distribution of child pornography. Minimising the effects of network congestion should be considered reasonable provided that network congestion occurs only temporarily or in exceptional circumstances.
Amendment 37 #
2013/0309(COD)
Proposal for a regulation
Recital 50
Recital 50
(50) In addition, there is demand on the part of content, applications and services providers, for the provision of transmission services based on flexible quality parameters, including lower levels of priority for traffic which is not time- sensitive. The possibility for content, applications and service providers to negotiate such flexible quality of service levels with providers of electronic communications to the public is necessary for the provision ofcould serve to provide specialised services and is expected to play an important role in the development of new services such as machine-to- machine (M2M) communications. At the same time such arrangements should allow providers of electronic communications to the public to better balance traffic and prevent network congestion. This should however not impair the development of the general purpose internet. Providers of content, applications and services and providers of electronic communications to the public should therefore be free to conclude specialised services agreements on defined levels of quality of service as long as such quality characteristics are technically necessary for the functionality of the service and agreements do not substantially impair the general quality of internet access services.
Amendment 51 #
2013/0309(COD)
Proposal for a regulation
Article 2 – paragraph 2 – point 14
Article 2 – paragraph 2 – point 14
(14) ‘'internet access service’' means a publicly available electronic communications service that provides connectivity to the internet, and thereby connectivity between virtually all end points connected to the internet, irrespective of the network technology used; It enables users to run any application utilising the electronic communications network of the internet.
Amendment 53 #
2013/0309(COD)
Proposal for a regulation
Article 2 – paragraph 2 – point 15
Article 2 – paragraph 2 – point 15
(15) ‘'specialised service’' means an electronic communications service or any other service that provides the capability to access specific content, applications or services, or a combination thereof, and whose technical characteristics are controlled from end-to-end or provides the capability to send or receive data to or from a determined number of parties or endpoints; and that is not marketed or widely used as a substitute forperated within closed electronic communications networks using the Internet Protocol with strict admission control; and that is not marketed as a substitute for internet access service and that is not functionally identical to services available over the public internet access service;
Amendment 60 #
Amendment 66 #
2013/0309(COD)
Proposal for a regulation
Chapter 4 – title
Chapter 4 – title
Amendment 68 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1
Article 23 – paragraph 1 – subparagraph 1
Amendment 73 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 2
Article 23 – paragraph 1 – subparagraph 2
Amendment 77 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 2 a (new)
Article 23 – paragraph 1 – subparagraph 2 a (new)
Under agreements concerning data volumes and speeds, selected content, services or applications may not be deducted from consumption volumes or exempted from data speed restriction on consumption of agreed data volumes.
Amendment 79 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 2 – subparagraph 1
Article 23 – paragraph 2 – subparagraph 1
Amendment 84 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 2 – subparagraph 2
Article 23 – paragraph 2 – subparagraph 2
In order to enable the provision of specialised services to end-users, providers of content, applications and services and providers of electronic communications to the public shall be free tomay enter into agreements with each other to transmit the related data volumes or traffic as specialised services with a defined quality of service or dedicated capacity. The provision of specialised services shall not impair in a recurring or continuous manner the generalthe quality of internet access services.
Amendment 88 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
Amendment 93 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 1 – introductory part
Article 23 – paragraph 5 – subparagraph 1 – introductory part
Amendment 97 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 1 – point a
Article 23 – paragraph 5 – subparagraph 1 – point a
a) implement a legislative provision or a court order, or prevent or impede serious crimescourt order;
Amendment 101 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 1 – point b
Article 23 – paragraph 5 – subparagraph 1 – point b
b) preserve the integrity and security of the European electronic communication provider's network, services provided via this network, and the end-users' terminals;
Amendment 104 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 1 – point c
Article 23 – paragraph 5 – subparagraph 1 – point c
c) prevent the transmission of unsolicited communications to end-users who have given theirfor direct marketing purposes to users who have given their free, informed, explicit and prior consent to such restrictive measures;
Amendment 107 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 1 – point d
Article 23 – paragraph 5 – subparagraph 1 – point d
d) minimistigate the effects of temporary orand exceptional network congestion, primarily by means of application-agnostic measures, provided that equivalent types of traffic are treated equally.
Amendment 111 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 2
Article 23 – paragraph 5 – subparagraph 2
Reasonable traffic management shall only entail processing of data that is necessary and proportionate to achieve the purposes set out in this paragraph. Processing of any information concerning the content of the communication for these purposes is not permitted
Amendment 115 #
2013/0309(COD)
Proposal for a regulation
Article 23 – paragraph 5 – subparagraph 2 a (new)
Article 23 – paragraph 5 – subparagraph 2 a (new)
the prices of internet access services from providers of electronic communications to the public shall not depend on the internet content, applications and services used or offered through the same internet access services
Amendment 118 #
2013/0309(COD)
Proposal for a regulation
Article 24 – paragraph 1
Article 24 – paragraph 1
1. National regulatory authorities shall closely monitor and ensure the effective ability of end- users to benefit from the freedoms provided for in Article 23 (1) and (2), compliance with Article 23 (5), and the continued availability of non- discriminatory internet access services at levels of quality that reflect advances in technology and that are not impaired by specialised services. They shall, in cooperation with other competent national authorities, also monitor the effects of specialised services on cultural diversity and innovation. National regulatory authorities shall report on an annual basis to the Commission and BEREC on their monitoring and findings. To that purpose, the competent national regulatory authority shall: a) be mandated to regularly monitor and report on Internet traffic management practices and usage polices, in order to ensure network neutrality, evaluate the potential impact of the aforementioned practices and policies on fundamental rights, ensure the provision of a sufficient quality of service and the allocation of a satisfactory level of network capacity to the Internet. Reporting should be done in an open and transparent fashion and reports shall be made freely available to the public; b) put in place appropriate, clear, open and efficient procedures aimed at addressing network neutrality complaints. To this end, all Internet users shall be entitled to make use of such complaint procedures in front of the relevant authority; c) respond to the complaints within a reasonable time and be able to use necessary measures in order to sanction the breach of the network neutrality principle. This authority must have the necessary resources to undertake the aforementioned duties in a timely and effective manner. They shall, in cooperation with other competent national authorities and the European Data Protection Supervisor, also monitor the effects of specialised services on cultural diversity, competition and innovation. National regulatory authorities shall report on an annual basis to the public, the Commission and BEREC on their monitoring and findings.
Amendment 127 #
2013/0309(COD)
Proposal for a regulation
Article 25 – paragraph 1 – subparagraph 1 – point e – point iv a (new)
Article 25 – paragraph 1 – subparagraph 1 – point e – point iv a (new)
(iva) the communication inspection techniques used for traffic management measures, instituted for the purposes listed in article 23.5, and their repercussions on users privacy and data protection right.
Amendment 14 #
2013/0255(APP)
Motion for a resolution
Recital A
Recital A
A. whereas crime - in particular organised crime- is increasingly taking on a cross- border dimension and the onlys against the Union’s financial interests generate significant financial damages every year and an effective response can comeis needed from the EU giving added value to the joint efforts of all the Member States
Amendment 42 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point i
Paragraph 4 – point i
(i) The European Public Prosecutor’s Office should operate in the strictest compli observance withof the principle of the natural court, which requires that the non- discretionaryght to a fair trial and the rule against bias, which requires binding and hierarchical criteria determining which competent court is to exert jurisdiction in accordance with Article 27 should be clear and known in advance; In particular, there should be sufficient objective links between the case and the chosen jurisdiction and the rights of the suspect should be taken into account;
Amendment 48 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point ii
Paragraph 4 – point ii
(ii) The scope of the competence of the EPPO should be precisely determined, to enable the criminal acts that fall within that scope to be identified beforehand. The European Parliament suggestdemands that the definitions set out in Article 13 of the Commission proposal, concerning ancillary competence should be carefully reviewed; are clarified; in particular to ensure that the EPPO does not extend to offences other than those affecting the Union’s financial interests crimes should only fall within its competence when the following cumulative conditions have been met: -One particular conduct simultaneously constitutes offences affecting the Union’s financial interests and other offence(s); - The offence(s) affecting the Union’s financial interests is/are predominant and the other(s) is/are merely ancillary; - and the other offence(s) would be barred from further trying and punishment if they were not prosecuted and brought to judgment together with the offence(s) affecting the Union’s financial interests;
Amendment 48 #
2013/0255(APP)
Motion for a resolution
Paragraph 10
Paragraph 10
10. Takes note that the option of a collegiate structure is under scrutiny by the Member States, instead of the hierarchical one initially proposed by the European Commission; in this regard, believes that the decisions concerning the choice of the competent jurisdiction, the dismissal ofecision to prosecute, the decision to dismiss a case, the decision to reallocate a case and the decision on transaction should all be taken at the central level by the Chambers; Permanent Chambers referred to in Article 9 of the Council text;
Amendment 50 #
2013/0255(APP)
Motion for a resolution
Paragraph 10 a (new)
Paragraph 10 a (new)
10 a. In the light of that proposed collegiate structure, calls on the Council to provide details of the impact on the EU budget which will be brought about by the new proposed structure, particularly bearing in mind that the original Commission proposal was intended to be cost-efficient, relying heavily on existing resources from both OLAF and Eurojust;
Amendment 59 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point iii
Paragraph 4 – point iii
(iii) the investigative tools available to the EPPO in accordance with Article 26 should be uniform, precisely identified and compatible with all the legal systems of the Member States, in addition the investigative tools need to be available in the Member State where they are ordered as well as in the executing Member State and the criteria for the use of investigative measures should be spelled out in more detail;
Amendment 62 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point iv
Paragraph 4 – point iv
(iv) The admissibility of evidence and its assessment in accordance with Article 30 are key elements in the ascertainment of guiltcriminal investigation. The relevant rules must therefore be clear and uniform throughout the area covered by the European Public Prosecutor’s Office and should fully comply with procedural safeguards and the Charter of Fundamental Rights of the European Union more generally; in addition the evidence gathered should not only comply with the national law of the executing Member States, but also with the law of the Member States where the investigative measure is ordered;
Amendment 62 #
2013/0255(APP)
Motion for a resolution
Paragraph 15
Paragraph 15
15. Calls on the legislator to ensure streamlined procedures for the EPPO to obtain the authorisation of investigative measures in cross-border cases, in accordance with the law of the Member States where the measure in question is executedrequested and executed; recalls that the co-legislators agreed on criteria for Member States to request investigative measures based on the principle of mutual recognition in Directive 2014/41/EU regarding the European Investigation Order in Criminal Matters. Considers that the same criteria should apply in respect of investigative measures to be authorised by the EPPO particularly with regard to the grounds for refusal;
Amendment 65 #
2013/0255(APP)
Motion for a resolution
Paragraph 16
Paragraph 16
16. Calls on the Council to ensureprovide clarity regarding the admissibility of the evidence gathered by the EPPO throughout the Union, as this is crucial for the effectiveness of the prosecutions. The conditions for admissibility of evidence should be such as to respect all rights guaranteed by the Charter of Fundamental Rights of the European Union, the European Convention on Human Rights, and the European Court of Human Rights case law in accordance with Article 6 of the Treaty on the European Union;
Amendment 68 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point iv a (new)
Paragraph 4 – point iv a (new)
(iva) Article 28 on dismissal grounds which are available unilaterally to the European Public Prosecutor’s Office requires the clarification that, where a lack of relevant evidence (Article 28(2)(b) of the proposal) cannot foreseeably be remedied by further proportionate investigative steps, dismissal is mandatory; As regards dismissal after transaction under Article 29 of the proposal, the condition of “proper administration of justice” should be replaced by more specific criteria to avoid arbitrary choices;
Amendment 69 #
2013/0255(APP)
Motion for a resolution
Paragraph 16 a (new)
Paragraph 16 a (new)
16 a. Reiterates the need for the European Public Prosecutor's Office to seek all relevant evidence whether inculpatory or exculpatory, In addition, insists that it is necessary to grant the suspect or accused in any investigation undertaken by the European Public Prosecutor's Office certain rights concerning evidence, in particular: (a) The suspect or accused should have the right to present evidence for the consideration of the European Public Prosecutor's Office; (b) The suspect or accused should have the right to request the European Public Prosecutor's Office to gather any evidence relevant to the investigation, including appointing experts and hearing witnesses;
Amendment 70 #
2013/0255(APP)
Motion for a resolution
Paragraph 16 b (new)
Paragraph 16 b (new)
16 b. Given the possible multiple jurisdictions for cross-border offences falling under the competence of the European Public Prosecutor's Office, considers it essential to ensure that the European Prosecutors, European Delegated Prosecutors and national prosecuting authorities fully respect the principle of ne bis in idem in respect of prosecutions relating to offences falling under the competence of the European Public Prosecutor's Office;
Amendment 71 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point v
Paragraph 4 – point v
(v) All decisions taken by the European Public Prosecutor should be subject to legal challenge before a superior court. In this regard not only decisions taken centrally by the Public Prosecutor, as described in Articles 13, 27, 28 and 29 concerning competenceancillary competence to prosecute, the jurisdiction of trial and the competent national court, dismissal of cases or transactions, should logically be subject to appeal before the Court of Justice.; Considers that the provisions on judicial review contained in Article 36 of the proposal seek to re-label acts and omissions of the European Public Prosecutor’s Office as being those of a national authority in order to prevent direct actions as well as preliminary ruling procedures before the Union’s courts; considers that thereby Article 36 of the proposal disproportionately interferes with the right to an effective remedy under Article 47 (1) of the Charter by not allowing for review by the Court of Justice;
Amendment 73 #
2013/0255(APP)
Motion for a resolution
Paragraph 17
Paragraph 17
17. Affirms that the right to a judicial remedy should be upheld at all times in respect of the EPPO's activity and recognises also the need for the EPPO to operate effectively without undue delay; therefore, any decision taken by the European Public Prosecutor's Office should be subject to judicial review before the competent court; in that regard, insists that decisions taken by the European Public Prosecutor before or independently from the trial, such as the decision to launch an investigation, the choice of jurisdiction for prosecution, the dismissal of a case or a transaction, should be subject to judicial review before the Union Courts;
Amendment 75 #
2013/0255(APP)
Motion for a resolution
Paragraph 19
Paragraph 19
19. Recalls thatGiven that the proposals for legislative measures at Union level regarding the procedural rights of suspected and accused persons in criminal proceedings have not yet all been adopted and that protection of those rights at Union level is in any case not comprehensive, reiterates the necessity for the new Office shouldto carry out its activities within full respect for the rights enshrined inof suspects and accused in so far as they are enshrined in Article 6 of the Treaty on the European Union, Article 16 of the Treaty on the Functioning of the European Union and the Charter of Fundamental Rights of the European Union as well as in those legal framework provided by the Union on theislative measures already adopted at Union level on procedural rights of suspected and accused persons in criminal proceedings and on the protection of personal data;
Amendment 80 #
2013/0255(APP)
Motion for a resolution
Paragraph 19 a (new)
Paragraph 19 a (new)
19 a. Recalls that the proposed Directive on Legal Aid has not yet been adopted by the co-legislators. Affirms that if and when adopted that Directive should apply equally to all suspects and accused under investigation or being prosecuted by the European Public Prosecutor's Office. Emphasises that in the absence of an agreed EU directive on legal aid, it is imperative that all suspects and accused in investigations and prosecutions carried out by the European Public Prosecutor's Office have the right to legal aid in accordance with the relevant national law;
Amendment 85 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point v a (new)
Paragraph 4 – point v a (new)
(va) As the European Public Prosecutor’s powers require not just judicial review by the Court of Justice, but also oversight by the European Parliament and national parliaments, relevant provisions need to be included in particular to ensure effective and coherent practices among Member States and compatibility with the rule of law;
Amendment 86 #
2013/0255(APP)
Motion for a resolution
Paragraph 4 – point v b (new)
Paragraph 4 – point v b (new)
Amendment 89 #
2013/0255(APP)
Motion for a resolution
Paragraph 5 – point i
Paragraph 5 – point i
(i) all the activities of the European Public Prosecutor’s Office should meet the highest standards with regard to the rights of defence. It should be noted that the Roadmap concerning safeguards in criminal proceedings, adopted by the Council on 30 November 2009, has not yet been completed and that the proposal merely refers to the national legal systems for all issues relating to the right to remain silent, the principle of innocence, the right to legal aid and to investigations for the defence; recalls that proper implementation of the measures adopted under the Roadmap concerning interpretation and translation, the right to information and access to a lawyer as well as the adoption of common minimum standards relating to the presumption of innocence, legal aid and minimum standards for pre-trial detention are important pre-conditions for the establishment of a European Public Prosecutor’s Office; recalls that the Roadmap concerning safeguards in criminal proceeding was not adopted with the establishment of a European Public Prosecutor’s Office in mind and therefore calls on the Council to reflect on possible additional safeguards necessary in this context;
Amendment 92 #
2013/0255(APP)
Motion for a resolution
Paragraph 5 – point ii
Paragraph 5 – point ii
(ii) compliance with the ne bis in idem principle should be ensured;xplicitly ensured in the wording of the regulation.
Amendment 95 #
2013/0255(APP)
Motion for a resolution
Paragraph 5 – point iii
Paragraph 5 – point iii
(iii) tThe prosecution should reconcile legal certainty withcomply with Article 6 of the Treaty on the European Union and the Charter of Fundamental Rights of the European Union and the applicable EU legislation on the protection of personal data;
Amendment 107 #
2013/0255(APP)
Motion for a resolution
Paragraph 6 – point iii
Paragraph 6 – point iii
(iii) Lastly, to ensure that the EPPO is able to guarantee high standards of independence, efficiency, experience and professionalism, its staff should be as highly qualified as possible and should ensure that the objectives set out in this resolution are achieved. In particular, the staff members in question may come from the judiciary, from the legal profession or from other sectors in which they have acquired the aforementioned experience and professionalism. In this regard, the Commission’s statements in Paragraph 4 of the proposal’s Explanatory Memorandum, in relation to overall costs, should match actual requirements relating to the efficiency and functionality of the EPPO;
Amendment 53 #
2012/0146(COD)
Proposal for a regulation
Recital 23 a (new)
Recital 23 a (new)
(23a) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data1 governs the processing of personal data carried out in the Member States pursuant to this Regulation and under the supervision of the Member States competent authorities, in particular the public independent authorities designated by the Member States. _____________ 1 OJ L 281, 23.11.1995, p. 31
Amendment 66 #
2012/0146(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 1
Article 3 – paragraph 1 – point 1
(1) ‘electronic identification’ means the process of using person identification data in electronic form unambiguously representing a natural or legal person or a pseudonym thereof;
Amendment 77 #
2012/0146(COD)
Proposal for a regulation
Article 6 a (new)
Article 6 a (new)
Amendment 84 #
2012/0146(COD)
Proposal for a regulation
Article 8 a (new)
Article 8 a (new)
Article 8a Security requirements applicable to electronic identification schemes and personal data breach 1. Member States shall take appropriate technical and organisational measures to manage the risks posed to the security of the electronic identification schemes they provide. Having regard to state of the art, these measures shall ensure that the level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any incidents. Any Member State may submit the report of a security audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken. 2. Member States shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify the competent supervisory body, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the electronic identification provided and on the personal data maintained therein. Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in other Member States and the European Network and Information Security Agency (ENISA). The supervisory body concerned may also inform the public or require the electronic identification scheme to do so, where it determines that disclosure of the breach is in the public interest. 3. The supervisory body shall provide to ENISA and to the Commission once a year with a summary of breach notifications received from electronic identification schemes. 4. In order to implement paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to Member States. 5. The Commission shall be empowered to adopt delegated acts, in accordance with Article 38, concerning the further specification of the measures referred to in paragraph 1. 6. The Commission may, by means of implementing acts, define the circumstances, formats and procedures, including deadlines, applicable for the purpose of paragraphs 1 to 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 115 #
2012/0146(COD)
Proposal for a regulation
Article 19 – paragraph 2 – point i
Article 19 – paragraph 2 – point i
(i) ensure lawful processing of personal data in accordance with Article 11 and demonstrate this compliance.
Amendment 45 #
2012/0036(COD)
Proposal for a directive
Recital 12
Recital 12
(12) The issuance of confiscation orders generally requires a criminal conviction. In some cases, even where a criminal conviction cannot be achieved, it should still be possible to confiscate assets in order to disrupt criminal activities and ensure that profits resulting from criminal activities are not reinvested into the licit economy or criminal activities. Some Member States allow confiscation where there is insufficient evidence for a criminal prosecution, if a court considers on the balance of probabilitiesis convinced, after making full use of all the available evidence, that the property is of illicit origin, and also in situations where a suspect or accused person becomes a fugitive to avoid prosecution, is unable to stand trial for other reasons or died before the end of criminal proceedings. This is referred to as non-conviction based confiscation. Provision should be made to enable non-conviction based confiscation in at least the latter, limited, circumstances in all Member States. This is in line with Article 54.1.c) of the United Nations Convention against Corruption, which provides that each State Party is to consider taking the necessary measures to allow confiscation of illicitly acquired property without a criminal conviction, including in cases in which the offender cannot be prosecuted by reason of death, flight or absence.
Amendment 47 #
2012/0036(COD)
Proposal for a directive
Recital 12 a (new)
Recital 12 a (new)
(12a) In individual cases it should be possible to dispense, wholly or in part, with a confiscation order. Thus this would be possible in cases where the measure would disproportionately burden the person affected or lead to the loss of his livelihood, or if the cost of the confiscation disproportionately exceeds the amount being confiscated.
Amendment 48 #
2012/0036(COD)
Proposal for a directive
Recital 12 b (new)
Recital 12 b (new)
(12b) Confiscation should not hinder or prevent justified claims by victims of criminal offences committed by the person affected. It should be possible to dispense with confiscation where the victim has a claim against the perpetrator as a result of a criminal offence and confiscation would prevent this claim from being fulfilled.
Amendment 76 #
2012/0036(COD)
Proposal for a directive
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
(4) ‘confiscation’ means a penalty or a measure, ordered by a court following proceedings in relation to a criminal offencein a judgment or following criminal proceedings resulting in the final deprivation of property;
Amendment 85 #
2012/0036(COD)
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall take the necessary measures to enable ita judicial authority, or a judicial authority acting on a court order, to confiscate, either wholly or in part, instrumentalities and proceeds following a final conviction for a criminal offence.
Amendment 89 #
2012/0036(COD)
Proposal for a directive
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Each Member State shall take the necessary measures to enable it to a judicial authority or a judicial authority acting on a court order, according to their respective powers, to confiscate property the value of which corresponds to the proceeds following a final conviction for a criminal offence when the confiscation provided for in paragraph 1 is not possible.
Amendment 99 #
2012/0036(COD)
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Each Member State shall adopt the necessary measures to enable it to confiscate, either wholly or in part, property belonging to a person convicted of a criminal offence where, based on specific facts, a court finds it substantially more probablend after making full use of all the available evidence, a court is convinced that the property in question has been derived by the convicted person from similar criminal activities than from other activities.
Amendment 103 #
2012/0036(COD)
Proposal for a directive
Article 5 – paragraph 1 – introductory part
Article 5 – paragraph 1 – introductory part
Each Member State shall take the necessary measures to enable it to confiscate proceeds and instrumentalities without a criminal conviction, following where, based on specific facts and after making full use of all the available evidence, the court is convinced that proceedings which could, if the suspected or accused person had been able to stand trial, have led to a criminal conviction, where:
Amendment 109 #
2012/0036(COD)
Proposal for a directive
Article 5 – paragraph 1 – point a
Article 5 – paragraph 1 – point a
(a) the death or permanent illness of the suspected or accused person prevents any further prosecution; or
Amendment 121 #
2012/0036(COD)
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. The confiscation of proceeds or property referred to in paragraph 1 shall be possible where the property is subject to restitution or where
Amendment 134 #
2012/0036(COD)
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Each Member State shall take the necessary measures to enable it to freeze property inwithout delay where there is a danger of its being dissipated, hidden or transferred out of the jurisdiction with a view to possible later confiscation. Such measures shall be ordered by, or where there is reason to suppose that the conditions for confiscation are met. Such measures shall require an order by the competent national authority, which shall be obtained without delay following the freezing of the property, except where the property consists of movable items, in which case an order shall be required only where it applied for by the person affected. The person affected by the measures under this Article shall have a right to contest the order and appeal against it to a court.
Amendment 137 #
2012/0036(COD)
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
Amendment 153 #
2012/0036(COD)
Proposal for a directive
Article 8 – paragraph 6 – subparagraph 1 (new)
Article 8 – paragraph 6 – subparagraph 1 (new)
The confiscation of a set of assets shall have the effect of preventing further confiscation in respect of the same assets. The Member States shall take the necessary measures to ensure that multiple confiscations in respect of the same assets are avoided.
Amendment 154 #
2012/0036(COD)
Proposal for a directive
Article 8 – paragraph 6 – subparagraph 2 (new)
Article 8 – paragraph 6 – subparagraph 2 (new)
All Member States shall take the necessary measures to ensure that, where as a result of a criminal offence injured parties have claims against the accused, confiscation does not jeopardise the enforcement of such claims.
Amendment 161 #
2012/0036(COD)
Proposal for a directive
Article 9 – paragraph 1 a (new)
Article 9 – paragraph 1 a (new)
Amendment 175 #
2012/0036(COD)
Proposal for a directive
Article 11 – paragraph 1 – introductory part
Article 11 – paragraph 1 – introductory part
Member States shall regularly collect and maintain comprehensive statistics from the relevant authorities in order to review the effectiveness of their confiscation systems. The statistics collected shall be sent to the Commission each year and shall include for all criminal offences falling within the scope of this directive:
Amendment 387 #
2012/0011(COD)
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of protection should apply to any information concerning an identified or identifiable person. To determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify or single out the individual. The principles of data protection should not apply to data rendered anonymous is Regulation should not apply to anonymous data, meaning any data that can not be related, directly or indirectly, alone or in combination with associated data, to a natural person or where establishing such a way that the data subject is relation would require a disproportionate amount of time, expense, and effort, taking into account the state of the art in techno longer identifiablegy at the time of the processing and the possibilities for development during the period for which the data will be processed.
Amendment 401 #
2012/0011(COD)
Proposal for a regulation
Recital 24
Recital 24
(24) When using online or offline services, individuals may be associated with online or more identifiers provided by their devices, applications, tools and, protocols or other consumer goods, such as Internet Protocol addresses or, cookie identifiers. This may leave traces which, combined with unique identifiers and other information received by the servers, may be used to create profi, RFID-tags and other unique identifiers. Since such identifiers leave traces and can be used to singles of the individuals and identify them. It follows that identification numbers, locationut natural persons, this Regulation should be applicable to processing involving such data, ounliness those identifiers or other specific factors as such need not necessarilydemonstrably do no relate to natural persons, such as for example the IP addresses used by companies, which cannot be considered as ‘personal data in all circumstances’ as defined in this Regulation.
Amendment 903 #
2012/0011(COD)
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. If none of the legal grounds for the processing of personal data referred to in paragraph 1 apply, processing of personal data shall be lawful if and to the extent that it is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The data controller shall in that case inform the data subject about the data processing explicitly and separately in accordance with Article 14(1). The controller shall also publish the reasons for believing that its interests override the interests or fundamental rights and freedoms of the data subject. This paragraph shall not apply to processing carried out by public authorities in the performance of their tasks.
Amendment 908 #
2012/0011(COD)
Proposal for a regulation
Article 6 – paragraph 1 b (new)
Article 6 – paragraph 1 b (new)
1b. The legitimate interests of the controller as referred to in paragraph 1a override the interests or fundamental rights and freedoms of the data subject, as a rule and for example, if: (a) processing of personal data takes place as part of the exercise of the right to freedom of expression, the media and the arts, within the limits of Union or national law; (b) processing of personal data is necessary for the enforcement of the legal claims of the data controller or of third parties on behalf of whom the data controller is acting in relation to a specific identified data subject, or for preventing or limiting damage by the data subject to the controller; (c) the data subject has provided personal data to the data controller on the legal ground referred to in point (b) of paragraph 1, and the personal data are used for direct marketing for its own and similar products and services and are not transferred, and the data controller is clearly identified to the data subject; (d) processing of personal data takes place in the context of professional business-to-business relationships and the data were collected from the data subject for that purpose; (e) processing of personal data is necessary for registered non-profit associations, foundations and charities, recognised as acting in the public interest under Union or national law, for the sole purpose of collecting donations.
Amendment 913 #
2012/0011(COD)
Proposal for a regulation
Article 6 – paragraph 1 c (new)
Article 6 – paragraph 1 c (new)
1c. The interests or fundamental rights and freedoms of the data subject as referred to in paragraph 1a override the legitimate interest of the controller, as a rule and for example, if: (a) the processing causes a serious risk of damage to the data subject; (b) special categories of data as referred to Article 9(1), location data, or biometric data are processed; (c) the data subject can reasonably expect, on the basis of the context of the processing, that his or her personal data will only be processed for a specific purpose or treated confidentially, unless the data subject concerned has been informed specifically and separately about the use of his or her personal data for purposes other than the performance of the service; (d) personal data are processed in the context of profiling; (e) personal data is made accessible for a large number of persons or large amounts of personal data about the data subject are processed or combined with other data; (f) the processing of personal data may adversely affect the data subject, in particular because it can lead to defamation or discrimination; or (g) the data subject is a child.
Amendment 974 #
2012/0011(COD)
Proposal for a regulation
Article 7 – paragraph 2 a (new)
Article 7 – paragraph 2 a (new)
2a. If data is collected for processing after consent has been given solely by automated means in accordance with paragraph 2a and the pseudonyms are later unlawfully associated with other personal identifiers that do permit the direct identification of a data subject pursuant to Article 4(1), then this constitutes a personal data breach likely to adversely affect the protection of the privacy of the data subject. The breach notifications must be communicated in accordance with the procedures in Articles 31 and 32.
Amendment 992 #
2012/0011(COD)
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
4. CAs a rule, consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller.
Amendment 1105 #
2012/0011(COD)
Proposal for a regulation
Article 10 a (new)
Article 10 a (new)
Article 10a Education Union citizens and residents shall be educated by appropriate means about data protection, as an integral part of general media competence education. Competent Member States and Union institutions and bodies shall be tasked with supporting this.
Amendment 1268 #
2012/0011(COD)
Proposal for a regulation
Article 14 – paragraph 5 – point d c (new)
Article 14 – paragraph 5 – point d c (new)
(dc) the data are processed in the exercise of his profession by, or are entrusted or become known to, a person who is subject to an obligation of professional secrecy regulated by the State or to a statutory obligation of secrecy.
Amendment 1329 #
2012/0011(COD)
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in an electronic formand interoperable format allowing unhindered further use by the data subject, unless otherwise requested by the data subject.
Amendment 1343 #
2012/0011(COD)
Proposal for a regulation
Article 15 – paragraph 2 a (new)
Article 15 – paragraph 2 a (new)
2a. The right of access referred to in paragraphs 1 and 2 shall not apply where data pursuant to Article 14(5)(d) are affected.
Amendment 1692 #
2012/0011(COD)
Proposal for a regulation
Article 22 – paragraph 3
Article 22 – paragraph 3
3. The controller shall implement mechanisms to ensure the verification ofbe able to demonstrate the effectiveness of the measures referred to in paragraphs 1 and 2. If proportionate, this verification shall be carried outshall be verified by independent internal or external auditors. A certification pursuant to Article 39 shall be considered an adequate verification.
Amendment 1713 #
2012/0011(COD)
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Having regard to the state of the art and, the cost of implementation, the controllerntroller and the processor, if any, shall, both at the time of the determination of the purposes and means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject, in particular with regard to the principles laid out in Article 5. Where the controller has carried out a data protection impact assessment pursuant to Article 33, the results shall be taken into account when developing those measures and procedures.
Amendment 1725 #
2012/0011(COD)
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. The controller shall implement mechanisms forWhere the data subject is given a choice regarding the processing of personal data, the controller and the processor, if any, shall ensuringe that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals and that data subjects are able to control the distribution of their personal data.
Amendment 1802 #
2012/0011(COD)
Proposal for a regulation
Article 26 – paragraph 2 – point h
Article 26 – paragraph 2 – point h
(h) make available to the controller and the supervisory authority all information necessary to control compliance with the obligations laid down in this Article and allow on-site inspections.
Amendment 2098 #
2012/0011(COD)
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
1. The controller or the processor as the case may be shall obtain an authorisation from the supervisory authority prior to the processing of personal data according to Chapter V or if ordered by any other provision in this Regulation, in order to ensure the compliance of the intended processing with this Regulation and in particular to mitigate the risks involved for the data subjects where a controller or processor adopts contractual clauses as provided for in point (d) of Article 42(2) or does not provide for the appropriate safeguards in a legally binding instrument as referred to in Article 42(5) for the transfer of personal data to a third country or an international organisation.
Amendment 2558 #
2012/0011(COD)
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
1. Member States shall provide that the members of the supervisory authority must be appointed either by the parliament or the government after consultation of the parliament, or by the highest judicial authority of the Member State concerned.
Amendment 2611 #
2012/0011(COD)
Proposal for a regulation
Article 52 – paragraph 2
Article 52 – paragraph 2
2. Each supervisory authority shall promote the awareness of the public on risks, rules, safeguards and rights in relation to the processing of personal data and about appropriate means of protecting oneself. Activities addressed specifically to children shall receive specific attention.
Amendment 2630 #
2012/0011(COD)
Proposal for a regulation
Article 53 – paragraph 2 – subparagraph 1 – point b
Article 53 – paragraph 2 – subparagraph 1 – point b
(b) access to any of its premises, including to any data processing equipment and means, where there are reasonable grounds for presuming that an activity in violation of this Regulation is being carried out there.
Amendment 2827 #
2012/0011(COD)
Proposal for a regulation
Article 77 – paragraph 2
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage, unless they have an appropriate written agreement.
Amendment 2969 #
2012/0011(COD)
Proposal for a regulation
Article 80 a (new)
Article 80 a (new)
Article 80a Access to documents 1. Member States may provide in their national legislation for rules necessary to reconcile the right of access to documents with the principles in Chapter 2. 2. Each Member State shall notify to the Commission provisions of its law which it adopts pursuant to paragraph 1 by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.
Amendment 175 #
2012/0010(COD)
Proposal for a directive
Recital 7
Recital 7
(7) Ensuring a consistent and high level of protection of the personal data of individuals and facilitating the exchange of personal data between competent authorities of Members States is crucial in order to ensure effective judicial co- operation in criminal matters and police cooperation. To that aim, the level of protection of the rights and freedoms of individualminimum standards must be ensured in all Member States with regard to theany processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties must be equivalent in all Member States. Effective protection of personal data throughout the Union requires strengthening the rights of data subjects and the obligations of those who process personal data, but also equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data in the Member States.
Amendment 178 #
2012/0010(COD)
Proposal for a directive
Recital 12
Recital 12
(12) In order to ensure the samea minimum level of protection for individuals through legally enforceable rights throughout the Union and to prevent divergences hampering the exchange of personal data between competent authorities, the Directive should provide harmonised rules fora minimum level of harmonisation concerning the protection and the free movement of personal data in the areas of judicial co- operation in criminal matters and police co-operation.
Amendment 181 #
2012/0010(COD)
Proposal for a directive
Recital 15
Recital 15
(15) The protection of individuals should be technological neutral and not depend on the techniques used; otherwise this would create a serious risk of circumvention. The protection of individuals should apply to processing of personal data by automated means, as well as to manual processing if the data are contained or are intended to be contained in a filing system. Files or sets of files as well as their cover pages, which are not structured according to specific criteria, should not fall within the scope of this Directive. This Directive should not apply to the processing of personal data in the course of an activity which falls outside the scope of Union law, in particular concerning national security, or to data processed by the Union institutions, bodies, offices and agencies, such as Europol or Eurojust.
Amendment 185 #
2012/0010(COD)
Proposal for a directive
Recital 16
Recital 16
(16) The principles of protection should apply to any information concerning an identified or identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify or single out the individual. The principles of data protis Directionve should not apply to data rendered anonymous anonymous data, meaning any data that can not be related, directly or indirectly, alone or in combination with associated data, to a natural person or where establishing such a way that the data subject is no longer identifiablerelation would require a disproportionate amount of time, expense, and effort, taking into account the state of the art in technology at the time of the processing and the possibilities for development during the period for which the data will be processed.
Amendment 186 #
2012/0010(COD)
Proposal for a directive
Recital 18
Recital 18
(18) Any processing of personal data must be fair and lawful in relation to the individuals concerned. In particular, the specific purposes for which the data are processed should be explicit and comprehensible to the data subject.
Amendment 189 #
2012/0010(COD)
Proposal for a directive
Recital 20
Recital 20
(20) Personal data should not be processed for purposes incompatible with the purpose for which it was collected. Personal data should be adequate, relevant and not exlimited to the minimum necessiveary for the purposes for which the personal data are processed. Every reasonable step should be taken to ensure that personal data which are inaccurate should be rectified or erased.
Amendment 193 #
2012/0010(COD)
Proposal for a directive
Recital 23
Recital 23
(23) It is inherent to the processing of personal data in the areas of judicial co- operation in criminal matters and police co-operation that personal data relating to different categories of data subjects are processed. Therefore a clear distinction should as far as possible be made between personal data of different categories of data subjects such as suspects, persons convicted of a criminal offence, victims and third parties, such as witnesses, persons possessing relevant information or contacts and associates of suspects and convicted criminals. Specific rules on the consequences of this categorisation should be provided by the Member States, taking into account the different purposes for which data are collected and providing specific safeguards for persons who are not suspect or have not been convicted of a criminal offence.
Amendment 196 #
2012/0010(COD)
Proposal for a directive
Recital 24
Recital 24
(24) As far as possible pPersonal data should be distinguished according to the degree of their accuracy and reliability. Facts should be distinguished from personal assessments, in order to ensure both the protection of individuals and the quality and reliability of the information processed by the competent authorities. The recipient should be informed if data have been unlawfully transmitted or are incorrect. The recipient shall correct the data without delay.
Amendment 206 #
2012/0010(COD)
Proposal for a directive
Recital 27
Recital 27
(27) Every natural person should have the right not to be subject to a measure which is based solely on automated processing if it produces an adverse legal effect for that person, unless authorised by law and subject to suitable measures to safeguard the data subject's legitimate interests.
Amendment 208 #
2012/0010(COD)
Proposal for a directive
Recital 28
Recital 28
(28) In order to exercise their rights, any information to the data subject should be easily accessible and easy to understand, including the use of clear and plain language, especially when the data subject is a child.
Amendment 215 #
2012/0010(COD)
Proposal for a directive
Recital 30
Recital 30
(30) The principle of fair and transparent processing requires that the data subjects should be informed in particular of the existence of the processing operation, its legal basis and its purposes, how long the data will be stored, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Furthermore the data subject shall be informed if profiling takes place and its intended consequences. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.
Amendment 218 #
2012/0010(COD)
Proposal for a directive
Recital 33
Recital 33
(33) Member States should be allowed to adopt legislative measures delaying, or restricting or omitting the information of data subjects or the access to their personal data to the extent that and as long as such partial or complete restriction constitutes a strictly necessary and proportionate measure in a democratic society with due regard for fundamental rights and the legitimate interests of the person concerned, to avoid obstructing official or legal inquiries, investigations or procedures, to avoid prejudicing the prevention, detection, investigation and prosecution of criminal offences or for the execution of criminal penalties, to protect public security or national security, or, to protect the data subject or the rights and freedoms of others.
Amendment 223 #
2012/0010(COD)
Proposal for a directive
Recital 40 a (new)
Recital 40 a (new)
(40a) Processing of personal data in this sensitive field should only be done after a data protection impact assessment. Member states should therefore carry out before devising new systems for the processing of personal data, an assessment of the impact of the envisaged processing operations on the protection of personal data.
Amendment 258 #
2012/0010(COD)
Proposal for a directive
Article 1 – paragraph 2 – introductory part
Article 1 – paragraph 2 – introductory part
2. IThe minimum requirements of this Directive shall be no impediment to Member States retaining or introducing provisions on the protection of personal data that ensure a higher level of protection. At least in accordance with this Directive, Member States shall:
Amendment 266 #
2012/0010(COD)
Proposal for a directive
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
2a. The processing or exchange of personal data by competent authorities within the Union needs a legal basis in Union or member state law. This directive does not provide such a legal basis in itself.
Amendment 268 #
2012/0010(COD)
Proposal for a directive
Article 2 – paragraph 3 – point a
Article 2 – paragraph 3 – point a
(a) in the course of an activity which falls outside the scope of Union law, in particular concerning national security;
Amendment 276 #
2012/0010(COD)
Proposal for a directive
Article 3 – paragraph 1 – point 1
Article 3 – paragraph 1 – point 1
(1) ‘'data subject’' means an identified natural person or a natural person who can be identified or singled out, directly or indirectly, alone or in combination with associated data, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to anunique identification number, location data, online or offline identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or, social identityor gender identity or sexual orientation of that person;
Amendment 282 #
2012/0010(COD)
Proposal for a directive
Article 3 – paragraph 1 – point 9
Article 3 – paragraph 1 – point 9
(9) ‘'personal data breach’' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Amendment 294 #
2012/0010(COD)
Proposal for a directive
Article 4 – paragraph 1 – point a
Article 4 – paragraph 1 – point a
(a) processed fairly and lawfully and in a transparent manner in relation to the data subject;
Amendment 298 #
2012/0010(COD)
Proposal for a directive
Article 4 – paragraph 1 – point c
Article 4 – paragraph 1 – point c
(c) adequate, relevant, and not exlimited to the minimum necessiveary in relation to the purposes for which they are processed; they shall only be processed if, and as long as, the purposes could not be fulfilled by processing information that does not involve personal data; personal data held by private parties or other public authorities shall only be accessed to investigate or prosecute criminal offences in accordance with necessity and proportionality requirements to be defined by each Member State in its national law, subject to the relevant provisions of European Union law or public international law, and in particular the ECHR as interpreted by the European Court of Human Rights;
Amendment 302 #
2012/0010(COD)
Proposal for a directive
Article 4 – paragraph 1 – point d
Article 4 – paragraph 1 – point d
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Amendment 307 #
2012/0010(COD)
Proposal for a directive
Article 4 – paragraph 1 – point f – introductory part
Article 4 – paragraph 1 – point f – introductory part
(f) processed under the responsibility and liability of the controller, who shall ensure and be able to demonstrate, for each processing operation, compliance with the provisions adopted pursuant to this Directive.
Amendment 308 #
2012/0010(COD)
Proposal for a directive
Article 4 – paragraph 1 – point f a (new)
Article 4 – paragraph 1 – point f a (new)
(fa) processed in a way that effectively allows the data subject to exercise his or her rights as described in Articles 10 to 17.
Amendment 331 #
2012/0010(COD)
Proposal for a directive
Article 5 – paragraph 1 a (new)
Article 5 – paragraph 1 a (new)
1a. Member States shall provide specific rules on the consequences of this categorisation, taking into account the different purposes for which data are collected and providing specific safeguards for persons who are not suspect or have not been convicted of a criminal offence. These specific rules shall include conditions for collecting data, time limits for retention, possible limitations to data subject's rights of access and information and the modalities of access to data by competent authorities
Amendment 340 #
2012/0010(COD)
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. Member States shall ensure that, as far as possible, personal data based on facts are distinguished from personal data based on personal assessment personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available, and that personal data based on facts are distinguished from personal data based on personal assessments. To this end, the competent authorities shall verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of data, available information shall be added which enables the receiving Member State to assess the degree of accuracy, completeness, up-to-dateness and reliability. Personal data shall not be transmitted without request from a competent authority, in particular data originally held by private parties.
Amendment 342 #
2012/0010(COD)
Proposal for a directive
Article 6 a (new)
Article 6 a (new)
Article 6a If it emerges that incorrect data have been transmitted or data have been unlawfully transmitted, the recipient shall be notified without delay. The recipient shall be obliged to rectify the data without delay in accordance with paragraph 1 and Article 15 or to erase them in accordance with Article 16.
Amendment 363 #
2012/0010(COD)
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall provide that measures which produce an adverse legal effect for the data subject or significantly affect them and which are based solely on automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall be prohibited unless authorised by a law which also lays down measures to safeguard the data subject's legitimate interests.
Amendment 369 #
2012/0010(COD)
Proposal for a directive
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Automated processing of personal data intended to evaluate certain personal aspects relating to the data subject shall not be based solely onsingle out a data subject without an initial suspicion that the data subject might have committed or will be committing a criminal offence shall only be lawful if and to the extent that it is strictly necessary for the investigation of a serious criminal offence or the prevention of a clear and imminent danger, established on factual indications, to public security, the existence of the state, or the life of persons. It shall not include or generate special categories of personal data referred to in Article 8.
Amendment 371 #
2012/0010(COD)
Proposal for a directive
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2a. Profiling that (whether intentionally or otherwise) has the effect of discriminating against individuals on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, gender or sexual orientation, or that (whether intentionally or otherwise) results in measures which have such effect, shall be prohibited in all cases.
Amendment 375 #
2012/0010(COD)
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States shall provide that any information and any communication relating to the processing of personal data are to be provided by the controller to the data subject in an intelligible form, using clear and plain language, adapted to the data subject, in particular where that information is addressed specifically to a child.
Amendment 381 #
2012/0010(COD)
Proposal for a directive
Article 10 – paragraph 5
Article 10 – paragraph 5
5. Member States shall provide that the information and any action taken by the controller following a request referred to in paragraphs 3 and 4 are free of charge. Where requests are vexatiousmanifestly excessive, in particular because of their repetitive character, or the size or volume of the request, the controller may charge a reasonable fee for providing the information or taking the action requested, or the controller may not take the action requested. In that case, the controller shall bear the burden of proving the vexatiouscessive character of the request.
Amendment 385 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 1 – point b
Article 11 – paragraph 1 – point b
(b) the legal basis and the purposes of the processing for which the personal data are intended;
Amendment 388 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 1 – point f a (new)
Article 11 – paragraph 1 – point f a (new)
(fa) where the controller processes personal data as described in Article 9(1), information about the existence of processing for a measure of the kind referred to in Article 9(1) and the intended effects of such processing on the data subject;
Amendment 390 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 1 – point f b (new)
Article 11 – paragraph 1 – point f b (new)
(fb) information regarding specific security measures taken to protect personal data;
Amendment 392 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Where the personal data are not collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, from which source the data originate.
Amendment 396 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 4 – introductory part
Article 11 – paragraph 4 – introductory part
4. Member States may adopt legislative measures delaying, or restricting or omitting the provision of the information to the data subject to the extent that, and as long as, such partial or complete restriction constitutes ais strictly necessary and proportionate measure in a democratic society with due regard for the fundamental rights and the legitimate interests of the person concerned:
Amendment 402 #
2012/0010(COD)
Proposal for a directive
Article 11 – paragraph 5
Article 11 – paragraph 5
5. Member States mayshall provide that the controller shall assess, in each specific case, by means of a concrete and individual examination, whether a partial or complete restriction for one of the reasons referred to in paragraph 4 applies. Member State law may also determine categories of data processing which may wholly or partly fall under the exemptions of paragraph 4(a), (b), (c) and (d).
Amendment 406 #
2012/0010(COD)
Proposal for a directive
Article 12 – paragraph 1 – point c
Article 12 – paragraph 1 – point c
(c) the recipients or categories of recipients to whom the personal data have been disclosed, in particular the recipients in third countries;
Amendment 408 #
2012/0010(COD)
Proposal for a directive
Article 12 – paragraph 1 – point g
Article 12 – paragraph 1 – point g
(g) communication of the personal data undergoing processing and of any available information as to their source, and if applicable, intelligible information about the logic involved in any automated processing.
Amendment 413 #
2012/0010(COD)
Proposal for a directive
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Member States shall provide for the right of the data subject to obtain from the controller a copy of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in an electronic and interoperable format allowing unhindered further use by the data subject, unless otherwise requested by the data subject.
Amendment 420 #
2012/0010(COD)
Proposal for a directive
Article 13 – paragraph 1 – introductory part
Article 13 – paragraph 1 – introductory part
1. Member States may adopt legislative measures restricting, wholly or partly, the data subject's right of access to the extent and for the period that such partial or complete restriction constitutes a necessary and strictly proportionate measure in a democratic society with due regard for the legitimate interests of the person concernedand fundamental rights of the person concerned, based on a concrete and individual examination of each specific case:
Amendment 422 #
2012/0010(COD)
Proposal for a directive
Article 13 – paragraph 1 – point c
Article 13 – paragraph 1 – point c
Amendment 424 #
2012/0010(COD)
Proposal for a directive
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
Amendment 430 #
2012/0010(COD)
Proposal for a directive
Article 13 – paragraph 2
Article 13 – paragraph 2
Amendment 446 #
2012/0010(COD)
Proposal for a directive
Article 15 – paragraph 2
Article 15 – paragraph 2
Amendment 459 #
2012/0010(COD)
Proposal for a directive
Article 16 – paragraph 3 – introductory part
Article 16 – paragraph 3 – introductory part
3. Instead of erasure, the controller shall mark the personal datarestrict processing of personal data in such a way that it is not subject to the normal data access and processing operations of the controller and can not be changed anymore, where:
Amendment 460 #
2012/0010(COD)
Proposal for a directive
Article 16 – paragraph 3 – point a a (new)
Article 16 – paragraph 3 – point a a (new)
(aa) personal data referred to in this paragraph may, with the exception of storage, only be processed when necessary for purposes of proof, or for the protection of vital interests of the data subject or another person;
Amendment 462 #
2012/0010(COD)
Proposal for a directive
Article 16 – paragraph 3 – point b a (new)
Article 16 – paragraph 3 – point b a (new)
(ba) where processing of personal data is restricted pursuant to this paragraph, the controller shall inform the data subject before lifting the restriction;
Amendment 478 #
2012/0010(COD)
Proposal for a directive
Article 16 a (new)
Article 16 a (new)
Article 16a Rights in relation to recipients The controller shall communicate any rectification or erasure carried out in accordance with Articles 15 and 16 to each recipient to whom the data have been transferred, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject about those third parties.
Amendment 485 #
2012/0010(COD)
Proposal for a directive
Article 19 – paragraph 1
Article 19 – paragraph 1
1. Member States shall provide that, having regard to the state of the art and the cost of implementation, the controller shall, both at the time of the determination of the purposes and means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of provisions adopted pursuant to this Directive and ensure the protection of the rights of the data subject. Where the controller has carried out a data protection impact assessment pursuant to Article 25a, the results shall be taken into account when developing those measures and procedures.
Amendment 488 #
2012/0010(COD)
Proposal for a directive
Article 19 – paragraph 2
Article 19 – paragraph 2
2. The controller shall implement mechanisms for ensuring that, by default, only those personal data which are necessary for the purposes of the processing are processed. and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals.
Amendment 512 #
2012/0010(COD)
Proposal for a directive
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Member States shall provide that each controller and processor maintains detailed documentation of all processing systems and procedures under their responsibility.
Amendment 534 #
2012/0010(COD)
Proposal for a directive
Article 25 a (new)
Article 25 a (new)
Article 25a Data protection impact assessment 1. Member States shall provide that, before devising new systems for the processing of personal data, the controller or the processor acting on the controller's behalf, or the entity deciding about the new system, shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. 2. The assessment shall contain at least a systematic description of (a) the envisaged processing operations and their necessity and proportionality in relation to the purpose, (b) an assessment of the risks to the rights and freedoms of data subjects, (c) the measures envisaged to address the risks and minimise the volume of personal data which is processed, (d) safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons concerned. 3. The controller shall seek the views of data subjects or their representatives on the intended processing. 4. The assessment shall be made easily accessible to the public. 5. The Commission shall be empowered to adopt, after requesting an opinion of the European Data Protection Board, delegated acts in accordance with Article 56 for the purpose of further specifying the requirements for the assessment, referred to in paragraph 2, including conditions and procedures for scalability, verification and audit ability.
Amendment 538 #
2012/0010(COD)
Proposal for a directive
Article 26 – paragraph 1 – introductory part
Article 26 – paragraph 1 – introductory part
1. Member States shall ensure that the controller or the processor consults the supervisory authority prior to the processing of personal data which will form part of a new type of filing system to be created where:.
Amendment 539 #
2012/0010(COD)
Proposal for a directive
Article 26 – paragraph 1 – point a
Article 26 – paragraph 1 – point a
Amendment 540 #
2012/0010(COD)
Proposal for a directive
Article 26 – paragraph 1 – point b
Article 26 – paragraph 1 – point b
Amendment 544 #
2012/0010(COD)
Proposal for a directive
Article 26 – paragraph 2
Article 26 – paragraph 2
2. Member States mayshall provide that the supervisory authority establishes a list of the processing operations which are subject to prior consultation pursuant to paragraph 1.
Amendment 565 #
2012/0010(COD)
Proposal for a directive
Article 29 – paragraph 4
Article 29 – paragraph 4
4. The communication to the data subject may be delayed, or restricted or omitted on the grounds referred to in Article 11(4).
Amendment 581 #
2012/0010(COD)
Proposal for a directive
Article 33 – paragraph 1 a (new)
Article 33 – paragraph 1 a (new)
Member States shall provide that further onward transfers referred to in paragraph 1 of this Article may only take place if, in addition to the conditions laid out in that paragraph: (a) the onward transfer is necessary for the same specific purpose as the original transfer; and (b) the competent authority that carried out the original transfer authorises the onward transfer.
Amendment 590 #
2012/0010(COD)
Proposal for a directive
Article 33 a (new)
Article 33 a (new)
Article 33a Transfers to recipients not subject to the provisions implementing this directive Member States shall provide that transfers of personal data by competent authorities to recipients that are not subject to the provisions implementing this Directive may only take place if such transfers are: (a) provided for in national law; such laws must be in compliance with the Charter of Fundamental Rights of the European Union and the Convention for the Protection of Human Rights and Fundamental Freedoms, and be in line with the case law of the Court of Justice of the European Union and the European Court of Human Rights; or (b) necessary for the protection of the vital interests of the data subject or another person; or (c) carried out upon request of the data subject.
Amendment 607 #
2012/0010(COD)
Proposal for a directive
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
(b) the controller or processor has assessed all the circumstances surrounding the transfer of personal data andEuropean Data Protection Board has assessed that the recipient controller or processor meets all legal requirements and best practices generally surrounding the transfer of personal data stipulated in this Directive, in particular regarding personal data originally collected by private parties, and has concludesd that appropriate safeguards exist with respect to the protection of personal data. , or
Amendment 608 #
2012/0010(COD)
Proposal for a directive
Article 35 – paragraph 1 – point b a (new)
Article 35 – paragraph 1 – point b a (new)
(ba) Member State law allows for specific transfers of personal data which are strictly necessary and proportionate, subject to the relevant provisions of Union law or public international law, and in particular the ECHR as interpreted by the European Court of Human Rights.
Amendment 615 #
2012/0010(COD)
Proposal for a directive
Article 36 – title
Article 36 – title
Derogation Derogations in the case of specific transfers
Amendment 617 #
2012/0010(COD)
Proposal for a directive
Article 36 – paragraph 1 – introductory part
Article 36 – paragraph 1 – introductory part
Amendment 620 #
2012/0010(COD)
Proposal for a directive
Article 36 – paragraph 1 a (new)
Article 36 – paragraph 1 a (new)
Member States shall ensure that personal data is only transferred under the provisions of this Article if (a) the controller has obtained prior authorisation from the supervisory authority; and (b) the transfer is only comprising data strictly necessary to achieve the purpose for which it is transferred; and (c) all transfers are fully documented, including date and time of the transfer, the recipient authority, the justification for the transfer and the data transferred. This documentation shall be made available to the supervisory authority on request.
Amendment 622 #
2012/0010(COD)
Proposal for a directive
Article 36 – paragraph 1 – point a
Article 36 – paragraph 1 – point a
(a) the transfer is necessary in order to protectto safeguard the vital interests of the data subject or another person, particularly in terms of their physical safety and well-being; or
Amendment 623 #
2012/0010(COD)
Proposal for a directive
Article 36 – paragraph 1 – point c
Article 36 – paragraph 1 – point c
(c) the transfer of the data is limited to a specific case and essential for the prevention of an immediate and serious threat to public security of a Member State or a third country; or
Amendment 643 #
2012/0010(COD)
Proposal for a directive
Article 45 – paragraph 6
Article 45 – paragraph 6
6. Where requests are vexatiousmanifestly excessive, in particular due to their repetitive character, the supervisory authority may charge a fee or not take the action required by the data subjectreasonable fee. The supervisory authority shall bear the burden of proving of the vexatiouscessive character of the request.
Amendment 646 #
2012/0010(COD)
Proposal for a directive
Article 46 – paragraph 1 – point a
Article 46 – paragraph 1 – point a
(a) investigative powers, such as powers of access to data forming the subject matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties;all personal data and to all the information necessary for the performance of its supervisory duties and access to any of a data controller's premises, including to any data processing equipment and means.
Amendment 653 #
2012/0010(COD)
Proposal for a directive
Article 47 – paragraph 1
Article 47 – paragraph 1
Member States shall provide that each supervisory authority draws up an annual report on its activities. The report shall at least every two years. The report shall be presented to the national parliament, and be made available to the Commission and, the European Data Protection Board, and the public. It shall include information on the extent to which competent authorities in their jurisdiction have accessed data held by private parties to investigate or prosecute criminal offences.
Amendment 4 #
2011/2025(INI)
Motion for a resolution
Citation 7 a (new)
Citation 7 a (new)
– having regard to the Council of Europe Convention 108 on the Protection of Individuals with regard to Automatic Processing of Personal Data,
Amendment 8 #
2011/2025(INI)
Draft opinion
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Underlines that the right to access includes not only full access to the data processes about oneself including the source and recipients, but also intelligible information about the logic involved in any automatic processing; emphasises that the latter will even become more important with profiling and data-mining;
Amendment 9 #
2011/2025(INI)
Draft opinion
Paragraph 3 b (new)
Paragraph 3 b (new)
3b. Calls on the Commission to guarantee synergies on data protection rights ad consumers’ rights;
Amendment 11 #
2011/2025(INI)
Motion for a resolution
Recital A a (new)
Recital A a (new)
Aa. whereas violations of data protection provisions can lead to serious risks for the fundamental rights of individuals and for the values of the Member States,
Amendment 12 #
2011/2025(INI)
Motion for a resolution
Recital A b (new)
Recital A b (new)
Ab. whereas data protection legislation in the EU, the Member States, and beyond has developed a legal tradition that has to be maintained and further elaborated,
Amendment 14 #
2011/2025(INI)
Draft opinion
Paragraph 4
Paragraph 4
Amendment 19 #
2011/2025(INI)
Motion for a resolution
Recital B a (new)
Recital B a (new)
Ba. whereas the EU and the Member States are obliged to take effective measures against all violations of personal rights and are obliged to protect individual privacy and informational self- determination,
Amendment 24 #
2011/2025(INI)
Motion for a resolution
Recital C
Recital C
C. whereas it is of utmost importance that a series of key elements be taken into account when legislative solutions are considered, namely effective protection, given under all circumstances and independent of political preferences within a certain timeframe; whereas the framework must be stable over a long period, and limitations on the exercise of the right, where and if needed, must be exceptional, strictly necessary and proportionate, duly justified and never affect the essential elements of the right itself9 ,
Amendment 28 #
2011/2025(INI)
Draft opinion
Paragraph 6 a (new)
Paragraph 6 a (new)
6a. Supports efforts further to advance enforceable and binding self-regulatory initiatives based on the legal framework within the revision on the data protection framework, as suggested in the Commission communication, and is in favour of further supporting EU certification schemes; points out that public procurement should play an important role in taking the lead here;
Amendment 33 #
2011/2025(INI)
Motion for a resolution
Recital E a (new)
Recital E a (new)
Ea. whereas the fundamental right to data protection includes the protection of persons from possible surveillance and abuse of their data by the state itself, as well as by private entities,
Amendment 38 #
2011/2025(INI)
Motion for a resolution
Recital E b (new)
Recital E b (new)
Eb. whereas effective control by the data subject requires transparent behaviour of data controllers,
Amendment 42 #
2011/2025(INI)
Motion for a resolution
Recital F
Recital F
F. whereas a strong European and international data protection regime is the necessary foundation for the flow of personal data across borders, and whereas current differences in data protection legislation and enforcement are affecting European citizens as well as the global economy and the single European market,
Amendment 44 #
2011/2025(INI)
Motion for a resolution
Recital F b (new)
Recital F b (new)
Fb. whereas privacy and security are possible and are both of key importance for citizens, meaning that there is no need to chose between being free or being safe,
Amendment 46 #
2011/2025(INI)
Motion for a resolution
Recital F a (new)
Recital F a (new)
Fa. whereas continuous violations of data protection lead to a lack of trust by citizens that will weaken the expedient use of the new technologies,
Amendment 50 #
2011/2025(INI)
Motion for a resolution
Paragraph 1 a (new)
Paragraph 1 a (new)
1a. Welcomes the opportunity to substantiate and adapt the European data protection law to the legal conditions that emerge after the entry into force of the Lisbon Treaty and the Charter of Fundamental Rights,
Amendment 54 #
2011/2025(INI)
Motion for a resolution
Paragraph 2 a (new)
Paragraph 2 a (new)
2a. Underlines the importance of Article 9 of Directive 95/46/EC which obliges Member States to provide for exemptions from data protection rules when personal data are used solely for journalistic purposes or the purpose of artistic or literary expression and in this context underlines the importance of the right to freedom of expression;
Amendment 58 #
2011/2025(INI)
Motion for a resolution
Paragraph 3
Paragraph 3
3. Considers it imperative to extend the application of general data protection rules to the areas of police and judicial cooperation, including in the context of data processing at domestic level, taking especially into account the trend to re-use on a systematic basis personal data of the private sector for law enforcement purposes, while also allowing, asexceptionally and where strictly necessary, for restrict and proportionate, for narrowly-tailored and harmonised limitations on certain data protection rights of the individual;
Amendment 66 #
2011/2025(INI)
Motion for a resolution
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Emphasises equally the need to have the processing of personal data by institutions and bodies of the European Union, which is governed by Regulation (EC) No 45/2001, included within the scope of the new framework;
Amendment 67 #
2011/2025(INI)
Motion for a resolution
Paragraph 3 b (new)
Paragraph 3 b (new)
3b. Recognises that enhanced additional measures might be needed for specific sectors, as has already been the case for the e-Privacy Directive - but insists that sector-specific rules should in no circumstances lower the level of protection ensured by framework legislation, strictly defining exceptional, necessary, legitimate and narrowly- tailored derogations to general data protection principles,
Amendment 68 #
2011/2025(INI)
Motion for a resolution
Paragraph 4 – introductory part
Paragraph 4 – introductory part
4. Calls on the Commission explicitly to ensure that the current revision of EU data protection law will allowegislation will provide for:
Amendment 73 #
2011/2025(INI)
Motion for a resolution
Paragraph 4 – indent 2
Paragraph 4 – indent 2
– further clarification of the rules on applicable law with a view to delivering the same degree of protection for individuals irrespective of the geographical location of the data controller, including when it comes to enforcement of data protection by authorities or in court;
Amendment 80 #
2011/2025(INI)
Motion for a resolution
Paragraph 5
Paragraph 5
5. Takes the view that the revised data protection regime should keep bureaucratic and financial burdens to a minimum, while fully enforcing the rights to privacy and data protection;
Amendment 84 #
2011/2025(INI)
Motion for a resolution
Paragraph 6
Paragraph 6
6. Calls on the Commission to draft a new legislation along the following principles and elements, while emphasising that thesereinforce existing principles and elements are alreadys set out in Directive 95/46/EC, but have not been realised and implemented fully in the Member States or found full application inimproving their implementation in Member States , particularly as regards the ‘online- environment’:, amongst which the principles of transparency, the principles of data minimisation and purpose limitation, and the provisions on consent;necessity, legitimacy and proportionality of data processing, informed, prior and explicit consent, data breach notification and the data subjects’ right of access to data which has been collected concerning them, as well as the right to have them rectified or deleted
Amendment 98 #
2011/2025(INI)
Motion for a resolution
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Underlines that the right to access includes not only full access to the data processed about oneself including its source and recipients, but also intelligible information about the logic involved in any automatic processing; emphasises that the latter will become even more important with profiling and data-mining;
Amendment 99 #
2011/2025(INI)
Motion for a resolution
Paragraph 7 b (new)
Paragraph 7 b (new)
7b. Underlines that the data subject must be put in the position to know at any time which data have been stored by whom, when, for which purpose, for which time period, and how it is being processed; he or she has to be able to obtain its deletion, correction and blocking in an unbureaucratic way and without costs; he or she has to be informed about any misuse and any data breach;
Amendment 100 #
2011/2025(INI)
Motion for a resolution
Paragraph 8
Paragraph 8
8. Welcomes the Commission cReiterates the need to enhance obligations of data controllers as to the information of data subjects and welcomes the attention given by the Communication’s focus on to awareness- raising campaigns aimed bothdirected at the general public and also, more specifically, at young people; stresses the need to also specifically address elderly people; underlines that awareness-raising measures should not be understood as shifting the burden of responsibility on the data subject;
Amendment 107 #
2011/2025(INI)
Motion for a resolution
Paragraph 8 a (new)
Paragraph 8 a (new)
8a. Stresses the need for data protection legislation to acknowledge the special need to protect children and minors and underlines that media literacy has to become an element of formal education in order to instruct children and minors on how to act responsibly in the online environment;
Amendment 111 #
2011/2025(INI)
Motion for a resolution
Paragraph 9
Paragraph 9
9. Supports further clarification with regard toand reinforcement of guarantees for the processing of sensitive data, along with discussnd the reflection ofn the need to includecessity to deal with new categories such as genetic data, especially in the context of both technological developments (e.g. cloud computing) and societal developments;
Amendment 114 #
2011/2025(INI)
Motion for a resolution
Paragraph 9 a (new)
Paragraph 9 a (new)
9a. Highlights the need to enhance guarantees for the protection of children’s personal data, also in light of the increased access of children to Internet and digital contents;
Amendment 117 #
2011/2025(INI)
Motion for a resolution
Paragraph 10
Paragraph 10
10. Considers it essential thato reinforce data controllers’ obligations to ensure compliance with data protection, and, in this connection, legislation by having in place, inter alia, proactive mechanisms and procedures, and welcomes the other directions suggested inby the Commission communication;
Amendment 119 #
2011/2025(INI)
Motion for a resolution
Paragraph 10 a (new)
Paragraph 10 a (new)
10a. Recalls that in this context special attention must be paid to data controllers who are subject to professional secrecy obligations and that for those the building of special structures for data protection supervision should be considered;
Amendment 120 #
2011/2025(INI)
Motion for a resolution
Paragraph 10 b (new)
Paragraph 10 b (new)
10b. Welcomes and supports the considerations of the Commission to introduce a principle of accountability as it is of key importance to ensure that data controllers act upon their responsibility; at the same time calls on the Commission to carefully examine how such a principle could be effectively implemented and assess the consequences thereof;
Amendment 125 #
2011/2025(INI)
Motion for a resolution
Paragraph 11 a (new)
Paragraph 11 a (new)
11a. Considers essential the possibility of making Privacy Impact Assessments mandatory in order to identify privacy risks, foresee problems, and bring forward proactive solutions;
Amendment 129 #
2011/2025(INI)
Motion for a resolution
Paragraph 13
Paragraph 13
13. Sees in the concepts of ‘privacy by design’ and ‘privacy by default’ a strengthening of data protection, and supports examination of possibilities for their concrete application and further development;
Amendment 132 #
2011/2025(INI)
Motion for a resolution
Paragraph 14
Paragraph 14
14. Supports efforts further to advance enforceable and binding self- regulatory initiatives based on the legal framework within the revision of the data protection framework, as suggested in the Commission communication, and is in favour of giving consideration to setfurther supporting up EU certification schemes; reminds that public procurement should play an important role in taking the lead here;
Amendment 137 #
2011/2025(INI)
Motion for a resolution
Paragraph 15
Paragraph 15
15. Is in favour of further clarifying, strengthening and harmonising the status and powers of national data protection authorities, including by equipping them with appropriate resources, and of exploring ways to ensure more consistent application of EU data protection rules across the internal market;
Amendment 139 #
2011/2025(INI)
Motion for a resolution
Paragraph 15 a (new)
Paragraph 15 a (new)
Amendment 148 #
2011/2025(INI)
Motion for a resolution
Paragraph 16
Paragraph 16
16. Calls on the Commission to streamline and strengthen current procedures for international data transfers, and to define ambitious core EU data protection aspects to be used for all types of international agreement;
Amendment 151 #
2011/2025(INI)
Motion for a resolution
Paragraph 17
Paragraph 17
17. Takes the view that the Commission’s adequacy procedure of the Commission would benefit from further clarification, stricter implementation, enforcement and monitoring, and that the criteria and requirements for assessing the level of data protection in a third country or an international organisation should be better specified taking into account the new threats to privacy and personal data;
Amendment 154 #
2011/2025(INI)
Motion for a resolution
Paragraph 18
Paragraph 18
18. Supports the Commission’s efforts to enhance cooperation with third countries and international organisations, including the United Nations, the Council of Europe and the OECD, as well as with standardisation organisations such as the CEN and the ISOEuropean Committee for Standardisation (CEN), the International Organisation for Standardisation (ISO), World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF);
Amendment 102 #
2011/0154(COD)
Proposal for a directive
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1a. Member States shall notify suspects and accused persons that they have a right of access to a lawyer in accordance with the Directive on the right to information in criminal proceedings. They shall also ensure that this right is communicated in an appropriate manner that can be understood by all persons, including children and vulnerable.
Amendment 117 #
2011/0154(COD)
Proposal for a directive
Article 4 – paragraph 3
Article 4 – paragraph 3
3. The lawyer shall have the right of access to the materials of the case and to be present at any other investigative or evidence-gathering act at which the suspect or accused person’s presence is required or permitted as a right, in accordance with national law, unless this would prejudice the acquisition of evidence. He shall have the right to request evidence-gathering himself.
Amendment 126 #
2011/0154(COD)
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The lawyer shall have the right to check theo the extent necessary to ensure a fair trial and prevent torture or inhuman or degrading treatment, the lawyer shall be allowed to examine the specific conditions in which the suspect or accused person is detained and to thisat end shall have access to the place where the person is detained.
Amendment 130 #
2011/0154(COD)
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Member States shall ensure that a person to whom Article 2 refers and who is deprived of his liberty has the right to communicate immediately with at least one person named by him as soon as possible.
Amendment 131 #
2011/0154(COD)
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Where the person is a child or a vulnerable person, Member States shall ensure that the child’s legal representative or another adult, depending on the interest of the child or the vulnerable person, is informed as soon as possible of the deprivation of liberty and the reasons pertaining thereto, unless it would be contrary to the best interests of the child or the vulnerable person, in which case another appropriate adult or legal representative shall be informed.
Amendment 133 #
2011/0154(COD)
Proposal for a directive
Article 6
Article 6
Member States shall ensure that persons to whom Article 2 refers, who are deprived of their liberty and who are non-nationals have the right to have consular or diplomatic authorities of their State of nationality informed of the detention as soon as possible and to communicate with and be visited by the consular or diplomatic authorities in private. Consular authorities may also arrange access to a lawyer for the suspect or accused person.
Amendment 136 #
2011/0154(COD)
Proposal for a directive
Article 7
Article 7
Member States shall ensure that the confidentiality of meetings between the suspect or accused person and his lawyer is guaranteed. They shall also ensure the confidentiality of correspondence, telephone conversations and other forms of communication permitted under national law between the suspect or accused person and his lawyer. Confidentiality shall not be subject to any exception; any infringement thereof shall be sanctioned in accordance with national law.
Amendment 141 #
2011/0154(COD)
Proposal for a directive
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) shall be justified by compelling reasons in the light of the particular circumstances of the case pertaining to the urgent need to avert serious adverse consequences for the life or physical integrity of a person;
Amendment 149 #
2011/0154(COD)
Proposal for a directive
Article 8 – paragraph 2
Article 8 – paragraph 2
Derogations may only be authorised by a duly reasoned decision taken by an independent judicial authority on a case- by-case basis. The duly reasoned decision shall be recorded in writing.
Amendment 151 #
2011/0154(COD)
Proposal for a directive
Article 9 – paragraph 1 – point b
Article 9 – paragraph 1 – point b
(b) he has the necessary capacity to understand these consequences and has reached the age of majority
Amendment 154 #
2011/0154(COD)
Proposal for a directive
Article 9 – paragraph 2
Article 9 – paragraph 2
2. The waiver and the circumstances in which it was given shall be filed in writing and be recorded in accordance with the law of the Member State concerned.
Amendment 158 #
2011/0154(COD)
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Member States shall ensure that any person other than a suspect or accused person who is heard by the police or other enforcement authority in the context of a criminal procedure is granted access to a lawyer if, in the course of questioning, interrogation or hearing, he becomes suspected or accused of having committed a criminal offence. This person has to be informed promptly that he or she is a suspect and/or accused person. Any such questioning, interrogation or hearing shall be suspended immediately.
Amendment 160 #
2011/0154(COD)
Proposal for a directive
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. Access to a lawyer shall be granted in such a time and manner as to allow the suspect or accused person to exercise his rights of defence effectively.
Amendment 163 #
2011/0154(COD)
Proposal for a directive
Article 11 – paragraph 2 – subparagraph 1 – indent 3 a (new)
Article 11 – paragraph 2 – subparagraph 1 – indent 3 a (new)
- the right that he and his lawyer have access to the materials of the case;
Amendment 165 #
2011/0154(COD)
Proposal for a directive
Article 11 – paragraph 4
Article 11 – paragraph 4
4. The lawyer of this person in the issuing Member State shall have the right to carry out activities limited to what is needed to assist the lawyer in the executing Member State, with a view to the effective exercise of the person’s rights in the executing Member State under that Council Framework Decision, in particular under its Articles 3 and 4.
Amendment 167 #
2011/0154(COD)
Proposal for a directive
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Member States shall not apply less favourable provisions on legal aid than those currently in place in respect ofensure that suspects and accused persons have access to legal aid where necessary, to pay for the access to a lawyer provided pursuant to this Directive.
Amendment 169 #
2011/0154(COD)
Proposal for a directive
Article 12 a (new)
Article 12 a (new)
Article 12 a Definition of a lawyer 1. Member States shall take concrete measures to ensure that the lawyer has appropriate accreditation to effectively represent the suspect or accused person in accordance with this Directive. 2. In order to ensure that only accredited lawyers provide legal assistance, Member States shall endeavour to establish a register or registers of accredited lawyers who are appropriately qualified. Once established, such register or registers shall, where appropriate, be made available to relevant authorities.
Amendment 34 #
2011/0129(COD)
Proposal for a directive
Recital 18
Recital 18
(18) Beyond these categories, but again based on personal characteristics and the crime, any person could be vulnerable. Only through individual assessments, carried out at the earliest opportunity by those in a position to make recommendations on protection measures, can such vulnerabilities be effectively identified. The assessment should in particular take into account age, gender and gender identity, ethnicity, race, religion, sexual orientation, state of health, disability, communication difficulties, relationship to or dependence on the suspected or accused person, previous experience of crime, the type or nature of the crime such as organised crime, terrorism, or bias crimes and whether the victim is a foreign victim. Victims of terrorism require particular attention in any assessment given the varying nature of such acts ranging from mass acts of terrorism to targeted terrorism against individuals.
Amendment 36 #
2011/0129(COD)
Proposal for a directive
Recital 25 a (new)
Recital 25 a (new)
(25a) Environmental damage is not victimless. Environmental crime is difficult to address because it can result in collective or mass victimisation, has a tendency to affect non-conventional victims, and the resulting victimisation is often gradual and silent. Environmental harm and the question of the victims of environmental crime affect not only individual interests but also those of entire communities or groups of people, and includes the need to consider the consequences of today's actions for future generations based on intergenerational responsibility and to recognise that all people, in present and future generations, have the right to live in an environment conducive to their health and wellbeing in accordance with Regulation (EC) No 1367/2006 of 6 September 2006 of the European Parliament and of the Council on the application of the provisions of the Aarhus Convention on Access to Information, Public Participation in Decision-making and Access to Justice in Environmental Matters to Community institutions and bodies. Certain procedural environmental rights concerning, inter alia, access to justice can be ensured through the recognition, by this Directive, of the environment and its ecosystems as potential victims of illicit behaviour. ____________ 1. OJ L 264, 5.9.2006, p. 13.
Amendment 37 #
2011/0129(COD)
Proposal for a directive
Article 2 – point a – point ii a (new)
Article 2 – point a – point ii a (new)
(iia) the environment which has suffered damage caused by a criminal offence. Member States shall ensure that any group, foundation or association which, according to its statutes under national law, aims to protect the environment can benefit from the rights conferred pursuant to Chapter 3 of this Directive.
Amendment 39 #
2011/0129(COD)
Proposal for a directive
Article 3 – introductory part
Article 3 – introductory part
Member States shall ensure that all victims are provided with the following information, without unnecessary delay and in a language that the victim understands, conveyed using child- sensitive communication techniques where appropriate, from their first contact with the authority competent to receive a complaint concerning a criminal offence:
Amendment 46 #
2011/0129(COD)
Proposal for a directive
Article 7 – paragraph 4 a (new)
Article 7 – paragraph 4 a (new)
4a. Member States shall allow non- governmental organisations with a legitimate interest to intervene in criminal proceedings in support of, or on behalf of, the victim or victims, in particular where the criminal offence harms the environment or infringes the public interest by injuring an unspecified number of people.
Amendment 54 #
2011/0129(COD)
Proposal for a directive
Article 18 – paragraph 1 – point b
Article 18 – paragraph 1 – point b
Amendment 59 #
2011/0129(COD)
Proposal for a directive
Article 18 – paragraph 3 a (new)
Article 18 – paragraph 3 a (new)
3a. Member States shall ensure the proper application of victims' rights in cases of mass victimisation caused by a criminal offence.
Amendment 36 #
Amendment 48 #
2011/0023(COD)
Draft legislative resolution
Paragraph 1
Paragraph 1
1. Adopts its position at first reading hereinafter set outRejects the Commission proposal;
Amendment 56 #
2011/0023(COD)
Proposal for a directive
Recital 5
Recital 5
(5) PNR data are necessarymay be a useful means to effectively prevent, detect, investigate and prosecute terrorist offences and scerious crime and thus enhance internal securitytain types of transnational serious crime.
Amendment 63 #
2011/0023(COD)
Proposal for a directive
Recital 6
Recital 6
(6) PNR data may help law enforcement authorities prevent, detect, investigate and prosecute serious transnational crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to constructfind necessary evidence and, where relevant, to find associates of criminals and unravel criminal networks.
Amendment 67 #
2011/0023(COD)
Proposal for a directive
Recital 7
Recital 7
Amendment 67 #
2011/0023(COD)
Proposal for a directive
Recital 4 a (new)
Recital 4 a (new)
(4a) The Court of Justice of the EU ruled on 8th April 2014 that the mass retention of commercially generated personal data for law enforcement purposes without any specific suspicion or at least indirect link to a threat or risk is in breach of the Charter of Fundamental Rights. Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC was declared invalid by that judgement.1 a __________________ 1aJudgment in Joined Cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, 8 April 2014.
Amendment 71 #
2011/0023(COD)
Proposal for a directive
Recital 5
Recital 5
(5) PNR data are necessary to effectivelymay be a useful means to prevent, detect, investigate and prosecute terrorist offences and seriouscertain types of serious transnational crime and thus enhance internal security.
Amendment 75 #
2011/0023(COD)
Proposal for a directive
Recital 10
Recital 10
Amendment 80 #
2011/0023(COD)
Proposal for a directive
Recital 6
Recital 6
(6) PNR data may help law enforcement authorities prevent, detect, investigate and prosecute seriouscertain types of serious transnational crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to constructfind necessary evidence and, where relevant, to find associates of criminals and unravel criminal networks.
Amendment 87 #
2011/0023(COD)
Proposal for a directive
Recital 7
Recital 7
(7) PNR data may enable law enforcement authorities to identify persons who were previously ‘"unknown’", i.e. persons previously unsuspected of involvement in serious transnational crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteriprocessing of PNR data should be further limited to certain serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed, and limited to only such flights where there is a proven high risk of persons likely to be involved in serious transnational crime and terrorism being among the passengers, based on a court order.
Amendment 92 #
2011/0023(COD)
Proposal for a directive
Recital 12
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism. The definition of serous transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member StatesUnited Nations Convention against Transnational Organized Crime. However, Member States mayshould exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime.
Amendment 102 #
2011/0023(COD)
Proposal for a directive
Recital 9
Recital 9
Amendment 105 #
2011/0023(COD)
Proposal for a directive
Recital 14
Recital 14
(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit listed in the Annex to this Directive should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious transnational crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizepersons, notably privacy and the protection of personal data. Such listsdata should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger's reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.
Amendment 109 #
2011/0023(COD)
Proposal for a directive
Recital 10
Recital 10
(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying downharmonising and narrowly limiting obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.
Amendment 110 #
2011/0023(COD)
Proposal for a directive
Recital 15
Recital 15
(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier's reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers, no later than two years after the entry into force of this Directive, for all air carriers which already collect and process PNR data for commercial purposes and operate international flights to or from the territory of the Member States. Should PNR data be handled by Computerised Reservation Service (CRS) operators, Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems1 applies. ____________ 1 OJ L 35, 4.2.2009, p. 47.
Amendment 123 #
2011/0023(COD)
Proposal for a directive
Recital 12
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serious transnational crime should be taken fromlimited to trafficking in human beings as defined in Article 2 of Directive 2011/36/EU of 5 April 2011 on preventing and combating trafficking in human beings and protecting its victims1 a, to illicit trafficking in narcotic drugs as defined in Article 2 of Council Framework Decision 2002/5844/757/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States3825 October 2004 laying down minimum provisions on the constituent elements of criminal acts and penalties in the field of illicit drug trafficking38 , and to illicit trafficking in weapons, munition and explosives as defined in Article 2b of Council Directive 2008/51/EC of 21 May 2008 on control of the acquisition and possession of weapons1 b . However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime. __________________ 37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21). 381a OJ L 101, 15.4.2011, p. 1 38 OJ L 190, 18.7.2002, p. 1. OJ L 335, 11.11.2004, p. 8 1b OJ L 179, 8.7.2008, p. 5
Amendment 129 #
2011/0023(COD)
Proposal for a directive
Recital 20
Recital 20
(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.
Amendment 132 #
2011/0023(COD)
Proposal for a directive
Recital 21
Recital 21
(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are anonymised and only accessible under very strict and limited conditions.
Amendment 135 #
2011/0023(COD)
Proposal for a directive
Recital 14
Recital 14
(14) The contents of any lists of required PNR data as listed in the Annex to this Directive to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authoritieslimited to the minimum amount of data that is strictly necessary and proportionate to prevent, detect, investigate and prosecute terrorist offences or serious crimetransnational crime in specific cases, thereby improving internal security within the Union as well as protecting the fundamental rights of citizepersons, notably privacy and the protection of personal data. Such listsdata should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger’'s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.
Amendment 136 #
2011/0023(COD)
Proposal for a directive
Recital 21
Recital 21
(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are anonymised and only accessible under very strict and limited conditions.
Amendment 140 #
2011/0023(COD)
Proposal for a directive
Recital 15
Recital 15
(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (’pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (’push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers which already collect and process PNR data for commercial purposes and operate international flights to or from the territory of the Member States. Should PNR data be handled by Computerised Reservation Service (CRS) operators, the Code of Conduct for CRS (Regulation (EC) No. 80/2009 of the European Parliament and of the Council) applies.
Amendment 151 #
2011/0023(COD)
Proposal for a directive
Recital 18
Recital 18
(18) Each Member State's courts should be responsible for assessing the potential threats and the necessity and proportionality of processing PNR data related to terrorist offences and serious crime.
Amendment 160 #
2011/0023(COD)
Proposal for a directive
Recital 28
Recital 28
Amendment 165 #
2011/0023(COD)
Proposal for a directive
Recital 20
Recital 20
(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40 . Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation. __________________ 39 40OJ L 121, 15.5.2009, p. 37. OJ L 121, 15.5.2009, p. 37. 40 OJ L 386, 29.12.2006, p. 89. OJ L 386, 29.12.2006, p. 89.
Amendment 167 #
2011/0023(COD)
Proposal for a directive
Recital 21
Recital 21
(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are anonymised and only accessible under very strict and limited conditionstransnational crime.
Amendment 178 #
2011/0023(COD)
Proposal for a directive
Recital 32
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 year30 days, after which the data must be deleted, the data must be anonymised after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
Amendment 185 #
2011/0023(COD)
Proposal for a directive
Recital 25
Recital 25
(25) Taking into account the right of passengers to be informed of the processing of their personal data, Member States should ensure they are provided with accurate information about the collection of PNR data and their transfer to the Passenger Information Unit, as well as their rights as data subjects.
Amendment 191 #
2011/0023(COD)
Proposal for a directive
Recital 26
Recital 26
(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA, and only on the basis of an international agreement between the Union and that third country. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country.
Amendment 194 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) The prevention, detection, investigation and prosecution of terrorist offences and serious crimecertain types of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2)(b) and (c); and;
Amendment 197 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 – point b
Article 1 – paragraph 2 – point b
Amendment 203 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
2a. This Directive shall not apply to flights within the Union or to means of transport other than airplanes.
Amendment 204 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 b (new)
Article 1 – paragraph 2 b (new)
2b. PNR data collected in accordance with this Directive may not be processed for minor offences which are punishable by a custodial sentence or a detention order for a maximum period of less than three years under the national law of a Member State.
Amendment 204 #
2011/0023(COD)
Proposal for a directive
Recital 28
Recital 28
(28) This Directive does not affecrules out the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, regarding internal flights subject to compliance with relevant data protection provisions, provided that such domestic law respects the Union acquis. The issue of the collection of PNR data on internal flights should be the subject of specific reflection at a future date.
Amendment 216 #
2011/0023(COD)
Proposal for a directive
Article 2 – paragraph 1 – point h
Article 2 – paragraph 1 – point h
Amendment 217 #
2011/0023(COD)
Proposal for a directive
Recital 32
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of specific PNR data for period of time not exceeding 5 year30 days, after which the data must be deleted, the data must be anonymised after a very short periodmasked out immediately, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
Amendment 224 #
2011/0023(COD)
Proposal for a directive
Article 2 – paragraph 1 – point i – introductory part
Article 2 – paragraph 1 – point i – introductory part
(i) ‘'serious transnational crime’' means the following offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA: trafficking in human beings, illicit trafficking in narcotic drugs and illicit trafficking in weapons, munitions and explosives, if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if :
Amendment 228 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Directive provides conditions for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member States, as well as the processiuse, retention and exchange of that data, including its collection, use and retention by the Member States and its exchange between them by Member States.
Amendment 240 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2
Article 1 – paragraph 2
2. The PNR data collected in accordance with this Directive may be processed only for the following purposes: (a) The prevention, detection, investigation and prosecution of terrorist offences and serious crime accordcertaing to Article 4(2)(b) and (c); and (b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime ypes of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2)(a) and (d).. deleted deleted
Amendment 242 #
2011/0023(COD)
Proposal for a directive
Article 3 – paragraph 3 a (new)
Article 3 – paragraph 3 a (new)
3a. The storage, processing and analysis of PNR data relating to passengers on international flights shall be carried out exclusively within the territory of the Union. The law applicable to these procedures shall therefore be Union law on personal data protection.
Amendment 245 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 a (new)
Article 1 – paragraph 2 a (new)
2a. PNR data collected in accordance with this Directive may not be processed for minor offences which are punishable by a custodial sentence or a detention order for a maximum period of less than three years under the national law of a Member State.
Amendment 247 #
2011/0023(COD)
Proposal for a directive
Article 1 – paragraph 2 b (new)
Article 1 – paragraph 2 b (new)
2b. This Directive shall not apply to flights within the Union or to means of transport other than airplanes.
Amendment 251 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
1a. The Member States shall bear the costs of collecting, processing and forwarding PNR data.
Amendment 255 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point a
Article 4 – paragraph 2 – point a
Amendment 264 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point b
Article 4 – paragraph 2 – point b
(b) carrying out an assessment of the passengersfurther assessment – which may be carried out prior to their scheduled arrival or departure from the Member State in order to identify any persons who may beby the competent authorities referred to in Article 5 – of passengers in respect of whom there are factual grounds for suspicion of involvedment in a terrorist offence or serious crime and who require further examination by the competent authorities referred to in Article 5transnational crime. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;
Amendment 270 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point d
Article 4 – paragraph 2 – point d
Amendment 273 #
2011/0023(COD)
Proposal for a directive
Article 2 – paragraph 1 – point h
Article 2 – paragraph 1 – point h
Amendment 278 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 3 a (new)
Article 4 – paragraph 3 a (new)
Amendment 280 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with points (a) and (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case-by- case basis.
Amendment 285 #
2011/0023(COD)
Proposal for a directive
Article 2 – paragraph 1 – point i – introductory part
Article 2 – paragraph 1 – point i – introductory part
(i) ‘'serious transnational crime’' means the following offences under national law referred to: trafficking in human beings as defined in Article 2 of Directive 2011/36/EU of 5 April 2011 on preventing and combating trafficking in human beings and protecting its victims, illicit trafficking in narcotic drugs as defined in Article 2(2) of Council Framework Decision 2002/584/JHA4/757/JHA of 25 October 2004 laying down minimum provisions on the constituent elements of criminal acts and penalties in the field of illicit drug trafficking, and illicit trafficking in weapons, munition and explosives as defined in Article 2b of Council Directive 2008/51/EC of 21 May 2008 on control of the acquisition and possession of weapons, if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if :
Amendment 304 #
2011/0023(COD)
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its ‘'Passenger Information Unit’' responsible for conducting risk assessments in accordance with Article 4 as well as collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.
Amendment 305 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
1. Member States shall adopt the necessary measures to ensure that air carriers which already collect PNR data from their passengers transfer (‘i.e. 'push’') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them in the normal course of their business, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data exclusively to the Passenger Information Units of all the Member States concerned of final arrival.
Amendment 308 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Member States shall not require air carriers to collect any PNR data that the air carriers do not already collect. Air carriers shall not transfer any PNR data other than those defined in Article 2(c) and specified in the Annex. Air carriers shall not be liable for the accuracy and completeness of data provided by passengers, except when they did not take reasonable care to ensure that the data collected from passengers were accurate and correct.
Amendment 311 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure of the air carriers, by any other appropriate means ensuring an appropriate level of data security:
Amendment 316 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) once 24 to 48 hours before the scheduled time for flight departure;
Amendment 317 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.
Amendment 319 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States mayshall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
Amendment 324 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 4
Article 6 – paragraph 4
4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.transnational crime. (This amendment applies throughout the text)
Amendment 330 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph -1 (new)
Article 4 – paragraph -1 (new)
-1. The anonymised PNR data transferred by air carriers pursuant to Article 6(1a) shall be collected by the Passenger Information Units for the purpose of conducting risk assessments on particular flights and flight connections as well as for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or serious transnational crime pursuant to point (a) of paragraph 3.
Amendment 331 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crimetransnational crime. Such transfers shall be strictly limited to the data necessary in a specific case for the prevention, detection, investigation or prosecution of a terrorist offence or serious transnational crime and shall be justified in writing. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities.
Amendment 336 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State(2), shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.
Amendment 337 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter's database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data shall be strictly limited to the data necessary in the specific case. It may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crimetransnational crime and shall be justified in writing. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).
Amendment 343 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter's database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crimetransnational crime. Such a request shall be justified in writing.
Amendment 343 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point a
Article 4 – paragraph 2 – point a
Amendment 351 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter's database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious transnational crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.
Amendment 356 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 5
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious transnational crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter's territory at any time. Such requests shall be strictly limited to the data necessary in the specific case for the prevention, detection, investigation or prosecution of a terrorist offence or serious transnational crime and shall be justified in writing.
Amendment 359 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 6
Article 7 – paragraph 6
6. Exchange of information under this Article may take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.
Amendment 360 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point b
Article 4 – paragraph 2 – point b
(b) carrying out an assessment of the passengersfurther assessment – which may be carried out prior to their scheduled arrival or departure from the Member State in order to identify any persons who may beby the competent authorities referred to in Article 5 - of passengers in respect of whom there are factual grounds for suspicion of involvedment in a terrorist offence or serious crime and who require further examination by the competent authorities referred to in Article 5transnational crime. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action; and
Amendment 363 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country only on the basis of an international agreement between the Union and that third country, only on a case-by- case basis and if:
Amendment 371 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
(c) the third country agrees to transfer the data to another third countryguarantees that it will use the data only where it is necessary for the purposes of this Directive specified in Article 1(2) and only with the express authorisation of the Member Sta. Transfer by that third country to another third country shall be prohibited.
Amendment 373 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 2 – point d
Article 4 – paragraph 2 – point d
Amendment 375 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c a (new)
Article 8 – paragraph 1 – point c a (new)
(ca) the third country allows Union citizens, without excessive delay or expense, the same rights of access, rectification, erasure and compensation with regard to the PNR data as apply in the Union,
Amendment 377 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c b (new)
Article 8 – paragraph 1 – point c b (new)
(cb) the third country ensures an adequate and comparable level of protection for PNR data.
Amendment 378 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c c (new)
Article 8 – paragraph 1 – point c c (new)
(cc) all the conditions set out in Article 7 are met, mutatis mutandis.
Amendment 383 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1
Article 9 – paragraph 2 – subparagraph 1
Amendment 385 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 3
Article 4 – paragraph 3
3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non- discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life. The assessment shall in any case not be based solely on automated processing and allow for human intervention on every criteria.
Amendment 387 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 3 a (new)
Article 4 – paragraph 3 a (new)
3a. The processing of PNR data may be authorised only by order of a competent court of a Member State following application by the Passenger Information Unit. Only where the Passenger Information Unit identifies danger in delay ('periculum in mora'), in particular an urgent need to avert serious consequences for the life, liberty of physical integrity of a person, may it authorise such processing itself, subject to a review by a court within 48 hours.
Amendment 394 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 21. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecution actions targeted at a particular person or a particular group of persons, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.
Amendment 394 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with points (a) and (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case-by- case basis.
Amendment 398 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The result of matching referred to in Article 4(2)(a) and (b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, further to individual review by non- automated means, proven to be negative, it shall, however, be stored so as to avoid future ‘false’ positive matches for a maximum period of three years unless the underlying data shave not yet been deleted in accordance with paragraph 3 at the expiry of the five years, in which case the log shall be kept until the underlying data are deletedll be corrected or deleted in the relevant database.
Amendment 398 #
2011/0023(COD)
Proposal for a directive
Article 4 – paragraph 4 a (new)
Article 4 – paragraph 4 a (new)
4a. The storage, processing and analysis of PNR data shall be carried out exclusively within the territory of the Union.
Amendment 402 #
2011/0023(COD)
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format prescribed by the ICAO guidelines on PNR or otherwise infringe the national provisions adopted pursuant to this Directive. No penalties shall be imposed on air carriers when the authorities of a third country do not allow them to transfer PNR data.
Amendment 403 #
2011/0023(COD)
Proposal for a directive
Article 4 a (new)
Article 4 a (new)
Article 4a Risk assessment 1. The Passenger Information Units shall conduct risk assessments on particular flights and flight connections in order to justify the collection of PNR data in accordance with Article 9. A decision to categorize flights or flight connections as involving a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime are travelling on those flights should be based on reliable and up-to-date factual and statistical evidence. 2. While collecting PNR data in accordance with Article 9 the Passenger Information Units shall constantly update the risk assessment and end the collection of PNR data as soon as a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime are travelling on those flights is no longer given. 3. Each risk assessment shall be approved by the competent national supervisory authority prior to any measure based on Article 9.
Amendment 405 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as those the provisions adopted under national law in implementation of Articles 217, 18, 19 and 202 of the Council Framework Decision 2008/977/JHA. The provisions of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA shall therefore be applicable regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive. Air carriers that obtain passenger contact details from travel agencies shall not be permitted to use them for commercial purposes.
Amendment 410 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
Amendment 416 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 4 a (new)
Article 11 – paragraph 4 a (new)
Amendment 418 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 5
Article 11 – paragraph 5
5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Units, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious transnational crime, the possibility of exchanging and sharing such data and their data protection rights, in particular such as the right to access, correct, erase and block data, and the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the public.
Amendment 420 #
2011/0023(COD)
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious transnational crime.
Amendment 428 #
2011/0023(COD)
Proposal for a directive
Article 12 a (new)
Article 12 a (new)
Article 12a By...* the Commission shall submit a report on the financial impact of this Directive to the European Parliament and the Council. The report shall focus in particular on the costs incurred by passengers, air carriers and ticket sellers. If appropriate, the report shall be accompanied by a legislative proposal aimed at harmonising the division of the financial burden between public authorities and air carriers across the Union. _____________ * OJ : please insert date: 2 years after the date of entry into force of this Directive.
Amendment 430 #
2011/0023(COD)
Proposal for a directive
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventiong, detectiong, investigating oron and prosecutingon of terrorist offences or serious crimeand certain types of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2).
Amendment 444 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph -1 (new)
Article 6 – paragraph -1 (new)
-1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') fully anonymised PNR data to the extent that such data are already collected by them in their normal course of business to the Passenger Information Units.
Amendment 447 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
1. Member States shall adopt the necessary measures to ensure that air carriers which already collect PNR data from their passengers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, in their normal course of business to the database of the national Passenger Information Unit of thea Member State on twhen territory of which the international flight will land or from the territory of which the flight will departhis is requested in accordance with Article 9. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data exclusively to the Passenger Information Units of all the Member States concerned. of final arrival.
Amendment 454 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. Member States shall not require air carriers to collect any PNR data that the air carriers do not already collect. Air carriers shall not transfer any PNR data other than those defined in Article 2(c) and specified in the Annex. Air carriers shall not be liable for the accuracy and completeness of data provided by passengers, except when they did not take reasonable care to ensure that the data collected from passengers were accurate and correct.
Amendment 458 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. AIn accordance with paragraph 1 and 2 air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure of the air carriers, by any other appropriate means ensuring an appropriate level of data security:
Amendment 459 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 6
Annex 1 – point 6
Amendment 462 #
Amendment 462 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – point a – introductory part
Article 6 – paragraph 2 – point a – introductory part
(a) once 24 to 48 hours before the scheduled time for flight departure;
Amendment 465 #
Amendment 466 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.
Amendment 467 #
Amendment 470 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States mayshall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
Amendment 471 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 12
Annex 1 – point 12
Amendment 475 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 13
Annex 1 – point 13
Amendment 477 #
2011/0023(COD)
Proposal for a directive
Article 6 – paragraph 4
Article 6 – paragraph 4
4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious transnational crime.
Amendment 478 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 14
Annex 1 – point 14
Amendment 482 #
Amendment 484 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 17
Annex 1 – point 17
Amendment 487 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 19
Annex 1 – point 19
Amendment 487 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted without delay by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessaryrelevant for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime. Such transfers shall be strictly limited to the data necessary in a specific case for the prevention, detection, investigation or prosecution of a terrorist offences or serious crimetransnational crime and shall be justified in writing. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities. Where appropriate, an alert shall be entered in accordance with article 36 of Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II)1 a. __________________ 1a OJ L 205, 7.8.2007, p. 63
Amendment 493 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data shall be strictly limited to the data necessary in this specific case. It may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crimetransnational crime and shall be justified in writing. Passenger Information Units shall provide the requested data as soon as practicable using the common protocols and supported data formats and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).
Amendment 502 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crimetransnational crime. Such a request shall be justified in writing.
Amendment 516 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Only in those cases wWhere it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious transnational crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.
Amendment 520 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 5
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious transnational crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’'s territory at any time. Such requests shall be strictly limited to the data necessary in the specific case for the prevention, detection, investigation or prosecution of a terrorist offence or serious transnational crime and shall be justified in writing.
Amendment 534 #
2011/0023(COD)
Proposal for a directive
Article 7 – paragraph 6
Article 7 – paragraph 6
6. Exchange of information under this Article may take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)1 a. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received. __________________ 1a OJ L 121, 15.5.2009, p. 37
Amendment 546 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by- case basis, only on the basis of an international agreement between the Union and that third country and if:
Amendment 551 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
Amendment 578 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
Amendment 586 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c a (new)
Article 8 – paragraph 1 – point c a (new)
(ca) the third country allows Union citizens, without excessive delay or expense, the same rights of access, rectification, erasure and compensation with regard to the PNR data as apply in the Union;
Amendment 589 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c b (new)
Article 8 – paragraph 1 – point c b (new)
(cb) the third country ensures an adequate and comparable level of protection for PNR data; and
Amendment 590 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 – point c c (new)
Article 8 – paragraph 1 – point c c (new)
(cc) all the conditions set out in Article 7 are met, mutatis mutandis.
Amendment 595 #
2011/0023(COD)
Proposal for a directive
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
Transfer by a third country to another third country shall be prohibited.
Amendment 607 #
2011/0023(COD)
Proposal for a directive
Article 9 – title
Article 9 – title
Amendment 608 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph -1 b (new)
Article 9 – paragraph -1 b (new)
-1b. A request pursuant paragraph -1 shall be subject to prior authorisation by a court and to judicial redress by every concerned person.
Amendment 609 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph -1 a (new)
Article 9 – paragraph -1 a (new)
-1a. A request pursuant paragraph 1 shall be valid only to the extent it is strictly necessary for the purpose of prevention, detection, investigation and prosecution of terrorist offences and certain types of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2) and in any case be limited for a maximum period of six month.
Amendment 610 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph -1 (new)
Article 9 – paragraph -1 (new)
-1. Member States shall adopt the necessary measures to ensure that their Passenger Information Unit may request air carriers in accordance with Article 6 to: (a) transfer ('push') PNR data of individual passengers, which may be identified by name, payment information, address and contact information, linked to a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime; or (b) transfer ('push') PNR data of all passengers on specific flights where a risk assessment of the Passenger Information Unit in accordance with Article 4a has proven a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime are travelling on those flights.
Amendment 617 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger Information Unit, are retained in a database at the Passenger Information Unit for a period of 30 days after their first transfer to theany Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.
Amendment 633 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1
Article 9 – paragraph 2 – subparagraph 1
Upon expiry of the period of 30 days after the first transfer of the PNR data to theany Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised, the data shall be deleted. This obligation shall be without prejudice to cases where specific PNR data shallve be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and wen transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the re it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecutiontention of such data by the competent authority shall be regulated by the national law of the Member State.
Amendment 636 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1 a (new)
Article 9 – paragraph 2 – subparagraph 1 a (new)
During the whole period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such masked out PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data. Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.
Amendment 660 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecution actions targeted at a particular person or a particular group of persons, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.
Amendment 662 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 3 a (new)
Article 9 – paragraph 3 a (new)
3a. Member States shall not require air carriers to collect any PNR data that the air carriers do not already collect. Air carriers shall not transfer any PNR data other than those defined in Article 2(c) and specified in the Annex. Air carriers shall not be liable for the accuracy and completeness of data provided by passengers, except when they did not take reasonable care to ensure that the data collected from passengers were accurate and correct.
Amendment 663 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 3 b (new)
Article 9 – paragraph 3 b (new)
3b. Member States shall bear the costs of use, retention and exchange of PNR data.
Amendment 665 #
2011/0023(COD)
Proposal for a directive
Article 9 – paragraph 4
Article 9 – paragraph 4
Amendment 680 #
2011/0023(COD)
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format prescribed by the ICAO guidelines on PNR or otherwise infringe the national provisions adopted pursuant to this Directive. No penalties shall be imposed on air carriers when the authorities of a third country do not allow them to transfer PNR data.
Amendment 683 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as thosethe provisions adopted under national law in implementation of Articles 217, 18, 19 and 202 of the Council Framework Decision 2008/977/JHA. The provisions of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA shall therefore be applicable regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive. Air carriers that obtain passenger contact details from travel agencies shall not be permitted to use them for commercial purposes.
Amendment 693 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Where provisions adopted under national law in implementation of Directive 95/46/EC provide the passenger with greater rights of access, rectification, erasure and blocking of the data, of compensation, of judicial redress, of confidentiality of processing and of data security than the provisions referred to in paragraphs 1 and 2, these provisions shall apply.
Amendment 706 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 4 a (new)
Article 11 – paragraph 4 a (new)
4a. A particularly high security standard shall be used for the protection of all data, geared to the latest developments in expert discussions on data protection, and constantly updated to include new knowledge and insights. Economic aspects shall be taken into account as a secondary concern at most when the relevant decisions on the security standards to be applied are taken. In particular, a state of the art encryption process shall be used which: - ensures that data-processing systems cannot be used by unauthorised persons; - ensures that authorised users of a data- processing system can access no data other than those to which their access right refers, and that personal data cannot be read, copied, changed or removed without authorisation when being processed or used and after retention; - ensures that personal data cannot be read, copied, changed or removed without authorisation when being electronically transmitted or during transport or saving to a storage medium, and ensures that it is possible to check and establish to which locations personal data are to be transferred by data transmission facilities. The possibility of retrospectively checking and establishing whether and by whom personal data have been entered in data- processing systems, changed or removed shall be guaranteed. It shall be guaranteed that personal data processed under contract may be processed only in accordance with the contracting entity's instructions. The protection of personal data against accidental destruction or loss shall be guaranteed. The possibility of processing data collected for different purposes separately shall be guaranteed.
Amendment 709 #
2011/0023(COD)
Proposal for a directive
Article 11 – paragraph 5
Article 11 – paragraph 5
5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious transnational crime, the possibility of exchanging and sharing such data and their data protection rights, in particularsuch as the right to access, correct, erase and block data, and the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the public.
Amendment 769 #
2011/0023(COD)
Proposal for a directive
Article 16
Article 16
Amendment 782 #
2011/0023(COD)
Proposal for a directive
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and, the quality of the assessments, and figures justifying the use of PNR data for each category of crime. It shall also contain the statistical information gathered pursuant to Article 18.
Amendment 789 #
2011/0023(COD)
Proposal for a directive
Article 17 a (new)
Article 17 a (new)
Article 17a Limitation This Directive shall lose its effect after a period of seven years. The Commission may ask to extend the effect of this Directive for further seven-year-periods after the consent of the European Parliament and the Council.
Amendment 793 #
2011/0023(COD)
Proposal for a directive
Article 18 – paragraph 1
Article 18 – paragraph 1
1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious crime according to Article 4(2) and, the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination and the number of criminal convictions following those actions.
Amendment 798 #
2011/0023(COD)
Proposal for a directive
Article 18 – paragraph 2
Article 18 – paragraph 2
2. These statistics shall not contain any personal data. They shall be transmitted to the Commission, the European Parliament, and the Council on a yearly basis.
Amendment 802 #
2011/0023(COD)
Proposal for a directive
Article 19 – paragraph -1 (new)
Article 19 – paragraph -1 (new)
-1. This Directive applies without prejudice to the Council Framework Decision 2008/977 JHA and any future legislation on the processing of personal data for the purpose of investigation and prevention of criminal offenses.
Amendment 813 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 6
Annex 1 – point 6
Amendment 816 #
Amendment 818 #
Amendment 819 #
Amendment 823 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 12
Annex 1 – point 12
Amendment 826 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 13
Annex 1 – point 13
Amendment 828 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 14
Annex 1 – point 14
Amendment 831 #
Amendment 832 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 17
Annex 1 – point 17
Amendment 835 #
2011/0023(COD)
Proposal for a directive
Annex 1 – point 19
Annex 1 – point 19
Amendment 77 #
2010/2311(INI)
Motion for a resolution
Recital G a (new)
Recital G a (new)
G a. whereas there is an urgent need for a uniform legal definition of the concept of ‘profiling’ based on the relevant fundamental rights and data protection standards to reduce uncertainty as to which activities are prohibited and which are not,
Amendment 78 #
2010/2311(INI)
Motion for a resolution
Recital G b (new)
Recital G b (new)
G b. whereas terrorist activities in Europe are mostly of a regional nature and there are considerable differences in their origins and modalities; whereas EU policies to coordinate national counterterrorism activities need to be tailored as opposed to having a ‘one size fits all approach’;
Amendment 85 #
2010/2311(INI)
Motion for a resolution
Paragraph 2
Paragraph 2
2. Deplores also the fact that the Communication does not sufficiently cover measures taken by DGs other than JLS (such as TRAN, ENTER or MARKT) and that it does not give a clear idea how the measures interact and where there is overlap or gaps; is of the opinion that all the above levels must also be considered, as European, national and international measures are complementary and assessing individual measures does not provide a complete picture of the impact of counter- terrorism policies in Europe;
Amendment 90 #
2010/2311(INI)
Motion for a resolution
Paragraph 3
Paragraph 3
3. ConsiderRecalls that counter-terrorism policies should meet the standards set with regard to civil liberties, the rule of law and democratic scrutiny and accountability that the Union has committed itself to uphold and develop, and that assessing whether these standards are met must be an integral part of an evaluation;
Amendment 111 #
2010/2311(INI)
Motion for a resolution
Paragraph 4
Paragraph 4
4. Stresses that a proper evaluation of ten years of counter-terrorism policies must provide the basis for an evidence-based, needs-driven, coherent and comprehensive EU counter-terrorism strategy by means of an in-depth and complete appraisal to be carried out by a panel of independent experts reporting back to a Joint Parliamentary Meeting of the European Parliament and national parliamentary committees responsible for overseeing counterterrorism activities within six months after the study is commissioned, drawing upon reports to be requested from relevant organisations and agencies such as Europol, Eurojust, the Fundamental Rights Agency, the European Data Protection Supervisor, the Council of Europe and the United Nations;
Amendment 121 #
2010/2311(INI)
Motion for a resolution
Paragraph 5 – point a
Paragraph 5 – point a
a. provide a clear input and output analysis of counter-terrorism policies in Europe in the past decade and set out clearly the results of the policies in terms of increased security in Europeanalysis of the terrorist threat based on a clear and precise definition agreed at EU level and the framework put in place to address this threat;
Amendment 126 #
2010/2311(INI)
Motion for a resolution
Paragraph 5 – point b
Paragraph 5 – point b
b. set out the facts and figures relating to terrorist activity (successful, failed, prevented attacks) and counter-terrorism activity (arrests and convictions);stresses that such figures have to be verifiable and subject to cross-examination;
Amendment 131 #
2010/2311(INI)
Motion for a resolution
Paragraph 5 – point c
Paragraph 5 – point c
c. include a full overview of the accumulated impact of counter-terrorism measures on civil liberties, including Member State policies and measures by third countries with a direct impact in the EU quantified at least in terms of discrimination statistics and violations of civil liberties found in the relevant case law of the ECHR, ECJ and national courts;
Amendment 137 #
2010/2311(INI)
Motion for a resolution
Paragraph 5 – point d
Paragraph 5 – point d
d. examine whether the current instruments for assessing the impact on privacy and civil liberties are adequate taking into account the interinstitutional agreements and further activities on better lawmaking;
Amendment 140 #
2010/2311(INI)
Motion for a resolution
Paragraph 5 – point e
Paragraph 5 – point e
e. identify where further law enforcement powers are neededmeasures have been effective, proportionate and necessary or, inversely, where the powers granted awere excessive and go beyond what is necessary including proposals for repeal or reform and where further measures might be needed;
Amendment 149 #
2010/2311(INI)
Motion for a resolution
Paragraph 6
Paragraph 6
6. Calls on the Commissionpanel of experts to map out which measures have objectives other than counter-terrorism, or where further objectives were added to the initial purpose of counter-terrorism (mission creep and function creep), such as law enforcement, immigration policies, public health, or public order;
Amendment 154 #
2010/2311(INI)
Motion for a resolution
Paragraph 7
Paragraph 7
7. Calls on the Commission to assist the activities of the panel of experts by drawing up a complete and detailed ‘map’ of all counter- terrorism policies in Europe; calls at the same time on Member States to assist the activities of the panel of experts by carrying out a comprehensive evaluation of their counter- terrorism policies, with a particular focus on interaction with EU policies, overlap and gaps, to cooperate better in the evaluation of EU policies, and to provide their input within the given deadlines, as in the case of the Data Retention Directive8 ;
Amendment 170 #
2010/2311(INI)
Motion for a resolution
Paragraph 11 – point b
Paragraph 11 – point b
b. all existing measures must be subjected to a retrospective proportionality test;9 ,9 giving priority to the Framework decision on the European Arrest Warrant where an explicit proportionality test needs to be introduced and the Framework decision on Terrorism, where in particular: - the operative part of the instrument (and not only the preamble) should include a full fundamental rights clause to guide its transposition and implementation; - in line with the best efforts to define terrorism on the international level, the definition of terrorism in Article 1 should restrict itself to the first two alternative intent elements, and the third one should be dropped (“seriously destabilising or destroying the fundamental political, constitutional, economic or social structures of a country or an international organization”), as it is to vague and therefore open to abuse by countries in other parts of the world that should be encouraged to follow best international standards; and - the list of crimes constituting the objective element of the same terrorism definition, should be shortened to comply with international standards based on the idea that the essence of terrorism is in deadly or otherwise serious physical violence against members of the general population (“civilians”) or segments of it.
Amendment 190 #
2010/2311(INI)
Motion for a resolution
Paragraph 13
Paragraph 13
13. Considers that the EU and its Member States must fully clarify their role in the CIA programme of renditions and black sites, in line with the recommendations of the European Parliament and the Council of Europe; insists that the Member States must fully collaborate with further investigations into the matter;
Amendment 204 #
2010/2311(INI)
Motion for a resolution
Paragraph 15 a (new)
Paragraph 15 a (new)
15 a. Calls upon the Commission to incorporate a uniform legal definition of the concept of ‘profiling’ in the upcoming revision of the Union’s data protection framework;
Amendment 217 #
2010/2311(INI)
Motion for a resolution
Paragraph 18 a (new)
Paragraph 18 a (new)
18 a. Calls on the Council to follow the example of the United Nations by appointing a coordinator on the promotion and protection of human rights and fundamental freedoms while countering terrorism;
Amendment 89 #
2010/2309(INI)
Motion for a resolution
Paragraph 4
Paragraph 4
4. Calls forStresses that all measures to counter organised crime toshould respect fundamental rights in full and be proportionate to achieving their objective in a democratic society in line with the Union’s commitments;
Amendment 108 #
2010/2309(INI)
Motion for a resolution
Paragraph 7
Paragraph 7
7. Is dissatisfied with the extremely limited impact on the legislative systems of the Member States of Framework Decision 2008/841/JHA on organised crime, which has not made any significant improvement to national laws or to operational cooperation to counter organised crime; stresses, therefore, the need to review and strengthen the legislative framework and calls on the Commission to submit, by the end of 2012, a proposal for a directive which contains a less general definition of organised crime and manages better to identify the key features of the phenomenoncommunication explaining why Framework Decision 2008/841/JHA failed to meet it aims and outlining options for more effective EU policies to combat organised crime; requests that, as regards the offence of membership of a criminal organisation, whilst showing due respect for different legislative systems, the abolition of the current dual approach (which criminalises both membership and conspiracy) be proposed and a range of habitual offences committed by organised crime be identified, which, regardless of the maximum sentence permitted in the Member States, could be deemed to constitute such a criminal offencestudied;
Amendment 127 #
2010/2309(INI)
Motion for a resolution
Paragraph 10
Paragraph 10
10. Stresses the importance of providing appropriate protection for the victims of organised crime, witnesses, informers and their families and calls on the Commission to submit, as soon as possible, a legislative proposal on this issue, the subject of which should be not only victims and their families but also witnesses and informers; calls for all types of victim to be treated equally (in particular the victims of organised crime, of duty and of terrorism) and for the protection of court witnesses to be extended over and beyond the duration of the court proceedingsin this regard welcomes the Commission’s proposal for a directive establishing minimum standards on the rights, support and protection of victims of crime; proposes establishing a European fund for the protection of victims and court witnesses;
Amendment 136 #
2010/2309(INI)
Motion for a resolution
Paragraph 11
Paragraph 11
11. Calls on the Commission to draw up a proposal for a directive to make the offence of Mafia association a punishable crimestudy the various ways in which ‘Mafia association’ is incriminated in allthe Member States, in order to be able to punishplus the way in which they tackle criminal organisations which profit from their very existence‘mafia association’, through their ability to intimidate – even without any specific acts of violence or threats – with the aim of securing the management or control, either directly or indirectly, of businesses, concessions, authorisations, contracts and public services, or of making, for themselves or others, unfair profits or gaining unjust advantages, or of preventing or impeding the free exercise of voting rights or securing votes for themselves or others in elections;
Amendment 140 #
2010/2309(INI)
Motion for a resolution
Paragraph 12
Paragraph 12
Amendment 152 #
2010/2309(INI)
Motion for a resolution
Paragraph 14
Paragraph 14
14. Asserts the importance of strengtheninvolving Eurojust in order to improve its effectiveness in countering transnational organised crime, with reference to its powers of initiative and to those conferred upon it under Article 85 of the Treaty on the Functioning of the European Union; takes the view that, in parallel, the provisions of the Treaty of Lisbon concerning the evaluation of Eurojust’s activities by the European Parliament and the national parliaments should be implemented, and is awaiting the relevant communication from the Commission by the end of 2011 and the legislative proposal by the end of 2012;
Amendment 159 #
2010/2309(INI)
Motion for a resolution
Paragraph 15
Paragraph 15
15. Reiterates its firm support for the implementation of Article 86 of the Treaty on the Functioning of the European Union concerning the establishment of a European Public Prosecutor’s Office and calls on the Commission to arrange, as soon as possible, an impact assessment on the added value of this institution, considering as being within its scope both the protection of the EU’s financial interests anCalls on the Commission to arrange, as soon as possible, an impact assessment on the added value of the establishment of a European Public Prosecutor’s office including the possibility of its scope being expanded theo combating of cross- border organised crime, as provided for under Article 86(4) of the Treaty on the Functioning of the European Union; reiterates its request that the Commission immediately launch debates and consultations with the parties concerned, including civil society, on the establishment of the European Public Prosecutor’s Office and make all the necessary arrangements to set up the appropriate institutional infrastructure, giving Eurojust full powers and consolidating, clarifying and simplifying its relations with key players such as taking into account the impact on fundamental rights and the rights of the defence in particular and the need for prior harmonisation of standards of procedural and substantive criminal law plus criminal jurisdiction rules; calls on the Commission to enter into consultations with all relevant stakeholders, including the Fundamental Rights Agency, the European Data Protection Supervisor, the Council of Europe, the European Parliament, national parliaments, civil society and defence rights organisations, to discuss the implications of the possible establishment of the European Public Prosecutor’s Office and its relations with Eurojust, Europol, the European Judicial Network, OLAF and Europol and with, individual national judicial and administrative institutions, the European Parliament and national parliaments;
Amendment 170 #
2010/2309(INI)
Motion for a resolution
Paragraph 17
Paragraph 17
17. Is aware that in order to overcome practical obstacles to judicial cooperation, considerable attention needs to be paid to informing and raising awareness among the judicial and police authorities and defence lawyers and calls on the Member States to consider judicial and police training plus defence rights a political priority; at the same time, calls on the Commission to mobilise the appropriate resources, including financial ones, to support the activity of the Member States;
Amendment 197 #
2010/2309(INI)
Motion for a resolution
Paragraph 21
Paragraph 21
Amendment 209 #
2010/2309(INI)
Motion for a resolution
Paragraph 22
Paragraph 22
22. Is convinced of the intrinsic link between organised crime and corruption and emphatically reiterates the request it expressed when adopting Written Declaration 02/10, both with reference to the creation of a mechanism to assess and monitor the policies of the 27 Member States in combating corruption and with regard to the framing of a comprehensive anti-corruption policy by the EU institutions; stresses the need for a proactive approach to combating corruption and calls on the Commission to place emphasis on measures to counter political corruption, that of the civil service, the courts, in all areas of the poublice and customs officers sector, in addition to private sector corruption; considers it, moreover, a priority to develop effective measures to combat corruption in the neighbourhood policy and in the use of development aid funds;
Amendment 215 #
2010/2309(INI)
Motion for a resolution
Paragraph 24
Paragraph 24
24. Undertakes to lay down rules to ensure that those who have been convicted of membership of criminal organisations or who have committed offences relating to such organisations, including aiding and abetting, or of corruption offences, will be unable to stand for election to the European Parliament; calls on European political groups to draw up internal codes of ethics to prevent those who have been convicted, even if not definitively, of such offences from standing for election; calls on the Member States to lay down similar rules for national and local elections and on the national parties to draw up codes of conduct to prevent those who have been convicted, even if not definitively, of the above- mentioned offences from standing for election;
Amendment 2 #
2010/2016(INI)
Motion for a resolution
Citation 1 a (new)
Citation 1 a (new)
- having regard to the Lisbon Treaty, which entered into force on 1 December 2009,
Amendment 6 #
2010/2016(INI)
Motion for a resolution
Recital A a (new)
Recital A a (new)
Aa. whereas following the entry into force of the Lisbon Treaty the Charter of Fundamental Rights has the same legal value as the European Union treaties and impact assessments should always verify the compatibility of the legislation with fundamental rights,
Amendment 8 #
2010/2016(INI)
Motion for a resolution
Recital D a (new)
Recital D a (new)
Da. whereas the Lisbon Treaty contains "horizontal" social and environmental clauses (Article 9 and 11 TFEU) the Union should take into account and integrate when defining and implementing Union actions and policies,
Amendment 21 #
2010/2016(INI)
Motion for a resolution
Paragraph 4
Paragraph 4
4. Considers it advisable and necessary to involvethat if external expertsise is used in the impact assessment process, in order to guarantee independence and objectivity; notes in this connection the fundamental distinction between public consultation and independent impact assessmentt is not with the aim to reveal the objective truth, but to inform the process of the different aspects of the future policy decision; considers that the quality of the impact assessment lies in presenting the benefits and drawbacks of a sufficient number of policy options; notes in this connection that the final outcome and the control of the quality of the impact assessment should remain with the European Union institutions;
Amendment 26 #
2010/2016(INI)
Motion for a resolution
Paragraph 7
Paragraph 7
7. Considers it necessaryimportant for new legislative proposals always to be accompanied by an impact assessment; notes that this may also appliesy to the simplification and recasting of EU law and to delegated acts and implementing acts pursuant to Articles 290 and 291 of Treaty on the Functioning of the European Union, where appropriate;
Amendment 29 #
2010/2016(INI)
Motion for a resolution
Paragraph 8
Paragraph 8
8. Calls for impact assessments to take a large number of criteria into account in order to provide the legislator with as comprehensive a picture as possible; calls for impact assessments to always evaluate the compatibility of the legislation with fundamental rights; recalls the "horizontal" social and environmental clauses (Article 9 and 11 TFEU) of the Lisbon Treaty ; also draws attention in this context to the economic, social and environmental aspects referred to in the interinstitutional agreement of 16 December 2003, which are to be combined in a single evaluation;
Amendment 39 #
2010/2016(INI)
Motion for a resolution
Paragraph 16
Paragraph 16
16. Stresses that impact assessments should not take place only before the adoption of a legislative text (ex-ante) but should also be carried out after its adoption (ex-post); points out that this is necessary in order to evaluate more accurately whether the objectives of a law have actually been achieved and whether a legal act should be amended or retained; stresses nevertheless that the ex-post evaluation should never replace the Commission's duty as "Guardian of the Treaties" to monitor effectively and in a timely manner the application of Union law by Member States;
Amendment 43 #
2010/2016(INI)
Motion for a resolution
Paragraph 20
Paragraph 20
Amendment 54 #
2010/2016(INI)
Motion for a resolution
Paragraph 29
Paragraph 29
29. Calls for the systematic ex-post evaluation by the Commission of legal acts adopted; stresses nevertheless that the ex-post evaluation should never replace the Commission's duty as "Guardian of the Treaties" to monitor effectively and in a timely manner the application of Union law by Member States;
Amendment 57 #
2010/2016(INI)
Motion for a resolution
Paragraph 33
Paragraph 33
33. Notes that Parliament and its committees already possess the machinery with which to scrutinise the Commission's impact assessments; stresses that this may take a number of forms, including complementary impact assessments, more detailed analyses, the review of Commission impact assessments by external experts and the holding of special meetings with independent experts; stresses that the work of its policy departments in this area should develop in a consistent manner also supported by budgetary increases;
Amendment 64 #
2010/2016(INI)
Motion for a resolution
Paragraph 40
Paragraph 40
40. Urges that this should take place under the aegis of a separate, independent body such as a foundation, which would be answerable toe integrated impact assessment process should be carried out, as it is now the case, under the aegis of the European Parliament Policy Departments, which are part of the European Parliament administration;
Amendment 66 #
2010/2016(INI)
Motion for a resolution
Paragraph 41
Paragraph 41
Amendment 68 #
2010/2016(INI)
Motion for a resolution
Paragraph 42
Paragraph 42
Amendment 96 #
2010/0817(COD)
Draft directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. The EIO set out in the form provided for in Annex A shall be completed, signed, and its content certified as accurate by the issuing authorityhall be issued in accordance with the form set out in Annex 1 of this Directive. It shall, in particular, contain the following information: (a) the issuing authority and/or validating authority; (aa) the object of and reason for the EIO; (ab) the necessary information available on the person(s) concerned; (ac) a description of the criminal act, which is subject for investigation or proceedings, and the applicable provisions of criminal law; (ad) a description of the investigative measure(s) requested and evidence to be obtained.
Amendment 99 #
2010/0817(COD)
Draft directive
Article 5 a (new)
Article 5 a (new)
Article 5a Minor offences Where the executing authority has reasons to believe that: (a) the investigative measure concerns an offence which it might consider being very minor, or (b) it is likely that the final penalty in the case may be very minor, the executing authority shall consult the issuing authority on the importance to execute the investigative measure in the specific case if such an explanation has not been made in the EIO, or in case the executing authority, after having received the EIO, is of the opinion that it may not be proportionate to execute the EIO regarding this minor offence. After such consultation, the issuing authority may decide to withdraw the EIO.
Amendment 127 #
2010/0817(COD)
Draft directive
Article 13
Article 13
Amendment 39 #
2010/0275(COD)
(fa) Support law enforcement and judicial authorities, at their request or on the Agency's own initiative, with expertise in fighting cybercrime and responding to cyber incidents. The Agency shall however not initiate specific criminal investigations and shall not routinely be called to provide operational assistance to law enforcement and judicial authorities, such as cybercrime investigations or computer forensics;
Amendment 42 #
2010/0275(COD)
Proposal for a regulation
Article 3 a (new)
Article 3 a (new)
Article 3a Computer Emergency Response Teams (CERTs) 1. The Agency shall support national CERTs in Member States and at Union level and the establishment and operation of a network of national and Union CERTs, including the members of the European Governmental CERTs Group. To assist in ensuring that each of the national and Union CERTs have sufficiently advanced capabilities and that those capabilities correspond as far as possible to the capabilities of the most advanced CERTs, the Agency shall assist in benchmarking the teams and shall promote dialogue and exchange of information and best practices between the CERTs and the European Governmental CERTs Group. The Agency shall promote and support cooperation between the relevant national and Union CERTs in the event of incidents involving or potentially involving several of them. 2. The Agency shall facilitate contacts and exchanges of information and best practices with relevant state and other CERTs, groups and fora in third countries. 3. The Agency shall function as the EU CERTs coordination body.
Amendment 45 #
2010/0273(COD)
Proposal for a directive
Recital 10
Recital 10
(10) This Directive does not intend to impose criminal liability where the offences are committed without criminal intent, such as for authorised testing or protection of information systems, provided that the operator or vendor of the system is fully informed of the vulnerability in a timely manner, or where the withholding of an authorisation for access to a system constitutes an abuse of rights by itself.
Amendment 51 #
2010/0273(COD)
Proposal for a directive
Recital 12 a (new)
Recital 12 a (new)
(12a) In order to fight cybercrime effectively, it is also necessary to increase the resilience of information systems by protecting them more effectively against attacks and setting the right incentives for this. In this respect, the establishment of minimum standards and of liability for vendors and operators for the adequate protection of information systems should play a central role. Therefore, the Union and the Member States' fight against cybercrime will have an impact, only if this Directive is accompanied by preventive measures against such offences adopted in accordance with Article 67(3) and Article 84 of the Treaty of the Functioning of the European Union.
Amendment 55 #
2010/0273(COD)
Proposal for a directive
Recital 12 b (new)
Recital 12 b (new)
(12b) Member States should consider the protection of their information systems and associated data. Reasonable levels of protection should be provided against reasonably identifiable threats and vulnerabilities. The cost and burden of such protection should be proportionate to the likely damage to those affected.
Amendment 60 #
2010/0273(COD)
Proposal for a directive
Recital 12 c (new)
Recital 12 c (new)
(12c) Member States should also take appropriate steps to oblige legal persons within their jurisdictions who operate or provide IT systems to protect from offences referred to in this Directive. Reasonable levels of protection should be provided by legal persons against reasonably identifiable threats and vulnerabilities. Such protection should be proportionate to the likely damage to those affected. Where a legal person has clearly failed to provide a reasonable level of protection, and where the damage caused as a result of such failure is considerable, Member States should ensure that it is possible to impose deterrent sanctions and to prosecute this legal person for negligence.
Amendment 63 #
2010/0273(COD)
Proposal for a directive
Recital 12 d (new)
Recital 12 d (new)
(12d) It is also necessary to foster and improve cooperation between service providers, producers, law enforcement bodies and judicial authorities, while fully respecting the rule of law, especially as regards legal certainty and foreseeability, as well as the rights of suspected and accused persons such as the presumption of innocence and judicial redress.
Amendment 76 #
2010/0273(COD)
Proposal for a directive
Article 2 – point c
Article 2 – point c
(c) ‘legal person’ means any entity having such status under the applicable law, except for States or other public bodies in the exercise of State authority and for public international organisations;, which does not imply that States or other public bodies should be able to attack information systems without a legal basis and full respect for fundamental rights.
Amendment 78 #
2010/0273(COD)
Proposal for a directive
Article 2 – point d
Article 2 – point d
(d) ‘"without right’" means access, or interference not authorised by the owner, other right holder of the system or of part of it, or not unless the withholding of such authorisation constitutes an abuse of rights by itself, or unless such access or interference is permitted under national legislation.;
Amendment 86 #
2010/0273(COD)
Proposal for a directive
Article 3
Article 3
Member States shall take the necessary measures to ensure that the intentional access without right -meaning entering to the whole or any part of an information system- is punishable as a criminal offence, at least for cases which are not minor. The conduct referred to in paragraph 1 shall be incriminated only where the offence is committed by infringing a security measure and provided that the operator or vendor of the system is not fully informed of the vulnerability in a timely manner.
Amendment 92 #
2010/0273(COD)
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
Member States shall take the necessary measures to ensure that the intentional interception by technical means, of non- public transmissions of computer data to, from or within a information system, including electromagnetic emissions from an information system carrying such computer data, is punishable as a criminal offence when committed without right, at least for cases which are not minor.
Amendment 93 #
2010/0273(COD)
Proposal for a directive
Article 7 – introductory part
Article 7 – introductory part
Amendment 96 #
2010/0273(COD)
Proposal for a directive
Article 8
Article 8
Amendment 101 #
2010/0273(COD)
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 86 are punishable by effective, proportional and dissuasive criminal penalties.
Amendment 104 #
2010/0273(COD)
Proposal for a directive
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 7 are punishable by criminal penalties of a maximum term of imprisonment of at least two yearsbetween one and three years of imprisonment.
Amendment 107 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 7 are punishable by criminal penalties of a maximum term of imprisonment of at least between two and five years when committed within the framework of a criminal organization as defined in Framework Decision 2008/841/JHA.
Amendment 110 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 6 are punishable by criminal penalties of a maximum term of imprisonment of at least between two and five years when committed through the use of a tool designed to launch attacks affecting a significant number of information systems, or attacks causing considerable damage, such as disrupted system services, financial cost or loss of personal data.
Amendment 111 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3
Article 10 – paragraph 3
Amendment 113 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3 a (new)
Article 10 – paragraph 3 a (new)
3a. Member States shall ensure that the penalties referred to Article 9 will not apply to offences referred to in Articles 3 to 7 when the offences are clearly not committed for criminal intent, such as during the testing or the immediate protection of information systems, or if the operator or vendor of the system is fully informed of the vulnerability in a timely manner.
Amendment 114 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3 b (new)
Article 10 – paragraph 3 b (new)
3b. Member States shall consider the protection of their information systems and associated data. Reasonable levels of protection should be provided against reasonably identifiable levels of threats and vulnerabilities, with the protection proportionate to the probable damage to the parties concerned.
Amendment 115 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3 c (new)
Article 10 – paragraph 3 c (new)
3c. Member States shall take appropriate steps to oblige legal persons under their jurisdictions to protect information systems from offences detailed in Articles 3 to 7. Reasonable levels of protection should be provided against reasonably identifiable levels of threats and vulnerabilities, with the protection proportionate to the probable damage to the parties concerned.
Amendment 116 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3 d (new)
Article 10 – paragraph 3 d (new)
3d. Where legal persons are considered to have failed to provide a reasonable level of protection as detailed in paragraph 3b and 3c against offenses detailed in Articles 3 to 7, and where these offenses are considered to have been carried out with clear criminal intent, then these offenses will be considered to have been carried out under alleviating circumstances when applying criminal penalties.
Amendment 117 #
2010/0273(COD)
Proposal for a directive
Article 10 – paragraph 3 e (new)
Article 10 – paragraph 3 e (new)
3e. Where legal persons have clearly failed to provide a reasonable level of protection and in cases where the damage caused as a result of this failure is considerable, then Member States shall ensure that is possible to impose deterrent sanctions and to prosecute this legal person for negligence.
Amendment 27 #
2010/0246(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point 4
Article 3 – paragraph 1 – point 4
(4) ‘suspicious transaction’ means any transaction concerning the substances listed in the Annexes, or mixtures containing those substances, where there are reasonable grounds for suspecting that the substance or mixture is intended for the production of home-made explosives, notably because of its unusual quantity, concentration, combination and frequency;
Amendment 48 #
2010/0246(COD)
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
2. Each Member State shall set up a national contact point with a clearly identified telephone number and e-mail address for the reporting of suspicious transactions. Such contact points shall be staffed by personnel of the law enforcement agencies.
Amendment 63 #
2010/0246(COD)
Proposal for a regulation
Article 6 – paragraph 7 a (new)
Article 6 – paragraph 7 a (new)
7a. Reporting under this Article shall be limited to the name, licence number, items purchased, the amount of the transaction and the method of payment and the reasons giving rise to suspicion, for a maximum period of 2 years, unless a suspicious transaction or theft has led to an investigation which is still ongoing. The processing of personal data revealing racial or ethic origin, political opinions, religious or philosophical beliefs, trade- union membership, as well as the processing of data concerning health or sex life, is prohibited.
Amendment 64 #
2010/0246(COD)
Proposal for a regulation
Article 7
Article 7
Each Member State shall ensure that the processing of personal data carried out in application of this Regulation shall be in accordance with Directive 95/46/EC. In particular, each Member State shall ensure that the processing of personal data required by the granting of license pursuant to Articles 4 and 5 of this Regulation, and the reporting of suspicious transactions pursuant to Article 6 of this Regulation, shall comply with Directive 95/46/EC. Guidelines contained in the implementing decisions referred to in Articles 5(6) and 6(6) shall ensure that: - information is only disclosed to competent law enforcement authorities for the purpose of investigating terrorist activities or other suspected criminal abuse of explosive precursors; - the licensing authority shall inform license holders about the fact that their purchases will be recorded and may be subject to reporting if found suspicious; - a clear and concrete definition of suspicious transactions is provided, as well as criteria to identify them; - data security is guaranteed; - data is accessible only on a need to know basis and the list of recipients is published; - data subjects have a right of access correction or deletion, when appropriate, and a redress mechanism is foreseen. The European Data Protection Supervisor shall be consulted prior to drawing up these guidelines.
Amendment 27 #
2010/0215(COD)
Proposal for a directive
Recital 14 a (new)
Recital 14 a (new)
(14a) This Directive applies to suspected and accused persons on Union territory regardless of their legal status, citizenship or nationality.
Amendment 47 #
2010/0215(COD)
Proposal for a directive
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Directive applies from the time a person is made aware by the competent authorities of a Member State, by official notification or otherwise, that he or she is suspected or accused of having committed a criminal offence until the conclusion of the proceedings, which is understood to mean the final determination of the question whether the suspected or accused person has committed the offence, including, where applicable, sentencing and the resolution of any appeal. (the change from "he" to "he or she", from "him" to "him or her" and from "his" to "his or her" should be made throughout the text)
Amendment 48 #
2010/0215(COD)
Proposal for a directive
Article 4 – paragraph 2
Article 4 – paragraph 2
2. TWhe Letter of Rights shall be drafted in simple language and shall include at least that information referred to in Article 3(2). Annex I to this Directive contains an indicative model of such a Letterre a person has been deprived of liberty, the Letter of Rights shall contain at least the elements set out in Annex I to this Directive.
Amendment 49 #
2010/0215(COD)
Proposal for a directive
Article 2 – paragraph 1 a (new)
Article 2 – paragraph 1 a (new)
1a. "Competent authorities" shall include, but not be limited to, police and investigatory authorities, prosecutors, magistrates and judges.
Amendment 50 #
2010/0215(COD)
Proposal for a directive
Article 2 – paragraph 1 b (new)
Article 2 – paragraph 1 b (new)
1b. "Accusation" shall at least cover the situations in which a person is charged with a criminal offence in accordance with Article 6 ECHR as interpreted by the European Court of Human Rights.
Amendment 51 #
2010/0215(COD)
Proposal for a directive
Article 2 – paragraph 1 c (new)
Article 2 – paragraph 1 c (new)
1c. "Evidentiary material related to the case" shall at least cover the right to have access to the case file.
Amendment 52 #
2010/0215(COD)
Proposal for a directive
Article 5
Article 5
Member States shall ensure that any person subject to proceedings for the execution of a European Arrest Warrant receives an appropriate Letter of Rights setting out all of the rights of that person as laid down in the Framework Decision 2002/584/JHA.. Annex II to this Directive The Letter of Rights shall be drafted in simple language and shall contains an indicative model of such Lettert least the elements set out in Annex II to this Directive.
Amendment 56 #
2010/0215(COD)
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Member States shall ensure that any person who is suspected or accused of having committed a criminal offence is provided promptlyas soon as practicable and in any event before questioning takes place with information on his procedural rights both orally and in writing and in simple and accessible language.
Amendment 59 #
2010/0215(COD)
Proposal for a directive
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1a. The competent authorities shall take steps to ensure that the suspected or accused person understands the information provided. If there is a possibility that the suspected or accused persons may be vulnerable due to age, language, incapacity or any other reason, police officers must take further steps to ensure that they understand their rights. Where such further steps require the assistance of a qualified interpreter in accordance with Directive 2010/64/EU or a responsible adult in the case of a child or less able person, the competent authority shall also inform the interpreter or responsible adult of the rights so that they can explain them to the suspected or accused person. The suspected or accused person shall be asked to confirm in writing that he has understood what his rights are.
Amendment 67 #
2010/0215(COD)
Proposal for a directive
Annex I – Title
Annex I – Title
Amendment 69 #
2010/0215(COD)
Proposal for a directive
Article 3 – paragraph 2 – indent 4 a (new)
Article 3 – paragraph 2 – indent 4 a (new)
– the right to remain silent,
Amendment 70 #
2010/0215(COD)
Proposal for a directive
Article 3 – paragraph 2 – indent 4 b (new)
Article 3 – paragraph 2 – indent 4 b (new)
– the right to maintain contact with family or friends or with consular officials,
Amendment 71 #
2010/0215(COD)
Proposal for a directive
Article 3 – paragraph 2 – indent 4 c (new)
Article 3 – paragraph 2 – indent 4 c (new)
– the right to apply for provisional release, where applicable, in accordance with Council Framework Decision 2009/829/JHA of 23 October 2009 on the application, between Member States of the European Union, of the principle of mutual recognition to decisions on supervision measures as an alternative to provisional detention1. 1 OJ L 294, 11.11.2009, p. 20.
Amendment 74 #
2010/0215(COD)
Proposal for a directive
Annex II – Title
Annex II – Title
Amendment 77 #
2010/0215(COD)
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
1. Where a person is arrested by the competentdeprived of liberty by the authorities of a Member State in the course of criminal proceedings, he/she shall be promptly provided with information about his procedural rights in writing (Letter of Rights). He/she shall be given an opportunity to read the Letter of Rights and be allowed to keep it in his/her possession throughout the time during which he/she is deprived of his/her liberty. This provision shall apply to all cases where persons are deprived of liberty by public authorities.
Amendment 87 #
2010/0215(COD)
Proposal for a directive
Annex II – Title E – indent 1
Annex II – Title E – indent 1
Amendment 87 #
2010/0215(COD)
Proposal for a directive
Article 5
Article 5
Member States shall ensure that any person subject to proceedings for the execution of a European Arrest Warrant receives an appropriate Letter of Rights setting out all of the rights of that person as laid down in the Framework Decision 2002/584/JHA. Annex II to this DirectiveThe Letter of Rights shall be drafted in simple language and shall contains an indicative model of such Lettert least the elements set out in Annex II to this Directive.
Amendment 92 #
2010/0215(COD)
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. The information required pursuant to paragraph 1 shall be delivered promptlyon arrest and in detail and in a language that the suspected or accused person understands. In the case of a vulnerable person or child, information about the charges shall be provided in a manner adapted to his or her age, language, level of maturity and intellectual and emotional capacities.
Amendment 100 #
2010/0215(COD)
Proposal for a directive
Article 6 – paragraph 3 a (new)
Article 6 – paragraph 3 a (new)
(3a) The information provided under paragraph 3 shall be given orally and as soon as practicable in writing.
Amendment 101 #
2010/0215(COD)
Proposal for a directive
Article 6 – paragraph 3 b (new)
Article 6 – paragraph 3 b (new)
(3b) The duty to provide the information under paragraph 3 shall continue throughout the proceedings where new information becomes available.
Amendment 109 #
2010/0215(COD)
Proposal for a directive
Article 7 – paragraph 2 a (new)
Article 7 – paragraph 2 a (new)
2a. Member States shall ensure that the limitations on the right of access to the case-file laid down in paragraph 2 do not in any way prejudice the accused persons' effective exercise of their right of defence.
Amendment 110 #
2010/0215(COD)
Proposal for a directive
Article 7 – paragraph 2 b (new)
Article 7 – paragraph 2 b (new)
2b. Member States shall ensure that an effective remedy exists before an impartial tribunal to challenge the decision not to allow access to certain documents contained in the case-file.
Amendment 117 #
2010/0215(COD)
Proposal for a directive
Annex 1 – title
Annex 1 – title
Amendment 118 #
2010/0215(COD)
Proposal for a directive
Annex 1 – paragraph 2 – point B
Annex 1 – paragraph 2 – point B
B. to the assistance of a lawyer. If you are not able to afford a lawyer, the police must provide you with information about how to get legal assistance.
Amendment 119 #
2010/0215(COD)
Proposal for a directive
Annex 1 – paragraph 2 – point C a (new)
Annex 1 – paragraph 2 – point C a (new)
Ca. not to say anything when questioned
Amendment 120 #
2010/0215(COD)
Proposal for a directive
Annex 1 – paragraph 2 – point C b (new)
Annex 1 – paragraph 2 – point C b (new)
Cb. to contact your family, friends, and consular officials
Amendment 121 #
2010/0215(COD)
Proposal for a directive
Annex 1 – paragraph 2 – point D
Annex 1 – paragraph 2 – point D
D. to know for how long you can be detained, to a regular review of your detention and to provisional release
Amendment 125 #
2010/0215(COD)
Proposal for a directive
Annex 1 – part C – indent 4 a (new)
Annex 1 – part C – indent 4 a (new)
– You may not be forced to sign any documents in a language which you do not understand. Refusing to do so will not be held against you.
Amendment 126 #
2010/0215(COD)
Proposal for a directive
Annex 1 – part C a (new)
Annex 1 – part C a (new)
Amendment 127 #
2010/0215(COD)
Proposal for a directive
Annex 1 – part C b (new)
Annex 1 – part C b (new)
Cb. Contacting friends, family and consular authorities – You have the right to contact your friends and family. – The police must help you contact your friends, family and, where applicable, your country's consular authority or embassy. They must do this as soon as possible after you have been detained. – People from the embassy or consular authority are entitled to visit you and arrange for a lawyer to assist you.
Amendment 128 #
2010/0215(COD)
Proposal for a directive
Annex 2 – paragraph 1
Annex 2 – paragraph 1
Amendment 129 #
2010/0215(COD)
Proposal for a directive
Annex 2 – paragraph 2 – point B
Annex 2 – paragraph 2 – point B
B. to the assistance of a lawyer. If you are not able to afford a lawyer the police must provide you with information about how to get legal assistance
Amendment 130 #
2010/0215(COD)
Proposal for a directive
Annex 2 – paragraph 2 – point D
Annex 2 – paragraph 2 – point D
D. to be informed of your righnot to agree to be surrendered to another country
Amendment 131 #
2010/0215(COD)
Proposal for a directive
Annex 2 – paragraph 2 – point E a (new)
Annex 2 – paragraph 2 – point E a (new)
Ea. to a regular review of your detention
Amendment 135 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part A – indent 1
Annex 2 – part A – indent 1
– You have a right to know why you are sought by anoof what offence you are suspected or have been convicted of in ther country which has requested your surrender.
Amendment 136 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part A – indent 1 a (new)
Annex 2 – part A – indent 1 a (new)
– You have a right to know the contents of the arrest warrant sent from the other country (European Arrest Warrant).
Amendment 137 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part C – indent 4 a (new)
Annex 2 – part C – indent 4 a (new)
– You may not be forced to sign any documents in a language which you do not understand. Refusing to do so will not be held against you.
Amendment 138 #
Amendment 139 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part D – indent 1
Annex 2 – part D – indent 1
– You have the rightdo not have to agree to being surrendered under a European Arrest Warrant. This should speed the procedure up.
Amendment 140 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part D – indent 2
Annex 2 – part D – indent 2
– If you agree to be surrendered, it may be difficult to change this decision at a later stage. You should speak to a lawyer before deciding whether or not to agree to surrender. There are particular grounds which you can rely on to prevent surrender. A lawyer can assist you in deciding whether they apply in your case.
Amendment 141 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part E – indent 1
Annex 2 – part E – indent 1
Amendment 142 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part E – indent 1 a (new)
Annex 2 – part E – indent 1 a (new)
– You have the right to a hearing where a judge will decide whether you should be sent to the country which is seeking your surrender.
Amendment 143 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part E – indent 1 b (new)
Annex 2 – part E – indent 1 b (new)
– You have the right to be represented by a lawyer at this hearing – if you are not able to afford a lawyer, you must be provided with information about how to get legal assistance.
Amendment 144 #
2010/0215(COD)
Proposal for a directive
Annex 2 – part E a (new)
Annex 2 – part E a (new)
E a. Review of detention – You have the right to a regular review of the reasons for your detention – If you are not released, you must be brought before a judge within [X] hours after you have been deprived of your liberty.
Amendment 80 #
2010/0064(COD)
Proposal for a directive
Recital 13
Recital 13
(13) Child pornography, which constitutes sex abuse images, is a specific type of content which cannot be construed as the expression of an opinion. To combat it, it is necessary to reduce the circulation of child abuse material by making it more difficult for offenders to upload such content onto the publicly accessible Web and to ensure that investigation and prosecution of such crimes is prioritized. Action is therefore necessary to remove the content at source and apprehend those guilty of making, distributing or downloading child abuse images. The EU, in particular through increased cooperation with third countries and international organisations, should seek to facilitate the effective removal by third country authorities of websites containing child pornography, which are hosted inand prosecution by their territory. However as, despite such efforts, the removal of child pornography content at its source proves to be difficult where the original materials are not located within the EU, mechanisms should also be put in place to block access from the Union's territory to internet pages identified as containing or disseminating child pornography. For that purpose, different mechanisms can be used as appropriate, including facilitating the competent judicial or police authorities to order such blocking, or supporting and stimulating Internet Service Providers on a voluntary basis to develop codes of conduct and guidelines for blocking access to such Internet pages. Both with a view to the removal and the blocking of child abuse content, cooperation between public authorities should be established and strengthened, particularly in the interest of ensuring that national lists of websites containing child pornography material are as complete as possible andd country authorities of websites containing child pornography, which are hosted in their territory. Cooperation between public authorities should be established and strengthened, particularly in the interest of avoiding duplication of work. Any such developments must take account of the rights of the end users, adhere to existing legal and judicial procedures and comply with the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union. Only in the case of difficulties in cooperation with third countries on removal and prosecution, member states may take up legal measures for restricting access to internet pages containing or disseminating child abuse images. The Safer Internet Programme has set up a network of hotlines whose goal is to collect information and to ensure coverage and exchange of reports on the major types of illegal content online.
Amendment 314 #
2010/0064(COD)
Proposal for a directive
Article 21 – title
Article 21 – title
Amendment 320 #
2010/0064(COD)
Proposal for a directive
Article 21 – paragraph 1
Article 21 – paragraph 1
1. Member States shall take the necessary legal measures to obtain the blocking of access by Internet users in their territory to Iremoval at source of internet pages containing or disseminating child pornography. The blocking of access shall be subject to adequate safeguards, in particular to ensure that the blocking is limited to what is necessary, that users are informed of the reason for the blocking and that content providers, as far as possible, are informed of the possibility of challenging itabuse images.
Amendment 337 #
2010/0064(COD)
Proposal for a directive
Article 21 – paragraph 2
Article 21 – paragraph 2
2. Without prejudice to the above, Member States shall take the necessary measures to obtain the removal of iIn addition, when removal of content at source has proven impossible to achieve, Member States may, where prescribed by law and necessary, set up proportionate and transparent procedures to restrict access by Internet users in their territory to Internet pages containing or disseminating child pornography. abuse images.
Amendment 341 #
2010/0064(COD)
Proposal for a directive
Article 21 – paragraph 2 a (new)
Article 21 – paragraph 2 a (new)
2a. Any measure under paragraphs 1 and 2 shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Union law. It shall provide for a prior ruling including the right to an effective and timely judicial review.
Amendment 85 #
Amendment 26 #
2009/0802(CNS)
Article 8 -paragraph 1 - point c
(c) all relevant details about the identityname, nationality, date of birth and address of the suspected or accused person and aboutof the victims, if applicable; transmission of information related to so- called 'racial' or ethnic origin, religion or belief and sexual orientation are expressly prohibited;
Amendment 41 #
2009/0089(COD)
Proposal for a regulation
Recital 15
Recital 15
(15) Without prejudice to future Union legislation relating to the protection of personal data and implementing Article 16 of the Treaty on the Functioning of the European Union and Article 8 of the Charter of Fundamental Rights of the European Union, Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data applies to the processing of personal data by the Agency. This Regulation provides, inter alia, that the European Data Protection Supervisor shall have the power to obtain from the Agency access to all information necessary for his or her enquiries.
Amendment 43 #
2009/0089(COD)
Proposal for a regulation
Recital 4
Recital 4
(4) In order to ensure the operational management of SIS II, VIS and EURODAC after the transitional period and potentially of other information technology ("IT") systems in the area of freedom, security and justice, it is necessary, it would be useful to establish a Management Authority subject to appropriate oversight.
Amendment 44 #
2009/0089(COD)
Proposal for a regulation
Recital 4 a (new)
Recital 4 a (new)
(4a) Bearing in mind that the risk of mistakes or wrong use of personal data is likely to increase when more large-scale IT systems are entrusted to the same operational manager, the total number of managed large-scale IT systems should be limited and should be extended only after a proper evaluation of the Agency's work, an impact assessment concerning respect for fundamental rights, data protection and security, and the adoption of a separate legal act.
Amendment 45 #
2009/0089(COD)
Proposal for a regulation
Recital 5
Recital 5
(5) With a view to achieving synergies, it is necessary to provide for the operational management of these systems in one entity, benefiting from economies of scale, creating critical mass and, ensuring the highest possible utilisation rate of capital and human resources, and ensuring the highest level of security, transparency and democratic control, and, where possible, implementing the "privacy by design" principle.
Amendment 46 #
2009/0089(COD)
Proposal for a regulation
Recital 9
Recital 9
Amendment 47 #
2009/0089(COD)
Proposal for a regulation
Recital 9 a (new)
Recital 9 a (new)
(9a) To prevent the Agency from function creeping and from developing schemes in its own interest, it should be responsible for monitoring research and for pilot schemes only at the specific and precise request of the European Parliament, the Commission or the European Data Protection Supervisor and only within the framework of the large-scale IT systems which it is already in charge of.
Amendment 48 #
2009/0089(COD)
Proposal for a regulation
Recital 13
Recital 13
(13) Within the framework of their respective competences, the Agency should cooperate with other agencies of the European Union, especially agencies established in the area of freedom, security and justice and, in particular, those concerned with the defence of fundamental rights.
Amendment 50 #
2009/0089(COD)
Proposal for a regulation
Article 1
Article 1
A European Agency ("the Agency") for the operational management of the second- generation Schengen Information System (SIS II), the Visa Information System (VIS), EURODAC and for developing and managing other large-scale information technology ("IT") systems, in application of Title V of the Treaty on the Functioning of the European Union is hereby established.
Amendment 51 #
2009/0089(COD)
Proposal for a regulation
Article 1 – paragraph 1 b (new)
Article 1 – paragraph 1 b (new)
Operational management shall consist of all the tasks necessary to keep the large- scale IT systems referred to in the first paragraph functioning in accordance with the specific provisions applicable to each of those IT systems, including responsibility for the communication infrastructure used by the IT systems. There shall be by no means the possibility of interoperability between those large- scale IT systems.
Amendment 52 #
2009/0089(COD)
Proposal for a regulation
Article 1 a (new)
Article 1 a (new)
Article 1a Objectives of the Agency Without prejudice to the respective responsibilities of the Commission and of the Member States under the instruments governing the IT systems referred to in Article 1, the Agency shall ensure: – the implementation of effective and secure operation, and the continuous, efficient and financially accountable management, of the IT systems referred to in Article 1; – a high-level quality of service for users of those IT systems; – continuity and uninterrupted service; – a high level of data protection, in accordance with the applicable rules, including specific provisions for each IT system referred to in Article 1; – a high level of physical security and data integrity and security, in accordance with the applicable rules, including specific provisions for each IT system, as referred to in Article 1; – the use of a professional project management structure for the efficient development of large-scale IT systems.
Amendment 53 #
2009/0089(COD)
Proposal for a regulation
Article 4 a (new)
Article 4 a (new)
Amendment 57 #
2009/0089(COD)
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. UponOnly at the specific and precise request of the Commission, or the Agency shall implement pilot schemes for the development and/or the operational management of large-scale IT systems, in application of Title V of the Treaty on the Functioning of the European Union. European Data Protection Supervisor and only after having informed the European Parliament and the Council at least three months in advance, the Agency may implement pilot schemes as referred to in Article 49(6), point (a), of Regulation (EC, Euratom) No 1605/2002, for the development and/or the operational management of large-scale IT systems, in application of Title V of the Treaty on the Functioning of the European Union. The European Parliament, the Council and the European Data Protection Supervisor shall be kept regularly informed of progress in the development of those pilot schemes.
Amendment 63 #
2009/0089(COD)
Proposal for a regulation
Article 9 – paragraph 1 – point i
Article 9 – paragraph 1 – point i
(i) before 30 September each year, and after receiving the opinion of the Commission, adopt by a two-thirds majority of its members with the right to vote, and in accordance with the annual Union budgetary procedure and the Union legislative programme in areas of Title V of the Treaty on the Functioning of the European Union, the Agency's annual work programme for the coming year; and ensure that the adopted work programme is forwarded to the European Parliament, the Council and, the Commission and the European Data Protection Supervisor, and that it is published;
Amendment 64 #
2009/0089(COD)
Proposal for a regulation
Article 9 – paragraph 1 – point j
Article 9 – paragraph 1 – point j
(j) before 31 March each year, adopt the Agency's annual activity report for the previous year and transmit it by 15 June at the latest to the European Parliament, the Council, the Commission, the European Data Protection Supervisor, the European Economic and Social Committee and the Court of Auditors; the annual activity report shall be published;
Amendment 67 #
2009/0089(COD)
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. The members of the Management Board shall be appointed on the basis of their high level relevant experience and expertise in the field of large-scale IT systems in the area of freedom, security and justice, and in the field of data protection.
Amendment 68 #
2009/0089(COD)
Proposal for a regulation
Article 12 – paragraph 3 a (new)
Article 12 – paragraph 3 a (new)
3a. The European Data Protection Supervisor shall be granted observer status at the meetings of the Management Board.
Amendment 73 #
2009/0089(COD)
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The Executive Director of the Agency shall be appointed by the Management Board, from a list of candidates proposed by the Commission, for a period of five year for a period of five years from among the suitable candidates identified in an open competition organised by the Commission. That selection procedure shall provide for publication in the Official Journal of the European Union and elsewhere of a call for expressions of interest. The Management Board may require a new procedure to be initiated if it is not satisfied with the suitability of any of the candidates retained in the first list. The Executive Director shall be appointed on the basis of his or her personal merits, experience in the field of large-scale IT systems, experience in the field of data protection, and administrative and management skills.
Amendment 74 #
2009/0089(COD)
Proposal for a regulation
Article 16 – paragraph 2 a (new)
Article 16 – paragraph 2 a (new)
2a. The European Data Protection Supervisor may appoint a representative to each of the Advisory Groups referred to in paragraph 1.
Amendment 77 #
2009/0089(COD)
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Within threewo years from the date of the Agency having taken up its responsibilities, and every fivthree years thereafter, the Management Board shall commission an independent external evaluation of the implementation of this Regulation on the basis of terms of reference issued by the Management Board after consultation with the CommissionEuropean Parliament, the Council, the Commission and the European Data Protection Supervisor.
Amendment 79 #
2009/0089(COD)
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. The evaluation shall assess the utility, relevance and effectiveness of the Agency and its working practices. It shall also assess the protection of data, data security and respect for fundamental rights. The evaluation shall take into account the views of stakeholders, including parliaments and data protection supervisors, at both European and national level.
Amendment 80 #
2009/0089(COD)
Proposal for a regulation
Article 27 – paragraph 3
Article 27 – paragraph 3
3. The Management Board shall receive the evaluation and issue recommendations regarding changes to this Regulation, the Agency and its working practices to the Commission, which shall forward them, together with its own opinion as well as appropriate proposals, to the Council and, the European Parliament and the European Data Protection Supervisor. An action plan with a timetable shall be included, if appropriate. Both the evaluation and the recommendations shall be made public.
Amendment 21 #
2008/0242(COD)
Proposal for a regulation
Recital 2
Recital 2
(2) A common policy on asylum, including a Common European Asylum System, is a constituent part of the European Union's objective of progressively establishing an area of freedom, security and justice open to those who, forced by circumstances, legitimately seek international protection in the Union.
Amendment 22 #
2008/0242(COD)
Proposal for a regulation
Recital 7
Recital 7
Amendment 37 #
2008/0242(COD)
Proposal for a regulation
Recital 17
Recital 17
(17) Hits obtained from EURODAC should be verified by a trained fingerprint expert in order to ensure the accurate determination of responsibility under Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].
Amendment 46 #
2008/0242(COD)
Proposal for a regulation
Recital 29
Recital 29
(29) In accordance with the principle of subsidiarity as set out in Article 5 of the Treaty, the objective of the proposed measuresSince the objective of this Regulation, namely the creation of a system for the comparison of fingerprint data to assist the implementation of the Community'sUnion asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Communityat Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in the saidat Article, this Regulation does not go beyond what is necessary in order to achieve thoseat objectives.
Amendment 62 #
2008/0242(COD)
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
Amendment 68 #
2008/0242(COD)
Proposal for a regulation
Article 2 – paragraph 1 – point l
Article 2 – paragraph 1 – point l
(l) 'fingerprint data' means the data relating to fingerprints of all or at least the index fingers, and if those are missing, the prints of all other fingers of a person, or a latent.
Amendment 72 #
2008/0242(COD)
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
(a) a computerised central fingerprint database (Central System) composed of: – a Central Unit, – a Business Continuity SystemPlan.
Amendment 73 #
2008/0242(COD)
1. The Agency, shall be responsible for the operational management of EURODAC. The Agency shall ensure, in cooperation with the Member States, that at all times the best available technologyand most secure techniques, subject to a cost-benefit analysis, is used for the Central System.
Amendment 76 #
2008/0242(COD)
Proposal for a regulation
Article 4 – paragraph 5
Article 4 – paragraph 5
5. Operational management of EURODAC shall consist of all the tasks necessary to keep EURODAC functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central System. A Business Continuity Plan shall be developed taking into account maintenance needs and unforseen downtime of the system, including the impact of business continuity measures on data protection and security.
Amendment 80 #
2008/0242(COD)
Proposal for a regulation
Article 5 – paragraph 3
Article 5 – paragraph 3
3. At national level, eEach Member State shall keep a list of the operating units within the designated authorities that are authorised to request comparisons with EURODAC data through the National Access Point.
Amendment 84 #
2008/0242(COD)
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. Each Member State shall designate a single national body to act as its verifying authority. The verifying authority shall be an judicial authority of the Member State which is responsible for the prevention, detection or investigation of terrorist offences and other serious criminal offences.
Amendment 91 #
2008/0242(COD)
Proposal for a regulation
Article 8 – paragraph 1 – point f
Article 8 – paragraph 1 – point f
(f) the number of requests for marblocking and unmarblocking transmitted in accordance with Article 18(1) and (2).
Amendment 92 #
2008/0242(COD)
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. At the end of each year, statistical data shall be established in the form of a compilation of the monthly statistics for that year, including an indication of the number of persons for whom hits have been recorded under points (b), (c), and (d). The statistics shall contain a breakdown of data for each Member State. The result shall be made public.
Amendment 93 #
2008/0242(COD)
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of an applicant on account of measures taken to ensure the health of the applicant or the protection of public health, Member States shall take and send the fingerprints of the applicant as soon as possible and no later than 48 hours after these grounds no longer prevail. The temporary or permanent impossibility to provide usable fingerprints shall not adversly affect the legal situation of a third-country national or a stateless person. In particular, it shall not represent sufficient grounds to refuse to examine or to reject an asylum application.
Amendment 95 #
2008/0242(COD)
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. The Central System shall inform as soon as possible and not later than after 72 hours, all Member States of origin about the erasure of data for the reason specified in paragraph 1 by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 9(1) or Article 14(1).
Amendment 96 #
2008/0242(COD)
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Each Member State shall promptly take the fingerprints of all fingers of every third country national or stateless person of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back or who remains physically on the territory of the Member States and who is not kept in custody, confinement or detention during the entirety of the period between apprehension and removal on the basis of the decision to turn them back.
Amendment 99 #
2008/0242(COD)
Proposal for a regulation
Article 14 – paragraph 3
Article 14 – paragraph 3
Amendment 101 #
2008/0242(COD)
Proposal for a regulation
Article 14 – paragraph 4
Article 14 – paragraph 4
4. Non compliance with the 72 hours time limit referred to in paragraph 2 does not relieve Member States of the obligation to take and transmit the fingerprints to the Central System. Where the condition of the fingertips does not allow to take the fingerprints in a quality ensuring appropriate comparison under Article 25, the Member State of origin shall retake the fingerprints of such person and resend them as soon as possible and no later than 48 hours after they have been successfully taken.
Amendment 102 #
2008/0242(COD)
Proposal for a regulation
Article 14 – paragraph 5
Article 14 – paragraph 5
5. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of such person on account of measures taken to ensure the health of the person or the protection of public health, the Member State concerned shall take and send the fingerprints of the person, in accordance with the deadline set out in paragraph 2, once these grounds no longer prevail. The temporary or permanent impossibility to provide usable fingerprints shall not adversely affect the legal situation of a third-country national or a stateless person.
Amendment 104 #
2008/0242(COD)
Proposal for a regulation
Article 16 – paragraph 3
Article 16 – paragraph 3
3. The Central System shall inform as soon as possible and no later than after 72 hours all Member States of origin about the erasure of data for the reason specified in point (a) or (b) of paragraph 2 or by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 14(1).
Amendment 105 #
2008/0242(COD)
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
4. The Central System shall inform as soon as possible and no later than after 72 hours all Member States of origin about the erasure of data for the reason specified in point (c) of paragraph 2 by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 9(1) or Article 14(1).
Amendment 108 #
2008/0242(COD)
4a. Once the results of the comparison have been transmitted to the Member State of origin, the Central System shall forthwith: (a) erase the fingerprint data and other data transmitted to it pursuant to paragraph 1; and (b) destroy the media used by the Member State of origin for transmitting the data to the Central Unit, unless the Member State of origin has requested their return.
Amendment 110 #
2008/0242(COD)
Proposal for a regulation
Article 18
Article 18
Amendment 120 #
2008/0242(COD)
1. Designated authorities may request the comparison of fingerprint data with those stored in the EURODAC central database within the scope of their powers only if comparisons of national fingerprint databases and, of the Automated Fingerprint Databases of at least a third of other Member States under Decision 2008/615/JHA and of the Visa Information System return negative results and where:
Amendment 127 #
2008/0242(COD)
Proposal for a regulation
Article 20 – paragraph 1 – point c a (new)
Article 20 – paragraph 1 – point c a (new)
(ca) there is a substantiated suspicion that the perpetrator or victim of the offence is an applicant for international protection.
Amendment 131 #
2008/0242(COD)
Proposal for a regulation
Article 25 – paragraph 4
Article 25 – paragraph 4
4. The results of the comparison shall be immediately checked in the Member State of origin by a trained fingerprint expert. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 32 of the Dublin Regulation.
Amendment 132 #
2008/0242(COD)
Proposal for a regulation
Article 25 – paragraph 5
Article 25 – paragraph 5
5. Where final identification in accordance with paragraph 4 reveals that the result of the comparison received from the Central System is inaccurate, Member States shall communicate this fact to the Commission and to the Agencyas soon as possible and no later than after 72 hours to the Commission and to the Agency and inform the other Member States concerned as soon as possible and no later than after 72 hours on the inaccuracy of the data.
Amendment 135 #
2008/0242(COD)
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the Central System shall be those designated by each Member State for the purpose of Article 1(1). This designation shall specify the exact unit responsible for carrying out tasks related to the application of this Regulation. Each Member State shall without delay communicate to the Commission and the Agency a list of those authoritieunits and any amendments thereto. The Agency shall publish the consolidated list in the Official Journal of the European Union. Where there are amendments thereto, the Agency shall publish once a yearregularly an updated consolidated list online.
Amendment 137 #
2008/0242(COD)
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
Article 29 – paragraph 1 – introductory part
1. A person covered by this Regulation shall be informed by the Member State of origin in writing, and where appropriatenecessary, orally, in a language which he or she understands or may reasonably be presumed to understand of the following:
Amendment 141 #
2008/0242(COD)
A common leaflet, containing at least the information referred to in paragraph 1 of this Article and the information referred to in Article 4(1) of the Dublin Regulation shall be drawn up in accordance with the procedure referred to in Article 40(2) of the Dublin Regulation. The leaflet shouldall be "clear and simple, drafted in a language that the person understands or may reasonably be presumed to understand. It shall also include information on the rights of the data subject and the possibility of assistance by the National Supervisory Authorities as well as the contact details of the controller and the National Supervisory Authorities.
Amendment 142 #
2008/0242(COD)
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 5
Article 29 – paragraph 1 – subparagraph 5
Where a person covered by this Regulation is a minor, Member States shall provide the information in an age-appropriate manner. The Commission shall provide templates of the leaflets for adults and minors to the Member States.
Amendment 143 #
2008/0242(COD)
9. Whenever a person requests data relating to him or her in accordance with paragraph 2, the competent authority shall keep a record in the form of a written document that such a request was made, and shall make this document available to the National Supervisory Authorities without delay, upon their request. It shall immediately inform the National Supervisory Authorities in case a person requests the correction or erasure of its data. No later than three weeks after the request it shall confirm to the National Supervisory Authorities that it has taken action to correct or erase the data or, in case the Member State does not agree that the data recorded in the Central System are inaccurate or have been recorded unlawfully, explain why it is not prepared to correct or erase the data.
Amendment 146 #
2008/0242(COD)
2. The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with international auditing standards at least every fourtwo years. A report of such audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the National Supervisory Authorities. The Agency shall be given an opportunity to make comments before the report is adopted.
Amendment 155 #
2008/0242(COD)
Proposal for a regulation
Article 34 – paragraph 2 – point a
Article 34 – paragraph 2 – point a
(a) physically protect data, including by making contingency plans for the protection of criticalrelevant infrastructure;
Amendment 157 #
2008/0242(COD)
Proposal for a regulation
Article 34 – paragraph 2 – point g
Article 34 – paragraph 2 – point g
(g) ensure that all authorities with a right of access to EURODAC create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, erase and search the data and make these profiles and any other relevant information the authorities may require for the purpose of carrying out supervision available to the National Supervisory Authorities referred to in Article 258 of Directive 95/46/EC and in Article 25 of Framework Decision 2008/977/JHA without delay at their request (personnel profiles);
Amendment 158 #
2008/0242(COD)
Proposal for a regulation
Article 34 – paragraph 2 – point k
Article 34 – paragraph 2 – point k
(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing). For the purpose of the Business Continuity Plan, the Member States shall inform the Agency and the National Supervisory Authorities of security incidents they detected on their system. The Agency shall inform the Member States, Europol and the European Data Protection Supervisor in case of security incidents. All parties shall collaborate during a security incident.
Amendment 167 #
2008/0242(COD)
Proposal for a regulation
Article 38 – paragraph 4 – point a
Article 38 – paragraph 4 – point a
Amendment 170 #
2008/0242(COD)
Proposal for a regulation
Article 40 – paragraph 4
Article 40 – paragraph 4
4. Every twoone years, the Agency shall submit to the European Parliament, the Council, the Commission and the European Data Protection Supervisor a report on the technical functioning of the Central System, including the security thereof.
Amendment 173 #
2008/0242(COD)
Proposal for a regulation
Article 40 – paragraph 5
Article 40 – paragraph 5
5. Three years after the start of application of this Regulation as provided for in Article 46(2) and every fourthree years thereafter, the Commission shall produce an overall evaluation of EURODAC, examining results achieved against objectives and assessing the continuing validity of the underlying rationale, and any implications for future operations, as well as make any necessary recommendations. The Commission shall transmit the evaluation to the European Parliament and the Council.
Amendment 175 #
2008/0242(COD)
Proposal for a regulation
Article 40 – paragraph 8
Article 40 – paragraph 8
Amendment 179 #
2008/0242(COD)
Proposal for a regulation
Article 43 – paragraph 1
Article 43 – paragraph 1
1. By [three months after the date of entry into force of this Regulation] at the latest each Member State shall notify the Commission of its designated authorities and the operation units referred to in Article 5(3) and shall notify without delay any amendment thereto.
Amendment 182 #
2008/0242(COD)
Proposal for a regulation
Article 43 – paragraph 4
Article 43 – paragraph 4
4. The Commission shall publish information referred to in paragraphs 1, 2 and 3 in the Official Journal of the European Union on an annual basis, via a regularly updated electronic publication.