BETA

79 Amendments of Lara COMI related to 2012/0011(COD)

Amendment 95 #
Proposal for a regulation
Recital 15
(15) This Regulation should not apply to processing of personal data by a natural person, which are exclusively personal or domestic, such as correspondence and the holding of addresses, and without any gainful interest and thus without any connection with a professional or commercial activity, and which does not involve making such data accessible to an indefinite number of people. The exemption should also not apply to controllers or processors which provide the means for processing personal data for such personal or domestic activities.
2012/11/08
Committee: IMCO
Amendment 119 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controllerdata subject may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller or the third parties to whom the data are sent should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2012/11/08
Committee: IMCO
Amendment 126 #
Proposal for a regulation
Recital 48
(48) The principles of fair and transparent processing require that the data subject should be informed in particular of the existence of the processing operation and its purposes, the criteria which may be used to determine how long the data will be stored for each purpose, on the existence of the right of access, rectification or erasure and on the right to lodge a complaint. Where the data are collected from the data subject, the data subject should also be informed whether they are obliged to provide the data and of the consequences, in cases they do not provide such data.
2012/11/08
Committee: IMCO
Amendment 127 #
Proposal for a regulation
Recital 51
(51) Any person should have the right of access to data which has been collected concerning them, and to exercise this right easily, in order to be aware and verify the lawfulness of the processing. Every data subject should therefore have the right to know and obtain communication in particular for what purposes the data are processed, for what periodthe criteria which may be used to determine for how long the data will be stored for each purpose, which recipients receive the data, what is the logic of the data that are undergoing the processing and what might be, at least when based on profiling, the consequences of such processing. This right should not adversely affect the rights and freedoms of others, including trade secrets or intellectual property and in particular the copyright protecting the software. However, the result of these considerations should not be that all information is refused to the data subject.
2012/11/08
Committee: IMCO
Amendment 132 #
Proposal for a regulation
Recital 62
(62) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processor, also in relation to the monitoring by and measures of supervisory authorities, requires a clear attribution of the responsibilities under this Regulation, including where a controller determines the purposes, conditions and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller. Where joint and several liability applies, a processor which has made amends for damage done to the data subject concerned may bring an action against the controller for reimbursement if it has acted in conformity with the legal act binding it to the controller.
2012/11/08
Committee: IMCO
Amendment 134 #
Proposal for a regulation
Recital 65
(65) In order to demonstrate compliance with this Regulation, the controller or processor should keep a document each processing operationary record of all the processing systems and procedures for which they are responsible. Each controller and processor should be obliged to co-operate with the supervisory authority and make this documentation, on request, available to it, so that it might serve for monitoring those processing operations.
2012/11/08
Committee: IMCO
Amendment 142 #
Proposal for a regulation
Recital 118
(118) Any damage which a person may suffer as a result of unlawful processing should be compensated by the controller or processor, who may be exempted from liability if they prove that they are not responsible for the damage, in particular where he establishes fault on the part of the data subject or in case of force majeure. Where joint and several liability applies, a processor which has made amends for damage done to the data subject concerned may bring an action against the controller for reimbursement if it has acted in conformity with the legal act binding it to the controller.
2012/11/08
Committee: IMCO
Amendment 143 #
Proposal for a regulation
Recital 129
(129) In order to fulfil the objectives of this Regulation, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission. In particular, delegated acts should be adopted in respect of lawfulness of processing; specifying the criteria and conditions in relation to the consent of a child; processing of special categories of data; specifying the criteria and conditions for manifestly excessive requests and fees for exercising the rights of the data subject; criteria and requirements for the information to the data subject and in relation to the right of access; the right to be forgotten and to erasure; measures based on profiling; criteria and requirements in relation to the responsibility of the controller and to data protection by design and by default; a processor; criteria and requirements for the documentation and the security of processing; criteria and requirements for establishing a personal data breach and for its notification to the supervisory authority, and on the circumstances where a personal data breach is likely to adversely affect the data subject; the criteria and conditions for processing operations requiring a data protection impact assessment; the criteria and requirements for determining a high degree of specific risks which require prior consultation; designation and tasks of the data protection officer; codes of conduct; criteria and requirements for certification mechanisms; criteria and requirements for transfers by way of binding corporate rules; transfer derogations; administrative sanctions; processing for health purposes; processing in the employment context and processing for historical, statistical and scientific research purposes. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing-up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and Council.
2012/11/08
Committee: IMCO
Amendment 144 #
Proposal for a regulation
Recital 130
(130) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission for: specifying standard forms in relation to the processing of personal data of a child; standard procedures and forms for exercising the rights of data subjects; standard forms for the information to the data subject; standard forms and procedures in relation to the right of access; the right to data portability; standard forms in relation to the responsibility of the controller to data protection by design and by default and toin respect of the documentation; specific requirements for the security of processing; the standard format and the procedures for the notification of a personal data breach to the supervisory authority and the communication of a personal data breach to the data subject; standards and procedures for a data protection impact assessment; forms and procedures for prior authorisation and prior consultation; technical standards and mechanisms for certification; the adequate level of protection afforded by a third country or a territory or a processing sector within that third country or an international organisation; disclosures not authorized by Union law; mutual assistance; joint operations; decisions under the consistency mechanism. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers46. In this context, the Commission should consider specific measures for micro, small and medium-sized enterprises.
2012/11/08
Committee: IMCO
Amendment 145 #
Proposal for a regulation
Recital 131
(131) The examination procedure should be used for the adoption of specifying standard forms in relation to the consent of a child; standard procedures and forms for exercising the rights of data subjects; standard forms for the information to the data subject; standard forms and procedures in relation to the right of access; the right to data portability; standard forms in relation to the responsibility of the controller to data protection by design and by default and toin respect of the documentation; specific requirements for the security of processing; the standard format and the procedures for the notification of a personal data breach to the supervisory authority and the communication of a personal data breach to the data subject; standards and procedures for a data protection impact assessment; forms and procedures for prior authorisation and prior consultation; technical standards and mechanisms for certification; the adequate level of protection afforded by a third country or a territory or a processing sector within that third country or an international organisation; disclosures not authorized by Union law; mutual assistance; joint operations; decisions under the consistency mechanism, given that those acts are of general scope.
2012/11/08
Committee: IMCO
Amendment 146 #
Proposal for a regulation
Recital 139
(139) In view of the fact that, as underlined by the Court of Justice of the European Union, the right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced with other frights enshrined in the Charter of Fundamental rRights of the European Union, in accordance with the principle of proportionality, this Regulation respects all fundamental rights and observes the principles recognised in the Charter of Fundamental Rights of the European Union as enshrined in the Treaties, notably the right to respect for private and family life, home and communications, the right to the protection of personal data, the freedom of thought, conscience and religion, the freedom of expression and information, the freedom to conduct a business, the right to an effective remedy and to a fair trial as well as cultural, religious and linguistic diversity.
2012/11/08
Committee: IMCO
Amendment 148 #
Proposal for a regulation
Article 2 – paragraph 2 – point d
d) by a natural person without any gainful interest in the course of its own exclusively personal or household activity and on condition that no personal data are made accessible to an indefinite number of people;
2012/11/08
Committee: IMCO
Amendment 166 #
Proposal for a regulation
Article 4 – paragraph 1 – point 2 a (new)
(2 a) 'Anonymous data' means any data that has been collected, altered or otherwise processed in such a way that it can no longer be attributed to a data subject or that such attribution would require a disproportionate amount of time, cost and effort; anonymous data shall not be considered personal data.
2012/11/08
Committee: IMCO
Amendment 193 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
f) processing is necessary for the purposes of the legitimate interests pursued by a controller or by a third party or third parties to whom the data are communicated, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
2012/11/08
Committee: IMCO
Amendment 219 #
Proposal for a regulation
Article 8 – paragraph 1
1. For the purposes of this Regulation, in relation to the offering of information societygoods or services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child's parent or custodianlegal representative. The controller shall make reasonable efforts to obtain verifiable consent, taking into consideration available technology.
2012/11/08
Committee: IMCO
Amendment 249 #
Proposal for a regulation
Article 14 – paragraph 1 – point c
c) the criteria for determining the period for which the personal data will be stored for each purpose;
2012/11/08
Committee: IMCO
Amendment 250 #
Proposal for a regulation
Article 14 – paragraph 1 – point g
g) where applicable, that the controller intends to transfer to a third country or international organisation and on the level of protection afforded by that third country or international organisation by referexistence or absence tof an adequacy decision by the Commission;
2012/11/08
Committee: IMCO
Amendment 261 #
Proposal for a regulation
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject. The controller shall use all reasonable measures to verify the identity of a data subject requesting access to data.
2012/11/08
Committee: IMCO
Amendment 320 #
Proposal for a regulation
Article 21 – paragraph 2
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least as to the aim of the processing, the objectives to be pursued by the processing and the determination of the controller.
2012/11/08
Committee: IMCO
Amendment 321 #
Proposal for a regulation
Article 22 – title
ROverall principle of responsibility of the controller.
2012/11/08
Committee: IMCO
Amendment 420 #
Proposal for a regulation
Recital 26
(26) Personal data relating to health should include in particular all personal data pertaining to the health status of a data subject including genetic information; information about the registration of the individual for the provision of health services; information about payments or eligibility for healthcare with respect to the individual; a number, symbol or particular assigned to an individual to uniquely identify the individual for health purposes; any information about the individual collected in the course of the provision of health services to the individual; informationpersonal data derived from the testing or examination of a body part or, bodily substance, including or biological samples; identification of a person as provider of healthcare to the individual; or any information on e.g. a disease, disability, disease risk, medical history, clinical treatment, or the actual physiological or biomedical state of the data subject independent of its source, such as e.g. from a physician or other health professional, a hospital, a medical device, or an in vitro diagnostic test.
2013/03/04
Committee: LIBE
Amendment 423 #
Proposal for a regulation
Recital 27
(27) TWhere a controller or a processor has multiple establishments in the Union, including but not limited to cases where the controller or the processor is a group of undertakings, the main establishment of a controller in the Union for the purposes of this Regulation should be determined according to objective criteria and should imply the effective and real exercise of management activities determining the main decisions as to the purposes, conditions and means of processing through stable arrangements. This criterion should not depend whether the processing of personal data is actually carried out at that location; the presence and use of technical means and technologies for processing personal data or processing activities do not, in themselves, constitute such main establishment and are therefore not determining criteria for a main establishment. The main establishment of the processor should be the place of its central administrationA group of undertakings may nominate a single main establishment in the Union.
2013/03/04
Committee: LIBE
Amendment 443 #
Proposal for a regulation
Recital 34
(34) Consent should not provide a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees’ personal data in the employment context. Where the controller is a public authority, there would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.deleted
2013/03/04
Committee: LIBE
Amendment 455 #
Proposal for a regulation
Recital 38
(38) The legitimate interests of a controller or the third party to which the data have been transferred may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the legitimate interests pursued and on the right to object, and also be obliged to document these legitimate interests. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 456 #
Proposal for a regulation
Article 86 – paragraph 5 a (new)
5a. When adopting the acts referred to in this article, the Commission shall promote technological neutrality.
2012/11/08
Committee: IMCO
Amendment 467 #
Proposal for a regulation
Recital 40
(40) The processing of personal data for other purposes should be only allowed where the processing is compatible with those purposes for which the data have been initially collected, in particular where the processing is necessary for historical, statistical or scientific research purposes. Where the other purpose is not compatible with the initial one for which the data are collected, the controller should obtain the consent of the data subject for this other purpose or should base the processing on another legitimate ground for lawful processing, in particular where provided by Union law or the law of the Member State to which the controller is subject. In any case, the application of the principles set out by this Regulation and in particular the information of the data subject on those other purposes should be ensured.
2013/03/04
Committee: LIBE
Amendment 497 #
Proposal for a regulation
Recital 53
(53) Any person should have the right to have personal data concerning them rectified and a ‘the right to be forgotten’have such personal data erased where the retention of such data is not in compliance with this Regulation. In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation. This right is particularly relevant, when the data subject has given their consent as a child, when not being fully aware of the risks involved by the processing, and later wants to remove such personal data especially on the Internet. However, the further retention of the data should be allowed where it is necessary for historical, statistical and scientific research purposes, for rheasons of public interlth purposest in the area of public healthaccordance with Article 81, for exercising the right of freedom of expression, when required by law or where there is a reason to restrict the processing of the data instead of erasing them. Also, the right to erasure should not apply when the retention of personal data is necessary for the performance of a contract with the data subject, or when there is a regulatory requirement to retain this data, or for the prevention of financial crime.
2013/03/04
Committee: LIBE
Amendment 524 #
Proposal for a regulation
Recital 62
(62) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processor, also in relation to the monitoring by and measures of supervisory authorities, requires a clear attribution of the responsibilities under this Regulation, including where a controller determines the purposes, conditions and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.
2013/03/04
Committee: LIBE
Amendment 532 #
Proposal for a regulation
Recital 65
(65) In order to demonstrate compliance with this Regulation, the controller or processor should document each processing operation under its responsibility. Each controller and processor should be obliged to co-operate with the supervisory authority and make this documentation, on request, available to it, so that it might serve for monitoring those processing operations.
2013/03/04
Committee: LIBE
Amendment 610 #
Proposal for a regulation
Recital 112
(112) Any body, organisation or association which aims to protects the rights and interests of data subjects in relation to the protection of their data and is constituted according to the law of a Member State should have the right to lodge a complaint with a supervisory authority or exercise the right to a judicial remedy on behalf of data subjects, or to lodge, independently of a data subject’s complaint, an own complaint where it considers that a personal data breach has occurred.deleted
2013/03/04
Committee: LIBE
Amendment 615 #
Proposal for a regulation
Recital 114
(114) In order to strengthen the judicial protection of the data subject in situations where the competent supervisory authority is established in another Member State than the one where the data subject is residing, the data subject may request any body, organisation or association aiming to protect the rights and interests of data subjects in relation to the protection of their data to bring on the data subject’s behalf proceedings against that supervisory authority to the competent court in the other Member State.deleted
2013/03/04
Committee: LIBE
Amendment 630 #
Proposal for a regulation
Recital 121
(121) The processing of personal data solely for journalistic purposes, or for the purposes of artistic or literary expression should qualify for exemption from the requirements of certain provisions of this Regulation in order to reconcile the right to the protection of personal data with the right to freedom of expression, and notably the right to receive and impart information, as guaranteed in particular by Article 11 of the Charter of Fundamental Rights of the European Union. This should apply in particular to processing of personal data in the audiovisual field and in news archives and press libraries. Therefore, Member States should adopt legislative measures, which should lay down exemptions and derogations which are necessary for the purpose of balancing these fundamental rights. Such exemptions and derogations should be adopted by the Member States on general principles, on the rights of the data subject, on controller and processor, on the transfer of data to third countries or international organisations, on the independent supervisory authorities and on co-operation and consistency. This should not, however, lead Member States to lay down exemptions from the other provisions of this Regulation. In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary to interpret notions relating to that freedom, such as journalism, broadly. Therefore, Member States should classify activities as ‘journalistic’ for the purpose of the exemptions and derogations to be laid down under this Regulation if the object of these activities is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them. They should not be limited to media undertakings and may be undertaken for profit-making or for non- profit making purposes.
2013/03/04
Committee: LIBE
Amendment 717 #
Proposal for a regulation
Article 4 – paragraph 1 – point 1
(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person working together with the controller, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person; and who is not acting in his/her professional capacity;
2013/03/04
Committee: LIBE
Amendment 748 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5
(5) ‘controller’ means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes, conditions and means of the processing of personal data; where the purposes, conditions and means of processing are determined by Union law or Member State law, the controller or the specific criteria for his nomination may be designated by Union law or by Member State law;
2013/03/04
Committee: LIBE
Amendment 786 #
Proposal for a regulation
Article 4 – paragraph 1 – point 13
(13) ‘main establishment’ means as regards the controller, the place of its establishment in the Union where the main decisions as to the purposes, conditions and meansthe location as determined by the data controller or data processor on the basis of the following transparent and objective criteria: the location of the pgrocessing of personal data are taken; if no decisions as to the purposes, conditions and means of the processing of personal data are taken in the Union, the main establishment is the place where the main processing activities in the context of the activities ofup’s European headquarters, or, the location of the company within the group with delegated data protection responsibilities, or, the location of the company which is best placed (in terms of management function, administrative capability etc) to address and establishment of a controller in the Union take place. As regards the processor, ‘main establishment’ means the place of its central administration in the Unionnforce the rules as set out in this Regulation, or, the place where the main decisions as to the purposes of processing are taken for the regional group;
2013/03/04
Committee: LIBE
Amendment 878 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, or on behalf of a controller or a processor, or by a third party or parties in whose interest the data is processed, including for the security of processing, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply tosuch as in the case of processing data pertaining to a child. The interest or fundamental rights and freedoms of the data subject shall not override processing carried out by public authorities in the performance of their tasks.
2013/03/04
Committee: LIBE
Amendment 890 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
(fa) the data are collected from public registers lists or documents accessible by everyone;
2013/03/04
Committee: LIBE
Amendment 945 #
Proposal for a regulation
Article 6 – paragraph 4
4. Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.
2013/03/04
Committee: LIBE
Amendment 964 #
Proposal for a regulation
Article 6 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the conditions referred to in point (f) of paragraph 1 for various sectors and data processing situations, including as regards the processing of personal data related to a child.
2013/03/04
Committee: LIBE
Amendment 988 #
Proposal for a regulation
Article 7 – paragraph 4
4. Consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller.deleted
2013/03/04
Committee: LIBE
Amendment 1048 #
Proposal for a regulation
Article 9 – paragraph 2 – point a a (new)
(aa) processing is necessary for the performance or execution of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2013/03/04
Committee: LIBE
Amendment 1062 #
Proposal for a regulation
Article 9 – paragraph 2 – point f
(f) processing is necessary for the establishment, exercise or defence of legal claims or the legally justified fulfilment of claims of third parties affected; or
2013/03/04
Committee: LIBE
Amendment 1084 #
Proposal for a regulation
Article 9 – paragraph 2 – point j a (new)
(ja) processing of data concerning health is necessary for private social protection, especially by providing income security or tools to manage risks that are in the interests of the data subject and his or her dependants and assets, or by enhancing inter-generational equity by means of distribution.
2013/03/04
Committee: LIBE
Amendment 1176 #
Proposal for a regulation
Article 14 – paragraph 1 – introductory part
1. Where personal data relating to a data subject are collected, the controller shall provide the data subject with at least the following information:. The following paragraphs do not apply to small enterprises in the course of their own activity and for data which is strictly and exclusively for their internal use.
2013/03/04
Committee: LIBE
Amendment 1180 #
Proposal for a regulation
Article 14 – paragraph 1 – point a
(a) the identity and the contact details of the controller and, if any, of the controller's representative and of the data protection officer;
2013/03/04
Committee: LIBE
Amendment 1189 #
Proposal for a regulation
Article 14 – paragraph 1 – point b
(b) the purposes of the processing for which the personal data are intended, including the contract terms and general conditions where the processing is based on point (b) of Article 6(1) and the legitimate interests pursued by the controller where the processing is based on point (f) of Article 6(1);
2013/03/06
Committee: LIBE
Amendment 1201 #
Proposal for a regulation
Article 14 – paragraph 1 – point d
(d) the existence of the right to request from the controller access to and rectification or erasure of the personal data concerning the data subject orand to object to the processing of such personal data;
2013/03/06
Committee: LIBE
Amendment 1203 #
Proposal for a regulation
Article 14 – paragraph 1 – point e
(e) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;deleted
2013/03/06
Committee: LIBE
Amendment 1215 #
Proposal for a regulation
Article 14 – paragraph 1 – point h
(h) any further information necessary to guarantee fair processing in respect of the data subject, having regard to the specific circumstances in which the personal data are collecdeleted.
2013/03/06
Committee: LIBE
Amendment 1222 #
Proposal for a regulation
Article 14 – paragraph 2
2. Where the personal data are collected from the data subject, the controller shall inform the data subject, in addition to the information referred to in paragraph 1, whether the provision of personal data is obligatory or voluntary, as well as the possible consequences of failure to provide such data.
2013/03/06
Committee: LIBE
Amendment 1238 #
Proposal for a regulation
Article 14 – paragraph 4 – point b
(b) where the personal data are not collected from the data subject, at the time of the recording or within a reasonable period after the collection, having regard to the specific circumstances in which the data are collected or otherwise processed, or, if a disclosure to another recipient is envisaged, and at the latest when the data are first disclosed; or, if the data shall be used for communication with the person concerned, at the latest at the time of the first communication to that person.
2013/03/06
Committee: LIBE
Amendment 1248 #
Proposal for a regulation
Article 14 – paragraph 5 – point b
(b) the data are not collected from the data subject or the data processes do not allow the verification of identity and the provision of such information proves impossible or would involve a disproportionate effort such as by generating excessive administrative burden, especially when the processing is carried out by a SME; or
2013/03/06
Committee: LIBE
Amendment 1250 #
Proposal for a regulation
Article 14 – paragraph 5 – point c
(c) the data are not collected from the data subject and recording or disclosure is expressly laid down by law; or
2013/03/06
Committee: LIBE
Amendment 1253 #
Proposal for a regulation
Article 14 – paragraph 5 – point d
(d) the data are not collected from the data subject and the provision of such information will impair the rights and freedoms of others, as defined in Union law or Member State law in accordance with Article 21.; or
2013/03/06
Committee: LIBE
Amendment 1266 #
Proposal for a regulation
Article 14 – paragraph 5 – point d b (new)
(db) the data must be kept secret in accordance with legislation or by virtue of their nature, particularly because of a legitimate overriding interest of a third party.
2013/03/06
Committee: LIBE
Amendment 1268 #
Proposal for a regulation
Article 14 – paragraph 5 – point d c (new)
(dc) the data are processed in the exercise of his profession by, or are entrusted or become known to, a person who is subject to an obligation of professional secrecy regulated by the State or to a statutory obligation of secrecy.
2013/03/06
Committee: LIBE
Amendment 1279 #
Proposal for a regulation
Article 14 – paragraph 7
7. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria for categories of recipients referred to in point (f) of paragraph 1, the requirements for the notice of potential access referred to in point (g) of paragraph 1, the criteria for the further information necessary referred to in point (h) of paragraph 1 for specific sectors and situations, and the conditions and appropriate safeguards for the exceptions laid down in point (b) of paragraph 5. In doing so, the Commission shall take the appropriate measures for micro, small and medium-sized- enterprises.
2013/03/06
Committee: LIBE
Amendment 1296 #
Proposal for a regulation
Article 15 – paragraph 1 – introductory part
1. TOnly the data subject shall have the right to obtain from the controller at any time, on request, confirmation as to whether or not personal data relating to the data subject are being processed unless this request is manifestly excessive according to 12 (4). Where such personal data are being processed, the controller shall - so far as the data subject has not received - provide the following information:
2013/03/06
Committee: LIBE
Amendment 1311 #
Proposal for a regulation
Article 15 – paragraph 1 – point d
(d) if known the period for which the personal data will be stored;
2013/03/06
Committee: LIBE
Amendment 1358 #
Proposal for a regulation
Article 15 – paragraph 3 a (new)
3a. There shall be no right to information where: (a) data are involved which a person bound by professional secrecy is required to protect; (b) data must be kept secret in accordance with legislation or by virtue of their nature, particularly because of the overriding interest of a third party; (c) the public entity responsible has ascertained in relation to the entity responsible that disclosure of the data would endanger public safety or order; (d) data comprise trade secrets.
2013/03/06
Committee: LIBE
Amendment 1376 #
Proposal for a regulation
Article 16 – paragraph 1 a (new)
Paragraph 1 shall not apply to pseudonymous data.
2013/03/06
Committee: LIBE
Amendment 1750 #
Proposal for a regulation
Article 24 – paragraph 1
Where a controller determines the purposes, conditions and means of the processing of personal data jointly with others, the joint controllers shall determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the procedures and mechanisms for exercising the rights of the data subject, by means of an arrangement between them.
2013/03/06
Committee: LIBE
Amendment 1778 #
Proposal for a regulation
Article 26 – paragraph 2 – introductory part
2. The carrying out of processing by a processor shall be governed by a contract or other legal act binding the processor to the controller and stipulating in particular that the processor shall. The controller and the processor shall be free to determine respective roles and responsibilities with respect to the requirements of this Regulation and shall provide for the following:
2013/03/06
Committee: LIBE
Amendment 1784 #
Proposal for a regulation
Article 26 – paragraph 2 – point d
(d) enlist another processor only with the prior permission of the controller;deleted
2013/03/06
Committee: LIBE
Amendment 1788 #
Proposal for a regulation
Article 26 – paragraph 2 – point e
(e) insofar as this is possible given the nature of the processing, create in agreement with the controller the necessary technical and organisational requirements for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III;deleted
2013/03/06
Committee: LIBE
Amendment 1792 #
Proposal for a regulation
Article 26 – paragraph 2 – point f
(f) assist the controller in ensuring compliance with the obligations pursuant to Articles 30 to 34;deleted
2013/03/06
Committee: LIBE
Amendment 1796 #
Proposal for a regulation
Article 26 – paragraph 2 – point g
(g) hand over all results to the controller after the end of the processing and not process the personal data otherwise;deleted
2013/03/06
Committee: LIBE
Amendment 1804 #
Proposal for a regulation
Article 26 – paragraph 2 – point h
(h) make available to the controller and the supervisory authority on request all information necessary to control compliance with the obligations laid down in this Article.
2013/03/06
Committee: LIBE
Amendment 1821 #
Proposal for a regulation
Article 26 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the responsibilities, duties and tasks in relation to a processor in line with paragraph 1, and conditions which allow facilitating the processing of personal data within a group of undertakings, in particular for the purposes of control and reporting.
2013/03/06
Committee: LIBE
Amendment 2573 #
Proposal for a regulation
Article 49 a (new)
Article 49a Professional supervision of persons subject to an obligation of professional secrecy Insofar as, when this regulation enters into force, entities exist which are responsible for the professional supervision of persons subject to an obligation of professional secrecy, these may establish the supervisory authority.
2013/03/06
Committee: LIBE
Amendment 2596 #
Proposal for a regulation
Article 51 – paragraph 3
3. The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity and not competent to supervise processing operations of controllers bound by obligations of professional secrecy.
2013/03/06
Committee: LIBE
Amendment 2779 #
Proposal for a regulation
Article 73 – paragraph 2
2. Any body, organisation or association which aims to protect data subjects‘ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject's rights under this Regulation have been infringed as a result of the processing of personal data.deleted
2013/03/06
Committee: LIBE
Amendment 2789 #
Proposal for a regulation
Article 73 – paragraph 3
3. Independently of a data subject's complaint, any body, organisation or association referred to in paragraph 2 shall have the right to lodge a complaint with a supervisory authority in any Member State, if it considers that a personal data breach has occurred.deleted
2013/03/06
Committee: LIBE
Amendment 2813 #
Proposal for a regulation
Article 76 – paragraph 1
1. Any body, organisation or association referred to in Article 73(2) shall have the right to exercise the rights referred to in Articles 74 and 75 on behalf of one or more data subjects.deleted
2013/03/06
Committee: LIBE
Amendment 2825 #
Proposal for a regulation
Article 77 – paragraph 1
1. Any person who has suffered damage as a result of an unlawful processing operation or of an action incompatible with this Regulation shall have the right to receive compensation from the controller or the processor for the damage suffered.
2013/03/06
Committee: LIBE
Amendment 2830 #
Proposal for a regulation
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage, notwithstanding the contractual agreement they might have concluded according to Article 24.
2013/03/06
Committee: LIBE
Amendment 2837 #
Proposal for a regulation
Article 77 – paragraph 3
3. The controller or the processor may be exempted from this liability, in whole or in part, if the controller or the processor proves that they are not responsible for the event giving rise to the damage.
2013/03/06
Committee: LIBE
Amendment 2959 #
Proposal for a regulation
Article 80 – paragraph 1
1. Member States shall provide for exemptions or derogations from the provisions on the Chapter II (general principles in), Chapter II, I (the rights of the data subject in), Chapter III, onV (the controller and processor in), Chapter IV, on the V (transfer of personal data to third countries and international organisations in), Chapter V, the independent I (supervisory authorities in), Chapter VI and on I (co-operation and consistency in) and Articles 73, 74, 76 and 79 of Chapters VII forI (legal remedies, liability and penalties) and X shall not apply to the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression in order to reconcile the right to the protection of personal data with the rules governing freedom of expression.
2013/03/08
Committee: LIBE
Amendment 3098 #
Proposal for a regulation
Article 84 – paragraph 1
1. Within the limits of this Regulation, Member States mayshall adopt specific rules to set out the investigative powers by the supervisory authorities laid down in Article 53(2) in relation to controllers or processors that are subjects under national law or rules established by national competent bodies to an obligation of professional secrecy or other equivalent obligations of secrecy, where this is necessary and proportionate to reconcile the right of the protection of personal data with the obligation of secrecy. These rules shall only apply with regard to personal data which the controller or processor has received from or has obtained in an activity covered by this obligation of secrecy.
2013/03/08
Committee: LIBE