Activities of Cornelia ERNST related to 2017/0003(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)
Amendments (76)
Amendment 137 #
Proposal for a regulation
Recital 1
Recital 1
(1) Article 7 of the Charter of Fundamental Rights of the European Union (“the Charter”) protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right. Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including information regarding when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communicationg parties. The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and personal messaging provided through social media.
Amendment 145 #
Proposal for a regulation
Recital 3
Recital 3
(3) Electronic communications data may also reveal information concerning legal entities, such as business secrets or other sensitive information that has economic value. Therefore, thecertain provisions of this Regulation should apply to both natural and legal persons. Furthermore, this Regulation should ensure that provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council21, also apply to end-users who are legal persons. This includes the confidentiality and security of their communications data and the definition of consent under Regulation (EU) 2016/679. When reference is made to consent by an end-user, including legal persons, this definition should apply. In addition, legal persons should have the same rights as end-users that are natural persons regarding the supervisory authorities; furthermore, supervisory authorities under this Regulationestablished on the basis of Regulation (EU) 2016/679 should also be responsible for monitoring the application of this Regulation regarding legal persons. _________________ 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88).
Amendment 149 #
Proposal for a regulation
Recital 4
Recital 4
(4) Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union, everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may includgenerally are personal data as defined in Regulation (EU) 2016/679.
Amendment 153 #
Proposal for a regulation
Recital 5
Recital 5
(5) The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 as regards electronic communications data that qualify as personal data. This Regulation therefore does not lower the level of protection enjoyed by natural persons under Regulation (EU) 2016/679. Processing of electronic communications data by providers of electronic communications services should only be permitted in accordance with this Regulation.
Amendment 156 #
Proposal for a regulation
Recital 6
Recital 6
(6) While the principles and main provisions of Directive 2002/58/EC of the European Parliament and of the Council22 remain generally sound, that Directive has not fully kept pace with the evolution of technological and market reality, resulting in an inconsistent or insufficient effective protection of privacy and confidentiality in relation to electronic communications. Those developments include the entrance on the market of electronic communications services that from a consumer perspective are substitutable to traditional services, but do not have to comply with the same set of rules. Another development concerns new techniques that allow for tracking of online behaviour of end-users, which are not covered by Directive 2002/58/EC. Directive 2002/58/EC should therefore be repealed and replaced by this Regulation. _________________ 22 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p.37).
Amendment 157 #
Proposal for a regulation
Recital 7
Recital 7
Amendment 163 #
Proposal for a regulation
Recital 8
Recital 8
(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers of equipment permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collectprocess information related to or stored in end-users’ terminal equipment.
Amendment 166 #
Proposal for a regulation
Recital 9
Recital 9
(9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union. This Regulation shall apply to electronic communications data processed in connection with the provision and use of electronic communications services, both paid and free of charge.
Amendment 175 #
Proposal for a regulation
Recital 11
Recital 11
(11) The services used for communications purposes, and the technical means of their delivery, have evolved considerably. End-users increasingly replace traditional voice telephony, text messages (SMS) and electronic mail conveyance services in favour of functionally equivalent online services such as Voice over IP, messaging services and web-based e-mail services. In order toThis Regulation should ensure an effective and equal protection of end-users when using functionally equivalent services, this Regulation uses the definition of electronic communications services set forth in the [Directive of the European Parliament and of the Council establishing the European Elethe confidentiality of communications of end-users, and their privacy, when using functrionic Communications Code24 ]ally equivalent services. That definition encompasses not only internet access services and services consisting wholly or partly in the conveyance of signals but also interpersonal communications services, which may or may not be number-based, such as for example, Voice over IP, messaging services and web-based e-mail services. The protection of confidentiality of communications is crucial also as regards interpersonal communications services that are ancillary to another service; therefore, such type of services also having a communication functionality should be covered by this Regulation. _________________ 24 the European Parliament and of the Council establishing the European Electronic Communications Code (Recast) (COM/2016/0590 final - 2016/0288 (COD))., such as internal messaging, newsfeeds, closed groups, timelines and similar functions in online services where messages are exchanged with other users within or outside that service; therefore, such type of services also having a communication functionality should be covered by this Regulation. Commission proposal for a Directive of
Amendment 186 #
Proposal for a regulation
Recital 13
Recital 13
(13) The development of fast and efficient wireless technologies has fostered the increasing availability for the public of internet access via wireless networks accessible by anyone in public and semi- private spaces such as ‘hotspots’ situated at different places within a city, department stores, shopping malls and hospitals. To the extent that those communications networks are provided to an undefined group of end-users, twireless internet access points. The confidentiality of the communications transmitted through such networks should be protected. The fact that wireless electronic communications services may be ancillary to other services should not stand in the way of ensuring the protection of confidentiality of communications data and application of this Regulation. Therefore, this Regulation should apply to electronic communications data using electronic communications services and public communications networks. This regulation should also apply to closed social media profiles and groups that the users have defined as private. In contrast, this Regulation should not apply to closed groups of end-users such as corporate networks, access to which is limited to members of the corporan organisation.
Amendment 188 #
Proposal for a regulation
Recital 14
Recital 14
(14) Electronic communications data should be defined in a sufficiently broad and technology neutral way so as to encompass any information concerning the content transmitted or exchanged (electronic communications content) and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication. It should also include location data, such as the location of the terminal equipment from or to which a phone call or an internet connection has been made or the wireless access points that a device is connected to. It should also include data necessary to identify users’ terminal equipment and data emitted by terminal equipment when searching for access points or other equipment. Whether such signals and the related data are conveyed by wire, radio, optical or electromagnetic means, including satellite networks, cable networks, fixed (circuit- and packet- switched, including internet) and mobile terrestrial networks, electricity cable systems, the data related to such signals should be considered as electronic communications metadata and therefore be subject to the provisions of this Regulation. Electronic communications metadata may include information that is part of the subscription to the service when such information is processed for the purposes of transmitting, distributing or exchanging electronic communications content. The exclusion of services providing “content transmitted using electronic communications networks” from the definition of “electronic communications service” in Article 4 of this Regulation does not mean that service providers who offer both electronic communications services and content services are outside the scope of the provisions of the Regulation which applies to the providers of electronic communications services.
Amendment 193 #
Proposal for a regulation
Recital 15
Recital 15
(15) Electronic communications data should be treated as confidential. This means that any processing of electronic communications data or any interference with the transmission of electronic communications data, whether directly by human intervention or through the intermediation of automated processing by machines, without the consent of the user requesting a specific service or of all the communicating parties should be prohibited. The prohibition of interception of communications data should apply during their conveyance, i.e. until receipt of the content of the electronic communication by the intended addresseeWhen the processing is allowed under this Regulation, any other processing on the basis of Article 6 of Regulation (EU) 2016/679 should be considered as prohibited, including processing for another purpose on the basis of Article 6(4) of that Regulation. The prohibition of processing of communications data should apply during their conveyance and when they are stored afterwards, in order to reflect the growing trend that subscribers do not store all communications data on their own terminal equipment, but use cloud-based storage space of the communications provider or other parties. Interception of electronic communications data may occur, for example, when someone other than the communicating parties, listens to calls, reads, scans or stores the content of electronic communications, or the associated metadata for purposes other than the exchange of communications. Interception also occurs when third parties monitor websites visited, timing of the visits, interaction with others, etc., without the consent of the end-user concerned. As technology evolves, the technical ways to engage in interception have also increased. Such ways may range from the installation of equipment that gathers data from terminal equipment over targeted areas, such as the so-called IMSI (International Mobile Subscriber Identity) catchers, to programs and techniques that, for example, surreptitiously monitor browsing habits for the purpose of creating end-user profiles. Other examples of interception include capturing payload data or content data from unencrypted wireless networks and routers, and analysis of customers’ traffic data, including browsing habits without the end-users’ consent.
Amendment 203 #
Proposal for a regulation
Recital 16
Recital 16
(16) The prohibition of storage of communications is not intended to prohibit any automatic, intermediate and transient storage of this information insofar as this takes place for the sole purpose of carrying out the transmission in the electronic communications network. It should not prohibit either the processing of electronic communications data to ensure the security and continuity of the electronic communications services, including checking security threats such as the presence of malware or the processing of metadata to ensure the necessary quality of service requirements, such as latency, jitter etc.
Amendment 210 #
Proposal for a regulation
Recital 17
Recital 17
(17) The processing of electronic communications data can be useful for businesses, consumers and society as a whole. Vis-à-vis Directive 2002/58/EC, this Regulation broadens the possibilities for providers of electronic communications services to process electronic communications metadata, based on end-users consent. However, end-users attach great importance to the confidentiality of their communications, including their online activities, and that they want to control the use of electronic communications data for purposes other than conveying the communication. Therefore, this Regulation should require providers of electronic communications services to obtain end-users’ consent to process electronic communications metadata, which should include data on the location of the device generated for the purposes of granting and maintaining access and connection to the service. Location data that is generated other than in the context of providing electronic communications services should not be considered as metadata. Examples of commercial usages of electronic communications metadata by providers of electronic communications services may include the provision of heatmaps; a graphical representation of data using colors to indicate the presence of individuals. To display the traffic movements in certain directions during a certain period of time, an identifier ismay be necessary to link the positions of individuals at certain time intervals. This identifier would be missing if anonymous data were to be used and such movement could not be displayed. Such usage of electronic communications metadata could, for example, benefit public authorities and public transport operators to define where to develop new infrastructure, based on the usage of and pressure on the existing structure. Where a type of processing of electronic communications metadata, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural personss envisaged, a data protection impact assessment and, as the case may be, a consultation of the supervisory authority should take place prior to the processing, in accordance with Articles 35 and 36 of Regulation (EU) 2016/679.
Amendment 216 #
Proposal for a regulation
Recital 18
Recital 18
(18) End-uUsers may consent to the processing of their metaelectronic communications data to receive specific services requested by them, such as protection services against fraudulent activities (by analysing usage data, location and customer account in real time). In the digital economy, services are often supplied against counter-performance other than moneymalware, unsolicited communication, or fraudulent activities. Consent for processing electronic communications data will not be valid if the data subject has no genuine and free choice, for instance by end- users being exposed to advertises unable to refuse or withdraw consent without detriments. For the purposes of this Regulation, consent of an end-user, regardless of whether the latter is a natural or a legal person, should have the same meaning and be subject to the same conditions as the data subject’s consent under Regulation (EU) 2016/679. Basic broadband internet access and voice communications services are to be considered as essential services for individuals to be able to communicate and participate to the benefits of the digital economy. Consent for processing data from internet or voice communication usage will not be valid if the data subject has no genuine and free choice, or is unable to refuse orWithout prejudice to Article 7 of Regulation (EU) 2016/679, consent should not be considered as freely given if it is required to access any service or obtained through insisting and repetitive requests. In order to prevent such abusive requests, users should be able to order service providers to remember their choice not to consent and to adhere to technical specifications signalling not to consent, withdrawal of consent without detriment, or an objection.
Amendment 220 #
Proposal for a regulation
Recital 19
Recital 19
(19) The content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end- users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such servicearry out an impact assessment as provided for in Regulation (EU) 2016/679 and if necessary under that Regulation, consult the supervisory authority prior to the processing. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end- users or by a third party entrusted by them to record or store such data. Any processing of such data must comply with Regulation (EU) 2016/679.
Amendment 243 #
Proposal for a regulation
Recital 22
Recital 22
(22) The methods used for providing information and obtaining end-user’s consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. This Regulation should prevent the use of so-called “cookie walls” and “cookie banners” that do not help users to maintain control over their personal information and privacy or become informed about their rights. The use of technical means to provide consent, for example, through transparent and user- friendly settings, may address this problem. Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end- users when establishing its general privacy settings of a browser or oor withdraw consent and to object by technical specifications using automated means, such as ther application should be bindropriate settings on, and enforceable against, any third parties. Web browsers are a type of software application thatf a hardware or software permitsting the retrieval and presentation of information on the internet. Other types of applications, such as the ones that permit calling and messagingThose settings should include choices concerning the use orf provide route guidance, have also the samcessing and storage capabilities. Web brow of the user’s mediate much of what occurs between the end- user and the website. From this perspective, they are in a privileged position to play an active role to help the end-user to control the flow of information to and from the terminal equipment. More particularly web browsers may be used as gatekeeperterminal equipment as well as a signal sent by the hardware or software indicating the user’s preferences to other parties. The choices made by users when establishing its general privacy settings should be binding on, and enforceable against, any third parties. Web browsers, applications or mobile operating systems may be used as a user’s personal privacy assistant communicating the user’s choices, thus helping end-users to prevent information fromrelated to or processed by their terminal equipment (for example smart phone, tablet or computer) from being accessed, processed or stored.
Amendment 252 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of data protection by design and by default were codified under Article 25 of Regulation (EU) 2016/679. Currently, the default settings for cookies are set in most current browsers to ‘accept all cookies’. Therefore providers of hardware or software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties fromand activates as default the option to prevent the cross-domain tracking and storing information on the terminal equipment by other parties; this is often presented as ‘reject third party cookies’. End-users should be offered a set of privacy setting options, ranging from higher (for example, ‘never accept cookies’) to lower (for example, ‘always accept cooktrackers and cookies’. Such privacy settings should be presented in an easily visible and intelligible manner. Information provided should not dissuade users from selecting higher privacy settings and should include relevant information about the risks associated to allowing cross-domain trackers, including the compilation of long-term records of individuals’ browsing histories’) and intermediate (for example, ‘reject third party cookies’ or ‘only accept first party cookies’). Such privacy settings should be presented in an easily visiblthe use of such records to send targeted advertising or sharing with more third parties. In case of no active choice, or action from the user, the settings shall be set by default in a manner that rejects and blocks trackers, including cookies, that are not strictly necessary in order to provide and intelligible mannformation society service specifically requested by the user.
Amendment 258 #
Proposal for a regulation
Recital 24
Recital 24
Amendment 265 #
Proposal for a regulation
Recital 25
Recital 25
(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc. This information may be used for more intrusive purposes, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers. While some of these functionalities do not entail high privacy risks, others do, for example, those involving the tracking of individuals over time, including repeated visits to specified locations. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing end-users prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679only be permitted to process such electronic communications metadata based on the consent of the users concerned.
Amendment 271 #
Proposal for a regulation
Recital 26
Recital 26
(26) When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation should provide for the possibility for the Union or Member States under specific conditions to temporarily restrict by law certain obligations and rights when such a restriction constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests. Therefore, this Regulation should not affect the ability ofprohibit Member States tofrom carrying out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights. Providers of electronic communications services should provide for appropriate procedures to facilitate legitimate requests of competent authorities, where relevant also taking into account the role of the representative designated pursuant to Article 3(3)not be obliged by Union or Member States competent authorities to weaken any measures that ensure the integrity and confidentiality of electronic communications.
Amendment 277 #
Proposal for a regulation
Recital 26 a (new)
Recital 26 a (new)
(26a) In its judgment C-293/12 the Court of Justice held that the bulk collection of communications data, in particular when done without any differentiation, limitation or exception, constitutes a wide- ranging and particularly serious interference with the rights enshrined in Articles 7 and 8 of the Charter, without such an interference being precisely circumscribed to ensure that it is actually limited to what is strictly necessary.
Amendment 302 #
Proposal for a regulation
Recital 33
Recital 33
(33) Safeguards should be provided to protect end-users against unsolicited communications, including for direct marketing purposes, which intrude into the private life of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc. It is therefore justified to require that consent of the end-user is obtained before commercial electronic communications for direct marketing purposes are sent to end-users in order to effectively protect individuals against the intrusion into their private life as well as the legitimate interest of legal persons. Legal certainty and the need to ensure that the rules protecting against unsolicited electronic communications remain future- proof justify the need to define a single set of rules that do not vary according to the technology used to convey these unsolicited communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union. However, it is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the electronic contact details in accordance with Regulation (EU) 2016/679.
Amendment 311 #
Amendment 317 #
Proposal for a regulation
Recital 37
Recital 37
(37) Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised processing, including access, disclosure or alteration. They should ensure that such unauthorised access, disclosure or alteration can be detected, and also ensure that electronic communications data are protected by using state of the art technologies. Service providers should also inform end- users of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge. Security is appraised in the light of Article 32 of Regulation (EU) 2016/679.
Amendment 321 #
Proposal for a regulation
Recital 41
Recital 41
(41) In order to fulfil the objectives of this Regulation, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance with Article 290 of the Treaty should be delegated to the Commission to supplement this Regulation. In particular, delegated acts should be adopted in respect of the information to be presented, including by means of standardised icons in order to give an easily visible and intelligible overview of the collection of information emitted by terminal equipment, its purpose, the person responsible for it and of any measure the end-user of the terminal equipment can take to minimise the collection. Delegated acts are also necessary to specify a code to identify direct marketing calls including those made through automated calling and communication systemsThe power to adopt acts in accordance with Article 290 of the Treaty should be delegated to the Commission to supplement this Regulation. It is of particular importance that the Commission carries out appropriate consultations and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 201625 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. Furthermore, in order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. _________________ 25 Interinstitutional Agreement between the European Parliament, the Council of the European Union and the European Commission on Better Law-Making of 13 April 2016 (OJ L 123, 12.5.2016, p. 1–14).
Amendment 343 #
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. The processing of electronic communicationspersonal data by the Union institutions, bodies, offices and agencies is governed by Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001]. This Regulation complements and particularizes Regulation (EU) 00/0000 [new Regulation replacing Regulation 45/2001with regard to the confidentiality of electronic communication services.
Amendment 349 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
(a) the provision of electronic communications services to end-users in the Union, irrespective of whether the provider is located inside the EU, and irrespective of whether a payment of the end-user is required;
Amendment 352 #
Proposal for a regulation
Article 3 – paragraph 1 – point c
Article 3 – paragraph 1 – point c
(c) the protection of information related to or processed by the terminal equipment of end- users located in the Union.
Amendment 364 #
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) the definitions of ‘electronic communications network’, ‘electronic communications service’, ‘interpersonal communications service’, ‘number-based interpersonal communications service’, ‘number-independent interpersonal communications service’, ‘end-user’ and ‘call’ in points (1), (4), (5), (6), (7), (14) and (21) respectively'call' in point (21) of Article 2 of [Directive establishing the European Electronic Communications Code];
Amendment 368 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
Amendment 370 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a (new)
Article 4 – paragraph 3 – point –a (new)
(-a) 'electronic communications network' means a transmission system, whether or not based on a permanent infrastructure or centralised administration capacity, and, where applicable, switching or routing equipment and other resources, including network elements which are not active, which permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including satellite networks, electricity cable systems, to the extent that they are used for the purpose of transmitting signals, networks used for radio and television broadcasting, and cable television networks, irrespective of the type of information conveyed;
Amendment 371 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a a (new)
Article 4 – paragraph 3 – point –a a (new)
(-a a) 'electronic communications service' means a service provided via electronic communications networks, whether for remuneration or not, which encompasses one or more of the following:an 'internet access service' as defined in Article 2(2) or Regulation (EU) 2015/2120;an interpersonal communications service;a service consisting wholly or mainly in the conveyance of the signals, such as a transmission service used for the provision of a machine-to-machine service and for broadcasting, but excludes information conveyed as part of a broadcasting service to the public over an electronic communications network or service except to the extent that the information can be related to the identifiable subscriber or user receiving the information;
Amendment 372 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a b (new)
Article 4 – paragraph 3 – point –a b (new)
(-a b) 'interpersonal communications service' means a service, whether provided for remuneration or not, that enables direct interpersonal and interactive exchange of information between a finite number of persons whereby the persons initiating or participating in the communication determine the recipient(s);it includes services enabling interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service;
Amendment 373 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a c (new)
Article 4 – paragraph 3 – point –a c (new)
(-a c) 'number-based interpersonal communications service' means an interpersonal communications service which connects to the public switched telephone network, either by means of assigned numbering resources, i.e. number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 374 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a d (new)
Article 4 – paragraph 3 – point –a d (new)
(-a d) 'number-independent interpersonal communications service' means an interpersonal communications service which does not connect with the public switched telephone network, either by means of assigned numbering resources, i.e. a number or numbers in national or international telephone numbering plans, or by enabling communication with a number or numbers in national or international telephone numbering plans;
Amendment 375 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a e (new)
Article 4 – paragraph 3 – point –a e (new)
(-a e) 'end-user' means a legal entity or a natural person using or requesting a publicly available electronic communications service;
Amendment 376 #
Proposal for a regulation
Article 4 – paragraph 3 – point –a f (new)
Article 4 – paragraph 3 – point –a f (new)
(-a f) 'user' means any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to this service;
Amendment 382 #
Proposal for a regulation
Article 4 – paragraph 3 – point c
Article 4 – paragraph 3 – point c
(c) ‘'electronic communications metadata’' means all data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, electronic identifiers and any other data broadcasted or emitted by the terminal equipment, data on the location of the device generatterminal equipment processed in the context of providing electronic communications services, and the date, time, duration and the type of communication; where metadata of other electronic communications services or protocols are transmitted, distributed or exchanged by using the respective service, they shall be considered electronic communications content for the respective service;
Amendment 391 #
Proposal for a regulation
Chapter 2 – title
Chapter 2 – title
PROTECTION OF ELECTRONIC COMMUNICATIONS OF NATURAL AND LEGAL PERSONS AND OF INFORMATION STORED INPROCESSED BY AND RELATED TO THEIR TERMINAL EQUIPMENT
Amendment 400 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Electronic communications data shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.
Amendment 416 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. Providers of electronic communications networks and services may process electronic communications data only if:
Amendment 427 #
Proposal for a regulation
Article 6 – paragraph 1 – point b
Article 6 – paragraph 1 – point b
(b) it is technically strictly necessary to maintain or restore the security ofavailability, integrity and confidentiality of the respective electronic communications networks and or services, or to detect technical faults and/or errors in the transmission of electronic communications, for the duration necessary for that purpose.; or
Amendment 438 #
Proposal for a regulation
Article 6 – paragraph 1 – point b a (new)
Article 6 – paragraph 1 – point b a (new)
(b a) the user concerned has given his or her consent to the processing of his or her electronic communications data, provided that it is technically strictly necessary for the provision of a service explicitly requested by a user for his or her purely individual usage, solely for the provision of the explicitly requested service and only for the duration necessary for that purpose and without the consent of all users, only where such processing produces effects solely in relation to the user who requested the service and does not adversely affect the fundamental rights of other users.
Amendment 446 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Before processing electronic communications data, the provider shall carry out a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, and if necessary a prior consultation with the supervisory authority pursuant to Article 36 of Regulation (EU) 2016/679.
Amendment 452 #
Proposal for a regulation
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Providers of electronic communications services may process electronic communications metadata only if:
Amendment 465 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) the end-user or users concerned hasve given his or hertheir specific consent to the processing of his or their communications metadata by the respective electronic communications service for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing informationdata that is made anonymous, and the consent has not been a condition to access or use a service.
Amendment 485 #
Proposal for a regulation
Article 6 – paragraph 3 – point a
Article 6 – paragraph 3 – point a
(a) for the sole purpose of the provision of a specific service to an end- user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content andthe user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the user, for the duration necessary for that purpose, , provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or
Amendment 500 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication contenafter receipt by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third partparty, which could be the provider of the electronic communication service, specifically entrusted by them subscriber to record, store or otherwise process such data,. The subscriber may further process the data in accordance with Regulation (EU) 2016/679, if applicable.
Amendment 512 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Protection of information stored in and, related to end-, and processed by users’' terminal equipment
Amendment 516 #
Proposal for a regulation
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
1. The use of input, output, processing and storage capabilities of terminal equipment and the collectionprocessing of information from end-users’ terminal equipment, including about' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:
Amendment 524 #
Proposal for a regulation
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the end-user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service or use a terminal equipment, for the duration strictly technically necessary for that purpose; or
Amendment 540 #
Proposal for a regulation
Article 8 – paragraph 1 – point d
Article 8 – paragraph 1 – point d
Amendment 584 #
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
Amendment 599 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
Amendment 606 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
Amendment 615 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The definition of and conditions for consent provided for under Articles 4(11), 7 and 78 of Regulation (EU) 2016/679/EU shall apply.
Amendment 621 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed and withdrawn by using the appropriate technical settings of a software application enabling access to the internetpecifications for electronic communications services or information society services which allow for specific consent for specific purposes and with regard to specific service providers selected by the user. When such technical specifications are used by the user's terminal equipment or the software running on it, they shall be binding on, and enforceable against, any other party.
Amendment 640 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Software placed on the market permitting electronic communications, including the retrieval and presentationHardware and software that enable the access to and use of electronic communications services or the access to, and use of, information on the internet, shall offer the optionsociety services shall be able to prevent othirder parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipmentusing input, output, processing and storage capabilities of terminal equipment and the processing of information related to, or processed by, a user's terminal equipment, or making information available through the terminal equipment, including information about, and processed by, its software and hardware.
Amendment 657 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Upon installation, the software shall inform the end-user abouBy default, such hardware or software shall be set theo privacy settings options and, to continue with the installation, require the end-user to consent to a settingevent other parties from exercising the activities referred to in paragraph 1.
Amendment 664 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
Amendment 669 #
Proposal for a regulation
Article 11
Article 11
Amendment 679 #
Proposal for a regulation
Article 11 a (new)
Article 11 a (new)
Article 11 a Restrictions on the rights of the user or subscriber 1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.
Amendment 680 #
Proposal for a regulation
Article 11 b (new)
Article 11 b (new)
Article 11 b Restrictions of the confidentiality of communications 1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests: (a) national security; (b) defence; (c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.It shall also require prior judicial authorisation for any access to content or metadata. 3.No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.
Amendment 682 #
Proposal for a regulation
Article 11 c (new)
Article 11 c (new)
Amendment 737 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Natural or legal persons may use electronic communications services for the purposes of sendingpresenting or sending unsolicited or direct marketing communications to end-ussubscribers who are natural persons thatonly if these have given their explicit consent.
Amendment 752 #
Proposal for a regulation
Article 16 – paragraph 4
Article 16 – paragraph 4
Amendment 771 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
Amendment 777 #
Proposal for a regulation
Article 17 – paragraph 1 a (new)
Article 17 – paragraph 1 a (new)
The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
Amendment 779 #
Proposal for a regulation
Article 17 – paragraph 1 b (new)
Article 17 – paragraph 1 b (new)
In the case of a particular risk that may compromise the security of networks and electronic communications services, the relevant provider of an electronic communications service shall inform end- users of such a risk and, where the risk lies outside the scope of the measures to be taken by the service provider, inform end-users of any possible remedies.
Amendment 800 #
Proposal for a regulation
Article 23 – paragraph 2 – point a
Article 23 – paragraph 2 – point a
Amendment 803 #
Proposal for a regulation
Article 23 – paragraph 2 – point a a (new)
Article 23 – paragraph 2 – point a a (new)
(a a) the obligations of providers pursuant to Article 11c;
Amendment 804 #
Proposal for a regulation
Article 23 – paragraph 2 – point b
Article 23 – paragraph 2 – point b
Amendment 807 #
Proposal for a regulation
Article 23 – paragraph 3
Article 23 – paragraph 3
3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7following provisions of this Regulation shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.:
Amendment 809 #
Proposal for a regulation
Article 23 – paragraph 3 – subparagraph 1 (new)
Article 23 – paragraph 3 – subparagraph 1 (new)
(a) the principle of confidentiality of communications pursuant to Article 5; (b) the permitted processing of electronic communications data, pursuant to Article 6, (c) the time limits for erasure and the confidentiality obligations pursuant to Article 7; (d) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8; (e) the requirements for consent pursuant to Article 9; (f) the obligations of the provider of software or hardware enabling electronic communications, pursuant to Article 10; (g) the obligations of the providers of electronic communications services, of the providers of information society services, or of the manufacturers of hardware and software permitting the retrieval and presentation of information on the internet pursuant to Article 17.
Amendment 812 #
Proposal for a regulation
Article 23 – paragraph 4
Article 23 – paragraph 4