BETA

12 Amendments of Cornelia ERNST related to 2020/0359(COD)

Amendment 96 #
Proposal for a directive
Recital 10
(10) The CommissionSMEs represent, in the European context, a huge percentage of the industrial/business market and, given the new practices in the sector, increasingly digitised, they face specific and worrying cybersecurity challenges. Limited cyber knowledge, lack of cybersecurity, high cost of cybersecurity solutions are some of these challenges for which SMEs need increased protection. Member States should therefore, and on the basis of this Directive, plan and implement national cybersecurity strategies to make available all existing or to be created means to technically support SMEs so they will be able to detect, prevent and react to cyberattacks or cyber threats. The Commission, directly or through ENISA, in cooperation with the Cooperation Group, maywill issue guidelines on the implementation of the criteria applicable to micro and small enterprises.
2021/06/03
Committee: ITRE
Amendment 100 #
Proposal for a directive
Recital 11 a (new)
(11a) The Covid-19 pandemic has changed many pre-existing work situations, forcing many workers to work from home, and it seems that this change is here to stay for many of these situations. Therefore, it is necessary to ensure that homeworkers are also adequately protected against cybercrime threats and/or attacks. This requires such workers to be adequately trained to detect, prevent and/or react to cyber threats. These workers must as well be protected against employers' cyber surveillance systems that would not just violate their labour rights as their personal ones as the right to privacy. Trade unions and other relevant stakeholders must play a meaningful role in this protection.
2021/06/03
Committee: ITRE
Amendment 101 #
Proposal for a directive
Recital 11 b (new)
(11b) The daily lives of a large part of the population are increasingly digitalised, both personally and professionally, and in this pandemic phase we are seeing much greater and growing use of various digital platforms for various purposes. Consumers' rights must therefore be properly protected, particularly the right to be informed of any cyberattacks on websites that they have used and/or on which they may have provided their personal data.
2021/06/03
Committee: ITRE
Amendment 123 #
Proposal for a directive
Recital 23 a (new)
(23a) Cybercrime is a cross-border issue, in a constant changing process, so in order to achieve a common level of cybersecurity across the EU, the rules on prevention, detection and response to cyber threats and attacks need to be harmonized as far as possible. Therefore, ENISA should provide continuous technical support to Member States and national competent authorities and, in addition to its supervisory tasks, ENISA should provide regular recommendations and guidance for the implementation of cybersecurity best practices, also for support to SMEs. and to workers.
2021/06/03
Committee: ITRE
Amendment 128 #
Proposal for a directive
Recital 25
(25) As regards personal data, CSIRTs should be able to provide, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council19 as regards personal data, on behalf of and upon request by an entity under this Directive, a proactive scanning of the network and information systems used for the provision of their services. Member States should aim at ensuring an equal level of technical capabilities for all sectorial CSIRTs. Member States may request the assistance of the European Union Agency for Cybersecurity (ENISA) in developing national CSIRTs. With regard to personal data, all entities, public and/or private, which, due to a reported incident or a detected cybersecurity threat, wish to access or legitimately access personal data shall proceed in absolute accordance with the General Data Protection Regulation. _________________ 19Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
2021/06/03
Committee: ITRE
Amendment 224 #
Proposal for a directive
Article 2 – paragraph 2 – point f a (new)
(fa) the entity is critical for the provision of services in insular, remote or unpopulated areas;
2021/06/03
Committee: ITRE
Amendment 260 #
Proposal for a directive
Article 4 – paragraph 1 – point 23 – introductory part
(23) ‘public administration entity’ means an entity in a Member State that has legal personality and complies with some of the following criteria:
2021/06/03
Committee: ITRE
Amendment 261 #
Proposal for a directive
Article 4 – paragraph 1 – point 23 – point b
(b) it has legal personality;deleted
2021/06/03
Committee: ITRE
Amendment 282 #
Proposal for a directive
Article 5 – paragraph 1 – point e
(e) a list of the various authorities and actors involved in the implementation of the national cybersecurity strategy, including trade unions and other focused on workers' protection;
2021/06/03
Committee: ITRE
Amendment 295 #
Proposal for a directive
Article 5 – paragraph 2 – point h a (new)
(ha) a policy for cyber hygiene, and protection and training of workers against these new labour risks and threats.
2021/06/03
Committee: ITRE
Amendment 297 #
Proposal for a directive
Article 5 – paragraph 2 – point h b (new)
(hb) a policy for addressing awareness and security of consumers of digital services.
2021/06/03
Committee: ITRE
Amendment 298 #
Proposal for a directive
Article 5 – paragraph 2 – point h c (new)
(hc) an evaluation of the proper harmonisation between this Directive and the General Date Protection Regulation.
2021/06/03
Committee: ITRE