Activities of Marie-Christine VERGIAT related to 2012/0011(COD)
Plenary speeches (1)
Protection of individuals with regard to the processing of personal data (A8-0139/2016 - Jan Philipp Albrecht) FR
Amendments (121)
Amendment 352 #
Proposal for a regulation
Recital 2
Recital 2
(2) The processing of personal data is designed to serve humanity; the principles and rules on the protection of individuals with regard to the processing of their personal data should, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably their right to the protection of personal data. It should contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, the strengthening and the convergence of the economies within the internal market, and the well-being of individuals.
Amendment 354 #
Proposal for a regulation
Recital 4
Recital 4
(4) The economic and social integration resulting from the functioning of the internal market has led to a substantial increase in cross-border flows. The exchange of data between economic and social, public and private actors across the Union increased. National authorities in the Member States are being called upon by Union law to co-operate and exchange personal data so as to be able to perform their duties or carry out tasks on behalf of an authority in another Member State. Member States have a positive obligation under the terms of the European Convention for the Protection of Human Rights and Fundamental Freedoms to ensure that such data flows are appropriately regulated and that both the public and private sectors comply with Council of Europe Convention No 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, which applies to both public- and private-sector activities.
Amendment 393 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of protection should apply to any information concerning an identified or identifiable person. To determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the individual. The principles of data protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.
Amendment 394 #
Proposal for a regulation
Recital 23
Recital 23
(23) The principles of protection should apply to any information concerning an identified or identifiable personnatural person, even after his or her death. To determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the individual. The principles of data protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.
Amendment 432 #
Proposal for a regulation
Recital 29 a (new)
Recital 29 a (new)
(29a) Workers’ personal data, especially sensitive data such as political orientation and membership of and activities in trade unions, should be protected in accordance with Articles 8, 12, 27 and 28 of the Charter of Fundamental Rights of the European Union and Articles 8 and 11 of the European Convention on Human Rights. Workers’ personal data may not be used to put workers on so-called ‘blacklists’ to be passed on to other enterprises with the aim of discriminating against particular workers.
Amendment 440 #
Proposal for a regulation
Recital 33 b (new)
Recital 33 b (new)
(33b) Consent should only be considered a valid ground for processing that is lawful and thus not excessive in relation to the purpose. Disproportional data processing cannot be legitimised though obtaining consent.
Amendment 457 #
Proposal for a regulation
Recital 38
Recital 38
(38) TheIn exceptional circumstances, the well-defined legitimate interests of a controller may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. Notably, direct marketing should not be seen as a legitimate interest. This would need careful assessment in particular where the data subject is a child, given that children deserve specific protection. The data subject should have the right to object the processing, on grounds relating to their particular situation and free of charge. To ensure transparency, the controller should be obliged to explicitly inform the data subject on the specific legitimate interests pursued and on the data subject’s right to object, and also be obliged to document theseis specific legitimate interests it intends to use as a legal basis and notify the national data protection authority in advance of any such processing. Given that it is for the legislator to provide by law the legal basis for public authorities to process data, this legal ground should not apply for the processing by public authorities in the performance of their tasks..
Amendment 487 #
Proposal for a regulation
Recital 51
Recital 51
(51) Any person should have the right of access to data which has been collected concerning them, and to exercise this right easily, in order to be aware and verify the lawfulness of the processing. Every data subject should therefore have the right to know and obtain communication in particular for what purposes the data are processed, for what period, which recipients receive the data, what is the logic of the data that are undergoing the processing and what might be, at least when based on profiling, the consequences of such processing. This right should not adversely affect the rights and freedoms of others, including trade secrets or intellec natural property and in particular the copyright protecting the softwareersons. However, the result of these considerations should not be that all information is refused to the data subject.
Amendment 506 #
Proposal for a regulation
Recital 55
Recital 55
(55) To further strengthen the control over their own data and their right of access, data subjects should have the right, where personal data are processed by electronic means and in a structured and commonly used, freely available, interoperable, and where possible open source format, to obtain a copy of the data concerning them also in commonly used electronic format. The data subject should also be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. This should apply where the data subject providedProviders of information society services should not make the transfer of those data to the automated processing system, based on their consent or in the performance of a contramandatory for the provision of their services. Social networks should be encouraged as much as possible to store data in a way which permits efficient data portability for data subjects.
Amendment 516 #
Proposal for a regulation
Recital 59
Recital 59
(59) Restrictions on specific principles and on the rights of information, access, rectification and erasure or on the right to data portability, the right to object, measures based on profiling, as well as on the communication of a personal data breach to a data subject and on certain related obligations of the controllers may be imposed by Union or Member State law, as far as necessary and proportionate in a democratic society to safeguard public security, including the protection of human life especially in response to natural or man made disasters, the prevention, investigation and prosecution of specific criminal offences or of breaches of ethics for regulated professions, other public interests of the Union or of a Member State, in particular an important economic or financialspecific and well-defined public interests of the Union or of a Member State, or the protection of the data subject or the rights and freedoms of others. Those restrictions should be in compliance with requirements set out by the Charter of Fundamental Rights of the European Union and by the European Convention for the Protection of Human Rights and Fundamental Freedoms.
Amendment 534 #
Proposal for a regulation
Recital 66
Recital 66
(66) In order to maintain security and to prevent processing in breach of this Regulation, the controller or processor should evaluate the risks inherent to the processing and implement measures to mitigate those risks. These measures should ensure an appropriate level of security, taking into account the state of the art and the costs of their implementation in relation to the risks and the nature of the personal data to be protected. When establishing technical standards and organisational measures to ensure security of processing, the Commission should promote technological neutrality, interoperability and innovation, and should be promoted, also, where appropriate, cooperate withtowards third countries.
Amendment 568 #
Proposal for a regulation
Recital 75 a (new)
Recital 75 a (new)
(75a) Where the data protection officer is employed by the controller or processor, in order to guarantee the independence, the data protection officer should enjoy particular protection against dismissal and discrimination when performing his duties, comparable to worker representatives in accordance with national law and practices. He should be appointed with the consent of the workplace representation. The data protection officer should have the opportunity to follow regular training within their regular working time in relation to their duties, without loss of pay. The costs of the training should be borne by the employer.
Amendment 578 #
Proposal for a regulation
Recital 83
Recital 83
(83) In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorised by a supervisory authority, or other suitable and proportionate measures justified in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations and where authorised by a supervisory authority. Those appropriate safeguards should uphold an equal respect of the data subject rights as in intra-EU processing, in particular relating to purpose limitation, right to access, rectification, erasure and compensation.
Amendment 580 #
Proposal for a regulation
Recital 85
Recital 85
(85) A corporate group should be able to make use of approved binding corporate rules for its international transfers from the Union to organisations within the same corporate group of undertakings, as long as such corporate rules include all essential principles and enforceable rights to ensure appropriate safeguards for transfers or categories of transfers of personal data.
Amendment 589 #
Proposal for a regulation
Recital 88
Recital 88
(88) Transfers which cannot be qualified as frequent or massive, could also be possible for the purposes of the legitimate interests pursued by the controller or the processor, when they have assessed all the circumstances surrounding the data transfer. Ffor the purposes of processing for historical, statistical and scientific research purposes, should take the legitimate expectations of society for an increase of knowledge should be taken into consideration.
Amendment 594 #
Proposal for a regulation
Recital 90
Recital 90
(90) Some third countries enact laws, regulations and other legislative instruments which purport to directly regulate data processing activities of natural and legal persons under the jurisdiction of the Member States. The extraterritorial application of these laws, regulations and other legislative instruments mayshould, by default, be considered to be in breach of international law and may impede the attainment of the protection of individuals guaranteed in the Union by this Regulation. . Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may inter alia be the case where the disclosure is necessary for an important ground of public interest recognised in Union law or in a Member State law to which the controller is subject. The conditions under which an important ground of public interest exists should be further specified by the Commission in a delegated act. The existence of legislation which would, even theoretically, permit extra-territorial access to European citizens’ data should be considered, on its own and regardless of the application of legislation, as grounds to revoke recognition of adequacy of the data protection regime of that country or any equivalent bilateral arrangement.
Amendment 597 #
Proposal for a regulation
Recital 97 a (new)
Recital 97 a (new)
(97a) If people are also affected by suspected breaches of the rules by an undertaking in other Member States (e.g. as consumers or employees), they should be able to complain to the data protection authority of their choice. If a procedure based on the same ground for complaint has already been initiated in another Member State, a further data protection authority which has received a complaint may temporarily suspend the procedure. The data protection authority which takes responsibility for the procedure must coordinate its work with that of the other authorities concerned. If legal issues are contested between the authorities concerned, the matter must be put before the Court of Justice of the EU.
Amendment 604 #
Proposal for a regulation
Recital 101
Recital 101
(101) Each supervisory authority should hear complaints lodged by any data subject or by any body, association or organisation acting in the public interest or on behalf of one or more data subjects and should investigate the matter. The investigation following a complaint should be carried out, subject to judicial review, to the extent that is appropriate in the specific case. The supervisory authority should inform the data subject or, as the case may be, the body, association or organisation of the progress and the outcome of the complaint within a reasonable period. If the case requires further investigation or coordination with another supervisory authority, intermediate information should be given to the data subject.
Amendment 613 #
Proposal for a regulation
Recital 112
Recital 112
(112) Any body, organisation or association which aims to protects the rights and interests of dnata subjects in relation to the protection of their dataural persons or is acting in the public interest and is constituted according to the law of a Member State should have the right to lodge a complaint with a supervisory authority or exercise the right to a judicial remedy on behalf of data subjects, or to lodge, independently of a data subject’s complaint, an own complaint where it considers that a personal data breach has occurred.
Amendment 616 #
Proposal for a regulation
Recital 114
Recital 114
(114) In order to strengthen the judicial protection of the data subject in situations where the competent supervisory authority is established in another Member State than the one where the data subject is residing, the data subject may request any body, organisation or association aiming to protect the rights and interests of dnata subjects in relation to the protection of their dataural persons or acting in the public interest to bring on the data subject’s behalf proceedings against that supervisory authority to the competent court in the other Member State.
Amendment 621 #
Proposal for a regulation
Recital 118
Recital 118
(118) Any damage, whether pecuniary or not, which a person may suffer as a result of unlawful processing should be compensated by the controller or processor, who may be exempted from liability only if they prove that they are not responsible for the damage, in particular where he establishes beyond any doubt that the balance of fault is on the part of the data subject or in case of force majeure.
Amendment 622 #
Proposal for a regulation
Recital 119 a (new)
Recital 119 a (new)
(119a) Member States should be able to impose criminal sanctions, such as a suspension or temporary revocation of a commercial license for instance, in cases of severe infringements of the provisions of this Regulation, where it concerns manifestly unethical commercial behaviour towards the data subjects and the exercise of their rights.
Amendment 629 #
Proposal for a regulation
Recital 121
Recital 121
(121) TWhe processing of personal data solely for journalistic purposes, or for the purposes of artistic or liternever necessary, expression should qualify for exempemptions or derogations from the requirements of certain provisions of this Regulation for the processing of personal data should be possible in order to reconcile the right to the protection of personal data with the right to freedom of expression, and notably the right to receive and impart information, as guaranteed in particular by Article 11 of the Charter of Fundamental Rights of the European Union. This should apply in particular to processing of personal data in the audiovisual field and in news archives and press libraries. Member States competence to define and organize public service broadcasting in accordance with protocol No. 29 to the Treaty of the European Union shall be respected. Therefore, Member States should adopt legislative measures, which should lay down exemptions and derogations which are necessary for the purpose of balancing these fundamental rights. Such exemptions and derogations should be adopted by the Member States on general principles, on the rights of the data subject, on controller and processor, on the transfer of data to third countries or international organisations, on the independent supervisory authorities and on co-operation and consistency. This should not, however, lead Member States to lay down exemptions from the other provisions of this Regulation. In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary to interpret notions relating to that freedom, such as journalism, broadly. Therefore, Member States should classify activities as ‘journalistic’ for the purpose of the exemptions and derogations to be laid down under this Regulation if the object of these activities is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them. They should not be limited to media undertakings and may be undertaken for profit-making or for non- profit making purposes.
Amendment 636 #
Proposal for a regulation
Recital 124
Recital 124
(124) The general principles on the protection of individuals with regard to the processing of personal data should also be applicable to the employment context. Therefore, in order to regulate the processing of employees’ personal data in the employment context, Member States should be able, within the limits ofin accordance with this Regulation, to adopt by law specific rules for the processing of personal data in the employment sectorcontext.
Amendment 642 #
Proposal for a regulation
Recital 125 a (new)
Recital 125 a (new)
(125a) Personal data may also be processed subsequently for archive purposes. In that event, the right to the protection of personal data should be coordinated with the rules on archives, which are the guarantors of the right of peoples to know their own history, and with the rules on public access to administrative information. The Universal Declaration on Archives, adopted at the 36th session of the UNESCO General Conference held in November 2011, stresses that, as reliable sources of information underpinning accountable and transparent administrative actions, archives play a vital role in the development of societies by safeguarding and contributing to individual and community memory. International transfers of personal data must be carried out without prejudice to the rules on the movement of cultural goods and national treasures.
Amendment 659 #
Proposal for a regulation
Article 1 – paragraph 3 a (new)
Article 1 – paragraph 3 a (new)
3a. Paragraph 3 is without prejudice to legislative measures by the Member States which provide for more favourable conditions for data subjects with regard to the protection of their data, in particular for the purposes of Articles 80 and 84.
Amendment 742 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 a (new)
Article 4 – paragraph 1 – point 3 a (new)
(3a) ‘profiling’ means any kind of automated processing of personal data carried out in order to assess certain characteristics specific to a natural person or to analyse or predict, in particular, his or her professional performance, economic situation, location, state of health, personal preferences, reliability or conduct, and/or in order to tailor a service which is provided or a decision which is applied to a person, and which may also involve processing to determine to what category or categories a person belongs;
Amendment 743 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 b (new)
Article 4 – paragraph 1 – point 3 b (new)
(3b) ‘biometric data’ means any data concerning the unique physical, physiological or behavioural characteristics of an individual, for example images of the face or dactyloscopic data;
Amendment 751 #
Proposal for a regulation
Article 4 – paragraph 1 – point 6 a (new)
Article 4 – paragraph 1 – point 6 a (new)
(6a) ‘publisher’ means any natural or legal person, a public authority, a service or any other body which creates automated data processing systems or data files intended to be used in the processing of personal data by controllers and processors, including the equipment used by the person concerned;
Amendment 761 #
Proposal for a regulation
Article 4 – paragraph 1 – point 8
Article 4 – paragraph 1 – point 8
(8) ‘the data subject’'s consent’ means any freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed with a view to achieving a specific objective or several compatible and inseparable objectives;
Amendment 763 #
Proposal for a regulation
Article 4 – paragraph 1 – point 8
Article 4 – paragraph 1 – point 8
(8) ‘the data subject’s consent’ means any freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed for one or more specific purposes;
Amendment 787 #
Proposal for a regulation
Article 4 – paragraph 1 – point 13
Article 4 – paragraph 1 – point 13
(13) ‘main establishment’ means as regards the controller, the place of its establishment in the Union where the main decisions as to the purposes, conditions and means of the processing of personal data are taken; if no decisions as to the purposes, conditions and means of the processing of personal data are taken in the Union, the main establishment is the place where the main processing activities in the context of the activities of an establishment of a controller in the Union take place. In order to determine main processing activities, factual elements like the physical location of data servers, the centralization of core processing activities, or the dominant influence of one particular establishment should be taken into account. As regards the processor, ‘main establishment’ means the place of its central administration in the Union;
Amendment 800 #
Proposal for a regulation
Article 4 – paragraph 1 – point 18 a (new)
Article 4 – paragraph 1 – point 18 a (new)
(18a) ‘archive services’ means public authorities, public services or legal persons, who, in accordance with Union law or the law of the Member State concerned, have as their main or mandatory task the collection, conservation, classification, dissemination of information about and exploitation of archives in the public interest, in particular with a view to substantiating the rights of natural persons or legal persons established under public and private law, or for the purposes of historical, statistical or scientific research;
Amendment 822 #
Proposal for a regulation
Article 5 – paragraph 1 – point b
Article 5 – paragraph 1 – point b
(b) collected for specified, explicit and legitimate purposes and, not further processed in a way incompatible with those purposes and processed in a proportionate manner to that purpose (purpose limitation);
Amendment 823 #
Proposal for a regulation
Article 5 – paragraph 1 – point b
Article 5 – paragraph 1 – point b
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing carried out by archive services in accordance with Member State law shall be deemed compatible with those purposes and shall be subject to the provisions of Article 83a;
Amendment 839 #
Proposal for a regulation
Article 5 – paragraph 1 – point e
Article 5 – paragraph 1 – point e
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the data will be processed solely for historical, statistical or scientific research purposes in accordance with the rules and conditions of Article 83 and if a periodic review is carried out to assess the necessity to continue the storageuntil such time as it is clear that continued storage is no longer necessary; personal data may be stored for longer periods insofar as the data will be processed by archive services in accordance with Member State law, in keeping with the conditions laid down in Article 83a;
Amendment 855 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) the data subject has given consent to the processing of their personal data for one or more specific purposes, in the form as described in Article 7;
Amendment 881 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
Article 6 – paragraph 1 – point f
(f) processing is necessary forWhere none of the legal grounds for the processing of personal data referred to in paragraph 1 apply, processing of personal data shall be lawful if and to the extent that it is necessary for and proportionate to the purposes of thewell- defined legitimate interests pursued by athe controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subjec. The data controller shall in that case inform the data subject about the data processing explicitly and separately, and shall inform him of the possibility to seek redress via the supervisory authority. The controller shall also publish the reasons for believing that its a child. Thisinterests override the interests or fundamental rights and freedoms of the data subject. This paragraph shall not apply to processing carried out by public authorities in the performance of their tasks.
Amendment 907 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1a. The legitimate interests of the controller as referred to in paragraph 1 point (f) may override the interests or fundamental rights and freedoms of the data subject, only if: (a) processing of personal data takes place as part of the exercise of the right to freedom of expression, the media and the arts, within the limits of Union or national law; (b) processing of personal data is necessary for and proportionate to the enforcement of the legal claims of the data controller or of third parties on behalf of whom the data controller is acting in relation to a specific identified data subject, or for preventing or limiting damage by the data subject to the controller, given that these legal claims are not manifestly unreasonable; (c) processing of personal data takes place in the context of professional business-to- business relationships and the data were collected from the data subject for that purpose and the processing shall be limited to the business-to-business relationship in which the data were originally collected; (d) processing of personal data is necessary for registered non-profit associations, foundations and charities, recognised as acting in the public interest under Union or national law, for the sole purpose of collecting donations.
Amendment 911 #
Proposal for a regulation
Article 6 – paragraph 1 b (new)
Article 6 – paragraph 1 b (new)
1b. The interests or fundamental rights and freedoms of the data subject as referred to in paragraph 1 point (f) override the legitimate interest of the controller, as a rule, if: (a) the processing may cause a serious risk of damage to the data subject; (b) special categories of data as referred to in paragraph 1 of article 9, location data, or biometric data are processed; (c) personal data are processed in the context of profiling; (d) personal data is made accessible for a large number of persons or large amounts of personal data about the data subject are processed, aligned or combined with other data; (e) the processing of personal data may adversely affect the data subject, in particular because it can lead to defamation or discrimination; or (f) the data subject is a child.
Amendment 942 #
Proposal for a regulation
Article 6 – paragraph 4
Article 6 – paragraph 4
Amendment 1045 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The processing of personal data, revealing race or ethnic origin, political opinions, religion or beliefsphilosophical beliefs, sexual orientation or gender identity, trade-union membership and activities, and the processing of genetic and biometric data or data concerning health or sex life or criminal convictions or related security measures shall be prohibited.
Amendment 1046 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The processing of personal data, revealing race or ethnic origin, political opinions, religion or beliefs, trade-union membership, and the processing of financial data, genetic data or data concerning health or sex life or criminal convictions or related security measures shall be prohibited.
Amendment 1053 #
Proposal for a regulation
Article 9 – paragraph 2 – point b
Article 9 – paragraph 2 – point b
(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller in the field of employment law in so far as it is authorised by Union law or Member State law providing for adequate safeguardsed that it meets a clearly defined objective of public interest, respect the essence of the right to protection of personal data, be proportionate to the legitimate aim pursued and respect the fundamental rights and interests of the data subject; or
Amendment 1061 #
Proposal for a regulation
Article 9 – paragraph 2 – point e
Article 9 – paragraph 2 – point e
(e) the processing relates to personal data which are manifestly and demonstrably made public by the data subject; or
Amendment 1063 #
Proposal for a regulation
Article 9 – paragraph 2 – point f
Article 9 – paragraph 2 – point f
(f) processing is necessary for the establishment, exercise or defence of legal claims given they are not manifestly unreasonable; or
Amendment 1068 #
Proposal for a regulation
Article 9 – paragraph 2 – point g
Article 9 – paragraph 2 – point g
(g) processing is necessary for the performance of a task carried out in thea well- defined and substantial public interest, on the basis of Union law, or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitabladequate measures to safeguard the data subject's legitimate interestsfundamental rights and interests of the data subject; or
Amendment 1144 #
Proposal for a regulation
Article 12 – paragraph 4
Article 12 – paragraph 4
4. The information and the actions taken on requests referred to in paragraph 1 shall be free of charge. Where requests are manifestly excessive, in particular because of their repetitive character, the controller may charge a reasonable fee for providing the information or taking the action requested, or the controller may not take the ac. The level of such a fee shall not exceed the costs of providing the information requested. In that case, the controller shall bear the burden of proving the manifestly excessive character of the request.
Amendment 1200 #
Proposal for a regulation
Article 14 – paragraph 1 – point c
Article 14 – paragraph 1 – point c
(c) the period for which the personal data will be stored and, where appropriate, archived;
Amendment 1208 #
Proposal for a regulation
Article 14 – paragraph 1 – point f
Article 14 – paragraph 1 – point f
(f) the recipients or categories of recipients of the personal dataf the personal data, including the controllers to whom personal data are disclosed for the legitimate interests pursued by them;
Amendment 1254 #
Proposal for a regulation
Article 14 – paragraph 5 – point d
Article 14 – paragraph 5 – point d
(d) the data are not collected from the data subject and the provision of such information will impair the rights and freedoms of other natural persons, as defined in Union law or Member State law in accordance with Article 21.
Amendment 1333 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in an electronic formand structured format which follows an open standard, is freely available, interoperable, commonly used and allows for further use by the data subject, unless otherwise requested by the data subject.
Amendment 1346 #
Proposal for a regulation
Article 15 – paragraph 2 a (new)
Article 15 – paragraph 2 a (new)
2a. Unless a deceased person has explicitly stipulated otherwise, his or her successors in right and title or legal representative shall have the right to obtain from the controller acknowledgement of the death of the data subject and right of access to data in the event of the death of the data subject.
Amendment 1379 #
Proposal for a regulation
Article 16 – paragraph 1 bis (new)
Article 16 – paragraph 1 bis (new)
Unless the deceased person has explicitly stipulated otherwise, his or her successors in right and title or legal representative shall have the right to obtain from the controller acknowledgement of the death of the data subject and the right to rectify data in the event of the death of the data subject.
Amendment 1408 #
Proposal for a regulation
Article 17 – paragraph 1 a (new)
Article 17 – paragraph 1 a (new)
1a. Unless the deceased person has explicitly stipulated otherwise, his or her successors in right and title or legal representative shall have the right to obtain from the controller acknowledgement of the death of the data subject and an undertaking to cease publishing and disseminating the deceased person’s data.
Amendment 1442 #
Proposal for a regulation
Article 17 – paragraph 3 – point d
Article 17 – paragraph 3 – point d
(d) for compliance with a legal obligation to retain the personal data by Union or Member State law to which the controller is subject; Member State laws shall meet an objective of essential public interest, fully respect the essence of the right to the protection of personal data and be proportionate to the legitimate aim pursued;
Amendment 1514 #
Proposal for a regulation
Article 18 – paragraph 2 a (new)
Article 18 – paragraph 2 a (new)
2a. Member States shall promote and use a freely-available and user-friendly format to exercise the data portability right.
Amendment 1531 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
Amendment 1566 #
Proposal for a regulation
Article 20 – paragraph 2 – point a
Article 20 – paragraph 2 – point a
(a) is carried out in the course of the entering into, or performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfied or where suitable measures to safeguard the data subject's legitimate interests have been adduced, such as the right to obtain human intervention and arrangements that allow the data subject to submit his point of view; or
Amendment 1592 #
Proposal for a regulation
Article 20 – paragraph 2 a (new)
Article 20 – paragraph 2 a (new)
2a. Profiling that has the direct or indirect effect of discriminating against individuals on the basis of race or ethnic origin, socio-economic status, political opinions, religion or beliefs, trade union membership and activities, sexual orientation or gender identity, or that results in measures which have such effect, shall always be prohibited. Profiling in the employment context shall always be prohibited.
Amendment 1602 #
Proposal for a regulation
Article 20 – paragraph 3 a (new)
Article 20 – paragraph 3 a (new)
3a. Credit rating data and/or profiling procedures in connection with the conclusion of contracts may be used only when a specially high risk of default can be demonstrated. In predicting the risk of default, only personal data that is genuinely relevant to the person’s credit rating, such as payment problems or insolvency data, may be used. Where scoring methods are used, these must lead to scientifically watertight conclusions. The provider and requester of credit rating data must act in a transparent manner. Consumers should be informed about the data used, the deployment of scoring methods, etc. Credit rating data must be correct and up to date. Health data may not be used for scoring purposes.
Amendment 1629 #
Proposal for a regulation
Article 21 – paragraph 1 – point b
Article 21 – paragraph 1 – point b
(b) the prevention, investigation, detection and prosecution of specific criminal offences;
Amendment 1641 #
Proposal for a regulation
Article 21 – paragraph 1 – point e
Article 21 – paragraph 1 – point e
(e) a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of officialin the framework of the exercise of a competent public authority in cases referred to in (a), (b), (c) and (d);
Amendment 1649 #
Proposal for a regulation
Article 21 – paragraph 2
Article 21 – paragraph 2
2. In particular, aAny legislative measure referred to in paragraph 1 shall contain specific provisions at least as to the objectives to be pursued by the processing and the determination of the controller, the categories of personal data processed, the specific means and purposes of processing, the categories of persons entitled to process the data, the designation of the controller, and the safeguards against unlawful access or transfer of data.
Amendment 1652 #
Proposal for a regulation
Article 21 – paragraph 2 a (new)
Article 21 – paragraph 2 a (new)
2a. Any such legislative measure shall contain the requirement to inform the data subject of the restriction of their right and of the possibility to obtain indirect access through the national data protection supervisory authority.
Amendment 1698 #
Proposal for a regulation
Article 22 – paragraph 3
Article 22 – paragraph 3
3. The controller shall implement mechanisms to ensure the verification of the adequacy and effectiveness of the measures referred to in paragraphs 1 and 2. If proportionate, this verification shall be carried out by independent internal or external auditors. The controller shall regularly make public reports of its activities under this Article.
Amendment 1716 #
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
1. Having regard to the state of the art and the cost of implementation, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
Amendment 1761 #
Proposal for a regulation
Article 25 – paragraph 2 – point b
Article 25 – paragraph 2 – point b
(b) an enterprise employing fewer than 250 personsprocessing personal data relating to fewer than 500 data subjects per year; or
Amendment 1762 #
Proposal for a regulation
Article 25 – paragraph 2 – point b
Article 25 – paragraph 2 – point b
(b) an enterprise employingprocessing the personal data of fewer than 250 persons per year; or
Amendment 1824 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
The processor and any person acting under the authority of the controller or of the processor who has access to personal data shall not process them except on instructions from the controller, unless required to do so by Union or Member State lawin accordance with Article 6.
Amendment 2170 #
Proposal for a regulation
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
(b) the processing is carried out by an enterprise employing 250 persons or more legal person and relates to more than 500 data subjects per year; or
Amendment 2173 #
Proposal for a regulation
Article 35 – paragraph 1 – point b
Article 35 – paragraph 1 – point b
(b) the processing is carried out by an enterprise employing 250 persons or more legal person and concerns over 250 data subjects annually; or
Amendment 2181 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
(c) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes or their volume, require regular and systematic monitoring of data subjects.
Amendment 2203 #
Proposal for a regulation
Article 35 – paragraph 3 a (new)
Article 35 – paragraph 3 a (new)
3a. Where the controller belongs to a professional body or a body of controllers from the same sector, he may appoint a data protection officer duly mandated by the body concerned.
Amendment 2214 #
Proposal for a regulation
Article 35 – paragraph 5
Article 35 – paragraph 5
5. The controller or processor shall designate the data protection officer, after consultation with the employee's representatives, on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfil the tasks referred to in Article 37. The necessary level of expert knowledge shall be determined in particular according to the data processing carried out and the protection required for the personal data processed by the controller or the processor.
Amendment 2233 #
Proposal for a regulation
Article 35 – paragraph 7 – subparagraph 1 a (new)
Article 35 – paragraph 7 – subparagraph 1 a (new)
The supervisory authority shall be entitled to require justification for the early discharge of a data protection officer.
Amendment 2278 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. The controller or the processor shall support the data protection officer in performing the tasks and shall provide all necessary resources, including staff, premises, equipment, access to information and any other resources necessary to carry out the duties and tasks referred to in Article 37. and update his or her professional knowledge. The right of data protection officers to training shall be guaranteed under the relevant statutory or contractual provisions of the Member State in which they are performing their tasks.
Amendment 2372 #
Proposal for a regulation
Article 39 – paragraph 2 a (new)
Article 39 – paragraph 2 a (new)
Amendment 2406 #
Proposal for a regulation
Article 41 – paragraph 6
Article 41 – paragraph 6
6. Where the Commission decides pursuant to paragraph 5, any transfer of personal data to the third country, or a territory or a processing sector within that third country, or the international organisation in question shall be prohibited, without prejudice to Articles 42 to 44. At the appropriate time, the Commission shall enter into consultations with the third country or international organisation with a view to remedying the situation resulting from the Decision made pursuant to paragraph 5 of this Article.
Amendment 2458 #
Proposal for a regulation
Article 42 – paragraph 5
Article 42 – paragraph 5
Amendment 2491 #
Proposal for a regulation
Article 43 a (new)
Article 43 a (new)
Article 43a Transfers not authorised by Union Law 1. Any judgment of a court or tribunal and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall only be recognized or be enforceable in any manner, on the basis of and in accordance with a mutual assistance treaty or an international agreement in force between the requesting third country and the Union or a Member State. 2. Where a judgment of a court or tribunal or a decision of an administrative authority of a third country requests a controller or processor to disclose personal data, the controller or processor and, if any, the controller's representative, shall notify the supervisory authority of the request without undue delay and must obtain prior authorisation for the transfer by the supervisory authority in accordance with Article 34. 3. The supervisory authority shall assess the compliance of the requested disclosure with the Regulation and in particular whether the disclosure is necessary and legally required in accordance with points (d) and (e) of paragraph 1 and paragraph 5 of Article 44. 4. The supervisory authority shall inform the competent national authority of the request. The controller or processor shall also inform the data subject of the request and of the authorisation by the supervisory authority. 5. The Commission may lay down in an implementing act the standard format of the notifications to the supervisory authority referred to in paragraph 2 and the information of the data subject referred to in paragraph 4 as well as the procedures applicable to the notification and information. Those implementing acts shall be adopted after requesting an opinion of the European Data Protection Board, in accordance with the examination procedure referred to in Article 87(2).
Amendment 2496 #
Proposal for a regulation
Article 44 – paragraph 1 – introductory part
Article 44 – paragraph 1 – introductory part
1. In the absence of an adequacy decision pursuant to Article 41 or of appropriate safeguards pursuant to Article 42, and without prejudice to Articles 6, 14, 15, 16 and 17, a transfer or a set of transfers of personal data to a third country or an international organisation may take place only on condition that:
Amendment 2502 #
Proposal for a regulation
Article 44 – paragraph 1 – point h
Article 44 – paragraph 1 – point h
Amendment 2512 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
Amendment 2515 #
Proposal for a regulation
Article 44 – paragraph 4
Article 44 – paragraph 4
4. Points (b), (c) and (hc) of paragraph 1 shall not apply to activities carried out by public authorities in the exercise of their public powers.
Amendment 2522 #
Proposal for a regulation
Article 44 – paragraph 6
Article 44 – paragraph 6
Amendment 2532 #
Proposal for a regulation
Article 45 – paragraph 1 – introductory part
Article 45 – paragraph 1 – introductory part
1. In relation to third countries and international organisations and in cooperation with the Consultative Committee of Convention 108 of the Council of Europe, the Commission and supervisory authorities shall take appropriate steps to:
Amendment 2536 #
Proposal for a regulation
Article 45 – paragraph 2
Article 45 – paragraph 2
2. For the purposes of paragraph 1, the Commission shall, in cooperation with the Consultative Committee of Convention 108 of the Council of Europe, take appropriate steps to advance the relationship with third countries or international organisations, and in particular their supervisory authorities, where the Commission has decided that they ensure an adequate level of protection within the meaning of Article 41(3).
Amendment 2539 #
Proposal for a regulation
Article 45 a (new)
Article 45 a (new)
Article 45a Rapport de la Commission The Commission shall submit to the European Parliament and the Council at regular intervals, starting not later than four years after the date referred to in Article 91(1), [entry into force of this Regulation] a report on the application of Articles 40 to 45. For that purpose, the Commission may request information from the Member States, the supervisory authorities and the Consultative Committee of Convention 108 of the Council of Europe, which shall be supplied without undue delay. The report shall be made public.
Amendment 2577 #
Proposal for a regulation
Article 50 – subparagraph 1 a (new)
Article 50 – subparagraph 1 a (new)
Any persons who notify the supervisory authority of any facts relating to personal data processing shall be released from their professional secrecy obligations; they shall enjoy immunity from all legal proceedings.
Amendment 2607 #
Proposal for a regulation
Article 52 – paragraph 1 – point f a (new)
Article 52 – paragraph 1 – point f a (new)
(fa) keep a public register of all prior notifications received by data controllers or processors on intended processing activities in accordance with Article 6(1c).
Amendment 2616 #
Proposal for a regulation
Article 52 – paragraph 6
Article 52 – paragraph 6
6. Where requests are manifestly excessive, in particular due to their repetitive character, the supervisory authority may charge a fee or noto take the action requested by the data subject. The level of such a fee shall not exceed the costs of taking the action requested. The supervisory authority shall bear the burden of proving the manifestly excessive character of the request.
Amendment 2686 #
Proposal for a regulation
Article 59
Article 59
Amendment 2702 #
Proposal for a regulation
Article 60
Article 60
Amendment 2785 #
Proposal for a regulation
Article 73 – paragraph 2
Article 73 – paragraph 2
2. Any body, organisation or association which aims to protect data subjects‘s the rights and interests concerning the protection of their personal data andof natural persons or is acting in the public interest and which has been properly constituted according to the law of a Member State shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject's rights under this Regulation have been infringed as a result of the processing of personal data.
Amendment 2831 #
Proposal for a regulation
Article 77 – paragraph 2
Article 77 – paragraph 2
2. Where more than one controller or processor is involved in the processing, each controller or processor shall be jointly and severally liable for the entire amount of the damage. In the case of a group of undertakings, the entire group shall be liable as a single economic entity.
Amendment 2892 #
Proposal for a regulation
Article 79 – paragraph 4 – introductory part
Article 79 – paragraph 4 – introductory part
4. The supervisory authority shall impose a fine up to 250 000 EUR, or in case of an enterprise up to 0,51 % of its annual worldwide turnover, to anyone who, intentionally or negligently:
Amendment 2905 #
Proposal for a regulation
Article 79 – paragraph 5 – introductory part
Article 79 – paragraph 5 – introductory part
5. The supervisory authority shall impose a fine up to 500 000 EUR, or in case of an enterprise up to 13 % of its annual worldwide turnover, to anyone who, intentionally or negligently:
Amendment 2925 #
Proposal for a regulation
Article 79 – paragraph 6 – introductory part
Article 79 – paragraph 6 – introductory part
6. The supervisory authority shall impose a fine up to 1 000 000 EUR or, in case of an enterprise up to 25 % of its annual worldwide turnover, to anyone who, intentionally or negligently:
Amendment 2973 #
Proposal for a regulation
Article 81 – paragraph 1 – point a
Article 81 – paragraph 1 – point a
a) the purposes of preventive or occupational medicine, scientific research, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject to the obligation of professional secrecy or another person also subject to an equivalent obligation of confidentiality under Member State law or rules established by national competent bodies; or
Amendment 2977 #
Proposal for a regulation
Article 81 – paragraph 1 – point b
Article 81 – paragraph 1 – point b
Amendment 2983 #
Proposal for a regulation
Article 81 – paragraph 1 – point c
Article 81 – paragraph 1 – point c
(c) other reasons of public interest in areas such as social protection, especially in order to ensure the quality and cost- effectiveness of the procedures used for settling claims for benefits and services in the health insurance system.
Amendment 2988 #
Proposal for a regulation
Article 81 – paragraph 2 a (new)
Article 81 – paragraph 2 a (new)
2a. The collection and re-use of health data for commercial purposes shall not be compatible with this Regulation.
Amendment 2994 #
Proposal for a regulation
Article 81 – paragraph 3
Article 81 – paragraph 3
Amendment 3009 #
Proposal for a regulation
Article 82 – paragraph 1
Article 82 – paragraph 1
1. WIn accordance within the limits ofrules set out in this Regulation, Member States may adopt by law specific rules regulating the processing of employees‘ personal data in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organisation of work, health and safety at work, and for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship.
Amendment 3010 #
Proposal for a regulation
Article 82 – paragraph 1 – subparagraph 1 a (new)
Article 82 – paragraph 1 – subparagraph 1 a (new)
The right of the Member States to lay down protective provisions on the processing of personal data in the context of employment which are more favourable to employees shall be unaffected.
Amendment 3013 #
Proposal for a regulation
Article 82 – paragraph 1 a (new)
Article 82 – paragraph 1 a (new)
Amendment 3017 #
Proposal for a regulation
Article 82 – paragraph 1 b (new)
Article 82 – paragraph 1 b (new)
1b. Without prejudice to the other provisions of this regulation, the legal provisions of the Member States referred to in paragraph 1 shall at the minimum include the following minimum standards: (a) Processing of data on employees without the employees’ knowledge shall not be permitted. The private and intimate life of employees shall always be respected; (b) Optical electronic surveillance of parts of the business premises which are not accessible to the public and are predominantly used for purposes of an employee’s private life, particularly in sanitary facilities, changing rooms, rooms where breaks are spent and bedrooms, shall not be permitted; (c) Optical electronic surveillance of publicly accessible parts of the business premises and parts which are not accessible to the public and are not predominantly used for purposes of an employee’s private life, such as entry halls, foyers, offices, workshops or the like, shall be permitted only to the extent that it is absolutely necessary for the safety/security of the employee and of the business; (d) Insofar as possible, surveillance of public parts of the business should not include surveillance of the employee in his place of work. Before surveillance is performed, the employee shall be informed when and for how long the surveillance devices will be operated; (e) Acoustic electronic surveillance shall be permitted only on compelling grounds of public safety, for example in the cockpit of an aircraft. Secret surveillance shall always be prohibited; (f) Any surveillance of employees’ representatives who are provided for by European Union law or domestic law and/or customs, including trade union representatives, shall be prohibited in relation to their representative activity. The same shall apply to blacklisting; (g) Medical data on employees, particularly those gathered in connection with occupational health care examinations pursuant to Article 81(1)(a), may also not be disclosed to the employer; (h) Profiling and processing whose purpose is to permanently monitor employees, their performance or their conduct, shall be prohibited. This shall apply irrespective of the technology used.
Amendment 3019 #
Proposal for a regulation
Article 82 – paragraph 1 c (new)
Article 82 – paragraph 1 c (new)
1c. In the cases referred to in points (b) to (e) of paragraph 1a and for the purposes of this regulation, it shall be permitted for domestic laws or collective agreements between employers and employees – insofar as these are provided for by law – to create a basis for the admissibility of specific procedures, the design of procedures or implementation or to prohibit processing.
Amendment 3021 #
Proposal for a regulation
Article 82 – paragraph 1 d (new)
Article 82 – paragraph 1 d (new)
1d. If a representative body has been established for employees within an undertaking in accordance with the law of the Member State, processing by the employer shall be permitted only if the statutory participation rights have been respected.
Amendment 3023 #
Proposal for a regulation
Article 82 – paragraph 1 e (new)
Article 82 – paragraph 1 e (new)
1e. If there is an intention to communicate data concerning employees to entities which fall outside the scope of this regulation, the employer’s data protection officer shall without fail perform an assessment pursuant to Article 33.
Amendment 3025 #
Proposal for a regulation
Article 82 – paragraph 1 f (new)
Article 82 – paragraph 1 f (new)
1f. Data concerning the conduct or performance of employees which have been collected or processed in a manner which breaches this regulation may not be used either judicially or extrajudicially.
Amendment 3027 #
Proposal for a regulation
Article 82 – paragraph 1 g (new)
Article 82 – paragraph 1 g (new)
1g. Employees’ representative bodies or trade unions may exercise rights pursuant to Article 76 on behalf of the employees whom they represent.
Amendment 3029 #
Proposal for a regulation
Article 82 – paragraph 1 h (new)
Article 82 – paragraph 1 h (new)
1h. Without prejudice to domestic legal provisions concerning the rights of participation of employees’ representative bodies, the latter should be involved in any decision: (a) to appoint the business’s data protection officer pursuant to Section 4; (b) to establish and adapt data-processing systems; (c) to formulate Binding Corporate Rules.
Amendment 3036 #
Proposal for a regulation
Article 82 – paragraph 2 a (new)
Article 82 – paragraph 2 a (new)
2a. The collection and re-use of employment data for commercial purposes shall not be compatible with this Regulation.
Amendment 3044 #
Proposal for a regulation
Article 82 – paragraph 3
Article 82 – paragraph 3
Amendment 3048 #
Proposal for a regulation
Article 82 a (new)
Article 82 a (new)
Amendment 3080 #
Proposal for a regulation
Article 83 – paragraph 2 a (new)
Article 83 – paragraph 2 a (new)
2a. The collection and re-use of historical, statistical and scientific research data for commercial purposes shall not be compatible with this Regulation.
Amendment 3097 #
Proposal for a regulation
Article 83 a (new)
Article 83 a (new)
Article 83a Derogations in respect of processing for historical, statistical and scientific research purposes 1. Once the initial processing for which they were collected has been completed, personal data may be processed by archive services whose main or mandatory task is to collect, conserve, provide information about, exploit and disseminate archives in the public interest, in particular in order to substantiate individuals’ rights or for historical, statistical or scientific research purposes. The communication and dissemination tasks shall be carried out in accordance with the rules laid down by the Member States concerning access to and the release and dissemination of administrative or archive documents. 2. These forms of processing of personal data shall not be subject to the requirements laid down in Articles 5(d), 9, 23, 32, 33, 38 and 53(1)(f) and (g) of this Regulation. 3. Member States shall encourage the drafting, in particular by the European Archives Group, of codes of conduct designed to help archives apply rules on the processing of personal data, in particular in order to guarantee: (a) the confidentiality of data vis-à-vis third parties; (b) the authenticity, integrity and proper conservation of data; (c) access to archives in the context of the rules governing access to the Member States' administrative documents or archives.
Amendment 3111 #
Proposal for a regulation
Article 86 – paragraph 2
Article 86 – paragraph 2
2. The delegation of power referred to in Article 6(5), Article 8(3), Article 9(3), Article 12(5), Article 14(7), Article 15(3), Article 17(9), Article 20(6), Article 22(4), Article 23(3), Article 26(5), Article 28(5), Article 30(3), Article 31(5), Article 32(5), Article 336), Article 34(8), Article 35(11), Article 37(2), Article 39(2), Article 43(3), Article 44(7), Article 79(6), Article 81(3), Article 82(3) and Article 83(3) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.
Amendment 3119 #
Proposal for a regulation
Article 86 – paragraph 5
Article 86 – paragraph 5
5. A delegated act adopted pursuant to Article 6(5), Article 8(3), Article 9(3), Article 12(5), Article 14(7), Article 15(3), Article 17(9), Article 20(6), Article 22(4), Article 23(3), Article 26(5), Article 28(5), Article 30(3), Article 31(5), Article 32(5), Article 33(6), Article 34(8), Article 35(11), Article 37(2), Article 39(2), Article 43(3), Article 44(7), Article 79(6), Article 81(3), Article 82(3) and Article 83(3) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or the Council.