8 Amendments of Emma McCLARKIN related to 2012/0011(COD)
Amendment 110 #
Proposal for a regulation
Recital 30
Recital 30
(30) Any processing of personal data should be lawful, fair and transparent in relation to the individuals concerned. In particular, the specific purposes for which the data are processed should be explicit and legitimate and determined at the time of the collection of the data. The data should be adequate, relevant and limited to the minimum necessary for the purposes for which the data are processed; this requires in particular ensuring that the data collected are not excessive and that the period for which the data are stored is limited to a strict minimumno longer than is necessary for the purposes for which the personal data is processed. Personal data should only be processed if the purpose of the processing could not be fulfilled by other means. Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. In order to ensure that the data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review. When the assessment is made of the minimum data necessary for the purposes for which the data are processed, consideration should be given of the obligations of other legislation which require comprehensive data to be processed when used for prevention and detection of fraud, confirmation of identity and/or determination of creditworthiness.
Amendment 190 #
Proposal for a regulation
Article 6 – paragraph 1 – point f
Article 6 – paragraph 1 – point f
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller or controllers, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
Amendment 238 #
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. The controller shall inform the data subject without delay and, at the latest within one month of receipt of the request, whether or not any action has been taken pursuant to Article 13 and Articles 15 to 19 and shall provide the requested information. This period may be prolonged for a further month, if several data subjects exercise their rights and their cooperation is necessary to a reasonable extent to prevent an unnecessary and disproportionate effort on the part of the controller. The information shall be given in writing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject or unless the controller has reason to believe that providing the information in electronic form would create a significant risk of fraud.
Amendment 241 #
Proposal for a regulation
Article 12 – paragraph 4
Article 12 – paragraph 4
4. The information and the actions taken on requests referred to in paragraph 1 shall be free of charge. Where requests are manifestly excessive, in particular because of their repetitive character, the controller may charge a fee for providing the information or taking the action requested, or the controller may not take the action requested. In that case, the controller shall bear the burden of proving the manifestly excessive character of the request. The controller may charge a nominal fee set by the law of the Member State to which the controller is subject for providing the information or taking the action requested if the controller is a credit reference agency responding to a request from a consumer for access their credit file.
Amendment 271 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
Article 17 – paragraph 1 – point c
(c) the data subject objects to the processing of personal data pursuant to Article 19, and the objection is upheld;
Amendment 277 #
Proposal for a regulation
Article 17 – paragraph 3 – point e a (new)
Article 17 – paragraph 3 – point e a (new)
(e a) for prevention or detection of fraud, confirming identity, and/or determining creditworthiness, or ability to pay.
Amendment 286 #
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
1. The data subject shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data which is based on points (d), (e) and (f) of Article 6(1), unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subject.
Amendment 306 #
Proposal for a regulation
Article 20 – paragraph 2 – point c a (new)
Article 20 – paragraph 2 – point c a (new)
(c a) is carried out to prevent or detect fraud, confirm identity and/or to determine creditworthiness or ability to pay, in each case when suitable measures to safeguard the data subject's legitimate interests have been adduced, such as the right to obtained human intervention.