E-Privacy/LIBE

De La Quadrature du Net

This page intends to rate the amendments tabled in LIBE Committee on the ePrivacy Regulation proposal


Amendments:


Sommaire

Scope and definitions[modifier]

Bad[modifier]

Amendment 334 --[modifier]

Amendment 334
Daniel Dalton, John Procter
ECR
Article 2 – paragraph 1

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services.


A huge step back from the current law


Amendment 335 --[modifier]

Amendment 335
Axel Voss, Heinz K. Becker
EPP
Article 2 – paragraph 1

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services.

Justification: Article 1(3) stipulates that this regulation particularises and complements Regulation (EU) No 2016/679 by laying down specific rules.This turns this regulation into ‘lex specialis’ in relation to the GDPR.This regulation should not be used to correct Regulation (EU) No 2016/679.


A huge step back from the current law


Amendment 341 --[modifier]

Amendment 341
Daniel Dalton, Helga Stevens, John Procter
ECR
Article 2 – paragraph 2 – point c

(c) electronic communications services which are not publicly available;

(c) electronic communications services which are intended for closed groups or are not publicly available pursuant to Article 2 (2) (c) of Regulation (EU) No 2016/679;


This would exclude any private communications service (email, VoIP, Signal...) from the scope of this Regulation since, by definition, such services are "intended for closed groups" (for private communications).


Amendment 353 -[modifier]

Amendment 353
Daniel Dalton, John Procter
ECR
Article 3 – paragraph 1 – point c

(c) the protection of information related to the terminal equipment of end-users located in the Union.

(c) the protection of information related to the terminal equipment of end-users placed on the market in the Union.


Excludes from the scope of the protection foreign equipments or equipments which were never placed in any market (handmade)


Amendment 363 -[modifier]

Amendment 363
Monica Macovei, Tomáš Zdechovský
ECR
Article 3 a (new)

Article 3 a

Applicable law in the online environment

1.To the extent that Regulation (EU) 2016/679 or this Regulation allows Member States to regulate the processing of personal data or electronic communications data, in their domestic laws, the relevant national law provisions shall apply to:

(a) the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in the Member State in question;or

(b) the processing of personal data or electronic communications data by a controller, processor or a provider of an electronic communications service or network not established in the Union , offering goods or services in that Member State or monitoring the behaviour of data subjects in that Member State;

2.The relevant national law provisions as set out in point 1 of this Article do not apply to the processing of personal data or electronic communications data in the context of the activities of an establishment of a controller, processor or a provider of an electronic communications service or network established in another Member State, who shall instead only be subject to the relevant national law provisions of that other Member State.


This amendment makes absolutely no sense: if a controller is established in several MS, it is not subject to the national law of the MS where it is established but to the law of the "other" MS where it is established.


Amendment 366 -[modifier]

Amendment 366
Daniel Dalton, John Procter
ECR
Article 4 – paragraph 2

2. For the purposes of point (b) of paragraph 1, the definition of ‘interpersonal communications service’ shall include services which enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service.

deleted


Limits the scope of the Regulation without any justification


Amendment 367 -[modifier]

Amendment 367
Michał Boni, Roberta Metsola, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Pál Csáky, Elissavet Vozemberg-Vrionidi
EPP
Article 4 – paragraph 2

2. For the purposes of point (b) of paragraph 1, the definition of ‘interpersonal communications service’ shall include services which enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service.

deleted


Limits the scope of the Regulation without any justification

Good[modifier]

Amendment 41 +[modifier]

Amendment 41
Marju Lauristin (rapporteur)
S&D
Article 2 – paragraph 1

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to the terminal equipment of end-users.

1. This Regulation applies to the processing of electronic communications data carried out in connection with the provision and the use of electronic communications services and to information related to or processed by the terminal equipment of end-users.


Information "processed" by terminal equipment is repeatedly missing in the recitals of EC's proposal 


Amendment 42 +[modifier]

Amendment 42
Marju Lauristin (rapporteur)
S&D
Article 3 – paragraph 1 – point c

(c) the protection of information related to the terminal equipment of end-users located in the Union.

(c) the protection of information related to or processed by the terminal equipment of end-users in the Union.


Information "processed" by terminal equipment is repeatedly missing in the recitals of EC's proposal 


Amendment 55 ++[modifier]

Amendment 55
Marju Lauristin (rapporteur)
S&D
Article 4 – paragraph 3 – point c

(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;

(c) ‘electronic communications metadata’ means data related to a user or electronic communications service, processed for the purposes of transmitting, distributing or exchanging electronic communications content and any other communications related data processed for the provision of the service, which is not considered content; including data to trace and identify the source and destination of a communication, and the date, time, duration and the type of communication; it includes data broadcasted or emitted by the terminal equipment to identify users' communications and/or the terminal equipment or its location and enable it to connect to a network or to another device;

Justification: This amendment serves to clarify the exact concept of metadata, as underlined by the Article 29 Working Party, scholars and case-law authorities.


The definition proposed by the EC was particularly incomplete: it only covered data processed "in a network" and excluded data processed by services


Amendment 59 +[modifier]

Amendment 59
Marju Lauristin (rapporteur)
S&D
Article 5 – paragraph 1 a (new)

Confidentiality of electronic communications shall also include terminal equipment and machine-to-machine communications when related to a user.


Clarification


Amendment 342 +[modifier]

Amendment 342
Axel Voss, Heinz K. Becker, Elissavet Vozemberg-Vrionidi
EPP
Article 2 – paragraph 2 – point c

(c) electronic communications services which are not publicly available;

(c) electronic communications services which are not publicly available pursuant to Article 2(2)(c) of Regulation (EU) No 2016/679;

Justification: The household exemption introduced by Article 2(2)(c) of Regulation (EU) No 2016/679 should also apply to this regulation.


This would limit the scope of the initial limitation ("closed network") proposed by the EC. Not every "closed networks" (at work, typically) would be excluded from the scope of this Regulation anymore, but only those provided by individuals for their household activities


Amendment 345 +[modifier]

Amendment 345
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 3 – paragraph 1 – introductory part

1. This Regulation applies to:

1. This Regulation applies to the activities referred to in Article 2 where the user or subscriber is in the Union, where the communications services, hardware, software, directories, or direct marketing commercial electronic communications are provided from the territory of the Union, or where the the processing of information related to or processed by the terminal equipment of users or subscribers takes place in the Union.


Clarifies the scope of the Regulation


Amendment 349 +[modifier]

Amendment 349
Cornelia Ernst
GUE/NGL
Article 3 – paragraph 1 – point a

(a) the provision of electronic communications services to end-users in the Union, irrespective of whether a payment of the end-user is required;

(a) the provision of electronic communications services to end-users in the Union, irrespective of whether the provider is located inside the EU, and irrespective of whether a payment of the end-user is required;


Clarifies the scope of the Regulation


Amendment 352 +[modifier]

Amendment 352
Cornelia Ernst
GUE/NGL
Article 3 – paragraph 1 – point c

(c) the protection of information related to the terminal equipment of end-users located in the Union.

(c) the protection of information related to or processed by the terminal equipment of end-users located in the Union.


Clarifies the scope of the Regulation

Amendment 381 ++[modifier]

Amendment 381
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 4 – paragraph 3 – point c

(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;

(c) 'electronic communications metadata' means all data processed for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, electronic identifiers and any other data broadcasted or emitted by the terminal equipment, data on the location of the terminal equipment processed in the context of providing electronic communications services, and the date, time, duration and the type of communication; where metadata of other electronic communications services or protocols are transmitted, distributed or exchanged by using the respective service, they shall be considered electronic communications content for the respective service;

Justification: With the clarification on "data broadcasted or emitted" in the definition of “metadata”, Article 8(2) can be deleted, as it is covered by Art.6(2).Last sentence:See explanatory recital (14a) on the separation and encapsulation of protocol layers.


Drastically resolves the device-tracking issue + corrects the incomplete definition of metadata (which only covered data processed "in a network")


Amendment 382 ++[modifier]

Amendment 382
Cornelia Ernst
GUE/NGL
Article 4 – paragraph 3 – point c

(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;

(c) 'electronic communications metadata' means all data processed for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, electronic identifiers and any other data broadcasted or emitted by the terminal equipment, data on the location of the terminal equipment processed in the context of providing electronic communications services, and the date, time, duration and the type of communication; where metadata of other electronic communications services or protocols are transmitted, distributed or exchanged by using the respective service, they shall be considered electronic communications content for the respective service;


Drastically resolves the device-tracking issue + corrects the incomplete definition of metadata (which only covered data processed "in a network")


Amendment 383 +[modifier]

Amendment 383
Sophia in 't Veld
ALDE
Article 4 – paragraph 3 – point c

(c) ‘electronic communications metadata’ means data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;

(c) ‘electronic communications metadata’ means all data processed for the purpose of transmitting, distributing or exchanging electronic communications content; including data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration and the type of communication;


corrects the incomplete definition of metadata (which only covered data processed "in a network")

Confidentiality of communications[modifier]

Bad[modifier]

Amendment 395 --[modifier]

Amendment 395
Axel Voss, Heinz K. Becker, Rachida Dati, Brice Hortefeux
EPP
Article 5 – title

Confidentiality of electronic communications data

Confidentiality of electronic communications content


Would exclude metadata from the scope of the Regulation


Amendment 397 --[modifier]

Amendment 397
Anna Maria Corazza Bildt
EPP
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data during conveyance, such as by unauthorised listening, tapping, storing, scanning or other kinds of interception, or surveillance of electronic communications data, by persons other than the sender or intended recipients, shall be prohibited, except when permitted by Union or national legislation. The processing of electronic communications data following conveyance to the intended recipients or their service provider shall be subject to Regulation (EU) 2016/679.


Would allow the processing of stored communications for "legitimate interests" (without consent) ; this is what Gmail used to do, typically


Amendment 402 --[modifier]

Amendment 402
Axel Voss, Heinz K. Becker, Rachida Dati, Elissavet Vozemberg-Vrionidi, Brice Hortefeux
EPP
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data during conveyance, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications content, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Justification: It is justifiable for electronic communication content to be protected against interference by third parties, with special requirements for the processing of content pursuant to Article 6(3) of the proposal.This does not apply to the processing of electronic communication metadata to which the principle of confidentiality is not relevant.Personal metadata may reveal personal information, but their processing is governed by Regulation (EU) No 2016/679.


Excludes metadata from the principle of confidentiality + would allow the processing of stored communications for "legitimate interests" (without consent) ; this is what Gmail used to do, typically


Amendment 403 -[modifier]

Amendment 403
Emilian Pavel
S&D
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by unauthorised listening, tapping, storing, monitoring, scanning or other kinds of interception, or surveillance, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.


Limit the scope of the confidentiality principle


Amendment 404 --[modifier]

Amendment 404
Daniel Dalton, John Procter
ECR
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data during transmission, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception or surveillance, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.


Would allow the processing of stored communications for "legitimate interests" (without consent) ; this is what Gmail used to do, typically


Amendment 405 -[modifier]

Amendment 405
Michał Boni, Roberta Metsola, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Pál Csáky
EPP
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception or surveillance of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.


Limit the scope of the confidentiality principle


Amendment 408 -[modifier]

Amendment 408
Anna Maria Corazza Bildt
EPP
Article 5 – paragraph 1 a (new)

The prohibition of interception is not intended to prohibit access to electronic communications data by an electronic communications service provider or electronic communications network operator for purposes of conveying communications or for legitimate purposes related to the operation and protection of such services and networks consistent with obligations under Regulation (EU) 2016/679, Directive (EU) 2016/1148 and Regulation (EU) 2015/2120.


Unnecessary and dangerously ambiguous: "the legitimate purposes related to the operation" of service may lead to loopholes similar to "legitimate interests"


Amendment 441 --[modifier]

Amendment 441
Anna Maria Corazza Bildt
EPP
Article 6 – paragraph 1 – point b a (new)

(b a) it is necessary for the purpose of the legitimate interests of the provider except where such interests are overridden by the interests or fundamental rights and freedoms of the consumers concerned;


No legitimate interest!!

Amendment 471 --[modifier]

Amendment 471
Heinz K. Becker
EPP
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

(c) a legitimate ground in accordance with Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘General Data Protection Regulation’) is applicable.


This would allow processing of metadata for any "legitimate interest", which is currently and rightly forbidden


Amendment 472 --[modifier]

Amendment 472
Michał Boni, Frank Engel, Tomáš Zdechovský, Carlos Coelho, Pál Csáky, Elissavet Vozemberg-Vrionidi
EPP
Article 6 – paragraph 2 – point c a (new)

(c a) the processing of these data for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or


This would allow processing of metadata for any "further processing", which is currently and rightly forbidden


Amendment 473 --[modifier]

Amendment 473
Brice Hortefeux, Rachida Dati
EPP
Article 6 – paragraph 2 – point c a (new)

(c a) the processing of electronic communications metadata for one or more specified purposes is compatible with the purposes for which the data were initially collected, as set forth under point (4) of Article 6 of Regulation (EU) 2016/679.


This would allow processing of metadata for any "further processing", which is currently and rightly forbidden


Amendment 474 --[modifier]

Amendment 474
Emilian Pavel
S&D
Article 6 – paragraph 2 – point c a (new)

(c a) the further processing of electronic communications metadata is compatible with the purposes for which the data were initially collected, as set forth under point (4) of Art. 6 of Regulation (EU)2016/679.


This would allow processing of metadata for any "further processing", which is currently and rightly forbidden


Amendment 475 --[modifier]

Amendment 475
Daniel Dalton, Helga Stevens, John Procter
ECR
Article 6 – paragraph 2 – point c a (new)

(c a) processing is allowed pursuant to Articles 6(1) or 6(4) of Regulation (EU) 2016/679.


This would allow processing of metadata for both "legitimate interest" and "further processing", which is currently and rightly forbidden


Amendment 476 --[modifier]

Amendment 476
Michał Boni, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Pál Csáky, Elissavet Vozemberg-Vrionidi
EPP
Article 6 – paragraph 2 – point c b (new)

(c b) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679, for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


This would allow processing of metadata for any "legitimate interest", which is currently and rightly forbidden


Amendment 478 --[modifier]

Amendment 478
Axel Voss, Heinz K. Becker
Article 6 – paragraph 2 a (new)

2 a. Article 6 of Regulation (EU) No 2016/679 shall apply.

Justification: Article 6 of Regulation (EU) No 2016/679 already regulates the lawfulness of processing, and should therefore apply here.


This would allow processing of metadata for both "legitimate interests" and "further processing", which is currently and rightly forbidden


Amendment 479 --[modifier]

Amendment 479
Anna Maria Corazza Bildt
EPP
Article 6 – paragraph 2 a (new)

2 a. Art.6 of Regulation (EU) 2016/679 shall apply;


This would allow processing of metadata for both "legitimate interests" and "further processing", which is currently and rightly forbidden


Amendment 480 --[modifier]

Amendment 480
Anna Maria Corazza Bildt
EPP
Article 6 – paragraph 3 – introductory part

3. Providers of the electronic communications services may process electronic communications content only:

3. Providers of the electronic communications services may process electronic communications content in accordance with Art. 6 of Regulation (EU) 2016/679 and to the extent the processing of all end-user electronic communications content for one or more specified purposes cannot be fulfilled by processing information that is made anonymous;


This would allow processing of communications content for both "legitimate interests" and "further processing", which is currently and rightly forbidden


Amendment 485 -[modifier]

Amendment 485
Cornelia Ernst
GUE/NGL
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

(a) the user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the user, for the duration necessary for that purpose, , provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or


This would allow processing of content of communications without the consent of all end-users


Amendment 486 -[modifier]

Amendment 486
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

(a) the user concerned has given his or her consent to the processing of his or her electronic communications content for the sole purpose of the provision of a specific service explicitly requested by the user, for the duration necessary for that purpose, , provided that the provision of that specific service cannot be fulfilled without the processing of such content by the provider, and the consent has not been a condition to access or use a service; or


This would allow processing of content of communications without the consent of all end-users


Amendment 488 --[modifier]

Amendment 488
Heinz K. Becker
EPP
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content, or the provision of that service cannot be fulfilled without the processing of such content; or


This would allow to process the content of communications without any consent simply because the purpose cannot be fulfilled with anonymous data


Amendment 489 -[modifier]

Amendment 489
Michał Boni, Roberta Metsola, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Pál Csáky, Elissavet Vozemberg-Vrionidi
EPP
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user concerned has given his or her consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or


This would allow processing of content of communications without the consent of all end-users


Amendment 490 -[modifier]

Amendment 490
Anna Maria Corazza Bildt
EPP
Article 6 – paragraph 3 – point b

(b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority. Points (2) and (3) of Article 36 of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.

(b) if service providers' end-users have consented to the processing of their electronic communications pursuant to Regulation (EU) 2016/679.


This would allow processing of content of communications without the consent of all end-users (users not using the service are not required to consent, such as users sending emails to Gmail users)


Amendment 496 --[modifier]

Amendment 496
Axel Voss, Heinz K. Becker
EPP
Article 6 – paragraph 3 a (new)

3 a. In so far as providers of electronic communications services are processing and receiving communications content to and by the end-user, the provisions of this regulation shall not apply but regulation (EU) 2016/679.


This would make this Regulation completely ineffective and allow "legitimate interest" and "further processing"


Amendment 497 --[modifier]

Amendment 497
Axel Voss, Heinz K. Becker
EPP
Article 6 – paragraph 3 b (new)

3 b. (a) The service provider may collect and use the personal data of a recipient of a service only to the extent necessary to enable and invoice the use of services (data on usage).Data on usage are in particular characteristics to identify the recipient of the service, details of the beginning and end of the scope of the respective usage, and details of the services used by the recipient of the service.

(b) The service provider may collate a recipient's usage data regarding the use of different services to the extent necessary for invoicing the recipient of the service.

(c) For the purposes of advertising, market research or in order to design the services in a needs-based manner, the service provider may produce profiles of usage based on pseudonyms to the extent that the recipient of the service does not object to this.The service provider must refer the recipient of the service to his right of refusal.These profiles of usage must not be collated with data on the bearer of the pseudonym without his consent (opt-in).


This would simply allow processing for commercial purposes without any consent or even a "legitimate interest". This would be even less protective than the GDPR.


Amendment 498 --[modifier]

Amendment 498
Daniel Dalton, John Procter
ECR
Article 7

Article 7

deleted

Storage and erasure of electronic communications data

1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.

2. Without prejudice to point (b) of Article 6(1) and points (a) and (c) of Article 6(2), the provider of the electronic communications service shall erase electronic communications metadata or make that data anonymous when it is no longer needed for the purpose of the transmission of a communication.

3. Where the processing of electronic communications metadata takes place for the purpose of billing in accordance with point (b) of Article 6(2), the relevant metadata may be kept until the end of the period during which a bill may lawfully be challenged or a payment may be pursued in accordance with national law.


This would destroy the basis of the ePrivacy directive and of the confidentiality of communications: that communications must be deleted once transmitted


Good[modifier]

Amendment 67 +[modifier]

Amendment 67
Marju Lauristin (rapporteur)
S&D
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

(c) after receiving all relevant information about the intended processing in clear and easily understandable language, provided separately from the terms and conditions of the provider, the user or users concerned have given their specific consent to the processing of their communications metadata for one or more specified purposes, including for the provision of specific services to such users, provided that the purpose or purposes concerned could not be fulfilled without the processing of such metadata.


The Proposal only requires the consent of one user, which is both ambiguous (which user?) and unjustified (why other users should not give their consent?). This amendment would correct that issue but can be much clearer by requiring the consent of "all users concerned" (speaking about "the users or users" may still be ambiguous)


Amendment 69 +[modifier]

Amendment 69
Marju Lauristin (rapporteur)
S&D
Article 6 – paragraph 3 – point a

(a) for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content; or

(a) for the sole purpose of the provision of a specific service requested by the user, if the users concerned have given their specific consent to the processing of their electronic communications content and the provision of that specific service cannot be fulfilled without the processing of such content; or


Clarifies the ambiguous "the end-user or end-users".


Amendment 72 ++[modifier]

Amendment 72
Marju Lauristin (rapporteur)
Article 6 – paragraph 3 b (new)

3b. Neither providers of electronic communications services, nor any other party, shall further process electronic communications data collected on the basis of this Regulation.


Excludes the extremely dangerous derogation of "further processing" required by big companies


Amendment 73 ++[modifier]

Amendment 73
Marju Lauristin (rapporteur)
S&D
Article 7 – paragraph 1

1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content or make that data anonymous after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the end-users or by a third party entrusted by them to record, store or otherwise process such data, in accordance with Regulation (EU) 2016/679.

1. Without prejudice to point (b) of Article 6(1) and points (a) and (b) of Article 6(3), the provider of the electronic communications service shall erase electronic communications content after receipt of electronic communication content by the intended recipient or recipients. Such data may be recorded or stored by the users or by a specific other party entrusted by them to record, store or otherwise process such data.


The content of communications can almost never be made anonymous + we should always be able to choose the primary purposes for which the ideas we express can be used, anonymised or not (this is part of our freedom of expression)

Amendment 399 +[modifier]

Amendment 399
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

1. Electronic communications shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance of electronic communications data, by persons other than the users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.

Justification: First part clarifies that all processing of communications data is covered by this Regulation, not only processing that can be interpreted as “interference”.Last part as recommended by the EDPS, in order to make it future-proof for cloud-based services.


Clarifies the protection


Amendment 400 +[modifier]

Amendment 400
Cornelia Ernst
GUE/NGL
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications shall be confidential. Any processing of electronic communications data, including any interference with electronic communications data such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance of electronic communications data, by persons other than the users, shall be prohibited, except when permitted by this Regulation. This includes electronic communications data that is stored after the transmission has been completed.


Clarifies the protection


Amendment 401 +[modifier]

Amendment 401
Monica Macovei, Marian-Jean Marinescu, Barbara Spinelli
ECR
Article 5 – paragraph 1

Electronic communications data shall be confidential. Any interference with electronic communications data, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.

Electronic communications data shall be confidential. Any interference with electronic communications data regardless of whether this data is in transit or stored, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications data, by persons other than the end-users, shall be prohibited, except when permitted by this Regulation.


Clarifies the protection

Amendment 406 ++[modifier]

Amendment 406
Monica Macovei, Tomáš Zdechovský, Barbara Spinelli
ECR
Article 5 – paragraph 1 – subparagraph 1 (new)

Neither providers of electronic communication services, nor any third parties, shall process electronic communications data collected on the basis of consent or any other legal ground under this Regulation on any other legal basis not specifically provided for in this Regulation


Excludes the extremely dangerous derogation of "further processing" required by big companies 

Amendment 409 +[modifier]

Amendment 409
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 5 – paragraph 1 a (new)

2.Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.

Justification: Communications providers should also protect communications related to automated supply chains and any other M2M communication.This protects confidential business information.


Clarifications


Amendment 410 +[modifier]

Amendment 410
Sophia in 't Veld
ALDE
Article 5 – paragraph 1 a (new)

Confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment and to machine-to-machine communication.


Clarifications

Amendment 465 ++[modifier]

Amendment 465
Cornelia Ernst
GUE/NGL
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

(c) the user or users concerned have given their specific consent to the processing of their communications metadata by the respective electronic communications service for one or more specified purposes, including for the provision of specific services to such users, provided that the purpose or purposes concerned could not be fulfilled by processing data that is made anonymous, and the consent has not been a condition to access or use a service.


Strengthens what a "freely given consent" is + The initial proposal only requires the consent of one user, which is both ambiguous (which user?) and unjustified (why other users should not give their consent?): this amendment would correct that issue but can be much clearer by requiring the consent of "all users concerned" (speaking about "the users or users" may still be ambiguous)


Amendment 466 ++[modifier]

Amendment 466
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

(c) the user or users concerned have given their specific consent to the processing of their communications metadata by the respective electronic communications service for one or more specified purposes, including for the provision of specific services to such users, provided that the purpose or purposes concerned could not be fulfilled by processing data that is made anonymous, and the consent has not been a condition to access or use a service.


Strengthens what a "freely given consent" is + The initial proposal only requires the consent of one user, which is both ambiguous (which user?) and unjustified (why other users should not give their consent?): this amendment would correct that issue but can be much clearer by requiring the consent of "all users concerned" (speaking about "the users or users" may still be ambiguous)


Amendment 470 +[modifier]

Amendment 470
Sophia in 't Veld
ALDE
Article 6 – paragraph 2 – point c

(c) the end-user concerned has given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.

(c) the end-user or end-users concerned have given his or her consent to the processing of his or her communications metadata for one or more specified purposes, including for the provision of specific services to such end-users, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous.


The initial proposal only requires the consent of one user, which is both ambiguous (which user?) and unjustified (why other users should not give their consent?): this amendment would correct that issue but can be much clearer by requiring the consent of "all users concerned" (speaking about "the users or users" may still be ambiguous)

Amendment 495 +[modifier]

Amendment 495
Marju Lauristin (rapporteur)
S&D
Article 6 – paragraph 3 a (new)

3 a. Without prejudice to paragraphs 1, 2 and 3, neither providers of the electronic communications services, nor any other party, shall process electronic communications data collected on the basis of this Regulation, for further processing.


Clearly forbids "further processing"

Online tracking[modifier]

Bad[modifier]

Amendment 80 -[modifier]

Amendment 80
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) if it is technically necessary for web audience measuring of the information society service requested by the user, provided that such measurement is carried out by the provider, or on behalf of the provider, or by an independent web analytics agency acting in the public interest or for scientific purpose; and further provided that no personal data is made accessible to any other party and that such web audience measurement does not adversely affect the fundamental rights of the user;


This amendment is worst than the initial proposal: web audience should not be lawful without users' consent nor where carried out by third parties


Amendment 519 --[modifier]

Amendment 519
Anna Maria Corazza Bildt
EPP
Article 8 – paragraph 1 – introductory part

1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:

1. Without prejudice to paragraph 2 of this Article, the storage or collection of personal data from consumers' terminal equipment, including about its software and hardware, other than by the consumer concerned shall be prohibited, except on the following grounds:


This would allow to use the processing capabilities (for advertising, for instance) of terminals without consent

Amendment 525 --[modifier]

Amendment 525
Heinz K. Becker
EPP
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her consent; or

(b) the end-user has given his or her consent or there is another legitimate ground within the meaning of Article 6 of Regulation (EU) 2016/679; or


This would allow tracking for both "legitimate interest" and "further processing", which is currently and rightly forbidden 


Amendment 526 --[modifier]

Amendment 526
Anna Maria Corazza Bildt
EPP
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her consent; or

(b) the use of their terminal equipment for one or more specific purposes is in accordance with Art. 6 of Regulation (EU) 2016/679; or


This would allow tracking for both "legitimate interest" and "further processing", which is currently and rightly forbidden 


Amendment 528 --[modifier]

Amendment 528
Michał Boni, Roberta Metsola, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 8 – paragraph 1 – point b a (new)

(b a) the information is or is rendered pseudonymous or anonymous;or


This would allow tracking for any purpose without consent, which is currently and rightly forbidden 


Amendment 529 -[modifier]

Amendment 529
Heinz K. Becker
EPP
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user, particularly in order to preserve the integrity or security of the information society service or access to it, to improve what is offered or for measures to protect against unauthorised use of the service in accordance with the terms and conditions of use relating to the provision of services to the end-user; or


"improving what is offered" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as able to "improve what is offered"?


Amendment 530 -[modifier]

Amendment 530
Pál Csáky
EPP
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use of the information society service according to the terms of use for making available the service to the end-user; or


"enhancing user experience" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as "enhancing user experience"?


Amendment 531 -[modifier]

Amendment 531
Anna Maria Corazza Bildt
EPP
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorised access to or use of the information society service according to the terms of use for making available the service to the end-user; or


"enhancing user experience" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as "enhancing user experience"?


Amendment 532 -[modifier]

Amendment 532
Miltiadis Kyrkos
S&D
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user which shall include inter alia maintaining, operating and managing the integrity, access or security of the information society service, enhancing user experience or measures for preventing unauthorized access to or use information society service according to the terms of use for making available the service to the end-user; or


"enhancing user experience" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as "enhancing user experience"?


Amendment 533 -[modifier]

Amendment 533
Gérard Deprez, Morten Løkkegaard, Jean-Marie Cavada, Petr Ježek, Louis Michel, Pavel Telička
ALDE
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user especially in order to secure the integrity, security and access of the information society service, to enhance user experience or for measures to protect against unauthorised use or access to the information society services in agreement with the terms of use for making available the service to the end-user; or


"enhancing user experience" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as "enhancing user experience"?


Amendment 534 -[modifier]

Amendment 534
Axel Voss
EPP
Article 8 – paragraph 1 – point c

(c) it is necessary for providing an information society service requested by the end-user; or

(c) it is necessary for providing an information society service requested by the end-user, particularly in order to preserve the integrity or security of the information society service or access to it, to improve what is offered or for measures to protect against unauthorised use of the service in accordance with the terms and conditions of use relating to the provision of services to the end-user; or


"enhancing user experience" is not a clear enough purpose + users would gladly consent to any processing really improving what they get. Thus, this amendment intends to allow unwanted processing: how can they be regarded as "enhancing user experience"?


Amendment 538 -[modifier]

Amendment 538
Axel Voss, Heinz K. Becker
EPP
Article 8 – paragraph 1 – point c b (new)

(c b) it is necessary for scientific research purposes, provided that the controller plans appropriate technical and organisational measures to safeguard the rights and freedoms of the user and the processed personal data will be anonymised as soon as possible according to the research purpose.


Scientific research purposes does not need to bypass users consent: if a research is legitimate, user will gladly accept it. The "research exemption" of the GDPR is legitimate because the GDPR covers situation where consent can hardly be obtained. This Regulation does not cover such situation (quite the opposite, actually).

Amendment 541 -[modifier]

Amendment 541
Michał Boni, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) if it is necessary to obtain information about technical quality or effectiveness of an information society service that has been delivered, to understand and optimize web usage or about terminal equipment functionality, and it has no or little impact on the privacy of the end-user concerned; or


The "effectiveness" of a website is a completely vague purpose. What does being effective mean for a website which purpose is to be visited by as many people as possible? How is it measurable? By monitoring every act of its users? This exemption is way too broad and dangerous.


Amendment 542 -[modifier]

Amendment 542
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) if it is technically necessary for web audience measuring of the information society service requested by the user, provided that such measurement is carried out by the provider, or on behalf of the provider, or by an independent web analytics organization acting in the public interest or for statistical or scientific purpose; and further provided that no personal data is made accessible to any other party and that such web audience measurement does not adversely affect the fundamental rights of the user;


This amendment is worst than the initial proposal: web audience should not be lawful without users' consent nor where carried out by third parties 


Amendment 543 -[modifier]

Amendment 543
Daniel Dalton, John Procter
ECR
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) if it is necessary for audience measuring, provided that such measurement is carried out by, or on behalf of, the provider of the information society service requested by the end-user, including measurement of indicators for the use of information society services in order to calculate a payment due; or


This amendment is worst than the initial proposal: web audience should not be lawful without users' consent nor where carried out by third parties 


Amendment 549 -[modifier]

Amendment 549
Anna Maria Corazza Bildt
EPP
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user or another party acting on their behalf;.


This amendment is worst than the initial proposal: web audience should not be lawful without users' consent nor where carried out by third parties 


Amendment 550 -[modifier]

Amendment 550
Sophia in 't Veld
ALDE
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

(d) if it is necessary for web audience measuring, provided that such measurement is controlled by the provider of the information society service requested by the end-user.


This amendment is worst than the initial proposal: web audience should not be lawful without users' consent nor where carried out by third parties 


Amendment 552 --[modifier]

Amendment 552
Heinz K. Becker
EPP
Article 8 – paragraph 1 – point d a (new)

(d a) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

The collection of such information shall be conditional on the application of appropriate technical and organisational measures to limit the collection and processing of information to the purposes required therefor and ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied, for example by means of pseudonymisation of information collected pursuant to Article 4(5) of Regulation (EU) No 2016/679.


This would allow tracking without consent or without pursuing any "legitimate interest" of any kind

Amendment 558 -[modifier]

Amendment 558
Brice Hortefeux, Rachida Dati
EPP
Article 8 – paragraph 1 – point d a (new)

(d a) it is necessary for scientific and statistical research purposes authorized by the provider of the information society service requested by the end-user;or


Scientific research purposes does not need to bypass users consent: if a research is legitimate, user will gladly accept it. The "research exemption" of the GDPR is legitimate because the GDPR covers situation where consent can hardly be obtained. This Regulation does not cover such situation (quite the opposite, actually).


Amendment 561 --[modifier]

Amendment 561
Pál Csáky
EPP
Article 8 – paragraph 1 – point d a (new)

(d a) under the conditions as set out in point (b) of paragraph 2 and paragraph 3.


This would allow tracking without consent or without pursuing any "legitimate interest" of any kind

Amendment 565 --[modifier]

Amendment 565
Michał Boni, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 8 – paragraph 1 – point d b (new)

(d b) the processing of these data and information for another specified purpose is compatible with the purpose for which the data were initially collected and is subject to specific safeguards, especially pseudonymisation, as set forth in Article 6(4) of Regulation (EU) 2016/679;or


This would allow tracking for any "further processing", which is currently and rightly forbidden 


Amendment 566 --[modifier]

Amendment 566
Daniel Dalton, John Procter
ECR
Article 8 – paragraph 1 – point d b (new)

(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise.;or


This would allow advertising tracking without consent or without pursuing any "legitimate interest" of any kind


Amendment 567 --[modifier]

Amendment 567
Axel Voss, Heinz K. Becker
EPP
Article 8 – paragraph 1 – point d b (new)

(d b) in order to mark terminal equipment for advertising purposes, on condition that the person responsible has clearly informed the end-user of this at the beginning of the data processing and has provided an opportunity for objection that is easy to exercise;or


This would allow advertising tracking without consent or without pursuing any "legitimate interest" of any kind


Amendment 568 --[modifier]

Amendment 568
Michał Boni, Frank Engel, Tomáš Zdechovský, Rachida Dati, Brice Hortefeux, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 8 – paragraph 1 – point d c (new)

(d c) it is necessary, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 for the purposes of the legitimate interests pursued by the service provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


This would allow tracking for any "legitimate interest", which is currently and rightly forbidden 


Amendment 569 --[modifier]

Amendment 569
Brice Hortefeux, Rachida Dati
EPP
Article 8 – paragraph 1 – point d c (new)

(d c) it is necessary for the purpose of the legitimate interests of the provider of the terminal equipment and its operating software, an electronic communications service or an information society service, except where such interests are overridden by the interests of fundamental rights and freedoms of the end-user.;or


This would allow tracking for any "legitimate interest", which is currently and rightly forbidden 

Amendment 576 --[modifier]

Amendment 576
Daniel Dalton, John Procter, Helga Stevens
ECR
Article 8 – paragraph 1 a (new)

1 a. Wherever a clearly formulated declaration of consent is presented before use of a service or access to online content, and if absence of consent for processing prevents a provider from collecting remuneration through their usual means, the provider shall not be obliged to provide the full access to the service or content.


Would prevent any consent from being freely given, in contradiction with the GDPR and with what is acceptable


Amendment 580 --[modifier]

Amendment 580
Anna Maria Corazza Bildt
EPP
Article 8 – paragraph 1 b (new)

1 b. a clear and prominent notice is displayed to the public informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation 2016/679/EU where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimize the collection.The collection of such information shall be conditional on the application of appropriate technical and organization measures to ensure that the collection and processing of information is limited to what is necessary in relation to the purposes of processing and to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation 2016/679/EU, have been applied, which may inter alia include pseudonymisation of the information collected as set out in Art. 4 (5) of Regulation (EU) 2016/679.


This would allow tracking without consent or without pursuing any "legitimate interest" of any kind

Good[modifier]

Amendment 76 +[modifier]

Amendment 76
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 1 – introductory part

1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:

1. The use of processing and storage capabilities of terminal equipment and the collection of information from users’ terminal equipment, or making information available through the terminal equipment, including information about or generated by its software and hardware, other than by the user concerned shall be prohibited, except on the following grounds:


Clarifications


Amendment 78 ++[modifier]

Amendment 78
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her consent; or

(b) the user has given his or her specific consent, which shall not be mandatory to access the service; or


Forbids tracking-wall and guarantees freedom of choice


Amendment 83 ++[modifier]

Amendment 83
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 1 a (new)

1a. No user shall be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that he or she has not given his or her consent under Article 8(1)(b) to the processing of personal information and/or the use of storage capabilities of his or her terminal equipment that is not necessary for the provision of that service or functionality.


Forbids tracking-wall and guarantees freedom of choice


Amendment 515 +[modifier]

Amendment 515
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 8 – paragraph 1 – introductory part

1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:

1. The use of input, output, processing and storage capabilities of terminal equipment and the processing of information from users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the user concerned shall be prohibited, except on the following grounds:

Justification: Terminal equipment nowadays has multiple input and output channels, such as microphones, cameras, Bluetooth sensors etc. This clarification also prevents online services from listening etc. in the user’s physical environment without him or her being aware and having consented.


Clarifications


Amendment 516 +[modifier]

Amendment 516
Cornelia Ernst
GUE/NGL
Article 8 – paragraph 1 – introductory part

1. The use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment, including about its software and hardware, other than by the end-user concerned shall be prohibited, except on the following grounds:

1. The use of input, output, processing and storage capabilities of terminal equipment and the processing of information from users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, other than by the user concerned shall be prohibited, except on the following grounds:


Clarifications


Amendment 523 ++[modifier]

Amendment 523
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her consent; or

(b) the user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service or use a terminal equipment, for the duration strictly technically necessary for that purpose; or


Strengthens what a "freely given consent" is

Amendment 524 +[modifier]

Amendment 524
Cornelia Ernst
GUE/NGL
Article 8 – paragraph 1 – point b

(b) the end-user has given his or her consent; or

(b) the user has given his or her consent for a specific purpose, and the consent has not been a condition to access or use a service or use a terminal equipment, for the duration strictly technically necessary for that purpose; or


Strengthens what a "freely given consent" is


Amendment 539 ++[modifier]

Amendment 539
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

deleted

Justification: Audience measuring should be based on consent and therefore is covered by (b).This is also the approach in the existing e-Privacy Directive 2002/58/EC and should therefore be maintained, in order to not lower the level of protection.Point (c) continues to allow for function cookies, whereas tracking cookies should remain under opt-in.


see justification


Amendment 540 ++[modifier]

Amendment 540
Cornelia Ernst
GUE/NGL
Article 8 – paragraph 1 – point d

(d) if it is necessary for web audience measuring, provided that such measurement is carried out by the provider of the information society service requested by the end-user.

deleted


see previous amendment


Amendment 555 ++[modifier]

Amendment 555
Monica Macovei, Marian-Jean Marinescu, Barbara Spinelli
ECR
Article 8 – paragraph 1 – point d a (new)

(d a) The end-user shall not be denied access to an information society service or electronic communications service (whether these services are remunerated or not) on grounds that the end-user does not provide consent under point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the provision of that service.


Clarifies what a "freely given consent" is


Amendment 563 +[modifier]

Amendment 563
Monica Macovei, Marian-Jean Marinescu, Barbara Spinelli
ECR
Article 8 – paragraph 1 – point d b (new)

(d b) The end-user shall not be denied any functionality of the terminal equipment on grounds that the end-user does not provide consent as set out in point (b) of Article 8(1) or point (b) of Article 8(2) for processing any data that is not strictly necessary for the functionality requested by the end-user.


Clarifies what a "freely given consent" is


Amendment 575 ++[modifier]

Amendment 575
Sophia in 't Veld
ALDE
Article 8 – paragraph 1 a (new)

1 a. No one shall be denied access to any information society services or to the functionality of interconnected equipment, regardless of the service concerned being remunerated or not:

- on grounds that he or she has not given his or her consent under Article 8(1)(b) to the processing of personal data that is not necessary for the provision of those services;and/ or,

- on grounds that he or she has installed software or applications to protect their information and terminal equipment.

Processing of data for purposes of providing targeted advertisements cannot be considered as necessary for the performance of a service.


Clarifies what a "freely given consent" is

Offline tracking[modifier]

Bad[modifier]

Amendment 89 --[modifier]

Amendment 89
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 2 a (new)

2a. For the purpose of point (ab) of paragraph 2, the following controls shall be implemented to mitigate the risks:

(a) the purpose of the data collection from the terminal equipment shall be restricted to mere statistical counting; and

(b) the tracking shall be limited in time and space to the extent strictly necessary for this purpose; and

(c) the data shall be deleted or anonymised immediately after the purpose is fulfilled; and

(d) the users shall be given effective opt-out possibilities.


This amendment would authorize the processing of unanomized data for statistical counting, which may mean anything (how many people have visited a store during the last 6 month, how many times each, etc ? which implies to store personal data for a long duration)


Amendment 589 -[modifier]

Amendment 589
Michał Boni, Frank Engel, Tomáš Zdechovský, Viviane Reding, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 8 – paragraph 2 – subparagraph 1 – point b

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

(b) the information collected is or is rendered pseudonymous or anonymous and the data protection impact assessment and, if necessary, a prior consultation with the supervisory authority were carried out, as prescribed respectively in Article 35 and 36 of Regulation (EU) 2016/679, and a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.


Making the data pseudonymous does not protect tracked people from the tracker at all

Amendment 591 --[modifier]

Amendment 591
Sophia in 't Veld
ALDE
Article 8 – paragraph 2 – subparagraph 1 – point b a (new)

(b a) (a) the purpose of the data collection from the terminal equipment is restricted to mere statistical counting;and

(b) the tracking is limited in time and space to the extent strictly necessary for this purpose;and

(c) the data will be be deleted or anonymised immediately after the purpose is fulfilled;and

(d) the users are informed and given effective opt-out possibilities.


This would authorize the processing of unanomized data for "statistical counting", which may mean anything (how many people have visited a store during the last 6 month, how many times each, etc ? which implies to store personal data for a long duration)


Amendment 592 -[modifier]

Amendment 592
Axel Voss, Heinz K. Becker
EPP
Article 8 – paragraph 2 – subparagraph 1 – point b a (new)

(b a) it is necessary for protecting the confidentiality, integrity, availability, authenticity of the terminal equipment or of the electronic communications network or service, or for protecting the privacy, security or safety of the user.


Protecting the "security and safety" of people against their will is rarely acceptable (and the context that would make it acceptable is not specified by this amendment) and would mainly be a pretext for surveillance (in protests and crowded events, typically)


Amendment 609 --[modifier]

Amendment 609
Miltiadis Kyrkos
S&D
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply. The application of Art. 7(4) of Regulation (EU) 2016/679/EU must not oblige providers of information society services to offer a service without data processing which the service provider means to provide together with the service like e.g. data processing for the purpose of advertising.


Would prevent any consent from being freely given, in contradiction with the GDPR and with what is acceptable


Amendment 611 --[modifier]

Amendment 611
Gérard Deprez, Morten Løkkegaard, Jean-Marie Cavada, Petr Ježek, Pavel Telička
ALDE
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definition of and conditions for consent provided for under Articles 4(11) and Article 7 (1), (2), and (3) of Regulation (EU) 2016/679/EU shall apply.

Justification: Legal basis for opt-in by the end-user based on informed browsing


Would not require consent to be freely given (as required by the GDPR) any more


Amendment 612 --[modifier]

Amendment 612
Heinz K. Becker
EPP
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definitions of and conditions for consent provided for under Articles 4(11) and 7(1), (2) and (3) of Regulation (EU) 2016/679 shall apply.


Would not require consent to be freely given (as required by the GDPR) any more


Amendment 613 --[modifier]

Amendment 613
Daniel Dalton, John Procter
ECR
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2), and (3) of Regulation (EU) 2016/679/EU shall apply.


Would not require consent to be freely given (as required by the GDPR) any more


Amendment 614 --[modifier]

Amendment 614
Axel Voss, Heinz K. Becker
EPP
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 (1), (2) and (3)of Regulation (EU) 2016/679/EU shall apply.

Justification: The reference here to the conditions for consent laid down by Article 7 of Regulation (EU) No 2016/679/EU must at all events be limited to Article 7(1) to (3).The non-applicability of Article 7(4) of Regulation (EU) No 2016/679 to consent pursuant to Article 9 of the proposal for a regulation is necessary because, unlike in Regulation (EU) No 2016/679, data processing based on the general clause concerning justified interests is not provided for in this proposal.


Would not require consent to be freely given (as required by the GDPR) any more. As regards the provided justification, we do not understand what "data processing based on the general clause concerning justified interests" means. It mays simply refer to the "legitimate interest" legal basis. But the lack of such basis in this Regulation would not justified to bypass consent (since the purpose of this Regulation is specifically to protect communications by requiring consent).


Amendment 616 --[modifier]

Amendment 616
Pál Csáky
EPP
Article 9 – paragraph 1

1. The definition of and conditions for consent provided for under Articles 4(11) and 7 of Regulation (EU) 2016/679/EU shall apply.

1. The definition of and conditions for consent provided for under Articles 4(11) of Regulation (EU) 2016/679/EU shall apply.


Would not require consent to be freely given (as required by the GDPR) any more


Good[modifier]

Amendment 84 +[modifier]

Amendment 84
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 2 – subparagraph 1 – point a

(a) it is done exclusively in order to, for the time necessary for, and for the purpose of establishing a connection; or

(a) it is done exclusively in order to, for the time necessary for, and for the sole purpose of establishing a connection requested by the user; or


Would ensure that users are not directly harassed on their phones by spams, consent requests and such


Amendment 85 ++[modifier]

Amendment 85
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 2 – subparagraph 1 – point a a (new)

(aa) the user has been informed and has given consent; or


Device-tracking should only be lawful with our consent (this amendment corrects the absurdly dangerous proposal of the EC)


Amendment 86 +[modifier]

Amendment 86
Marju Lauristin (rapporteur)
Article 8 – paragraph 2 – subparagraph 1 – point a b (new)

(ab) the data are anonymised and the risks are adequately mitigated.


Device-tracking is not "tracking" anymore if the data are anonymised, which is good


Amendment 87 ++[modifier]

Amendment 87
Marju Lauristin (rapporteur)
S&D
Article 8 – paragraph 2 – subparagraph 1 – point b

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

deleted


Device-tracking should only be lawful with our consent (this amendment corrects the absurdly dangerous proposal of the EC)

Amendment 583 ++[modifier]

Amendment 583
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 8 – paragraph 2

2. The collection of information emitted by terminal equipment to enable it to connect to another device and, or to network equipment shall be prohibited, except if:

deleted

(a) it is done exclusively in order to, for the time necessary for, and for the purpose of establishing a connection; or

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied.

Justification: See related amendment to Article 4:Since these data emissions are included in the definition of “metadata”, Article 8(2) can be deleted, as it is now covered by Article 6(2).


This would restore the protection provided by current EU law: device tracking requires consent

Amendment 584 ++[modifier]

Amendment 584
Cornelia Ernst
GUE/NGL
Article 8 – paragraph 2

2. The collection of information emitted by terminal equipment to enable it to connect to another device and, or to network equipment shall be prohibited, except if:

deleted

(a) it is done exclusively in order to, for the time necessary for, and for the purpose of establishing a connection; or

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

The collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679, have been applied.


This would restore the protection provided by current EU law: device tracking requires consent


Amendment 588 ++[modifier]

Amendment 588
Monica Macovei
ECR
Article 8 – paragraph 2 – subparagraph 1 – point b

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

(b) all relevant information about the intended processing is provided in clear and easily understandable language, provided separately from the terms and conditions of the provider, and if the end-user concerned has given his or her consent to the processing of the data for one or more specified purposes, including for the provision of specific services, provided that the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous; the collection of such information shall be conditional on the application of appropriate technical and organisational measures to ensure a level of security appropriate to the risks, as set out in Article 32 of Regulation (EU) 2016/679 and supplemented with a mandatory data protection impact assessment, have been applied.


This would restore the protection provided by current EU law: device tracking requires consent


Amendment 590 ++[modifier]

Amendment 590
Sophia in 't Veld
ALDE
Article 8 – paragraph 2 – subparagraph 1 – point b

(b) a clear and prominent notice is displayed informing of, at least, the modalities of the collection, its purpose, the person responsible for it and the other information required under Article 13 of Regulation (EU) 2016/679 where personal data are collected, as well as any measure the end-user of the terminal equipment can take to stop or minimise the collection.

(b) the user has been informed according to Article 13 of Regulation (EU) 2016/679 and has given consent to the collection for a specific purpose.


This would restore the protection provided by current EU law: device tracking requires consent

Consent definition[modifier]

Bad[modifier]

Amendment 92 -[modifier]

Amendment 92
Marju Lauristin (rapporteur)
S&D
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using technical specifications of electronic communications services. When such technical specifications are used by the user, they shall be binding on, and enforceable against, any other party.


Consent cannot be "freely given, specific informed, and unambiguous" through automated means. 


Amendment 98 -[modifier]

Amendment 98
Marju Lauristin (rapporteur)
S&D
Article 10 – paragraph 1 – point d (new)

(d) offer the user the possibility to express specific consent through the settings after the installation of the software.


Consent cannot be "freely given, specific informed, and unambiguous" through automated means. 

Amendment 662 -[modifier]

Amendment 662
Gérard Deprez, Morten Løkkegaard, Jean-Marie Cavada, Petr Ježek, Pavel Telička
ALDE
Article 10 – paragraph 2 a (new)

2 a. The software shall not block data processing wich is legally allowed to Art. 8 (1) a), c) or d) or (2) a), irrespective of the browser settings.


This amendment would lead to an unacceptable situation where users are deprived of any control on their very own equipments.

Amendment 623 --[modifier]

Amendment 623
Miltiadis Kyrkos
S&D
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Where technically possible and feasible, in particular for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet, or by continuing the use of an information society service, having been provided with clear and comprehensive information that this action by the end-user signifies consent


This amendment would allow "implicit" consent - not expressed by an "affirmative action" (which is required by the GDPR)


Amendment 624 --[modifier]

Amendment 624
Pál Csáky
EPP
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Where technically possible and feasible, in particular for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet or by continuing the use of an information society service, having been provided with clear and comprehensive information that this action by the end-user signifies consent.


This amendment would allow "implicit" consent - not expressed by an "affirmative action" (which is required by the GDPR)


Amendment 625 --[modifier]

Amendment 625
Gérard Deprez, Morten Løkkegaard, Jean-Marie Cavada, Petr Ježek, Pavel Telička
ALDE
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Where technically possible and feasible for the purposes of point (b) of Article 8(1) consent may be expressed by using the appropriate technical setting of software application enabling access to the internet or by the continued use of the information society service after having been provided with accessible and comprehensive information about this action of the end-user.

Justification: The user's continued use of the services provided to them, based on accessible information, should be regarded as consent.


This amendment would allow "implicit" consent - not expressed by an "affirmative action" (which is required by the GDPR)

Amendment 635 -[modifier]

Amendment 635
Axel Voss, Heinz K. Becker, Anna Maria Corazza Bildt
EPP
Article 10

Article 10

deleted

Information and options for privacy settings to be provided

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting.

3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.

Justification: Article 25 of Regulation (EU) 2016/679 governs data protection by design and by default.Article 10 of the proposal for a regulation only undermines Article 25 of Regulation (EU) 2016/679 and would hamper most business models.


This amendment would delete an interesting (and probably useful) informative measure proposed by the Commission. The provided justification makes no sense: GDPR 25 only applies to data controller while this measure does not. It has no impact on GDPR 25 at all


Amendment 636 -[modifier]

Amendment 636
Brice Hortefeux, Rachida Dati
EPP
Article 10

Article 10

deleted

Information and options for privacy settings to be provided

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting.

3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.


This amendment would delete an interesting (and probably useful) informative measure proposed by the Commission.


Amendment 637 -[modifier]

Amendment 637
Daniel Dalton, John Procter, Helga Stevens
ECR
Article 10

Article 10

deleted

Information and options for privacy settings to be provided

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting.

3. In the case of software which has already been installed on 25 May 2018, the requirements under paragraphs 1 and 2 shall be complied with at the time of the first update of the software, but no later than 25 August 2018.


This amendment would delete an interesting (and probably useful) informative measure proposed by the Commission.

Amendment 643 -[modifier]

Amendment 643
Anna Maria Corazza Bildt
EPP
Article 10 – paragraph 1

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer appropriate technical settings referred to in Art.9 (2) for end- users to express consent.


This amendment would delete an interesting (and probably useful) informative measure proposed by the Commission.


Amendment 644 -[modifier]

Amendment 644
Michał Boni, Frank Engel, Tomáš Zdechovský, Csaba Sógor, Carlos Coelho, Elissavet Vozemberg-Vrionidi
EPP
Article 10 – paragraph 1

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer appropriate technical settings referred to in Article 9 (2) for end-user to express consent.


This amendment would delete an interesting (and probably useful) informative measure proposed by the Commission.


Amendment 647 -[modifier]

Amendment 647
Marju Lauristin (rapporteur)
S&D
Article 10 – paragraph 1 – point c (new)

(c) upon installation, inform and offer the user the possibility to change or confirm the privacy settings options defined in point (a) by requiring the user's consent to a setting;


This would allow user to choose to automaticly provide consent (which is not acceptable) or to accept to be unlawfully tracked (which makes no sense).

Amendment 661 -[modifier]

Amendment 661
Pál Csáky
EPP
Article 10 – paragraph 2 a (new)

2 a. The software shall not block data processing which is legally allowed according to Art. 8 (1) a), c) or d) or (2) a), irrespective of the browser settings.


This amendment would lead to an unacceptable situation where users are deprived of any control on their very own equipments.

Good[modifier]

Amendment 93 +[modifier]

Amendment 93
Marju Lauristin (rapporteur)
S&D
Article 9 – paragraph 3

3. End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.

3. Users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3), point (b) of Article 8(1) and point (aa) of Article 8(2) shall be given the possibility to withdraw their consent at any time as set forth under Article 7(3) of Regulation (EU) 2016/679 and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continues.


Clarification

Amendment 617 +[modifier]

Amendment 617
Daniel Dalton, John Procter, Helga Stevens
ECR
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

deleted


This amendment would prevent consent from being given through automated means, which is good since automated consent cannot be "specific" nor "informed" as requested by the GDPR

Amendment 618 +[modifier]

Amendment 618
Brice Hortefeux, Rachida Dati
EPP
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

deleted


This amendment would prevent consent from being given through automated means, which is good since automated consent cannot be "specific" nor "informed" as requested by the GDPR


Amendment 619 +[modifier]

Amendment 619
Axel Voss, Heinz K. Becker
EPP
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

deleted

Justification: Articles 4(11) and 7 of Regulation (EU) No 2016/679 define the conditions for consent and are perfectly sufficient here.The proposal goes beyond these definitions and thus creates a dual regime for consent and renders the situation less clear.Article 9(2) should therefore be deleted.


This amendment would prevent consent from being given through automated means, which is good since automated consent cannot be "specific" nor "informed" as requested by the GDPR


Amendment 620 ++[modifier]

Amendment 620
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Without prejudice to paragraph 1, where technically feasible, for the purposes of point (b) of Article 8(1), consent may be expressed and withdrawn by using the appropriate technical specifications for electronic communications services or information society services which allow for specific consent for specific purposes and with regard to specific service providers actively selected by the user in each case, pursuant to paragraph 1. When such technical specifications are used by the user's terminal equipment or the software running on it, they may signal the user's preferences based on previous active selections by him or her. These signals shall be binding on, and enforceable against, any other party.

Justification: The GDPR carefully avoids automated consent in Recital 32, as it cannot be informed, specific and active.Recital 32 GDPR only refers to individual information society services.Therefore, consent should be given actively by the user in each case, and the software should only remember this for later visits.


This amendment would prevent consent from being given through automated means, which is good since automated consent cannot be "specific" nor "informed" as requested by the GDPR. Furthermore, this amendment would make browsers and such remembering user's choice, protecting them from harassing consent requests


Amendment 621 ++[modifier]

Amendment 621
Cornelia Ernst
GUE/NGL
Article 9 – paragraph 2

2. Without prejudice to paragraph 1, where technically possible and feasible, for the purposes of point (b) of Article 8(1), consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet.

2. Without prejudice to paragraph 1, where technically feasible, for the purposes of point (b) of Article 8(1), consent may be expressed and withdrawn by using the appropriate technical specifications for electronic communications services or information society services which allow for specific consent for specific purposes and with regard to specific service providers selected by the user. When such technical specifications are used by the user's terminal equipment or the software running on it, they shall be binding on, and enforceable against, any other party.


This amendment would prevent consent from being given through automated means, which is good since automated consent cannot be "specific" nor "informed" as requested by the GDPR. Furthermore, this amendment would make browsers and such remembering user's choice, protecting them from harassing consent requests


Amendment 633 ++[modifier]

Amendment 633
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 9 – paragraph 3 a (new)

3 a. Without prejudice to Article 7(4) of Regulation (EU) 2016/679, a user shall not be denied access to any electronic communications service, information society service or functionality of a terminal equipment, regardless of whether this is remunerated or not, on the mere grounds that he or she has not given his or her consent to

(a) the processing of electronic communications data, metadata or content pursuant to Article 6;or

(b) the use of input, output, processing and storage capabilities of terminal equipment and the processing of information related to or processed by the users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware, pursuant to Article 8(1)

that is technically not strictly necessary for the provision of that service or functionality.

Justification: based on LIBE AM 83 rapporteur, moved to the Article on consent where it belongs.This is complementary to 7(4) GDPR.7(4) GDPR is about invalidity of forced consent, this here is about not forcing consent as a condition for access (“consent wall”).


Would clearly ensure that consent is "freely given"


Amendment 639 +[modifier]

Amendment 639
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 10 – paragraph 1

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

1. Hardware and software placed on the market that enable the access to and use of electronic communications services or the access to and use of information society services shall be able to prevent other parties from using input, output, processing and storage capabilities of terminal equipment and the processing of information related to or processed by a users' terminal equipment, or making information available through the terminal equipment, including information about and processed by its software and hardware.

Justification: WP 29 notes that the definition of “third parties” in the GDPR doesn’t include the controllers.Therefore this expression should be avoided in the context of this Regulation.See related amendments to Articles 7 and 14.Rest of the text aligned with Article 8(1).The Commission proposal and also AMs 94-98 LIBE rapporteur only refer to cookies, which is not future proof and already outdated with browser fingerprinting etc.


Useful clarifications


Amendment 640 +[modifier]

Amendment 640
Cornelia Ernst
GUE/NGL
Article 10 – paragraph 1

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

1. Hardware and software that enable the access to and use of electronic communications services or the access to, and use of, information society services shall be able to prevent other parties from using input, output, processing and storage capabilities of terminal equipment and the processing of information related to, or processed by, a user's terminal equipment, or making information available through the terminal equipment, including information about, and processed by, its software and hardware.


Useful clarifications


Amendment 641 /[modifier]

Amendment 641
Sophia in 't Veld
ALDE
Article 10 – paragraph 1

1. Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall offer the option to prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.

1. The default setting of software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet, shall not allow the storing of information on the terminal equipment of an end-user, the processing of information already stored on that equipment, or sharing of personal data. Such software setting options shall allow end-users to provide or withdraw consent for each distinct category of purposes.


This is a mixed amendment. Bad : allows automated consent. Good: but provide that, by default, consent is not automatically given


Amendment 645 +[modifier]

Amendment 645
Marju Lauristin (rapporteur)
S&D
Article 10 – paragraph 1 – point a (new)

(a) by default, offer privacy protective settings to prevent other parties from storing information on the terminal equipment of a user and from processing information already stored on that equipment, except for the purposes laid down by Article 8 paragraph (1), points (a), (c) and (d);


This amendment would clearly provide that softwares shall not allow unlawful tracking. But it is not really clear how softwares may identify lawful tracking (especially those not based on consent).


Amendment 655 +[modifier]

Amendment 655
Jan Philipp Albrecht, Judith Sargentini, Viviane Reding
Verts/ALE
Article 10 – paragraph 2

2. Upon installation, the software shall inform the end-user about the privacy settings options and, to continue with the installation, require the end-user to consent to a setting.

2. By default, such hardware or software shall have activated privacy settings that prevent other parties from exercising the activities referred to in paragraph 1. If the hardware or software allows for deviating settings, the user shall be informed about the privacy settings options during first use or installation and shall be offered the possibility to change or confirm them.


This would make tracking disabled by default

State surveillance[modifier]

Bad[modifier]

Amendment 673 --[modifier]

Amendment 673
Daniel Dalton, John Procter
ECR
Article 11 – paragraph 1

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.


This would allow State surveillance for almost any imaginable purpose


Good[modifier]

Amendment 101 ++[modifier]

Amendment 101
Marju Lauristin (rapporteur)
S&D
Article 11

Article 11

deleted

Restrictions

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response.


Amendment 103 +[modifier]

Amendment 103
Marju Lauristin (rapporteur)
S&D
Article 11 b (new)

Article 11b

Restrictions on confidentiality of communications

1. Union or Member State law may restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests:

(a) national security;

(b) defence;

(c) public security;

(d) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.


Would limit the purpose for which this Regulation can be derogated. But could have gone much much farther!


Amendment 669 ++[modifier]

Amendment 669
Cornelia Ernst
GUE/NGL
Article 11

Article 11

deleted

Restrictions

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response.


This would get State surveillance out of this Regulation, making the legislative debate way clearer


Amendment 670 ++[modifier]

Amendment 670
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 11

Article 11

deleted

Restrictions

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response.

Justification: Following the LIBE rapporteur:Art. 11a for restrictions of user rights, Art. 11b for restrictions of confidentiality, added Art. 11c on documentation and reporting.


This would get State surveillance out of this Regulation, making the legislative debate way clearer

Amendment 671 /[modifier]

Amendment 671
Sophia in 't Veld, Kaja Kallas
ALDE
Article 11 – paragraph 1

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction fully respects fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard national security, defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communications system.

Justification: This amendment stays as close to the status quo as possible.


Excludes economic purposes from State surveillance (which is good) but do not implement CJUE case law


Amendment 672 /[modifier]

Amendment 672
Michał Boni, Frank Engel, Tomáš Zdechovský, Carlos Coelho, Pál Csáky, Elissavet Vozemberg-Vrionidi
EPP
Article 11 – paragraph 1

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (e) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.

1. Union or Member State law may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 5 to 8 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the general public interests referred to in Article 23(1)(a) to (d) of Regulation (EU) 2016/679 or a monitoring, inspection or regulatory function connected to the exercise of official authority for such interests.


Excludes economic purposes from State surveillance (which is good) but do not implement CJUE case law


Amendment 674 ++[modifier]

Amendment 674
Sophia in 't Veld, Angelika Mlinar, Kaja Kallas
ALDE
Article 11 – paragraph 1 a (new)

1 a. The Union or Member States shall not impose any obligation on undertakings that would result in the weakening of the security and encryption of their networks and services.


Would clearly forbid backdoors (in networks and services only, not in device, though)


Amendment 675 ++[modifier]

Amendment 675
Sophia in 't Veld, Kaja Kallas
ALDE
Article 11 – paragraph 2

2. Providers of electronic communications services shall establish internal procedures for responding to requests for access to end-users’ electronic communications data based on a legislative measure adopted pursuant to paragraph 1. They shall provide the competent supervisory authority, on demand, with information about those procedures, the number of requests received, the legal justification invoked and their response.

2. Providers of electronic communications services shall publish information about the number of requests received, the legal justification invoked and their response.

Justification: Mandatory Transparency Reports.


Would add some transparency (which is not enough at all on its own, but would still be a huge progress)


Amendment 678 +[modifier]

Amendment 678
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 11 a (new)

Article 11 a

Restrictions on the rights of the user or subscriber

1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests:

(a) national security;

(c) defence;

(d) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.


This would limit national derogations to the rights to be informed, to access and to obtain erasure of ones information


Amendment 679 +[modifier]

Amendment 679
Cornelia Ernst
GUE/NGL
Article 11 a (new)

Article 11 a

Restrictions on the rights of the user or subscriber

1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the obligations and principles relating to processing of electronic communications data provided for in Articles 6, 7 and 8 of this Regulation in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 of Regulation (EU) 2016/679, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests:

(a) national security;

(b) defence;

(c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.


This would limit national derogations to the rights to be informed, to access and to obtain erasure of ones information


Amendment 680 +[modifier]

Amendment 680
Cornelia Ernst
GUE/NGL
Article 11 b (new)

Article 11 b

Restrictions of the confidentiality of communications

1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests:

(a) national security;

(b) defence;

(c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.It shall also require prior judicial authorisation for any access to content or metadata.

3.No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.


It would requires prior judicial authorization for any restriction of the confidentiality of communications and not allow such restriction for economic purposes. Also, it would forbid any kind of backdoor. However, it would allow restrictions for "national security" and "defence" purposes which, as long as they are broader than the prevention of serious crime, cover extremely broad, vague and unpredictable purposes. Also, this amendments does not specifically limit the duration of the derogations.


Amendment 681 +[modifier]

Amendment 681
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 11 b (new)

Article 11 b

Restrictions of the confidentiality of communications

1.Union or Member State law to which the provider is subject may temporarily restrict by way of a legislative measure the scope of the rights provided for in Article 5 where such a restriction respects the essence of the fundamental rights and freedoms and is a necessary, appropriate and proportionate measure in a democratic society to safeguard one or more of the following general public interests:

(a) national security;

(b) defence;

(c) the prevention, investigation, detection or prosecution of serious criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

2.In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, pursuant to Article 23(2) of Regulation (EU) 2016/679.It shall also require prior judicial authorisation for any access to content or metadata.

3.No legislative measure referred to in paragraph 1 may allow for the weakening of the integrity and confidentiality of electronic communications by mandating a manufacturer of hardware or software, including terminal equipment or software providing for the use of electronic communications, or a provider of electronic communications services, to create and build in backdoors that weaken the cryptographic methods used or the security and integrity of the terminal equipment.


It would requires prior judicial authorization for any restriction of the confidentiality of communications and not allow such restriction for economic purposes. Also, it would forbid any kind of backdoor. However, it would allow restrictions for "national security" and "defence" purposes which, as long as they are broader than the prevention of serious crime, cover extremely broad, vague and unpredictable purposes. Also, this amendments does not specifically limit the duration of the derogations.


Amendment 682 ++[modifier]

Amendment 682
Cornelia Ernst
GUE/NGL
Article 11 c (new)

Article 11 c

Documentation and reporting of restrictions

1.Providers of electronic communications services shall keep documentation about requests made by competent authorities to access communications content or metadata pursuant to Article 11b(2).This documentation shall include for each request:

(a) the in-house staff member who handled the request;

(b) the identity of the body making the request;

(c) the purpose for which the information was sought;

(d) the date and time of the request;

(e) the legal basis and authority for the request, including the identity and status or function of the official submitting the request;

(f) the judicial authorisation of the request;

(g) the number of subscribers to whose data the request related;

(h) the data provided to the requesting authority;and

(i) the period covered by the data.

The documentation shall be made available to the competent supervisory authority upon request.

2.Providers of electronic communications services shall publish once per year a report with statistical information about data access requests by law enforcement authorities pursuant to Articles 11a and 11b.The report shall include, at least

(a) the number of requests;

(b) the categories of purposes for the request;

(b) the categories of data requested;

(c) the legal basis and authority for the request;

(d) the number of subscribers to whose data the request related;

(e) the period covered by the data;

(f) the number of negative and positive responses to those requests.

3.Member States' competent authorities shall publish once per year a report with statistical information per month about data access requests pursuant to Articles 11a and 11b, including requests that were not authorised by a judge, including, but not limited to, the following points:

(a) the number of requests;

(b) the categories of purposes for the request;

(b) the categories of data requested;

(c) the legal basis and authority for the request;

(d) the number of subscribers to whose data the request related;

(e) the period covered by the data;

(f) the number of negative and positive responses to those requests.

The reports shall also contain statistical information per month about any other restrictions pursuant to Articles 11a and 11b.


Would add some transparency (which is not enough at all on its own, but would still be a huge progress)


Amendment 683 ++[modifier]

Amendment 683
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 11 c (new)

Article 11 c

Documentation and reporting of restrictions

1.Providers of electronic communications services shall keep documentation about requests made by competent authorities to access communications content or metadata pursuant to Article 11b(2).This documentation shall include for each request:

(a) the in-house staff member who handled the request;

(b) the identity of the body making the request;

(c) the purpose for which the information was sought;

(d) the date and time of the request;

(e) the legal basis and authority for the request, including the identity and status or function of the official submitting the request;

(f) the judicial authorisation of the request;

(g) the number of subscribers to whose data the request related;

(h) the data provided to the requesting authority;and

(i) the period covered by the data.

The documentation shall be made available to the competent supervisory authority upon request.

2.Member States' competent authorities shall publish once per year a report with statistical information per month about data access requests pursuant to Article 11b(2), including requests that were not authorised by a judge, including, but not limited to, the following points:

(a) the number of requests;

(b) the categories of purposes for the request;

(b) the categories of data requested;

(c) the legal basis and authority for the request;

(d) the number of subscribers to whose data the request related;

(e) the period covered by the data;

The reports shall also contain statistical information per month about any other restrictions pursuant to Articles 11a and 11b.

Justification: Reports by Member States’ authorities are more comprehensive, as they consolidate all requests to all communications service providers.This also avoids additional burdens for providers.


Would add some transparency (which is not enough at all on its own, but would still be a huge progress)

Sanctions[modifier]

Good[modifier]

Amendment 807 +[modifier]

Amendment 807
Cornelia Ernst
GUE/NGL
Article 23 – paragraph 3

3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7 shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

3. Infringements of the following provisions of this Regulation shall, in accordance with paragraph 1, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:


Harmonize sanctions

Amendment 808 +[modifier]

Amendment 808
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 23 – paragraph 3

3. Infringements of the principle of confidentiality of communications, permitted processing of electronic communications data, time limits for erasure pursuant to Articles 5, 6, and 7 shall, in accordance with paragraph 1 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

3. Infringements of the following provisions of this Regulation shall, in accordance with paragraph 1, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:


Harmonize sanctions


Amendment 809 +[modifier]

Amendment 809
Cornelia Ernst
GUE/NGL
Article 23 – paragraph 3 – subparagraph 1 (new)

(a) the principle of confidentiality of communications pursuant to Article 5;

(b) the permitted processing of electronic communications data, pursuant to Article 6,

(c) the time limits for erasure and the confidentiality obligations pursuant to Article 7;

(d) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8;

(e) the requirements for consent pursuant to Article 9;

(f) the obligations of the provider of software or hardware enabling electronic communications, pursuant to Article 10;

(g) the obligations of the providers of electronic communications services, of the providers of information society services, or of the manufacturers of hardware and software permitting the retrieval and presentation of information on the internet pursuant to Article 17.


Harmonize sanctions


Amendment 810 +[modifier]

Amendment 810
Jan Philipp Albrecht, Judith Sargentini
Verts/ALE
Article 23 – paragraph 3 – subparagraph 1 (new)

(a) the principle of confidentiality of communications pursuant to Article 5;

(b) the permitted processing of electronic communications data, pursuant to Article 6,

(c) the time limits for erasure and the confidentiality obligations pursuant to Article 7;

(d) the obligations of any legal or natural person who process electronic communications data pursuant to Article 8;

(e) the requirements for consent pursuant to Article 9;

(f) the obligations of the provider of software enabling electronic communications, pursuant to Article 10;

(g) the obligations of the providers of electronic communications services, of the providers of information society services, or of the manufacturers of hardware and software permitting the retrieval and presentation of information on the internet pursuant to Article 17.


Harmonize sanctions