Version du 3 avril 2013 à 15:35

English

Français

ITRE is the European Parliament committee on Industry, Research and Energy issues.

On 20 February 2013, it issued an opinion on the Proposal for a Data Protection Regulation aimed to assist LIBE committee in the drafting of its own report.

You can find a detailed list of its members on Memopol or visit its official website.

Its opinion proposes many amendment which would severely weaken personal data protection. This page lists and analyses the most dangerous of them.

Consent

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 82

Article 4 - Definitions

(8) ‘the data subject's consent’ means any freely given specific, informed and ~~explicit~~ unambiguous indication of his or her wishes by which the data subject ~~, either by a statement or by a clear affirmative action,~~ signifies agreement to personal data relating to them being processed. Silence or inactivity does not in itself indicate consent ;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

If the required consent must not be explicit, data subjects might give it by a 'passive action' - by not opposing to the process of their data. This amendment only proposes that consent must be 'unambiguous': that mere 'silence or inactivity does not in itself indicate consent' but does when occurring in a specific context - when data subjects can understand the consequences of their silence or inactivity.

That is the current state of the law. And it has showed not to fit anymore the information society at all. Users are loosing trust in Internet services as many websites are collecting their personal data without explicitly warn them about it. They are only stating they collect such data on a distant page of their site and it is not enough at all to regain users' trust: users must have entire control on the processing of their own data.

Pseudonymous data

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 77

Article 4 - Definitions

(2a) 'pseudonymous data' means any personal data that has been collected, altered or otherwise processed so that it of itself cannot be attributed to a data subject without the use of additional data which is subject to separate and distinct technical and organisational controls to ensure such non attribution;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 101

Article 6 - Lawfulness of processing

1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
- (a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
- ...
- (fa) processing is limited to pseudonymised data, where the data subject is adequately protected and the recipient of the service is given a right to object pursuant to Article 19 (3a).

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

These two amendments provide that data which are not directly collected or processed together with the data subject's name may be collected or processed without the data subject's consent, even though these data are tied to an unique identifier - which may be linked to the data subject's name in another dataset - or may otherwise be easilly linked back to the data subject, as sudies on recent re-identification advances show.

Purpose limitation

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 95

Article 6 - Lawfulness of processing

1.Processing of personal data shall be lawful only if and to the extent that at least one

of the following applies:

- (a) the data subject has given consent to the processing of their personal data ~~for one or more specific purposes~~;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

The initial Proposal provided that consent must be given for each processing's purpose. Thus, data subjects might exactly control where their data will go and what for. This amendment proposes that users give their consent once for all, no matter the purpose for which or the number of time their data will be processed. Once users have give their consent, controllers are free to collect, process and transfer any personal data to any ends. Data subjects would only be informed of these processing and might object to them afterwards.

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 100

Article 6 - Lawfulness of processing (f) processing is necessary for the purposes of the legitimate interests pursued by, or on behalf of a controller or a processor, or by a third party or parties in whose interest the data is processed, including for the security of processing, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. ~~This~~ The interest or fundamental rights and freedoms of the data subject shall not ~~apply to~~ over-ride processing carried out by public authorities in the performance of their tasks or enterprises in the exercise of their legal obligations, and in order to safeguard against fraudulent behaviour.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 102

(fb) the data are collected from public registers, lists or documents accessible by everyone;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 110

Article 6 - Lawfulness of processing

4. Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to ~~(e)~~ (f) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Data subjects' rights

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 134

Article 12

4. The information and the actions taken on requests referred to in paragraph 1 shall be free of charge. Where requests are manifestly excessive, in particular ~~because of~~ owing to their high volume, complexity or their repetitive character, the controller may charge a an appropriate, not for profit, fee for providing the information or taking the action requested, or the controller may ~~not~~ decline to take the action requested. In that case, the controller shall bear the burden of proving the manifestly excessive character of the request.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

This amendment would allow controllers to charge users who would ask information on their personal data - what of their data are processed, for what purpose, who can access to them and for how long will they be stored ? -, who would ask for the rectification or the erasure of these data or who would object to their processing where these requests would be 'excessively complex'. Thus, whenever controllers would decide that it would be too complex for them, users would have to pay to know and control who knows what about them.

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 146

Article 14 -

5.

(da) the data originates from publicly available sources

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amentdment 162

Article 17 - 2. Where the controller referred to in paragraph 1 has made the personal data public, it shall take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorised a third party publication of personal data, the controller shall be considered responsible for that publication.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 166

Article 17

3.

(ea) for prevention or detection of fraud, confirming identity, and/or determining creditworthiness, or ability to pay.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 181

Article 20 1. ~~Every natural person~~ A data subject shall have the right not to be subject to a measure which ~~produces legal effects concerning this natural person or significantly~~ adversely affects this ~~natural person, and~~ data subject, both offline and online which is based solely on automated processing of data intended to evaluate certain personal aspects relating to a ~~this natural person~~ data subject or to analyse or predict in particular the <,atural person's data subject's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 182

Article 20 1a. For the purposes of advertising, market research or tailoring telemedia, user profiles may be created using pseudonymised data, provided that the person concerned does not object. The person concerned must be informed of his/her right to object. User profiles may not be combined with data about the bearer of the pseudonym.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 184

Article 20

2.

(aa) is based on pseudonymous data;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 185

(ab) is based on the legitimate interests pursued by the data controller;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 190

(cb) is limited to pseudonymised data. Such pseudonymised data must not be collated with data on the bearer of the pseudonym. Article 19 (3a) shall apply correspondingly;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 193

3. Automated processing of personal data intended to evaluate certain personal aspects relating to a natural person shall not be based solely on the special categories of personal data referred to in Article 9.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 221

Article 25 ~~4. The designation of a representative by the controller shall be without prejudice to legal actions which could be initiated against the controller itself.~~

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 240

Article 29 2a. Where the controller and the processor are established in several Member States for the purposes of the full or partial management of data, they shall be given the opportunity to designate their main establishment.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 245

Article 31 1. In the case of a personal data breach ~~the controller shall without undue delay and, where feasible, not later than 24 hours after having become aware of it, notify the~~ relating to special categories of personal date, personal data which are subject to professional secrecy, personal data relating to criminal offences or to the suspicion of a criminal act or personal data relating to bank or credit card accounts, which seriously threaten the rights or legitimate interests of the data subject, the controller shall without undue delay notify the personal data breach to the supervisory authority. ~~The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hours.~~

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 251

Article 32 1. When the personal data breach is likely to adversely affect the protection of the personal data, the privacy, the right or the legitimate interests of the data subject, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay. A breach shall be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 255

Article 32a Communication of a personal data breach to other organisations A controller that communicates a personal data breach to a data subject pursuant to Article 32 may notify another organisation, a government institution or a part of a government institution of the personal data breach if that organisation, government institution or part of a government institution may be able to reduce the risk of harm that could result from it or mitigate that harm. Such notifications may be done without informing the data subject if the disclosure is made solely for the purposes of reducing the risk of harm to the data subject that could result from the breach or mitigating that harm.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 256

DATA PROTECTION IMPACT ASSESSMENT AND PRIOR ~~AUTHORISATION~~ NOTIFICATION

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Justification: Procedures requiring prior authorisation are costly and time-consuming for the controller, and their added value compared to a system of prior notification can be questioned from the point of view of data protection. Prior notifications, which would give the supervising authority the possibility to react and act, is sufficient and also provides for a user-friendly data protection procedure.

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 323

Artcile 46 3a. Each supervisory authority shall have the power to sanction administrative offences, in particular those referred to in Article 79(4), (5) and (6). Supervisory authorities may only issue sanctions for controllers or processors with their main establishment within the same Member State or, in coordination with Articles 56 and 57 if the supervisory authority of the main establishment fails to take action.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 327

Article 51 2a. Where this Regulation applies by virtue of Article 3(2), the competent supervisory authority shall be the supervisory authority of the Member State or territory where the controller has designated a representative in the Union pursuant to Article 25.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 360

Article 73 2. Any body, organisation or association which aims to protect data subjects’ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects from among its membership if it considers that a data subject’s rights under this Regulation have been infringed as a result of the processing of personal data and it has minimum funding of EUR 80 000 and representative membership with a corresponding membership structure.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude> Justif: Minimum funding and a representative membership structure are necessary in order to guarantee that collective actions are not misused and avoid a situation where associations are set up specifically for this purpose, as well as to ensure minimum cover for lawyers' fees and court costs.

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 362

Article 76 1. Any body, organisation or association referred to in Article 73(2) shall have the right to exercise the rights referred to in Articles 74 on behalf of one or more data subjects. Claims according to Article 77 may not be exercised by bodies, organisations or associations within the meaning of Article 73(2).

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 366

Article 79 1. ~~Each~~ The competent supervisory authority shall be empowered to impose administrative sanctions in accordance with this Article.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / ~~deleted from the initial text~~

Amendment 370

Article 79 3. The supervisory authority may give a written warning without imposing a sanction. The supervisory authority may impose a fine of up to EUR 1 000 000 for repeated, deliberate breaches or, in the case of a company, of up to 1% of its annual worldwide turnover.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté ~~d'expression !~~ d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

370-397 delete 3.-6.

@@ Ligne 41 : / Ligne 41 : @@
 **(a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
 **...
-(fa) processing is limited to pseudonymised data, where the data subject is adequately protected and the recipient of the service is given a right to object pursuant to Article 19 (3a).
+**(fa) processing is limited to pseudonymised data, where the data subject is adequately protected and the recipient of the service is given a right to object pursuant to Article 19 (3a).
 }}

Data Protection: ITRE Opinion : Différence entre versions

Version du 3 avril 2013 à 15:35

Sommaire

Consent

Amendment 82

Pseudonymous data

Amendment 77

Amendment 101

Purpose limitation

Amendment 95

Amendment 100

Amendment 102

Amendment 110

Data subjects' rights

Amendment 134

Amendment 146

Amentdment 162

Amendment 166

Amendment 181

Amendment 182

Amendment 184

Amendment 185

Amendment 190

Amendment 193

Amendment 221

Amendment 240

Amendment 245

Amendment 251

Amendment 255

Amendment 256

Amendment 323

Amendment 327

Amendment 360

Amendment 362

Amendment 366

Amendment 370

Menu de navigation

Rechercher