Data Protection: JURI Opinion : Différence entre versions

De La Quadrature du Net
Aller à la navigationAller à la recherche
(Data subject's rights=)
Ligne 17 : Ligne 17 :
 
[[Data_protection:_JURI_shortlist|Top amendments to reject and to support]]
 
[[Data_protection:_JURI_shortlist|Top amendments to reject and to support]]
  
=Pseudonymous data=
+
='''Pseudonymous data'''=
  
 
{{lawbox|title=Amendment 36|=
 
{{lawbox|title=Amendment 36|=
Ligne 25 : Ligne 25 :
 
}}
 
}}
  
=Supervisory authority=
+
='''Supervisory authority'''=
  
 
{{lawbox|title=Amendment 41|=
 
{{lawbox|title=Amendment 41|=
Ligne 33 : Ligne 33 :
 
}}
 
}}
  
=Legitimate interest=
+
='''Legitimate interest'''=
  
 
{{lawbox|title=Amendment 47|=
 
{{lawbox|title=Amendment 47|=
Ligne 47 : Ligne 47 :
 
}}
 
}}
  
=Purpose limitation=
+
='''Purpose limitation'''=
  
 
{{lawbox|title=Amendment 49|=
 
{{lawbox|title=Amendment 49|=
Ligne 55 : Ligne 55 :
 
}}
 
}}
  
=Child protection=
+
='''Child protection'''=
  
 
{{lawbox|title=Amendment 55|=
 
{{lawbox|title=Amendment 55|=
Ligne 71 : Ligne 71 :
 
}}
 
}}
  
=Data portability (?)=
+
='''Data portability''' (?)=
  
 
{{lawbox|title=Amendment 78|=
 
{{lawbox|title=Amendment 78|=
Ligne 79 : Ligne 79 :
 
}}
 
}}
  
=Right to be forgotten=
+
='''Right to be forgotten'''=
  
 
{{lawbox|title=Amendment 79|=
 
{{lawbox|title=Amendment 79|=
Ligne 99 : Ligne 99 :
 
}}
 
}}
  
=Profiling=
+
='''Profiling'''=
  
 
{{lawbox|title=Amendment 86|=
 
{{lawbox|title=Amendment 86|=
Ligne 127 : Ligne 127 :
 
}}
 
}}
  
=Data breach=
+
='''Data breach'''=
  
 
{{lawbox|title=Amendment 111|=
 
{{lawbox|title=Amendment 111|=
Ligne 135 : Ligne 135 :
 
}}
 
}}
  
=Transfer to third countries=
+
='''Transfer to third countries'''=
  
 
{{lawbox|title=Amendment 138|=
 
{{lawbox|title=Amendment 138|=
Ligne 143 : Ligne 143 :
 
}}
 
}}
  
=Complaints=
+
='''Complaints'''=
  
 
{{lawbox|title=Amendment 170|=
 
{{lawbox|title=Amendment 170|=
Ligne 163 : Ligne 163 :
 
}}
 
}}
  
=Sanctions=
+
='''Sanctions'''=
  
 
{{lawbox|title=Amendment 176|=
 
{{lawbox|title=Amendment 176|=

Version du 5 avril 2013 à 13:18


JURI is the European Parliament committee on Legal Affairs issues.

On 25 April 2013, it issued an opinion on the Proposal for a Data Protection Regulation aimed to assist LIBE committee in the drafting of its own report.

You can find a detailed list of its members on Memopol or visit its official website.


Its opinion proposes many amendments which would severely weaken personal data protection. This page lists and analyses the most dangerous of them.


Top amendments to reject and to support

Pseudonymous data

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 36

Article 4
  • (3a) 'pseudonymous data' means any personal data that has been collected, altered or otherwise processed so that it of itself cannot be attributed to a data subject without the use of additional data which is subject to separate and distinct technical and organisational controls to ensure such non attribution;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Supervisory authority

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 41

Article 4
  • (19a) 'competent supervisory authority' means a supervisory authority with exclusive competence to supervise the processing activities of the controller or processor in accordance with Article 51(2);

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Legitimate interest

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 47

Article 6
    • (f) processing is necessary for the purposes of the legitimate interests pursued by a controller or by a third party or third parties to whom the data are communicated, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 48

Article 6'
    • (fa) processing is necessary for fraud detection and prevention purposes according to applicable financial regulation or established industry, or professional body, codes of practice.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Purpose limitation

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 49

Article 6
  • 4. Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) (f) of paragraph 1. This shall in particular apply to any change of terms and general conditions of a contract.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Child protection

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 55

Article 8
  • 1. For the purposes of this Regulation, in relation to the offering of information society services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent would normally require that consent is given or authorised by the child's parent or custodian legal representative. The appropriate form for obtaining consent should be based on any risk posed to the child by the amount of data, its type and the nature of the processing. The controller shall make reasonable efforts to obtain verifiable consent, taking into consideration available technology. The methods to obtain verifiable consent shall not lead to the further processing of personal data which would otherwise not be necessary.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Data subject's rights

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 64

Article 12
  • 4. The information and the actions taken on requests referred to in paragraph 1 shall be free of charge. Where requests are manifestly excessive, in particular because of owing to their high volume, complexity or their repetitive character, the controller may charge a an appropriate, not for profit, fee for providing the information or taking the action requested, or the controller may not decline to take the action requested. In that case, the controller shall bear the burden of proving the manifestly excessive character of the request.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Data portability (?)

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 78

Article 15
  • 2. The data subject shall have the right to obtain from the controller communication of the personal data undergoing processing . Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject. and, on electronic request, an electronic copy of the non-commercial data undergoing processing in an interoperable and structured format which allows for further use. The controller shall verify the identity of a data subject requesting access to data within the limits of Articles 5 to 10 of this Regulation.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Right to be forgotten

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 79

Article 17
  • 1a. Credit institutions that retain data for the following grounds shall be exempt from the requirements of this Article:

- risk management purposes; - fulfilment of EU and international supervisory and compliance requirements;

- market abuse purposes.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Why only credit institution should enjoy this exception? > Lobby


How to read an amendment: added to the initial text / deleted from the initial text

Amendment 81

Article 17
    • (a) for exercising the right of freedom of expression in accordance with Article 80 or when providing an information society service to facilitate the accessing of such expression;

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Profiling

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 86

Article 20 1. Every natural person data subject shall have the right not to be subject to a measure which decision that' produces adverse legal effects concerning this natural person or significantly adversely affects this natural person data subject, and which is based solely or predominantly on automated processing intended to evaluate certain personal aspects relating to this natural person data subject or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour .

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

justif : It is important to consider that some profiling activities have considerable benefits for consumers and can be a good basis for good customer service. The wide definition of profiling does not differentiate routine data processing activities that are positive in nature with more negative profiling. Positive profiling is often used to tailor services to consumers by recording their needs and preferences.


How to read an amendment: added to the initial text / deleted from the initial text

Amendment 87

Article 20
  • 2. Subject to the other provisions of this Regulation, a person data subject may be subjected subject to a decision of the kind referred to in paragraph 1 if the processing:
    • (a) is carried out in the course of the entering into, or performance of, a contract, where the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfied or where suitable measures to safeguard the data subject's legitimate interests have been adduced, such as the right to obtain human intervention; or
    • (b) is expressly authorized by a Union or Member State law which also lays down suitable measures to safeguard the data subject's legitimate interests; or
    • (c) is based on the data subject's consent, subject to the conditions laid down in Article 7 and to suitable safeguards.
    • (a) is authorized by a Union or Member State law which also lays down suitable measures to safeguard the data subject's legitimate interests; or
    • (b) is lawful pursuant to points (a) to (fa) of Article 6(1) of this Regulation;
  • With due regard to Article 9, paragraph 2, profiling shall not have the effect of discriminating against individuals on the basis, for instance, of race or ethnic origin, religion or sexual orientation.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Data breach

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 111

Article 31
  • 1. In the case of a personal data breach which has a considerable effect on the data subject, , the controller shall, without undue delay and, where feasible, not later than 24 hours after having become aware of it, notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hours.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Transfer to third countries

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 138

Article 42
  • 1. Where the Commission has taken no decision pursuant to Article 41, or if it finds that a third country, a region or a data processing sector in a third country, or an international organisation, does not offer a sufficient level of data protection, a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has adduced appropriate safeguards with respect to the protection of personal data in a legally binding instrument, and where appropriate pursuant to an impact assessment, where the controller or processor has ensured that the recipient of data in a third country maintains high standards of data protection.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Complaints

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 170

Article 74
  • 3. Independently of a data subject's complaint, any body, organisation or association referred to in paragraph 2 shall have the right to lodge a complaint with a supervisory authority in any Member State, if it considers that a personal data breach has occurred.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 172

Article 74
  • 4. A data subject which is concerned by a decision of a supervisory authority in another Member State than where the data subject has its habitual residence, may request the supervisory authority of the Member State where it has its habitual residence to bring proceedings on its behalf against the competent supervisory authority in the other Member State.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 174

Article 76
  • 1. Any body, organisation or association referred to in Article 73(2) shall have the right to exercise the rights referred to in Articles 74 and 75 on behalf of one or more data subjects.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

Sanctions

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 176

Article 79
  • 1. Each The supervisory authority competent under Article 51(2) shall be empowered to impose administrative sanctions in accordance with this Article.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 178

Article 79
  • 2a. The supervisory authority may give a written warning without imposing a sanction. The supervisory authority may impose a fine of up to EUR 1 000 000 for repeated, deliberate breaches or, in the case of a company, of up to 2 % of its annual worldwide turnover.

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>

How to read an amendment: added to the initial text / deleted from the initial text

Amendment 180

Article 79
  • 4....

lawbox|title=Amendment 100|rate=-|1=Vive la liberté d'expression !|2=Vive la liberté d'expression ! d'entreprise

Modèle en boucle détecté : Modèle:Lawbox</noinclude>