Data Protection: Legislative Procedure
This page lists the EU Parliament committees' opinion regarding the General Data Protection Regulation proposed by the Commission.
Three amendments Cite error: Invalid
name cannot be a simple integer. Use a descriptive title were aimed to prevent children from being subject to profiling, but they fell as the Compromised Amendment 9 Cite error: Invalid
name cannot be a simple integer. Use a descriptive title. This compromised amendment completely undermines Article 20, to the point that this article cannot prevent any form of profiling anymore, but merely prohibits unfair and discriminatory decisions based on automated process of personal data.
It is such a change that the article 20 even switches its title from ‘profiling’ to ‘automated process’.
However, amendment 233 proposed by Engström (Greens) still sets a right to object to profiling.
Data breach notification
Compromised amendment 10 Cite error: Invalid
name cannot be a simple integer. Use a descriptive title limits controllers’ obligation to notify to the breaches of significant effect and dismisses their obligation to notify within a 24 hours delay.
One of the major features of the Commission's Proposal Regulation is to require from the data subject a consent which is specific, informed and explicit. Requiring an explicit consent appears to be the most effective way to safeguard privacy. But the only amendment IMCO voted about consent was to redefine it as having to be given 'as explicit as possible according to the context', giving processors countless ways not to seek data subject's explicit consent.
Right to be forgotten and to erasure
Compromised amendment 8 (voted by Greens, S&D, ALDE, EPP, ECR, EFD) provides that a controller doesn't have to take all reasonable steps to inform third parties that a data subject has requested them to erase the data they hold where this data subject gave his consent to this controller to make these data public.
Compromised amendment 5 (voted by Greens, S&D, ALDE, EPP, ECR, EFD) provides that anonymous data (which cannot be attributed to anyone) are set out the scope of the regulation.