Luxembourg EPP

Frank Engel

Country: Luxembourg
Group: European People's Party (EPP)
Party: Parti chrétien social luxembourgeois (LCV)

Member of Civil Liberties, Justice and Home Affairs
Substitute of Internal Market and Consumer Protection

Overview Frank Engel

Amendments: 17
...stronger: 4
...weaker: 11
...neutral: 2

Amendments by Frank Engel

(24a) Where a service provider processes personal data without being able to access this data by means that are technically feasible, do not involve a disproportionate effort, and reasonably likely to be used by the service provider to gain knowledge of the content of such data, such service providers should be deemed to be a neutral intermediary or mere conduit pursuant to Article 12 of Directive 2000/31/EC, who are not responsible for any personal data transmitted or otherwise processed or made available through them.
 
(127a) For purposes of legal certainty, this Regulation should not lead to conflicts with sector-specific legislation concerning legal obligations and non- legal requirements and recommendations flowing from such sectorial legislation, for example in health or banking sector.
 
If the provisions of this Regulation conflict with a provision of another Union act governing specific aspects of processing of personal data in specific sectors, the provision of the other Union act shall prevail and shall apply to those specific sectors.
 
(j) processing of data relating to criminal convictions or related security measures is carried out either under the control of official authority or when the processing is necessary for compliance with a legal or regulatory obligation or orders and recommendations of competent organizations as well as the requirements of supervisory authorities to which a controller is subject, or for the performance of a task carried out for important public interest reasons, and in so far as authorised by Union law or Member State law providing for adequate safeguards. A complete register of criminal convictions shall be kept only under the control of official authority.
 
4a. The controller or processor may designate its main establishment in accordance with Article 4 in one of the Member States, in particular where the controller or the processor have establishments located in more than one Member State.
 
4b. The main establishment designated under paragraph 4 subpoint 1 shall be responsible to the supervisory authority of the Member State in which that main establishment is established, for the implementation of the provisions of this Regulation by all of the controller's or processor's establishments within the territory of the Union.
 
The members and the staff of the supervisory authority shall be subjectbound, both during and after their term of office, to a duty ofby the obligation for professional secrecy with regard to any confidential information in conformity with national legislation and practice which has come to their knowledge in the course of thetheir performance of their official duties.
 
2. Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union, and the controller or processor is established in more than one Member Statehas designated a main establishment in accordance with Article 22a, the supervisory authority of the main establishment of the controller or processor shall be solely competent for the supervision of all the processing activities of the controller or the processor in all Member States, without prejudice to the provisions of Chapter VII of this Regulation.
 
2a. In situations referred to in Article 3(2) and where the controller has designated a representative in the Union pursuant to Article 25, the supervisory authority of the establishment of the representative shall be solely competent for the supervision, in all Member States, of all processing activities that are carried out by or on behalf of that controller.
 
3a. Subject to paragraph 5, each supervisory authority shall receive and transmit to the competent supervisory authority as defined in paragraph 2 any request sent to it by a data subject resident of that Member State and whose data are processed or likely to be processed by a controller or a processor established in another Member State. The competent supervisory authority shall inform and cooperate with the supervisory authority of the data subject in accordance with Articles 55.
 
2. In cases where data subjects in several Member States are likely to be adversely affected by processing operations, a supervisory authority of each of those Member States shall have the right to participate in the joint investigative tasks or joint operations, as appropriate. The competent supervisory authority shall invite the supervisory authority of each of those Member States to take part in the respective joint investigative tasks or joint operations and respond to the request of a supervisory authority to participate in the operations without delay.
 
(a) relates to processing activities of personal data which are related to the offering of goods or services to specifically targeted at data subjects in several Member States, or to the monitoring of their behaviourin accordance of Article 3 (2) and where the controller has not designated a representative in the Union; or
 
(c) aims at adopting a list of the processing operations subject to prior consultation pursuant to Article 34(5); or
 
1. The European Data Protection Board shall ensure the consistent application of this Regulation. To this effect, the European Data Protection Board shall, on its own initiative or , at the request of the European Parliament, Council or Commission, in particular:
 
4a. Where appropriate, the European Data Protection Board shall, in its execution of the tasks as outlined in this Article, consult interested parties and give them the opportunity to comment within a reasonable period. The European Data Protection Board shall, without prejudice to Article 72, make the results of the consultation procedure publicly available.
 
3. The controller or the processor may be exempted from this liability, in whole or in part, if the controller or the processor proves that they are not responsible for the event giving rise to the damage. or if the controller does not have actual knowledge of the event giving rise to the claim for compensation.
 
3a. If a processor processes personal data other than as instructed by the controller, he may be held liable should any person suffer damage as a result of such processing.
  Comment: The initial grading was "weaker" due to a mistake we were able to uncover after a users intervention. Thank you!