|Group:||Progressive Alliance of Socialists and Democrats (S&D)|
|Party:||Sozialdemokratische Partei Österreichs (SPÖ)|
Vice-Chair of Legal Affairs
Substitute of Constitutional Affairs
Substitute of Employment and Social Affairs
Overview Evelyn Regner
Amendments by Evelyn Regner
(34) Consent should not provide a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees' personal data in the employment context. Where the controller is a public authority, there
would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.
(75) Where the processing is carried out in the public sector or where, in the private sector, processing is carried out by
a large enterprise, or where its core activities, regardless of the size of the enterprise, involve processing operations which require regular and systematic monitoring, a person should assist the controller or processor to monitor internal compliance with this Regulation. Such data protection officers, whether or not an employee of the controller, should be in a position to perform their duties and tasks independently.
(76) Associations or other bodies representing categories of controllers should be encouraged
to draw up codes of conduct, within the limits of this Regulation, so as to facilitate the effective application of this Regulation, taking account of the specific characteristics of the processing carried out in certain sectors.
(124) The general principles on the protection of individuals with regard to the processing of personal data should also be applicable to the employment context.
Therefore, in order to regulate the processing of employees’ personal data in the employment context , Member States should be able, within the limits of this Regulation , to adopt by law specific rules for the processing of personal data in the employment sector.
(b) the law of the Member State
to which the controller is subject.
1. The processing of personal data, revealing race or ethnic origin, political opinions, religion or beliefs,
trade-union membership, and the processing of genetic data or data concerning health or sex life or criminal convictions or related security measures shall be prohibited.
(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller in the field of employment law
in so far as it is authorised by Union law or Member State law providing for adequate safeguards;
(b) an enterprise employing fewer than
250 persons; or
(b) an enterprise or an organisation employing fewer than
250 persons that is processing personal data only as an activity ancillary to its main activities.
2. The controller or processor shall ensure that the data protection officer performs the duties and tasks independently and does not receive any instructions as regards the exercise of the function. The data protection officer shall directly report to the management of the controller or the processor
3. The controller or the processor shall support the data protection officer in performing the tasks and shall provide staff, premises, equipment
and any other resources necessary to carry out the duties and tasks referred to in Article 37.
2. Any body, organisation or association which aims to protect data subjects’ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State
shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject’s rights under this Regulation have been infringed as a result of the processing of personal data.