BETA

21 Amendments of Jana TOOM related to 2021/0136(COD)

Amendment 22 #
Proposal for a regulation
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member Statehave to register with the Member States before they are able to rely on the European Digital Identity Wallets. Any natural or legal persons should be able to submit a complaint if they have concerns regarding the use by a relying party of the European Digital Identity Wallets. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law. In order to facilitate the registration procedure, a successful registration for using the European Digital Identity Wallets should enable expedited processing of registrations for similar uses.
2022/06/13
Committee: LIBE
Amendment 26 #
Proposal for a regulation
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. The users should have access to a simple interface that would allow them to have an overview over their current and previous authorisations of sharing of personal data or electronic attestation of attributes and have the possibility to withdraw their consent. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e-mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
2022/06/13
Committee: LIBE
Amendment 44 #
Proposal for a regulation
Recital 17
(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistent electronic identifier in conformity with Union law in those cross-border cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way. However, given the potential risks to privacy inherent to a unique and persistent identifier, its use shall be restricted in all other cases.
2022/06/13
Committee: LIBE
Amendment 51 #
Proposal for a regulation
Recital 28
(28) Wide availability and usability of the European Digital Identity Wallets require their acceptance by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticateidentify themselves to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the user. Users should be under no obligation to use the wallet to access private services, but if they wish to do so, large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection. Self- regulatory codes of conduct at Union level (‘codes of conduct’) should be developed in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user auththe electronic identification of users. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.
2022/06/13
Committee: LIBE
Amendment 73 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point b a (new)
Regulation (EU) No 910/2014
Article 3 – point 5 a
(b a) the following point (5a) is inserted: (5a) ‘user’ means a natural or legal person or a natural person representing a legal person using trust services, electronic identification means or European Digital Identity Wallets provided according to this Regulation;
2022/06/13
Committee: LIBE
Amendment 81 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point h
Regulation (EU) No 910/2014
Article 3 – point 41
(41) ‘validation’ means the process of verifying and confirming that athat data in electronic signature form a seal or person identification data or an electronic attestation of attributes is validre valid according to the requirements of this regulation;
2022/06/13
Committee: LIBE
Amendment 108 #
Proposal for a regulation
Article 1 – paragraph 1 – point 4
Regulation (EU) No 910/2014
Article 5
Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall not be prohibited. The use of pseudonyms shall in particular be allowed in all transactions with private relying parties and where identification of the user is not required by law.;
2022/06/13
Committee: LIBE
Amendment 114 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 3 – point a
(a) securely request and obtain, store, select, combine and share, in a manner that is transparent to and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services, while ensuring that selective disclosure is possible;
2022/06/13
Committee: LIBE
Amendment 116 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 3 – point aa
(a a) view and manage the transactions or uses of person identification data and electronic attestation of attributes that the user has agreed to;
2022/06/13
Committee: LIBE
Amendment 122 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – subpoint 2
(2) for relying parties to request and validate person identification data and electronic attestations of attributes in accordance with the registration procedure outlined in Article 6b(1);
2022/06/13
Committee: LIBE
Amendment 130 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point b
(b) ensure that trust service providers of qualified and non-qualified electronic attestations of attributes cannot receive any information about the use of these attributes;
2022/06/13
Committee: LIBE
Amendment 138 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point b
(d) provide a mechanism to ensure that the relying party is able to authenticatevalidate the identity of the user and to receive electronic attestations of attributes;
2022/06/13
Committee: LIBE
Amendment 161 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6b – paragraph 1
1. Relying parties shall not rely upon European Digital Identity Wallets unless they have registered in accordance with the provisions of this Paragraph. Where relying parties intend to rely upon European Digital Identity Wallets issued in accordance with this Regulation, they shall communicate it toregister with the Member State where the relying party is established to, which shall ensure compliance with requirements set out in Union law or national law for the provision of the specific services. When communica for which registration is requested. When submitting their intenregistration tofor rely ing upon European Digital Identity wallets, they shall also inform about the intended use of the European Digital Identity Walletrelying parties shall inform about the intended use of the European Digital Identity Wallet. The registration system shall allow for an expedited procedure for cases where a similar use of the European Digital Identity wallets has previously been registered. Member States shall provide a mechanism that allows for the reception and investigation of complaints regarding the compliance of relying parties with the Union or national law for the provision of a service. Where relying upon the European Digital Identity Wallets for the provision of a specific service violates Union or national law, registration shall be revoked.
2022/06/13
Committee: LIBE
Amendment 168 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6b – paragraph 3
3. Relying parties shall be responsible for carrying out the procedure for authenticvalidating person identification data and electronic attestation of attributes originating from European Digital Identity Wallets.
2022/06/13
Committee: LIBE
Amendment 175 #
Proposal for a regulation
Article 1 – paragraph 1 – point 11
Regulation (EU) No 910/2014
Article 10a – paragraph 1
1. Where European Digital Wallets issued pursuant to Article 6a and the validation mechanisms referred to in Article 6a(5) points (a), (b) and (c) are breached or partly compromised in a manner that affects their reliability or the reliability of the other European Digital Identity Wallets, the issuing Member State shall, without delay, suspend the issuance and revoke the validity of the European Digital Identity Wallet and inform the other Member States and the Commission accordingly. The issuing Member State shall endeavour to remedy the breach or compromise as soon as possible.
2022/06/13
Committee: LIBE
Amendment 180 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Regulation (EU) No 910/2014
Article 11a – paragraph 2
2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request in those cross-border cases where identification of the user is required by law. The unique and persistent identifier shall not be shared with or accessible to relying parties in cases other than where identification of the user is required by law.
2022/06/13
Committee: LIBE
Amendment 195 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 12b – paragraph 3
3. Where very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. require users to auththe electronic identificateion of users to access online services, they shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age.
2022/06/13
Committee: LIBE
Amendment 198 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 12b – paragraph 4
4. The Commission shall encourage 4. and facilitate the development of self- regulatory codes of conduct at Union level (‘codes of conduct’), in order to contribute to wide availability and usability of European Digital Identity Wallets within the scope of this Regulation. These codes of conduct shall ensure acceptance of electronic identification means including European Digital Identity Wallets within the scope of this Regulation in particular by service providers relying on third party electronic identification services for user auththe electronic identification of users. The Commission will facilitate the development of such codes of conduct in close cooperation with all relevant stakeholders and encourage service providers to complete the development of codes of conduct within 12 months of the adoption of this Regulation and effectively implement them within 18 months of the adoption of the Regulation.
2022/06/13
Committee: LIBE
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point a – point 2
Regulation (EU) No 910/2014
Article 17 – paragraph 4 – point f
(f) to cooperate with supervisory authorities established under Regulation (EU) 2016/679, in particular, by informing them without undue delay, about the results of audits of qualified trust service providers, whereany breaches of personal data protection rules have been breached and aboutand security breaches which constitute personal data breaches; or suspicion thereof that they become aware of in the performance of their tasks;
2022/06/13
Committee: LIBE
Amendment 212 #
Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b
Regulation (EU) No 910/2014
Article 20 – paragraph 2
Where there is reason to believe that personal data protection rules appear tocould have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 of the results of its auditswithout undue delay and shall provide the results of its audits as soon as they are available.;
2022/06/13
Committee: LIBE
Amendment 236 #
Proposal for a regulation
Article 1 – paragraph 1 – point 39
Regulation (EU) No 910/2014
Article 45f – paragraph 1a (new)
1 a. Providers of qualified and non- qualified electronic attestation of attributes services shall not track users across relying parties.
2022/06/13
Committee: LIBE