Activities of Gilles LEBRETON related to 2021/0136(COD)
Legal basis opinions (0)
Amendments (20)
Amendment 61 #
Proposal for a regulation
Recital 4
Recital 4
(4) A more harmonised approach to digital identification should reduce the risks and costs of the current fragmentation due to the use of divergent national solutions and will strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify online in a convenient and uniform way across the Union. However, particular attention should be paid to specific national rules, in so far as some Member States ensure a high level of protection of personal data. Everyone should be able to securely access public and private services relying on an improved ecosystem for trust services and on verified proofs of identity and attestations of attributes, such as a university degree legally recognised and accepted everywhere in the Union. The framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given format.
Amendment 64 #
Proposal for a regulation
Recital 5
Recital 5
(5) To support the competitiveness of European businesses, online service providers should be able to rely on digital identity solutions recognised across the Union, irrespective of the Member State in which they have been issued, thus benefiting from a harmonised European approach to trust, security and interoperability. Particular attention shall be paid to the storage of data, which should, in so far as possible, take place on European territory. Users and service providers alike should be able to benefit from the same legal value provided to electronic attestations of attributes across the Union.
Amendment 65 #
Proposal for a regulation
Recital 6
Recital 6
(6) Regulation (EU) No 2016/6791919 applies to the processing of personal data in the implementation of this Regulation. Therefore, this Regulation should lay down specific safeguards to prevent providers of electronic identification means and electronic attestation of attributes from combining personal data from other services with the personal data relating to the services falling within the scope of this Regulation. Sensitive health data should be excluded from the digital portfolio. _________________ 19 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ L 119, 4.5.2016, p. 1).
Amendment 67 #
Proposal for a regulation
Recital 7
Recital 7
(7) It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to share securely data related to their identity in a user friendly and convenient way under the sole control of the user. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usability. Member States should ensure equal access to digital identification to all their nationals and legal residents. The entire creation and production chain and maintenance of the technologies used must be under the exclusive control of European companies.
Amendment 69 #
Proposal for a regulation
Recital 8
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law. Consideration should be given to aligning these digital portfolios with the minimum standards of the most protective Member States in terms of personal data.
Amendment 70 #
Proposal for a regulation
Recital 8
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law.
Amendment 73 #
Proposal for a regulation
Recital 9
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e- mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679. The highest standard of data protection of the most advanced Member States in this area should be implemented.
Amendment 74 #
Proposal for a regulation
Recital 9
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR- codes or similar technologies to verify authenticity. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e-mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and athe highest level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
Amendment 76 #
Proposal for a regulation
Recital 10
Recital 10
(10) In order to achieve a high level of security and trustworthiness, this Regulation establishes the requirements for European Digital Identity Wallets of the highest standard. The conformity of European Digital Identity Wallets with those requirements should be certified by accredited public or private sector bodies designated by Member States. Relying on a certification scheme based on the availability of commonly agreed standards with Member States should ensure a high level of trust and interoperability. Certification should in particular rely on the relevant European cybersecurity certifications schemes established pursuant to Regulation (EU) 2019/88120. Such certification should be without prejudice to certification as regards personal data processing pursuant to Regulation (ECU) 2016/679 _________________ 20 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act), (OJ L 151, 7.6.2019, p. 15).
Amendment 79 #
Proposal for a regulation
Recital 11
Recital 11
(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or, on cloud-based solutions, based exclusively on European territory, taking into account the different levels of risk. Using biometrics to authenticate is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements of authentication. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation (EU) 2016/679. It should be possible for potential users of these digital wallets who no longer wish to use them to permanently delete their data.
Amendment 84 #
Proposal for a regulation
Recital 14
Recital 14
(14) Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. The process of notification of electronic identification schemes should be simplified and accelerated to promote the access to convenient, trusted, secure and innovative authentication and identification solutions and, where relevant, to encourage private identity providers to offer electronic identification schemes to Member State’s authorities for notification asto produce national electronic identity card schemes under Regulation 910/2014.
Amendment 105 #
Proposal for a regulation
Recital 33
Recital 33
(33) Many Member States have introduced national requirements for services providing secure and trustworthy digital archiving in order to allow for the long term preservation of electronic documents and associated trust services. To ensure legal certainty and trust, it is essential to provide a legal framework to facilitate the cross border recognition of qualified electronic archiving services. That framework could also open new market opportunities for Union trust service providers. It should be set on the basis of the highest standard of the most protective Member State in terms of archiving.
Amendment 112 #
Proposal for a regulation
Recital 37
Recital 37
(37) The European Data Protection Supervisor has been consulted pursuant to Article 42 (1) of Regulation (EU) 2018/1525 of the European Parliament and of the Council27. Each time a standard is modified in this regard, prior consultation should be carried out in order to ensure maximum protection. _________________ 27 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
Amendment 128 #
Proposal for a regulation
Article premier – paragraph 1 – point 3 – point i
Article premier – paragraph 1 – point 3 – point i
Regulation (EU) No 910/2014
Article 3(46)
Article 3(46)
Amendment 144 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 2 – point b
Article 6a – paragraph 2 – point b
(b) under a mandate from a Member State, by a European public organisation or company, based in Europe, which stores the data in that territory and which employs staff in an EU Member State and pays significant corporate tax there;
Amendment 157 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 6
Article 6a – paragraph 6
6. The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’. The use of the European Digital Identity Wallets shall be free of charge to natural persons. In order to leave each citizen free to choose not to use these portfolios at all if they so wish, it is recalled that they cannot be made compulsory under any circumstances.
Amendment 158 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
6. The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’. The use of the European Digital Identity Wallets shall be free of charge to natural persons. They shall not contain health data.
Amendment 172 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 6
Article 6a – paragraph 6
Amendment 189 #
Proposal for a regulation
Article premier – paragraph 1 – point 16
Article premier – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 2 a – paragraph 2
Article 2 a – paragraph 2
2. Where private relying parties providing services are required by national or Union law, to use strong user authentication for online identification, or where strong user authentication is required by contractual obligation, including in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications, private relying parties shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a.
Amendment 192 #
Proposal for a regulation
Article premier – paragraph 1 – point 18
Article premier – paragraph 1 – point 18
Regulation (EU) No 910/2014
Article 14 – paragraph 2
Article 14 – paragraph 2