15 Amendments of Paul TANG related to 2021/0136(COD)
Amendment 34 #
Proposal for a regulation
Recital 11
Recital 11
(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or on cloud-based solutions, taking into account the different levels of risk. Using biometrics to authenticate is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements oftwo-factor authentication. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation 2016/679. Authentication via biometrics should not be a precondition for using the European Digital Identity Wallet.
Amendment 55 #
Proposal for a regulation
Recital 29
Recital 29
(29) The European Digital Identity Wallet should technically enable the selective disclosure of attributes to relying parties. This feature should become a basic design feature thereby reinforcing convenience and personal data protection including minimisation of processing of personal data. The data requested from the user via the European Digital Identity Wallet have to be strictly necessary and proportionate for the intended use case of the relying party and follow the principle of data minimisation.
Amendment 74 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point b a (new)
Article 1 – paragraph 1 – point 3 – point b a (new)
Regulation (EU) No 910/2014
Article 3 – point 5
Article 3 – point 5
"(5) ‘authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; o verify the data presented" Or. en (32014R0910)
Amendment 123 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – point 2 a (new)
Article 6a – paragraph 4 – point a – point 2 a (new)
(2 a) for relying parties to be uniquely identified in order to be able to include their identification data, use cases and user data requests in a public register overseen by supervisory authorities established under Regulation (EU) 2016/679;
Amendment 125 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – point 3
Article 6a – paragraph 4 – point a – point 3
(3) for the presentation to relying parties of person identification data such as credentials, electronic attestation of attributes or other data such as credentials, in local mode not requiring internet access for the wallet and for the user to make an informed decision about the sharing of personal information with relying parties. This includes identification of the relying party, complete or partial refusal of information requests from relying parties, a full transaction history, the possibility to withdraw previously given consent to information requests for the walleand information about the exercise of rights as data subject;
Amendment 144 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 5a (new)
Article 6a – paragraph 5a (new)
5 a. Member States shall ensure that relevant information on the European Digital Identity Wallet is publicly available, including privacy protective settings, technical architecture, security frameworks, and where the processing of personal data is carried out.
Amendment 154 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
7 a. The European Digital Identity Wallet shall request explicit prior consent of the user to perform any operations.
Amendment 155 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7b (new)
Article 6a – paragraph 7b (new)
7 b. The European Digital Identity Wallet shall provide a state of the art mechanism to transmit all of the user’s data in the wallet from one device to another and from one wallet to another upon the user’s request and free of charge.
Amendment 156 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
7 c. The European Digital Identity Wallet shall provide a mechanism for the user to inform directly the supervisory body and the supervisory authorities established under Regulation (EU) 2016/679 about any relying party that appears to request a disproportionate amount of data.
Amendment 157 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7d (new)
Article 6a – paragraph 7d (new)
7 d. Access to public and private services shall not be denied, hindered or made more costly for natural persons who choose not to use the European Digital Identity Wallet.
Amendment 194 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 12b(3)
Article 12b(3)
3. Where very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. first paragraph point (h) require users to authenticate to access online services, they shall also accept and promote the use of European Digital Identity Wallets issued in accordance with Article 6a strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age to verify whether a user meets the applicable age criterion.
Amendment 196 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 12b paragraph 3a (new)
Article 12b paragraph 3a (new)
3 a. Where Crypto Asset Service Providers as defined in Regulation [reference Transfer of Funds Regulation1a] Article 3 paragraph 16 are required to verify the accuracy of the information in accordance with Article 14 or article 16, they shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a of this Regulation. The use of the Wallet for these purposes shall take place strictly upon voluntary request of the user and in respect of the minimum attributes necessary for which verification is requested. _________________ 1a 2021/0241 (COD) Legislative proposal on Information accompanying transfers of funds and certain crypto-assets
Amendment 197 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation (EU) No 910/2014
Article 12(b) paragraph 3b (new)
Article 12(b) paragraph 3b (new)
3 b. Very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. are required to offer users to make use of the platform anonymously or authenticated. Users who voluntarily authenticate shall be rewarded by the content recommender systems, as defined in Regulation [reference DSA Regulation] Article 2 first paragraph (o), with a more prominent visibility compared to anonymous users. Where those users voluntary authenticate to access online services, the very large online platform shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a and in respect of the minimum attributes necessary for the specific online service for which authentication is requested.
Amendment 206 #
Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point a – point 2
Article 1 – paragraph 1 – point 20 – point a – point 2
Regulation (EU) No 910/2014
Article 17 – paragraph 4 – point f
Article 17 – paragraph 4 – point f
(f) to cooperate with supervisory authorities established under Regulation (EU) 2016/679, in particular, by informing them without undue delay, about the results of audits of qualified trust service providers, where personal data protection rules have been breached and about security breaches which constitute whenever becoming aware of a personal data breaches;;
Amendment 215 #
Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b
Article 1 – paragraph 1 – point 22 – point b
Regulation (EU) No 910/2014
Article 20 – paragraph 2
Article 20 – paragraph 2
Where personal data protection rules appear to have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 of the results of its audits.;