Activities of Tom VANDENKENDELAERE related to 2021/0136(COD)
Shadow opinions (2)
OPINION on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
OPINION on the proposal for a regulation of the European Parliament and of the Council Amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
Amendments (51)
Amendment 12 #
Proposal for a regulation
Recital 1
Recital 1
(1) The Commission Communication of 19 February 2020, entitled “Shaping Europe’s Digital Future”16 announces a revision of Regulation (EU) No 910/2014 of the European Parliament and of the Council with the aim of improving its effectiveness, and in response to technological developments since its adoption in 2014 while at the same time extending its benefits to the private sector and promoteing trusted digital identities for all Europeans. _________________ 16 COM/2020/67 final
Amendment 15 #
Proposal for a regulation
Recital 4
Recital 4
(4) A more harmonised approach to digitalelectronic identification and verification should reduce the risks and costs of the current fragmentation due to the use of divergent national solutions and will strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify online in a convenient, trustworthy and uniform way across the Union. Everyone should be able to securely access public and private services relying on an improved ecosystem for trust services and on verified proofs of identity and attestations of attributes, such as a university degreen academic qualification legally recognised and accepted everywhere in the Union, a professional qualification or a mandate to represent a company. The framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European levelnd legally recognised across the Union. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given format.
Amendment 21 #
Proposal for a regulation
Recital 6
Recital 6
(6) Regulation (EU) No 2016/67919 applies to the processing of personal data in the implementation of this Regulation. Therefore, this Regulation should lay down specific safeguards to prevent providers of electronic identification means and electronic attestation of attributes from combining personal data from other services with the personal data relating to the services falling within the scope of this Regulation. Data protection by design and by default, as well as data minimisation, as foreseen in Regulation (EU) 2016/679, should be leading principles in the set-up of this European Digital Identity Wallet. _________________ 19 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1
Amendment 21 #
Proposal for a regulation
Recital 7
Recital 7
(7) It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to share securely data related to their identity in a user friendly and convenient way under the sole control of the user. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usability. Member States should ensure equal access to digital identification to all their nationals and residents, including vulnerable persons, such as persons with disabilities, persons who experience functional limitations and persons with limited access to digital technologies and taking into account insufficient digital literacy.
Amendment 23 #
Proposal for a regulation
Recital 8
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law. Member States should prevent the unlawful use of identity, and ensure that the relying parties only require data that is strictly necessary for the provision of the service.
Amendment 26 #
Proposal for a regulation
Recital 9
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and, where possible, offline across borders in the single market for accessing a wide range of public and private services, and to create and use qualified electronic signatures and seals which are accepted across the Union. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. The European Digital Identity Wallet should also allow the user to consult the history of the transactions, transfer the wallet’s data, restore the access on a different device and block access to the wallet in case of a security breach that leads to its suspension, revocation or withdrawal, and offer the possibility to contact support services of the wallet’s issuer. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e- mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
Amendment 28 #
Proposal for a regulation
Recital 9 a (new)
Recital 9 a (new)
(9 a) The European Digital Identity Wallet should be developed in a manner that ensures a high level of security, including the encryption of content. The Wallet should also allow the user to consult the history of the transactions, export the wallet’s data, restore the access on a different device and block access to the wallet in case of a security breach, allowing for the data suspension, revocation or withdrawal, and offer the possibility to contact support services of the wallet’s issuer.
Amendment 29 #
Proposal for a regulation
Recital 9 b (new)
Recital 9 b (new)
(9 b) One of the objectives of the European Digital Identity Wallet should be to improve the possibilities of citizens to make their own choices about what data they share, to minimise the amount of shared data for the service they want to use and to better manage and control the shared data.
Amendment 29 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10 a) The European Digital Identity Wallet should, where possible, be built upon international standards in order to increase the uptake of the identity service and to increase the interoperability across the European Union.
Amendment 30 #
Proposal for a regulation
Recital 10
Recital 10
(10) In order to achieve a high level of security and trustworthiness, this Regulation establishes the requirements for European Digital Identity Wallets. The conformity of European Digital Identity Wallets with those requirements should be certified by accredited public or private sector bodies designated by Member States. Relying on a certification scheme based on the availability of commonly agreed standards with Member States should ensure a high level of trust and, interoperability and data protection. Certification should in particular rely on the relevant European cybersecurity certifications schemes established pursuant to Regulation (EU) 2019/88120 . Such certification should be without prejudice to certification as regards personal data processing pursuant to Regulation (EC) 2016/679 _________________ 20 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act), OJ L 151, 7.6.2019, p. 15
Amendment 32 #
Proposal for a regulation
Recital 11
Recital 11
(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or, on cloud-based solutions or on a combination of both, taking into account the different levels of risk. Using biometrics to authenticate is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements of authentication. Nevertheless, it should not be a precondition for using the European Digital Identity Wallet. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation 2016/679. Storing information from the European Digital Identity Wallet in the cloud, including biometric data, has to be an optional feature only active after the user has given explicit consent and should be revocable at all times. Personal data used for authentication should always be encrypted, regardless of whether they are stored locally or on cloud-based solutions.
Amendment 41 #
Proposal for a regulation
Recital 18
Recital 18
(18) In line with Directive (EU) 2019/88222 and Directive (EU) 2016/210222a, persons with disabilities should be able to use the European digital identity wallets, trust services and end-user products used in the provision of those services on an equal basis with other users. _________________ 22 Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70). 22a Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (OJ L 327, 2.12.2016, p. 1–15)
Amendment 45 #
Proposal for a regulation
Recital 17
Recital 17
(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct and targeted identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistent electronic identifier in conformity with Union law in those cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way. Such process should be driven by the data minimisation principle.
Amendment 45 #
Proposal for a regulation
Recital 20
Recital 20
(20) The provision and use of trust services are becoming increasingly important for international trade and cooperation. International partners of the EU are establishing trust frameworks inspired by Regulation (EU) No 910/2014. Therefore, in order to facilitate the recognition of such services and their providers, implementing legislation may set the conditions under which trust frameworks of third countries could be considered equivalent to the trust framework for qualified trust services and providers in this Regulation, as a complement to the possibility of the mutual recognition of trust services and providers established in the Union and in third countries in accordance with Article 218 of the Treaty. In order to encourage the international recognition of trust services, international standards should, where possible, be taken into account when creating the European digital identity wallet.
Amendment 46 #
Proposal for a regulation
Recital 21
Recital 21
(21) This Regulation should build on Union acts ensuring contestable and fair markets in the digital sector. In particular, it builds on the Regulation XXX/XXXX [Digital Markets Act], which that introduces rules for providers of core platform services designated as gatekeepers and, among others, prohibits gatekeepers to require business users to use, offer or interoperate with an identification service of the gatekeeper in the context of services offered by the business users using the core platform services of that gatekeeper. Article 6(1)(f) of the Regulation XXX/XXXX [Digital Markets Act] requires gatekeepers to allow business users and providers of ancillary services access to and interoperability with the same operating system, hardware or software features that are available or used in the provision by the gatekeeper of any ancillary services. According to Article 2 (15) of [Digital Markets Act] identification services constitute a type of ancillary services. Business users and providers of ancillary services should therefore be able to access such hardware or software features, such as secure elements in smartphones, and to interoperate with them through therequires gatekeepers to allow its business users to freely choose the identification service they want to use or interoperate with. This should cover European Digital Identity Wallets or Member States’ notified electronic identification means.
Amendment 47 #
Proposal for a regulation
Recital 25
Recital 25
(25) In the European single market, citizens need to have the opportunity to exchange information about their identity across borders. However, in most cases, citizens and other residents cannot digitally exchange, across borders, information related to their identity, such as addresses, age and professional qualifications, driving licenses and other permits and payment data, securely and with a high level of data protection. This may result in the fact that they are transferring this data in a less secure and disorganised manner.
Amendment 49 #
Proposal for a regulation
Recital 28
Recital 28
(28) Wide availability and usability of the European Digital Identity Wallets require their acceptance by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services in an easily accessible and a non-discriminatory manner, to be further developed by the Toolbox, where strong user authentication for online identification is required by national or Union law or by contractual obligation. The use of European Digital Identity Wallets should not be compulsory for accessing public services. Member States should offer alternative and non- discriminatory solutions for citizens that do not wish to use European Digital Identity Wallets to access public services. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticate to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the user. Users should be under no obligation to use the wallet to access private services, but if they wish to do so, large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection. Self- regulatory codes of conduct at Union level (‘codes of conduct’) should be developed in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user authentication. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.
Amendment 52 #
Proposal for a regulation
Recital 28 a (new)
Recital 28 a (new)
(28 a) Unless specific rules of Union law or national law require users to identify themselves for legal purposes, the use of services anonymously or under a pseudonym should be allowed and should not be restricted by Member States, for example by imposing a general obligation on service providers to limit the pseudonymous or anonymous use of their services.
Amendment 53 #
Proposal for a regulation
Recital 31
Recital 31
(31) Secure electronic identification and the provision of attestation of attributes should offer additional flexibility and solutions for the financial services sector to allow identsecure identity verification of customers and the exchange of specific attributes necessary to comply with, for example, customer due diligence requirements under the Anti Money Laundering Regulation, [reference to be added after the adoption of the proposal], in particular where remote customer onboarding is being carried out, with suitability requirements stemming from investor protection legislation, or to support the fulfilment of strong customer authentication requirements for account login and initiation of transactions in the field of payment services.
Amendment 54 #
Proposal for a regulation
Recital 29
Recital 29
(29) The possibility for users to disclose their data in a selective way, so that the user can decide to share only the minimum amount of data really needed to make use of the service, must become one of the key features and advantages of the European Digital Identity Wallet. The European Digital Identity Wallet should, therefore, technically enable the selective disclosure of attributes to relying parties in a secure and user-friendly manner. This feature should become a basic design feature thereby reinforcing convenience and personal data protection including minimisation of processing of personal data. The European Digital Wallet should prevent the tracking of the user and respect the principle of purpose limitation, which implies a right to pseudonymity to ensure the user cannot be linked across several relying parties.
Amendment 56 #
Proposal for a regulation
Recital 36
Recital 36
(36) In order to avoid fragmentation and barriers, due to diverging standards and technical restrictions, and to ensure a coordinated process to avoid endangering the implementation of the future European Digital Identity framework, a process for close and structured cooperation between the Commission, Member States and the private sector is needed. To achieve this objective, Member States should cooperate within the framework set out in the Commission Recommendation XXX/XXXX [Toolbox for a coordinated approach towards a European Digital Identity Framework]26 to identify a Toolbox for a European Digital Identity framework. The Toolbox should include a comprehensive technical architecture and reference framework, a set of common standards, building on international standards, where possible, and technical references and a set of guidelines and descriptions of best practices covering at least all aspects of the functionalities and interoperability of the European Digital Identity Wallets including eSignatures and of the qualified trust service for attestation of attributes as laid out in this regulation. In this context, Member States should also reach agreement on common elements of a business model and fee structure of the European Digital Identity Wallets, to facilitate take up, in particular by small and medium sized companies in a cross-border context. The content of the toolbox should evolve in parallel with and reflect the outcome of the discussion and process of adoption of the European Digital Identity Framework. Civil society, such as consumer organisations or academics, and the private sector should be represented and consulted in the Toolbox process. Even after the adoption of the European Digital Identity Framework, the cooperation between the Commission, Member States, civil society and private sector should continue to exist, in order to ensure ongoing and effective coordination and implementation with regard to the common elements of the Toolbox, so that fragmentation and obstacles are regularly minimised, and in order to encourage its cross-border use. _________________ 26 [insert reference once adopted]
Amendment 58 #
Proposal for a regulation
Article 1 – paragraph 1 – point 1
Article 1 – paragraph 1 – point 1
Regulation (EU) 910/2014
Article 1 – paragraph 1 – introductory part
Article 1 – paragraph 1 – introductory part
This Regulations aims at ensuring the proper functioning of the internal market andby providing an adequate level of security of electronic identification means and trust services that are easily accessible and user-friendly and can operate on a cross- border basis. For these purposes, this Regulation:
Amendment 59 #
Proposal for a regulation
Article 1 – paragraph 1 – point 1
Article 1 – paragraph 1 – point 1
Regulation (EU) 910/2014
Article 1 – paragraph 1 – point d
Article 1 – paragraph 1 – point d
(d) lays down the conditions for the issuing of European Digital Identity Wallets by Member States and for facilitating their cross-border use.;
Amendment 61 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i
Article 1 – paragraph 1 – point 3 – point i
Regulation (EU) 910/2014
Article 3 – paragraph 1 – point 42
Article 3 – paragraph 1 – point 42
(42) ‘European Digital Identity Wallet’ is a product and service that allows the user to store and manage identity data, including related consents, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline, for a service in accordance with Article 6a; and to create qualified electronic signatures and seals;
Amendment 66 #
Proposal for a regulation
Recital 35
Recital 35
(35) The certification as qualified trust service providers should provide legal certainty for use cases that build on electronic ledgers. This trust service for electronic ledgers and qualified electronic ledgers and the certification as qualified trust service provider for electronic ledgers should be notwithstanding the need for use cases to comply with Union law or national law in compliance with Union law. Use cases that involve the processing of personal data must comply with Regulation (EU) 2016/679. Use cases that involve crypto assets should be compatible with all applicable financial rules for example with the Markets in Financial Instruments Directive23 , the Payment Services Directive24 and the future Markets in Crypto Assets Regulation25 , Funds Transfer Regulation25a. _________________ 23 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU Text with EEA relevance, OJ L 173, 12.6.2014, p. 349– 496. 24 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC, OJ L 337, 23.12.2015, p. 35– 127. 25 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937, COM/2020/593 final. 25a Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on information accompanying transfers of funds and certain crypto-assets (recast) (Text with EEA relevance) 2021/0241(COD).
Amendment 75 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 3 – point a
Article 6a – paragraph 3 – point a
(a) securely request and obtain, store, select, combine and share, in a manner that is easy, user-friendly, understandable and transparent to and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services across the Union;
Amendment 81 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 3 – point b a (new)
Article 6a – paragraph 3 – point b a (new)
(b a) manage data they provide to online public and private relying parties through a simple interface in order to be able to change their choice.
Amendment 82 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i
Article 1 – paragraph 1 – point 3 – point i
Regulation (EU) No 910/2014
Article 3 – point 42
Article 3 – point 42
(42) ‘European Digital Identity Wallet’ is a product and service that allows the user to store identityand manage identity data, confirmations of consent to share personal data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline, for a service in accordance with Article 6a; and to create qualified electronic signatures and seals;
Amendment 83 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 4 – point a – subpoint iv
Article 6a – paragraph 4 – point a – subpoint iv
(4) for the user to allow simple and transparent interaction with the European Digital Identity Wallet and display an “EU Digital Identity Wallet Trust Mark”;
Amendment 91 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 4 – point e a (new)
Article 6a – paragraph 4 – point e a (new)
(e a) enable the user to access and request a copy, in a readable format, of the list of actions, transactions or uses of electronic attestations of attributes or person identification data, that have been authorized by the user.
Amendment 92 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 4 – point e b (new)
Article 6a – paragraph 4 – point e b (new)
(e b) ensure that the user is able to contact support services of the European Digital Identity Wallet at Member State level, which also allows the user to efficiently request revocation or correction of outdated or incorrect data in the Wallet.
Amendment 103 #
Proposal for a regulation
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Regulation (EU) No 910/2014
Article 5
Article 5
Processing and protection of personal data, and pseudonyms in electronic transaction
Amendment 106 #
Proposal for a regulation
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Regulation (EU) No 910/2014
Article 5
Article 5
Processing of personal data shall be carried out by implementing the principles of data minimisation, purpose limitation, and data protection by design and by default, in accordance with Regulation (EU)2016/679;
Amendment 108 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 10
Article 6a – paragraph 10
10. The European Digital Identity Wallet shall be made accessible for persons with disabilities in accordance with the accessibility requirements of Annex I to Directive 2019/882, and to persons who experience functional limitations and persons with limited access to digital technologies and taking into account insufficient digital literacy.
Amendment 110 #
Proposal for a regulation
Article 1 – paragraph 1 – point 4
Article 1 – paragraph 1 – point 4
Regulation (EU) No 910/2014
Article 5
Article 5
Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall not be prohibited.;or their anonymous use shall be permitted without restrictions.
Amendment 113 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 11
Article 6a – paragraph 11
11. Within 6 months of the entering into force of this Regulation, the Commission shall establish technical and operational specifications and reference standards, build on international standards, where possible, for the requirements referred to in paragraphs 3, 4 and 5 by means of an implementing act on the implementation of the European Digital Identity Wallet. This implementing act shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Amendment 114 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 11 a (new)
Article 6a – paragraph 11 a (new)
11 a. European Digital Identity Wallets shall be made available to citizens in a manner which is accessible from standard devices and shall not be exclusively destined for the most advanced operating systems and the most up to date technologies. The Wallet should be easily accessible for all citizens who want to rely on it, to be further established by the Toolbox based on affordability, accessibility, safety, proportionality and non-discrimination. The use of European Digital Identity Wallets should not be compulsory for accessing public services. Member States should offer alternative and non-discriminatory solutions for citizens that do not wish to use European Digital Identity Wallets to access public services.
Amendment 120 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 (a) – point 2
Article 6a – paragraph 4 (a) – point 2
(2) for relying parties to request and validate person identification data and electronic attestations of attributes and to be uniquely identified and limited to only request information based on their intended use of the European Digital Identity Wallet in accordance with Article 6b(1);
Amendment 122 #
Proposal for a regulation
Article 1 – paragraph 1 – point 11
Article 1 – paragraph 1 – point 11
Regulation 910/2014
Article 10 b (new)
Article 10 b (new)
1 a. 10 b.Single Point of Contact The user of the European Digital Identity Wallet shall have a single point of contact at Member State level, which also allows the user to report an infringement or security breach or to efficiently request revocation or correction of outdated or incorrect data in the Wallet.
Amendment 129 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation 910/2014
Article 12b – paragraph 1
Article 12b – paragraph 1
1. Where Member States require an electronic identification using an electronic identification means and authentication under national law or by administrative practice to access an online service provided by a public sector body, they shall also accept European Digital Identity Wallets issued in compliance with this Regulation and they will also clearly communicate such acceptance to potential users of the service.
Amendment 130 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation 910/2014
Article 12b – paragraph 2
Article 12b – paragraph 2
2. Where private relying parties providing services are required by national or Union law, to use strong user authentication for online identification, or where strong user authentication is required by contractual obligation, including in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications, private relying parties shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a and they will also clearly communicate such acceptance to potential users of the service.
Amendment 131 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 (b)
Article 6a – paragraph 4 (b)
(b) ensure that trust service providers of qualified and non-qualified attestations of attributes cannot receive any information about the use of these attributes;
Amendment 133 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4(b a) new
Article 6a – paragraph 4(b a) new
(b a) enable the user to transfer and restore the European Digital Identity Wallet's data, and to block the access to it in case of a security breach, allowing for the data suspension, revocation or withdrawal.
Amendment 134 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation 910/2014
Article 12b – paragraph 3
Article 12b – paragraph 3
3. Where very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. require users to authenticate to access online services, they shall also accept, though not exclusively, the use of European Digital Identity Wallets issued in accordance with Article 6a strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age. These very large online platforms will clearly communicate the acceptance of this possibility to potential users of the service.
Amendment 141 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 (e a) new
Article 6a – paragraph 4 (e a) new
(e a) enable the user to access and request a copy, in a readable format, of the list of actions, transactions or uses of electronic attestations of attributes or person identification data, that have been authorized by the user.
Amendment 149 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7
Article 6a – paragraph 7
7. The user shall be in full control of the European Digital Identity Wallet and the data it stores. The issuer of the European Digital Identity Wallet shall not collect information about the use of the wallet which are not necessary for the provision of the wallet services, nor shall it combine person identification data and any other personal data stored or relating to the use of t, as well as related third-party services or Member States, shall not have any technical possibility to collect information about the use of the wallet by the user. Moreover, providers of electronic attestation of attributes shall not have any possibility to track, link, correlate or otherwise obtain knowledge of transactions or user behaviour. The European Digital Identity Wallet with personal data from any oshall always provide ther uservices offered by this issuer or from an easily accessible possibility to withdraw their consent or to request the removal of theird-party services which are not necessary for the provis personal data, in line with Regulation (EU) 2016/679. Should such action lead to the cessation of the wallet services, unless the user shas expressly requested itll receive a warning beforehand. Personal data relating to the provision of European Digital Identity Wallets shall be kept physically and logically separate from any other data held. If the European Digital Identity Wallet is provided by private parties in accordance to paragraph 1 (b) and (c), the provisions of article 45f paragraph 4 shall apply mutatis mutandis. The issuer of the European Digital Identity Wallet shall be regarded as the controller according to Regulation (EU) 2016/679 when it comes to the processing of personal data.
Amendment 151 #
Proposal for a regulation
Article 1 – paragraph 1 – point 19
Article 1 – paragraph 1 – point 19
Regulation 910/2014
Article 15 – paragraph 1
Article 15 – paragraph 1
The provision of Trust services and end- user products used in the provision of those services shall be made accessible for persons with disabilities in accordance with the accessibility requirements of Annex I of Directive 2019/882 on the accessibility requirements for products and services, , and to persons who experience functional limitations, such as elderly persons, and persons with limited access to digital technologies.;
Amendment 152 #
Proposal for a regulation
Article 1 – paragraph 1 – point 21 – point b
Article 1 – paragraph 1 – point 21 – point b
Regulation 910/2014
Article 18 – paragraph 1
Article 18 – paragraph 1
1. Supervisory bodies shall cooperate with a view to exchanging good practice and information and providing mutual assistance regarding the provision of trust services with the aim to encourage the uptake of the Digital Identity Wallet and avoid fragmentation and barriers.;
Amendment 182 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation (EU) No 910/2014
Article 11a – paragraph 2
Article 11a – paragraph 2
2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union and national law, to identify the user upon their request in those cross- border cases where identification of the user is required by law.
Amendment 183 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation (EU) No 910/2014
Article 11a – Paragraph 3
Article 11a – Paragraph 3
3. Within 6 months of the entering into force of this Regulation, the Commission shall further specify the measures referred to in paragraph 1 and 2 by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10) delegated act.
Amendment 213 #
Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b
Article 1 – paragraph 1 – point 22 – point b
Regulation (EU) No 910/2014
Article 20 – paragraph 2
Article 20 – paragraph 2
Where personal data protection rules appear to have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 and the issuer of the European Digital identity Wallet of the results of its audits., without undue delay;