Activities of Marina KALJURAND related to 2021/0136(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council Amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
Amendments (17)
Amendment 34 #
Proposal for a regulation
Recital 11
Recital 11
(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or on cloud-based solutions, taking into account the different levels of risk. Using biometrics to authenticate is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements oftwo-factor authentication. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation 2016/679. Authentication via biometrics should not be a precondition for using the European Digital Identity Wallet.
Amendment 36 #
Proposal for a regulation
Recital 11 a (new)
Recital 11 a (new)
(11 a) The obligation on the European Digital Identity Wallet to ensure effective portability of data under this Regulation complements the right to data portability under Regulation (EU) 2016/679.
Amendment 55 #
Proposal for a regulation
Recital 29
Recital 29
(29) The European Digital Identity Wallet should technically enable the selective disclosure of attributes to relying parties. This feature should become a basic design feature thereby reinforcing convenience and personal data protection including minimisation of processing of personal data. The data requested from the user via the European Digital Identity Wallet have to be strictly necessary and proportionate for the intended use case of the relying party and follow the principle of data minimisation.
Amendment 74 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point b a (new)
Article 1 – paragraph 1 – point 3 – point b a (new)
Regulation (EU) No 910/2014
Article 3 – point 5
Article 3 – point 5
"(5) ‘authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; o verify the data presented" Or. en (32014R0910)
Amendment 123 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – point 2 a (new)
Article 6a – paragraph 4 – point a – point 2 a (new)
(2 a) for relying parties to be uniquely identified in order to be able to include their identification data, use cases and user data requests in a public register overseen by supervisory authorities established under Regulation (EU) 2016/679;
Amendment 125 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – point 3
Article 6a – paragraph 4 – point a – point 3
(3) for the presentation to relying parties of person identification data such as credentials, electronic attestation of attributes or other data such as credentials, in local mode not requiring internet access for the wallet and for the user to make an informed decision about the sharing of personal information with relying parties. This includes identification of the relying party, complete or partial refusal of information requests from relying parties, a full transaction history, the possibility to withdraw previously given consent to information requests for the walleand information about the exercise of rights as data subject;
Amendment 144 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 5a (new)
Article 6a – paragraph 5a (new)
5 a. Member States shall ensure that relevant information on the European Digital Identity Wallet is publicly available, including privacy protective settings, technical architecture, security frameworks, and where the processing of personal data is carried out.
Amendment 150 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7
Article 6a – paragraph 7
7. The user shall be in full control of the European Digital Identity Wallet and their personal data. The issuer of the European Digital Identity Wallet or third- party services or the Member State shall not collect information about the use of the wallet by the user which are not strictly necessary and proportionate solely for the provision of the wallet services, nor shall it combine person identification data and any other personal data stored or relating to the use of the European Digital Identity Wallet with personal data from any other services offered by this issuer or from third-party services which are not necessarstrictly necessary and proportionate solely for the provision of the wallet services, unless the user has expressly requested it. The exchange of information via the European Digital Identity Wallet shall not allow providers of electronic attestations of attributes to track, link, correlate or otherwise obtain knowledge of transactions or user behaviour. Personal data relating to the provision of European Digital Identity Wallets shall be kept physically and logically separate from any other data held. If the European Digital Identity Wallet is provided by private parties in accordance to paragraph 1 (b) and (c), the provisions of article 45f paragraph 4 shall apply mutatis mutandis.
Amendment 154 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
7 a. The European Digital Identity Wallet shall request explicit prior consent of the user to perform any operations.
Amendment 155 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7b (new)
Article 6a – paragraph 7b (new)
7 b. The European Digital Identity Wallet shall provide a state of the art mechanism to transmit all of the user’s data in the wallet from one device to another and from one wallet to another upon the user’s request and free of charge.
Amendment 156 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
7 c. The European Digital Identity Wallet shall provide a mechanism for the user to inform directly the supervisory body and the supervisory authorities established under Regulation (EU) 2016/679 about any relying party that appears to request a disproportionate amount of data.
Amendment 157 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 7d (new)
Article 6a – paragraph 7d (new)
7 d. Access to public and private services shall not be denied, hindered or made more costly for natural persons who choose not to use the European Digital Identity Wallet.
Amendment 158 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7 Regulation (EU) No 910/2014
Article 1 – paragraph 1 – point 7 Regulation (EU) No 910/2014
7 e. The user shall be entitled to request a backup function of the data they have in their European Digital Identity Wallet from the wallet issuer in situations of unavailability of the wallet, and in case of loss or theft of their device. This backup function shall be enabled only with the explicit prior consent of the user and it shall be complemented with reinforced identity checks.
Amendment 179 #
1. When notified electronic identification means and the European Digital Identity Wallets are used for authidentification, Member States shall ensure unique identification.
Amendment 181 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation (EU) No 910/2014
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request and only in those cases where identification of the user is required by law. Unique and persistent identifiers shall not be accessed for the purpose of user authentication.
Amendment 206 #
Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point a – point 2
Article 1 – paragraph 1 – point 20 – point a – point 2
Regulation (EU) No 910/2014
Article 17 – paragraph 4 – point f
Article 17 – paragraph 4 – point f
(f) to cooperate with supervisory authorities established under Regulation (EU) 2016/679, in particular, by informing them without undue delay, about the results of audits of qualified trust service providers, where personal data protection rules have been breached and about security breaches which constitute whenever becoming aware of a personal data breaches;;
Amendment 215 #
Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b
Article 1 – paragraph 1 – point 22 – point b
Regulation (EU) No 910/2014
Article 20 – paragraph 2
Article 20 – paragraph 2
Where personal data protection rules appear to have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 of the results of its audits.;