Activities of Anne-Sophie PELLETIER related to 2021/0136(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
Amendments (22)
Amendment 16 #
Proposal for a regulation
Recital 4
Recital 4
(4) A more harmonised approach to digital identification should reduce the risks and costs of the current fragmentation due to the use of divergent national solutions and will strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify online in a convenient and uniform way across the Union. Everyone should be able to securely access public and private services relying on an improved ecosystem for trust services and on verified proofs of identity and attestations of attributes, such as a university degree legally recognised and accepted everywhere in the Union. The framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given and highly securised format.
Amendment 20 #
Proposal for a regulation
Recital 7
Recital 7
(7) It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to share securely data related to their identity in a user friendly and convenient way under the sole control of the user. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usability. Member States should ensure equal access to digital identification to all their nationals and residents. However, people that do not want or can not use the European Digital Identity Wallets for different reasons, for instance whether they do not own the proper digital tools needed, should not be discriminated on those grounds and should not be disadvantaged in access to the public or private services concerned.
Amendment 28 #
Proposal for a regulation
Recital 9
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e-mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
Amendment 30 #
Proposal for a regulation
Recital 11
Recital 11
(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or on cloud-based solutions, taking into account the different levels of risk. In this view, data should be processed within the territory of the Union. Using biometrics to authenticate is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements of authentication. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation 2016/679.
Amendment 38 #
Proposal for a regulation
Recital 18
Recital 18
(18) In line with Directive (EU) 2019/88222 , persons with disabilities should be able to useand any vulnerable person should be able to use, should they want so, the European digital identity wallets, trust services and end-user products used in the provision of those services on an equal basis with other users. The latter shall be fully accessible, with an easy-to-read language. _________________ 22 Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).
Amendment 51 #
Proposal for a regulation
Recital 28
Recital 28
(28) Wide availability and usability of the European Digital Identity Wallets require their acceptance by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticate to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the user. Users should be under no obligation to use the wallet to access private services, but if they wish to do so, large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection. Self- regulatory codes of conduct at Union level (‘codes of conduct’) should be developed in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user authentication. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.
Amendment 74 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 3 – introductory part
Article 6a – paragraph 3 – introductory part
3. European Digital Identity Wallets shall enable the user in a way that is transparent and traceable to them to:
Amendment 88 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a– paragraph 4 – point d
Article 6a– paragraph 4 – point d
(d) provide a mechanism to ensure that the relying party is able to authenticatconfirm that the user can legally use the uservice and to receive electronic attestations of attributes;
Amendment 89 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 4 – point e
Article 6a – paragraph 4 – point e
(e) ensure that the person identification data referred to in Articles 12(4), point (d) uniquely and persistently represent the natural or legal person is associated with it. This shared data shall work on the principle of pair- voiced anonymity, and the interactions with a user from one relying party to another relying party shall not be traceable to the same individual and combinable.
Amendment 94 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 5 – point b
Article 6a – paragraph 5 – point b
(b) to allow relying parties to verify that the attestations of attributes are validqualified trust service providers to verify the authenticity and validity of attributed person identification data;
Amendment 95 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 5 – point c a (new)
Article 6a – paragraph 5 – point c a (new)
(c a) to revoke validity of certificates of relying parties and qualified trust services in case of breach of national or Union law.
Amendment 96 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 5 a (new)
Article 6a – paragraph 5 a (new)
5 a. Member States should ensure that both sufficient financial and human resources are allocated to the well functioning of the European Digital Identity Wallet.
Amendment 97 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 6
Article 6a – paragraph 6
6. The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’. The use of the European Digital Identity Wallets shall be free of charge to natural persons. Persons not using the European Digital Identity Wallet shall not be hindered or put at a disadvantage in access to the labour market, public or essential livelihood services.
Amendment 102 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 7
Article 6a – paragraph 7
7. The user shall be in full control of the European Digital Identity Wallet. The issuer of the European Digital Identity Wallet shall not collect information about the use of the wallet which are not necessary for the provision of the wallet services, nor shall it combine person identification data and any other personal data stored or relating to the use of the European Digital Identity Wallet with personal data from any other services offered by this issuer or from third-party services which are not necessary for the provision of the wallet services, unless the user has expressly requested it. Personal data relating to the provision of European Digital Identity Wallets shall be kept physically and logically separate from any other data held. If the European Digital Identity Wallet is provided by private parties in accordance to paragraph 1 (b) and (c), the provisions of article 45f paragraph 4 shall apply mutatis mutandis.
Amendment 109 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 10
Article 6a – paragraph 10
10. The European Digital Identity Wallet shall be made accessible for persons with disabilities in accordance with the accessibility requirements of Annex I to Directive 2019/882. The use of the European Digital Identity Wallet shall be offered under the same conditions as offline services require.
Amendment 111 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6a – paragraph 11
Article 6a – paragraph 11
11. Within 6 months of the entering into force of this Regulation, the Commission shall establish technical and operational specifications and reference standards for the requirements referred to in paragraphs 3, 4 and 5 by means of an implementing act on the implementation of the European Digital Identity Wallet. This implementing act shall be adopted in accordance with the examination procedure referred to in Article 48(2). It shall be strictly limited to update specifications related to technological developments and to the mitigation of the impact of technology on European citizens' rights.
Amendment 116 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6b – paragraph 1 a (new)
Article 6b – paragraph 1 a (new)
1 a. When communicating with a European Digital Identity Wallet, relying parties shall show unique identification to the user. The user shall be able to refuse to continue without pressure or coercion, and without being discriminated against.
Amendment 117 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7 Regulation 910/2014
Article 1 – paragraph 1 – point 7 Regulation 910/2014
2. Member States shall implement a common mechanism for the authentication of relying partiesand unique identification of relying parties. All Member States can revoke the authorisation of relying parties in case of illegal or fraudulent use of the European Digital Identity Wallet in their country.
Amendment 121 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Article 1 – paragraph 1 – point 7
Regulation 910/2014
Article 6d – paragraph 2
Article 6d – paragraph 2
Amendment 124 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Article 1 – paragraph 1 – point 12
Regulation 910/2014
Article 11a
Article 11a
Amendment 135 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Article 1 – paragraph 1 – point 16
Regulation 910/2014
Article 12b – paragraph 3
Article 12b – paragraph 3
3. Where very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. require users to authenticate to access online services, they shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age. Data of the European Digital Identity Wallet shall not be combined with other data nor monetized.
Amendment 158 #
Proposal for a regulation
Article 1 – paragraph 1 – point 38
Article 1 – paragraph 1 – point 38
Regulation 910/2014
Article 45
Article 45