BETA

23 Amendments of Gilles BOYER related to 2023/0205(COD)

Amendment 170 #
Proposal for a regulation
Recital 10
(10) The sharing of theaccess of customer data in the scope of this Regulation should be based on the explicit permission of the customer. The client’s permission to give access to his or her data should be obtained through an explicit consent, which should not be based solely on a “tick-the-box” approach or the use of generalising phrases. In seeking the explicit permission of the customer to use his or her data, the data users should specify what use they intend to make of the customer’s data, should the customer provide permission. The legal obligation on data holders to share customer data should be triggered once the customer has explicitly requested their data to be shared with a data user. This request can be submitted bye data user should be able to demonstrate how the best interest of the customer will be served and preserved. In accordance with Regulation (EU) [XXXX/XXXX] of the European Parliament of the Council (Data Act), an undertaking providing core platform services that has been designated as a gatekeeper under Regulation (EU) 2022/19251) cannot be eligible as data user acting on behalf of the customerunder this Regulation. The limitation on granting access to gatekeepers would not exclude them from the market and prevent them from offering its services, as voluntary agreements between them and the data holders remain unaffected. Where the processing of personal data is involved, a data user should have a valid lawful basis for processing under Regulation (EU) 2016/679. The customers data can be processed only for the agreed purposes in the context of the service provided. Under this Regulation, these purposes should be strictly limited to the provision of a financial product, a financial service or a financial information service. The processing of personal data must respect the principles of personal data protection, including lawfulness, fairness and transparency, purpose limitation and data minimisation. A customer has the right to withdraw the permission given to a data user. W at any time and free of charge. For example, when data processing is necessary for the performance of a contract, a customer should be able to withdraw permissions according to the contractual obligations to which the data subject is party. WSimilarly, when personal data processing is based on consent, a data subject has the rightshould be able to withdraw his or her consent at any time, as provided for in Regulation (EU) 2016/679. It should not be possible for the data user to transfer customer data to a third-party actor without this explicit permission, or even to another entity within the same group.
2024/02/02
Committee: ECON
Amendment 215 #
Proposal for a regulation
Recital 33
(33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must be either legally incorporated in the Union or in case they are incorporaonly be provided by legal persons that have a registered office in a Member State in which they intend in a third country appoint a legal represento carry out or do carry out substantive in the Union.business activities An effective supervision by the competent authorities is necessary for the enforcement of requirements under this Regulation to ensure integrity and stability of the financial system and to protect consumers. The requirement of legal incorporation of financial information service providers in the Union or the appointment of a legal representative in the Union does not amount to data localisation since this Regulation does not entail any further requirement on data processing including storage to be undertaken in Union.
2024/02/02
Committee: ECON
Amendment 219 #
Proposal for a regulation
Recital 34
(34) A financial information service provider should be authorised in the jurisdiction of the Member State where its main establishment is located, that is, where the financial information service provider intends to carry out substantive business activities and where it has its head office or registered office within which the principal functions and operational control are exercised. In respect of financial information service providers that do not have an establishment in the Union but require access to data in the Union and therefore fall within the scope of this Regulation, the Member State where those financial information service providers have appointed their legal representative should have jurisdiction, considering the function of legal representatives under this Regulation.
2024/02/02
Committee: ECON
Amendment 318 #
Proposal for a regulation
Article 3 – paragraph 1 – point 6 a (new)
(6 a) “financial information services” means the online services of collecting, consolidating, storing and processing customer data in order to provide a financial service to customers;
2024/02/02
Committee: ECON
Amendment 321 #
Proposal for a regulation
Article 3 – paragraph 1 – point 6 b (new)
(6 b) "financial service" means any service of a banking, credit, insurance, personal pension, investment or payment nature;
2024/02/02
Committee: ECON
Amendment 339 #
Proposal for a regulation
Article 3 – paragraph 1 – point 29
(29) ‘legal representative’ means a natural person domiciled in the Union or a legal person with its registered office in the Union, and which, expressly designated by a financial information service provider established in a third country, acts on behalf of such financial information service provider vis-à-vis the authorities, clients, bodies and counterparties to the financial information service provider in the Union with regard to the financial information service provider’s obligations under this Regulation;deleted
2024/02/02
Committee: ECON
Amendment 348 #
Proposal for a regulation
Article 5 – paragraph 1
1. The data holder shall, upon explicit request from a customer submitted by electronic means, make available to a data user the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user. Any request from a customer shall state explicitly the specific service for the purpose of which the customer consents to the use of his data by the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-time.
2024/02/02
Committee: ECON
Amendment 355 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
1 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user under this Regulation.
2024/02/02
Committee: ECON
Amendment 364 #
Proposal for a regulation
Article 5 a (new)
Article5a Customer permission 1. Any permission granted by a customer shall be given for a period of time not exceeding 6 months. 2. Any permission granted by a customer shall not be renewed tacitly. 3. A customer may withdraw the permission it has granted to a data user at any time and free of charge. When processing is necessary for the performance of a contract, a customer may withdraw the permission it has granted to make customer data available to a data user according to the contractual obligations to which it is subject.
2024/02/02
Committee: ECON
Amendment 366 #
Proposal for a regulation
Article 6 – paragraph 1
1. A data user shall only be eligible to access customer data pursuant to Article 5(1) if that data user is subject to prior authorisation by a competent authority as a financial institution provide financial information services within the Union if that data user is a financial institution or a legal person established in the Union that has been author ised as financial information service provider pursuant to Article 14.
2024/02/02
Committee: ECON
Amendment 373 #
Proposal for a regulation
Article 6 – paragraph 3
3. A customer may withdraw the permission it has granted to a data user. When processing is necessary for the performance of a contract, a customer may withdraw the permission it has granted to make customer data available to a data user according to the contractual obligations to which it is subject.deleted
2024/02/02
Committee: ECON
Amendment 379 #
Proposal for a regulation
Article 6 – paragraph 4 – point e
(e) not process customer data for advertising purposes, except for direct marketing in accordance with Union and national law;
2024/02/02
Committee: ECON
Amendment 384 #
Proposal for a regulation
Article 6 – paragraph 4 – point e a (new)
(e a) not transfer customer data to any third party, including in an outsourcing scheme, without the customer’s explicit permission;
2024/02/02
Committee: ECON
Amendment 385 #
Proposal for a regulation
Article 6 – paragraph 4 – point e b (new)
(e b) not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
2024/02/02
Committee: ECON
Amendment 418 #
Proposal for a regulation
Article 8 – paragraph 2 – point a – introductory part
(a) provide the customer with an overview of each ongoing permission given to data users at any time, including:
2024/02/02
Committee: ECON
Amendment 422 #
Proposal for a regulation
Article 8 – paragraph 2 – point a – point v a (new)
(v a) the date on which the customer has granted access to a data user;
2024/02/02
Committee: ECON
Amendment 423 #
Proposal for a regulation
Article 8 – paragraph 2 – point a – point v b (new)
(v b) the storage location of data being shared.
2024/02/02
Committee: ECON
Amendment 424 #
Proposal for a regulation
Article 8 – paragraph 2 – point b
(b) allow the customer to withdraw a permission given to a data user at any time, and free of charge;
2024/02/02
Committee: ECON
Amendment 493 #
Proposal for a regulation
Article 10 – paragraph 4
4. A financial data sharing scheme set up in accordance with this Article shall be notified to the competent authority of establishment of the three most significant data holders which are members of that scheme at the time of establishment of the scheme. Where the three most significant data holders are established in different Member States, or where there is more than one competent aEuropean Banking Authority, the European Insurance and Occupational Pensions Authority inand the Member State of establishment of the three most significant data holders, the scheme shall be notified to all of these authorities which shall agree among themselves which authority shall carry out the assessment referred to in paragraph 6European Securities and Markets Authority.
2024/02/02
Committee: ECON
Amendment 494 #
Proposal for a regulation
Article 10 – paragraph 6 – subparagraph 1
Within 1 month of receipt of the notification pursuant to paragraph 4, the competent athree European Supervisory Authorityies shall assess whether the financial data sharing scheme’s governance modalities and characteristics are in compliance with paragraph 1. When assessing the compliance of the financial data sharing scheme with paragraph 1, the competent authority may consult other competent authorities.
2024/02/02
Committee: ECON
Amendment 497 #
Proposal for a regulation
Article 10 – paragraph 6 – subparagraph 2
Upon completion of ithis assessment, the competent authority shall inform EBA of a notified financial data sharing scheme that satisfies the provisions of paragraph 1. A scheme notified to EBA in accordance with this paragraph shall be recognised in all the Member States for the purpose of accessing data pursuant to Article 5(1) and shall not require further notification in any other Member Statenotified financial data sharing scheme shall be made available on the register defined in Article 15.
2024/02/02
Committee: ECON
Amendment 525 #
Proposal for a regulation
Article 13
Article 13 Legal representatives 1. Financial information service providers that do not have an establishment in the Union but that require access to financial data in the Union shall designate, in writing, a legal or natural person as their legal representative in one of the Member States from where the financial information service provider intends to access financial data. 2. Financial information service providers shall mandate their legal representatives to be addressed in addition to or instead of the financial information service provider by the competent authorities on all issues necessary for the receipt of, compliance with and enforcement of this Regulation. Financial information service providers shall provide their legal representative with the necessary powers and resources to enable them to cooperate with the competent authorities and ensure compliance with their decisions. 3. The designated legal representative may be held liable for non-compliance with obligations under this Regulation, without prejudice to the liability and legal actions that could be initiated against the financial information service provider. 4. Financial information service providers shall notify the name, address, the electronic mail address and telephone number of their legal representative to the competent authority in the Member State where that legal representative resides or is established. They shall ensure that that information is up to date. 5. The designation of a legal representative within the Union pursuant to paragraph 1 shall not constitute an establishment in the Union.deleted
2024/02/02
Committee: ECON
Amendment 530 #
Proposal for a regulation
Article 14 – paragraph 2
2. The competent authority shall authorise a third country financial information service provider provided that all the following conditions are met: (a) the third country financial information service provider has complied with all conditions laid down in Article 12 and 16; (b) the third country financial information service provider has designated a legal representative pursuant to Article 13; (c) where the third country financial information service provider is subject to supervision, the competent authority shall seek to put in place an appropriate cooperation arrangement with the relevant competent authority of the third country where the financial information service provider is established, to ensure an efficient exchange of information; (d) the third country where the financial information service provider is established is not listed as a non-cooperative jurisdiction for tax purposes under the relevant Union policy or as a high-risk third-country jurisdiction that presents deficiencies in accordance with Commission Delegated Regulation (EU) 2016/1675.44 _________________ 44 Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council by identifying high-risk third countries with strategic deficienciesdeleted
2024/02/02
Committee: ECON