BETA

32 Amendments of Antonio Maria RINALDI related to 2023/0205(COD)

Amendment 172 #
Proposal for a regulation
Recital 10
(10) The sharing of theaccess of customer data in the scope of this Regulation should be based on the explicit permission of the customer. In seeking the explicit permission of the customer to use his or her data, the data users should specify what use they intend to make of the customer’s data, should the customer provide permission. The legal obligation on data holders to shareenable access to customer data should be triggered once the customer has explicitly requested their data to be shared with a data user. This request can be submitted by a data user acting on behalf of the customermade accessible to a data user. In accordance with Regulation (EU) [XXXX/XXXX] of the European Parliament of the Council (Data Act), an undertaking providing core platform services that has been designated as a gatekeeper under Regulation (EU) 2022/19251b cannot be eligible as data user under this Regulation. The limitation on granting access to gatekeepers would not exclude them from the market and prevent them from offering its services, as voluntary agreements between them and the data holders remain unaffected. Where the processing of personal data is involved, a data user should have arely on one of the valid lawful basies for processing under Article 6 of Regulation (EU) 2016/679. The customers data can be processed only for the agreed purposes in the context of the service provided. Under this Regulation, these purposes should be strictly limited to the provision of a financial product, a financial service or a financial information service. The processing of personal data must respect the principles of personal data protection, including lawfulness, fairness and transparency, purpose limitation and data minimisation. A customer has the right to withdraw the permission given to a data user. W at any time. For example, when data processing is necessary for the performance of a contract, a customer should be able to withdraw permissions according to the contractual obligations to which the data subject is party. WSimilarly, when personal data processing is based on consent, a data subject has the rightshould be able to withdraw his or her consent at any time, as provided for in Regulation (EU) 2016/679. It should not be possible for the data user to transfer customer data to a third-party actor without this explicit permission, or even to another entity within the same group.
2024/02/02
Committee: ECON
Amendment 194 #
Proposal for a regulation
Recital 22
(22) The permission dashboard should display the permissions given by a customer, including when personal data are shared based on consent or are necessary for the performance of a contract. The permission dashboard should warn a customer in a standard way of the risk of possible contractual consequences of the withdrawal of a permission, but the customer should remain responsible for managing such risk. The permission dashboard should be used to manage existing permissions. Data holdusers should inform data usholders in real-timemmediately of any withdrawal of a permission. The permission dashboard should include a record of permissions that have been withdrawn or have expired for a period of up to two years to allow the customer to keep track of their permissions in an informed and impartial manner. Data users should inform data holders in real-time of new and re-establishedmmediately of new permissions granted by customers, including the duration of validity of the permission and a short summary of the purpose of the permission. The information provided on the permission dashboard is without prejudice to the information requirements under Regulation (EU) 2016/679.
2024/02/02
Committee: ECON
Amendment 208 #
Proposal for a regulation
Recital 28
(28) Data holders and data users should be allowed to use existing market standards and infrastructures for technical interfaces like application programming interfaces when developing common standards for mandatory data sharingaccess.
2024/02/02
Committee: ECON
Amendment 212 #
Proposal for a regulation
Recital 31
(31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would provide financial products and services to customers in the Unioninformation services and would access data held by financial institutions and the integrity of which is essential to preserve the financial institutions’ ability to continue providing financial services in a safe and sound manner. Such rules are also required to guarantee the proper supervision of FISPs by competent authorities in line with their mandate to safeguard financial stability and integrity in the Union, which would allow FISPs to provide throughout the Union the financial information services for which they are authorised.
2024/02/02
Committee: ECON
Amendment 216 #
Proposal for a regulation
Recital 33
(33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must be either legally incorporated in the Union or in case they are incorporaonly be provided by legal persons that have a registered office in a Member State in which they intend in a third country appoint a legal represento carry out or do carry out substantive in the Unionbusiness activities. An effective supervision by the competent authorities is necessary for the enforcement of requirements under this Regulation to ensure integrity and stability of the financial system and to protect consumers. The requirement of legal incorporation of financial information service providers in the Union or the appointment of a legal representative in the Union does not amount to data localisation since this Regulation does not entail any further requirement on data processing including storage to be undertaken in Union.
2024/02/02
Committee: ECON
Amendment 222 #
Proposal for a regulation
Recital 48
(48) Regulation (EU) 2016/679 applies when personal data are processed. ItProcessing of personal data in the context of this Regulation should be carried out in accordance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725, as well as, where applicable, with Directive 2002/58/EC of the European Parliament and of the Council1a (ePrivacy Directive). Regulation (EU) 2016/679 provides for the rights of a data subject, including the right of access and right to port personal data. This Regulation is without prejudice to the rights of a data subject provided under Regulation (EU) 2016/679, including the right of access and right to data portability. This Regulation creates a legal obligation to shareprovide access to and enable re-use of customer personal and non-personal data upon customer’s request and mandates the technical feasibility of access and sharing for all types of data within the scope of this Regulation. The granting of permission by a customer is without prejudice to the obligations of data users under Article 6 of Regulation (EU) 2016/679. Permission should not be construed as ‘consent’ or ‘necessity for the performance of a contract’ as defined in Regulation (EU) 2016/679. Personal data that are made available and shared withto a data user should only be processed for services provided by a data user where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and, when applicable, where the requirements of Article 9 of that Regulation on the processing of special categories of data are met.
2024/02/02
Committee: ECON
Amendment 237 #
Proposal for a regulation
Article 2 – paragraph 1 – point b
(b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets; including data collected for the purposes of carrying out an assessment of suitability and appropriateness in accordance with Article 25 of Directive 2014/65/EU of the European Parliament and of the Council32; and with Article 30 of Directive (EU) 2016/97; _________________ 32 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (recast) (OJ L 173, 12.6.2014, p. 349).
2024/02/02
Committee: ECON
Amendment 239 #
Proposal for a regulation
Article 2 – paragraph 1 – point c
(c) pension rights in occupational pension schemes, in accordance with Directive 2009/138/EC and Directive (EU) 2016/2341 of the European Parliament and of the Council33 ; _________________ 33 Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IORPs) (recast) (OJ L 354, 23.12.2016, p. 37).deleted
2024/02/02
Committee: ECON
Amendment 243 #
Proposal for a regulation
Article 2 – paragraph 1 – point d
(d) pension rights on the provision of pan-European personal pension products, in accordance with Regulation (EU) 2019/1238;deleted
2024/02/02
Committee: ECON
Amendment 246 #
Proposal for a regulation
Article 2 – paragraph 1 – point e
(e) non-life insurance products in accordance with Directive 2009/138/EC, with the exception of sickness and health insurance products; including data collected for the purposes of a demands and needs assessment in accordance with Article 20 of Directive (EU) 2016/97 of the European Parliament and Council34 , and data collected for the purposes of an appropriateness and suitability assessment in accordance with Article 30 of Directive (EU) 2016/97. _________________ 34 Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (recast) (OJ L 26, 2.2.2016, p. 19–5)deleted
2024/02/02
Committee: ECON
Amendment 287 #
Proposal for a regulation
Article 2 – paragraph 4 a (new)
4 a. Customer data referred to in paragraph 1, do not include: - sensitive data regarding a person's race or ethnicity, political opinions, religious or philosophical beliefs or union memberships, as well as genetic information and information about health and sexual orientation/practices; - proprietary data that the financial institution has generated, analysed or enriched, including trade secrets and business-sensitive information.
2024/02/02
Committee: ECON
Amendment 290 #
Proposal for a regulation
Article 2 – paragraph 4 b (new)
4 b. This Regulation shall apply to contracts that have been entered into force from the date of application of the present Regulation onwards.
2024/02/02
Committee: ECON
Amendment 299 #
Proposal for a regulation
Article 3 – paragraph 1 – point 2
(2) ‘customer’ means a natural or a legal person who makes use of financial products and services or purchases insurance products;
2024/02/02
Committee: ECON
Amendment 306 #
Proposal for a regulation
Article 3 – paragraph 1 – point 3
(3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution, excluding sensitive data and proprietary data as referred in Article 2, par. 5;
2024/02/02
Committee: ECON
Amendment 313 #
Proposal for a regulation
Article 3 – paragraph 1 – point 5
(5) ‘data holder’ means a financial institution other than an accountr a financial information service provider holding one of the categories of data under Art. 2(1), that collects, stores and otherwise processes the data listed in Article 2(1) ;
2024/02/02
Committee: ECON
Amendment 338 #
Proposal for a regulation
Article 3 – paragraph 1 – point 29
(29) ‘legal representative’ means a natural person domiciled in the Union or a legal person with its registered office in the Union, and which, expressly designated by a financial information service provider established in a third country, acts on behalf of such financial information service provider vis-à-vis the authorities, clients, bodies and counterparties to the financial information service provider in the Union with regard to the financial information service provider’s obligations under this Regulation;deleted
2024/02/02
Committee: ECON
Amendment 356 #
Proposal for a regulation
Article 5 – paragraph 1 a (new)
1 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user under this Regulation.
2024/02/02
Committee: ECON
Amendment 358 #
Proposal for a regulation
Article 5 – paragraph 2
2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This Regulation is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data access obligations established by this Regulation.
2024/02/02
Committee: ECON
Amendment 367 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
1 a. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) shall not be an eligible third party for the purposes of data-sharing and therefore cannot request or be granted access to customers’ data.
2024/02/02
Committee: ECON
Amendment 378 #
Proposal for a regulation
Article 6 – paragraph 4 – point b a (new)
(b a) respect the data protection rights of data subject and the level of protection guaranteed by General Data Protection Regulation.
2024/02/02
Committee: ECON
Amendment 382 #
Proposal for a regulation
Article 6 – paragraph 4 – point e a (new)
(e a) not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
2024/02/02
Committee: ECON
Amendment 386 #
Proposal for a regulation
Article 6 – paragraph 4 – point f a (new)
(f a) not use the data it receives to develop a product that competes with the product from which the accessed data originate or share the data with another third party for that purpose.
2024/02/02
Committee: ECON
Amendment 389 #
Proposal for a regulation
Article 6 – paragraph 4 a (new)
4 a. Once the data user collects, stores and processes data as per the definition in Article 3(5), it should be considered as a data holder and therefore subject to the obligations on data holders in Article 5.
2024/02/02
Committee: ECON
Amendment 401 #
Proposal for a regulation
Article 7 – paragraph 3
3. In accordance with Article 16 of Regulation (EU) No 1094/2010, the European Insurance and Occupational Pensions Authority (EIOPA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to risk assessment and pricing of a consumer in the case of life, health and sickness insuranceinsurance products different from insurance-based investment products.
2024/02/02
Committee: ECON
Amendment 437 #
Proposal for a regulation
Article 8 – paragraph 4 – point b a (new)
(b a) The data holder must be in control of the identity and access management of both the customer and any data user, as well as the permission dashboard through which any request is submitted.
2024/02/02
Committee: ECON
Amendment 443 #
Proposal for a regulation
Article 9 – paragraph 1
1. Within 18 months from the entry into force of this Regulation, data holders and data users shall become members of a financial data sharing scheme governing access to the customer data in compliance with Article 10Data holders and data users shall become members of a financial data sharing scheme governing access to the customer data in compliance with Article 10 according to the following timeline: i) 36 months from the entry into force of this Regulation for the first tier of customer data relating accounts (except payment accounts), savings (except structured deposits); ii) 48 months from the entry into force of this Regulation for the second tier of customer data relating loans, mortgage credits, crypto assets (provided that the bank knowingly holds the assets in custody on behalf of the customer); iii) 60 months from the entry into force of this Regulation for the third tier of customer data relating investments in financial instruments, structured deposits, insurance based investment products, other related financial assets (provided that the bank knowingly holding the assets in custody on behalf of the customer), non- life insurance products, occupational pension schemes, pan European private pension schemes. This measure should be implemented only after an adequate testing and assessment phase in order to check the benefits for the customers and their interests.
2024/02/02
Committee: ECON
Amendment 475 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – introductory part
(h) a financial data sharing scheme shall establish a model to determine the maximumreasonable compensation that a data holder is entitled tocan charge for making data available through an appropriate technical interface for data sharing with data users in line with the common standards developed under point (g). The model shall be based on the following principles:
2024/02/02
Committee: ECON
Amendment 478 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – point i
(i) it should be limited to reasonable compensation directly relatany compensation - including the costs incurred toin making the data available to the data user and which is attributable to the requestand the investment in the collection and production of data, as well as a margin - agreed between a data holder and a data user for making data available shall be reasonable;
2024/02/02
Committee: ECON
Amendment 481 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – point ii
(ii) it should be based on an objective, transparent and non-discriminatory methodology agreed by the scheme members and may include a margin and respect the provisions of Art. 9(1) of the Data Act (Regulation (EU) XX);
2024/02/02
Committee: ECON
Amendment 483 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – point v
(v) it should be devised to gear compensation towards the lowest levels prevalent on the market; andeleted
2024/02/02
Committee: ECON
Amendment 550 #
Proposal for a regulation
Article 20 – paragraph 3 – point a
(a) a public statement indicating the natural or legal person responsible and the nature of the infringement;deleted
2024/02/02
Committee: ECON
Amendment 582 #
Proposal for a regulation
Article 36 – paragraph 2
It shall apply from [OP please insert the date = 248 months after the date of entry into force of this Regulation]. However, Articles 9 to 13 shall apply from [OP please insert the date = 1836, 48 60 months after the date of entry into force of this Regulation].
2024/02/02
Committee: ECON