28 Amendments of Jean-Lin LACAPELLE related to 2021/0136(COD)
Amendment 14 #
Proposal for a regulation
Recital 4
Recital 4
(4) A more harmonised approach to digital identification should reduce the risks and costs of the current fragmentation due to the use of divergent national solutions and will strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify online in a convenient and uniform way across the Union. Everyone should be able to securely access public and private services relying on an improved ecosystem for trust services and on verified proofs of identity and attestations of attributes, such as a university degree legally recognised and accepted everywhere in the Union. Users should, however, not be obliged to use a digital identity wallet to access public or private services. It should be possible to use digital key generator applications or ID card readers, for example. The framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given format.
Amendment 18 #
Proposal for a regulation
Recital 5 a (new)
Recital 5 a (new)
(5a) It should be made clear that recognition of a qualified electronic attestation of attributes in a given Member State is limited to the confirmation of the facts. Recognition of a qualified electronic attestation of attributes in any other Member State shall be limited to confirming the factual circumstances relating to the attribute concerned, and shall not have legal effect there unless the attested attributes are in accordance with its national law.
Amendment 23 #
Proposal for a regulation
Recital 7
Recital 7
(7) It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to share securely data related to their identity in a user friendly and convenient way under the sole control of the user. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usability. Member States should ensure equal access to digital identification to all their nationals and legal residents.
Amendment 27 #
Proposal for a regulation
Recital 9
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e- mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
Amendment 32 #
Proposal for a regulation
Recital 14
Recital 14
(14) Only Member States’ competent authorities may establish the identity of a person with a high degree of assurance and, therefore, guarantee that the person claiming or asserting a particular identity is in fact the person he or she claims to be. The process of notification of electronic identification schemes should be simplified and accelerated to promote the access to convenient, trusted, secure and innovative authentication and identification solutions and, where relevant, to encourage private identity providers to offer electronic identification schemes to Member State’s authorities for notification asto issue national electronic identity card schemes under Regulation 910/2014.
Amendment 33 #
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
(14a) Penalties for negligence in protecting personal data by private identity providers or on consumer platforms and sites should be dissuasive so as to foster access to convenient, reliable, secure and innovative authentication and identification solutions.
Amendment 64 #
Proposal for a regulation
Article premier – paragraph 1 – point 3 – point i
Article premier – paragraph 1 – point 3 – point i
EU 910/2014
Article 3
Article 3
Amendment 72 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
EU 910/2014
Article 6a – paragraph 2 – point b
Article 6a – paragraph 2 – point b
(b) under a mandate from a Member State by a European public organisation or company, based in Europe and which employs staff and pays a significant amount in taxes in Europe;
Amendment 105 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
EU 910/2014
Article 6a – paragraph 7a
Article 6a – paragraph 7a
7a. Digital identity wallets shall not contain health data.
Amendment 106 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
EU 910/2014
Article 6a – paragraph 7b
Article 6a – paragraph 7b
7b. Digital identity wallets should not be used as a means of discriminating between EU citizens.
Amendment 119 #
Proposal for a regulation
Article premier – paragraph 1 – point 7
Article premier – paragraph 1 – point 7
EU 910/2014
Article 6b – paragraph 3
Article 6b – paragraph 3
3. Relying parties shall be responsible for carrying out the procedure for authenticating person identification data and electronic attestation of attributes originating from European Digital Identity Wallets.
Amendment 123 #
Proposal for a regulation
Article premier – paragraph 1 – point 11
Article premier – paragraph 1 – point 11
EU 910/2014
Article 10 b (new)
Article 10 b (new)
3a. Users of European Digital Identity Wallets should be ensured compensation for any undesirable situation related to their data, such as theft, loss, disclosure or use for purposes other than those originally intended. This liability should extend to all of the above situations, regardless of the provider's intentions or negligence (whether it is culpable or not).
Amendment 137 #
Proposal for a regulation
Article premier – paragraph 1 – point 16
Article premier – paragraph 1 – point 16
EU 910/2014
Article 12 a – paragraph 3 a (new)
Article 12 a – paragraph 3 a (new)
3a. It must be possible to check attributes without fully identifying the digital identity wallet holder.
Amendment 138 #
Proposal for a regulation
Article premier – paragraph 1 – point 16
Article premier – paragraph 1 – point 16
EU 910/2014
Article 12 a – paragraph 3 b (new)
Article 12 a – paragraph 3 b (new)
3b. The issuance and systematic use of EU-wide persistent unique identifiers gives rise to data protection and privacy risks for individuals. The use of privacy by design architectures should therefore be promoted by the Member States and the Commission.
Amendment 142 #
Proposal for a regulation
Article premier – paragraph 1 – point 16
Article premier – paragraph 1 – point 16
EU 910/2014
Article 12 a – paragraph 5
Article 12 a – paragraph 5
5. The Commission shall make an assessment within 18 months after deployment of the European Digital Identity Wallets whether on the basis of evidence showing availability, security and usability of the European Digital Identity Wallet, additional private online service providers shall be mandated to accept the use of the European Digital identity Wallet strictly upon voluntary request of the user. Criteria of assessment may include extent of user base, cross-border presence of service providers, technological development, evolution in usage patterns. The Commission shall be empowered to adopt delegated acts based on this assessment, regarding a revision of the requirements for recognition of the European Digital Identity wallet under points 1 to 4 of this article.
Amendment 143 #
Proposal for a regulation
Article premier – paragraph 1 – point 17
Article premier – paragraph 1 – point 17
EU 910/2014
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Notwithstanding paragraph 2 of this Article, tThe liability of trust service providers cannot be limited by an internal policy on service provision. Trust service providers shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with the obligations under this Regulation and with the cybersecurity risk management obligations under Article 18 of the Directive XXXX/XXXX [NIS2].’;
Amendment 144 #
Proposal for a regulation
Article premier – paragraph 1 – point 18
Article premier – paragraph 1 – point 18
EU 910/2014
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The Commission may not adopt implementing acts, in accordance with Article 48(2), setting out the conditions under which the requirements of a third country applicable to the trust service providers established in its territory and to the trust services they provide can be considered equivalent to the requirements applicable to qualified trust service providers established in the Union and to the qualified trust services they provide.
Amendment 146 #
Proposal for a regulation
Article premier – paragraph 1 – point 18
Article premier – paragraph 1 – point 18
EU 910/2014
Article 14 – paragraph 2
Article 14 – paragraph 2
Amendment 153 #
Proposal for a regulation
Article premier – paragraph 1 – point 24
Article premier – paragraph 1 – point 24
EU 910/2014
Article 23 – paragraph 2 a
Article 23 – paragraph 2 a
Amendment 159 #
Proposal for a regulation
Article premier – paragraph 1 – point 38
Article premier – paragraph 1 – point 38
EU 910/2014
Article 45 – paragraph 2
Article 45 – paragraph 2
2. Qualified certificates for website authentication referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web- browsing services. This new digital identity framework does not prevent web browsers from undertaking additional security processes with due diligence to protect consumers and their reputation.
Amendment 165 #
Proposal for a regulation
Article premier – paragraph 1 – point 39
Article premier – paragraph 1 – point 39
EU 910/2014
Article 45 b – paragraph 3
Article 45 b – paragraph 3
3. Personal data relating to the provision of qualified electronic attestation of attributes services shall be kept physically and logically in Europe, separate from any other data held.
Amendment 169 #
Proposal for a regulation
Article premier – paragraph 1 – point 40
Article premier – paragraph 1 – point 40
(EU)910/2014
Article 48a – paragraph 2 – point a
Article 48a – paragraph 2 – point a
(a) the number of natural and legal persons having a valid European Digital Identity Wallet;
Amendment 170 #
Proposal for a regulation
Article premier – paragraph 1 – point 40
Article premier – paragraph 1 – point 40
EU 910/2014
Article 48 a – paragraph 2 – point c a (new)
Article 48 a – paragraph 2 – point c a (new)
(c a) The number of people who have suffered data theft; the number of companies that have reported data theft; the number of complaints to the authorities about a data breach (identity theft, data fraud, etc).
Amendment 172 #
Proposal for a regulation
Article premier – paragraph 1 – point 40
Article premier – paragraph 1 – point 40
EU 910/2014
Article 48 a – paragraph 2 – point c b (new)
Article 48 a – paragraph 2 – point c b (new)
(c b) The most stringent sanctions imposed on companies during the year for failure to protect identity data (both within and outside the EU).
Amendment 176 #
Proposal for a regulation
Article premier – paragraph 1 – point 41
Article premier – paragraph 1 – point 41
EU 910/2014
Article 49 – paragraph 2
Article 49 – paragraph 2
2. The evaluation report shall include an assessment of the availability, security and usability of the identification means including European Digital Identity Wallets in scope of this Regulation and assess whether all online private service providers relying on third party electronic identification services for users authentication, shall be mandated to accept the use of notified electronic identification means and European
Amendment 178 #
Proposal for a regulation
Annex VI – paragraph 1 – introductory part
Annex VI – paragraph 1 – introductory part
Further to Article 45d, Member States shall ensure that measures are taken to allow qualified providers of electronic attestations of attributes to verify by electronic means at the request of the user, the authenticity of the following attributes against the relevant authentic source at national level or via designated intermediaries recognised at national level, in accordance with national or Union law and in cases where these attributes rely on authentic sources stored in Europe within the public sector:
Amendment 180 #
Proposal for a regulation
Annex VI – paragraph 1 – point 2 a (new)
Annex VI – paragraph 1 – point 2 a (new)
2a. Whether or not they are on the national register of paedophiles or sex offenders;
Amendment 186 #
Proposal for a regulation
Annex VI – paragraph 1 – point 9 a (new)
Annex VI – paragraph 1 – point 9 a (new)
9a. Criminal records index;