21 Amendments of Sophia IN 'T VELD related to 2013/0264(COD)
Amendment 130 #
Proposal for a directive
Recital 6
Recital 6
(6) In recent years, the security risks related electronic payments have increased, which is due to the greater technical complexity of electronic payments, the continuously growing volumes of electronic payments worldwide and the emerging types of payment services. As safe and secure payment services constitute a vital condition for a well-functioning payment services market, users of payment services should be adequately protected against such risks. Payment services are essential for the maintenance of vital economic and societal activities and therefore payment services providers such as credit institutions have been qualified as market operators according to Article 3(8) of Directive [pls insert number of NIS Directive after adoption] of the European Parliament and of the Council25. When processing personal data for the purposes of this Directive the security requirements laid down in Articles 16 and 17 of Directive 95/46/EC should be respected. __________________ 25 Directive XXXX/XX/EU of the European Parliament and of the Council of [date] concerning measures to ensure a high common level of network and information security across the Union (OJ L x, p x).
Amendment 163 #
Proposal for a directive
Recital 29
Recital 29
(29) Overall, the functioning of the cooperation between the competent national authorities responsible for granting authorisations to payment institutions, carrying out controls and deciding on the withdrawal of those authorisations, has proven to work satisfactorily. However, the cooperation between the competent authorities should be enhanced, both with regard to the information exchanged as well as a coherent application and interpretation of the Directive, in cases where the authorised payment institution would like to provide payment services also in a Member State other than its home Member State, in exercise of the right of establishment or the freedom to provide services (‘passporting’). The European Banking Authority (EBA) should be asked toafter consulting an advisory panel set up for the purposes of implementation of this Directive and representing i.e. non-banking actors, should prepare a set of guidelines on the cooperation and data exchange.
Amendment 166 #
Proposal for a directive
Recital 32
Recital 32
(32) While this Directive specifies the minimum set of powers competent authorities should have when supervising the compliance of payment institutions, these powers are to be exercised with respect to fundamental rights, including the right to privacy. FWithout prejudice to the control of an independent authority (national data protection authority) under Article 8 (3) of the Charter of Fundamental Rights of the European Union, for the exercise of those powers which may amount to serious interferences with the right to respect private and family life, home and communications, Member States should have in place adequate and effective safeguards against any abuse or arbitrariness, for instance, where appropriate through prior authorisation from the judicial authority of the Member State concerned.
Amendment 171 #
Proposal for a directive
Recital 41
Recital 41
(41) This Directive should specify the obligations on payment service providers as regards the provision of information to the payment service users who should receive the same high level of clear information about payment services in order to make well-informed choices and be able to choose freely within the Union. In the interest of transparency this Directive should lay down the harmonised requirements needed to ensure that necessary and sufficient information is given to the payment service users with regard to the payment service contract and the payment transactions. In order to promote smooth functioning of the single market in payment services, Member States should be able to adopt only those information provisions laid down in this Directive, as well as under Directive 95/46/EC and Regulation EC No 45/2001.
Amendment 184 #
Proposal for a directive
Recital 51
Recital 51
(51) It is necessary to set up the criteria under which TPPs are allowed to access and use the information on the availability of funds on the payment service user account held with another payment service provider. In particular, necessary data protection and security requirements set or referred to in this Directive or included in the EBA guidelines should be fulfilled by both the TPP and the payment service provider servicing the account of the payment service user. These guidelines should be developed after consulting an advisory panel set up for the purposes of implementation of this Directive and representing i.a non-banking actors. The payers should give an explicit consent to the TPP to access their payment account and be properly informed about the extent of this access. To allow the development of other payment services providers which cannot receive deposits, it is necessary that credit institutions provide them with the information on the availability of funds if the payer has given consent for this information to be communicated to the payment service provider issuer of the payment instrument.
Amendment 207 #
Proposal for a directive
Recital 71
Recital 71
(71) In order to facilitate effective fraud prevention and combat payment fraud across the Union, provision should be made for the efficient exchange of data between payment service providers who should be allowed to collect, process and exchange personal data relatProvision of payment services may entail processing tof persons involved in payment fraudal data. Directive 95/46/EC of the European Parliament and of the Council37, the national rules which transpose Directive 95/46/EC and Regulation (EC) No 45/2001 of the European Parliament and of the Council38 are applicable to the processing of personal data for the purposes of this Directive. __________________ 37 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31). 38 Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.01.2001, p.1).
Amendment 211 #
Proposal for a directive
Recital 80
Recital 80
(80) In order to ensure consistent application of this Directive, the Commission should be able to rely on the expertise and support of EBA, which should have the task to elaborate guidelines and prepare regulatory technical standards on security aspects regarding payment services, and on the cooperation between Member States in the context of the provision of services and establishment of authorised payment institutions in other Member States. When fulfilling these requirements the EBA shall consult an advisory panel set up for the purposes of implementation of this Directive and representing i.a non-banking actors. The Commission should be empowered to adopt those regulatory technical standards. These specific tasks are fully in line with the role and responsibilities of EBA defined in Regulation (EU) No 1093/2010, under which the EBA has been set up.
Amendment 238 #
Proposal for a directive
Article 3 – paragraph 1 – point l
Article 3 – paragraph 1 – point l
(l) payment transactions carried out by a provider of electronic communication networks or services where the transaction is provided for a subscriber to the network or service and for purchase of digital content as ancillary services to electronic communications services, regardless of the device used for the purchase or consumption of the content, provided that the value of any single payment transaction does not exceed EUR 520 and the cumulative value of payment transactions does not exceed EUR 2100 in any billing month;
Amendment 243 #
Proposal for a directive
Article 3 – paragraph 1 – point n a (new)
Article 3 – paragraph 1 – point n a (new)
(na) mobile wallets
Amendment 276 #
Proposal for a directive
Article 4 – paragraph 1 – point 38 a (new)
Article 4 – paragraph 1 – point 38 a (new)
38a. ‘mobile wallets’ means a technical enabler that aggregates payment instruments available to the payer;
Amendment 292 #
Proposal for a directive
Article 14 – paragraph 4 – subparagraph 1
Article 14 – paragraph 4 – subparagraph 1
EBA shall develop draft regulatory technical standards setting technical requirements regarding access to the information contained in the public registers referred to in Article 13 at the Union level after consulting an advisory panel set up for the purposes of implementation of this Directive and representing i.a non-banking actors. EBA shall submit those draft regulatory technical standards to the Commission by […within two years of the date of entry into force of this Directive].
Amendment 295 #
Proposal for a directive
Article 22 – paragraph 1 – subparagraph 2 – point a
Article 22 – paragraph 1 – subparagraph 2 – point a
(a) to require the payment institution to provide any information needed to monitor compliance; by means of formal decision, specifying the legal basis and the purpose of the request, what information is required and the time limit by which the information should be provided.
Amendment 314 #
Proposal for a directive
Article 31 – paragraph 2 – point 1 (new)
Article 31 – paragraph 2 – point 1 (new)
(1) Member States shall ensure that individuals are provided with appropriate information about the processing of personal data in accordance with national provisions implementing Articles 10 and 11 of Directive 95/46/EC and to Article 11 of Regulation EC n. 45/2001.
Amendment 409 #
Proposal for a directive
Article 58 – paragraph 2 – point c
Article 58 – paragraph 2 – point c
(c) not to store sensitive payment data or personalised security credentials of the payment service user.
Amendment 429 #
Proposal for a directive
Article 59 – paragraph 2
Article 59 – paragraph 2
2. If the payer has given consent to a third party payment instrument issuer which has provided the payer with a payment instrument to obtain information on the availability of sufficient funds for a specified payment transaction on a specified payment account held by the payer, the account servicing payment service provider of the specified payment account shall provide such information to the third party payment instrument issuer immediately upon receipt of the payer's payment order. The information on the availability of sufficient funds should consist in a simple 'yes' or 'no' answer and not in a statement of the account balance.
Amendment 529 #
Proposal for a directive
Article 84 – paragraph 1
Article 84 – paragraph 1
1. Provisions of payment services may entail processing of personal data. Any processing of personal data for the purposes of this Directive shall be carried out in accordance with Directive 95/46/EC, the national rules which transpose Directive 95/46/EC and Regulation (EC) No 45/2001.
Amendment 530 #
Proposal for a directive
Article 84 – paragraph 1 a (new)
Article 84 – paragraph 1 a (new)
1a. When processing personal data for the purposes of this Directive the principles of necessity, proportionality, purpose limitation and proportionate data retention period shall be respected;
Amendment 532 #
Proposal for a directive
Article 84 – paragraph 1 b (new)
Article 84 – paragraph 1 b (new)
1b. Privacy by design/privacy by default shall be embedded in all data processing systems developed and used in the frame of this Directive;
Amendment 534 #
Proposal for a directive
Article 84 – paragraph 1 c (new)
Article 84 – paragraph 1 c (new)
1c. The development of standards and ensuring interoperability for the purposes of this Directive shall be based on privacy impact assessment, which shall allow for identifying which are the risks associated to each of the technical options available and which are the remedies that could be put in place to minimize data protection threats.
Amendment 550 #
Proposal for a directive
Article 86 – paragraph 2
Article 86 – paragraph 2
2. Without prejudice to Articles 14 and 15 of Directive [NIS Directive] [OP please insert number of Directive once adopted], EBA shall, in close cooperation with the ECB, and after consulting an advisory panel set up for the purposes of implementation of this Directive and representing i.a. non-banking actors, develop guidelines with regard to the establishment, implementation and monitoring of the security measures, including certification processes when relevant. It shall, inter alia, take into account the standards and/or specifications published by the Commission under Article 16(2) of Directive [NIS Directive] [OP please insert number of Directive once adopted].
Amendment 563 #
Proposal for a directive
Article 87 – paragraph 3
Article 87 – paragraph 3
3. EBA shall, in close cooperation with the ECB and after consulting EDPS and an advisory panel set up for the purposes of implementation of this Directive and representing i.a. non-banking actors, issue guidelines addressed to payment service providers as set out in Article 1(1) of this Directive in accordance with Article 16 of Regulation (EU) No 1093/2010 on state of the art customer authentication and any exemption to the use of strong customer authentication. Those guidelines shall be issued by (insert date - two years from the date of entry into force of this Directive) and be updated on a regular basis as appropriate.